Windows
Analysis Report
Upgraded Continuous Flow Task Tracker Final Version.xlsm
Overview
General Information
Detection
Score: | 5 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- EXCEL.EXE (PID: 7644 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) - splwow64.exe (PID: 744 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Memory has grown: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | Initial sample: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 2 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
svc.ms-acdc-teams.office.com | 52.123.243.219 | true | false | unknown | |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
s-part-0044.t-0009.fb-t-msedge.net | 13.107.253.72 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.253.72 | s-part-0044.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.123.243.219 | svc.ms-acdc-teams.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1501301 |
Start date and time: | 2024-08-29 17:48:53 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Upgraded Continuous Flow Task Tracker Final Version.xlsm |
Detection: | CLEAN |
Classification: | clean5.winXLSM@3/8@0/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 184.28.90.27, 52.109.28.47, 199.232.210.172, 51.132.193.105
- Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, onedscolprduks05.uksouth.cloudapp.azure.com, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, ecs.office.trafficmanager.net, europe.configsvc1.live.co
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Upgraded Continuous Flow Task Tracker Final Version.xlsm
Time | Type | Description |
---|---|---|
11:50:46 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.253.72 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Captcha Phish, HTMLPhisher | Browse |
| ||
Get hash | malicious | ScreenConnect Tool | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
s-part-0044.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
svc.ms-acdc-teams.office.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.4679554894199565 |
Encrypted: | false |
SSDEEP: | 6:kKhb8U/vJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:JbekPlE99SCQl2DUevat |
MD5: | 2163B0B7961BC52A39EC5CD5DA3FCDE1 |
SHA1: | CAFDEED251C7C114EDE9DFC6D874B7E4B34E9CDD |
SHA-256: | 66EC1AC3A54F5DC36890C7922E51607D54D4DA6E9CE510EEEF1BBCB1582BFE6F |
SHA-512: | A4BEA98515C81B8CA50F15A0947673C0EAD52DE82298521D97CA0781F6894999DA7C3C89B02AC1B2B05CCAF5DEA445383BA9AA29BE38621048727F0B372A203F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 152056 |
Entropy (8bit): | 4.414493447234057 |
Encrypted: | false |
SSDEEP: | 1536:fmmjvzolWWpFpKKHAeedydju4HTbTuo+o5aQxJudUl9yhQL3ow:fxM8WpFpKKHHedydFeo+oQLUlPow |
MD5: | 1165714F4C78E565ABF9F4CFB34CC7BD |
SHA1: | 38ED6CCC728AFE28CF623E8C710AC0269EDAEEC8 |
SHA-256: | 3E2C51B67170531EE1DF09ADF220490C5DC02F83C5A03A848B738D19B78161DD |
SHA-512: | 6E6EBD91ACC81EA49079D24740711B200A5D73720704741D01B9669864AE0648D458A2273014E329AEAC1909BDB2DE1A3C77911A15C56FCB0FBF0A2862D089DE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 81920 |
Entropy (8bit): | 3.3851041628708742 |
Encrypted: | false |
SSDEEP: | 768:o3Gu/qsEJOXv1xJltZf7YWX5UuxgtWOgZNcEn5PBRZ51cO:fsEJkJ13XSuxgj6cuc |
MD5: | 548C0C33DA35973355FB3600D94EFAB0 |
SHA1: | 37B93A5ACA33BFF9E569B487D2F7182DB4B90BB5 |
SHA-256: | FDB44B0DEE5E432AF9852470D30890A17315690FAF90F086672D4C6B3E155C5A |
SHA-512: | 1FF9E644D5BEAAD0190235BDE95E6EC3F09537F12107D94D1F69521404E669586DDA0488C2F48585B3C5649F8109173707424F939004B0A7CA3F6EE95799BA82 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 333225 |
Entropy (8bit): | 7.708683697737226 |
Encrypted: | false |
SSDEEP: | 6144:vIBnZRLddpdP1two8r8y/AXJD+emq/c4xpR0F8FSEoLJ9fDD0SmORT+8sH024iK9:vIp2ojJ1FOjMKkRUp/wcKU |
MD5: | 9344CBE738631B9A4B67B25599F060BA |
SHA1: | AFD31D56E8D83CEDB943B026571ED37C1B798943 |
SHA-256: | 31DB7759A9C18ECB734DAD146E2530832FAEB4275E7482525BA62DF1AA41C805 |
SHA-512: | 788E7284D1BE5C5F6DB3B4D1EB5969770C8B57DD14A53E7E1AF01B386EA0C8BF2EC42A881B73CAAFF2FF252875BC27A6889AAF62FA35F9FD4CAE261466C1BBC0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 333225 |
Entropy (8bit): | 7.708683697737226 |
Encrypted: | false |
SSDEEP: | 6144:vIBnZRLddpdP1two8r8y/AXJD+emq/c4xpR0F8FSEoLJ9fDD0SmORT+8sH024iK9:vIp2ojJ1FOjMKkRUp/wcKU |
MD5: | 9344CBE738631B9A4B67B25599F060BA |
SHA1: | AFD31D56E8D83CEDB943B026571ED37C1B798943 |
SHA-256: | 31DB7759A9C18ECB734DAD146E2530832FAEB4275E7482525BA62DF1AA41C805 |
SHA-512: | 788E7284D1BE5C5F6DB3B4D1EB5969770C8B57DD14A53E7E1AF01B386EA0C8BF2EC42A881B73CAAFF2FF252875BC27A6889AAF62FA35F9FD4CAE261466C1BBC0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:KVC+cAmltV:KVC+cR |
MD5: | 9C7132B2A8CABF27097749F4D8447635 |
SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.800429656664085 |
TrID: |
|
File name: | Upgraded Continuous Flow Task Tracker Final Version.xlsm |
File size: | 341'134 bytes |
MD5: | 143d71989e671c1848419ca68caab2ff |
SHA1: | dbefcf21ff717e403e771ee2edbc7332813633c7 |
SHA256: | 4a600105d03db02d501350afd9eb9dcd9471779b59002c536de3da474c02e7c3 |
SHA512: | b8b1f024214e39f99b906751598c35f1fdbc1f7c7568248bd8c7ea8a0dfeac02df488c05d96e88b53fefe9d1daed40a5c17dd1cdbe805294fbbd003cdc2e3472 |
SSDEEP: | 6144:vziLeatjnL2vsRtguoyqd/SF+NHsX8rSPgoduwcKoN:vzmewNcuixHUFJEwcKoN |
