Windows
Analysis Report
RU419 FEB17 BSRec_InvNet.xlsx
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w7x64
- EXCEL.EXE (PID: 1704 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Static file information: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 562532 |
Start date: | 29.01.2022 |
Start time: | 01:08:09 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | RU419 FEB17 BSRec_InvNet.xlsx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 81 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.winXLSX@1/9@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Max analysis timeout: 600s exceeded, the analysis took too long
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, mscorsvw.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 92.123.101.218, 92.123.101.179
- Excluded domains from analysis (whitelisted): wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2BCACAFF.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5996 |
Entropy (8bit): | 2.187911659414248 |
Encrypted: | false |
SSDEEP: | 24:YOPJZ7pbkyVbYqpBBBBBBBUBBBBBBqBBBBBBBUBBBBBBqBBBBBBBUBBBBBBqBBBc:9vdbkgbUKOwfnV3UqcZZI6Lae |
MD5: | 914B8A0FCDE8E024E1614BC59CF4CEF0 |
SHA1: | 121F6CF39B1341AA8AF2EDC312DCAA3B58701A80 |
SHA-256: | FB25589D52AC2015251A56299D5DBF0A164B8CB78086F76BCE990DC717838804 |
SHA-512: | 1B7E4837C949D8509F35C528D4B574CF74C15ED36180F014838723B4ED792316712C4A4EED8740388A43C99EAA406079F02D1FCFB2E27BC62FDAB955CD8CF42D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42105703.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5356 |
Entropy (8bit): | 2.3390883230088235 |
Encrypted: | false |
SSDEEP: | 48:S83IHpHK2g4x//3G7+wJj7IaK0JohkN+DuuHmt:SVHpHK2x//3+xB7IaK0bNIXGt |
MD5: | FA14D04AC7BE94D9470D68B5B05326B9 |
SHA1: | 4C15B8938037773793BC22A9008B83935419D8E0 |
SHA-256: | CEE5C6209A2D15A2E6EA6DE993B547C375E5716A90D472B55789E4553A212FD1 |
SHA-512: | 419BEFFEE7DA34D924C172A3C8144F160C4306316697123BBF431BD357B3A8AB47540AEEF9855030233C9CFD84BEBD8A429CBFBD10C8D34616EA092D9A6E14EC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5CCA9D28.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5280 |
Entropy (8bit): | 4.841321930941806 |
Encrypted: | false |
SSDEEP: | 96:I0DS0VwurYKG5mPKDRv4Og6tO/XP8lEEHuwL:PDS0G5mPaRvO/f8lEEHuwL |
MD5: | E630F750E3440205E6695E75AE1179EB |
SHA1: | 78DA9D8DF55169C1072618BB97DE5C56517E1329 |
SHA-256: | E1AAD6F483DEDF11E1156DF09545495BA928CFCF93140B40850420940E6EF11A |
SHA-512: | 1BE3355C0E87C414D810E0A584BEB0117AB250F1B80F2300E8EB9070D8A17EBE6DB70763CB693948FCCDA4932FEF0C4932DB81CEA9E28E84358146C8515CA9A4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B2AE0BB.jpeg
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 25938 |
Entropy (8bit): | 7.833218523254594 |
Encrypted: | false |
SSDEEP: | 768:RPdG3S2uAu5LAbvlGVzYO00pQlDSmM57dx7SiWIKLvW1:RP88Ap+cZ02kpCiWDg |
MD5: | B5BB6A7EF0B322467A20AB38ABC07B97 |
SHA1: | 47B724835E4C7B3DDB0FA32BE2D00CBFD43BADBC |
SHA-256: | 9CB8D86A1195C6A0C7E2B3FAE92C988BFFB85E24CD245872C543BB3B8295DCBE |
SHA-512: | C90C1FF27F5179A9C3CC55C0C72E9B95377902B1F91CE216729BA9BEE899A07671506F4533D759DF3C5351B4263FCCEEA66AECE86E72E15093E361624BC4F0FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\923BA48A.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5348 |
Entropy (8bit): | 2.333641896616443 |
Encrypted: | false |
SSDEEP: | 48:SE3IHpHK2g4x//3G7+wJj7IaK0pNCedxpc1:SNHpHK2x//3+xB7IaK0pUop8 |
MD5: | 10CC58B3B22AD2D5A9BE889181790552 |
SHA1: | 75D40D411B3A3D288E735A4C628DA44C4C39FA3C |
SHA-256: | 4A2DDC7AE24E1F9277476B6ACD369F53D0250FC329C9BD3B93B6AE64A17B15F5 |
SHA-512: | F3407353135BC0DD9A1C3861627D1574CA7DC1609514E32BC47892A84D81B133D1AECEF3C85DAE36B32DE0D53560B8CD36EEEA451F382831E2E387AEB7E608A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B158576.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5232 |
Entropy (8bit): | 4.879542142933512 |
Encrypted: | false |
SSDEEP: | 96:59f2pmYKG5mPKDRv4Og6tO/XP8lEEF6+idRm:5Un5mPaRvO/f8lEE5idRm |
MD5: | 2A31FF37D8F06AB63C08A874B00F78A5 |
SHA1: | A216FB97942EE30E82D13F8D308F3D34FB0A3451 |
SHA-256: | 9E941032F88F698814AEC1D444A3541591928A804CCDE5769F535C1590B2907F |
SHA-512: | 6F51504BFA3FDCF895B04197EA0AA670FEC99BB3A3EE199AF85BC56E5748A1D2B6C113F504431883A7C050C9FF6ADB3D28C50E21B64FDAC4036D5CB6C3D30466 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C9CFEB09.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5220 |
Entropy (8bit): | 4.886315397806876 |
Encrypted: | false |
SSDEEP: | 96:F04WAPlYKG5mPKDRv4Og6tO/XP8lEEu6KdRE:i4G5mPaRvO/f8lEE+dRE |
MD5: | CFC2EB922357AFC2E08B818DF59D2DB4 |
SHA1: | 8123513647762ABFC4460CEFB958BD4A64ECF759 |
SHA-256: | CCE3BE7E4559A991BA398CBC436519D5B25B07AC458A454D62288A3C31BD35A0 |
SHA-512: | FA046F388ADD71D6A0819422C1232D44B9F126DEA55FD4761DB00B52299301CADFE744E06CF4DF8B14A5D10EA7BF10C305AE95594165E0ED232EDED3C07D9DF4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D914E8F4.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5364 |
Entropy (8bit): | 4.856335090472488 |
Encrypted: | false |
SSDEEP: | 96:QxgBS1YKG5mPKDRv4Og6tO/XP8lEERc0l+e6HK:QxK5mPaRvO/f8lEERdl+e6HK |
MD5: | 72FEAFCA807874E6742DFBD011C2B2CD |
SHA1: | 845FFB7468E2B0932848D356D8127CEE249EB712 |
SHA-256: | F95F6C5360B90FCECB95608C8364FE5BA2D9372166B7F32766C8A9255AA9CDEE |
SHA-512: | 1A345CF4D4CCCB263893C4C3C7E353E6DAC44E8EDB880DF19264720C35499035A8154A47B468C422E14C0A93AFA89A80FEFA3DF44CE0101640A02F90D868AD6C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.9948250784848955 |
TrID: |
|
File name: | RU419 FEB17 BSRec_InvNet.xlsx |
File size: | 4768919 |
MD5: | bb2bdf2659b515eee1f56c0382847fd7 |
SHA1: | 72405dd23abe1d3f97b75e3eb50bcecbf51669f8 |
SHA256: | a36ec67f835cb7968270d43f151df7b0b3cbd501b5eeb4688b8676758deadb0e |
SHA512: | 9c19fc7b871fbdbb46b7af3c50dc29436ffbd28f94d9ed91dbfcb8e1830210be7b66115012dbd67564afa1132107186e22f8d1c839681ed439d487aa49bc5b00 |
SSDEEP: | 98304:zV40bHJu4znpW5DYAY+5HA0MefCaeCtu2qc60yHkOriCbm2:54A04TpADFYUMfvCtH7f0iCD |
File Content Preview: | PK..........!...5#....^.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
Icon Hash: | e4e2aa8aa4b4bcb4 |
Document Type: | OpenXML |
Number of OLE Files: | 7 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 91443 |
Entropy: | 5.35403120266 |
Base64 Encoded: | True |
Data ASCII: | / e . . . . R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ S E P - 1 6 \\ r a p o r t y \\ R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . . . . . ` . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ R E E M E A G o o d s I n T r a n s i t o l d e r t |
Data Raw: | 2f 65 01 00 02 00 52 45 20 45 4d 45 41 20 47 6f 6f 64 73 20 49 6e 20 54 72 61 6e 73 69 74 20 6f 6c 64 65 72 20 74 68 61 6e 20 39 30 20 64 61 79 73 20 52 55 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 53 45 50 2d 31 36 5c 72 61 70 6f 72 74 79 5c 52 45 20 45 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 91443 |
Entropy: | 5.35403120266 |
Base64 Encoded: | True |
Data ASCII: | / e . . . . R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ S E P - 1 6 \\ r a p o r t y \\ R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . . . . . ` . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ R E E M E A G o o d s I n T r a n s i t o l d e r t |
Data Raw: | 2f 65 01 00 02 00 52 45 20 45 4d 45 41 20 47 6f 6f 64 73 20 49 6e 20 54 72 61 6e 73 69 74 20 6f 6c 64 65 72 20 74 68 61 6e 20 39 30 20 64 61 79 73 20 52 55 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 53 45 50 2d 31 36 5c 72 61 70 6f 72 74 79 5c 52 45 20 45 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 91443 |
Entropy: | 5.35403120266 |
Base64 Encoded: | True |
Data ASCII: | / e . . . . R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ S E P - 1 6 \\ r a p o r t y \\ R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . . . . . ` . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ R E E M E A G o o d s I n T r a n s i t o l d e r t |
Data Raw: | 2f 65 01 00 02 00 52 45 20 45 4d 45 41 20 47 6f 6f 64 73 20 49 6e 20 54 72 61 6e 73 69 74 20 6f 6c 64 65 72 20 74 68 61 6e 20 39 30 20 64 61 79 73 20 52 55 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 53 45 50 2d 31 36 5c 72 61 70 6f 72 74 79 5c 52 45 20 45 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 121286 |
Entropy: | 5.36470100495 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . R E A c c o u n t 1 2 2 8 0 0 r e c o n c i l i a t i o n ( I n v e n t o r y - E x p e n s e s t o b e l a n d e d ) . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ t y m c z a s o w y \\ d o r e c o n o w \\ R E A c c o u n t 1 2 2 8 0 0 r e c o n c i l i a t i o n ( I n v e n t o r y - E x p e n s e s t o b e l a n d e d ) . m s g . . . . . r . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ R |
Data Raw: | c2 d9 01 00 02 00 52 45 20 41 63 63 6f 75 6e 74 20 31 32 32 38 30 30 20 72 65 63 6f 6e 63 69 6c 69 61 74 69 6f 6e 20 28 49 6e 76 65 6e 74 6f 72 79 20 2d 20 45 78 70 65 6e 73 65 73 20 74 6f 20 62 65 20 6c 61 6e 64 65 64 29 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 74 79 6d 63 7a 61 73 6f 77 79 5c 64 6f 20 72 65 63 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 91431 |
Entropy: | 5.35400764395 |
Base64 Encoded: | True |
Data ASCII: | # e . . . . R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ S E P - 1 6 \\ r a p o r t y \\ R E E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s R U . m s g . . . . . \\ . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ R E E M E A G o o d s I n T r a n s i t o l d e r t |
Data Raw: | 23 65 01 00 02 00 52 45 20 45 4d 45 41 20 47 6f 6f 64 73 20 49 6e 20 54 72 61 6e 73 69 74 20 6f 6c 64 65 72 20 74 68 61 6e 20 39 30 20 64 61 79 73 20 52 55 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 53 45 50 2d 31 36 5c 72 61 70 6f 72 74 79 5c 52 45 20 45 |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 169303 |
Entropy: | 7.19148621744 |
Base64 Encoded: | True |
Data ASCII: | S . . . . . I n v o i c e 2 5 0 2 1 3 0 0 1 2 6 3 5 K T C - b o o k i n g w i t h 1 2 0 2 0 0 a c c o u n t . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ A U G - 1 6 \\ I n v o i c e 2 5 0 2 1 3 0 0 1 2 6 3 5 K T C - b o o k i n g w i t h 1 2 0 2 0 0 a c c o u n t . m s g . . . . . d . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ I n v o i c e 2 5 0 2 1 3 0 0 1 2 6 3 5 K T C |
Data Raw: | 53 95 02 00 02 00 49 6e 76 6f 69 63 65 20 32 35 30 32 31 33 30 30 31 32 36 33 35 4b 54 43 20 2d 20 62 6f 6f 6b 69 6e 67 20 77 69 74 68 20 31 32 30 32 30 30 20 61 63 63 6f 75 6e 74 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 41 55 47 2d 31 36 5c 49 6e 76 6f |
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Author: | |
Last Saved By: | |
Create Time: | 2012-08-13T15:44:29Z |
Last Saved Time: | 2017-03-29T09:51:12Z |
Creating Application: | |
Security: | 0 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 76 |
Entropy: | 3.09344952647 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole10Native |
File Type: | data |
Stream Size: | 35605 |
Entropy: | 3.8995864265 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s I N M . m s g . C : \\ U s e r s \\ j u s t y n a . b e r n a s \\ D e s k t o p \\ R e c o n M A R - 2 0 1 6 \\ m o j e \\ A U G - 1 6 \\ R a p o r t y \\ E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 d a y s I N M . m s g . . . . . Z . . . C : \\ U s e r s \\ J U S T Y N ~ 1 . B E R \\ A p p D a t a \\ L o c a l \\ T e m p \\ E M E A G o o d s I n T r a n s i t o l d e r t h a n 9 0 |
Data Raw: | 11 8b 00 00 02 00 45 4d 45 41 20 47 6f 6f 64 73 20 49 6e 20 54 72 61 6e 73 69 74 20 6f 6c 64 65 72 20 74 68 61 6e 20 39 30 20 64 61 79 73 20 49 4e 4d 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 6a 75 73 74 79 6e 61 2e 62 65 72 6e 61 73 5c 44 65 73 6b 74 6f 70 5c 52 65 63 6f 6e 20 4d 41 52 2d 32 30 31 36 5c 6d 6f 6a 65 5c 41 55 47 2d 31 36 5c 52 61 70 6f 72 74 79 5c 45 4d 45 41 20 47 |
Target ID: | 0 |
Start time: | 01:09:35 |
Start date: | 29/01/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f660000 |
File size: | 28253536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |