Annual_Benefits_&_Bonus_for_Babu.varghese_IyNURVhUTlVNUkFORE9NNDUjIw__.docx
|
data
|
initial sample
|
|
|
|
Filetype: |
data
|
Entropy: |
7.8112555750677455
|
Filename: |
Annual_Benefits_&_Bonus_for_Babu.varghese_IyNURVhUTlVNUkFORE9NNDUjIw__.docx
|
Filesize: |
88442
|
MD5: |
fda308d48fd359bf4ca7968812c7b2b7
|
SHA1: |
2ae46a8478d5b2d2bde5058f57186dcd9b89238f
|
SHA256: |
8d22e57edfc5a6bbce6d62345c5bb57f85eadf0ac365c430967b3d74b40d9af1
|
SHA512: |
e2043beb3ad1c3566ce8faac7b70ad5e8249ae9948caa87e6d13eee911908e329b832682ca6cf4d49d3d5207c7d30d8a4469253bc2d55be7614b383bef811337
|
SSDEEP: |
1536:phMDIDDhBhDsdoDsjhLhnFDk2yhMBeJAiDDf2M2hMDIDDhBhDsdoDsjhLhIDFDkD:phMDIDDhBhDsdoDsjhLhnFDk2yhMBeJ7
|
Preview: |
PK.............................................................................................................................................................................................................................................................
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
|
Category: |
dropped
|
Dump: |
089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.0.dr
|
ID: |
dr_40
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.8474949778634198
|
Encrypted: |
false
|
Ssdeep: |
48:uiTrlKxsxx/xl9Il8uyCtzSfi57hiJoolwa8pd1rc:vrYQEz6C7s/wO
|
Size: |
2278
|
Whitelisted: |
false
|
Reputation: |
low
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
|
Category: |
dropped
|
Dump: |
5475cb191e478c39370a215b2da98a37e9dc813d.tbres.0.dr
|
ID: |
dr_42
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.9068773526683263
|
Encrypted: |
false
|
Ssdeep: |
48:uiTrlKxJxbxl9Il8uEiKY4gTh09o5yuUJzAKvEFo2pgpeFd/vc:qYfKY4gafsKMC2aR
|
Size: |
2684
|
Whitelisted: |
false
|
Reputation: |
low
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
|
Category: |
dropped
|
Dump: |
56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres.0.dr
|
ID: |
dr_38
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.9947956016475117
|
Encrypted: |
false
|
Ssdeep: |
96:WYP02i+0ctlKWDH8+r6MqOPP2V1f9Hn5/Yq6eoK/glsUk2wD:WL2VlRH8ZM9H2V1f9Z/nroK4sUlwD
|
Size: |
4542
|
Whitelisted: |
false
|
Reputation: |
low
|
|
C:\Users\user\AppData\Local\Temp\TCD2D1.tmp\Damask.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD2D1.tmp\Damask.thmx
|
Category: |
dropped
|
Dump: |
Damask.thmx.0.dr
|
ID: |
dr_100
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.942378408801199
|
Encrypted: |
false
|
Ssdeep: |
49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
|
Size: |
2218943
|
Whitelisted: |
true
|
Reputation: |
high
|
|
C:\Users\user\AppData\Local\Temp\TCD2D1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD2D1.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf14.0.dr
|
ID: |
dr_99
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.544065206514744
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXCARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyy6ymD0wbnKNAH/lMz1
|
Size: |
278
|
Whitelisted: |
false
|
Reputation: |
high
|
|
C:\Users\user\AppData\Local\Temp\TCD63E.tmp\Mesh.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD63E.tmp\Mesh.thmx
|
Category: |
dropped
|
Dump: |
Mesh.thmx.0.dr
|
ID: |
dr_113
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.954129852655753
|
Encrypted: |
false
|
Ssdeep: |
49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
|
Size: |
3078052
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCD63E.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD63E.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf15.0.dr
|
ID: |
dr_102
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5303110391598502
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXzRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnylymD0wbnKNAH/lMz1
|
Size: |
274
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCD6DD.tmp\Main_Event.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD6DD.tmp\Main_Event.thmx
|
Category: |
dropped
|
Dump: |
Main_Event.thmx.0.dr
|
ID: |
dr_117
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.970803022812704
|
Encrypted: |
false
|
Ssdeep: |
49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
|
Size: |
2924237
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCD6DD.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD6DD.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf16.0.dr
|
ID: |
dr_116
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5434534344080606
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXIc5+RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny4KcymD0wbnKNAH/lMz1
|
Size: |
286
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCD74C.tmp\Slate.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD74C.tmp\Slate.thmx
|
Category: |
dropped
|
Dump: |
Slate.thmx.0.dr
|
ID: |
dr_119
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.929430745829162
|
Encrypted: |
false
|
Ssdeep: |
49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
|
Size: |
2357051
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCD74C.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCD74C.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf17.0.dr
|
ID: |
dr_118
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.516423078177173
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUX7kARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny5ymD0wbnKNAH/lMz1
|
Size: |
276
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDA2C.tmp\Vapor_Trail.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDA2C.tmp\Vapor_Trail.thmx
|
Category: |
dropped
|
Dump: |
Vapor_Trail.thmx.0.dr
|
ID: |
dr_122
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.965784120725206
|
Encrypted: |
false
|
Ssdeep: |
49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
|
Size: |
3611324
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDA2C.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDA2C.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf18.0.dr
|
ID: |
dr_121
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5359188337181853
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXe46x8RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyO3UymD0wbnKNAH/lMz1
|
Size: |
288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDD0C.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDD0C.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf19.0.dr
|
ID: |
dr_135
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4699940532942914
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXGWWYlIWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxny2WzIgN2RGHmD0wbnKYZAH+Vwv
|
Size: |
274
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDD0C.tmp\Insight design set.dotx
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDD0C.tmp\Insight design set.dotx
|
Category: |
dropped
|
Dump: |
Insight design set.dotx.0.dr
|
ID: |
dr_134
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
7.898517227646252
|
Encrypted: |
false
|
Ssdeep: |
98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
|
Size: |
3465076
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4A9.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4A9.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf7.0.dr
|
ID: |
dr_26
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4680595384446202
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXivlE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyydGHmD0+dAH/luWvv
|
Size: |
252
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4A9.tmp\architecture.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4A9.tmp\architecture.glox
|
Category: |
dropped
|
Dump: |
architecture.glox.0.dr
|
ID: |
dr_24
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.88616857639663
|
Encrypted: |
false
|
Ssdeep: |
96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
|
Size: |
5783
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4B9.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4B9.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf8.0.dr
|
ID: |
dr_43
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.538396048757031
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXcel8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyMelNGHmD0wbnKYZAH/lMZqiv
|
Size: |
286
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4B9.tmp\sist02.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4B9.tmp\sist02.xsl
|
Category: |
dropped
|
Dump: |
sist02.xsl.0.dr
|
ID: |
dr_25
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.057714239438731
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
|
Size: |
250983
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4CB.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4CB.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf9.0.dr
|
ID: |
dr_45
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5502940710609354
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXfQICl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXClNGHmD0wbnKYZAH/lMZqiv
|
Size: |
286
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF4CB.tmp\iso690.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF4CB.tmp\iso690.xsl
|
Category: |
dropped
|
Dump: |
iso690.xsl.0.dr
|
ID: |
dr_44
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.073814698282113
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
|
Size: |
270198
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF51D.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF51D.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf12.0.dr
|
ID: |
dr_69
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4871192480632223
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXsdDUaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyoRw9eNGHmD0wbnKYZAH/lMZqiv
|
Size: |
332
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF51D.tmp\mlaseventheditionofficeonline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF51D.tmp\mlaseventheditionofficeonline.xsl
|
Category: |
dropped
|
Dump: |
mlaseventheditionofficeonline.xsl.0.dr
|
ID: |
dr_49
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.003842588822783
|
Encrypted: |
false
|
Ssdeep: |
6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
|
Size: |
254875
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF52E.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF52E.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf11.0.dr
|
ID: |
dr_66
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.547857457374301
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXSpGLMeKlPaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyipTIw9eNGHmD0wbnKYZAH/lMZqiv
|
Size: |
332
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF52E.tmp\harvardanglia2008officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF52E.tmp\harvardanglia2008officeonline.xsl
|
Category: |
dropped
|
Dump: |
harvardanglia2008officeonline.xsl.0.dr
|
ID: |
dr_50
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
Entropy: |
5.00549404077789
|
Encrypted: |
false
|
Ssdeep: |
6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
|
Size: |
284415
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF52F.tmp\BracketList.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF52F.tmp\BracketList.glox
|
Category: |
dropped
|
Dump: |
BracketList.glox.0.dr
|
ID: |
dr_51
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.809492693601857
|
Encrypted: |
false
|
Ssdeep: |
96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
|
Size: |
4026
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF52F.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF52F.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf10.0.dr
|
ID: |
dr_52
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4916022431157345
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXsAl8xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8A8xoGHmD0+dAH/luWvv
|
Size: |
250
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF565.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF565.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf13.0.dr
|
ID: |
dr_89
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.523917709458511
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXC1l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnySvNGHmD0wbnKYZAH/lMZqiv
|
Size: |
288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF565.tmp\chicago.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF565.tmp\chicago.xsl
|
Category: |
dropped
|
Dump: |
chicago.xsl.0.dr
|
ID: |
dr_83
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.000002997029767
|
Encrypted: |
false
|
Ssdeep: |
6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
|
Size: |
296658
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF56B.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF56B.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf14.0.dr
|
ID: |
dr_91
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4842773155694724
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXDAlIJAFIloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyMlI7loGHmD0+dAH/luWvv
|
Size: |
256
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF56B.tmp\ConvergingText.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF56B.tmp\ConvergingText.glox
|
Category: |
dropped
|
Dump: |
ConvergingText.glox.0.dr
|
ID: |
dr_87
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.891971054886943
|
Encrypted: |
false
|
Ssdeep: |
192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
|
Size: |
11380
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF57B.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF57B.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf4.0.dr
|
ID: |
dr_16
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4845992218379616
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXQFoElh/lE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8lLGHmD0+dAH/luWvv
|
Size: |
254
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF57B.tmp\HexagonRadial.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF57B.tmp\HexagonRadial.glox
|
Category: |
dropped
|
Dump: |
HexagonRadial.glox.0.dr
|
ID: |
dr_103
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.886254023824049
|
Encrypted: |
false
|
Ssdeep: |
96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
|
Size: |
6024
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF58C.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF58C.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf15.0.dr
|
ID: |
dr_104
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.464918006641019
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXR+EqRGRnRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyB+5RmRGHmD0wbnKYZAH+Vwv
|
Size: |
256
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF58C.tmp\Equations.dotx
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF58C.tmp\Equations.dotx
|
Category: |
dropped
|
Dump: |
Equations.dotx.0.dr
|
ID: |
dr_88
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
5.541375256745271
|
Encrypted: |
false
|
Ssdeep: |
384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
|
Size: |
51826
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF58D.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF58D.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf16.0.dr
|
ID: |
dr_107
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.537169234443227
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXfQIUA/e/Wl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXZ/eulNGHmD0wbnKYZAH/lMZqiv
|
Size: |
302
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF58D.tmp\iso690nmerical.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF58D.tmp\iso690nmerical.xsl
|
Category: |
dropped
|
Dump: |
iso690nmerical.xsl.0.dr
|
ID: |
dr_90
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.068335381017074
|
Encrypted: |
false
|
Ssdeep: |
6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
|
Size: |
217137
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59D.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59D.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf17.0.dr
|
ID: |
dr_110
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5280239200222887
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXQAl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyllNGHmD0wbnKYZAH/lMZqiv
|
Size: |
278
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59D.tmp\gb.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59D.tmp\gb.xsl
|
Category: |
dropped
|
Dump: |
gb.xsl.0.dr
|
ID: |
dr_92
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.05419861997223
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
|
Size: |
268317
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59E.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59E.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf28.0.dr
|
ID: |
dr_158
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5026803317779778
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXC89ADni8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyf9ADiNGHmD0wbnKYZAH/lMZqiv
|
Size: |
292
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59E.tmp\gosttitle.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59E.tmp\gosttitle.xsl
|
Category: |
dropped
|
Dump: |
gosttitle.xsl.0.dr
|
ID: |
dr_131
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.102652100491927
|
Encrypted: |
false
|
Ssdeep: |
6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
|
Size: |
251032
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59F.tmp\CircleProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59F.tmp\CircleProcess.glox
|
Category: |
dropped
|
Dump: |
CircleProcess.glox.0.dr
|
ID: |
dr_125
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.9519793977093505
|
Encrypted: |
false
|
Ssdeep: |
384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
|
Size: |
16806
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF59F.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF59F.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf22.0.dr
|
ID: |
dr_148
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4720677950594836
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXOu9+MlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnycMlWlzGHmD0+dAH/luWvv
|
Size: |
254
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5D2.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5D2.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf18.0.dr
|
ID: |
dr_124
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5039994158393686
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX4f+E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvGHmD0+dAH/luWvv
|
Size: |
246
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5D2.tmp\TabbedArc.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5D2.tmp\TabbedArc.glox
|
Category: |
dropped
|
Dump: |
TabbedArc.glox.0.dr
|
ID: |
dr_109
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.772039166640107
|
Encrypted: |
false
|
Ssdeep: |
96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
|
Size: |
3683
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5E3.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5E3.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf3.0.dr
|
ID: |
dr_15
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5081874837369886
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXCOzi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnydONGHmD0wbnKYZAH/lMZqiv
|
Size: |
290
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5E3.tmp\gostname.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5E3.tmp\gostname.xsl
|
Category: |
dropped
|
Dump: |
gostname.xsl.0.dr
|
ID: |
dr_111
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.103631650117028
|
Encrypted: |
false
|
Ssdeep: |
6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
|
Size: |
255948
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5E4.tmp\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5E4.tmp\APASixthEditionOfficeOnline.xsl
|
Category: |
dropped
|
Dump: |
APASixthEditionOfficeOnline.xsl.0.dr
|
ID: |
dr_112
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
4.654450340871081
|
Encrypted: |
false
|
Ssdeep: |
6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
|
Size: |
333258
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5E4.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5E4.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.541819892045459
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXuqRDA5McaQVTi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxny+AASZQoNGHmD0wbnKYZAH/lMZqiv
|
Size: |
328
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5F5.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5F5.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf21.0.dr
|
ID: |
dr_137
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.484503080761839
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXGdQ1MecJZMlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny2dQ98MlWlzGHmD0+dAH/luWvv
|
Size: |
280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF5F5.tmp\InterconnectedBlockProcess.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF5F5.tmp\InterconnectedBlockProcess.glox
|
Category: |
dropped
|
Dump: |
InterconnectedBlockProcess.glox.0.dr
|
ID: |
dr_123
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.93263830735235
|
Encrypted: |
false
|
Ssdeep: |
192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
|
Size: |
9191
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF61A.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF61A.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf20.0.dr
|
ID: |
dr_136
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4895685222798054
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX4cPBl4xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyPl4xoGHmD0+dAH/luWvv
|
Size: |
260
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF61A.tmp\VaryingWidthList.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF61A.tmp\VaryingWidthList.glox
|
Category: |
dropped
|
Dump: |
VaryingWidthList.glox.0.dr
|
ID: |
dr_132
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.716021191059687
|
Encrypted: |
false
|
Ssdeep: |
48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
|
Size: |
3075
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF65F.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF65F.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf2.0.dr
|
ID: |
dr_11
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5414485333689694
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX8FaE3f8AWqlQqr++lcWimqnKOE3QepmlJ0+3FbnKfZObdADryMluxHZypo:fxnyj9AWI+acgq9GHmD0wbnKYZAH/lMf
|
Size: |
374
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF65F.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF65F.tmp\Text Sidebar (Annual Report Red and Black design).docx
|
Category: |
dropped
|
Dump: |
Text Sidebar (Annual Report Red and Black design).docx.0.dr
|
ID: |
dr_144
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
6.42327948041841
|
Encrypted: |
false
|
Ssdeep: |
768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
|
Size: |
47296
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF670.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF670.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf29.0.dr
|
ID: |
dr_159
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4721586910685547
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX9+RclTloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyteUTloGHmD0+dAH/luWvv
|
Size: |
254
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF670.tmp\chevronaccent.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF670.tmp\chevronaccent.glox
|
Category: |
dropped
|
Dump: |
chevronaccent.glox.0.dr
|
ID: |
dr_145
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.824383764848892
|
Encrypted: |
false
|
Ssdeep: |
96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
|
Size: |
4243
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF671.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF671.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf30.0.dr
|
ID: |
dr_161
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4938093034530917
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX44lWWoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvToGHmD0+dAH/luWvv
|
Size: |
242
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF671.tmp\TabList.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF671.tmp\TabList.glox
|
Category: |
dropped
|
Dump: |
TabList.glox.0.dr
|
ID: |
dr_153
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.8636569313247335
|
Encrypted: |
false
|
Ssdeep: |
96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
|
Size: |
4888
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF672.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF672.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf31.0.dr
|
ID: |
dr_163
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.48087342759872
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXXt1MIae2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyfMIaRGHmD0+dAH/luWvv
|
Size: |
252
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF672.tmp\PictureFrame.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF672.tmp\PictureFrame.glox
|
Category: |
dropped
|
Dump: |
PictureFrame.glox.0.dr
|
ID: |
dr_155
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.821066198539098
|
Encrypted: |
false
|
Ssdeep: |
96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
|
Size: |
4326
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF683.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF683.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf0.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4670546921349774
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX0XPYDxUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPYDCloGHmD0+dAH/luWvv
|
Size: |
286
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF683.tmp\ThemePictureAlternatingAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF683.tmp\ThemePictureAlternatingAccent.glox
|
Category: |
dropped
|
Dump: |
ThemePictureAlternatingAccent.glox.0.dr
|
ID: |
dr_157
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.87271654296772
|
Encrypted: |
false
|
Ssdeep: |
96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
|
Size: |
5630
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF693.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF693.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf1.0.dr
|
ID: |
dr_9
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5230842510951934
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXJuJaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyZuUw9eNGHmD0wbnKYZAH/lMZqiv
|
Size: |
314
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF693.tmp\ieee2006officeonline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF693.tmp\ieee2006officeonline.xsl
|
Category: |
dropped
|
Dump: |
ieee2006officeonline.xsl.0.dr
|
ID: |
dr_160
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
Entropy: |
4.977758311135714
|
Encrypted: |
false
|
Ssdeep: |
6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
|
Size: |
294178
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF694.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF694.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf26.0.dr
|
ID: |
dr_152
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4901887319218092
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXqhBMl0OoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyiMl0OoGHmD0+dAH/luWvv
|
Size: |
262
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF694.tmp\RadialPictureList.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF694.tmp\RadialPictureList.glox
|
Category: |
dropped
|
Dump: |
RadialPictureList.glox.0.dr
|
ID: |
dr_147
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.875182123405584
|
Encrypted: |
false
|
Ssdeep: |
96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
|
Size: |
5596
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF695.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF695.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf25.0.dr
|
ID: |
dr_151
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.472155835869843
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXGE2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny4GHmD0+dAH/luWvv
|
Size: |
238
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF695.tmp\rings.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF695.tmp\rings.glox
|
Category: |
dropped
|
Dump: |
rings.glox.0.dr
|
ID: |
dr_146
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.859615916913808
|
Encrypted: |
false
|
Ssdeep: |
96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
|
Size: |
5151
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF696.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF696.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf24.0.dr
|
ID: |
dr_150
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4692172273306268
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXcq9DsoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnysmYoGHmD0+dAH/luWvv
|
Size: |
258
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF696.tmp\pictureorgchart.glox
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF696.tmp\pictureorgchart.glox
|
Category: |
dropped
|
Dump: |
pictureorgchart.glox.0.dr
|
ID: |
dr_162
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.9204386289679745
|
Encrypted: |
false
|
Ssdeep: |
192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
|
Size: |
7370
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF6D7.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF6D7.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf6.0.dr
|
ID: |
dr_20
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.5161159456784024
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX+l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyulNGHmD0wbnKYZAH/lMZqiv
|
Size: |
290
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF6D7.tmp\turabian.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF6D7.tmp\turabian.xsl
|
Category: |
dropped
|
Dump: |
turabian.xsl.0.dr
|
ID: |
dr_17
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.023195898304535
|
Encrypted: |
false
|
Ssdeep: |
6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
|
Size: |
344303
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF6E7.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF6E7.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf5.0.dr
|
ID: |
dr_19
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.438490642908344
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUXZlaWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyplagN2RGHmD0wbnKYZAH+Vwv
|
Size: |
274
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF6E7.tmp\Element design set.dotx
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF6E7.tmp\Element design set.dotx
|
Category: |
dropped
|
Dump: |
Element design set.dotx.0.dr
|
ID: |
dr_18
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
7.352974342178997
|
Encrypted: |
false
|
Ssdeep: |
768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
|
Size: |
34415
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF708.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF708.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf23.0.dr
|
ID: |
dr_149
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.494357416502254
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX0XPE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPGHmD0+dAH/luWvv
|
Size: |
260
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF708.tmp\ThemePictureGrid.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF708.tmp\ThemePictureGrid.glox
|
Category: |
dropped
|
Dump: |
ThemePictureGrid.glox.0.dr
|
ID: |
dr_21
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.855499268199703
|
Encrypted: |
false
|
Ssdeep: |
192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
|
Size: |
6193
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF747.tmp\Content.inf
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF747.tmp\Content.inf
|
Category: |
dropped
|
Dump: |
Content.inf27.0.dr
|
ID: |
dr_156
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.4866056878458096
|
Encrypted: |
false
|
Ssdeep: |
6:fxnxUX0XrZUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXWloGHmD0+dAH/luWvv
|
Size: |
264
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF747.tmp\ThemePictureAccent.glox
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF747.tmp\ThemePictureAccent.glox
|
Category: |
dropped
|
Dump: |
ThemePictureAccent.glox.0.dr
|
ID: |
dr_154
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.897260397307811
|
Encrypted: |
false
|
Ssdeep: |
192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
|
Size: |
6448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF854.tmp\Banded.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF854.tmp\Banded.thmx
|
Category: |
dropped
|
Dump: |
Banded.thmx.0.dr
|
ID: |
dr_4
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.67409707491542
|
Encrypted: |
false
|
Ssdeep: |
12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
|
Size: |
562113
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF854.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF854.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf.0.dr
|
ID: |
dr_5
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.535736910133401
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXeAlFkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyRGymD0wbnKNAH/lMz1
|
Size: |
278
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF864.tmp\Frame.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF864.tmp\Frame.thmx
|
Category: |
dropped
|
Dump: |
Frame.thmx.0.dr
|
ID: |
dr_7
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.715248170753013
|
Encrypted: |
false
|
Ssdeep: |
6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
|
Size: |
523048
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF864.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF864.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf0.0.dr
|
ID: |
dr_6
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5159096381406645
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXQIa3ARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygIaqymD0wbnKNAH/lMz1
|
Size: |
276
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF886.tmp\View.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF886.tmp\View.thmx
|
Category: |
dropped
|
Dump: |
View.thmx.0.dr
|
ID: |
dr_12
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.668294441507828
|
Encrypted: |
false
|
Ssdeep: |
6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
|
Size: |
486596
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF886.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF886.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf1.0.dr
|
ID: |
dr_10
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.535303979138867
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUX3IlVARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnynG6ymD0wbnKNAH/lMz1
|
Size: |
274
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8B6.tmp\Dividend.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8B6.tmp\Dividend.thmx
|
Category: |
dropped
|
Dump: |
Dividend.thmx.0.dr
|
ID: |
dr_29
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.674434888248144
|
Encrypted: |
false
|
Ssdeep: |
6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
|
Size: |
570901
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8B6.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8B6.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf2.0.dr
|
ID: |
dr_28
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5459495297497368
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXvBAuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnypJymD0wbnKNAH/lMz1
|
Size: |
282
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8F8.tmp\Metropolitan.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8F8.tmp\Metropolitan.thmx
|
Category: |
dropped
|
Dump: |
Metropolitan.thmx.0.dr
|
ID: |
dr_37
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.689662652914981
|
Encrypted: |
false
|
Ssdeep: |
6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
|
Size: |
777647
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8F8.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8F8.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf3.0.dr
|
ID: |
dr_34
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5091498509646044
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUX1MiDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyFdMymD0wbnKNAH/lMz1
|
Size: |
290
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8F9.tmp\Parcel.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8F9.tmp\Parcel.thmx
|
Category: |
dropped
|
Dump: |
Parcel.thmx.0.dr
|
ID: |
dr_39
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.729143855239127
|
Encrypted: |
false
|
Ssdeep: |
6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
|
Size: |
608122
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF8F9.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF8F9.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf4.0.dr
|
ID: |
dr_35
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.516359852766808
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXKwRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6qymD0wbnKNAH/lMz1
|
Size: |
278
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF91A.tmp\Basis.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF91A.tmp\Basis.thmx
|
Category: |
dropped
|
Dump: |
Basis.thmx.0.dr
|
ID: |
dr_41
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.696653383430889
|
Encrypted: |
false
|
Ssdeep: |
12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
|
Size: |
558035
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF91A.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF91A.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf5.0.dr
|
ID: |
dr_53
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5361139545278144
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXeMWMluRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnycMlMymD0wbnKNAH/lMz1
|
Size: |
276
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF9E7.tmp\Parallax.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF9E7.tmp\Parallax.thmx
|
Category: |
dropped
|
Dump: |
Parallax.thmx.0.dr
|
ID: |
dr_56
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.824849396154325
|
Encrypted: |
false
|
Ssdeep: |
12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
|
Size: |
924687
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDF9E7.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDF9E7.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf6.0.dr
|
ID: |
dr_55
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.51145753448333
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXKsWkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6svymD0wbnKNAH/lMz1
|
Size: |
282
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFAC4.tmp\Quotable.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFAC4.tmp\Quotable.thmx
|
Category: |
dropped
|
Dump: |
Quotable.thmx.0.dr
|
ID: |
dr_59
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.8785200658952
|
Encrypted: |
false
|
Ssdeep: |
24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
|
Size: |
966946
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFAC4.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFAC4.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf7.0.dr
|
ID: |
dr_58
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5323495192404475
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXhduDARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyxdumymD0wbnKNAH/lMz1
|
Size: |
282
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFB43.tmp\Wood_Type.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFB43.tmp\Wood_Type.thmx
|
Category: |
dropped
|
Dump: |
Wood_Type.thmx.0.dr
|
ID: |
dr_62
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.875240099125746
|
Encrypted: |
false
|
Ssdeep: |
24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
|
Size: |
1649585
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFB43.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFB43.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf8.0.dr
|
ID: |
dr_61
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5552837910707304
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXtLARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygymD0wbnKNAH/lMz1
|
Size: |
284
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFBE1.tmp\Berlin.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFBE1.tmp\Berlin.thmx
|
Category: |
dropped
|
Dump: |
Berlin.thmx.0.dr
|
ID: |
dr_74
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.791956689344336
|
Encrypted: |
false
|
Ssdeep: |
24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
|
Size: |
976001
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFBE1.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFBE1.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf9.0.dr
|
ID: |
dr_75
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5270134268591966
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXa3Y1kRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyt1mymD0wbnKNAH/lMz1
|
Size: |
278
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFC70.tmp\Gallery.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFC70.tmp\Gallery.thmx
|
Category: |
dropped
|
Dump: |
Gallery.thmx.0.dr
|
ID: |
dr_78
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.906659368807194
|
Encrypted: |
false
|
Ssdeep: |
24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
|
Size: |
1091485
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFC70.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFC70.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf10.0.dr
|
ID: |
dr_77
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5301133500353727
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXp2pRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyZ2vymD0wbnKNAH/lMz1
|
Size: |
280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFCFF.tmp\Savon.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFCFF.tmp\Savon.thmx
|
Category: |
dropped
|
Dump: |
Savon.thmx.0.dr
|
ID: |
dr_82
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.92476783994848
|
Encrypted: |
false
|
Ssdeep: |
24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
|
Size: |
1204049
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFCFF.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFCFF.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf11.0.dr
|
ID: |
dr_80
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5364757859412563
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXARkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnywMymD0wbnKNAH/lMz1
|
Size: |
276
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFD3F.tmp\Circuit.thmx
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFD3F.tmp\Circuit.thmx
|
Category: |
dropped
|
Dump: |
Circuit.thmx.0.dr
|
ID: |
dr_93
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.898382456989258
|
Encrypted: |
false
|
Ssdeep: |
24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
|
Size: |
1463634
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFD3F.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFD3F.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf12.0.dr
|
ID: |
dr_94
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.5286004619027067
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXOzXkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6WymD0wbnKNAH/lMz1
|
Size: |
280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFED7.tmp\Droplet.thmx
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFED7.tmp\Droplet.thmx
|
Category: |
dropped
|
Dump: |
Droplet.thmx.0.dr
|
ID: |
dr_97
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.892395931401988
|
Encrypted: |
false
|
Ssdeep: |
24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
|
Size: |
1750795
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\TCDFED7.tmp\content.inf
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\TCDFED7.tmp\content.inf
|
Category: |
dropped
|
Dump: |
content.inf13.0.dr
|
ID: |
dr_96
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.528155916440219
|
Encrypted: |
false
|
Ssdeep: |
6:Q+sxnxUXcmlDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyMmloymD0wbnKNAH/lMz1
|
Size: |
280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cab2A1.tmp
|
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cab2A1.tmp
|
Category: |
dropped
|
Dump: |
cab2A1.tmp.0.dr
|
ID: |
dr_98
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852,
number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
|
Entropy: |
7.999066394602922
|
Encrypted: |
true
|
Ssdeep: |
49152:6Wp9u/ZAvKz7ZFCejPiSmYXKIr6kBwBUA:6W6Bn7ZFNiiKo2l
|
Size: |
1881952
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cab5DF.tmp
|
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cab5DF.tmp
|
Category: |
dropped
|
Dump: |
cab5DF.tmp.0.dr
|
ID: |
dr_101
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129,
number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
|
Entropy: |
7.999030891647433
|
Encrypted: |
true
|
Ssdeep: |
49152:ZSBBeAefkpB5iXfQJgi7JBaCCRZ3cM2VDHkvSJO6qzI1tE9Rn:EBI6gbCkMPDHKSJO6qsP6n
|
Size: |
2591108
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cab68D.tmp
|
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cab68D.tmp
|
Category: |
dropped
|
Dump: |
cab68D.tmp.0.dr
|
ID: |
dr_114
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID
59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
|
Entropy: |
7.992272975565323
|
Encrypted: |
true
|
Ssdeep: |
49152:NFXdpz4d98p/q5jA4q+9Uf5kx6wHR8WfPJZVhWzH4dRze76YP9nJ7yyAInT76nSY:NFXdKx5sM9SmxHKexZVhutJJVpCSqa0Z
|
Size: |
2527736
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cab6CD.tmp
|
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cab6CD.tmp
|
Category: |
dropped
|
Dump: |
cab6CD.tmp.0.dr
|
ID: |
dr_115
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969,
number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
|
Entropy: |
7.9991290831091115
|
Encrypted: |
true
|
Ssdeep: |
24576:O/gjMj+RP9Q07h9F75a0BXjBccHMVk2Hq2SkGa0QglyZtxmdPP2LcSUtfgfp16Yx:kJ6RP9Q07/X5V7yVF0QgktxAPutUt0zP
|
Size: |
1766185
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cab9DD.tmp
|
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cab9DD.tmp
|
Category: |
dropped
|
Dump: |
cab9DD.tmp.0.dr
|
ID: |
dr_120
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID
19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
|
Entropy: |
7.996842935632312
|
Encrypted: |
true
|
Ssdeep: |
98304:wh7I1aeH9YvgK+A+a7GiiQzP4YZDpQ2+Sd6Y:w21ay93aypQzzhpBL/
|
Size: |
3256855
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabCBD.tmp
|
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabCBD.tmp
|
Category: |
modified
|
Dump: |
cabCBD.tmp.0.dr
|
ID: |
dr_133
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
|
Entropy: |
7.997652455069165
|
Encrypted: |
true
|
Ssdeep: |
98304:1YYkj2mRz6vkkB15AW4QD0ms+FdniD60bDUpS:qYkj7d6vP7NZDLn+PM8
|
Size: |
3417042
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF497.tmp
|
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF497.tmp
|
Category: |
dropped
|
Dump: |
cabF497.tmp.0.dr
|
ID: |
dr_22
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.662386258803613
|
Encrypted: |
false
|
Ssdeep: |
384:M7FUtfIdqSHQs7G8E0GftpBjED/C4RQrFLrHRN7TT8DlvQyUTL2mH:sWgdqR2G8Pi6D6YQZTTMvU+mH
|
Size: |
22008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF4A8.tmp
|
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF4A8.tmp
|
Category: |
dropped
|
Dump: |
cabF4A8.tmp.0.dr
|
ID: |
dr_23
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
Entropy: |
7.818389271364328
|
Encrypted: |
false
|
Ssdeep: |
768:eNtFWk68dbr2QxbM971RqpzAA8Pi6TlHaGRA5yr:eNtEkpGSbuHAkP7TlHaGq54
|
Size: |
31471
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF4BA.tmp
|
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF4BA.tmp
|
Category: |
dropped
|
Dump: |
cabF4BA.tmp.0.dr
|
ID: |
dr_27
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
Entropy: |
7.825460303519308
|
Encrypted: |
false
|
Ssdeep: |
768:+0TU06CkaUYMoi//YX428RaFA8Pi6e9iA4I3w:vICTm/QorUpP7eAA4I3w
|
Size: |
32833
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF50A.tmp
|
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF50A.tmp
|
Category: |
dropped
|
Dump: |
cabF50A.tmp.0.dr
|
ID: |
dr_46
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
Entropy: |
7.806058951525675
|
Encrypted: |
false
|
Ssdeep: |
768:ktH7oN/HbwiV+M+4Jc+5UrT3czi5uOHQA8Pi6DxUR/WTZIy:87sPEANXJc+eTMsuzP7DmN0ZIy
|
Size: |
31008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF51B.tmp
|
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF51B.tmp
|
Category: |
dropped
|
Dump: |
cabF51B.tmp.0.dr
|
ID: |
dr_47
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
Entropy: |
7.81640835713744
|
Encrypted: |
false
|
Ssdeep: |
384:yhsBScEWkrljntbzuMmWh7ezPnGgbA8E0GftpBjohgsRFLrHRN7ybll7PK/p:MsBScwtnBmWNeTzA8PiuWsvyDI
|
Size: |
31562
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF51C.tmp
|
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF51C.tmp
|
Category: |
dropped
|
Dump: |
cabF51C.tmp.0.dr
|
ID: |
dr_48
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.61176626859621
|
Encrypted: |
false
|
Ssdeep: |
384:j3W3yGyjgbA8E0GftpBjEHvFLrHRN7pDAlI66Yv1:j3WFyAA8Pi6HVpDZ66c1
|
Size: |
20235
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF53F.tmp
|
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF53F.tmp
|
Category: |
dropped
|
Dump: |
cabF53F.tmp.0.dr
|
ID: |
dr_63
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.7574645319832225
|
Encrypted: |
false
|
Ssdeep: |
384:sbUX16g8/atF4NB3TJOvqeMRD/8svIZj/OwgbA8E0GftpBjEYwFLrHRN7mYll7PY:sbhg8yY4nMZK2hA8Pi6Yum4IVR
|
Size: |
26944
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF540.tmp
|
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF540.tmp
|
Category: |
dropped
|
Dump: |
cabF540.tmp.0.dr
|
ID: |
dr_64
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
Entropy: |
7.899157106666598
|
Encrypted: |
false
|
Ssdeep: |
768:+bjfeR1OOZvv439PlDe5/QzhgFSo0UEDmJwkqTA8Pi63Bsgn66w:IM3CN9ZzhFbUUwaP73BsB6w
|
Size: |
43653
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF541.tmp
|
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF541.tmp
|
Category: |
dropped
|
Dump: |
cabF541.tmp.0.dr
|
ID: |
dr_65
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.659898883631361
|
Encrypted: |
false
|
Ssdeep: |
384:b98FG/zdCbf7BOEawSi8E0GftpBjEPTFPxFLrHRN7S5ll7PK/pA2:N/zAbDae8Pi6PFPSRIA2
|
Size: |
22149
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF542.tmp
|
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF542.tmp
|
Category: |
dropped
|
Dump: |
cabF542.tmp.0.dr
|
ID: |
dr_67
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
|
Entropy: |
7.808231503692675
|
Encrypted: |
false
|
Ssdeep: |
384:rKfgT03jNkAFbgUQWtxq9OGh1bBkd/1MVHb5iVOdMgbA8E0GftpBjEl8tFLrHRNF:r303jOrUQAkfhopWHbA8Pi6l8zuUIq
|
Size: |
30957
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF553.tmp
|
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF553.tmp
|
Category: |
dropped
|
Dump: |
cabF553.tmp.0.dr
|
ID: |
dr_68
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
|
Entropy: |
7.8340762758330476
|
Encrypted: |
false
|
Ssdeep: |
768:IlFYcxiahedKSDNAPk5WEEfA8Pi6xnOKMRA58:2JitdKsNAM5WBDP7xOKMq58
|
Size: |
33610
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF564.tmp
|
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF564.tmp
|
Category: |
dropped
|
Dump: |
cabF564.tmp.0.dr
|
ID: |
dr_70
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
Entropy: |
7.846686335981972
|
Encrypted: |
false
|
Ssdeep: |
768:2LFougzHaUdBKUsM+Z56zBjA8Pi6bo+ld8IX:MFodzHaULR9P7bo+l6IX
|
Size: |
35519
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF566.tmp
|
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF566.tmp
|
Category: |
dropped
|
Dump: |
cabF566.tmp.0.dr
|
ID: |
dr_71
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
Entropy: |
7.820497014278096
|
Encrypted: |
false
|
Ssdeep: |
384:7SpOUxgQ9gFodHZktfHa2TSmcAg76j8/xorK0JoZgbA8E0GftpBjE2PzFLrHRN7S:OngHltf7Bcp/xoB3A8Pi625D8RA54
|
Size: |
31605
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF567.tmp
|
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF567.tmp
|
Category: |
dropped
|
Dump: |
cabF567.tmp.0.dr
|
ID: |
dr_72
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
|
Entropy: |
7.840826397575377
|
Encrypted: |
false
|
Ssdeep: |
768:i3R9VYnIYfPYmqX0CnF1SRHVnLG8Pi61YbEIFO:ih9VjYfPYlk+F1SJxP71YbEIFO
|
Size: |
34816
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF568.tmp
|
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF568.tmp
|
Category: |
dropped
|
Dump: |
cabF568.tmp.0.dr
|
ID: |
dr_84
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags
0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
Entropy: |
7.81952379746457
|
Encrypted: |
false
|
Ssdeep: |
768:ltJDH8NmUekomvNufaqA8Pi6x5q3KQIGu:lvINukgzP7x5mRIGu
|
Size: |
31835
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF569.tmp
|
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF569.tmp
|
Category: |
dropped
|
Dump: |
cabF569.tmp.0.dr
|
ID: |
dr_85
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders,
flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
|
Entropy: |
7.808057272318224
|
Encrypted: |
false
|
Ssdeep: |
768:LgHv7aLOcoLGQ4EykdrHwLa+A8Pi6Iv8ACIa:LwvWyx4EykdTwLaWP7I0ACIa
|
Size: |
31482
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF56A.tmp
|
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF56A.tmp
|
Category: |
dropped
|
Dump: |
cabF56A.tmp.0.dr
|
ID: |
dr_86
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.814202819173796
|
Encrypted: |
false
|
Ssdeep: |
384:0XbSq3W46TVZb5fOFo1HtZwGqtRT44hS+nyBoiuFgbA8E0GftpBjEcBFLrHRN7Ku:0XpOflfOFo1DMr/iuuA8Pi6cfKjW66b
|
Size: |
31083
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5C0.tmp
|
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5C0.tmp
|
Category: |
dropped
|
Dump: |
cabF5C0.tmp.0.dr
|
ID: |
dr_105
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.592090622603185
|
Encrypted: |
false
|
Ssdeep: |
384:v3Zh3VlkpSIcgbA8E0GftpBjEmm3UFLrHRN7GYvlvQyUTL2mTAp:v31qp/A8Pi6mUqGGvU+mcp
|
Size: |
19893
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5C1.tmp
|
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5C1.tmp
|
Category: |
dropped
|
Dump: |
cabF5C1.tmp.0.dr
|
ID: |
dr_106
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.729848360340861
|
Encrypted: |
false
|
Ssdeep: |
384:75V23GNhfG/YvmBqWDP7G8E0GftpBjEB1vrFLrHRN7mKll7PK/pRU0:LS/Yvc7TG8Pi6BLm6IS0
|
Size: |
25314
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5C2.tmp
|
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5C2.tmp
|
Category: |
dropped
|
Dump: |
cabF5C2.tmp.0.dr
|
ID: |
dr_108
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx",
iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
Entropy: |
7.9071408623961394
|
Encrypted: |
false
|
Ssdeep: |
768:WaxA0CH65GY3+fvCXCttfR8JEBrkquwDn+QV5V+vNWBatX/xG8Pi65sMuMjvU+mQ:hne65GYOfKXMSEBrBtDnzFAI4JxP75sM
|
Size: |
46413
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5F6.tmp
|
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5F6.tmp
|
Category: |
dropped
|
Dump: |
cabF5F6.tmp.0.dr
|
ID: |
dr_126
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.612044504501488
|
Encrypted: |
false
|
Ssdeep: |
384:zEAH676iPi8+IS5iqn7G8E0GftpBjExDxIHFLrHRN7Ke/ll7PK/pGaz6:zEhG8+ISrG8Pi6xDxCKoIGaz6
|
Size: |
20554
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5F7.tmp
|
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5F7.tmp
|
Category: |
dropped
|
Dump: |
cabF5F7.tmp.0.dr
|
ID: |
dr_127
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1,
extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.612540359660869
|
Encrypted: |
false
|
Ssdeep: |
384:KyeISBuydn5rpmp77G8E0GftpBjE/kFLrHRN7ngslI66YVj:KHISBvd5rpmFG8Pi6/6nK666j
|
Size: |
20457
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5F8.tmp
|
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5F8.tmp
|
Category: |
dropped
|
Dump: |
cabF5F8.tmp.0.dr
|
ID: |
dr_128
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.668619892503165
|
Encrypted: |
false
|
Ssdeep: |
384:GByvLdFHny7G8E0GftpBjE8upFLrHRN778lvQyUTL2mm2y:Oy3HkG8Pi6887mvU+ma
|
Size: |
22340
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5F9.tmp
|
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5F9.tmp
|
Category: |
dropped
|
Dump: |
cabF5F9.tmp.0.dr
|
ID: |
dr_129
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.570850633867256
|
Encrypted: |
false
|
Ssdeep: |
384:5ZII4Hf+7G8E0GftpBjCwBFLrHRN7bcClvQyUTL2mH:pG8PicgbcAvU+mH
|
Size: |
19288
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF5FA.tmp
|
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF5FA.tmp
|
Category: |
dropped
|
Dump: |
cabF5FA.tmp.0.dr
|
ID: |
dr_130
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.6297992466897675
|
Encrypted: |
false
|
Ssdeep: |
384:wWZsOvbMZGgbA8E0GftpBjEtnFLrHRN7Dfll7PK/pirk:xZRvuzA8Pi6t9DPISk
|
Size: |
21111
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62A.tmp
|
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62A.tmp
|
Category: |
dropped
|
Dump: |
cabF62A.tmp.0.dr
|
ID: |
dr_138
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags
0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.6559132103953305
|
Encrypted: |
false
|
Ssdeep: |
384:k73HRpZA6B3ulrnxtRT7G8E0GftpBjEdHqlFLrHRN7uhFlvQyUTL2m4c:k7XRgIkrG8Pi6dmuNvU+mp
|
Size: |
21875
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62B.tmp
|
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62B.tmp
|
Category: |
dropped
|
Dump: |
cabF62B.tmp.0.dr
|
ID: |
dr_139
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.674816892242868
|
Encrypted: |
false
|
Ssdeep: |
384:L7d2l8FbHaaIKbtv1gDISi8E0GftpBjEZRFLrHRN74bUll7PK/pd:LUlCIOt/8Pi6Zv4bMId
|
Size: |
22594
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62C.tmp
|
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62C.tmp
|
Category: |
dropped
|
Dump: |
cabF62C.tmp.0.dr
|
ID: |
dr_140
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.65837691872985
|
Encrypted: |
false
|
Ssdeep: |
384:PWew5RNDcvPgbA8E0GftpBjE0hsyaFLrHRN7BD9lI66YR:P3GRNDcEA8Pi60hsyABDo66g
|
Size: |
21791
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62D.tmp
|
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62D.tmp
|
Category: |
dropped
|
Dump: |
cabF62D.tmp.0.dr
|
ID: |
dr_141
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra
bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.641082043198371
|
Encrypted: |
false
|
Ssdeep: |
384:zdx+NRrogu6fzCI7Th7G8E0GftpBjEzZq4FLrHRN7/Oll7PK/pB:/+NRrFf/G8Pi6zZb/GIB
|
Size: |
21357
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62E.tmp
|
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62E.tmp
|
Category: |
dropped
|
Dump: |
cabF62E.tmp.0.dr
|
ID: |
dr_142
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number
1, extra bytes 20 in head, 1 datablock, 0x1203 compression
|
Entropy: |
7.692965575678876
|
Encrypted: |
false
|
Ssdeep: |
384:y6aR//q0bJi/Uj+957G8E0GftpBj/4YOFLrHRN7LxhKll7PK/ph:y6I/Li/UjmVG8PiZ4YsLxh6Ih
|
Size: |
23597
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF62F.tmp
|
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF62F.tmp
|
Category: |
dropped
|
Dump: |
cabF62F.tmp.0.dr
|
ID: |
dr_143
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
|
Entropy: |
7.7784119983764715
|
Encrypted: |
false
|
Ssdeep: |
384:WnJY165YD0tPYoCKa3HueqRyzVscLk1Yj2GjcgbA8E0GftpBjE2kWTpjFLrHRN7N:X4rtPzCK6uRoljXBA8Pi62ZphL0HRA5p
|
Size: |
28911
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF6C6.tmp
|
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF6C6.tmp
|
Category: |
dropped
|
Dump: |
cabF6C6.tmp.0.dr
|
ID: |
dr_13
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf",
2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
|
Entropy: |
7.89307894056
|
Encrypted: |
false
|
Ssdeep: |
768:Hx+UzBiwDQTXgBm029ClGn4BZz6i5kIew/jG8Pi6lYJz1gH:0ZXc29eGn2n5klwjxP7l2z1gH
|
Size: |
42788
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF832.tmp
|
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF832.tmp
|
Category: |
dropped
|
Dump: |
cabF832.tmp.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
Entropy: |
7.996451393909308
|
Encrypted: |
true
|
Ssdeep: |
6144:7vH3uG+yiWx0eVJyORloyyDqnHefzOs81MrXLXx7:b36yiWH/LRS2CJl1
|
Size: |
307348
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF853.tmp
|
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF853.tmp
|
Category: |
dropped
|
Dump: |
cabF853.tmp.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169,
number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
|
Entropy: |
7.995547668305345
|
Encrypted: |
true
|
Ssdeep: |
6144:zfdvQnJMwXse4Vradf3mrC7woyWbjKlCVC7K:zfJwJse4VrS1AK
|
Size: |
271273
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF875.tmp
|
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF875.tmp
|
Category: |
dropped
|
Dump: |
cabF875.tmp.0.dr
|
ID: |
dr_8
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885,
number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
|
Entropy: |
7.994458910952451
|
Encrypted: |
true
|
Ssdeep: |
6144:k8/c2cF9GTLqsTmYstUdx+dwb2ooiVOfiI17zWbQ:jbzqGdpbZ/Mf3h68
|
Size: |
222992
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF896.tmp
|
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF896.tmp
|
Category: |
dropped
|
Dump: |
cabF896.tmp.0.dr
|
ID: |
dr_14
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
Entropy: |
7.995561338730199
|
Encrypted: |
true
|
Ssdeep: |
6144:H2a+HFkDF8gpmMt4kzwVVqhSYO6DITxPWgJl1CFExwXyo7N:mlZgFtIVVTuDExeWuv7N
|
Size: |
276650
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF8C7.tmp
|
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF8C7.tmp
|
Category: |
dropped
|
Dump: |
cabF8C7.tmp.0.dr
|
ID: |
dr_31
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID
19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
|
Entropy: |
7.99541965268665
|
Encrypted: |
true
|
Ssdeep: |
6144:9blShNYrHNn0JU+D+kh8CIjXHWC7X0nZLC9Ge2KY/WfI:9ZSTYrtn0Sk+CIDHWC7chVKYx
|
Size: |
261258
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF8D8.tmp
|
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF8D8.tmp
|
Category: |
dropped
|
Dump: |
cabF8D8.tmp.0.dr
|
ID: |
dr_33
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500,
number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
|
Entropy: |
7.994759087207758
|
Encrypted: |
true
|
Ssdeep: |
6144:OTIPtMXmJWnzPS3pqnkeuJXW+FNx1a72rLiQxEBTR:750nz63/FJRFLISnp+Bt
|
Size: |
230916
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF8FA.tmp
|
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF8FA.tmp
|
Category: |
dropped
|
Dump: |
cabF8FA.tmp.0.dr
|
ID: |
dr_36
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632,
number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
|
Entropy: |
7.996203550147553
|
Encrypted: |
true
|
Ssdeep: |
6144:nwVaEqsf23c9shf6UyOGgDWDn/p3fd+zkPWnvGL3n9bQnkmVheyqtkl:MlPfW6sVEDn/pPdhWnvGL36zyyqal
|
Size: |
295527
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabF9C7.tmp
|
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabF9C7.tmp
|
Category: |
dropped
|
Dump: |
cabF9C7.tmp.0.dr
|
ID: |
dr_54
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081,
number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
|
Entropy: |
7.998289614787931
|
Encrypted: |
true
|
Ssdeep: |
12288:N4Ar9NyDhUQM0Hk86V1YnOIxQ9e6SJbj2OjK:jAG8wa5Qw6SZ2Oj
|
Size: |
550906
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFA85.tmp
|
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFA85.tmp
|
Category: |
dropped
|
Dump: |
cabFA85.tmp.0.dr
|
ID: |
dr_57
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
Entropy: |
7.99860205353102
|
Encrypted: |
true
|
Ssdeep: |
12288:eV7ivfl+kbkIrWu+2aoRjwv/cSUWauGPo2v65s4QqcT3ZCCz6CSj8aC:fdhr1+3y4MWaC2CO4V+3ZCCDsO
|
Size: |
640684
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFB13.tmp
|
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFB13.tmp
|
Category: |
dropped
|
Dump: |
cabFB13.tmp.0.dr
|
ID: |
dr_60
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778,
number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
|
Entropy: |
7.997550445816903
|
Encrypted: |
true
|
Ssdeep: |
12288:NPnBZX7wR3tMwYqNDQGnXTtfzO5U7yo6O7bLhe8yE3LLDok4a:JBMbYE7xzO5U917bLh/DL3oJa
|
Size: |
723359
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFBC1.tmp
|
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFBC1.tmp
|
Category: |
dropped
|
Dump: |
cabFBC1.tmp.0.dr
|
ID: |
dr_73
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672,
number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
|
Entropy: |
7.997838239368002
|
Encrypted: |
true
|
Ssdeep: |
12288:bUfKzAwwP7XAMWtr4FvMRt4lX0hnBdThiSb32+TdysrQgn7v4EemC6:sr7AMkJ34xu1bm4ZrQaY6
|
Size: |
698244
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFC50.tmp
|
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFC50.tmp
|
Category: |
dropped
|
Dump: |
cabFC50.tmp.0.dr
|
ID: |
dr_76
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349,
number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
|
Entropy: |
7.99899040756787
|
Encrypted: |
true
|
Ssdeep: |
24576:9B1Onw3vg7aeYPagzbJ5Vhv6LnV2Dhl7GEYqVjcyd:vww3o7BYPJbJ5Vh6UCqZfd
|
Size: |
953453
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFCBF.tmp
|
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFCBF.tmp
|
Category: |
dropped
|
Dump: |
cabFCBF.tmp.0.dr
|
ID: |
dr_79
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609,
number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
|
Entropy: |
7.998277814657051
|
Encrypted: |
true
|
Ssdeep: |
24576:qehtHA3nsAOx7yN7THwxdGpkw8R60aTcua5U4c:hhmnsBMNAxdGpV5za5Uv
|
Size: |
1065873
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFD00.tmp
|
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFD00.tmp
|
Category: |
dropped
|
Dump: |
cabFD00.tmp.0.dr
|
ID: |
dr_81
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309,
number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
|
Entropy: |
7.99825462915052
|
Encrypted: |
true
|
Ssdeep: |
24576:UE9BMy98gA4cDWHkSrDans3MfEE6w8OaVuCibol0j41dwD:UE9Bdy3D4keQWt7w85VuVoaj4/Q
|
Size: |
1097591
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Temp\cabFE98.tmp
|
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Temp\cabFE98.tmp
|
Category: |
dropped
|
Dump: |
cabFE98.tmp.0.dr
|
ID: |
dr_95
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417,
number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
|
Entropy: |
7.9985829899274385
|
Encrypted: |
true
|
Ssdeep: |
24576:NN3M9UHpHZE4aubaPubP3M6d71FdtmFAjq+54/79LVzG+VnS:NN3M9UJHZE4abPyU4JtmFCq+q/7JlVS
|
Size: |
1310275
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl
|
Category: |
dropped
|
Dump: |
MSO3072.acl.0.dr
|
ID: |
dr_30
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
1.2389205950315936
|
Encrypted: |
false
|
Ssdeep: |
3:+wJX:+wJ
|
Size: |
30
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Banded.thmx.0.dr
|
ID: |
dr_196
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.67409707491542
|
Encrypted: |
false
|
Ssdeep: |
12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
|
Size: |
562113
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Wood_Type.thmx.0.dr
|
ID: |
dr_205
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.875240099125746
|
Encrypted: |
false
|
Ssdeep: |
24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
|
Size: |
1649585
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Basis.thmx.0.dr
|
ID: |
dr_202
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.696653383430889
|
Encrypted: |
false
|
Ssdeep: |
12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
|
Size: |
558035
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Dividend.thmx.0.dr
|
ID: |
dr_199
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.674434888248144
|
Encrypted: |
false
|
Ssdeep: |
6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
|
Size: |
570901
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Frame.thmx.0.dr
|
ID: |
dr_197
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.715248170753013
|
Encrypted: |
false
|
Ssdeep: |
6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
|
Size: |
523048
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
|
Category: |
dropped
|
Dump: |
Mesh.thmx.0.dr
|
ID: |
dr_212
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.954129852655753
|
Encrypted: |
false
|
Ssdeep: |
49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
|
Size: |
3078052
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Metropolitan.thmx.0.dr
|
ID: |
dr_200
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.689662652914981
|
Encrypted: |
false
|
Ssdeep: |
6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
|
Size: |
777647
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Parallax.thmx.0.dr
|
ID: |
dr_203
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.824849396154325
|
Encrypted: |
false
|
Ssdeep: |
12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
|
Size: |
924687
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Quotable.thmx.0.dr
|
ID: |
dr_204
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.8785200658952
|
Encrypted: |
false
|
Ssdeep: |
24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
|
Size: |
966946
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Savon.thmx.0.dr
|
ID: |
dr_208
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.92476783994848
|
Encrypted: |
false
|
Ssdeep: |
24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
|
Size: |
1204049
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
|
Category: |
dropped
|
Dump: |
View.thmx.0.dr
|
ID: |
dr_198
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.668294441507828
|
Encrypted: |
false
|
Ssdeep: |
6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
|
Size: |
486596
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Berlin.thmx.0.dr
|
ID: |
dr_206
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.791956689344336
|
Encrypted: |
false
|
Ssdeep: |
24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
|
Size: |
976001
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Circuit.thmx.0.dr
|
ID: |
dr_209
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.898382456989258
|
Encrypted: |
false
|
Ssdeep: |
24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
|
Size: |
1463634
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Damask.thmx.0.dr
|
ID: |
dr_211
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.942378408801199
|
Encrypted: |
false
|
Ssdeep: |
49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
|
Size: |
2218943
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Droplet.thmx.0.dr
|
ID: |
dr_210
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.892395931401988
|
Encrypted: |
false
|
Ssdeep: |
24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
|
Size: |
1750795
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Main_Event.thmx.0.dr
|
ID: |
dr_213
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.970803022812704
|
Encrypted: |
false
|
Ssdeep: |
49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
|
Size: |
2924237
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Slate.thmx.0.dr
|
ID: |
dr_214
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.929430745829162
|
Encrypted: |
false
|
Ssdeep: |
49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
|
Size: |
2357051
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Vapor_Trail.thmx.0.dr
|
ID: |
dr_215
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.965784120725206
|
Encrypted: |
false
|
Ssdeep: |
49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
|
Size: |
3611324
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Gallery.thmx.0.dr
|
ID: |
dr_207
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.906659368807194
|
Encrypted: |
false
|
Ssdeep: |
24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
|
Size: |
1091485
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx
(copy)
|
Category: |
dropped
|
Dump: |
Parcel.thmx.0.dr
|
ID: |
dr_201
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.729143855239127
|
Encrypted: |
false
|
Ssdeep: |
6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
|
Size: |
608122
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox
(copy)
|
Category: |
dropped
|
Dump: |
architecture.glox.0.dr
|
ID: |
dr_164
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.88616857639663
|
Encrypted: |
false
|
Ssdeep: |
96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
|
Size: |
5783
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox
(copy)
|
Category: |
dropped
|
Dump: |
BracketList.glox.0.dr
|
ID: |
dr_167
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.809492693601857
|
Encrypted: |
false
|
Ssdeep: |
96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
|
Size: |
4026
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox
(copy)
|
Category: |
dropped
|
Dump: |
chevronaccent.glox.0.dr
|
ID: |
dr_177
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.824383764848892
|
Encrypted: |
false
|
Ssdeep: |
96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
|
Size: |
4243
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox
(copy)
|
Category: |
dropped
|
Dump: |
CircleProcess.glox.0.dr
|
ID: |
dr_188
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.9519793977093505
|
Encrypted: |
false
|
Ssdeep: |
384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
|
Size: |
16806
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging
Text]].glox (copy)
|
Category: |
dropped
|
Dump: |
ConvergingText.glox.0.dr
|
ID: |
dr_171
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.891971054886943
|
Encrypted: |
false
|
Ssdeep: |
192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
|
Size: |
11380
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox
(copy)
|
Category: |
dropped
|
Dump: |
HexagonRadial.glox.0.dr
|
ID: |
dr_185
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.886254023824049
|
Encrypted: |
false
|
Ssdeep: |
96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
|
Size: |
6024
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected
Block Process]].glox (copy)
|
Category: |
dropped
|
Dump: |
InterconnectedBlockProcess.glox.0.dr
|
ID: |
dr_192
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.93263830735235
|
Encrypted: |
false
|
Ssdeep: |
192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
|
Size: |
9191
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox
(copy)
|
Category: |
dropped
|
Dump: |
PictureFrame.glox.0.dr
|
ID: |
dr_181
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.821066198539098
|
Encrypted: |
false
|
Ssdeep: |
96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
|
Size: |
4326
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization
Chart]].glox (copy)
|
Category: |
dropped
|
Dump: |
pictureorgchart.glox.0.dr
|
ID: |
dr_189
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.9204386289679745
|
Encrypted: |
false
|
Ssdeep: |
192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
|
Size: |
7370
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture
List]].glox (copy)
|
Category: |
dropped
|
Dump: |
RadialPictureList.glox.0.dr
|
ID: |
dr_191
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.875182123405584
|
Encrypted: |
false
|
Ssdeep: |
96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
|
Size: |
5596
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox
(copy)
|
Category: |
dropped
|
Dump: |
TabbedArc.glox.0.dr
|
ID: |
dr_176
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.772039166640107
|
Encrypted: |
false
|
Ssdeep: |
96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
|
Size: |
3683
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox
(copy)
|
Category: |
dropped
|
Dump: |
TabList.glox.0.dr
|
ID: |
dr_178
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.8636569313247335
|
Encrypted: |
false
|
Ssdeep: |
96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
|
Size: |
4888
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture
Accent]].glox (copy)
|
Category: |
dropped
|
Dump: |
ThemePictureAccent.glox.0.dr
|
ID: |
dr_194
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.897260397307811
|
Encrypted: |
false
|
Ssdeep: |
192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
|
Size: |
6448
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture
Alternating Accent]].glox (copy)
|
Category: |
dropped
|
Dump: |
ThemePictureAlternatingAccent.glox.0.dr
|
ID: |
dr_182
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.87271654296772
|
Encrypted: |
false
|
Ssdeep: |
96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
|
Size: |
5630
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture
Grid]].glox (copy)
|
Category: |
dropped
|
Dump: |
ThemePictureGrid.glox.0.dr
|
ID: |
dr_193
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
Entropy: |
7.855499268199703
|
Encrypted: |
false
|
Ssdeep: |
192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
|
Size: |
6193
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width
List]].glox (copy)
|
Category: |
dropped
|
Dump: |
VaryingWidthList.glox.0.dr
|
ID: |
dr_175
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.716021191059687
|
Encrypted: |
false
|
Ssdeep: |
48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
|
Size: |
3075
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Microsoft OOXML
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox
(copy)
|
Category: |
dropped
|
Dump: |
rings.glox.0.dr
|
ID: |
dr_190
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft OOXML
|
Entropy: |
7.859615916913808
|
Encrypted: |
false
|
Ssdeep: |
96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
|
Size: |
5151
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
APASixthEditionOfficeOnline.xsl.0.dr
|
ID: |
dr_180
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
4.654450340871081
|
Encrypted: |
false
|
Ssdeep: |
6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
|
Size: |
333258
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
chicago.xsl.0.dr
|
ID: |
dr_170
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.000002997029767
|
Encrypted: |
false
|
Ssdeep: |
6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
|
Size: |
296658
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
gb.xsl.0.dr
|
ID: |
dr_174
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.05419861997223
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
|
Size: |
268317
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
gostname.xsl.0.dr
|
ID: |
dr_184
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.103631650117028
|
Encrypted: |
false
|
Ssdeep: |
6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
|
Size: |
255948
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
gosttitle.xsl.0.dr
|
ID: |
dr_195
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.102652100491927
|
Encrypted: |
false
|
Ssdeep: |
6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
|
Size: |
251032
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
harvardanglia2008officeonline.xsl.0.dr
|
ID: |
dr_168
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
Entropy: |
5.00549404077789
|
Encrypted: |
false
|
Ssdeep: |
6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
|
Size: |
284415
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
ieee2006officeonline.xsl.0.dr
|
ID: |
dr_179
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
Entropy: |
4.977758311135714
|
Encrypted: |
false
|
Ssdeep: |
6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
|
Size: |
294178
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
iso690.xsl.0.dr
|
ID: |
dr_166
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.073814698282113
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
|
Size: |
270198
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
iso690nmerical.xsl.0.dr
|
ID: |
dr_173
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.068335381017074
|
Encrypted: |
false
|
Ssdeep: |
6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
|
Size: |
217137
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
mlaseventheditionofficeonline.xsl.0.dr
|
ID: |
dr_169
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.003842588822783
|
Encrypted: |
false
|
Ssdeep: |
6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
|
Size: |
254875
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
turabian.xsl.0.dr
|
ID: |
dr_187
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.023195898304535
|
Encrypted: |
false
|
Ssdeep: |
6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
|
Size: |
344303
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
(copy)
|
Category: |
dropped
|
Dump: |
sist02.xsl.0.dr
|
ID: |
dr_165
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
5.057714239438731
|
Encrypted: |
false
|
Ssdeep: |
6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
|
Size: |
250983
|
Whitelisted: |
true
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx
(copy)
|
Category: |
dropped
|
Dump: |
Equations.dotx.0.dr
|
ID: |
dr_172
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
5.541375256745271
|
Encrypted: |
false
|
Ssdeep: |
384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
|
Size: |
51826
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text
Sidebar (Annual Report Red and Black design)]].docx (copy)
|
Category: |
dropped
|
Dump: |
Text Sidebar (Annual Report Red and Black design).docx.0.dr
|
ID: |
dr_183
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
6.42327948041841
|
Encrypted: |
false
|
Ssdeep: |
768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
|
Size: |
47296
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx
(copy)
|
Category: |
dropped
|
Dump: |
Element design set.dotx.0.dr
|
ID: |
dr_186
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
7.352974342178997
|
Encrypted: |
false
|
Ssdeep: |
768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
|
Size: |
34415
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Microsoft Word 2007+
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx
(copy)
|
Category: |
dropped
|
Dump: |
Insight design set.dotx.0.dr
|
ID: |
dr_216
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
Microsoft Word 2007+
|
Entropy: |
7.898517227646252
|
Encrypted: |
false
|
Ssdeep: |
98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
|
Size: |
3465076
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\Desktop\~$nual_Benefits_&_Bonus_for_Babu.varghese_IyNURVhUTlVNUkFORE9NNDUjIw__.docx
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\Desktop\~$nual_Benefits_&_Bonus_for_Babu.varghese_IyNURVhUTlVNUkFORE9NNDUjIw__.docx
|
Category: |
dropped
|
Dump: |
~$nual_Benefits_&_Bonus_for_Babu.varghese_IyNURVhUTlVNUkFORE9NNDUjIw__.docx.0.dr
|
ID: |
dr_32
|
Target ID: |
0
|
Process: |
C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
|
Type: |
data
|
Entropy: |
3.576602889404305
|
Encrypted: |
false
|
Ssdeep: |
3:KVGl/lilKlRAGlFAgjqmgV++qqf/0n855Mn:KVy/4KD5uXYs/0n8nM
|
Size: |
162
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|