TLSH: | 1274C0B8DB06FCD2F29BD53D825F269218D174FC7584B5E8EB50B86F8E43A97048D04A |
File Content Preview: | PK..........!..o.2............[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | 1d356664a4a09519 |
Document Type: | OpenXML |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Author: | |
Last Saved By: | |
Create Time: | 2023-07-10T12:48:53Z |
Last Saved Time: | 2024-08-16T12:58:25Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
General | |
Stream Path: | VBA/Module1 |
VBA File Name: | Module1 |
Stream Size: | 5216 |
Data ASCII: | . . . . . . . . . . . . . . . . . . < . . . | . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . Z . . . . . 6 . . . . . " . . . . . L . . . . . L . . . . . P . . . . . . . . . . . L . |
Data Raw: | 01 16 11 00 06 f4 00 00 00 06 08 00 00 d8 00 00 00 cc 02 00 00 ff ff ff ff 3c 0a 00 00 7c 0e 00 00 8e 12 00 00 00 00 00 00 01 00 00 00 12 e5 40 f5 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Module2 |
VBA File Name: | Module2 |
Stream Size: | 6390 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . d . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . 6 . . . . . " . . . . . L . . . . . L . . . . . P . . . . . . . . . . . L |
Data Raw: | 01 16 11 00 06 f4 00 00 00 1e 09 00 00 d8 00 00 00 0c 04 00 00 ff ff ff ff fc 0b 00 00 64 11 00 00 ce 16 00 00 00 00 00 00 01 00 00 00 12 e5 01 37 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Module3 |
VBA File Name: | Module3 |
Stream Size: | 1690 |
Data ASCII: | . . . . . . . . . . . . . . . . . h . . . 0 . . . . . . . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . P . . . . . 6 . . . . . . . . . . . L . . . . . L . . . . . L . . . . . < 0 . . . . . . < 8 . . . . . . |
Data Raw: | 01 16 11 00 06 f4 00 00 00 e6 03 00 00 d8 00 00 00 dc 01 00 00 ff ff ff ff 68 04 00 00 30 05 00 00 12 06 00 00 00 00 00 00 01 00 00 00 12 e5 7c f0 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet1 |
VBA File Name: | Sheet1 |
Stream Size: | 1148 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . p . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 |
Data Raw: | 01 16 11 00 01 f4 00 00 00 de 02 00 00 d8 00 00 00 04 02 00 00 ff ff ff ff e5 02 00 00 39 03 00 00 cb 03 00 00 00 00 00 00 01 00 00 00 12 e5 70 e3 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet2 |
VBA File Name: | Sheet2 |
Stream Size: | 5787 |
Data ASCII: | . . . . . . . . . . . . . . . , . . . v . . . . . . . . . * . . . . . . . . . . . . V . . # . . . . . . . . . . . . . . . . . p . . . . t . N [ . 6 . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . # $ ( f . M 1 b . . . . . . . . . . . . . . . . . . . . . . . x . . . . # $ ( f . M 1 b . . t . N [ . 6 . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . [ L . . . . S . . . . . S . . . . 8 L 6 . . . . . 6 " . . . . . . . . . . . . . . . . L . . . . . L . . . . . . . |
Data Raw: | 01 16 11 00 06 04 01 00 00 ee 0a 00 00 e8 00 00 00 2c 03 00 00 76 0c 00 00 84 0c 00 00 90 10 00 00 2a 14 00 00 00 00 00 00 01 00 00 00 12 e5 56 c1 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 2e 74 9f 08 9c a9 4e a0 ac 5b d6 93 36 d6 82 ee 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet3 |
VBA File Name: | Sheet3 |
Stream Size: | 1148 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . [ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 |
Data Raw: | 01 16 11 00 01 f4 00 00 00 de 02 00 00 d8 00 00 00 04 02 00 00 ff ff ff ff e5 02 00 00 39 03 00 00 cb 03 00 00 00 00 00 00 01 00 00 00 12 e5 b1 5b 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet4 |
VBA File Name: | Sheet4 |
Stream Size: | 1148 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . |
Data Raw: | 01 16 11 00 01 f4 00 00 00 de 02 00 00 d8 00 00 00 04 02 00 00 ff ff ff ff e5 02 00 00 39 03 00 00 cb 03 00 00 00 00 00 00 01 00 00 00 12 e5 12 1b 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet5 |
VBA File Name: | Sheet5 |
Stream Size: | 1148 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . 9 . . . . . . . . . . . . . . . H . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 |
Data Raw: | 01 16 11 00 01 f4 00 00 00 de 02 00 00 d8 00 00 00 04 02 00 00 ff ff ff ff e5 02 00 00 39 03 00 00 cb 03 00 00 00 00 00 00 01 00 00 00 12 e5 48 d9 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/Sheet6 |
VBA File Name: | Sheet6 |
Stream Size: | 5621 |
Data ASCII: | . . . . . . . . . . . . . . . , . . . . . . . % . . . . . . . . . . . . . . . . . . . u . . # . . . . . . . . . . . . . . . . . p . . . F . T D . . ? o . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . s 4 . C [ G 8 1 , " . . . . . . . . . . . . . . . . . . . . . . x . . . . s 4 . C [ G 8 1 , " F . T D . . ? o . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . [ L . . . . S . . . . . S . . . . 8 L 6 . . . . . 6 " . . . . . . . . . . . . . . . . L . . . . . L . . |
Data Raw: | 01 16 11 00 06 04 01 00 00 b6 0a 00 00 e8 00 00 00 2c 03 00 00 17 0c 00 00 25 0c 00 00 01 10 00 00 a3 13 00 00 00 00 00 00 01 00 00 00 12 e5 85 75 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 db 46 c6 87 82 54 44 2e a0 09 8c 3f 6f 17 fd c5 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook |
Stream Size: | 1345 |
Data ASCII: | . . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 = . . # . . . . . . . . . . . . . . . . . p . . . H n . p D . @ Y . : . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . l . ^ H . q Q r ; 5 . . . . . . . . . . . . . . . . . . . . . . . x . . . . l . ^ H . q Q r ; 5 . H n . p D . @ Y . : . . . . . M E . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . 6 " . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 |
Data Raw: | 01 16 11 00 06 04 01 00 00 66 03 00 00 e8 00 00 00 14 02 00 00 94 03 00 00 a2 03 00 00 f6 03 00 00 88 04 00 00 00 00 00 00 01 00 00 00 12 e5 34 3d 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 82 48 6e 7f b0 70 44 07 ba 40 df 59 df 1e 3a 0c 19 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 837 |
Entropy: | 5.2127655091782295 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 9 8 6 7 8 7 B F - E 6 4 B - C E 4 F - 9 3 1 3 - B 5 D 3 1 F 5 1 A 5 1 9 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 4 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 2 . . D o c u m e n t = S h e e t 5 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 6 / & H 0 0 0 |
Data Raw: | 49 44 3d 22 7b 39 38 36 37 38 37 42 46 2d 45 36 34 42 2d 43 45 34 46 2d 39 33 31 33 2d 42 35 44 33 31 46 35 31 41 35 31 39 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 239 |
Entropy: | 3.239415776272537 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . S h e e t 4 . S . h . e . e . t . 4 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . S h e e t 5 . S . h . e . e . t . 5 . . . S h e e t 6 . S . h . e . e . t . 6 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 3 . M . o . d . u . l . e . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 53 68 65 65 74 34 00 53 00 68 00 65 00 65 00 74 00 34 00 00 00 4d 6f 64 75 6c |
General | |
Stream Path: | VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 5807 |
Entropy: | 4.599094450362996 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . @ . * . \\ . H . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 6 . . . 0 . # . 9 . # . / . A . p . p . l . i . c . a . t . i . o . n . s . / . M . i . c . r . o . s . o . f . t . . E . x . c . e . l . . . a . p . p . / . C . o . n . t . e . n . t . s . / . S . h . a . r . e . d . S . u . p . p . o . r . t . / . T . y . p . e . . L . i |
Data Raw: | cc 61 df 00 00 11 00 ff 09 04 00 00 09 04 00 00 10 27 03 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 40 01 2a 00 5c 00 48 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 36 00 2e 00 30 00 23 00 |
General | |
Stream Path: | VBA/__SRP_0 |
CLSID: | |
File Type: | data |
Stream Size: | 6848 |
Entropy: | 3.2170489431166307 |
Base64 Encoded: | False |
Data ASCII: | K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U t . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . |
Data Raw: | 93 4b 2a df 11 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 07 00 00 00 00 00 01 00 02 00 07 00 00 00 00 00 01 00 00 00 06 00 00 00 00 00 01 00 02 00 06 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 00 00 08 00 00 00 00 00 01 00 02 00 08 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 |
General | |
Stream Path: | VBA/__SRP_1 |
CLSID: | |
File Type: | data |
Stream Size: | 392 |
Entropy: | 1.8907865870465193 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ r . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . 0 . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 72 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_2 |
CLSID: | |
File Type: | data |
Stream Size: | 2788 |
Entropy: | 3.9692618674438034 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . k . . . . . . . . . . o . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q 9 . . . . . . . . . . . . . . . . . . . . . . Q ( . . . . . . . . . . . 1 . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 c0 02 00 00 00 00 00 00 00 00 00 00 01 00 01 00 26 00 00 00 d1 6b 00 00 00 00 00 00 00 00 00 00 d1 6f 00 00 00 00 00 00 00 00 00 00 91 61 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_3 |
CLSID: | |
File Type: | data |
Stream Size: | 182 |
Entropy: | 1.891949250624317 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . H . . . . . . . . . . . . . . . ` . . . 8 . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 48 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 03 60 04 00 f0 04 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_4 |
CLSID: | |
File Type: | data |
Stream Size: | 3271 |
Entropy: | 4.077337686147013 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B . . . 9 . . . . . . . . . . = . . . . . . . . . . ! @ . . . . . . . . . . ; . . . . . . . . . . A . . . . . . . . . . E . . . . . . . . . . I . . . . . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A 1 . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 05 00 10 00 00 00 00 00 00 00 00 00 04 00 01 00 01 00 42 00 00 00 f1 39 00 00 00 00 00 00 00 00 00 00 f1 3d 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_5 |
CLSID: | |
File Type: | data |
Stream Size: | 156 |
Entropy: | 1.5811533511839717 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 04 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 04 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_6 |
CLSID: | |
File Type: | data |
Stream Size: | 680 |
