Edit tour
Windows
Analysis Report
FOR105 - Change Order Authorisation Form - A80293 -aw.docx
Overview
General Information
| Sample name: | FOR105 - Change Order Authorisation Form - A80293 -aw.docx |
| Analysis ID: | 1524642 |
| MD5: | b1d37b254f8d83d9e335388e5c1d1d43 |
| SHA1: | 14ebca7ff4263ca590b793dc197797baf0fa1e2e |
| SHA256: | 966512bb6ba25d2c99d4bbcf1eb25ede8003aad037f5ec7426cd0ea4fe5cef89 |
| Infos: |  |
 | |
Detection
| Score: | 48 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Office viewer loads remote template
Sigma detected: Suspicious Microsoft Office Child Process
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Document misses a certain OLE stream usually present in this Microsoft Office document type
Sigma detected: Suspicious Execution From GUID Like Folder Names
Stores large binary data to the registry
Unable to load, office file is protected or invalid
Classification
- System is w10x64
WINWORD.EXE (PID: 7772 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\WINWO RD.EXE" /A utomation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678) 
splwow64.exe (PID: 8004 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73) 
verclsid.exe (PID: 8048 cmdline: C:\Windows \SysWOW64\ verclsid.e xe /S /C { 00020D0B-0 000-0000-C 000-000000 000046} /I {00000112 -0000-0000 -C000-0000 00000046} /X 0x5 MD5: 190A347DF06F8486F193ADA0E90B49C5) 
OUTLOOK.EXE (PID: 7520 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\AppD ata\Local\ Temp\{89FE 3B17-4E19- 4916-AF4F- F4F8E61912 6A}\{9D0DB 8A9-002C-4 D6F-998A-3 AFE3A2FCFF B}\FW Blac kbook - FW Urban Uti lities - C ontact req uest for S ervices .m sg" MD5: 91A5292942864110ED734005B7E005C0)
- cleanup
⊘No configs have been found
⊘No yara matches
System Summary |   |
|---|
| Source: | Author: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: | ||
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | File opened: | Jump to behavior | ||
| Source: | Memory has grown: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | Stream path '\x1Ole10Native' : | ||
| Source: | Stream path '\x1Ole10Native' : | ||
| Source: | Stream path '_1789405707/\x1Ole10Native' : | ||
| Source: | Stream path '_1789405729/\x1Ole10Native' : | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Window title found: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | 2 Process Injection | 2 Masquerading | OS Credential Dumping | 2 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Process Injection | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1524642 |
| Start date and time: | 2024-10-03 02:21:35 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 46s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | FOR105 - Change Order Authorisation Form - A80293 -aw.docx |
| Detection: | MAL |
| Classification: | mal48.evad.winDOCX@8/247@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MavInject32.exe
- Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 184.28.90.27, 52.111.231.23, 52.111.231.24, 52.111.231.25, 52.111.231.26, 20.50.201.200, 52.109.28.47, 95.101.111.168, 95.101.111.179, 2.18.64.211, 2.18.64.220, 52.178.17.233
- Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedscolprdweu04.westeurope.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, onedscolprdweu08.westeurope.cloudapp.azure.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, neu-azsc-config.officeapps.live.com, nle
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
| Time | Type | Description |
|---|---|---|
| 20:22:54 | API Interceptor |
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118 |
| Entropy (8bit): | 3.5700810731231707 |
| Encrypted: | false |
| SSDEEP: | 3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq |
| MD5: | 573220372DA4ED487441611079B623CD |
| SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
| SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
| SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 245980 |
| Entropy (8bit): | 4.357711409828153 |
| Encrypted: | false |
| SSDEEP: | 1536:xVx4O9YLE4gsONKhD0WMkgs1ONcAz79ysQqt2aM4fqoQjZrcm0FvoSHy+H+NXWvr:3i7g84Cg3miGu2CqoQtrt0FvInQVh02n |
| MD5: | A2349116D52996C9A20D93E25D0BD0CC |
| SHA1: | 302AD52EC7754BE3D622E36FD585C138894AACD9 |
| SHA-256: | 89FEA888EA4E5B6A20525234C3675C3CAE2E07ED36C37510B8A16484C676BA93 |
| SHA-512: | 187FE88746D6EE1F7CEA910EE8BC9A0AEDE6885ECEF476483551A906C4FF9FDD2EA4FF7B44A437B18D25B2D0C797D99C1A702F3BC1C5B014C230A66C3976C1A1 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\630F2CE1-5579-4E30-B112-0DF591EDF2A0
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 177088 |
| Entropy (8bit): | 5.286728115360731 |
| Encrypted: | false |
| SSDEEP: | 1536:Zi2XfRAqcbH41gwEwLe7HW8bM/o/NM5cAZl1p5ihs7EXXCEAD2OdaLI:cCe7HW8bM/o/9XPkiI |
| MD5: | 7CD82AEAFD4BF71DFFEB311F8DC5815D |
| SHA1: | 06E9D6D0ACEEE530CC47A1A7724EBF89E0973757 |
| SHA-256: | 01FA239A02610248BB96F81AFC7B752ED56B7F3152CFD593287C8156378FD432 |
| SHA-512: | E2FF9D810DA6FB51662E87436C515A3E98EA90190B16410069E0807D39171DDD5A86A01FA47E8161DAFD2B88398F8616ADEF6D440FC140046855187DFD06CB03 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4096 |
| Entropy (8bit): | 0.09216609452072291 |
| Encrypted: | false |
| SSDEEP: | 3:lSWFN3l/klslpF/4llfll:l9F8E0/ |
| MD5: | F138A66469C10D5761C6CBB36F2163C3 |
| SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
| SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
| SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4616 |
| Entropy (8bit): | 0.13760166725504608 |
| Encrypted: | false |
| SSDEEP: | 3:7FEG2l+APWlH/FllkpMRgSWbNFl/sl+ltlslVlllfllAPn:7+/lNPWlBg9bNFlEs1EP/QPn |
| MD5: | A3DCB9D2E87307B152B10C172ABE57F9 |
| SHA1: | 07E1274F1FAA6F5BD7CF1552D1D1FD19449F1BC9 |
| SHA-256: | 763AEC772D4612BA59DE39C0C3C261B532956BA4609BE9E20BC4E0D0A3BE6A7E |
| SHA-512: | F4E77466834A943D3A1228CD41D1D558A25FE5A697B74DD871C937B97BE7D0892AD0316F341EBF8E0A2F4986B93817AFE6BE8D07A0A978B42B8D1BA827E5936D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32768 |
| Entropy (8bit): | 0.0446603401158491 |
| Encrypted: | false |
| SSDEEP: | 6:G4l2lts0BlNl2lts0B/lML9XXPH4l942U:l2ltsK32ltsZ5A0 |
| MD5: | 3056FEA6882033A652F3E58039E8D0D0 |
| SHA1: | 87E32BF50601A60BB168B9009CD1FEDCBFEE7815 |
| SHA-256: | 42D30C5812F7A4124787E8FE6FEDE2B6C0D328B40BF5C2DD486FD37EA854B619 |
| SHA-512: | 1E07F7D308091EF296649F024F15C5C5527C74AB142AE0679CD6C869DF5BA575171C9EC85C78DE498258EE6952218C683FCD4B67ACE3CDDFF969EDC2AE4666F8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 45352 |
| Entropy (8bit): | 0.3952408769413016 |
| Encrypted: | false |
| SSDEEP: | 24:KIClVQ3zRDOUll7DBtDi4kZERDn1zqt8VtbDBtDi4kZERD/Rp:kVQ1KUll7DYMBzO8VFDYMr |
| MD5: | 1954CAEFC9C73EF9A9C7C4F24A8F2F15 |
| SHA1: | 71DD46D81D2D7FB53BB369F8F41FE3319BDC07C7 |
| SHA-256: | E3FF3B9519791C231122A8EEF8A85E887DD8F1F34B01909A9054434182DDA3AA |
| SHA-512: | E69DBF713FCCD03EB4DBB9AAFD17F4C0157D43577245A37F003C359382327C639FC90A1D32AE521744A6743CC60BED2393B173840ECB4B925B77B0966F090960 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2278 |
| Entropy (8bit): | 3.837171012900633 |
| Encrypted: | false |
| SSDEEP: | 48:uiTrlKxsxxuxl9Il8uFot9sXLUSB3sdyBd1rc:vqYjo0oysdZ |
| MD5: | C90EB96DEB3EF4140867F957F5D34C62 |
| SHA1: | B8CAD3C416F21309FFB3A0CCBB2ECD651565BE3C |
| SHA-256: | AFE59FA27BEB845C6516E87A905C8257D1235DA484D92574ED75596D783AED95 |
| SHA-512: | 71444D780DA2F1EE7EB5D9436FE8244936572279EFEC9612C166F40DEB62DBD4CAC1BBFF368E572634EBFA89944E9225611C8B47DBB21DE9A6CF6ADE563F6AB9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2684 |
| Entropy (8bit): | 3.9066997965073362 |
| Encrypted: | false |
| SSDEEP: | 48:uiTrlKxJxlYxl9Il8uFoUjAjitnemFugspoD0R+d/vc:WEYjoUUO9tup20t |
| MD5: | ED57AB56838734A719F89F369E6D36F5 |
| SHA1: | 8DC0546EB0FC11DC39E45A2F71768DB5F49C36D7 |
| SHA-256: | 20AAD844BA479A50214160BC9E1143C6113F79FD7CF1667E84C0FF371B2A21CF |
| SHA-512: | F76E858492130094D36694CFC94248028B6DACE0A51867FFA21BACA06A6434C8F6D4DA5CF86F14174ABD6854E2FC6448346487F180333127699BBE8D44110EDE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4542 |
| Entropy (8bit): | 4.002585339557618 |
| Encrypted: | false |
| SSDEEP: | 96:aYjod+C2qgOo+LU4RH1vjyiGRTs+wrIrSgGwmYC3brp:a8LvO5xryiGRTwrIjG33vp |
| MD5: | A914453D18B0E49130EE4D061A2DB90C |
| SHA1: | 6C53107BD5BF57FB6719E90AF219CC631EF7E83D |
| SHA-256: | 6A6C995A2B333AE8B205585120025DA71827107DEB6ACC2AEF993015F2086AFA |
| SHA-512: | C3D905CB12BAAC9E571465388B88117DF6856D240669A882B3483492106D3DBAAE5469E763AAAA0AE850943C4547078671537CB19393D104AAD6A4FAD48E99F0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36088 |
| Entropy (8bit): | 7.952740552982943 |
| Encrypted: | false |
| SSDEEP: | 768:KyJsoDFGO9MaSDuVPRSCCvN3ELpRIDT4n4ZY6vFftTUCz3tzWF2ScsVZRV0eXTg:B+o5JMmPRS5vN0d64n4ZY6nzdLsdlXU |
| MD5: | 3322695AB049708EF4D4EA800374E682 |
| SHA1: | 642602EF629ED1DB87E151ACD2E4380AD9F673E1 |
| SHA-256: | E22CC1BDD7081912060088832666B333CBC948B514F0267240C3C7DC808E75C4 |
| SHA-512: | 4DF8A308D6ADB93BF5256EC88DB7A87B05769BE04E749F49AD42DD3970691D414C291B0B063AC98899D5B0DBAF255C5788BDA4442926B83FB121894CB8CF1110 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54601 |
| Entropy (8bit): | 7.506680937878475 |
| Encrypted: | false |
| SSDEEP: | 1536:iy9MnLm9MLL39MoL89MFLV9MGLNw/5M/WMj/X/MC/XMMZ/XQMs/XYMD/X1MX/Xic:iy9MnLm9MLL39MoL89MFLV9MGL+/5M/B |
| MD5: | BF4E6E1970D3C95CAF20FD482FACB108 |
| SHA1: | 2DEC96F6BFBAD38E24FD99693BCF9BE332600017 |
| SHA-256: | 774A2D28C08B2AD7E88554F26E050A5DE7B374BDD26372DB3EB679A0E2E2524B |
| SHA-512: | 7A41C49AAF2AD469FE0A0FF7B571561AAF56A6587D0DB7953DDAB12ED38381F0E23C15CD8B9A3323F16D529FA0B323932FCB77F34868D9C77E49D897754824C5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8896 |
| Entropy (8bit): | 2.1067675713560408 |
| Encrypted: | false |
| SSDEEP: | 48:xebEC13yUoDbMN/rfaWUJ6iofQRCfMorh9Q0dDY8nFEfQWacJ:UYC1ivbMN/OFJhofQylbQuDFEfQWacJ |
| MD5: | 3B35D1D3BBA38510B390F099870B599A |
| SHA1: | 11A0F08EAD80410DD47D9CEAC6D4A7D68F0CA2BD |
| SHA-256: | 894EDEBEC03FF6E1CBA5E20EECB2D625B0D2FA0FEEA9655CE2629F9295BE0103 |
| SHA-512: | 8C9A3754EF8917DABF432B16C81991B2CDC911F3982297A9907AD2C7995776506D82A4D862FE8500FC2722AEEB299FD12496D7DE6DB26D18145360271C7E7424 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{AD14230D-2812-4879-87BA-B37938B66557}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1072172 |
| Entropy (8bit): | 7.286783499705081 |
| Encrypted: | false |
| SSDEEP: | 12288:qcL0vfs4VER5dSG7Lw6tBft/EwxVZ+76U0g2HD3cL0vfs4VER5dSG7Lw6tBft/Eo:/efsPSw/LVZU6UPefsPSw/LVZU6UM |
| MD5: | 3767CDF3A34D128B2797E79873D5BED6 |
| SHA1: | D3BFDE37951106F1D1E978C417CEFC814C69F480 |
| SHA-256: | 7F6A0955DD40625AE04CB0AB10665EFCE57B328DEE8C345B279D4FEFBDFFE511 |
| SHA-512: | 93B1909BBCACE4AE31FF4ED1B901D5EAD51A5A56EE265BD1A6BA44709097E01FA431F803C0CB7ED76E3151F90D88BF8A76BCDABDF309B84EC6380FC1CB7CB676 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9472F4F6-C937-4A60-8E64-5E82D78A86CB}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29696 |
| Entropy (8bit): | 4.295526697407564 |
| Encrypted: | false |
| SSDEEP: | 384:60yNCLa59QZv43PSp1FlTBRCF/tgEKRQL7RrxLME:604b5iZvoUFlFRCF/tgtREFrxAE |
| MD5: | 493A2F72E45DFBFE11D8C3202194C378 |
| SHA1: | BFDDF0AC207786E9A97BDFF7C5660FA47DB7F82A |
| SHA-256: | 6777FAEBB2F42292E51A4C26056F9B0CD938D43A3E549901703C8E7129BAC20A |
| SHA-512: | CEC90395DC27A7B7BE8FFD4D63B3509FABB20ED65FFF422D9D1F3B2B0B870CA84EB874CCEEAD2A4F45C0ECECEBD31E93E6BDA8F8F2F537C5F93E1209E9D8F79A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9CC52220-A1EC-42B0-ACA0-702836C4DDF7}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1536 |
| Entropy (8bit): | 1.520521175425326 |
| Encrypted: | false |
| SSDEEP: | 6:mEMEEE3Dmlq14sl9lCgK6XMkOy0PFgyz8ym:tDmQ19YP6ckQtnz8X |
| MD5: | 3814BDF22B0DFB13CF614A61DBDDB1B4 |
| SHA1: | 5250A4F4A0E4AF55FC1C993B8829F9E55D1A77C5 |
| SHA-256: | EF4D6AF4FF0B366C0901ABC958758DEC19C31B2ED5CEF4F8E8C4A46C7291F129 |
| SHA-512: | B79564F41AAE560B35F009C9B2D976CE4C7C8DF8D04F198ACF78FF71E3198329DA705893E58927CABFA7288AAD8CE3A2B065DDECC9EB7D7F7AC22F86028C27A2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727914980726636300_2C6265CF-ABEB-470B-B1BF-29E99DAD0C73.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.003765291281734722 |
| Encrypted: | false |
| SSDEEP: | 96:vG1XKxGQ8dum7KmBKTKKW9Q8dZKL4KcSQ8dfi7Kg/b9PK+EQ8dv4NgDiBWKypQ8n:wrKTJL6u4NvB6nF |
| MD5: | 5D53A48479BAB808603C31DEFED5928E |
| SHA1: | 3D0D2745402E723C9A1A41DE96B633E8E381046F |
| SHA-256: | 622030DD485D674C88679494D1FE9FDD59D2CDAC5A17603205B6E287948AF7A9 |
| SHA-512: | D21C11881AA2EEFCB11215C16D7252824B6C9A1595BC8E6E870A6ADBA4CA6146FB43CF28BA41D514D464CAEF208EAB6D72E8C96C936AD71E446B90CE6B773C55 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727914980727438100_2C6265CF-ABEB-470B-B1BF-29E99DAD0C73.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20971520 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
| SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
| SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
| SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1727914952495730600_E088B89C-989D-4FF7-A328-DCBFF393ADBF.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 37782 |
| Entropy (8bit): | 5.440827005010874 |
| Encrypted: | false |
| SSDEEP: | 768:SNTBVjlHVelnSOj+irr01LOhB6+aacHgAR/E9mfpNBSFzhV+BUfwkr/Z+XD:SNTBVjlHVGnbj+irr01ahB6icHgABEgx |
| MD5: | 6833FA67B867490C2934E43745EB77D4 |
| SHA1: | B7C87A9611756DF2DD5C52BD838D2D29FE6C3D3D |
| SHA-256: | 3ABDE0062BDB67A11DB884133F46327F9EBBE55E9BE8469491D6877BDA553A29 |
| SHA-512: | F8EB7E47E7F8B62A91346B404E9E1BC15BA9D51F9FB9C0254B064EB42FF636F03AB14A851FA60D399BA64CF203F32E4D50337BE4249499D6D10F3978E84438FD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T2023000466-7520.etl
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 36864 |
| Entropy (8bit): | 4.456589062670061 |
| Encrypted: | false |
| SSDEEP: | 192:cL+3ZkL+djAB/RgInJ5AIgDpkLFLQLrLuLTLTL9DXeILzbLp8nWLvqbPRKLbOj7H:LJpdsB/RgInJ5AIgFouFptKeOKFw+n |
| MD5: | 73F1F41105C117F69E436C3728761990 |
| SHA1: | C9284D0E2BF767F62B8C701582C53A45B591EEA9 |
| SHA-256: | 605038CC941F7082288EAA8BFC4A7BF364B2BEE45DE6223E1DA6EAB3657A89AC |
| SHA-512: | EDFC7CD2F6A071E67A2BA32FBF3802BB1431314198A95CF4A029D30511B5FB52DFEFF098A7C5300DF2421F87568A2B36519EAD055C32E47AED02D9C8FBA4D696 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 374 |
| Entropy (8bit): | 3.5414485333689694 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX8FaE3f8AWqlQqr++lcWimqnKOE3QepmlJ0+3FbnKfZObdADryMluxHZypo:fxnyj9AWI+acgq9GHmD0wbnKYZAH/lMf |
| MD5: | 2F7A8FE4E5046175500AFFA228F99576 |
| SHA1: | 8A3DE74981D7917E6CE1198A3C8E35C7E2100F43 |
| SHA-256: | 1495B4EC56B371148EA195D790562E5621FDBF163CDD8A5F3C119F8CA3BD2363 |
| SHA-512: | 4B8FBB692D91D88B584E46C2F01BDE0C05DCD5D2FF073D83331586FB3D201EACD777D48DB3751E534E22115AA1C3C30392D0D642B3122F21EF10E3EE6EA3BE82 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\TCDEC86.tmp\Text Sidebar (Annual Report Red and Black design).docx
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47296 |
| Entropy (8bit): | 6.42327948041841 |
| Encrypted: | false |
| SSDEEP: | 768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE |
| MD5: | 5A53F55DD7DA8F10A8C0E711F548B335 |
| SHA1: | 035E685927DA2FECB88DE9CAF0BECEC88BC118A7 |
| SHA-256: | 66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303 |
| SHA-512: | 095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256 |
| Entropy (8bit): | 3.464918006641019 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXR+EqRGRnRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyB+5RmRGHmD0wbnKYZAH+Vwv |
| MD5: | 93149E194021B37162FD86684ED22401 |
| SHA1: | 1B31CAEBE1BBFA529092BE834D3B4AD315A6F8F1 |
| SHA-256: | 50BE99A154A6F632D49B04FCEE6BCA4D6B3B4B7C1377A31CE9FB45C462D697B2 |
| SHA-512: | 410A7295D470EC85015720B2B4AC592A472ED70A04103D200FA6874BEA6A423AF24766E98E5ACAA3A1DBC32C44E8790E25D4611CD6C0DBFFFE8219D53F33ACA7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51826 |
| Entropy (8bit): | 5.541375256745271 |
| Encrypted: | false |
| SSDEEP: | 384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu |
| MD5: | 2AB22AC99ACFA8A82742E774323C0DBD |
| SHA1: | 790F8B56DF79641E83A16E443A75A66E6AA2F244 |
| SHA-256: | BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D |
| SHA-512: | E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 302 |
| Entropy (8bit): | 3.537169234443227 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXfQIUA/e/Wl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXZ/eulNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 9C00979164E78E3B890E56BE2DF00666 |
| SHA1: | 1FA3C439D214C34168ADF0FBA5184477084A0E51 |
| SHA-256: | 21CCB63A82F1E6ACD6BAB6875ABBB37001721675455C746B17529EE793382C7B |
| SHA-512: | 54AC8732C2744B60DA744E54D74A2664658E4257A136ABE886FF21585E8322E028D8243579D131EF4E9A0ABDDA70B4540A051C8B8B60D65C3EC0888FD691B9A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217137 |
| Entropy (8bit): | 5.068335381017074 |
| Encrypted: | false |
| SSDEEP: | 6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P |
| MD5: | 3BF8591E1D808BCCAD8EE2B822CC156B |
| SHA1: | 9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0 |
| SHA-256: | 7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8 |
| SHA-512: | D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5081874837369886 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXCOzi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnydONGHmD0wbnKYZAH/lMZqiv |
| MD5: | 8D9B02CC69FA40564E6C781A9CC9E626 |
| SHA1: | 352469A1ABB8DA1DC550D7E27924E552B0D39204 |
| SHA-256: | 1D4483830710EF4A2CC173C3514A9F4B0ACA6C44DB22729B7BE074D18C625BAE |
| SHA-512: | 8B7DB2AB339DD8085104855F847C48970C2DD32ADB0B8EEA134A64C5CC7DE772615F85D057F4357703B65166C8CF0C06F4F6FD3E60FFC80DA3DD34B16D5B1281 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255948 |
| Entropy (8bit): | 5.103631650117028 |
| Encrypted: | false |
| SSDEEP: | 6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW |
| MD5: | 9888A214D362470A6189DEFF775BE139 |
| SHA1: | 32B552EB3C73CD7D0D9D924C96B27A86753E0F97 |
| SHA-256: | C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7 |
| SHA-512: | 8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.5280239200222887 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXQAl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyllNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 877A8A960B2140E3A0A2752550959DB9 |
| SHA1: | FBEC17B332CBC42F2F16A1A08767623C7955DF48 |
| SHA-256: | FE07084A41CF7DB58B06D2C0D11BCACB603D6574261D1E7EBADCFF85F39AFB47 |
| SHA-512: | B8B660374EC6504B3B5FCC7DAC63AF30A0C9D24306C36B33B33B23186EC96AEFE958A3851FF3BC57FBA72A1334F633A19C0B8D253BB79AA5E5AFE4A247105889 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268317 |
| Entropy (8bit): | 5.05419861997223 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9 |
| MD5: | 51D32EE5BC7AB811041F799652D26E04 |
| SHA1: | 412193006AA3EF19E0A57E16ACF86B830993024A |
| SHA-256: | 6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97 |
| SHA-512: | 5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.5502940710609354 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXfQICl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXClNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 9B8D7EFE8A69E41CDC2439C38FE59FAF |
| SHA1: | 034D46BEC5E38E20E56DD905E2CA2F25AF947ED1 |
| SHA-256: | 70042F1285C3CD91DDE8D4A424A5948AE8F1551495D8AF4612D59709BEF69DF2 |
| SHA-512: | E50BB0C68A33D35F04C75F05AD4598834FEC7279140B1BB0847FF39D749591B8F2A0C94DA4897AAF6C33C50C1D583A836B0376015851910A77604F8396C7EF3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270198 |
| Entropy (8bit): | 5.073814698282113 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We |
| MD5: | FF0E07EFF1333CDF9FC2523D323DD654 |
| SHA1: | 77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4 |
| SHA-256: | 3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5 |
| SHA-512: | B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.4680595384446202 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXivlE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyydGHmD0+dAH/luWvv |
| MD5: | D79B5DE6D93AC06005761D88783B3EE6 |
| SHA1: | E05BDCE2673B6AA8CBB17A138751EDFA2264DB91 |
| SHA-256: | 96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1 |
| SHA-512: | 34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5783 |
| Entropy (8bit): | 7.88616857639663 |
| Encrypted: | false |
| SSDEEP: | 96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk |
| MD5: | 8109B3C170E6C2C114164B8947F88AA1 |
| SHA1: | FC63956575842219443F4B4C07A8127FBD804C84 |
| SHA-256: | F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416 |
| SHA-512: | F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.538396048757031 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXcel8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyMelNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 149948E41627BE5DC454558E12AF2DA4 |
| SHA1: | DB72388C037F0B638FCD007FAB46C916249720A8 |
| SHA-256: | 1B981DC422A042CDDEBE2543C57ED3D468288C20D280FF9A9E2BB4CC8F4776ED |
| SHA-512: | 070B55B305DB48F7A8CD549A5AECF37DE9D6DCD780A5EC546B4BB2165AF4600FA2AF350DDDB48BECCAA3ED954AEE90F5C06C3183310B081F555389060FF4CB01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250983 |
| Entropy (8bit): | 5.057714239438731 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP |
| MD5: | F883B260A8D67082EA895C14BF56DD56 |
| SHA1: | 7954565C1F243D46AD3B1E2F1BAF3281451FC14B |
| SHA-256: | EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353 |
| SHA-512: | D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 262 |
| Entropy (8bit): | 3.4901887319218092 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXqhBMl0OoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyiMl0OoGHmD0+dAH/luWvv |
| MD5: | 52BD0762F3DC77334807DDFC60D5F304 |
| SHA1: | 5962DA7C58F742046A116DDDA5DC8EA889C4CB0E |
| SHA-256: | 30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB |
| SHA-512: | FB68B1CF9677A00D5651C51EC604B61DAC2D250D44A71D43CD69F41F16E4F0A7BAA7AD4A6F7BB870429297465A893013BBD7CC77A8F709AD6DB97F5A0927B1DD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5596 |
| Entropy (8bit): | 7.875182123405584 |
| Encrypted: | false |
| SSDEEP: | 96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X |
| MD5: | CDC1493350011DB9892100E94D5592FE |
| SHA1: | 684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA |
| SHA-256: | F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548 |
| SHA-512: | 3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 3.547857457374301 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXSpGLMeKlPaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyipTIw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 4EC6724CBBA516CF202A6BD17226D02C |
| SHA1: | E412C574D567F0BA68B4A31EDB46A6AB3546EA95 |
| SHA-256: | 18E408155A2C2A24D91CD45E065927FFDA726356AAB115D290A3C1D0B7100402 |
| SHA-512: | DE45011A084AB94BF5B27F2EC274D310CF68DF9FB082E11726E08EB89D5D691EA086C9E0298E16AE7AE4B23753E5916F69F78AAD82F4627FC6F80A6A43D163DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284415 |
| Entropy (8bit): | 5.00549404077789 |
| Encrypted: | false |
| SSDEEP: | 6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y |
| MD5: | 33A829B4893044E1851725F4DAF20271 |
| SHA1: | DAC368749004C255FB0777E79F6E4426E12E5EC8 |
| SHA-256: | C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924 |
| SHA-512: | 41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 242 |
| Entropy (8bit): | 3.4938093034530917 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX44lWWoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvToGHmD0+dAH/luWvv |
| MD5: | A6B2731ECC78E7CED9ED5408AB4F2931 |
| SHA1: | BA15D036D522978409846EA682A1D7778381266F |
| SHA-256: | 6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744 |
| SHA-512: | 666926612E83A7B4F6259C3FFEC3185ED3F07BDC88D43796A24C3C9F980516EB231BDEA4DC4CC05C6D7714BA12AE2DCC764CD07605118698809DEF12A71F1FDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4888 |
| Entropy (8bit): | 7.8636569313247335 |
| Encrypted: | false |
| SSDEEP: | 96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb |
| MD5: | 0A4CA91036DC4F3CD8B6DBF18094CF25 |
| SHA1: | 6C7EED2530CD0032E9EEAB589AFBC296D106FBB9 |
| SHA-256: | E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50 |
| SHA-512: | 7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 3.4871192480632223 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXsdDUaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyoRw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 333BA58FCE326DEA1E4A9DE67475AA95 |
| SHA1: | F51FAD5385DC08F7D3E11E1165A18F2E8A028C14 |
| SHA-256: | 66142D15C7325B98B199AB6EE6F35B7409DE64EBD5C0AB50412D18CBE6894097 |
| SHA-512: | BFEE521A05B72515A8D4F7D13D8810846DC60F1E85C363FFEBD6CACD23AE8D2E664C563FC74700A4ED4E358F378508D25C46CB5BE1CF587E2E278EBC22BB2625 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254875 |
| Entropy (8bit): | 5.003842588822783 |
| Encrypted: | false |
| SSDEEP: | 6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a |
| MD5: | 377B3E355414466F3E3861BCE1844976 |
| SHA1: | 0B639A3880ACA3FD90FA918197A669CC005E2BA4 |
| SHA-256: | 4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF |
| SHA-512: | B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256 |
| Entropy (8bit): | 3.4842773155694724 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXDAlIJAFIloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyMlI7loGHmD0+dAH/luWvv |
| MD5: | 923D406B2170497AD4832F0AD3403168 |
| SHA1: | A77DA08C9CB909206CDE42FE1543B9FE96DF24FB |
| SHA-256: | EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF |
| SHA-512: | A4CD8C74A3F916CA6B15862FCA83F17F2B1324973CCBCC8B6D9A8AEE63B83A3CD880DC6821EEADFD882D74C7EF58FA586781DED44E00E8B2ABDD367B47CE45B7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11380 |
| Entropy (8bit): | 7.891971054886943 |
| Encrypted: | false |
| SSDEEP: | 192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ |
| MD5: | C9F9364C659E2F0C626AC0D0BB519062 |
| SHA1: | C4036C576074819309D03BB74C188BF902D1AE00 |
| SHA-256: | 6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2 |
| SHA-512: | 173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5039994158393686 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX4f+E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvGHmD0+dAH/luWvv |
| MD5: | 16711B951E1130126E240A6E4CC2E382 |
| SHA1: | 8095AA79AEE029FD06428244CA2A6F28408448DB |
| SHA-256: | 855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9 |
| SHA-512: | 454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3683 |
| Entropy (8bit): | 7.772039166640107 |
| Encrypted: | false |
| SSDEEP: | 96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r |
| MD5: | E8308DA3D46D0BC30857243E1B7D330D |
| SHA1: | C7F8E54A63EB254C194A23137F269185E07F9D10 |
| SHA-256: | 6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4 |
| SHA-512: | 88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.48087342759872 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXXt1MIae2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyfMIaRGHmD0+dAH/luWvv |
| MD5: | 69757AF3677EA8D80A2FBE44DEE7B9E4 |
| SHA1: | 26AF5881B48F0CB81F194D1D96E3658F8763467C |
| SHA-256: | 0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3 |
| SHA-512: | BDA862300BAFC407D662872F0BFB5A7F2F72FE1B7341C1439A22A70098FA50C81D450144E757087778396496777410ADCE4B11B655455BEDC3D128B80CFB472A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4326 |
| Entropy (8bit): | 7.821066198539098 |
| Encrypted: | false |
| SSDEEP: | 96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z |
| MD5: | D32E93F7782B21785424AE2BEA62B387 |
| SHA1: | 1D5589155C319E28383BC01ED722D4C2A05EF593 |
| SHA-256: | 2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478 |
| SHA-512: | 5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.484503080761839 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGdQ1MecJZMlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny2dQ98MlWlzGHmD0+dAH/luWvv |
| MD5: | 1309D172F10DD53911779C89A06BBF65 |
| SHA1: | 274351A1059868E9DEB53ADF01209E6BFBDFADFB |
| SHA-256: | C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56 |
| SHA-512: | 31B38AD2D1FFF93E03BF707811F3A18AD08192F906E36178457306DDAB0C3D8D044C69DE575ECE6A4EE584800F827FB3C769F98EA650F1C208FEE84177070339 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9191 |
| Entropy (8bit): | 7.93263830735235 |
| Encrypted: | false |
| SSDEEP: | 192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA |
| MD5: | 08D3A25DD65E5E0D36ADC602AE68C77D |
| SHA1: | F23B6DDB3DA0015B1D8877796F7001CABA25EA64 |
| SHA-256: | 58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1 |
| SHA-512: | 77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260 |
| Entropy (8bit): | 3.4895685222798054 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX4cPBl4xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyPl4xoGHmD0+dAH/luWvv |
| MD5: | 63E8B0621B5DEFE1EF17F02EFBFC2436 |
| SHA1: | 2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953 |
| SHA-256: | 9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06 |
| SHA-512: | A27CDA84DF5AD906C9A60152F166E7BD517266CAA447195E6435997280104CBF83037F7B05AE9D4617323895DCA471117D8C150E32A3855156CB156E15FA5864 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3075 |
| Entropy (8bit): | 7.716021191059687 |
| Encrypted: | false |
| SSDEEP: | 48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE |
| MD5: | 67766FF48AF205B771B53AA2FA82B4F4 |
| SHA1: | 0964F8B9DC737E954E16984A585BDC37CE143D84 |
| SHA-256: | 160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667 |
| SHA-512: | AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 264 |
| Entropy (8bit): | 3.4866056878458096 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XrZUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXWloGHmD0+dAH/luWvv |
| MD5: | 6C489D45F3B56845E68BE07EA804C698 |
| SHA1: | C4C9012C0159770CB882870D4C92C307126CEC3F |
| SHA-256: | 3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45 |
| SHA-512: | D1355C48A09E7317773E4F1613C4613B7EA42D21F5A6692031D288D69D47B19E8F4D5A29AFD8B751B353FC7DE865EAE7CFE3F0BEC05F33DDF79526D64A29EB18 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6448 |
| Entropy (8bit): | 7.897260397307811 |
| Encrypted: | false |
| SSDEEP: | 192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK |
| MD5: | 42A840DC06727E42D42C352703EC72AA |
| SHA1: | 21AAAF517AFB76BF1AF4E06134786B1716241D29 |
| SHA-256: | 02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7 |
| SHA-512: | 8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.4670546921349774 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XPYDxUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPYDCloGHmD0+dAH/luWvv |
| MD5: | 3D52060B74D7D448DC733FFE5B92CB52 |
| SHA1: | 3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC |
| SHA-256: | BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518 |
| SHA-512: | 952EF139A72562A528C1052F1942DAE1C0509D67654BF5E7C0602C87F90147E8EE9E251D2632BCB5B511AB2FF8A3734293D0A4E3DBD3D187F5E3C042685F9A0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5630 |
| Entropy (8bit): | 7.87271654296772 |
| Encrypted: | false |
| SSDEEP: | 96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5 |
| MD5: | 2F8998AA9CF348F1D6DE16EAB2D92070 |
| SHA1: | 85B13499937B4A584BEA0BFE60475FD4C73391B6 |
| SHA-256: | 8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580 |
| SHA-512: | F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260 |
| Entropy (8bit): | 3.494357416502254 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XPE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPGHmD0+dAH/luWvv |
| MD5: | 6F8FE7B05855C203F6DEC5C31885DD08 |
| SHA1: | 9CC27D17B654C6205284DECA3278DA0DD0153AFF |
| SHA-256: | B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175 |
| SHA-512: | C518A243E51CB4A1E3C227F6A8A8D9532EE111D5A1C86EBBB23BD4328D92CD6A0587DF65B3B40A0BE2576D8755686D2A3A55E10444D5BB09FC4E0194DB70AFE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6193 |
| Entropy (8bit): | 7.855499268199703 |
| Encrypted: | false |
| SSDEEP: | 192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp |
| MD5: | 031C246FFE0E2B623BBBD231E414E0D2 |
| SHA1: | A57CA6134779D54691A4EFD344BC6948E253E0BA |
| SHA-256: | 2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7 |
| SHA-512: | 6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 238 |
| Entropy (8bit): | 3.472155835869843 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGE2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny4GHmD0+dAH/luWvv |
| MD5: | 2240CF2315F2EB448CEA6E9CE21B5AC5 |
| SHA1: | 46332668E2169E86760CBD975FF6FA9DB5274F43 |
| SHA-256: | 0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D |
| SHA-512: | 10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5151 |
| Entropy (8bit): | 7.859615916913808 |
| Encrypted: | false |
| SSDEEP: | 96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti |
| MD5: | 6C24ED9C7C868DB0D55492BB126EAFF8 |
| SHA1: | C6D96D4D298573B70CF5C714151CF87532535888 |
| SHA-256: | 48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F |
| SHA-512: | A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4845992218379616 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXQFoElh/lE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8lLGHmD0+dAH/luWvv |
| MD5: | E8B30D1070779CC14FBE93C8F5CF65BE |
| SHA1: | 9C87F7BC66CF55634AB3F070064AAF8CC977CD05 |
| SHA-256: | 2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB |
| SHA-512: | C0D5363B43D45751192EF06C4EC3C896A161BB11DBFF1FC2E598D28C644824413C78AE3A68027F7E622AF0D709BE0FA893A3A3B4909084DF1ED9A8C1B8267FCA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6024 |
| Entropy (8bit): | 7.886254023824049 |
| Encrypted: | false |
| SSDEEP: | 96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd |
| MD5: | 20621E61A4C5B0FFEEC98FFB2B3BCD31 |
| SHA1: | 4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4 |
| SHA-256: | 223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7 |
| SHA-512: | BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 3.5026803317779778 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXC89ADni8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyf9ADiNGHmD0wbnKYZAH/lMZqiv |
| MD5: | A0D51783BFEE86F3AC46A810404B6796 |
| SHA1: | 93C5B21938DA69363DBF79CE594C302344AF9D9E |
| SHA-256: | 47B43E7DBDF8B25565D874E4E071547666B08D7DF4D736EA8521591D0DED640F |
| SHA-512: | CA3DB5A574745107E1D6CAA60E491F11D8B140637D4ED31577CC0540C12FDF132D8BC5EBABEA3222F4D7BA1CA016FF3D45FE7688D355478C27A4877E6C4D0D75 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251032 |
| Entropy (8bit): | 5.102652100491927 |
| Encrypted: | false |
| SSDEEP: | 6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA |
| MD5: | F425D8C274A8571B625EE66A8CE60287 |
| SHA1: | 29899E309C56F2517C7D9385ECDBB719B9E2A12B |
| SHA-256: | DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938 |
| SHA-512: | E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.438490642908344 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXZlaWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyplagN2RGHmD0wbnKYZAH+Vwv |
| MD5: | 0F98498818DC28E82597356E2650773C |
| SHA1: | 1995660972A978D17BC483FCB5EE6D15E7058046 |
| SHA-256: | 4587CA0B2A60728FF0A5B8E87D35BF6C6FDF396747E13436EC856612AC1C6288 |
| SHA-512: | 768562F20CFE15001902CCE23D712C7439721ECA6E48DDDCF8BFF4E7F12A3BC60B99C274CBADD0128EEA1231DB19808BAA878E825497F3860C381914C21B46FF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34415 |
| Entropy (8bit): | 7.352974342178997 |
| Encrypted: | false |
| SSDEEP: | 768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7 |
| MD5: | 7CDFFC23FB85AD5737452762FA36AAA0 |
| SHA1: | CFBC97247959B3142AFD7B6858AD37B18AFB3237 |
| SHA-256: | 68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270 |
| SHA-512: | A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 562113 |
| Entropy (8bit): | 7.67409707491542 |
| Encrypted: | false |
| SSDEEP: | 12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV |
| MD5: | 4A1657A3872F9A77EC257F41B8F56B3D |
| SHA1: | 4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B |
| SHA-256: | C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60 |
| SHA-512: | 7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.535736910133401 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXeAlFkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyRGymD0wbnKNAH/lMz1 |
| MD5: | 487E25E610F3FC2EEA27AB54324EA8F6 |
| SHA1: | 11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C |
| SHA-256: | 022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2 |
| SHA-512: | B8DF351E2C0EF101CF91DC02E136A3EE9C1FDB18294BECB13A29D676FBBE791A80A58A18FBDEB953BC21EC54EB7608154D401407C461ABD10ACB94CE8AD0E092 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4026 |
| Entropy (8bit): | 7.809492693601857 |
| Encrypted: | false |
| SSDEEP: | 96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D |
| MD5: | 5D9BAD7ADB88CEE98C5203883261ACA1 |
| SHA1: | FBF1647FCF19BCEA6C3CF4365C797338CA282CD2 |
| SHA-256: | 8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F |
| SHA-512: | 7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250 |
| Entropy (8bit): | 3.4916022431157345 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXsAl8xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8A8xoGHmD0+dAH/luWvv |
| MD5: | 1A314B08BB9194A41E3794EF54017811 |
| SHA1: | D1E70DB69CA737101524C75E634BB72F969464FF |
| SHA-256: | 9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379 |
| SHA-512: | AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 258 |
| Entropy (8bit): | 3.4692172273306268 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXcq9DsoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnysmYoGHmD0+dAH/luWvv |
| MD5: | C1B36A0547FB75445957A619201143AC |
| SHA1: | CDB0A18152F57653F1A707D39F3D7FB504E244A7 |
| SHA-256: | 4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9 |
| SHA-512: | 0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7370 |
| Entropy (8bit): | 7.9204386289679745 |
| Encrypted: | false |
| SSDEEP: | 192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV |
| MD5: | 586CEBC1FAC6962F9E36388E5549FFE9 |
| SHA1: | D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E |
| SHA-256: | 1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40 |
| SHA-512: | 68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 288 |
| Entropy (8bit): | 3.523917709458511 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXC1l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnySvNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 4A9A2E8DB82C90608C96008A5B6160EF |
| SHA1: | A49110814D9546B142C132EBB5B9D8A1EC23E2E6 |
| SHA-256: | 4FA948EEB075DFCB8DCA773A3F994560C69D275690953625731C4743CD5729F7 |
| SHA-512: | 320B9CC860FFBDB0FD2DB7DA7B7B129EEFF3FFB2E4E4820C3FBBFEA64735EB8CFE1F4BB5980302770C0F77FF575825F2D9A8BB59FC80AD4C198789B3D581963B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296658 |
| Entropy (8bit): | 5.000002997029767 |
| Encrypted: | false |
| SSDEEP: | 6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M |
| MD5: | 9AC6DE7B629A4A802A41F93DB2C49747 |
| SHA1: | 3D6E929AA1330C869D83F2BF8EBEBACD197FB367 |
| SHA-256: | 52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293 |
| SHA-512: | 5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5161159456784024 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX+l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyulNGHmD0wbnKYZAH/lMZqiv |
| MD5: | C15EB3F4306EBF75D1E7C3C9382DEECC |
| SHA1: | A3F9684794FFD59151A80F97770D4A79F1D030A6 |
| SHA-256: | 23C262DF3AEACB125E88C8FFB7DBF56FD23F66E0D476AFD842A68DDE69658C7F |
| SHA-512: | ACDF7D69A815C42223FD6300179A991A379F7166EFAABEE41A3995FB2030CD41D8BCD46B566B56D1DFBAE8557AFA1D9FD55143900A506FA733DE9DA5D73389D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344303 |
| Entropy (8bit): | 5.023195898304535 |
| Encrypted: | false |
| SSDEEP: | 6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6 |
| MD5: | F079EC5E2CCB9CD4529673BCDFB90486 |
| SHA1: | FBA6696E6FA918F52997193168867DD3AEBE1AD6 |
| SHA-256: | 3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB |
| SHA-512: | 4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 333258 |
| Entropy (8bit): | 4.654450340871081 |
| Encrypted: | false |
| SSDEEP: | 6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i |
| MD5: | 5632C4A81D2193986ACD29EADF1A2177 |
| SHA1: | E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346 |
| SHA-256: | 06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B |
| SHA-512: | 676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.541819892045459 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXuqRDA5McaQVTi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxny+AASZQoNGHmD0wbnKYZAH/lMZqiv |
| MD5: | C3216C3FC73A4B3FFFE7ED67153AB7B5 |
| SHA1: | F20E4D33BABE978BE6A6925964C57D6E6EF1A92E |
| SHA-256: | 7CF1D6A4F0BE5E6184F59BFB1304509F38E480B59A3B091DBDC43B052D2137CB |
| SHA-512: | D3B78BE6E7633FF943F5E34063B5EFA4AF239CD49F437227FC7575F6CC65C497B7D6F6A979EA065065BEAF257CB368560B5462542692286052B5C7E5C01755BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 314 |
| Entropy (8bit): | 3.5230842510951934 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXJuJaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyZuUw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | F25AC64EC63FA98D9E37782E2E49D6E6 |
| SHA1: | 97DD9CFA4A22F5B87F2B53EFA37332A9EF218204 |
| SHA-256: | 834046A829D1EA836131B470884905856DBF2C3C136C98ADEEFA0F206F38F8AB |
| SHA-512: | A0387239CDE98BCDE1668B582B046619C3B3505F9440343DAD22B1B7B9E05F3B74F2AE29E591EC37B6570A0C0E5FE571442873594B0684DDCCB4F6A1B5E10B1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294178 |
| Entropy (8bit): | 4.977758311135714 |
| Encrypted: | false |
| SSDEEP: | 6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b |
| MD5: | 0C9731C90DD24ED5CA6AE283741078D0 |
| SHA1: | BDD3D7E5B0DE9240805EA53EF2EB784A4A121064 |
| SHA-256: | ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF |
| SHA-512: | A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 523048 |
| Entropy (8bit): | 7.715248170753013 |
| Encrypted: | false |
| SSDEEP: | 6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N |
| MD5: | C276F590BB846309A5E30ADC35C502AD |
| SHA1: | CA6D9D6902475F0BE500B12B7204DD1864E7DD02 |
| SHA-256: | 782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58 |
| SHA-512: | B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5159096381406645 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXQIa3ARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygIaqymD0wbnKNAH/lMz1 |
| MD5: | 71CCB69AF8DD9821F463270FB8CBB285 |
| SHA1: | 8FED3EB733A74B2A57D72961F0E4CF8BCA42C851 |
| SHA-256: | 8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4 |
| SHA-512: | E62FC5BEAEC98C5FDD010FABDAA8D69237D31CA9A1C73F168B1C3ED90B6A9B95E613DEAD50EB8A5B71A7422942F13D6B5A299EB2353542811F2EF9DA7C3A15DC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 558035 |
| Entropy (8bit): | 7.696653383430889 |
| Encrypted: | false |
| SSDEEP: | 12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA |
| MD5: | 3B5E44DDC6AE612E0346C58C2A5390E3 |
| SHA1: | 23BCF3FCB61F80C91D2CFFD8221394B1CB359C87 |
| SHA-256: | 9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2 |
| SHA-512: | 2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5361139545278144 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXeMWMluRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnycMlMymD0wbnKNAH/lMz1 |
| MD5: | 133D126F0DE2CC4B29ECE38194983265 |
| SHA1: | D8D701298D7949BE6235493925026ED405290D43 |
| SHA-256: | 08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68 |
| SHA-512: | 75D7322BE8A5EF05CAA48B754036A7A6C56399F17B1401F3F501DA5F32B60C1519F2981043A773A31458C3D9E1EF230EC60C9A60CAC6D52FFE16147E2E0A9830 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 570901 |
| Entropy (8bit): | 7.674434888248144 |
| Encrypted: | false |
| SSDEEP: | 6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T |
| MD5: | D676DE8877ACEB43EF0ED570A2B30F0E |
| SHA1: | 6C8922697105CEC7894966C9C5553BEB64744717 |
| SHA-256: | DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01 |
| SHA-512: | F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.5459495297497368 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXvBAuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnypJymD0wbnKNAH/lMz1 |
| MD5: | 76340C3F8A0BFCEDAB48B08C57D9B559 |
| SHA1: | E1A6672681AA6F6D525B1D17A15BF4F912C4A69B |
| SHA-256: | 78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC |
| SHA-512: | 49099F040C099A0AED88E7F19338140A65472A0F95ED99DEB5FA87587E792A2D11081D59FD6A83B7EE68C164329806511E4F1B8D673BEC9074B4FF1C09E3435D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16806 |
| Entropy (8bit): | 7.9519793977093505 |
| Encrypted: | false |
| SSDEEP: | 384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H |
| MD5: | 950F3AB11CB67CC651082FEBE523AF63 |
| SHA1: | 418DE03AD2EF93D0BD29C3D7045E94D3771DACB4 |
| SHA-256: | 9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974 |
| SHA-512: | D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4720677950594836 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXOu9+MlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnycMlWlzGHmD0+dAH/luWvv |
| MD5: | D04EC08EFE18D1611BDB9A5EC0CC00B1 |
| SHA1: | 668FF6DFE64D5306220341FC2C1353199D122932 |
| SHA-256: | FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9 |
| SHA-512: | 97EBCCAF64FA33238B7CFC0A6D853EFB050D877E21EE87A78E17698F0BB38382FCE7F6C4D97D550276BD6B133D3099ECAB9CFCD739F31BFE545F4930D896EEC3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 777647 |
| Entropy (8bit): | 7.689662652914981 |
| Encrypted: | false |
| SSDEEP: | 6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d |
| MD5: | B30D2EF0FC261AECE90B62E9C5597379 |
| SHA1: | 4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3 |
| SHA-256: | BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976 |
| SHA-512: | 2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5091498509646044 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX1MiDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyFdMymD0wbnKNAH/lMz1 |
| MD5: | 23D59577F4AE6C6D1527A1B8CDB9AB19 |
| SHA1: | A345D683E54D04CC0105C4BFFCEF8C6617A0093D |
| SHA-256: | 9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C |
| SHA-512: | B85027276B888548ECB8A2FC1DB1574C26FF3FCA7AF1F29CD5074EC3642F9EC62650E7D47462837607E11DCAE879B1F83DF4762CA94667AE70CBF78F8D455346 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 486596 |
| Entropy (8bit): | 7.668294441507828 |
| Encrypted: | false |
| SSDEEP: | 6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L |
| MD5: | 0E37AECABDB3FDF8AAFEDB9C6D693D2F |
| SHA1: | F29254D2476DF70979F723DE38A4BF41C341AC78 |
| SHA-256: | 7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349 |
| SHA-512: | DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.535303979138867 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX3IlVARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnynG6ymD0wbnKNAH/lMz1 |
| MD5: | 35AFE8D8724F3E19EB08274906926A0B |
| SHA1: | 435B528AAF746428A01F375226C5A6A04099DF75 |
| SHA-256: | 97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35 |
| SHA-512: | ACF4F124207974CFC46A6F4EA028A38D11B5AF40E55809E5B0F6F5DABA7F6FC994D286026FAC19A0B4E2311D5E9B16B8154F8566ED786E5EF7CDBA8128FD62AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4721586910685547 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX9+RclTloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyteUTloGHmD0+dAH/luWvv |
| MD5: | 4DD225E2A305B50AF39084CE568B8110 |
| SHA1: | C85173D49FC1522121AA2B0B2E98ADF4BB95B897 |
| SHA-256: | 6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4 |
| SHA-512: | 0493AB431004191381FF84AD7CC46BD09A1E0FEEC16B3183089AA8C20CC7E491FAE86FE0668A9AC677F435A203E494F5E6E9E4A0571962F6021D6156B288B28A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4243 |
| Entropy (8bit): | 7.824383764848892 |
| Encrypted: | false |
| SSDEEP: | 96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf |
| MD5: | 7BC0A35807CD69C37A949BBD51880FF5 |
| SHA1: | B5870846F44CAD890C6EFF2F272A037DA016F0D8 |
| SHA-256: | BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA |
| SHA-512: | B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1649585 |
| Entropy (8bit): | 7.875240099125746 |
| Encrypted: | false |
| SSDEEP: | 24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65 |
| MD5: | 35200E94CEB3BB7A8B34B4E93E039023 |
| SHA1: | 5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D |
| SHA-256: | 6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD |
| SHA-512: | ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 3.5552837910707304 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXtLARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygymD0wbnKNAH/lMz1 |
| MD5: | 5728F26DF04D174DE9BDFF51D0668E2A |
| SHA1: | C998DF970655E4AF9C270CC85901A563CFDBCC22 |
| SHA-256: | 979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840 |
| SHA-512: | 491B36AC6D4749F7448B9A3A6E6465E8D97FB30F33EF5019AF65660E98F4570711EFF5FC31CBB8414AD9355029610E6F93509BC4B2FB6EA79C7CB09069DE7362 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 924687 |
| Entropy (8bit): | 7.824849396154325 |
| Encrypted: | false |
| SSDEEP: | 12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n |
| MD5: | 97EEC245165F2296139EF8D4D43BBB66 |
| SHA1: | 0D91B68CCB6063EB342CFCED4F21A1CE4115C209 |
| SHA-256: | 3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C |
| SHA-512: | 8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.51145753448333 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXKsWkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6svymD0wbnKNAH/lMz1 |
| MD5: | 7956D2B60E2A254A07D46BCA07D0EFF0 |
| SHA1: | AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5 |
| SHA-256: | C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E |
| SHA-512: | 668F5D0EFA2F5168172E746A6C32820E3758793CFA5DB6791DE39CB706EF7123BE641A8134134E579D3E4C77A95A0F9983F90E44C0A1CF6CDE2C4E4C7AF1ECA0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 608122 |
| Entropy (8bit): | 7.729143855239127 |
| Encrypted: | false |
| SSDEEP: | 6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq |
| MD5: | 8BA551EEC497947FC39D1D48EC868B54 |
| SHA1: | 02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF |
| SHA-256: | DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89 |
| SHA-512: | CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.516359852766808 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXKwRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6qymD0wbnKNAH/lMz1 |
| MD5: | 960E28B1E0AB3522A8A8558C02694ECF |
| SHA1: | 8387E9FD5179A8C811CCB5878BAC305E6A166F93 |
| SHA-256: | 2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0 |
| SHA-512: | 89EA06BA7D18B0B1EA624BBC052F73366522C231BD3B51745B92CF056B445F9D655F9715CBDCD3B2D02596DB4CD189D91E2FE581F2A2AA2F6D814CD3B004950A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 966946 |
| Entropy (8bit): | 7.8785200658952 |
| Encrypted: | false |
| SSDEEP: | 24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs |
| MD5: | F03AB824395A8F1F1C4F92763E5C5CAD |
| SHA1: | A6E021918C3CEFFB6490222D37ECEED1FC435D52 |
| SHA-256: | D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD |
| SHA-512: | 0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.5323495192404475 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXhduDARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyxdumymD0wbnKNAH/lMz1 |
| MD5: | BD6B5A98CA4E6C5DBA57C5AD167EDD00 |
| SHA1: | CCFF7F635B31D12707DC0AC6D1191AB5C4760107 |
| SHA-256: | F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7 |
| SHA-512: | A178299461015970AF23BA3D10E43FCA5A6FB23262B0DD0C5DDE01D338B4959F222FD2DC2CC5E3815A69FDDCC3B6B4CB8EE6EC0883CE46093C6A59FF2B042BC1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 976001 |
| Entropy (8bit): | 7.791956689344336 |
| Encrypted: | false |
| SSDEEP: | 24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ |
| MD5: | 9E563D44C28B9632A7CF4BD046161994 |
| SHA1: | D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11 |
| SHA-256: | 86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86 |
| SHA-512: | 8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.5270134268591966 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXa3Y1kRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyt1mymD0wbnKNAH/lMz1 |
| MD5: | 327DA4A5C757C0F1449976BE82653129 |
| SHA1: | CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71 |
| SHA-256: | 341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6 |
| SHA-512: | 9184C3FB989BB271B4B3CDBFEFC47EA8ABEB12B8904EE89797CC9823F33952BD620C061885A5C11BBC1BD3978C4B32EE806418F3F21DA74F1D2DB9817F6E167E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1463634 |
| Entropy (8bit): | 7.898382456989258 |
| Encrypted: | false |
| SSDEEP: | 24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/ |
| MD5: | ACBA78931B156E4AF5C4EF9E4AB3003B |
| SHA1: | 2A1F506749A046ECFB049F23EC43B429530EC489 |
| SHA-256: | 943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878 |
| SHA-512: | 2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.5286004619027067 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXOzXkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6WymD0wbnKNAH/lMz1 |
| MD5: | 40FF521ED2BA1B015F17F0B0E5D95068 |
| SHA1: | 0F29C084311084B8FDFE67855884D8EB60BDE1A6 |
| SHA-256: | CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB |
| SHA-512: | 9507E6145417AC730C284E58DC6B2063719400B395615C40D7885F78F57D55B251CB9C954D573CB8B6F073E4CEA82C0525AE90DEC68251C76A6F1B03FD9943C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1091485 |
| Entropy (8bit): | 7.906659368807194 |
| Encrypted: | false |
| SSDEEP: | 24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ |
| MD5: | 2192871A20313BEC581B277E405C6322 |
| SHA1: | 1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085 |
| SHA-256: | A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC |
| SHA-512: | 6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.5301133500353727 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXp2pRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyZ2vymD0wbnKNAH/lMz1 |
| MD5: | 1C5D58A5ED3B40486BC22B254D17D1DD |
| SHA1: | 69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A |
| SHA-256: | EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055 |
| SHA-512: | 4736E4F26C6FAAB47718945BA54BD841FE8EF61F0DBA927E5C4488593757DBF09689ABC387A8A44F7C74AA69BA89BEE8EA55C87999898FEFEB232B1BA8CC7086 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1750795 |
| Entropy (8bit): | 7.892395931401988 |
| Encrypted: | false |
| SSDEEP: | 24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc |
| MD5: | 529795E0B55926752462CBF32C14E738 |
| SHA1: | E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF |
| SHA-256: | 8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05 |
| SHA-512: | A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.528155916440219 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXcmlDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyMmloymD0wbnKNAH/lMz1 |
| MD5: | AA7B919B21FD42C457948DE1E2988CB3 |
| SHA1: | 19DA49CF5540E5840E95F4E722B54D44F3154E04 |
| SHA-256: | 5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9 |
| SHA-512: | 01D27377942F69A0F2FE240DD73A1F97BB915E19D3D716EE4296C6EF8D8933C80E4E0C02F6C9FA72E531246713364190A2F67F43EDBE12826A1529BC2A629B00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2218943 |
| Entropy (8bit): | 7.942378408801199 |
| Encrypted: | false |
| SSDEEP: | 49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK |
| MD5: | EE33FDA08FBF10EF6450B875717F8887 |
| SHA1: | 7DFA77B8F4559115A6BF186EDE51727731D7107D |
| SHA-256: | 5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20 |
| SHA-512: | AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.544065206514744 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXCARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyy6ymD0wbnKNAH/lMz1 |
| MD5: | 06B3DDEFF905F75FA5FA5C5B70DCB938 |
| SHA1: | E441B94F0621D593DC870A27B28AC6BE3842E7DB |
| SHA-256: | 72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A |
| SHA-512: | 058792BAA633516037E7D833C8F59584BA5742E050FA918B1BEFC6F64A226AB3821B6347A729BEC2DF68BB2DFD2F8E27947F74CD4F6BDF842606B9DEDA0B75CC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1204049 |
| Entropy (8bit): | 7.92476783994848 |
| Encrypted: | false |
| SSDEEP: | 24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5 |
| MD5: | FD5BBC58056522847B3B75750603DF0C |
| SHA1: | 97313E85C0937739AF7C7FC084A10BF202AC9942 |
| SHA-256: | 44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F |
| SHA-512: | DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5364757859412563 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXARkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnywMymD0wbnKNAH/lMz1 |
| MD5: | CD465E8DA15E26569897213CA9F6BC9C |
| SHA1: | 9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C |
| SHA-256: | D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610 |
| SHA-512: | 869A42679F96414FE01FE1D79AF7B33A0C9B598B393E57E0E4D94D68A4F2107EC58B63A532702DA96A1F2F20CE72E6E08125B38745CD960DF62FE539646EDD8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2357051 |
| Entropy (8bit): | 7.929430745829162 |
| Encrypted: | false |
| SSDEEP: | 49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX |
| MD5: | 5BDE450A4BD9EFC71C370C731E6CDF43 |
| SHA1: | 5B223FB902D06F9FCC70C37217277D1E95C8F39D |
| SHA-256: | 93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50 |
| SHA-512: | 2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.516423078177173 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX7kARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny5ymD0wbnKNAH/lMz1 |
| MD5: | 5402138088A9CF0993C08A0CA81287B8 |
| SHA1: | D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A |
| SHA-256: | 5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137 |
| SHA-512: | F40A8704F16AB1D5DCD861355B07C7CB555934BB9DA85AACDCF869DC942A9314FFA12231F9149D28D438BE6A1A14FCAB332E54B6679E29AD001B546A0F48DE64 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3078052 |
| Entropy (8bit): | 7.954129852655753 |
| Encrypted: | false |
| SSDEEP: | 49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O |
| MD5: | CDF98D6B111CF35576343B962EA5EEC6 |
| SHA1: | D481A70EC9835B82BD6E54316BF27FAD05F13A1C |
| SHA-256: | E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734 |
| SHA-512: | 95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.5303110391598502 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXzRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnylymD0wbnKNAH/lMz1 |
| MD5: | 8D1E1991838307E4C2197ECB5BA9FA79 |
| SHA1: | 4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93 |
| SHA-256: | 4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9 |
| SHA-512: | DCDC9DB834303CC3EC8F1C94D950A104C504C588CE7631CE47E24268AABC18B1C23B6BEC3E2675E8A2A11C4D80EBF020324E0C7F985EA3A7BBC77C1101C23D01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2924237 |
| Entropy (8bit): | 7.970803022812704 |
| Encrypted: | false |
| SSDEEP: | 49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH |
| MD5: | 5AF1581E9E055B6E323129E4B07B1A45 |
| SHA1: | B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD |
| SHA-256: | BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98 |
| SHA-512: | 11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.5434534344080606 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXIc5+RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny4KcymD0wbnKNAH/lMz1 |
| MD5: | C9812793A4E94320C49C7CA054EE6AA4 |
| SHA1: | CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA |
| SHA-256: | A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC |
| SHA-512: | D28AADEDE0473C5889F3B770E8D34B20570282B154CD9301932BF90BF6205CBBB96B51027DEC6788961BAF2776439ADBF9B56542C82D89280C0BEB600DF4B633 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.4699940532942914 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGWWYlIWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxny2WzIgN2RGHmD0wbnKYZAH+Vwv |
| MD5: | 55BA5B2974A072B131249FD9FD42EB91 |
| SHA1: | 6509F8AC0AA23F9B8F3986217190F10206A691EA |
| SHA-256: | 13FFAAFFC987BAAEF7833CD6A8994E504873290395DC2BD9B8E1D7E7E64199E7 |
| SHA-512: | 3DFB0B21D09B63AF69698252D073D51144B4E6D56C87B092F5D97CE07CBCF9C966828259C8D95944A7732549C554AE1FF363CB936CA50C889C364AA97501B558 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3465076 |
| Entropy (8bit): | 7.898517227646252 |
| Encrypted: | false |
| SSDEEP: | 98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM |
| MD5: | 8BC84DB5A3B2F8AE2940D3FB19B43787 |
| SHA1: | 3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE |
| SHA-256: | AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD |
| SHA-512: | 558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3611324 |
| Entropy (8bit): | 7.965784120725206 |
| Encrypted: | false |
| SSDEEP: | 49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm |
| MD5: | FB88BFB743EEA98506536FC44B053BD0 |
| SHA1: | B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537 |
| SHA-256: | 05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF |
| SHA-512: | 4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 288 |
| Entropy (8bit): | 3.5359188337181853 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXe46x8RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyO3UymD0wbnKNAH/lMz1 |
| MD5: | 0FEA64606C519B78B7A52639FEA11492 |
| SHA1: | FC9A6D5185088318032FD212F6BDCBD1CF2FFE76 |
| SHA-256: | 60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13 |
| SHA-512: | E04102E435B8297BF33086C0AD291AD36B5B4A97A59767F9CAC181D17CFB21D3CAA3235C7CD59BB301C58169C51C05DDDF2D637214384B9CC0324DAB0BB1EF8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32833 |
| Entropy (8bit): | 7.825460303519308 |
| Encrypted: | false |
| SSDEEP: | 768:+0TU06CkaUYMoi//YX428RaFA8Pi6e9iA4I3w:vICTm/QorUpP7eAA4I3w |
| MD5: | 205AF51604EF96EF1E8E60212541F742 |
| SHA1: | D436FE689F8EF51FBA898454CF509DDB049C1545 |
| SHA-256: | DF3FFF163924D08517B41455F2D06788BA4E49C68337D15ECF329BE48CF7DA2D |
| SHA-512: | BCBA80ED0E36F7ABC1AEF19E6FF6EB654B9E91268E79CA8F421CB8ADD6C2B0268AD6C45E6CC06652F59235084ECDA3BA2851A38E6BCD1A0387EB3420C6EC94AC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31605 |
| Entropy (8bit): | 7.820497014278096 |
| Encrypted: | false |
| SSDEEP: | 384:7SpOUxgQ9gFodHZktfHa2TSmcAg76j8/xorK0JoZgbA8E0GftpBjE2PzFLrHRN7S:OngHltf7Bcp/xoB3A8Pi625D8RA54 |
| MD5: | 69EDB3BF81C99FE8A94BBA03408C5AE1 |
| SHA1: | 1AC85B369A976F35244BEEFA9C06787055C869C1 |
| SHA-256: | CEBE759BC4509700E3D23C6A5DF8D889132A60EBC92260A74947EAA1089E2789 |
| SHA-512: | BEA70229A21FBA3FD6D47A3DC5BECBA3EAA0335C08D486FAB808344BFAA2F7B24DD9A14A0F070E13A42BE45DE3FF54D32CF38B43192996D20DF4176964E81A53 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46413 |
| Entropy (8bit): | 7.9071408623961394 |
| Encrypted: | false |
| SSDEEP: | 768:WaxA0CH65GY3+fvCXCttfR8JEBrkquwDn+QV5V+vNWBatX/xG8Pi65sMuMjvU+mQ:hne65GYOfKXMSEBrBtDnzFAI4JxP75sM |
| MD5: | C455C4BC4BEC9E0DA67C4D1E53E46D5A |
| SHA1: | 7674600C387114B0F98EC925BE74E811FB25C325 |
| SHA-256: | 40E9AF9284FF07FDB75C33A11A794F5333712BAA4A6CF82FA529FBAF5AD0FED0 |
| SHA-512: | 08166F6CB3F140E4820F86918F59295CAD8B4A17240C206DCBA8B46088110BDF4E4ADBAB9F6380315AD4590CA7C8ECDC9AFAC6BD1935B17AFB411F325FE81720 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31482 |
| Entropy (8bit): | 7.808057272318224 |
| Encrypted: | false |
| SSDEEP: | 768:LgHv7aLOcoLGQ4EykdrHwLa+A8Pi6Iv8ACIa:LwvWyx4EykdTwLaWP7I0ACIa |
| MD5: | F10DF902980F1D5BEEA96B2C668408A7 |
| SHA1: | 92D341581B9E24284B7C29E5623F8028DBBAAFE9 |
| SHA-256: | E0100320A4F63E07C77138A89EA24A1CBD69784A89FE3BF83E35576114B4CE02 |
| SHA-512: | 00A8FBCD17D791289AC8F12DC3C404B0AFD240278492DF74D2C5F37609B11D91A26D737BE95D3FE01CDBC25EEDC6DA0C2D63A2CCC4AB208D6E054014083365FB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 43653 |
| Entropy (8bit): | 7.899157106666598 |
| Encrypted: | false |
| SSDEEP: | 768:+bjfeR1OOZvv439PlDe5/QzhgFSo0UEDmJwkqTA8Pi63Bsgn66w:IM3CN9ZzhFbUUwaP73BsB6w |
| MD5: | DA3380458170E60CBEA72602FDD0D955 |
| SHA1: | 1D059F8CFD69F193D363DA337C87136885018F0F |
| SHA-256: | 6F8FFB225F3B8C7ADE31A17A02F941FC534E4F7B5EE678B21CD9060282034701 |
| SHA-512: | 17080110000C66DF2282FF4B8FD332467AF8CEFFA312C617E958FDFEBEE8EEA9E316201E8ABC8B30797BB6124A5CC7F649119A9C496316434B5AB23D2FBD5BB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31471 |
| Entropy (8bit): | 7.818389271364328 |
| Encrypted: | false |
| SSDEEP: | 768:eNtFWk68dbr2QxbM971RqpzAA8Pi6TlHaGRA5yr:eNtEkpGSbuHAkP7TlHaGq54 |
| MD5: | 91AADBEC4171CFA8292B618492F5EF34 |
| SHA1: | A47DEB62A21056376DD8F862E1300F1E7DC69D1D |
| SHA-256: | 7E1A90CDB2BA7F03ABCB4687F0931858BF57E13552E0E4E54EC69A27325011EA |
| SHA-512: | 1978280C699F7F739CD9F6A81F2B665643BD0BE42CE815D22528F0D57C5A646FC30AAE517D4A0A374EFB8BD3C53EB9B3D129660503A82BA065679BBBB39BD8D5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31835 |
| Entropy (8bit): | 7.81952379746457 |
| Encrypted: | false |
| SSDEEP: | 768:ltJDH8NmUekomvNufaqA8Pi6x5q3KQIGu:lvINukgzP7x5mRIGu |
| MD5: | 92A819D434A8AAEA2C65F0CC2F33BB3A |
| SHA1: | 85C3F1801EFFEA1EA10A8429B0875FC30893F2C8 |
| SHA-256: | 5D13F9907AC381D19F0A7552FD6D9FC07C9BD42C0F9CE017FFF75587E1890375 |
| SHA-512: | 01339E04130E08573DF7DBDFE25D82ED1D248B8D127BB90D536ECF4A26F5554E793E51E1A1800F61790738CC386121E443E942544246C60E47E25756F0C810A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22008 |
| Entropy (8bit): | 7.662386258803613 |
| Encrypted: | false |
| SSDEEP: | 384:M7FUtfIdqSHQs7G8E0GftpBjED/C4RQrFLrHRN7TT8DlvQyUTL2mH:sWgdqR2G8Pi6D6YQZTTMvU+mH |
| MD5: | ABBF10CEE9480E41D81277E9538F98CB |
| SHA1: | F4EA53D180C95E78CC1DA88CD63F4C099BF0512C |
| SHA-256: | 557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957 |
| SHA-512: | 9430DAACF3CA67A18813ECD842BE80155FD2DE0D55B7CD16560F4AAEFDA781C3E4B714D850D367259CAAB28A3BF841A5CB42140B19CFE04AC3C23C358CA87FFB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33610 |
| Entropy (8bit): | 7.8340762758330476 |
| Encrypted: | false |
| SSDEEP: | 768:IlFYcxiahedKSDNAPk5WEEfA8Pi6xnOKMRA58:2JitdKsNAM5WBDP7xOKMq58 |
| MD5: | 51804E255C573176039F4D5B55C12AB2 |
| SHA1: | A4822E5072B858A7CCA7DE948CAA7D2268F1BB4B |
| SHA-256: | 3C6F66790C543D4E9D8E0E6F476B1ACADF0A5FCDD561B8484D8DDDADFDF8134B |
| SHA-512: | 2AC8B1E433C9283377B725A03AE72374663FEC81ABBA4C049B80409819BB9613E135FCD640ED433701795BDF4D5822461D76A06859C4084E7BAE216D771BB091 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30957 |
| Entropy (8bit): | 7.808231503692675 |
| Encrypted: | false |
| SSDEEP: | 384:rKfgT03jNkAFbgUQWtxq9OGh1bBkd/1MVHb5iVOdMgbA8E0GftpBjEl8tFLrHRNF:r303jOrUQAkfhopWHbA8Pi6l8zuUIq |
| MD5: | D3C9036E4E1159E832B1B4D2E9D42BF0 |
| SHA1: | 966E04B7A8016D7FDAFE2C611957F6E946FAB1B9 |
| SHA-256: | 434576EB1A16C2D14D666A33EDDE76717C896D79F45DF56742AFD90ACB9F21CE |
| SHA-512: | D28D7F467F072985BCFCC6449AD16D528D531EB81912D4C3D956CF8936F96D474B18E7992B16D6834E9D2782470D193A17598CAB55A7F9EB0824BC3F069216B6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20457 |
| Entropy (8bit): | 7.612540359660869 |
| Encrypted: | false |
| SSDEEP: | 384:KyeISBuydn5rpmp77G8E0GftpBjE/kFLrHRN7ngslI66YVj:KHISBvd5rpmFG8Pi6/6nK666j |
| MD5: | 4EFA48EC307EAF2F9B346A073C67FCFB |
| SHA1: | 76A7E1234FF29A2B18C968F89082A14C9C851A43 |
| SHA-256: | 3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2 |
| SHA-512: | 2705644D501D85A821E96732776F61641FE82820FD6A39FFAF54A45AD126C886DC36C1398CDBDBB5FE282D9B09D27F9BFE7F26A646F926DA55DFF28E61FBD696 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20235 |
| Entropy (8bit): | 7.61176626859621 |
| Encrypted: | false |
| SSDEEP: | 384:j3W3yGyjgbA8E0GftpBjEHvFLrHRN7pDAlI66Yv1:j3WFyAA8Pi6HVpDZ66c1 |
| MD5: | E3C64173B2F4AA7AB72E1396A9514BD8 |
| SHA1: | 774E52F7E74B90E6A520359840B0CA54B3085D88 |
| SHA-256: | 16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094 |
| SHA-512: | 7ED618578C6517ED967FB3521FD4DBED9CDFB7F7982B2B8437804786833207D246E4FCD7B85A669C305BE3B823832D2628105F01E2CF30B494172A17FC48576D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31562 |
| Entropy (8bit): | 7.81640835713744 |
| Encrypted: | false |
| SSDEEP: | 384:yhsBScEWkrljntbzuMmWh7ezPnGgbA8E0GftpBjohgsRFLrHRN7ybll7PK/p:MsBScwtnBmWNeTzA8PiuWsvyDI |
| MD5: | 1D6F8E73A0662A48D332090A4C8C898F |
| SHA1: | CF9AD4F157772F5EDC0FDDEEFD9B05958B67549C |
| SHA-256: | 8077C92C66D15D7E03FBFF3A48BD9576B80F698A36A44316EABA81EE8043B673 |
| SHA-512: | 5C03A99ECD747FBC7A15F082DF08C0D26383DB781E1F70771D4970E354A962294CE11BE53BECAAD6746AB127C5B194A93B7E1B139C12E6E45423B3A509D771FC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26944 |
| Entropy (8bit): | 7.7574645319832225 |
| Encrypted: | false |
| SSDEEP: | 384:sbUX16g8/atF4NB3TJOvqeMRD/8svIZj/OwgbA8E0GftpBjEYwFLrHRN7mYll7PY:sbhg8yY4nMZK2hA8Pi6Yum4IVR |
| MD5: | F913DD84915753042D856CEC4E5DABA5 |
| SHA1: | FB1E423C8D09388C3F0B6D44364D94D786E8CF53 |
| SHA-256: | AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578 |
| SHA-512: | C48850522C809B18208403B3E721ABEB1187F954045CE2F8C48522368171CC8FAF5F30FA44F6762AFDE130EC72284BB2E74097A35FE61F056656A27F9413C6B6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34816 |
| Entropy (8bit): | 7.840826397575377 |
| Encrypted: | false |
| SSDEEP: | 768:i3R9VYnIYfPYmqX0CnF1SRHVnLG8Pi61YbEIFO:ih9VjYfPYlk+F1SJxP71YbEIFO |
| MD5: | 62863124CDCDA135ECC0E722782CB888 |
| SHA1: | 2543B8A9D3B2304BB73D2ADBEC60DB040B732055 |
| SHA-256: | 23CCFB7206A8F77A13080998EC6EF95B59B3C3E12B72B2D2AD4E53B0B26BB8C3 |
| SHA-512: | 2734D1119DC14B7DFB417F217867EF8CE8E73D69C332587278C0896B91247A40C289426A1A53F1796CCB42190001273D35525FCEA8BA2932A69A581972A1EF00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31008 |
| Entropy (8bit): | 7.806058951525675 |
| Encrypted: | false |
| SSDEEP: | 768:ktH7oN/HbwiV+M+4Jc+5UrT3czi5uOHQA8Pi6DxUR/WTZIy:87sPEANXJc+eTMsuzP7DmN0ZIy |
| MD5: | E033CCBC7BA787A2F824CE0952E57D44 |
| SHA1: | EEEA573BEA217878CD9E47D7EA94E56BDAFFE22A |
| SHA-256: | D250EB1F93B43EFB7654B831B4183C9CAEC2D12D4EFEE8607FEE70B9FAB20730 |
| SHA-512: | B807B024B32E7F975AED408B77563A6B47865EECE32E8BA993502D9874B56580ECC9D9A3FEFA057FDD36FB8D519B6E184DB0593A65CC0ACF5E4ACCBEDE0F9417 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35519 |
| Entropy (8bit): | 7.846686335981972 |
| Encrypted: | false |
| SSDEEP: | 768:2LFougzHaUdBKUsM+Z56zBjA8Pi6bo+ld8IX:MFodzHaULR9P7bo+l6IX |
| MD5: | 53EE9DA49D0B84357038ECF376838D2E |
| SHA1: | AB03F46783B2227F312187DD84DC0C517510DE20 |
| SHA-256: | 9E46B8BA0BAD6E534AF33015C86396C33C5088D3AE5389217A5E90BA68252374 |
| SHA-512: | 751300C76ECE4901801B1F9F51EACA7A758D5D4E6507E227558AAAAF8E547C3D59FA56153FEA96B6B2D7EB08C7AF2E4D5568ACE7E798D1A86CEDE363EFBECF7C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31083 |
| Entropy (8bit): | 7.814202819173796 |
| Encrypted: | false |
| SSDEEP: | 384:0XbSq3W46TVZb5fOFo1HtZwGqtRT44hS+nyBoiuFgbA8E0GftpBjEcBFLrHRN7Ku:0XpOflfOFo1DMr/iuuA8Pi6cfKjW66b |
| MD5: | 89A9818E6658D73A73B642522FF8701F |
| SHA1: | E66C95E957B74E90B444FF16D9B270ADAB12E0F4 |
| SHA-256: | F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6 |
| SHA-512: | 321782B0B633380DA69BD7E98AA05BE7FA5D19A131294CC7C0A598A6A1A1AEF97AB1068427E4223AA30976E3C8246FF5C3C1265D4768FE9909B37F38CBC9E60D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28911 |
| Entropy (8bit): | 7.7784119983764715 |
| Encrypted: | false |
| SSDEEP: | 384:WnJY165YD0tPYoCKa3HueqRyzVscLk1Yj2GjcgbA8E0GftpBjE2kWTpjFLrHRN7N:X4rtPzCK6uRoljXBA8Pi62ZphL0HRA5p |
| MD5: | 6D787B1E223DB6B91B69238062CCA872 |
| SHA1: | A02F3D847D1F8973E854B89D4558413EA2E349F7 |
| SHA-256: | DA2F261C3C82E229A097A9302C8580F014BB6442825DB47C008DA097CFCE0EE4 |
| SHA-512: | 9856D88D5C63CD6EBCF26E5D7521F194FA6B6E7BF55DD2E0238457A1B760EB8FB0D573A6E85E819BF8E5BE596537E99BC8C2DCE7EC6E2809A43490CACCD44169 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19893 |
| Entropy (8bit): | 7.592090622603185 |
| Encrypted: | false |
| SSDEEP: | 384:v3Zh3VlkpSIcgbA8E0GftpBjEmm3UFLrHRN7GYvlvQyUTL2mTAp:v31qp/A8Pi6mUqGGvU+mcp |
| MD5: | EF9CB8BDFBC08F03BEF519AD66BA642F |
| SHA1: | D98C275E9402462BF52A4D28FAF57DF0D232AF6B |
| SHA-256: | 93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E |
| SHA-512: | 4DFBDF389730370FA142DCFB6F7E1AC1C0540B5320FA55F94164C0693DB06C21E6D4A1316F0ABE51E51BCBDAB3FD33AE882D9E3CFDB4385AB4C3AF4C2536B0B3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21791 |
| Entropy (8bit): | 7.65837691872985 |
| Encrypted: | false |
| SSDEEP: | 384:PWew5RNDcvPgbA8E0GftpBjE0hsyaFLrHRN7BD9lI66YR:P3GRNDcEA8Pi60hsyABDo66g |
| MD5: | 7BF88B3CA20EB71ED453A3361908E010 |
| SHA1: | F75F86557051160507397F653D7768836E3B5655 |
| SHA-256: | E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283 |
| SHA-512: | 2C3DFB0F8913D1D8FF95A55E1A1FD58CE1F9D034268CD7BC0D2BF2DCEFEA8EF05DD62B9AFDE1F983CACADD0529538381632ADFE7195EAC19CE4143414C44DBE3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20554 |
| Entropy (8bit): | 7.612044504501488 |
| Encrypted: | false |
| SSDEEP: | 384:zEAH676iPi8+IS5iqn7G8E0GftpBjExDxIHFLrHRN7Ke/ll7PK/pGaz6:zEhG8+ISrG8Pi6xDxCKoIGaz6 |
| MD5: | 486CBCB223B873132FFAF4B8AD0AD044 |
| SHA1: | B0EC82CD986C2AB5A51C577644DE32CFE9B12F92 |
| SHA-256: | B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616 |
| SHA-512: | 69A48BF2B1DB64348C63FC0A50B4807FB9F0175215E306E60252FFFD792B1300128E8E847A81A0E24757B5F999875DA9E662C0F0D178071DB4F9E78239109060 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 25314 |
| Entropy (8bit): | 7.729848360340861 |
| Encrypted: | false |
| SSDEEP: | 384:75V23GNhfG/YvmBqWDP7G8E0GftpBjEB1vrFLrHRN7mKll7PK/pRU0:LS/Yvc7TG8Pi6BLm6IS0 |
| MD5: | C47E3430AF813DF8B02E1CB4829DD94B |
| SHA1: | 35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC |
| SHA-256: | F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3 |
| SHA-512: | 6F8904E658EB7D04C6880F7CC3EC63FCFE31EF2C3A768F4ECF40B115314F23774DAEE66DCE9C55FAF0AD31075A3AC27C8967FD341C23C953CA28BDC120997287 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21875 |
| Entropy (8bit): | 7.6559132103953305 |
| Encrypted: | false |
| SSDEEP: | 384:k73HRpZA6B3ulrnxtRT7G8E0GftpBjEdHqlFLrHRN7uhFlvQyUTL2m4c:k7XRgIkrG8Pi6dmuNvU+mp |
| MD5: | E532038762503FFA1371DF03FA2E222D |
| SHA1: | F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0 |
| SHA-256: | 5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E |
| SHA-512: | E0712B481F1991256A01C3D02ED56645F61AA46EB5DE47E5D64D5ECD20052CDA0EE7D38208B5EE982971CCA59F2717B7CAE4DFCF235B779215E7613AA5DCD976 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21111 |
| Entropy (8bit): | 7.6297992466897675 |
| Encrypted: | false |
| SSDEEP: | 384:wWZsOvbMZGgbA8E0GftpBjEtnFLrHRN7Dfll7PK/pirk:xZRvuzA8Pi6t9DPISk |
| MD5: | D30AD26DBB6DECA4FDD294F48EDAD55D |
| SHA1: | CA767A1B6AF72CF170C9E10438F61797E0F2E8CE |
| SHA-256: | 6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF |
| SHA-512: | 7B519F5D82BA0DA3B2EFFAD3029C7CAB63905D534F3CF1F7EA3446C42FA2130665CA7569A105C18289D65FA955C5624009C1D571E8960D2B7C52E0D8B42BE457 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22594 |
| Entropy (8bit): | 7.674816892242868 |
| Encrypted: | false |
| SSDEEP: | 384:L7d2l8FbHaaIKbtv1gDISi8E0GftpBjEZRFLrHRN74bUll7PK/pd:LUlCIOt/8Pi6Zv4bMId |
| MD5: | EE0129C7CC1AC92BBC3D6CB0F653FCAE |
| SHA1: | 4ABAA858176B349BDAB826A7C5F9F00AC5499580 |
| SHA-256: | 345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72 |
| SHA-512: | CDDABE701C8CBA5BD5D131ABB85F9241212967CE6924E34B9D78D6F43D76A8DE017E28302FF13CE800456AD6D1B5B8FFD8891A66E5BE0C1E74CF19DF9A7AD959 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19288 |
| Entropy (8bit): | 7.570850633867256 |
| Encrypted: | false |
| SSDEEP: | 384:5ZII4Hf+7G8E0GftpBjCwBFLrHRN7bcClvQyUTL2mH:pG8PicgbcAvU+mH |
| MD5: | B9A6FF715719EE9DE16421AB983CA745 |
| SHA1: | 6B3F68B224020CD4BF142D7EDAAEC6B471870358 |
| SHA-256: | E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070 |
| SHA-512: | 062A765AC4602DB64D0504B79BE7380C14C143091A09F98A5E03E18747B2166BD862CE7EF55403D27B54CEB397D95BFAE3195C15D5516786FEBDAC6CD5FBF9CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21357 |
| Entropy (8bit): | 7.641082043198371 |
| Encrypted: | false |
| SSDEEP: | 384:zdx+NRrogu6fzCI7Th7G8E0GftpBjEzZq4FLrHRN7/Oll7PK/pB:/+NRrFf/G8Pi6zZb/GIB |
| MD5: | 97F5B7B7E9E1281999468A5C42CB12E7 |
| SHA1: | 99481B2FA609D1D80A9016ADAA3D37E7707A2ED1 |
| SHA-256: | 1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118 |
| SHA-512: | ACE9718D724B51FE04B900CE1D2075C0C05C80243EA68D4731A63138F3A1287776E80BD67ECB14C323C69AA1796E9D8774A3611FE835BA3CA891270DE1E7FD1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22340 |
| Entropy (8bit): | 7.668619892503165 |
| Encrypted: | false |
| SSDEEP: | 384:GByvLdFHny7G8E0GftpBjE8upFLrHRN778lvQyUTL2mm2y:Oy3HkG8Pi6887mvU+ma |
| MD5: | 8B29FAB506FD65C21C9CD6FE6BBBC146 |
| SHA1: | CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF |
| SHA-256: | 773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F |
| SHA-512: | AFA82CCBC0AEF9FAE4E728E4212E9C6EB2396D7330CCBE57F8979377D336B4DACF4F3BF835D04ABCEBCDB824B9A9147B4A7B5F12B8ADDADF42AB2C34A7450ADE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 307348 |
| Entropy (8bit): | 7.996451393909308 |
| Encrypted: | true |
| SSDEEP: | 6144:7vH3uG+yiWx0eVJyORloyyDqnHefzOs81MrXLXx7:b36yiWH/LRS2CJl1 |
| MD5: | 0EBC45AA0E67CC435D0745438371F948 |
| SHA1: | 5584210C4A8B04F9C78F703734387391D6B5B347 |
| SHA-256: | 3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7 |
| SHA-512: | 31761037C723C515C1A9A404E235FE0B412222CB239B86162D17763565D0CCB010397376FB9B61B38A6AEBDD5E6857FD8383045F924AF8A83F2C9B9AF6B81407 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42788 |
| Entropy (8bit): | 7.89307894056 |
| Encrypted: | false |
| SSDEEP: | 768:Hx+UzBiwDQTXgBm029ClGn4BZz6i5kIew/jG8Pi6lYJz1gH:0ZXc29eGn2n5klwjxP7l2z1gH |
| MD5: | 21A4B7B71631C2CCDA5FBBA63751F0D2 |
| SHA1: | DE65DC641D188062EF9385CC573B070AAA8BDD28 |
| SHA-256: | AE0C5A2C8377DBA613C576B1FF73F01AE8EF4A3A4A10B078B5752FB712B3776C |
| SHA-512: | 075A9E95C6EC7E358EA8942CF55EFB72AC797DEE1F1FFCD27AD60472ED38A76048D356638EF6EAC22106F94AFEE9D543B502D5E80B964471FA7419D288867D5D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22149 |
| Entropy (8bit): | 7.659898883631361 |
| Encrypted: | false |
| SSDEEP: | 384:b98FG/zdCbf7BOEawSi8E0GftpBjEPTFPxFLrHRN7S5ll7PK/pA2:N/zAbDae8Pi6PFPSRIA2 |
| MD5: | 66C5199CF4FB18BD4F9F3F2CCB074007 |
| SHA1: | BA9D8765FFC938549CC19B69B3BF5E6522FB062E |
| SHA-256: | 4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F |
| SHA-512: | 94C434A131CDE47CB64BCD2FB8AF442482F8ECFA63D958C832ECA935DEB10D360034EF497E2EBB720C72B4C1D7A1130A64811D362054E1D52A441B91C46034B0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 23597 |
| Entropy (8bit): | 7.692965575678876 |
| Encrypted: | false |
| SSDEEP: | 384:y6aR//q0bJi/Uj+957G8E0GftpBj/4YOFLrHRN7LxhKll7PK/ph:y6I/Li/UjmVG8PiZ4YsLxh6Ih |
| MD5: | 7C645EC505982FE529D0E5035B378FFC |
| SHA1: | 1488ED81B350938D68A47C7F0BCE8D91FB1673E2 |
| SHA-256: | 298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D |
| SHA-512: | 9F410DA5DB24B0B72E7774B4CF4398EDF0D361B9A79FBE2736A1DDD770AFE280877F5B430E0D26147CCA0524A54EA8B41F88B771F3598C2744A7803237B314B2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271273 |
| Entropy (8bit): | 7.995547668305345 |
| Encrypted: | true |
| SSDEEP: | 6144:zfdvQnJMwXse4Vradf3mrC7woyWbjKlCVC7K:zfJwJse4VrS1AK |
| MD5: | 21437897C9B88AC2CB2BB2FEF922D191 |
| SHA1: | 0CAD3D026AF2270013F67E43CB44F0568013162D |
| SHA-256: | 372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384 |
| SHA-512: | A74DA3775C19A7AF4A689FA4D920E416AB9F40A8BDA82CCF651DDB3EACBC5E932A120ABF55F855474CEBED0B0082F45D091E211AAEA6460424BFD23C2A445CC7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295527 |
| Entropy (8bit): | 7.996203550147553 |
| Encrypted: | true |
| SSDEEP: | 6144:nwVaEqsf23c9shf6UyOGgDWDn/p3fd+zkPWnvGL3n9bQnkmVheyqtkl:MlPfW6sVEDn/pPdhWnvGL36zyyqal |
| MD5: | 9A07035EF802BF89F6ED254D0DB02AB0 |
| SHA1: | 9A48C1962B5CF1EE37FEEC861A5B51CE11091E78 |
| SHA-256: | 6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674 |
| SHA-512: | BE13D6D88C68FA16390B04130838D69CDB6169DC16AF0E198C905B22C25B345C541F8FCCD4690D88BE89383C19943B34EDC67793F5EB90A97CD6F6ECCB757F87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276650 |
| Entropy (8bit): | 7.995561338730199 |
| Encrypted: | true |
| SSDEEP: | 6144:H2a+HFkDF8gpmMt4kzwVVqhSYO6DITxPWgJl1CFExwXyo7N:mlZgFtIVVTuDExeWuv7N |
| MD5: | 84D8F3848E7424CBE3801F9570E05018 |
| SHA1: | 71D7F2621DA8B295CE6885F8C7C81016D583C6B1 |
| SHA-256: | B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A |
| SHA-512: | E27873BFD95E464CB58B3855F2DA404858B935530CF74C7F86FF8B3FC3086C2FAEA09FA479F0CA7B04D87595ED8C4D07D104426FF92DFB31BED405FA7A017DA8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 723359 |
| Entropy (8bit): | 7.997550445816903 |
| Encrypted: | true |
| SSDEEP: | 12288:NPnBZX7wR3tMwYqNDQGnXTtfzO5U7yo6O7bLhe8yE3LLDok4a:JBMbYE7xzO5U917bLh/DL3oJa |
| MD5: | 748A53C6BDD5CE97BD54A76C7A334286 |
| SHA1: | 7DD9EEDB13AC187E375AD70F0622518662C61D9F |
| SHA-256: | 9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351 |
| SHA-512: | EC8601D1A0DBD5D79C67AF2E90FAD44BBC0B890412842BF69065A2C7CB16C12B1C5FF594135C7B67B830779645801DA20C9BE8D629B6AD8A3BA656E0598F0540 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 261258 |
| Entropy (8bit): | 7.99541965268665 |
| Encrypted: | true |
| SSDEEP: | 6144:9blShNYrHNn0JU+D+kh8CIjXHWC7X0nZLC9Ge2KY/WfI:9ZSTYrtn0Sk+CIDHWC7chVKYx |
| MD5: | 65828DC7BE8BA1CE61AD7142252ACC54 |
| SHA1: | 538B186EAF960A076474A64F508B6C47B7699DD3 |
| SHA-256: | 849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF |
| SHA-512: | 8C129F26F77B4E73BF02DE8F9A9F432BB7E632EE4ABAD560A331C2A12DA9EF5840D737BFC1CE24FDCBB7EF39F30F98A00DD17F42C51216F37D0D237145B8DE15 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 222992 |
| Entropy (8bit): | 7.994458910952451 |
| Encrypted: | true |
| SSDEEP: | 6144:k8/c2cF9GTLqsTmYstUdx+dwb2ooiVOfiI17zWbQ:jbzqGdpbZ/Mf3h68 |
| MD5: | 26BEAB9CCEAFE4FBF0B7C0362681A9D2 |
| SHA1: | F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601 |
| SHA-256: | 217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767 |
| SHA-512: | 2BBEA62360E21E179014045EE95C7B330A086014F582439903F960375CA7E9C0CF5C0D5BB24E94279362965CA9D6A37E6AAA6A7C5969FC1970F6C50876582BE1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 550906 |
| Entropy (8bit): | 7.998289614787931 |
| Encrypted: | true |
| SSDEEP: | 12288:N4Ar9NyDhUQM0Hk86V1YnOIxQ9e6SJbj2OjK:jAG8wa5Qw6SZ2Oj |
| MD5: | 1C12315C862A745A647DAD546EB4267E |
| SHA1: | B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6 |
| SHA-256: | 4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0 |
| SHA-512: | CA8916694D42BAC0AD38B453849958E524E9EED2343EBAA10DF7A8ACD13DF5977F91A4F2773F1E57900EF044CFA7AF8A94B3E2DCE734D7A467DBB192408BC240 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 230916 |
| Entropy (8bit): | 7.994759087207758 |
| Encrypted: | true |
| SSDEEP: | 6144:OTIPtMXmJWnzPS3pqnkeuJXW+FNx1a72rLiQxEBTR:750nz63/FJRFLISnp+Bt |
| MD5: | 93FA9F779520AB2D22AC4EA864B7BB34 |
| SHA1: | D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A |
| SHA-256: | 6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833 |
| SHA-512: | AA91B4565C88E5DA0CF294DC4A2C91EAEB6D81DCA96069DB032412E1946212A13C3580F5C0143DD28B33F4849D2C2DF2214CE1E20598D634E78663D20F03C4E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 640684 |
| Entropy (8bit): | 7.99860205353102 |
| Encrypted: | true |
| SSDEEP: | 12288:eV7ivfl+kbkIrWu+2aoRjwv/cSUWauGPo2v65s4QqcT3ZCCz6CSj8aC:fdhr1+3y4MWaC2CO4V+3ZCCDsO |
| MD5: | F93364EEC6C4FFA5768DE545A2C34F07 |
| SHA1: | 166398552F6B7F4509732E148F93E207DD60420B |
| SHA-256: | 296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899 |
| SHA-512: | 4F0965B4C5F543B857D9A44C7A125DDD3E8B74837A0FDD80C1FDC841BF22FC4CE4ADB83ACA8AA65A64F8AE6D764FA7B45B58556F44CFCE92BFAC43762A3BC5F4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 698244 |
| Entropy (8bit): | 7.997838239368002 |
| Encrypted: | true |
| SSDEEP: | 12288:bUfKzAwwP7XAMWtr4FvMRt4lX0hnBdThiSb32+TdysrQgn7v4EemC6:sr7AMkJ34xu1bm4ZrQaY6 |
| MD5: | E29CE2663A56A1444EAA3732FFB82940 |
| SHA1: | 767A14B51BE74D443B5A3FEFF4D870C61CB76501 |
| SHA-256: | 3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE |
| SHA-512: | 6BC420F3A69E03D01A955570DC0656C83C9E842C99CF7B429122E612E1E54875C61063843D8A24DB7EC2035626F02DDABF6D84FC3902184C1EFF3583DBB4D3D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1097591 |
| Entropy (8bit): | 7.99825462915052 |
| Encrypted: | true |
| SSDEEP: | 24576:UE9BMy98gA4cDWHkSrDans3MfEE6w8OaVuCibol0j41dwD:UE9Bdy3D4keQWt7w85VuVoaj4/Q |
| MD5: | BF95E967E7D1CEC8EFE426BC0127D3DE |
| SHA1: | BA44C5500A36D748A9A60A23DB47116D37FD61BC |
| SHA-256: | 4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26 |
| SHA-512: | 0697E394ABAC429B00C3A4F8DB9F509E5D45FF91F3C2AF2C2A330D465825F058778C06B129865B6107A0731762AD73777389BB0E319B53E6B28C363232FA2CE8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 953453 |
| Entropy (8bit): | 7.99899040756787 |
| Encrypted: | true |
| SSDEEP: | 24576:9B1Onw3vg7aeYPagzbJ5Vhv6LnV2Dhl7GEYqVjcyd:vww3o7BYPJbJ5Vh6UCqZfd |
| MD5: | D4EAC009E9E7B64B8B001AE82B8102FA |
| SHA1: | D8D166494D5813DB20EA1231DA4B1F8A9B312119 |
| SHA-256: | 8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D |
| SHA-512: | 561653F9920661027D006E7DEF7FB27DE23B934E4860E0DF78C97D183B7CEBD9DCE0D395E2018EEF1C02FC6818A179A661E18A2C26C4180AFEE5EF4F9C9C6035 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1310275 |
| Entropy (8bit): | 7.9985829899274385 |
| Encrypted: | true |
| SSDEEP: | 24576:NN3M9UHpHZE4aubaPubP3M6d71FdtmFAjq+54/79LVzG+VnS:NN3M9UJHZE4abPyU4JtmFCq+q/7JlVS |
| MD5: | 9C9F49A47222C18025CC25575337A965 |
| SHA1: | E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0 |
| SHA-256: | ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A |
| SHA-512: | 9FDCBAB988CBE97BFD931B727D31BA6B8ECF795D0679A714B9AFBC2C26E7DCF529E7A51289C7A1AE7EF04F4A923C2D7966D5AF7C0BC766DCD0FCA90251576794 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1065873 |
| Entropy (8bit): | 7.998277814657051 |
| Encrypted: | true |
| SSDEEP: | 24576:qehtHA3nsAOx7yN7THwxdGpkw8R60aTcua5U4c:hhmnsBMNAxdGpV5za5Uv |
| MD5: | E1101CCA6E3FEDB28B57AF4C41B50D37 |
| SHA1: | 990421B1D858B756E6695B004B26CDCCAE478C23 |
| SHA-256: | 69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E |
| SHA-512: | B1EDEA65B6D0705A298BFF85FC894A11C1F86B43FAC3C2149D0BD4A13EDCD744AF337957CBC21A33AB7A948C11EA9F389F3A896B6B1423A504E7028C71300C44 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1881952 |
| Entropy (8bit): | 7.999066394602922 |
| Encrypted: | true |
| SSDEEP: | 49152:6Wp9u/ZAvKz7ZFCejPiSmYXKIr6kBwBUA:6W6Bn7ZFNiiKo2l |
| MD5: | 53C5F45B22E133B28D4BD3B5A350FDBD |
| SHA1: | D180CFB1438D27F76E1919DA3E84F307CB83434F |
| SHA-256: | 8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273 |
| SHA-512: | 46AD3DA58C63CA62FCFC4FAF9A7B5B320F4898A1E84EEF4DE16E0C0843BAFE078982FC9F78C5AC6511740B35382400B5F7AC3AE99BB52E32AD9639437DB481D1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1766185 |
| Entropy (8bit): | 7.9991290831091115 |
| Encrypted: | true |
| SSDEEP: | 24576:O/gjMj+RP9Q07h9F75a0BXjBccHMVk2Hq2SkGa0QglyZtxmdPP2LcSUtfgfp16Yx:kJ6RP9Q07/X5V7yVF0QgktxAPutUt0zP |
| MD5: | 828F96031F40BF8EBCB5E52AAEEB7E4C |
| SHA1: | CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2 |
| SHA-256: | 640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7 |
| SHA-512: | 61F6355FF4D984931E79624394CCCA217054AE0F61B9AF1A1EDED5ACCA3D6FEF8940E338C313BE63FC766E6E7161CAFA0C8AE44AD4E0BE26C22FF17E2E6ABAF7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2591108 |
| Entropy (8bit): | 7.999030891647433 |
| Encrypted: | true |
| SSDEEP: | 49152:ZSBBeAefkpB5iXfQJgi7JBaCCRZ3cM2VDHkvSJO6qzI1tE9Rn:EBI6gbCkMPDHKSJO6qsP6n |
| MD5: | BEB12A0464D096CA33BAEA4352CE800F |
| SHA1: | F678D650B4A41676BA05C836D462F34BDC5BF648 |
| SHA-256: | A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA |
| SHA-512: | B6E7CCD1ECBB9A49FC72E40771725825DAF41DDB2FF8EA4ECCE18B8FA1A59D3B2C474ADD055F30DA58C7E833A6E6555EBB77CCC324B61CA337187B4B41F7008B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2527736 |
| Entropy (8bit): | 7.992272975565323 |
| Encrypted: | true |
| SSDEEP: | 49152:NFXdpz4d98p/q5jA4q+9Uf5kx6wHR8WfPJZVhWzH4dRze76YP9nJ7yyAInT76nSY:NFXdKx5sM9SmxHKexZVhutJJVpCSqa0Z |
| MD5: | F256ACA509B4C6C0144D278C7036B0A8 |
| SHA1: | 93F6106D0759AFD0061F73B876AA9CAB05AA8EF6 |
| SHA-256: | AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67 |
| SHA-512: | 08C57661F8CC9B547BBE42B4A5F8072B979E93346679ADE23CA685C0085F7BC14C26707B3D3C02F124359EBB640816E13763C7546FF095C96D2BB090320F3A95 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3417042 |
| Entropy (8bit): | 7.997652455069165 |
| Encrypted: | true |
| SSDEEP: | 98304:1YYkj2mRz6vkkB15AW4QD0ms+FdniD60bDUpS:qYkj7d6vP7NZDLn+PM8 |
| MD5: | 749C3615E54C8E6875518CFD84E5A1B2 |
| SHA1: | 64D51EB1156E850ECA706B00961C8B101F5AC2FC |
| SHA-256: | F2D2DF37366F8E49106980377D2448080879027C380D90D5A25DA3BDAD771F8C |
| SHA-512: | A5F591BA5C31513BD52BBFC5C6CAA79C036C7B50A55C4FDF96C84D311CCDCF1341F1665F1DA436D3744094280F98660481DCA4AA30BCEB3A7FCCB2A62412DC99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3256855 |
| Entropy (8bit): | 7.996842935632312 |
| Encrypted: | true |
| SSDEEP: | 98304:wh7I1aeH9YvgK+A+a7GiiQzP4YZDpQ2+Sd6Y:w21ay93aypQzzhpBL/ |
| MD5: | 8867BDF5FC754DA9DA6F5BA341334595 |
| SHA1: | 5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9 |
| SHA-256: | 42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58 |
| SHA-512: | 93421D7FE305D27E7E2FD8521A8B328063CD22FE4DE67CCCF5D3B8F0258EF28027195C53062D179CD2EBA3A7E6F6A34A7A29297D4AF57650AA6DD19D1EF8413D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\{89FE3B17-4E19-4916-AF4F-F4F8E619126A}\{9D0DB8A9-002C-4D6F-998A-3AFE3A2FCFFB}\FW Blackbook - FW Urban Utilities - Contact request for Services .msg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 528384 |
| Entropy (8bit): | 7.319717390745193 |
| Encrypted: | false |
| SSDEEP: | 12288:xcL0vfs4VER5dSG7Lw6tBft/EwxVZ+76U0g2HD:kefsPSw/LVZU6U |
| MD5: | 7A252706EB36585CDCA4B7716B11DE9F |
| SHA1: | B10669CC701919A87E846B8C76526AE78C92A6E0 |
| SHA-256: | A05D94627874A6CE12C3948AC9D423DA3B6F7D60D0C7BC0EF99284C277EB4472 |
| SHA-512: | 2172EFDD03F5B6C00756EB324A5C3C9D4DAF52CEF14A28CED54EFF5B9B7556DF9FE124E8C337768AD631C6A94584E1B889BFF4082C5C76F1C0C278487C5F6E86 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\{89FE3B17-4E19-4916-AF4F-F4F8E619126A}\{9D0DB8A9-002C-4D6F-998A-3AFE3A2FCFFB}\FW Blackbook - FW Urban Utilities - Contact request for Services .msg:Zone.Identifier
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54 |
| Entropy (8bit): | 4.2311712996172846 |
| Encrypted: | false |
| SSDEEP: | 3:gAWY33AtwXJYuKQS6J:qY33AtjqtJ |
| MD5: | B3CE06E741E4849CAE8418BF665A6A97 |
| SHA1: | D9B6141CA4E0F78DC5BC1C790BEC6D23D30606FB |
| SHA-256: | A40B2ADBF9A084937771336A1F11247AD5F45F1469C8C4446179C73557C05032 |
| SHA-512: | CE7215E289B7F450A76F06E50D5EE6F060369A83B996E717D1918DA62540B19272C8FD98A707609E5759BB414E1151466440B544AB61D16D811DDEC4B2BF8E5F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 1.2389205950315936 |
| Encrypted: | false |
| SSDEEP: | 3:OhJt:Oh |
| MD5: | 8FA1ABEEA3C30F993AB0B8E8373E5326 |
| SHA1: | 3D427195980456EC9771D73D5C893D246F151DA5 |
| SHA-256: | D317755925AFDEC09C0A1A482718161D6393DE4150F337C00695BBF30298602E |
| SHA-512: | 35089C4280D3F73391B7002C2DFEA59B15916CE2C56A38739781BDD84047C96E082F9B71A25360DD22620DD050537DC3DE638F16EBE7B6AE54D3F6A8DC43058A |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\FOR105 - Change Order Authorisation Form - A80293 -aw.LNK
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 735 |
| Entropy (8bit): | 4.72951828271849 |
| Encrypted: | false |
| SSDEEP: | 12:8eholsMatsVq+CZexF0l1fIjARED4xJGjlLZf+CZexF0l1fgwbxIUIoBmV:8SolhaSq+Cw4ltMARI4xQT+Cw4ltgwbQ |
| MD5: | 24E60EA96D17ADF0CBD641FDD92596C2 |
| SHA1: | E76F7F888CE9F2DFA3C04F858669F5069AF2893C |
| SHA-256: | AEF902FE4D26A334D3AF278239CFD389379365BCF60F8915A1A789F778A0161A |
| SHA-512: | 0C722D6F7DDB28DFEC60CB02C8728591EA02F68E9B6264ACAC9925B5E17F00B0508A45534B10B90983D805BE1E70E4EB3CBCB8A330EB19928C12F2786F0C64C3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 4.6923295735789345 |
| Encrypted: | false |
| SSDEEP: | 24:8p0G4OOTB6RyJoqQAAmuTqTrwbKOiOnqyFm:8pl4OKJ3duTgrxyF |
| MD5: | C7CDB60881FDA31A6FFC888E16E29D2A |
| SHA1: | 0E211EBCFA32FA3DA206028C585F6180517A90B5 |
| SHA-256: | 8FC2997665BF4ACAC84E4CCCDB0EADA5D29410E9C293A9A6CE4790BE7FFDC5AF |
| SHA-512: | 63C9B2017699A8813E1E2727310721A91F6636F47DA2E7B9E0F25A5DE93106D816A954CFD3F0BDD634CA2892DD5FD9EFAA1BAF900CFF5E1DADED03B25EE3C6AB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 158 |
| Entropy (8bit): | 5.0935113480499785 |
| Encrypted: | false |
| SSDEEP: | 3:HoqtEnCt4M2KXIDiESLjom4eEnCt4M2KXIDiESLjopnbJlv:H3tEs4xJrSLj7Es4xJrSLjiv |
| MD5: | F94FCD7FC7A771B216B6C72DB20011A0 |
| SHA1: | 412E3B64496B2B3A39BAB9DB7923C672EA22F667 |
| SHA-256: | E793FBDC920F7766206CBC2A5CF8308C55C0C853C0D1CF0A2E0EDA47153B97C5 |
| SHA-512: | 2801740ABF58EAF921F85E4C6B2392B5F2D1B363CF0488E4641CB54D2CD7484AD55B5D8655A763179A596778FB668AA31DCFACC9AD4AD0E5C9BAE15634A986C9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 562113 |
| Entropy (8bit): | 7.67409707491542 |
| Encrypted: | false |
| SSDEEP: | 12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV |
| MD5: | 4A1657A3872F9A77EC257F41B8F56B3D |
| SHA1: | 4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B |
| SHA-256: | C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60 |
| SHA-512: | 7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1649585 |
| Entropy (8bit): | 7.875240099125746 |
| Encrypted: | false |
| SSDEEP: | 24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65 |
| MD5: | 35200E94CEB3BB7A8B34B4E93E039023 |
| SHA1: | 5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D |
| SHA-256: | 6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD |
| SHA-512: | ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 558035 |
| Entropy (8bit): | 7.696653383430889 |
| Encrypted: | false |
| SSDEEP: | 12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA |
| MD5: | 3B5E44DDC6AE612E0346C58C2A5390E3 |
| SHA1: | 23BCF3FCB61F80C91D2CFFD8221394B1CB359C87 |
| SHA-256: | 9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2 |
| SHA-512: | 2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 570901 |
| Entropy (8bit): | 7.674434888248144 |
| Encrypted: | false |
| SSDEEP: | 6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T |
| MD5: | D676DE8877ACEB43EF0ED570A2B30F0E |
| SHA1: | 6C8922697105CEC7894966C9C5553BEB64744717 |
| SHA-256: | DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01 |
| SHA-512: | F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 523048 |
| Entropy (8bit): | 7.715248170753013 |
| Encrypted: | false |
| SSDEEP: | 6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N |
| MD5: | C276F590BB846309A5E30ADC35C502AD |
| SHA1: | CA6D9D6902475F0BE500B12B7204DD1864E7DD02 |
| SHA-256: | 782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58 |
| SHA-512: | B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3078052 |
| Entropy (8bit): | 7.954129852655753 |
| Encrypted: | false |
| SSDEEP: | 49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O |
| MD5: | CDF98D6B111CF35576343B962EA5EEC6 |
| SHA1: | D481A70EC9835B82BD6E54316BF27FAD05F13A1C |
| SHA-256: | E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734 |
| SHA-512: | 95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 777647 |
| Entropy (8bit): | 7.689662652914981 |
| Encrypted: | false |
| SSDEEP: | 6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d |
| MD5: | B30D2EF0FC261AECE90B62E9C5597379 |
| SHA1: | 4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3 |
| SHA-256: | BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976 |
| SHA-512: | 2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 924687 |
| Entropy (8bit): | 7.824849396154325 |
| Encrypted: | false |
| SSDEEP: | 12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n |
| MD5: | 97EEC245165F2296139EF8D4D43BBB66 |
| SHA1: | 0D91B68CCB6063EB342CFCED4F21A1CE4115C209 |
| SHA-256: | 3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C |
| SHA-512: | 8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 966946 |
| Entropy (8bit): | 7.8785200658952 |
| Encrypted: | false |
| SSDEEP: | 24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs |
| MD5: | F03AB824395A8F1F1C4F92763E5C5CAD |
| SHA1: | A6E021918C3CEFFB6490222D37ECEED1FC435D52 |
| SHA-256: | D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD |
| SHA-512: | 0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1204049 |
| Entropy (8bit): | 7.92476783994848 |
| Encrypted: | false |
| SSDEEP: | 24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5 |
| MD5: | FD5BBC58056522847B3B75750603DF0C |
| SHA1: | 97313E85C0937739AF7C7FC084A10BF202AC9942 |
| SHA-256: | 44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F |
| SHA-512: | DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 486596 |
| Entropy (8bit): | 7.668294441507828 |
| Encrypted: | false |
| SSDEEP: | 6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L |
| MD5: | 0E37AECABDB3FDF8AAFEDB9C6D693D2F |
| SHA1: | F29254D2476DF70979F723DE38A4BF41C341AC78 |
| SHA-256: | 7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349 |
| SHA-512: | DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 976001 |
| Entropy (8bit): | 7.791956689344336 |
| Encrypted: | false |
| SSDEEP: | 24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ |
| MD5: | 9E563D44C28B9632A7CF4BD046161994 |
| SHA1: | D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11 |
| SHA-256: | 86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86 |
| SHA-512: | 8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1463634 |
| Entropy (8bit): | 7.898382456989258 |
| Encrypted: | false |
| SSDEEP: | 24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/ |
| MD5: | ACBA78931B156E4AF5C4EF9E4AB3003B |
| SHA1: | 2A1F506749A046ECFB049F23EC43B429530EC489 |
| SHA-256: | 943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878 |
| SHA-512: | 2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2218943 |
| Entropy (8bit): | 7.942378408801199 |
| Encrypted: | false |
| SSDEEP: | 49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK |
| MD5: | EE33FDA08FBF10EF6450B875717F8887 |
| SHA1: | 7DFA77B8F4559115A6BF186EDE51727731D7107D |
| SHA-256: | 5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20 |
| SHA-512: | AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1750795 |
| Entropy (8bit): | 7.892395931401988 |
| Encrypted: | false |
| SSDEEP: | 24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc |
| MD5: | 529795E0B55926752462CBF32C14E738 |
| SHA1: | E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF |
| SHA-256: | 8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05 |
| SHA-512: | A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2924237 |
| Entropy (8bit): | 7.970803022812704 |
| Encrypted: | false |
| SSDEEP: | 49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH |
| MD5: | 5AF1581E9E055B6E323129E4B07B1A45 |
| SHA1: | B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD |
| SHA-256: | BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98 |
| SHA-512: | 11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2357051 |
| Entropy (8bit): | 7.929430745829162 |
| Encrypted: | false |
| SSDEEP: | 49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX |
| MD5: | 5BDE450A4BD9EFC71C370C731E6CDF43 |
| SHA1: | 5B223FB902D06F9FCC70C37217277D1E95C8F39D |
| SHA-256: | 93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50 |
| SHA-512: | 2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3611324 |
| Entropy (8bit): | 7.965784120725206 |
| Encrypted: | false |
| SSDEEP: | 49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm |
| MD5: | FB88BFB743EEA98506536FC44B053BD0 |
| SHA1: | B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537 |
| SHA-256: | 05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF |
| SHA-512: | 4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1091485 |
| Entropy (8bit): | 7.906659368807194 |
| Encrypted: | false |
| SSDEEP: | 24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ |
| MD5: | 2192871A20313BEC581B277E405C6322 |
| SHA1: | 1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085 |
| SHA-256: | A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC |
| SHA-512: | 6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 608122 |
| Entropy (8bit): | 7.729143855239127 |
| Encrypted: | false |
| SSDEEP: | 6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq |
| MD5: | 8BA551EEC497947FC39D1D48EC868B54 |
| SHA1: | 02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF |
| SHA-256: | DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89 |
| SHA-512: | CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5783 |
| Entropy (8bit): | 7.88616857639663 |
| Encrypted: | false |
| SSDEEP: | 96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk |
| MD5: | 8109B3C170E6C2C114164B8947F88AA1 |
| SHA1: | FC63956575842219443F4B4C07A8127FBD804C84 |
| SHA-256: | F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416 |
| SHA-512: | F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4026 |
| Entropy (8bit): | 7.809492693601857 |
| Encrypted: | false |
| SSDEEP: | 96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D |
| MD5: | 5D9BAD7ADB88CEE98C5203883261ACA1 |
| SHA1: | FBF1647FCF19BCEA6C3CF4365C797338CA282CD2 |
| SHA-256: | 8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F |
| SHA-512: | 7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4243 |
| Entropy (8bit): | 7.824383764848892 |
| Encrypted: | false |
| SSDEEP: | 96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf |
| MD5: | 7BC0A35807CD69C37A949BBD51880FF5 |
| SHA1: | B5870846F44CAD890C6EFF2F272A037DA016F0D8 |
| SHA-256: | BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA |
| SHA-512: | B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16806 |
| Entropy (8bit): | 7.9519793977093505 |
| Encrypted: | false |
| SSDEEP: | 384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H |
| MD5: | 950F3AB11CB67CC651082FEBE523AF63 |
| SHA1: | 418DE03AD2EF93D0BD29C3D7045E94D3771DACB4 |
| SHA-256: | 9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974 |
| SHA-512: | D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11380 |
| Entropy (8bit): | 7.891971054886943 |
| Encrypted: | false |
| SSDEEP: | 192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ |
| MD5: | C9F9364C659E2F0C626AC0D0BB519062 |
| SHA1: | C4036C576074819309D03BB74C188BF902D1AE00 |
| SHA-256: | 6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2 |
| SHA-512: | 173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6024 |
| Entropy (8bit): | 7.886254023824049 |
| Encrypted: | false |
| SSDEEP: | 96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd |
| MD5: | 20621E61A4C5B0FFEEC98FFB2B3BCD31 |
| SHA1: | 4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4 |
| SHA-256: | 223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7 |
| SHA-512: | BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9191 |
| Entropy (8bit): | 7.93263830735235 |
| Encrypted: | false |
| SSDEEP: | 192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA |
| MD5: | 08D3A25DD65E5E0D36ADC602AE68C77D |
| SHA1: | F23B6DDB3DA0015B1D8877796F7001CABA25EA64 |
| SHA-256: | 58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1 |
| SHA-512: | 77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4326 |
| Entropy (8bit): | 7.821066198539098 |
| Encrypted: | false |
| SSDEEP: | 96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z |
| MD5: | D32E93F7782B21785424AE2BEA62B387 |
| SHA1: | 1D5589155C319E28383BC01ED722D4C2A05EF593 |
| SHA-256: | 2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478 |
| SHA-512: | 5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7370 |
| Entropy (8bit): | 7.9204386289679745 |
| Encrypted: | false |
| SSDEEP: | 192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV |
| MD5: | 586CEBC1FAC6962F9E36388E5549FFE9 |
| SHA1: | D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E |
| SHA-256: | 1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40 |
| SHA-512: | 68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5596 |
| Entropy (8bit): | 7.875182123405584 |
| Encrypted: | false |
| SSDEEP: | 96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X |
| MD5: | CDC1493350011DB9892100E94D5592FE |
| SHA1: | 684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA |
| SHA-256: | F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548 |
| SHA-512: | 3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3683 |
| Entropy (8bit): | 7.772039166640107 |
| Encrypted: | false |
| SSDEEP: | 96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r |
| MD5: | E8308DA3D46D0BC30857243E1B7D330D |
| SHA1: | C7F8E54A63EB254C194A23137F269185E07F9D10 |
| SHA-256: | 6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4 |
| SHA-512: | 88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4888 |
| Entropy (8bit): | 7.8636569313247335 |
| Encrypted: | false |
| SSDEEP: | 96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb |
| MD5: | 0A4CA91036DC4F3CD8B6DBF18094CF25 |
| SHA1: | 6C7EED2530CD0032E9EEAB589AFBC296D106FBB9 |
| SHA-256: | E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50 |
| SHA-512: | 7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6448 |
| Entropy (8bit): | 7.897260397307811 |
| Encrypted: | false |
| SSDEEP: | 192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK |
| MD5: | 42A840DC06727E42D42C352703EC72AA |
| SHA1: | 21AAAF517AFB76BF1AF4E06134786B1716241D29 |
| SHA-256: | 02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7 |
| SHA-512: | 8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5630 |
| Entropy (8bit): | 7.87271654296772 |
| Encrypted: | false |
| SSDEEP: | 96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5 |
| MD5: | 2F8998AA9CF348F1D6DE16EAB2D92070 |
| SHA1: | 85B13499937B4A584BEA0BFE60475FD4C73391B6 |
| SHA-256: | 8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580 |
| SHA-512: | F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6193 |
| Entropy (8bit): | 7.855499268199703 |
| Encrypted: | false |
| SSDEEP: | 192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp |
| MD5: | 031C246FFE0E2B623BBBD231E414E0D2 |
| SHA1: | A57CA6134779D54691A4EFD344BC6948E253E0BA |
| SHA-256: | 2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7 |
| SHA-512: | 6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3075 |
| Entropy (8bit): | 7.716021191059687 |
| Encrypted: | false |
| SSDEEP: | 48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE |
| MD5: | 67766FF48AF205B771B53AA2FA82B4F4 |
| SHA1: | 0964F8B9DC737E954E16984A585BDC37CE143D84 |
| SHA-256: | 160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667 |
| SHA-512: | AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5151 |
| Entropy (8bit): | 7.859615916913808 |
| Encrypted: | false |
| SSDEEP: | 96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti |
| MD5: | 6C24ED9C7C868DB0D55492BB126EAFF8 |
| SHA1: | C6D96D4D298573B70CF5C714151CF87532535888 |
| SHA-256: | 48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F |
| SHA-512: | A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 333258 |
| Entropy (8bit): | 4.654450340871081 |
| Encrypted: | false |
| SSDEEP: | 6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i |
| MD5: | 5632C4A81D2193986ACD29EADF1A2177 |
| SHA1: | E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346 |
| SHA-256: | 06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B |
| SHA-512: | 676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296658 |
| Entropy (8bit): | 5.000002997029767 |
| Encrypted: | false |
| SSDEEP: | 6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M |
| MD5: | 9AC6DE7B629A4A802A41F93DB2C49747 |
| SHA1: | 3D6E929AA1330C869D83F2BF8EBEBACD197FB367 |
| SHA-256: | 52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293 |
| SHA-512: | 5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268317 |
| Entropy (8bit): | 5.05419861997223 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9 |
| MD5: | 51D32EE5BC7AB811041F799652D26E04 |
| SHA1: | 412193006AA3EF19E0A57E16ACF86B830993024A |
| SHA-256: | 6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97 |
| SHA-512: | 5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255948 |
| Entropy (8bit): | 5.103631650117028 |
| Encrypted: | false |
| SSDEEP: | 6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW |
| MD5: | 9888A214D362470A6189DEFF775BE139 |
| SHA1: | 32B552EB3C73CD7D0D9D924C96B27A86753E0F97 |
| SHA-256: | C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7 |
| SHA-512: | 8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251032 |
| Entropy (8bit): | 5.102652100491927 |
| Encrypted: | false |
| SSDEEP: | 6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA |
| MD5: | F425D8C274A8571B625EE66A8CE60287 |
| SHA1: | 29899E309C56F2517C7D9385ECDBB719B9E2A12B |
| SHA-256: | DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938 |
| SHA-512: | E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284415 |
| Entropy (8bit): | 5.00549404077789 |
| Encrypted: | false |
| SSDEEP: | 6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y |
| MD5: | 33A829B4893044E1851725F4DAF20271 |
| SHA1: | DAC368749004C255FB0777E79F6E4426E12E5EC8 |
| SHA-256: | C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924 |
| SHA-512: | 41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294178 |
| Entropy (8bit): | 4.977758311135714 |
| Encrypted: | false |
| SSDEEP: | 6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b |
| MD5: | 0C9731C90DD24ED5CA6AE283741078D0 |
| SHA1: | BDD3D7E5B0DE9240805EA53EF2EB784A4A121064 |
| SHA-256: | ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF |
| SHA-512: | A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270198 |
| Entropy (8bit): | 5.073814698282113 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We |
| MD5: | FF0E07EFF1333CDF9FC2523D323DD654 |
| SHA1: | 77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4 |
| SHA-256: | 3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5 |
| SHA-512: | B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217137 |
| Entropy (8bit): | 5.068335381017074 |
| Encrypted: | false |
| SSDEEP: | 6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P |
| MD5: | 3BF8591E1D808BCCAD8EE2B822CC156B |
| SHA1: | 9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0 |
| SHA-256: | 7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8 |
| SHA-512: | D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254875 |
| Entropy (8bit): | 5.003842588822783 |
| Encrypted: | false |
| SSDEEP: | 6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a |
| MD5: | 377B3E355414466F3E3861BCE1844976 |
| SHA1: | 0B639A3880ACA3FD90FA918197A669CC005E2BA4 |
| SHA-256: | 4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF |
| SHA-512: | B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344303 |
| Entropy (8bit): | 5.023195898304535 |
| Encrypted: | false |
| SSDEEP: | 6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6 |
| MD5: | F079EC5E2CCB9CD4529673BCDFB90486 |
| SHA1: | FBA6696E6FA918F52997193168867DD3AEBE1AD6 |
| SHA-256: | 3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB |
| SHA-512: | 4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250983 |
| Entropy (8bit): | 5.057714239438731 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP |
| MD5: | F883B260A8D67082EA895C14BF56DD56 |
| SHA1: | 7954565C1F243D46AD3B1E2F1BAF3281451FC14B |
| SHA-256: | EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353 |
| SHA-512: | D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51826 |
| Entropy (8bit): | 5.541375256745271 |
| Encrypted: | false |
| SSDEEP: | 384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu |
| MD5: | 2AB22AC99ACFA8A82742E774323C0DBD |
| SHA1: | 790F8B56DF79641E83A16E443A75A66E6AA2F244 |
| SHA-256: | BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D |
| SHA-512: | E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47296 |
| Entropy (8bit): | 6.42327948041841 |
| Encrypted: | false |
| SSDEEP: | 768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE |
| MD5: | 5A53F55DD7DA8F10A8C0E711F548B335 |
| SHA1: | 035E685927DA2FECB88DE9CAF0BECEC88BC118A7 |
| SHA-256: | 66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303 |
| SHA-512: | 095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34415 |
| Entropy (8bit): | 7.352974342178997 |
| Encrypted: | false |
| SSDEEP: | 768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7 |
| MD5: | 7CDFFC23FB85AD5737452762FA36AAA0 |
| SHA1: | CFBC97247959B3142AFD7B6858AD37B18AFB3237 |
| SHA-256: | 68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270 |
| SHA-512: | A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3465076 |
| Entropy (8bit): | 7.898517227646252 |
| Encrypted: | false |
| SSDEEP: | 98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM |
| MD5: | 8BC84DB5A3B2F8AE2940D3FB19B43787 |
| SHA1: | 3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE |
| SHA-256: | AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD |
| SHA-512: | 558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19357 |
| Entropy (8bit): | 7.4685552466190455 |
| Encrypted: | false |
| SSDEEP: | 384:Jrt+BNxt/ZtNNUAcEdMnzw8ggFgvPWoH9DLxL:VAxllNkBl2+onL |
| MD5: | 8B4C53D99B8CDFB41028E442301712C8 |
| SHA1: | D3B6BAB750F00073E7C9CF5A6B436B686D2BAF8E |
| SHA-256: | C650581E3DD7209A2E1391534F815C7535BF3E482D00E473B269D3ABA7E76384 |
| SHA-512: | D0A5AE59CC15C26038815CF2204D4BB430CD5FC04009DA4BF7D09BC5429AD1801823EA472B5A5039AF71F7A489C620FA5025172C4BCDC386428853160B1D8FA3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 3.6072181156640934 |
| Encrypted: | false |
| SSDEEP: | 3:KVGl/lilKlRAGl/nwlnLKjC9zl/VYTN7/DYll/KVL3iVn:KVy/4KDZwl+WroNTDYOLSV |
| MD5: | 27E40B1993A7664D4FDFE005DC38688A |
| SHA1: | 310D518C7424BFB53313B6CE8B221A1E436BA0F3 |
| SHA-256: | BC9F2D386A5FA3D23669E6E0A3EFD2DF96C86530C712D93DC26703C2CF4B307A |
| SHA-512: | 9FC67D93A0822B50B5AD0BAEC2CB146544D89CFE80161C41B393210C0C3E7ADD622E59C27B859E9FE8D1095E7CEF8E5BCAEC9244EAB92DE91ACF6E7CEEEF53B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19357 |
| Entropy (8bit): | 7.4685552466190455 |
| Encrypted: | false |
| SSDEEP: | 384:Jrt+BNxt/ZtNNUAcEdMnzw8ggFgvPWoH9DLxL:VAxllNkBl2+onL |
| MD5: | 8B4C53D99B8CDFB41028E442301712C8 |
| SHA1: | D3B6BAB750F00073E7C9CF5A6B436B686D2BAF8E |
| SHA-256: | C650581E3DD7209A2E1391534F815C7535BF3E482D00E473B269D3ABA7E76384 |
| SHA-512: | D0A5AE59CC15C26038815CF2204D4BB430CD5FC04009DA4BF7D09BC5429AD1801823EA472B5A5039AF71F7A489C620FA5025172C4BCDC386428853160B1D8FA3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2 |
| Entropy (8bit): | 1.0 |
| Encrypted: | false |
| SSDEEP: | 3:Qn:Qn |
| MD5: | F3B25701FE362EC84616A93A45CE9998 |
| SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
| SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
| SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
| Malicious: | false |
| Preview: |
C:\Users\user\Desktop\FOR105 - Change Order Authorisation Form - A80293 -aw.docx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 635028 |
| Entropy (8bit): | 7.986714808153071 |
| Encrypted: | false |
| SSDEEP: | 12288:/o0oAClJs1k1HPWInMnLvWQOTsCJ8p9BVbtF1mS2N6FToM6/N:Q0oA++InMyQOMrBBtFx2N6FT6/N |
| MD5: | 2A962E0DC9B32E25101DF84A99503248 |
| SHA1: | 37FA546C948E8582BC67C1606F1E75E70D1EAA43 |
| SHA-256: | 546F4DA34972884EB8EBF592A38954EADA5D9DDDCFC36A9E21D1AB2774AA2261 |
| SHA-512: | 2971DE1999D7C7EC8F79588778E96D2E5586F67C53F07F1EFC175328442465DB2404C81CF5F252CF36116B510990CEFDBCA88D61A955D47AC85BA50566C7A6A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 4.738462140227355 |
| Encrypted: | false |
| SSDEEP: | 3:KVGl/lilKlRAGlSvwIFOQtGo0BpCGVXSwZkNtFDVnMRn:KVy/4KDWwIFfYo0vbDyDGRn |
| MD5: | 5090399473D6860EBB5D3F6D9251CF07 |
| SHA1: | 5889D7E498878B1BA234F9589AA9DA64AF8DAAC1 |
| SHA-256: | C89BEEC19F6ABDDCC3CB49627363ACA3A8FADFDF3EBA6870A2CEE2B548DB9938 |
| SHA-512: | F9141ACC053704F35BF657198948359EC070062B60AAC9F71803A126504FBB69EDFF133E1F318D07A40E3E958462531F60EBD949CDB225C4CA0E6685235E15C2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 635028 |
| Entropy (8bit): | 7.986714808153071 |
| Encrypted: | false |
| SSDEEP: | 12288:/o0oAClJs1k1HPWInMnLvWQOTsCJ8p9BVbtF1mS2N6FToM6/N:Q0oA++InMyQOMrBBtFx2N6FT6/N |
| MD5: | 2A962E0DC9B32E25101DF84A99503248 |
| SHA1: | 37FA546C948E8582BC67C1606F1E75E70D1EAA43 |
| SHA-256: | 546F4DA34972884EB8EBF592A38954EADA5D9DDDCFC36A9E21D1AB2774AA2261 |
| SHA-512: | 2971DE1999D7C7EC8F79588778E96D2E5586F67C53F07F1EFC175328442465DB2404C81CF5F252CF36116B510990CEFDBCA88D61A955D47AC85BA50566C7A6A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.986819142393342 |
| TrID: |
|
| File name: | FOR105 - Change Order Authorisation Form - A80293 -aw.docx |
| File size: | 634'509 bytes |
| MD5: | b1d37b254f8d83d9e335388e5c1d1d43 |
| SHA1: | 14ebca7ff4263ca590b793dc197797baf0fa1e2e |
| SHA256: | 966512bb6ba25d2c99d4bbcf1eb25ede8003aad037f5ec7426cd0ea4fe5cef89 |
| SHA512: | 87daa5e730fa6cf8f4b84659a61e9c6fc77ff64e1158a10628e8a2d5e64b833341fc35bf2e2d664503bae3d409906321469747cb315444381e417f0d5845e3bc |
| SSDEEP: | 12288:HCn13r1KM1GE7SeUDokQI5KUF3PrCNGZG9F3UnF6/PW1p:HCx1g46W9Fc6/G |
| TLSH: | 6ED412A05D626B39D485017417E03ABB002D7A5E55F5031CBC8EED1F7782D8B39EF8A9 |
| File Content Preview: | PK..........!....l....".......[Content_Types].xml ...(......................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e5c48caa8a8599 |
| Document Type: | OpenXML |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | |
| Encrypted Document: | False |
| Contains Word Document Stream: | True |
| Contains Workbook/Book Stream: | False |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | False |
| Title: | |
| Subject: | |
| Author: | |
| Keywords: | |
| Template: | |
| Last Saved By: | |
| Revion Number: | 3 |
| Total Edit Time: | 0 |
| Create Time: | 2024-07-22T05:23:00Z |
| Last Saved Time: | 2024-07-22T05:23:00Z |
| Number of Pages: | 3 |
| Number of Words: | 697 |
| Number of Characters: | 3975 |
| Creating Application: | |
| Security: | 0 |
| Number of Lines: | 33 |
| Number of Paragraphs: | 9 |
| Thumbnail Scaling Desired: | false |
| Company: | |
| Contains Dirty Links: | false |
| Shared Document: | false |
| Changed Hyperlinks: | false |
| Application Version: | 16.0000 |
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 76 |
| Entropy: | 3.093449526469053 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x1Ole10Native |
| CLSID: | |
| File Type: | data |
| Stream Size: | 529455 |
| Entropy: | 7.3173131146347155 |
| Base64 Encoded: | True |
| Data ASCII: | + . . . . . F W B l a c k b o o k - F W U r b a n U t i l i t i e s - C o n t a c t r e q u e s t f o r S e r v i c e s . m s g . C : \\ U s e r s \\ C 0 0 5 2 8 \\ D o w n l o a d s \\ F W B l a c k b o o k - F W U r b a n U t i l i t i e s - C o n t a c t r e q u e s t f o r S e r v i c e s . m s g . . . . . . . . C : \\ U s e r s \\ C 0 0 5 2 8 \\ A p p D a t a \\ L o c a l \\ T e m p \\ { C F 8 3 E B 8 7 - B 4 9 D - 4 5 1 E - B 2 9 8 - C 8 2 A 6 F 8 4 8 8 8 9 } \\ { F F |
| Data Raw: | 2b 14 08 00 02 00 46 57 20 42 6c 61 63 6b 62 6f 6f 6b 20 2d 20 46 57 20 55 72 62 61 6e 20 55 74 69 6c 69 74 69 65 73 20 2d 20 43 6f 6e 74 61 63 74 20 72 65 71 75 65 73 74 20 66 6f 72 20 53 65 72 76 69 63 65 73 20 2e 6d 73 67 00 43 3a 5c 55 73 65 72 73 5c 43 30 30 35 32 38 5c 44 6f 77 6e 6c 6f 61 64 73 5c 46 57 20 42 6c 61 63 6b 62 6f 6f 6b 20 2d 20 46 57 20 55 72 62 61 6e 20 55 74 |
General | |
| Stream Path: | \x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 6 |
| Entropy: | 1.7924812503605778 |
| Base64 Encoded: | False |
| Data ASCII: | @ . . . . . |
| Data Raw: | 40 00 03 00 01 00 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 3, 2024 02:22:49.535501003 CEST | 1.1.1.1 | 192.168.2.4 | 0xefff | No error (0) | templatesmetadata.office.net.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 20:22:30 |
| Start date: | 02/10/2024 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x660000 |
| File size: | 1'620'872 bytes |
| MD5 hash: | 1A0C2C2E7D9C4BC18E91604E9B0C7678 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 20:22:53 |
| Start date: | 02/10/2024 |
| Path: | C:\Windows\splwow64.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff757890000 |
| File size: | 163'840 bytes |
| MD5 hash: | 77DE7761B037061C7C112FD3C5B91E73 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 8 |
| Start time: | 20:22:55 |
| Start date: | 02/10/2024 |
| Path: | C:\Windows\SysWOW64\verclsid.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7a0000 |
| File size: | 11'776 bytes |
| MD5 hash: | 190A347DF06F8486F193ADA0E90B49C5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 20:23:00 |
| Start date: | 02/10/2024 |
| Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x6d0000 |
| File size: | 34'446'744 bytes |
| MD5 hash: | 91A5292942864110ED734005B7E005C0 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
⊘No disassembly