Edit tour
Windows
Analysis Report
SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx
Overview
General Information
| Sample name: | SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx |
| Analysis ID: | 1431821 |
| MD5: | 7ecb32ab27106ae197b58938177bffe3 |
| SHA1: | 289ddfd262d770c15f1abdddae71a9159e5a40fc |
| SHA256: | b9c43834feaf98843ffe7bcd5d25829fdc00544433ccf003a19011997540996d |
| Tags: | xlsx |
| Infos: |   |
 | |
Detection
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Microsoft Office drops suspicious files
Office drops RTF file
Office viewer loads remote template
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Unable to load, office file is protected or invalid
Uses a known web browser user agent for HTTP communication
Yara signature match
Classification
- System is w10x64
EXCEL.EXE (PID: 7232 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /aut omation -E mbedding MD5: 4A871771235598812032C822E6F68F19) 
WINWORD.EXE (PID: 8048 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\WINWO RD.EXE" -E mbedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678) 
splwow64.exe (PID: 7380 cmdline: C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- EXCEL.EXE (PID: 412 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" "C:\ Users\user \Desktop\S ecuriteInf o.com.MSEx cel.CVE_20 17_0199.DD OC.exploit .32374.203 51.xlsx" MD5: 4A871771235598812032C822E6F68F19)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
| |
| INDICATOR_RTF_MalVer_Objects | Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. | ditekSHen |
|
System Summary |   |
|---|
| Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: | ||
| Source: | Author: X__Junior (Nextron Systems): | ||
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Software Vulnerabilities | |
|---|
| Source: | Process created: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Memory has grown: | ||
| Source: | Memory has grown: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | OLE: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE indicator, VBA macros: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: | ||
| Source: | Window title found: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | OLE indicator, Workbook stream: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | Window detected: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Initial sample: | ||
Persistence and Installation Behavior | |
|---|
| Source: | File dump: | Jump to dropped file | ||
| Source: | File dump: | Jump to dropped file | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Stream path 'Workbook' entropy: | ||
| Source: | Process created: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Process information queried: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | 13 Exploitation for Client Execution | 1 Scripting | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 11% | ReversingLabs | Document-Excel.Trojan.Heuristic | ||
| 11% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | HEUR/Rtf.Malformed | ||
| 100% | Avira | HEUR/Rtf.Malformed |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | phishing | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | phishing | ||
| 10% | Virustotal | Browse | ||
| 8% | Virustotal | Browse | ||
| 8% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| wheel.to | 76.76.21.21 | true | true |
| unknown |
| part-0013.t-0009.t-msedge.net | 13.107.213.41 | true | false |
| unknown |
| windowsupdatebg.s.llnwi.net | 69.164.42.0 | true | false |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 13.107.213.41 | part-0013.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
| 23.95.60.77 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 76.76.21.21 | wheel.to | United States | 16509 | AMAZON-02US | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1431821 |
