I created a gist for this as well with the URLs that I pulled from the bin files within the Word docs which you can find here: https://gist.github.com/bloomer1016/1180f45066dc1d2f82c5cb95a8c67d87. Payload Security has this as well, which looks to be different then the infection that I got on my VM: https://www.hybrid-analysis.com/sample/ed94199c36787ac9fb191d242ab0ac40c0a7b25dd2e086f71576ac3e3ac605b8?environmentId=100.
Enjoy!