Entropy: | 1.3173397047996023 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . . . . . . . . . . . 4 . . . . . . . . . . A 4 . . . . . . . . . . 3 . . . . . . . . . . . . 7 . ` . . . q 4 . . . . . . . . . . Q . . . . . . . . . . . 4 . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 e1 33 00 00 00 00 00 00 00 00 00 00 11 34 00 00 00 00 00 00 00 00 00 00 41 34 |
General | |
Stream Path: | VBA/__SRP_7 |
CLSID: | |
File Type: | data |
Stream Size: | 106 |
Entropy: | 1.3591119461716878 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 06 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 00 00 00 00 00 00 62 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_8 |
CLSID: | |
File Type: | data |
Stream Size: | 2139 |
Entropy: | 3.833622948645698 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . q . . . . . . . . . . a . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A 1 . . . . . . . . . . . . . . . . . . . . . D . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 09 00 10 00 00 00 00 00 00 00 00 00 08 00 01 00 01 00 37 00 00 00 b1 95 00 00 00 00 00 00 00 00 00 00 71 97 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_9 |
CLSID: | |
File Type: | data |
Stream Size: | 156 |
Entropy: | 1.563493815913693 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 08 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 08 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_a |
CLSID: | |
File Type: | data |
Stream Size: | 2820 |
Entropy: | 3.9986875934005877 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . ' . . . k . . . . . . . . . . o . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q 9 . . . . . . . . . . . . . . . . . . . . . . Q ( . . . . . . . . . . . 1 . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0b 00 50 03 00 00 00 00 00 00 00 00 00 00 01 00 01 00 27 00 00 00 d1 6b 00 00 00 00 00 00 00 00 00 00 d1 6f 00 00 00 00 00 00 00 00 00 00 91 61 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_b |
CLSID: | |
File Type: | data |
Stream Size: | 182 |
Entropy: | 1.891949250624317 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . H . . . . . . . . . . . . . . . ` . . . 8 . . . . . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0a 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 48 00 e1 01 00 00 00 00 00 00 00 00 0a 00 00 00 03 60 04 00 f0 04 38 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/__SRP_c |
CLSID: | |
File Type: | data |
Stream Size: | 423 |
Entropy: | 2.481788679372965 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . q 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . g . . . . . g . , . . . . . . . Z . . . . 8 . . . . . . . . . . g . , . . . . . . . Z . . . . . . . . . . . . . g . . . . . { . . f . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0d 00 10 00 00 00 00 00 00 00 00 00 0c 00 01 00 01 00 05 00 00 00 11 5d 01 00 00 00 00 00 00 00 00 00 b1 51 01 00 00 00 |
General | |
Stream Path: | VBA/__SRP_d |
CLSID: | |
File Type: | data |
Stream Size: | 156 |
Entropy: | 1.5811533511839717 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0c 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
General | |
Stream Path: | VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 1050 |
Entropy: | 6.6768256025911 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . 0 b J . . . . . . . . - . . . . $ . . T . . . ' . . . . V B . A P r o j e c t . . . . . @ . . . . . Z = . . . . r . . . . . . . . . . h . . . E . J < . . . . . . . M . S F o r m s > . . . . . . S . F . o . . r . m . s . 3 . . . . * \\ H { 0 . D 4 5 2 E E 1 - . E 0 8 F - 1 0 1 . A - 8 . . - 0 2 6 . 0 8 C 4 D 0 B B . 4 } # 2 . 0 # 0 . # / A p p l i c . a t i o n s / M . i c r o s o f t . E x c e l . a . p p / C o n t e . n t s / S h a r . e d S u p p o r . t / T y p e L . i b r a r |
Data Raw: | 01 16 b4 80 01 00 04 00 00 00 03 00 30 62 4a 02 90 00 00 02 00 08 01 98 09 2d 00 20 14 02 98 01 24 03 00 54 00 00 20 10 27 04 00 0a 00 ac 56 42 00 41 50 72 6f 6a 65 63 74 a2 05 00 1a 00 00 40 02 0a 06 02 0a 5a 3d 02 0a 07 02 72 01 14 08 06 12 09 01 02 12 e3 05 cc 68 04 00 0c 45 02 4a 3c 02 0a 16 00 07 00 07 4d 00 53 46 6f 72 6d 73 3e 00 02 0e 01 0c 00 53 00 46 00 6f 00 00 72 00 6d |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 29, 2024 17:49:48.268599033 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:48.268623114 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:48.268675089 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:48.272981882 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:48.272994995 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.100691080 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.100758076 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.102247000 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.102257967 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.102490902 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.103748083 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.148507118 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.409441948 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.409465075 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.409523964 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.409537077 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.411897898 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.411942005 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.411966085 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.411974907 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.412007093 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.412022114 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.494239092 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.494256973 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.494307041 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.494318008 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.494339943 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.494358063 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.496301889 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.496319056 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.496361971 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.496370077 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.496388912 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.496413946 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.581625938 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.581643105 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.581684113 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.581691980 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.581702948 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.581733942 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.588630915 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.588644981 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.588689089 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.588730097 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.588735104 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.588784933 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.589883089 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.589900970 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.589967012 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.589975119 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.590018034 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.622648001 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.622664928 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.622745991 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.622756004 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.622795105 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.668474913 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.668498039 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.668566942 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.668575048 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.668620110 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.669414997 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.672379017 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.672394037 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.672462940 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.672472000 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.673341036 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.673396111 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.673402071 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.673412085 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.673471928 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.673525095 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.673536062 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:49:49.673544884 CEST | 49734 | 443 | 192.168.2.4 | 52.123.243.219 |
Aug 29, 2024 17:49:49.673549891 CEST | 443 | 49734 | 52.123.243.219 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745085955 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745112896 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745228052 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745245934 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745250940 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745291948 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745394945 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745414972 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745631933 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745642900 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745668888 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745712042 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745718956 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:52.745883942 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:52.745897055 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.442290068 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.442414999 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.444261074 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.444272041 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.444525003 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.445894003 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.480796099 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.480906010 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.481256008 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.481470108 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.481885910 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.481889963 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.482094049 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.482475042 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.482481956 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.482685089 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.483515024 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.483616114 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.488506079 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.524493933 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.528496027 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.553447008 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.553503990 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.553652048 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.554299116 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.554315090 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.554346085 CEST | 49753 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.554351091 CEST | 443 | 49753 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805764914 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805783033 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805804014 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805830002 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.805843115 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805888891 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805932045 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.805988073 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.805991888 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.806157112 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.806174994 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.806185961 CEST | 49754 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.806190968 CEST | 443 | 49754 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.806343079 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.806354046 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Aug 29, 2024 17:50:53.806384087 CEST | 49755 | 443 | 192.168.2.4 | 13.107.253.72 |
Aug 29, 2024 17:50:53.806389093 CEST | 443 | 49755 | 13.107.253.72 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Aug 29, 2024 17:49:48.241499901 CEST | 1.1.1.1 | 192.168.2.4 | 0x3589 | No error (0) | svc.ms-acdc-teams.office.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 29, 2024 17:49:48.241499901 CEST | 1.1.1.1 | 192.168.2.4 | 0x3589 | No error (0) | 52.123.243.219 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:49:48.241499901 CEST | 1.1.1.1 | 192.168.2.4 | 0x3589 | No error (0) | 52.123.243.205 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:49:48.241499901 CEST | 1.1.1.1 | 192.168.2.4 | 0x3589 | No error (0) | 52.123.243.221 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:49:49.326889992 CEST | 1.1.1.1 | 192.168.2.4 | 0x51bb | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:49:49.326889992 CEST | 1.1.1.1 | 192.168.2.4 | 0x51bb | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Aug 29, 2024 17:50:52.744340897 CEST | 1.1.1.1 | 192.168.2.4 | 0x554b | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 29, 2024 17:50:52.744340897 CEST | 1.1.1.1 | 192.168.2.4 | 0x554b | No error (0) | s-part-0044.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Aug 29, 2024 17:50:52.744340897 CEST | 1.1.1.1 | 192.168.2.4 | 0x554b | No error (0) | 13.107.253.72 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 52.123.243.219 | 443 | 7644 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 15:49:49 UTC | 851 | OUT | |
2024-08-29 15:49:49 UTC | 1181 | IN | |
2024-08-29 15:49:49 UTC | 2664 | IN | |
2024-08-29 15:49:49 UTC | 13026 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 16384 | IN | |
2024-08-29 15:49:49 UTC | 694 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49753 | 13.107.253.72 | 443 | 7644 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 15:50:53 UTC | 208 | OUT | |
2024-08-29 15:50:53 UTC | 591 | IN | |
2024-08-29 15:50:53 UTC | 1353 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49754 | 13.107.253.72 | 443 | 7644 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 15:50:53 UTC | 206 | OUT | |
2024-08-29 15:50:53 UTC | 591 | IN | |
2024-08-29 15:50:53 UTC | 2871 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49755 | 13.107.253.72 | 443 | 7644 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-08-29 15:50:53 UTC | 207 | OUT | |
2024-08-29 15:50:53 UTC | 498 | IN | |
2024-08-29 15:50:53 UTC | 756 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:49:43 |
Start date: | 29/08/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x170000 |
File size: | 53'161'064 bytes |
MD5 hash: | 4A871771235598812032C822E6F68F19 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 11:50:46 |
Start date: | 29/08/2024 |
Path: | C:\Windows\splwow64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d50a0000 |
File size: | 163'840 bytes |
MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |