Hello,
I got the same email on my spam mail address.
The macro tries to execute an executable file with the name of crsss.exe
I tried to open it in a VM to see what happens, but failed because of the url coded in the macro is currently offline.
https://i.imgur.com/ZIkLz72.pngI advise you not to visit the url listed in the code above if it ever comes online, but only for testing purposes
![Wink](https://bitcointalk.org/Smileys/default/wink.gif)
Since the website where the file is uploaded, holds the ip address of the uploader in its url, the ip of the guy who uploaded this could be 194.132.32.42