Loading ...

Play interactive tourEdit tour

Analysis Report doc2227740.xls

Overview

General Information

Sample Name:doc2227740.xls
Analysis ID:320290
MD5:b43d8b40f9ef15965d0ff901e30c2f32
SHA1:3c0d89ac4b439b7cf60b6cc6e4195a8ce3514572
SHA256:196588a7404c90ab92502926afa24fbb25bf67c0ad50dba4f7ff4f1937816dda
Tags:xlsZLoader

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found Excel 4.0 Macro with suspicious formulas
Document contains embedded VBA macros
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Yara detected Xls With Macro 4.0
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2288 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
doc2227740.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0xbf4b:$s1: Excel
  • 0xfc43:$s1: Excel
  • 0x10187:$s1: Excel
  • 0x11376:$s1: Excel
  • 0x1574d:$s1: Excel
  • 0x157aa:$s1: Excel
  • 0x157cd:$s1: Excel
  • 0x38c6:$Auto_Close: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 02 3A
doc2227740.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: doc2227740.xlsReversingLabs: Detection: 20%
    Source: doc2227740.xlsReversingLabs: Detection: 20%
    Source: global trafficDNS query: name: sherpa.rest
    Source: global trafficDNS query: name: sherpa.rest
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.27.173.15:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.27.173.15:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.27.173.15:443
    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.27.173.15:443
    Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
    Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
    Source: unknownDNS traffic detected: queries for: sherpa.rest
    Source: unknownDNS traffic detected: queries for: sherpa.rest
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
    Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
    Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
    Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
    Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443

    System Summary:

    barindex
    Found Excel 4.0 Macro with suspicious formulasShow sources
    Source: doc2227740.xlsInitial sample: EXEC
    Source: doc2227740.xlsInitial sample: EXEC
    Source: doc2227740.xlsOLE indicator, VBA macros: true
    Source: doc2227740.xlsOLE indicator, VBA macros: true
    Source: doc2227740.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
    Source: doc2227740.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
    Source: classification engineClassification label: mal52.evad.winXLS@1/13@1/1
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Application Data\Microsoft\FormsJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Application Data\Microsoft\FormsJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE9E1.tmpJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE9E1.tmpJump to behavior
    Source: doc2227740.xlsOLE indicator, Workbook stream: true
    Source: doc2227740.xlsOLE indicator, Workbook stream: true
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: doc2227740.xlsReversingLabs: Detection: 20%
    Source: doc2227740.xlsReversingLabs: Detection: 20%
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEWindow found: window name: SysTabControl32
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEWindow found: window name: SysTabControl32
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEAutomated click: OK
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEAutomated click: OK
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEAutomated click: OK
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEAutomated click: OK
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
    Source: doc2227740.xlsInitial sample: OLE document summary category = PmFbdwr0TuP
    Source: doc2227740.xlsInitial sample: OLE document summary category = PmFbdwr0TuP
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
    Source: Yara matchFile source: doc2227740.xls, type: SAMPLE

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsScripting11Path InterceptionPath InterceptionMasquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsExploitation for Client Execution3Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsScripting11LSASS MemorySystem Information Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    doc2227740.xls21%ReversingLabsDocument-Excel.Dropper.SDrop

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    sherpa.rest
    104.27.173.15
    truefalse
      unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      104.27.173.15
      unknownUnited States
      13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:320290
      Start date:19.11.2020
      Start time:08:39:53
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 13m 34s
      Hypervisor based Inspection enabled:false
      Report type:light
      Sample file name:doc2227740.xls
      Cookbook file name:defaultwindowsofficecookbook.jbs
      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
      Number of analysed new started processes analysed:4
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal52.evad.winXLS@1/13@1/1
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .xls
      • Changed system and user locale, location and keyboard layout to English - United States
      Warnings:
      Show All
      • Max analysis timeout: 720s exceeded, the analysis took too long
      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
      • Report size getting too big, too many NtSetInformationFile calls found.

      Simulations

      Behavior and APIs

      No simulations

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      104.27.173.15d11311145.xlsGet hashmaliciousBrowse
        d11311145.xlsGet hashmaliciousBrowse

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          sherpa.restd11311145.xlsGet hashmaliciousBrowse
          • 104.27.173.15
          d11311145.xlsGet hashmaliciousBrowse
          • 104.27.173.15

          ASN

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          CLOUDFLARENETUSd11311145.xlsGet hashmaliciousBrowse
          • 104.27.173.15
          23692 ANRITSU PROBE po 29288.exeGet hashmaliciousBrowse
          • 104.23.99.190
          d11311145.xlsGet hashmaliciousBrowse
          • 104.27.173.15
          PO #5618896.gz.exeGet hashmaliciousBrowse
          • 104.23.98.190
          PO#0007507_009389283882873PDF.exeGet hashmaliciousBrowse
          • 162.159.134.233
          07DYwxlVm4.exeGet hashmaliciousBrowse
          • 104.27.133.115
          9Pimjl3jyq.exeGet hashmaliciousBrowse
          • 162.159.133.233
          af4db3a6b648b585f8e11b9ff5be73f2.exeGet hashmaliciousBrowse
          • 104.27.133.115
          af4db3a6b648b585f8e11b9ff5be73f2.exeGet hashmaliciousBrowse
          • 104.27.133.115
          https://www.vedansha.com/doc/office/LatestLOGOOfficeEncoded/LatestLOGOOfficeEncoded/RedirectPage/marc.loney@navitas.comGet hashmaliciousBrowse
          • 172.67.38.66
          e2b97ee03b4b38578f04d0cc93d8effd.exeGet hashmaliciousBrowse
          • 104.27.133.115
          https://app.archbee.io/doc/wjFBJ1IQgNqcYtxyaUfi5/V9dqJTS3iO58EgXIT7wr1Get hashmaliciousBrowse
          • 104.17.234.61
          https://msgcash.com/click/NzhlMWY1MTltNzg3NS00ZDFmLTk1YmQtODZiZGQ3MzQwZGMzGet hashmaliciousBrowse
          • 172.67.181.196
          bGtm3bQKUj.exeGet hashmaliciousBrowse
          • 104.24.126.89
          Https://christinescom.github.io/cappdevs/ta.html?bbre=dsiw4risdGet hashmaliciousBrowse
          • 104.16.19.94
          https://olhonabrasa.com.br/secure/zimbra/access/zimbra/index.phpGet hashmaliciousBrowse
          • 104.17.201.204
          https://lfonoumkgl.zizera.com/FXGet hashmaliciousBrowse
          • 104.16.18.94
          https://svlxltppmh.objects-us-east-1.dream.io/link.html#qs=r-aggieaidcjkdfieaefhkbhbaekgeckfaehehfabababackadbbaccacbidacfheaiebhiacbGet hashmaliciousBrowse
          • 104.17.233.204
          https://view.publitas.com/ipinsurance/demers-beaulne-inc/Get hashmaliciousBrowse
          • 104.16.18.94
          https://app.box.com/s/frm9cufh9ljwjmsdcrv6gioilzlttstrGet hashmaliciousBrowse
          • 104.16.18.94

          JA3 Fingerprints

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          7dcce5b76c8b17472d024758970a406bPOSH XANADU Order-SP-20093000-xlxs.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          d11311145.xlsGet hashmaliciousBrowse
          • 104.27.173.15
          MV GRAN LOBO 008.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WlRE PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH - WlRE PAYMENT REMlTTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACHWlRE REMlTTANCE ADVlCE..xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WlRE REMlTTANCE PAYMENT.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH & WlRE REMlTTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH & WlRE REMlTTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WIRE REMITTANCE COPY.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WlRE REMITTANCE..xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WIRE REMITTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          POSH XANADU Order-SP-20-V241e.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WIRE REMITTANCE.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          SHIPMENT DOCUMENT.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          TRP SHA58-5310.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          Payment copy.docGet hashmaliciousBrowse
          • 104.27.173.15
          ACH WIRE PAYMENT.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          Remittance Advice.xlsxGet hashmaliciousBrowse
          • 104.27.173.15
          https://torchlightinvestors.sharefile.com/d/d01273b6aade4301?a=d71ff47f0938e218Get hashmaliciousBrowse
          • 104.27.173.15

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):144008
          Entropy (8bit):0.30838800698977753
          Encrypted:false
          SSDEEP:48:I3cnqOA64MnlEManSj8QIAEYtUO/Xrm0RMGk8fB58cE8ny6Dn:Keqp0KMgSihIUO/bm0RMGk2B58cE8ys
          MD5:A9B61ED0B8FF3555959ACA5EC1BBFBC6
          SHA1:E06D7B42CE25F326583F0B8C0420B5B8C29B7CEB
          SHA-256:5FA33B89DDA4C07247D5485C346C59140EDCC868A089497335179CDD2B6406A1
          SHA-512:92C29C6114AB7F7AF5DB650768DEAC8D746F9D5C67C65B4BA7D149EAF5361C69F3D4ECC8EA0D71C56FB19C7D91920EF49F017B83379E6CD5FE0F0E2BBEC9176F
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...zvd...f2D.Om.....S,...X.F...Fa.q............................a.n...F.R?4............e.r....J...c.Dda....................................................................t...t...t...t................................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{F85E85D8-9902-430A-877E-35D1221BCC0D}.FSD
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):156816
          Entropy (8bit):0.6706128002931875
          Encrypted:false
          SSDEEP:96:KBmuK829knn1P3RoIJxgTVbgZ/am5Ma01kP6WDkjk3XtbYkGQPx3:s2knnZm8gT5YJMyZRN
          MD5:537D8D39EC19606699121491C7BBC30F
          SHA1:D812B3CFD45A37595012677015B45713ADBB491B
          SHA-256:27795C711CA0A573A9C132B940CE12C29BC219B9A9460BF1720742ADE2800F20
          SHA-512:A8A900864DB97C45CE98326CCD53F00086B339464C5EBB1D424C235B1E27DC0235E01561BB00301A13C6D61FC3E00E1ACEF1BA5A2CD8D19E9D342918E2F9618E
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...z.eRS..D.m.#..G.S,...X.F...Fa.q.............................U6R.@AK..............eY.x.|.E...A.8.....................................................................t...t...t...t...........................................................................................................................................................................................................................................................................................................................<[S/..BE...............eY.x.|.E...A.8.................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):133
          Entropy (8bit):4.285981450597859
          Encrypted:false
          SSDEEP:3:yVlgQPDRlgsRlzZP+0GrekSlWW3W6yX8lmlmhIf276:yPdPDDblztGrekS9W/kmYIf22
          MD5:311D741FB8DADAA8776ED6B5E2798678
          SHA1:F6AB7EFC73F1FBB0A8A191FFE56883B349F732EA
          SHA-256:9A0AD1ED9C6DD6C327F2405DC5BCB23583600234EA73B05482CB878157FDF5B5
          SHA-512:B3278FFB306E9C91672D00D1C1E777D9C5B4AB115638C36EB6E6437979268057DE37393BE3E4B70261EAC2259621E77BE9B7386554833F85509C80CE812F59F4
          Malicious:false
          Reputation:low
          Preview: ..H..@....b..q.....H..@....b..q....]F.S.D.-.{.F.8.5.E.8.5.D.8.-.9.9.0.2.-.4.3.0.A.-.8.7.7.E.-.3.5.D.1.2.2.1.B.C.C.0.D.}...F.S.D..
          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):144008
          Entropy (8bit):0.3079160641624455
          Encrypted:false
          SSDEEP:48:I3NSYOXcjdFgaiEpZlGktDpXElXDu5y+VD6aWIpDZCnkrhD7xnvX2jugv5z9pSjG:K0YHSUZlDxEZu5N1pBAn0Z7M4e4z8
          MD5:F6B6E12BBADC43D1C575B6CF792D4FF1
          SHA1:A93623DA1281ECF637C69C765FA33EF66DA1F95A
          SHA-256:A0179A17F0A8417184D6CA684BC79C8F6B4741E80D2BF178A3F9165EFDA26F35
          SHA-512:605047A1185125E02941E45BBE71216FADA07A4AD4855D368EB67CE4C83263E86A99D73395384AFF7D42C563BD67C6B2910F089C395A560336F3BC335C5803E5
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...z....U.E........S,...X.F...Fa.q..............................X5.N.M.$.43.O........e..c._.N.^,.S.X.....................................................................t...t...t...t................................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{9F45F1FD-227F-4560-981A-03EE77AD8D6E}.FSD
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):149973
          Entropy (8bit):0.2785807174593322
          Encrypted:false
          SSDEEP:48:I38Z029GZvqKZ/a38Z/eysZbGdhITRkcPSc+W42ZcIwYPqSGqSUVZRCAyZL:KV2qq08a6khI8cEZA
          MD5:5288C191787983E4A9873ACFA314AC33
          SHA1:F282592FF1E3A8EBE3A2C1283086EDD923C14AA9
          SHA-256:F2EEFCD038500D7E36AAE3C95BF36E8E0729AB95636AF9138F63257D4DDD1275
          SHA-512:C5E3F399145CC35FA7140DEF751C681BFE0B1F59780F346C63AA59701C9E562DFBC20B166893BFACF4967E2B2C066F256CEDD6B23810EC3FDFD16D411932F634
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...z..$..\N..+..l..S,...X.F...Fa.q............................%......A...y................".M.n..........................................................................t...t...t...t..............................................................................................................................................................................................................................................................................................................................x.A.H*...U[............".M.n......................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):133
          Entropy (8bit):4.255906262627934
          Encrypted:false
          SSDEEP:3:yVlgQPDRlgsRlz/Kj83kl0QJKGqsIUnC700Z276:yPdPDDblzbs0QEGaUn1u22
          MD5:FC89710189E7C81130CAC40D0F180CCD
          SHA1:BE07D37034D0D6E2394B5C3AC47F28EB78767E9E
          SHA-256:D87C78CFD7A26F6649FA650118F9E464D73DB9EF1CB975817534018A60174F61
          SHA-512:A7E6559F09730EFF0004CB1A8300D962CEBCCC714D3018AD8600CEFB097040B96D5C2DC337AE82DEF42CEE705A6418A9333922DD4ED5FFABA3BD1BB1894A978F
          Malicious:false
          Reputation:low
          Preview: ..H..@....b..q.....H..@....b..q....]F.S.D.-.{.9.F.4.5.F.1.F.D.-.2.2.7.F.-.4.5.6.0.-.9.8.1.A.-.0.3.E.E.7.7.A.D.8.D.6.E.}...F.S.D..
          C:\Users\user\AppData\Local\Temp\212F0000
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):49323
          Entropy (8bit):7.7680995170984595
          Encrypted:false
          SSDEEP:768:h6sNvPeq3D7Q+pAiQxukc6/85Hv16i8745Cpp1HXSDBP+/TGkrTIdJ6YAYOpkjce:hL7dFE8h1A7gCprSVW/T9rkb6zYygce
          MD5:AFD7B03C25F9C65F6470B21FEC9B9583
          SHA1:9C1BABAE806C2E04A1B0BD782087E331437B677A
          SHA-256:FA9D14B316C82357764F99BDD15D69CFE5AAEA4AE2D4293100A315915CCCAFFB
          SHA-512:9DE9522CF4B94755EB48D5E8B9B96FAA32113103A0513DFCD0346BB093E1D38A89CE570F1AB2E61FB6556BF22A21DF8AC9627F48D902A9B88C533C112934F75A
          Malicious:false
          Reputation:low
          Preview: .V.n.0....w.|;%.......]n.J........Rx....:.........~.c.._-j...yitI....@s#....n.#.J2...L..%Y.'W........a..%.B..(......X.831.f...)......e...r....A...0a.*d...{.d,5..."UI..Jr.P(.k.E...Dr.....]x.._..Z..Idt.......t.|7..U..I.........8..US.._.......OV.w.P.....Yq.$.M.sXpPE._.;s..X..1....aJ.RO..E..Mu.M4....:.....u\...%t||#:>...._I..s...W@7C<....0:fsti.].-..)y..7p.......m......t)........^Y..1W...x.L...)v....C.@........6..k..0.Og...vL..s..}c.Yr.}..-.3....3.5n.r....?.C..0..].)..kW......c.t...c...E pA.:..d..p+.B.....n.2../.......PK..........!.-|.$"...........[Content_Types].xml ...(................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):162688
          Entropy (8bit):4.254390210877129
          Encrypted:false
          SSDEEP:1536:C6XL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcm48s:CuJNSc83tKBAvQVCgOtmXmLpLm4l
          MD5:6F4AAED698A1513669A959E29DC5C6F2
          SHA1:6A605C026EF516597E03EFE5FC9D397D7B91110F
          SHA-256:D3059A80AFF09E691B3EEB371730DAFA842F171727C80BC3DCFF8CD1539D9631
          SHA-512:DA7BF949F91717644E0A32B1B843793F8C8C91ACA59722497966469ECA90E22D185BD4374E682EFCF860BFE7FDC3C1F201B1CC2E96B4B3C35119B23EDAEA86E2
          Malicious:false
          Reputation:low
          Preview: MSFT................Q................................#......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0*...*...*..\+...+..$,...,...,..P-...-......|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8..............................$................................................................................x..xG..............T........................................... ...........................................................&!..............................................................................................
          C:\Users\user\AppData\Local\Temp\{C92AD829-6A2C-4701-99BD-E5B8BFC3D323}
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):137348
          Entropy (8bit):0.05967248714825173
          Encrypted:false
          SSDEEP:12:I3DPBWR7OF2oO1fv8pAxnOB1PBWRKgOSSQaphOfP/7yPBWR/Nf4OdKp:I3NJTOMAROBHSOSqhO+SyOy
          MD5:6D4AB7FCCB2F8F79E152AF821B194F6D
          SHA1:49344E69BBA72212EE6FB40B48D2AE5D5833D328
          SHA-256:EDAAF11F25B09EFAA274FF72F2670913C6D7281356EC46A3738386063AAB7A3C
          SHA-512:C8E2A22E66E947B8035DCAE7BE443F0DE1E18AFD6B3D50B7FF367607D0DD89F3A2BA473E00E3378A64C5758BFA0F58AEC57D541A93F8649E208AAC06D5B25665
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...z....U.E........S,...X.F...Fa.q.............................}..kO2C...1..}5........e..c._.N.^,.S.X.....................................................................t...t...t...t.............................................................................................................................................................................................................................................................................................................................\.P..O....Y<.........e..c._.N.^,.S.X.................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Local\Temp\{CA81E5EB-CC18-46B5-BFF4-E6AC33BF56F6}
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:data
          Category:dropped
          Size (bytes):137348
          Entropy (8bit):0.0597466555271492
          Encrypted:false
          SSDEEP:12:I3DPgaoPe8CKfv8p6Gv1PgaoPD0DOJcSQapzvjp/7yPgaoPrBvKp:I3cn28u6Gvmn4WcqzrPndw
          MD5:AD6ECCAAD220C6D4DF9762E3D64446AE
          SHA1:BC04303DF31488C8606C4095BAAC160F99F3B240
          SHA-256:18335078078CB0AAFAA80FE2ADF5FEBA72A5F6F2D017C694A920F555DD2C859B
          SHA-512:158B7B3D4F84A540FD9B25369A8791515FD790899BCD6C6485BE18FB3956A75AAB4719FFE777DE41406F9AE3DEE0BCCA1D58AD29A65AFE3A787F5D0187BCC95B
          Malicious:false
          Reputation:low
          Preview: ......M.eFy...zvd...f2D.Om.....S,...X.F...Fa.q.............................VT4.u_I..by.l..........e.r....J...c.Dda....................................................................t...t...t...t...........................................................................................................................................................................................................................................................................................................................4...l..H..L:.Jkv........e.r....J...c.Dda................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Thu Nov 19 15:41:02 2020, atime=Thu Nov 19 15:41:02 2020, length=8192, window=hide
          Category:dropped
          Size (bytes):867
          Entropy (8bit):4.478347873895743
          Encrypted:false
          SSDEEP:12:85Q0ZhCLgXg/XAlCPCHaXtB8XzB/rrCX+WnicvbjbDtZ3YilMMEpxRljKfkcTdJU:85RhU/XTd6j0YebDv3qekwrNru/
          MD5:B43C9756F00C7F10CE17BA5CD8CE8E70
          SHA1:AF18D1CFBA491DF5D31E6C1A3FB9BEAAF9A020CB
          SHA-256:BDC1084BE45505EDC00E0700CA42282F52E624A0824D5AE85DFD03B9507A17B2
          SHA-512:29434D36DF2736587A461D39BC96CB90D05E2CD06201D0CAC99BB16C11427F0104D6F637598E5469F939B7C85EA383A014803843FC9A074AA68FAB6E045BFEC1
          Malicious:false
          Reputation:low
          Preview: L..................F...........7G....I......I..... ......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1.....sQ"...Desktop.d......QK.XsQ".*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\609290\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......609290..........D_....3N...W...9r.[.*.......}EkD_....3N...W...9r.[.*.......}Ek....
          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):15
          Entropy (8bit):3.906890595608518
          Encrypted:false
          SSDEEP:3:oyBVov:djy
          MD5:CB81E25C045825270E2E97C347AE6E8F
          SHA1:2069CD47D19BCC5F24D31854972702CEC4C9E9A1
          SHA-256:FEC9B386E88BFD7FEC4BA72FDC006A003ECC079E2C204947A57872BB4ED7340A
          SHA-512:C2EFAA0A03E287CDE5029DC00457A1A2D1D877649E88D5E27F462B5A4145B366D181239C77F101A09D61CD3C07AD9DAF8DEFAC2FE224625D63EEFF18B7044910
          Malicious:false
          Reputation:low
          Preview: Desktop.LNK=0..
          C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4MFCXH41.txt
          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          File Type:ASCII text
          Category:dropped
          Size (bytes):113
          Entropy (8bit):4.380074810237285
          Encrypted:false
          SSDEEP:3:GmM/8XtF9BkGEQrQtOK7XcM/CQfzFQ/u3VT/n:XM/Af2QEfcQ5JRn
          MD5:62D6896587AF5C4E4AE819335D822CD0
          SHA1:63F004900567837EB5D2C8C6412A7F8FED960279
          SHA-256:02421F20DFDF6D7331D1CA21FBBE6CB0D69B5998023AA9094C8963D66F0B9B88
          SHA-512:E804B7AE4CE1FF2817EE9998501A04A16AF83DF81778FAE463CCB54B0E7305C12F8CFB73EE8DD41A4D441CE885D2255B3F4BB949DFB86CFDC22B73D564BF9409
          Malicious:false
          Reputation:low
          Preview: __cfduid.da0218ca9c7b8c78db0c12c56a4a907431605771654.sherpa.rest/.9729.1206404864.30856666.3171567535.30850706.*.

          Static File Info

          General

          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 18 06:47:39 2020, Security: 0
          Entropy (8bit):4.360697246981449
          TrID:
          • Microsoft Excel sheet (30009/1) 47.99%
          • Microsoft Excel sheet (alternate) (24509/1) 39.20%
          • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
          File name:doc2227740.xls
          File size:88576
          MD5:b43d8b40f9ef15965d0ff901e30c2f32
          SHA1:3c0d89ac4b439b7cf60b6cc6e4195a8ce3514572
          SHA256:196588a7404c90ab92502926afa24fbb25bf67c0ad50dba4f7ff4f1937816dda
          SHA512:57e42961b4ffe2b4233e05e8619a4dd59a9f00a7c68bf4cc57843cb6f3803c51c727287d9407c4787b5fb8be2caff1105e30abd4c82c9ccc3b335ff9e754c72e
          SSDEEP:1536:C3xEtjPOtioVjDGUU1qfDlaGGx+cL2QnAUA4duNxABg/geJtJSuAO1arCFsi:C3xEtjPOtioVjDGUU1qfDlaGGx+cL2QD
          File Content Preview:........................>...................................P..................................................................................................................................................................................................

          File Icon

          Icon Hash:e4eea286a4b4bcb4

          Static OLE Info

          General

          Document Type:OLE
          Number of OLE Files:1

          OLE File "doc2227740.xls"

          Indicators

          Has Summary Info:True
          Application Name:Microsoft Excel
          Encrypted Document:False
          Contains Word Document Stream:False
          Contains Workbook/Book Stream:True
          Contains PowerPoint Document Stream:False
          Contains Visio Document Stream:False
          Contains ObjectPool Stream:
          Flash Objects Count:
          Contains VBA Macros:True

          Summary

          Code Page:1251
          Author:
          Keywords:
          Last Saved By:
          Create Time:2006-09-16 00:00:00
          Last Saved Time:2020-11-18 06:47:39
          Creating Application:Microsoft Excel
          Security:0

          Document Summary

          Document Code Page:1251
          Category:PmFbdwr0TuP
          Thumbnail Scaling Desired:False
          Manager:
          Company:
          Contains Dirty Links:False
          Shared Document:False
          Changed Hyperlinks:False
          Application Version:983040

          Streams with VBA

          VBA File Name: Sheet1.cls, Stream Size: 5844
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
          VBA File Name:Sheet1.cls
          Stream Size:5844
          Data ASCII:. . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . l : . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . < . . . . . . . . b R 3 N M . f I . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . # I . A . . X N . . . V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . # I . A . . X N . . . V . . . b R 3 N M . f I . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 03 00 01 00 00 cc 05 00 00 e4 00 00 00 38 02 00 00 fb 05 00 00 09 06 00 00 85 10 00 00 00 00 00 00 01 00 00 00 a7 f5 6c 3a 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 3c 00 ff ff 00 00 d1 cf 0f 62 52 33 4e 4d 98 66 49 f6 90 cb a7 dd 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          BackgroundQuery:=False
          TEXTJOIN(Delimiter
          .AdjustColumnWidth
          True,
          (Len(x)
          seconds)
          .WebConsecutiveDelimitersAsOne
          Public
          .WebFormatting
          Resume
          Mid(TEXTJOIN,
          "Range"
          ActiveSheet.QueryTables.Add(Connection:=
          While
          .WorkbookConnection.Delete
          False
          Wait(seconds
          "htt"
          www.TheSpreadsheetGuru.com
          xlInsertDeleteCells
          MakeWebQuery
          String,
          Cell.Value
          Excel
          "lol"
          String
          MakeWebQuery()
          Len(RangeArea)
          Len(Cell.Value)
          .Refresh
          Destination:=
          .WebSelectionType
          VB_GlobalNameSpace
          shFirstQtr
          Range
          .FillAdjacentFormulas
          "ps:"
          .PreserveFormatting
          .BackgroundQuery
          "info.p"
          .WebDisableDateRecognition
          Through
          RangeArea
          VB_Base
          Boolean,
          .WebSingleBlockTextImport
          .PostText
          Given
          VB_Creatable
          VB_Exposed
          Input
          Entered
          Integer)
          VB_TemplateDerived
          Empty
          (Timer
          Ignore_Empty
          .WebPreFormattedTextToColumns
          ParamArray
          .SavePassword
          'SOURCE:
          "info"
          Worksheet_Activate()
          Error
          .WebDisableRedirections
          Attribute
          'PURPOSE:
          VB_PredeclaredId
          Timer()
          VB_Name
          Private
          TypeName(RangeArea)
          CONCAT
          "//sherpa"
          Function
          Variant
          xlWebFormattingNone
          Len(Delimiter)
          VB_Customizable
          ".rest/wp-"
          "pic"
          DoEvents
          '.RefreshStyle
          xlEntirePage
          swedr
          'Text
          "URL;"
          Delimiter
          .RefreshOnFileOpen
          .RowNumbers
          'Loop
          Variant)
          Replicates
          Worksheet_Calculate()
          TEXTJOIN
          .RefreshPeriod
          TEXTJOIN("",
          VBA Code
          VBA File Name: Sheet2.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
          VBA File Name:Sheet2.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ [ . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 5c 5b 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          False
          VB_Exposed
          Attribute
          VB_Name
          VB_Creatable
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          VB_Customizable
          VB_TemplateDerived
          VBA Code
          VBA File Name: Sheet3.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
          VBA File Name:Sheet3.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 bd 71 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          False
          VB_Exposed
          Attribute
          VB_Name
          VB_Creatable
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          VB_Customizable
          VB_TemplateDerived
          VBA Code
          VBA File Name: Sheet4.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet4
          VBA File Name:Sheet4.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . c . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 63 fc 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          False
          VB_Exposed
          Attribute
          VB_Name
          VB_Creatable
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          VB_Customizable
          VB_TemplateDerived
          VBA Code
          VBA File Name: Sheet5.cls, Stream Size: 977
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/Sheet5
          VBA File Name:Sheet5.cls
          Stream Size:977
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - b . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 2d 62 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          False
          VB_Exposed
          Attribute
          VB_Name
          VB_Creatable
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          VB_Customizable
          VB_TemplateDerived
          VBA Code
          VBA File Name: ThisWorkbook.cls, Stream Size: 985
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
          VBA File Name:ThisWorkbook.cls
          Stream Size:985
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 a7 f5 ab 7f 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          False
          VB_Exposed
          Attribute
          VB_Name
          VB_Creatable
          "ThisWorkbook"
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          VB_Customizable
          VB_TemplateDerived
          VBA Code
          VBA File Name: UserForm1.frm, Stream Size: 2834
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/UserForm1
          VBA File Name:UserForm1.frm
          Stream Size:2834
          Data ASCII:. . . . . . . . . 0 . . . . . . . t . . . . . . . 8 . . . . . . . . . . . . . . . . . ^ R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:01 16 01 00 01 f0 00 00 00 30 04 00 00 d4 00 00 00 74 02 00 00 ff ff ff ff 38 04 00 00 e0 07 00 00 00 00 00 00 01 00 00 00 a7 f5 5e 52 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

          VBA Code Keywords

          Keyword
          #FileNumber
          requirement
          Close
          Error
          VB_Name
          VB_Creatable
          /one"
          VB_Exposed
          xFileName
          Print
          FileNumber
          Empty
          String
          Resume
          Variant
          Output
          "c:\Users\Public"
          VB_Customizable
          #FileNumber,
          ":jsoncronipont
          Replace("wsconroniponton
          "\Documents\"
          Range
          Dir(Path)
          Integer
          DelimChar
          VB_TemplateDerived
          False
          ThisWorkbook.BuiltinDocumentProperties("Keywords")
          Attribute
          Debug.Print
          Private
          VB_PredeclaredId
          VB_GlobalNameSpace
          VB_Base
          'Change
          FreeFile
          strFileExists
          VBA Code

          Streams

          Stream Path: \x1CompObj, File Type: data, Stream Size: 107
          General
          Stream Path:\x1CompObj
          File Type:data
          Stream Size:107
          Entropy:4.18482950044
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 424
          General
          Stream Path:\x5DocumentSummaryInformation
          File Type:data
          Stream Size:424
          Entropy:3.70704949759
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . x . . . . . . . . . . . ` . . . . . . . h . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . P m F b d w r 0 T u P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S o u r c e D
          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 78 01 00 00 0b 00 00 00 01 00 00 00 60 00 00 00 02 00 00 00 68 00 00 00 0e 00 00 00 7c 00 00 00 0f 00 00 00 88 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00 16 00 00 00 b4 00 00 00
          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 220
          General
          Stream Path:\x5SummaryInformation
          File Type:data
          Stream Size:220
          Entropy:3.13229188015
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . \\ . . . . . . . h . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . . . . v . . . . . . . . . . .
          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 04 00 00 00 50 00 00 00 05 00 00 00 5c 00 00 00 08 00 00 00 68 00 00 00 12 00 00 00 74 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e3 04 00 00
          Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 39260
          General
          Stream Path:Workbook
          File Type:Applesoft BASIC program data, first line number 16
          Stream Size:39260
          Entropy:4.61059933587
          Base64 Encoded:True
          Data ASCII:. . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 J . 8
          Data Raw:09 08 10 00 00 06 05 00 54 38 cd 07 c9 c0 01 00 06 07 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
          Stream Path: _SX_DB_CUR/0001, File Type: data, Stream Size: 16815
          General
          Stream Path:_SX_DB_CUR/0001
          File Type:data
          Stream Size:16815
          Entropy:2.76744715124
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . A u t h o r " . . . E # . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . P r o d u c t . . . . . . . . . . . . . A l i c e M u t t o n . . . . . . . A n i s e e d S y r u p . . . . . . . B o s t o n C r a b M e a t . . . . . . . C a m e m b e r t P i e r r o t . . . . . . . C h e f A n t o n ' s C a j u n S e a s o n i n g . . . . . . . C h e f A n t o n ' s G u m b o M i x . . . . . . . F i l o M i x . . . . . . . G o r
          Data Raw:c6 00 1b 00 15 01 00 00 01 00 03 00 1c 07 06 00 06 00 00 00 01 00 06 00 00 41 75 74 68 6f 72 22 01 0c 00 45 23 01 9f f7 fc e2 40 00 00 00 00 c7 00 18 00 81 14 00 00 00 00 19 00 00 00 00 00 19 00 07 00 00 50 72 6f 64 75 63 74 bb 01 02 00 00 00 cd 00 0f 00 0c 00 00 41 6c 69 63 65 20 4d 75 74 74 6f 6e cd 00 10 00 0d 00 00 41 6e 69 73 65 65 64 20 53 79 72 75 70 cd 00 13 00 10 00 00 42
          Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 826
          General
          Stream Path:_VBA_PROJECT_CUR/PROJECT
          File Type:ASCII text, with CRLF line terminators
          Stream Size:826
          Entropy:5.15315553776
          Base64 Encoded:True
          Data ASCII:I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 4 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 5 / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A
          Data Raw:49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
          Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 176
          General
          Stream Path:_VBA_PROJECT_CUR/PROJECTwm
          File Type:data
          Stream Size:176
          Entropy:3.18343768922
          Base64 Encoded:False
          Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . S h e e t 4 . S . h . e . e . t . 4 . . . S h e e t 5 . S . h . e . e . t . 5 . . . U s e r F o r m 1 . U . s . e . r . F . o . r . m . 1 . . . . .
          Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 53 68 65 65 74 34 00 53 00 68 00 65 00 65 00 74 00 34 00 00 00 53 68 65 65 74
          Stream Path: _VBA_PROJECT_CUR/UserForm1/\x1CompObj, File Type: data, Stream Size: 97
          General
          Stream Path:_VBA_PROJECT_CUR/UserForm1/\x1CompObj
          File Type:data
          Stream Size:97
          Entropy:3.61064918306
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . .
          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
          Stream Path: _VBA_PROJECT_CUR/UserForm1/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 291
          General
          Stream Path:_VBA_PROJECT_CUR/UserForm1/\x3VBFrame
          File Type:ASCII text, with CRLF line terminators
          Stream Size:291
          Entropy:4.60170100243
          Base64 Encoded:True
          Data ASCII:V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 1 . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 3 1 6 5 . . C l i e n t L e f t = 4 5 . . C l i e n t T o p = 3 9 0 . . C l i e n t W i d t h = 4 7 1 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w n
          Data Raw:56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 31 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20
          Stream Path: _VBA_PROJECT_CUR/UserForm1/f, File Type: data, Stream Size: 171
          General
          Stream Path:_VBA_PROJECT_CUR/UserForm1/f
          File Type:data
          Stream Size:171
          Entropy:3.84288648278
          Base64 Encoded:False
          Data ASCII:. . $ . . . . . . . . . . . . . . . . . . } . . t . . . . . . . . . . . . . . . R . . . . . . . . . . . K . Q . . . . . . D B . . . T a h o m a . . . . . . X . . . . . . . . . $ . . . . . . . . . . . . . 4 . . . . . . . T e x t B o x 1 O . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . 8 . . . . . . . L a b e l 1 . . " . . . { . . .
          Data Raw:00 04 24 00 08 0c 10 0c 02 00 00 00 ff ff 00 00 02 00 00 00 00 7d 00 00 74 20 00 00 cf 15 00 00 00 00 00 00 00 00 00 00 03 52 e3 0b 91 8f ce 11 9d e3 00 aa 00 4b b8 51 01 cc 00 00 90 01 44 42 01 00 06 54 61 68 6f 6d 61 00 00 02 00 00 00 58 00 00 00 00 82 01 00 00 00 24 00 e5 01 00 00 08 00 00 80 01 00 00 00 34 00 00 00 00 00 17 00 54 65 78 74 42 6f 78 31 4f 03 00 00 ca 05 00 00 00
          Stream Path: _VBA_PROJECT_CUR/UserForm1/o, File Type: data, Stream Size: 108
          General
          Stream Path:_VBA_PROJECT_CUR/UserForm1/o
          File Type:data
          Stream Size:108
          Entropy:3.31418568251
          Base64 Encoded:False
          Data ASCII:. . . . . . . . . . . . . H . . . . . . ; . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . . . . . ( . . . . . . . L a b e l 1 . . . . . . { . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . .
          Data Raw:00 02 14 00 01 01 00 80 00 00 00 00 1b 48 00 ac ce 18 00 00 3b 0a 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 00 00 00 02 18 00 28 00 00 00 06 00 00 80 4c 61 62 65 6c 31 00 00 ec 09 00 00 7b 02 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 00 00
          Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 4896
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
          File Type:data
          Stream Size:4896
          Entropy:4.8370296249
          Base64 Encoded:False
          Data ASCII:. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . . ( . x . 8 . 6 . ) . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . .
          Data Raw:cc 61 a3 00 00 01 00 ff 00 20 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 2c 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
          Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 1828
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_0
          File Type:data
          Stream Size:1828
          Entropy:4.3476580333
          Base64 Encoded:False
          Data ASCII:. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . % . . . . 9 ] H . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:93 4b 2a a3 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 01 00 00 00 00 00 01 00 02 00 01 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 80 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 05 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 68 00 00 7f
          Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 191
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_1
          File Type:data
          Stream Size:191
          Entropy:3.30829134406
          Base64 Encoded:False
          Data ASCII:r U . . . . . . . . . . . . . . . . . . . ~ } . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . s e c o n d s . . . . . . . . D e l i m i t e r . . . . . . . . I g n o r e _ E m p t y . . . . . . . . T e x t 1 a . . . . . . .
          Data Raw:72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 01 00 00 7e 7d 00 00 7f 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff 09 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 03 00 00 09 a1 03 00 00 00 00 00 00 81 08 00 00 00 00 00 00 08 00 00 00 00 00 01 00 02 00 00 08 07 00 00 00 73 65
          Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 384
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_2
          File Type:data
          Stream Size:384
          Entropy:2.45306416855
          Base64 Encoded:False
          Data ASCII:r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . Y . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . ` . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
          Data Raw:72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 1e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 00 00 00 01 00 09 08 00 00 00 00 00 00 31 08 00 00 00 00 00 00 59 08 00 00 00 00 00 00 ff ff ff ff e1 07 00 00 00 00 00 00 08 00 18 00 34 00 00 00 81 08 00 00 00 00 00 00 61 00 00 00 00 00 01 00 a9 08
          Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 294
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/__SRP_3
          File Type:data
          Stream Size:294
          Entropy:2.65487119554
          Base64 Encoded:False
          Data ASCII:r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . ( . . . . . . . . . . . . ` . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . & 8 . A . . . . . . . . . . ` . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 # o . . 0 $ . . . . . . . . . . . . ` . . i . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . l . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . .
          Data Raw:72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 40 00 00 00 04 00 28 00 01 01 00 00 00 00 02 00 00 00 03 60 04 00 61 02 ff ff ff ff ff ff ff ff ff ff 00 00 00 00 81 00 00 00 00 00 01 00 00 00 00 00 1e 26 38 00 41 01 00 00 00 00 02 00 01 00 03 60 10 fd 65 02 ff ff ff ff ff ff ff ff ff ff 00 00
          Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: MIPSEL-BE Ucode, Stream Size: 902
          General
          Stream Path:_VBA_PROJECT_CUR/VBA/dir
          File Type:MIPSEL-BE Ucode
          Stream Size:902
          Entropy:6.58076213885
          Base64 Encoded:True
          Data ASCII:. . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . B . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
          Data Raw:01 82 b3 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 c2 42 a1 61 01 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

          Macro 4.0 Code

          "=RETURN(EXEC(GET.WORKBOOK(36,DOCUMENTS(1))))",,=1+1

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 19, 2020 08:40:53.752295971 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.781735897 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.781933069 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.806364059 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.835467100 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.839006901 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.839088917 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.839147091 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.839207888 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.850289106 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:53.879415989 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.879542112 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:53.879632950 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:54.129385948 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:54.158127069 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:55.589656115 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:55.589684010 CET44349165104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:55.589739084 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.589771032 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.596419096 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.596463919 CET49165443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.942521095 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.972171068 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:55.972302914 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:55.973593950 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:56.003268957 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:56.005387068 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:56.005543947 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:56.008194923 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:56.028491974 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:56.038949966 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:56.058346033 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.747128010 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.747159004 CET44349166104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.747410059 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.748452902 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.748538017 CET49166443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.763767958 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.792777061 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.792877913 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.793663025 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.822859049 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.826030970 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.826165915 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.827143908 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.837183952 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:40:58.855901957 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:40:58.866272926 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762340069 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762376070 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762401104 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762412071 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762428045 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762439013 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762459040 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762474060 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762511015 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:41:01.762543917 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:41:01.762712955 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762733936 CET44349167104.27.173.15192.168.2.22
          Nov 19, 2020 08:41:01.762764931 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:41:01.762778044 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:41:01.765209913 CET49167443192.168.2.22104.27.173.15
          Nov 19, 2020 08:41:01.765243053 CET49167443192.168.2.22104.27.173.15

          UDP Packets

          TimestampSource PortDest PortSource IPDest IP
          Nov 19, 2020 08:40:53.727904081 CET5219753192.168.2.228.8.8.8
          Nov 19, 2020 08:40:53.741152048 CET53521978.8.8.8192.168.2.22

          DNS Queries

          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
          Nov 19, 2020 08:40:53.727904081 CET192.168.2.228.8.8.80xfbebStandard query (0)sherpa.restA (IP address)IN (0x0001)

          DNS Answers

          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
          Nov 19, 2020 08:40:53.741152048 CET8.8.8.8192.168.2.220xfbebNo error (0)sherpa.rest104.27.173.15A (IP address)IN (0x0001)
          Nov 19, 2020 08:40:53.741152048 CET8.8.8.8192.168.2.220xfbebNo error (0)sherpa.rest104.27.172.15A (IP address)IN (0x0001)
          Nov 19, 2020 08:40:53.741152048 CET8.8.8.8192.168.2.220xfbebNo error (0)sherpa.rest172.67.221.76A (IP address)IN (0x0001)

          HTTPS Packets

          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
          Nov 19, 2020 08:40:53.839088917 CET104.27.173.15443192.168.2.2249165CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IESun Nov 01 01:00:00 CET 2020 Mon Jan 27 13:48:08 CET 2020Mon Nov 01 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2025771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,07dcce5b76c8b17472d024758970a406b
          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

          Code Manipulations

          Statistics

          System Behavior

          General

          Start time:08:40:44
          Start date:19/11/2020
          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
          Wow64 process (32bit):false
          Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Imagebase:0x13f560000
          File size:27641504 bytes
          MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Disassembly

          Reset < >