Windows Analysis Report UdQiakT3q5
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Source: | OLE indicator, VBA macros: |
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution21 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting2 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
31% | ReversingLabs | Document-Office.Backdoor.Quakbot |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
6% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
6% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
6% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.141.27.213 | unknown | Netherlands | 60117 | HSAE | false | |
190.14.37.187 | unknown | Panama | 52469 | OffshoreRacksSAPA | false | |
94.140.112.126 | unknown | Latvia | 3212 | TELEMACHBroadbandAccessCarrierServicesSI | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 493654 |
Start date: | 29.09.2021 |
Start time: | 21:30:26 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | UdQiakT3q5 (renamed file extension from none to xls) |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.expl.winXLS@7/2@0/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.141.27.213 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
190.14.37.187 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
94.140.112.126 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HSAE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
OffshoreRacksSAPA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162688 |
Entropy (8bit): | 4.254425394017007 |
Encrypted: | false |
SSDEEP: | 1536:C6bL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcm48s:C6JNSc83tKBAvQVCgOtmXmLpLm4l |
MD5: | 7EB83A364FCDA100436F89B21F7733BB |
SHA1: | 974171CADCF72C8F22A59457FE3125EF2F5968F5 |
SHA-256: | C43AE03581AC01E04EDEDB416E9DA5A6ACE7162A4B9B4240FFD56AFF6CA4E863 |
SHA-512: | DB322FDF3FC3BBC2BB0C78572EC9291E53AE37189711F7D2E237FBCC621E26FF2AC60DB90FE24AABCDAB27A7B426F44604C81050B1AB396E324DDBA762EF1552 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 15676 |
Entropy (8bit): | 4.532949052496475 |
Encrypted: | false |
SSDEEP: | 192:GxlA11DxzCOtHIT6P20eChgZjTdZ3HJV8L1I17EMBkDXrq9LwGGLVbkLde:G38xesT20lheZ3waE5D7qxIxkxe |
MD5: | 7E7EA4C012391E5B4E45175C8236C3FF |
SHA1: | 495E2D6585C1E55B0DADE52F1516ABA7FEF986C6 |
SHA-256: | CBA01C53523D25DE84B5CC9311EEAE5277D0A41BDB77587031C90A5C5AFBF2DC |
SHA-512: | 11AB341D161AEB2B378F5A3BEAD0F6F6BCC53A3FF7DF34E09E285CCF0B319C13D14DB27CDD31CC617DCB4270DCF18A7F5977F91299AC393529F0A0F604D2C5CE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.0605219828223795 |
TrID: |
|
File name: | UdQiakT3q5.xls |
File size: | 140288 |
MD5: | be489c4415757ddcc6af1392c2f7bc92 |
SHA1: | 04f431e4f1f034fb2ba677afe969600ad214e69d |
SHA256: | 280efc48af2241a2e06a8d5a5c4a943296c42578bff354ca5e97f9c77193f239 |
SHA512: | 4f0422e637df60865f9114d846056b9525c7be6b31e8b026212a214ed800b8f3c2ac20474b9e66fd04034bf7db0e59d62f5f49e75f749ce6dc7ed8e530568787 |
SSDEEP: | 3072:Yk3hOdsylKlgxopeiBNhZFGzE+cL2kdAH11ScHlwFPYidH4C1TsNku0KRjkR+T99:Yk3hOdsylKlgxopeiBNhZF+E+W2kdAmi |
File Content Preview: | ........................>.......................................................b.............................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "UdQiakT3q5.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Author: | |
Last Saved By: | |
Create Time: | 2015-06-05 18:17:20 |
Last Saved Time: | 2021-09-28 07:54:40 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
Streams with VBA |
---|
VBA File Name: UserForm2, Stream Size: -1 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm2 |
VBA File Name: | UserForm2 |
Stream Size: | -1 |
Data ASCII: | |
Data Raw: |
VBA Code |
---|
|
VBA File Name: Module1, Stream Size: 1120 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Module1 |
VBA File Name: | Module1 |
Stream Size: | 1120 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 03 f0 00 00 00 e2 02 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 10 03 00 00 d8 03 00 00 00 00 00 00 01 00 00 00 fb 18 3d fb 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: Module5, Stream Size: 3869 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Module5 |
VBA File Name: | Module5 |
Stream Size: | 3869 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ] . . . . . . . . . . . . . . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 01 f0 00 00 00 e2 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff e9 02 00 00 5d 0c 00 00 00 00 00 00 01 00 00 00 fb 18 e3 25 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: Sheet1, Stream Size: 991 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1 |
Stream Size: | 991 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . 9 . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 fb 18 b4 39 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: ThisWorkbook, Stream Size: 2393 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook |
Stream Size: | 2393 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M . . . . . . . . . . . . . r S . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 82 04 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff 89 04 00 00 4d 07 00 00 00 00 00 00 01 00 00 00 fb 18 72 53 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: UserForm2, Stream Size: 1181 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/UserForm2 |
VBA File Name: | UserForm2 |
Stream Size: | 1181 |
Data ASCII: | . . . . . . . . . V . . . . . . . L . . . . . . . ] . . . . . . . . . . . . . . . . . . J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 56 03 00 00 d4 00 00 00 4c 02 00 00 ff ff ff ff 5d 03 00 00 b1 03 00 00 00 00 00 00 01 00 00 00 fb 18 b2 4a 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 108 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 108 |
Entropy: | 4.18849998853 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 1e 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.65175227267 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 208 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 208 |
Entropy: | 3.33231709703 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . X . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T e s t . . . . . . . . . . . . T e s t . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . x s . . . . . @ . . . . % . > . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 58 00 00 00 12 00 00 00 68 00 00 00 0c 00 00 00 80 00 00 00 0d 00 00 00 8c 00 00 00 13 00 00 00 98 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 08 00 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 111238 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 111238 |
Entropy: | 7.57013249535 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . V d g t j g h k B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . V e 1 8 . . . . . . . X . @ |
Data Raw: | 09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 08 00 00 56 64 67 74 6a 67 68 6b 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 698 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 698 |
Entropy: | 5.28132485046 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 0 0 0 0 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 0 0 0 0 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 F } . . M o d u l e = M o d u l e 5 . . B a s e C l a s s = U s e r F o r m 2 . . M o d u l e = M o d u l e 1 . . H e l p F i l e = " " . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 |
Data Raw: | 49 44 3d 22 7b 30 30 30 30 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 30 30 30 30 30 30 30 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 50 61 63 6b 61 67 65 3d 7b 41 43 39 46 32 46 39 30 2d 45 38 37 |
Stream Path: _VBA_PROJECT_CUR/PROJECTlk, File Type: dBase IV DBT, blocks size 0, block length 17920, next free block index 65537, Stream Size: 30 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECTlk |
File Type: | dBase IV DBT, blocks size 0, block length 17920, next free block index 65537 |
Stream Size: | 30 |
Entropy: | 1.37215976263 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . " E . . . . . . . . . . . . . F . . . . . . . . |
Data Raw: | 01 00 01 00 00 00 22 45 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 140 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
File Type: | data |
Stream Size: | 140 |
Entropy: | 3.43277227638 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 5 . M . o . d . u . l . e . 5 . . . U s e r F o r m 2 . U . s . e . r . F . o . r . m . 2 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 35 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 35 00 00 00 55 73 65 72 46 6f 72 6d 32 00 55 00 73 00 65 00 72 00 46 00 6f 00 72 00 6d 00 32 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 |
Stream Path: _VBA_PROJECT_CUR/UserForm2/\x1CompObj, File Type: data, Stream Size: 97 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm2/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.61064918306 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/UserForm2/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 302 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm2/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 302 |
Entropy: | 4.65399600072 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 2 . . C a p t i o n = " U R L D o w n l o a d T o F i l e A " . . C l i e n t H e i g h t = 3 0 1 5 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 5 . . C l i e n t W i d t h = 4 5 6 0 . . S t a r t U p P o s i t i o n = 1 |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 32 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 52 4c 44 6f 77 6e 6c 6f 61 64 54 6f 46 69 6c 65 41 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 |
Stream Path: _VBA_PROJECT_CUR/UserForm2/f, File Type: data, Stream Size: 226 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm2/f |
File Type: | data |
Stream Size: | 226 |
Entropy: | 2.95233038999 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . } . . k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . H . . . . . . . L a b e l 1 . . . . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . 8 . . . . . . . L a b e l 2 . . . . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . H . . . . . . . L a b e l 3 . . . . . . . . . . . . ( . . . . . . . . . . . . . 2 . . . H . . . . . . . L a b e l 4 . . . . . . . . . . |
Data Raw: | 00 04 20 00 08 0c 00 0c 0a 00 00 00 10 00 00 00 00 7d 00 00 6b 1f 00 00 c6 14 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 b4 00 00 00 00 84 01 00 00 00 28 00 f5 01 00 00 06 00 00 80 07 00 00 00 32 00 00 00 48 00 00 00 00 00 15 00 4c 61 62 65 6c 31 00 00 d4 00 00 00 d4 00 00 00 00 00 28 00 f5 01 00 00 06 00 00 80 08 00 00 00 32 00 00 00 38 00 00 00 01 00 15 00 4c 61 62 65 6c 32 |
Stream Path: _VBA_PROJECT_CUR/UserForm2/o, File Type: data, Stream Size: 272 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/UserForm2/o |
File Type: | data |
Stream Size: | 272 |
Entropy: | 3.65039542802 |
Base64 Encoded: | True |
Data ASCII: | . . ( . ( . . . . . . . h t t p : / / 1 9 0 . 1 4 . 3 7 . 1 8 7 / . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . . . . . ( . . . . . . . u R l M o n . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a 1 . . . ( . ( . . . . . . . h t t p : / / 9 4 . 1 4 0 . 1 1 2 . 1 2 6 / . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . T a h o m a . . . . ( . ( . . . . . . . h t t p : / / 1 8 5 . 1 4 1 . 2 7 . 2 1 3 / . . . . . . . . . . . . . . 5 . . . . . . . |
Data Raw: | 00 02 28 00 28 00 00 00 15 00 00 80 68 74 74 70 3a 2f 2f 31 39 30 2e 31 34 2e 33 37 2e 31 38 37 2f 02 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 b1 ff 00 02 18 00 28 00 00 00 06 00 00 80 75 52 6c 4d 6f 6e 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 06 00 00 80 a5 00 00 00 cc 02 00 00 54 61 68 6f 6d 61 31 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 4469 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 4469 |
Entropy: | 4.43292705507 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . |
Data Raw: | cc 61 b5 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 06 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 2476 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 2476 |
Entropy: | 3.52262448927 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ P . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . a . X P B |
Data Raw: | 93 4b 2a b5 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 04 00 00 00 00 00 01 00 02 00 04 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 146 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 146 |
Entropy: | 1.48909835582 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . j . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 170 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 170 |
Entropy: | 1.65437585425 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . 2 . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 0c 00 00 00 00 00 00 12 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 156 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 156 |
Entropy: | 1.63365900945 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 1073 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
File Type: | data |
Stream Size: | 1073 |
Entropy: | 6.68948856439 |
Base64 Encoded: | True |
Data ASCII: | . - . . . . . . . . . . 0 . J . . . . H . . H . . . . . . H . . . d . . . . . . . . V B A P r @ o j e c t . . . . T . @ . . . . . = . . . + . r . . . . . . . . . T . I c . . . . J < . . . . . . 9 s t d o l . e > . . s . t . d . . o . l . e . . . . h . % ^ . . * \\ G . { 0 0 0 2 0 4 3 . 0 - . . . . C . . . . . . . 0 0 4 6 } # 2 . . 0 # 0 # C : \\ W . i n d o w s \\ S . y s t e m 3 2 \\ . . e 2 . t l b # O . L E A u t o m . a t i o n . 0 . . . E O f f i c . E O . . f . . i . c . E . . . . . . . . E 2 D F 8 D |
Data Raw: | 01 2d b4 80 01 00 04 00 00 00 03 00 30 aa 4a 02 90 02 00 48 02 02 48 09 00 c0 12 14 06 48 03 00 01 64 e3 04 04 04 00 0a 00 84 56 42 41 50 72 40 6f 6a 65 63 74 05 00 1a 00 54 00 40 02 0a 06 02 0a 3d 02 0a 07 2b 02 72 01 14 08 06 12 09 02 12 c3 54 a0 49 63 07 00 0c 02 4a 3c 02 0a 04 16 00 01 39 73 74 64 6f 6c 04 65 3e 02 19 73 00 74 00 64 00 00 6f 00 6c 00 65 00 0d 14 00 68 00 25 5e |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
09/29/21-21:31:26.369941 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:31:29.370168 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:31:33.240399 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:31:45.801972 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:31:50.401914 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:31:53.810545 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 186.148.101.114 | 192.168.2.22 | ||
09/29/21-21:32:47.931257 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.155 | 192.168.2.22 | ||
09/29/21-21:32:50.943336 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.155 | 192.168.2.22 | ||
09/29/21-21:32:56.975332 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.155 | 192.168.2.22 | ||
09/29/21-21:33:09.827278 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.153 | 192.168.2.22 | ||
09/29/21-21:33:12.839326 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.153 | 192.168.2.22 | ||
09/29/21-21:33:20.431109 | ICMP | 399 | ICMP Destination Unreachable Host Unreachable | 190.2.158.153 | 192.168.2.22 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2021 21:31:23.175340891 CEST | 49165 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:31:26.178967953 CEST | 49165 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:31:32.185497999 CEST | 49165 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:31:44.200344086 CEST | 49166 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:31:47.209646940 CEST | 49166 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:31:53.216150045 CEST | 49166 | 80 | 192.168.2.22 | 190.14.37.187 |
Sep 29, 2021 21:32:05.262012959 CEST | 49167 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:08.271646976 CEST | 49167 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:14.277997017 CEST | 49167 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:26.293572903 CEST | 49168 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:29.302273989 CEST | 49168 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:35.308691978 CEST | 49168 | 80 | 192.168.2.22 | 94.140.112.126 |
Sep 29, 2021 21:32:47.354473114 CEST | 49169 | 80 | 192.168.2.22 | 185.141.27.213 |
Sep 29, 2021 21:32:50.364097118 CEST | 49169 | 80 | 192.168.2.22 | 185.141.27.213 |
Sep 29, 2021 21:32:56.370651007 CEST | 49169 | 80 | 192.168.2.22 | 185.141.27.213 |
Sep 29, 2021 21:33:08.386729956 CEST | 49170 | 80 | 192.168.2.22 | 185.141.27.213 |
Sep 29, 2021 21:33:11.394674063 CEST | 49170 | 80 | 192.168.2.22 | 185.141.27.213 |
Sep 29, 2021 21:33:17.401257038 CEST | 49170 | 80 | 192.168.2.22 | 185.141.27.213 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:31:20 |
Start date: | 29/09/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f6f0000 |
File size: | 28253536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 21:33:30 |
Start date: | 29/09/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff930000 |
File size: | 19456 bytes |
MD5 hash: | 59BCE9F07985F8A4204F4D6554CFF708 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:33:30 |
Start date: | 29/09/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff930000 |
File size: | 19456 bytes |
MD5 hash: | 59BCE9F07985F8A4204F4D6554CFF708 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:33:31 |
Start date: | 29/09/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff930000 |
File size: | 19456 bytes |
MD5 hash: | 59BCE9F07985F8A4204F4D6554CFF708 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|