| Start date and time: | 2024-04-25 20:43:29 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 1s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Potential for more IOCs and behavior |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 1 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx |
| Detection: | MAL |
| Classification: | mal100.expl.evad.winXLSX@6/276@1/3 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, mrxdav.sys, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.109.56.128, 52.109.8.36, 23.63.206.91, 52.113.194.132, 69.164.42.0, 51.132.193.104, 184.24.36.112, 20.189.173.27, 23.1.33.18, 23.1.33.10, 23.49.5.132, 23.49.5.140, 40.79.141.154
- Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, onedscolprduks02.uksouth.cloudapp.azure.com, otelrules.afd.azureedge.net, templatesmetadata.office.net.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, asia.configsvc1.live.com.akadns.net, a1847.dscg2.akamai.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdfrc06.francecentral.cloudapp.azure.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedscolprdwus21.westus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
| Time | Type | Description |
|---|---|---|
| 20:45:15 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 13.107.213.41 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| 23.95.60.77 | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| 76.76.21.21 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | AsyncRAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | TechSupportScam | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| part-0013.t-0009.t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| wheel.to | Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AS-COLOCROSSINGUS | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | STRRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | STRRAT | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| AMAZON-02US | Get hash | malicious | Fake Captcha, HTMLPhisher | Browse |
| |
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Okiru | Browse |
| ||
| MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 6271f898ce5be7dd52b0fc260d0662b3 | Get hash | malicious | HTMLPhisher | Browse |
| |
| Get hash | malicious | NetSupport RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | RisePro Stealer | Browse |
| |
| Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | AsyncRAT | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | FormBook, GuLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
| Get hash | malicious | SocGholish | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Babuk, Djvu | Browse |
| ||
| Get hash | malicious | Babuk, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
|
⊘No context
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 338 |
| Entropy (8bit): | 3.456121169893329 |
| Encrypted: | false |
| SSDEEP: | 6:kKp8y5iJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:BnkPlE99SCQl2DUevat |
| MD5: | 5F22C42D899E17294B9144FEEF5B63C3 |
| SHA1: | EA2C1598ADF2786A760C70721CECC19B0708E7D9 |
| SHA-256: | C2B9F71726D5DE58E7E1FDCE8A5AE33CE43B1D9A65440B5F3E679C486C30ABD2 |
| SHA-512: | 363D3CF9B29A63C95C058CC57E0C9F0CF4EC24ED60A3ACE30ADB9E5BAE60E27D0765F0F84559C4233A954BC3DE303A7EBA271BCBA877A400BF9E6028F54DFDBA |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1298 |
| Entropy (8bit): | 5.063903067926167 |
| Encrypted: | false |
| SSDEEP: | 24:2dtatFtAzUzX5qRMX5q8tX5qdD0X5qOz3X5qaNX5q41X5qDKX5qO:cGEJXXdNKwXDrO |
| MD5: | A23E3BA88FA851D3ED4E387E281FFE7C |
| SHA1: | A0A71DE5BD205AFBF9022A367B2D47BB2697BE70 |
| SHA-256: | 70BD20D2054BB89DD94602FDA34CD839510EFEFF741F21ECEA9444C4F970A466 |
| SHA-512: | 058ECF4BD933C094F495062A58731EE0A34C55C9F95CBCF671D07AE57E949C9FFD63003E1B36B3A7505B9C582CFC4248F159DE5B66C9C01FA3FEC0FF41267DD0 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectbronze.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51359 |
| Entropy (8bit): | 7.951666710600864 |
| Encrypted: | false |
| SSDEEP: | 1536:R0RcgzFbKPP60jIl5/IwaJczf3CtvRX5/wWi5:bgxbKPid/IwnzqJ5E5 |
| MD5: | C78ADBD2D46B0E9C1D82F07CE097886C |
| SHA1: | FB1112D34E16E16AEE78EEDD4FC646ED9BE2AF93 |
| SHA-256: | AEBFCC397AEF37AFE927595078B879AB56A3EEA1725B49E5716DEBCE74B8757C |
| SHA-512: | 0EE4D259906BA938FAF8C1A0ED1A77FB4AD16313839B8790955448F7219806B4B70BA318A359F4724031C62300D4A24E0C63CFEE233EF25B3AE907F5F09AB89B |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectgalaxy.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39125 |
| Entropy (8bit): | 7.979802521866709 |
| Encrypted: | false |
| SSDEEP: | 768:WCjr07kqJ96I8cTgooRTYWHj3FkbeP2rcZ7EHA6s5:507kq2SEo+TLjTw+7EHTe |
| MD5: | 239B06776C5028E8696BE5DDE3056F40 |
| SHA1: | 5BA5F0F7762296CBC0A066608E611AAA4D386F75 |
| SHA-256: | D8A45BC6BD592ED29DC7F74666B6C22D4ADDCA52261FDF2A929CE7205FC4EFCA |
| SHA-512: | 7B5319E22DC8D422C9974A6DE23B094CCBC89861FFBBA85C5A19137B1A7CE3224E34978F2AF5777BB357571379B998DCBB30951DBEF32BBFE8C73929D2F90B86 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectgold.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 45967 |
| Entropy (8bit): | 7.9705077862907885 |
| Encrypted: | false |
| SSDEEP: | 768:IuC14Fy5SyHdNNbx4IsRctKVqjrk+wiM6SNlM3jDbS+TFhNdc:IuC+RkRSjyxoPNl6DbSqhNdc |
| MD5: | 041305375CE26DE66A1405C06819D3CD |
| SHA1: | 4448296BBA3BD8ACF34D1AF5C4CFEBDFD6B07919 |
| SHA-256: | 4BB1E1D1139CAFDD96D4C98F78086B3677A68A90ABCACE31250F1442C9E528B0 |
| SHA-512: | F15A172058470337F9EA00F5757A605A0A069A7C232BA6015B2839CEC27DCEA30E81BEFD811AC15D9B442648FFD9F07B82B1E104F86890C2F2680242EC32958A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectlava.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46495 |
| Entropy (8bit): | 7.9661137194510605 |
| Encrypted: | false |
| SSDEEP: | 768:VQ++TcRGfH5eNodvzDnMex2FzuOojrl+X4H+91i57BR/SUcKkuMw2D:cTmQHICzA7ijrlZ+9g57BZSUcKk5ww |
| MD5: | 437A5A184681BCFC608FD1E97D708616 |
| SHA1: | 7D84FBE6D4DED5A3C98414F458CE071BBC9035BB |
| SHA-256: | D1F0B68D87F6B09555851C30F0352A07952B5B0885EFB8D3E3FF5CEE4279E87B |
| SHA-512: | 6B2D7542117A4F4DA956CB7EF4C09F69728F793C0DE6BAAC6790F73E923600EABA0FC54D1C7082483244EF1DA0246158C69143CD297FA08131B302AAD04B5003 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectocean.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51762 |
| Entropy (8bit): | 7.969551469107947 |
| Encrypted: | false |
| SSDEEP: | 1536:2RjFVIGWSX55YGjQQq35KuAt85LMn7Tz+dR8jG/t:2RhVIiiWQ9sxnLGR8jG/t |
| MD5: | B3DB04E08D530D82F33A9B09EA528595 |
| SHA1: | C503E80D02BACAC44C1E53D2C2289F5702B0C829 |
| SHA-256: | 35711A8D24732AEB50300EACD3E231BFD5676D6575830240BF7111BFF040B9E5 |
| SHA-512: | C6B66DC04793FFAD8C7CEE1908334C664D122B6D444B8ED534E20E5FA3A7ED22062697C759BD8236910BD5E88D321D11C4BAC7EF40B64E3E69620AA7AEF26B1D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectrainbowglitter.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 77636 |
| Entropy (8bit): | 7.98325572479678 |
| Encrypted: | false |
| SSDEEP: | 1536:GQvLaOfOKaf5ZKLzFxDZsDYlV4uCD258Vds+7RWiakyvggK:mOOKahZoZqY+uDCVe+Aizye |
| MD5: | DEE12646BC7E105B3A97555A5AD46F1F |
| SHA1: | D3C1F8FAFD06682514F2A88B5DD4B2D0BB1C9D0A |
| SHA-256: | F47061DFB3F3312AF65E739C09EF51B0F0C2DE21FDCD344C35B5E9C37665CFD2 |
| SHA-512: | 3A94C1975B50995BC368376423203F072417C83C4A65312122C0258075EFA6C0686D01A4B9CEF67D30012D0509DBA69D03921E9E6A6171C1F9E52690D5C2CF7B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectrosegold.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42587 |
| Entropy (8bit): | 7.956158176110853 |
| Encrypted: | false |
| SSDEEP: | 768:33uVCSrPcSrBbXGFz+dT+YrUjmJ3/Tm14bFXBFfP+EIbeIIoAuYY4so2/EKchzum:33uV74StXhSYrUiJvTsCNjNIbz6pAEKk |
| MD5: | 481D6C397EC9255C7158948ECAEE6585 |
| SHA1: | F6692C7064A6E54991283963DA5190C179753D19 |
| SHA-256: | EDE39E66268900159B6B80106B11EF74539F5077D8206DEEAD9B98E8F3CFD176 |
| SHA-512: | 5B4BC810879E55F712E0E860FB4D4ADE54297DC574C1658CD3E61EDC8D0AAD9B0EFED16EAA347B663F1271207BD2B858B8644B333BE98CFB0C6536279A8950BE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\GraphicsCache\1\CloudGraphicsResources\Graphics\inkeffectsilver.jpg
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38755 |
| Entropy (8bit): | 7.969372339631151 |
| Encrypted: | false |
| SSDEEP: | 768:xIw5we0JUmH9lDEt7ABvuRYLZ2CjOkqwP6HtSbIDNEaP2bu4:xIeweU9uABvkYLZ2Cj5PhIefu4 |
| MD5: | D1895189ECEEF4679EAA001B3F779DB3 |
| SHA1: | FC4AAA7A7F84C806F042A80E1F90B8E7236A8559 |
| SHA-256: | 3D832CABF1C0DAAA5314F32A8E412E36F5628F6D2A14A021901D667773B382D3 |
| SHA-512: | E44A6E7AA7E2BEE1C1C5635AC255BBCB361D2532A4169F0D1F757EBBAA384B11B1635D932CD44E1748821459F53B81EF79B6642080C77F41BC4D93C8B73F312E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8515 |
| Entropy (8bit): | 2.376758026536063 |
| Encrypted: | false |
| SSDEEP: | 192:OGEGGGBGcGSGwGdGKGjWqGjWUGjW3GjWiGjWAGjWUGjWTGjWwG/zhGzPhGjf4:zJbwx3F8f02FU+UJiUsk |
| MD5: | 53D49444EAF92E0CF5D2985CCAEDE42B |
| SHA1: | DA2D6C55752243AA5E638750F038DADF3C9FE6CC |
| SHA-256: | 722A39658D2F3D5E333874F23485CEA9DA2B79EDA454FA7F5A9FEFBFDB9B2AD8 |
| SHA-512: | B59D16AE8DCB2D9F02BF7CD594A94D140C9CB308DECFEEDF89B9C166657D8B6BD97FA7CFCF97F0D45E184A470B209F28F1ECC420C5CBF8D88D6E0E1C3AB48064 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2278 |
| Entropy (8bit): | 3.83628821002556 |
| Encrypted: | false |
| SSDEEP: | 48:uiTrlKxsxxLwxl9Il8uRrBGlNabRTTKsc4ySB8Nvfd1rc:voYcNabRiSBmQ |
| MD5: | 4808173064E94B014A87D6F1D7D1ED8C |
| SHA1: | 09D71EA09DEA48EE8BD9F0DD4394B20E8CC3BED0 |
| SHA-256: | DD8B7828CC5405E622E7930DE33B38909AEE21289C483EE4F5CAF9C2E0A2A050 |
| SHA-512: | AFB822F9DF30C94B73502B5751A500748E071D62CD5EDA4B109FEC130D95E21143B5F9519EE9E5DEF55D1159E6F3C24C4E5B3C5F95C74115C706261A964F2BEB |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4542 |
| Entropy (8bit): | 3.996333023189463 |
| Encrypted: | false |
| SSDEEP: | 96:DksYNxLpsGJyCKW/RI6XxsNjKCHOW2+xWNLwgZKkmW:IsGLps+MWpns5/U+WNMguW |
| MD5: | F3C99D0D204FED9FF27278980B3E53EF |
| SHA1: | 31468E3457E6B921BEBADF3D19ED47DFD049DD42 |
| SHA-256: | 1F0C28DA7CCE7CC7B3C2D53E7D0893D1869CAC4A8CE572C2521474CBFBA9EA0E |
| SHA-512: | 19BBC3BE61BC689E903857325D299D171501CE8BF33CC3BD40758B9472641CD0B0F1D486979BF7295D0AEC7C37A03F8E11F1659E7553556B5659ECFC40E74D3E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4156 |
| Entropy (8bit): | 1.8710420288411482 |
| Encrypted: | false |
| SSDEEP: | 24:YAPJ7gXxBBBmor/C/KnTqh/m7XC/S6kTnhens/6enKuvae:vNgXxBBBmvJ5unUsKaae |
| MD5: | AF9A863EB81D969F89B999DE5566D9C5 |
| SHA1: | 5A2D18FF23F6EBDFC21302B0E44D2D15DEA0CB48 |
| SHA-256: | 1A9D9A4FA31CAB21E370DCDB7B1AA49F48D1B2ECCF397415E1808968EEAD9BAB |
| SHA-512: | BCFD2BDA19FDABE173B468A94C47681542EEFFB0E77C416D4898DA68B2B48E9996C0919470C1656CD6840393958EA3841FEBE2821B956747F05B5FCED011F932 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4180 |
| Entropy (8bit): | 1.8745052253610124 |
| Encrypted: | false |
| SSDEEP: | 24:YbPJ7gXxBBBmor/C/KnTqh/m7XC/S6kTnhens/6enKTvae:0NgXxBBBmvJ5unUsKTae |
| MD5: | A9D3FAC69E7DC7900823033536F7209A |
| SHA1: | 68E4EDEA410FF9A24CFD2CA05C0F1CF5B59690DF |
| SHA-256: | C40D645BA1625199531EF7E943E367A545D2B2E3A75848AFFF8221501D77AEE5 |
| SHA-512: | 28A2B01DE568DFC972D12F54AE1D520E87A85F82145967CCB1CD167116547EAFF510A687B6286239302B8C252EA8E23401A3B1D1320E69D77852F6FB1A48923C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4056 |
| Entropy (8bit): | 1.929653848333741 |
| Encrypted: | false |
| SSDEEP: | 12:YB1uOUvJqRENEtEtEdEdEdEO6Mcs/vs9/09v89fE9vM9/U9Lzlm97z9m9Lz1m9bO:Y7uTvJqRiGGWWWRKqurbkdBvae |
| MD5: | 4A103FC1809C8EA381D2ACB5380EF4F6 |
| SHA1: | 6C81D37798C4D78C64E7D3EF7EB2ACB317C9FF67 |
| SHA-256: | 1AB8F5ABD845FFD0C61A61BB09BFCF20569B80B4496BCCB58C623753CF40485C |
| SHA-512: | 77DA8AB022505D77F89749E97628CAF4DD8414251CB673598ACBA8F7D30D1889037FAB30094A6CE7DC47293697A6BEF28B92364D00129B59D2FC3711C82650F5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71518 |
| Entropy (8bit): | 3.308934944497388 |
| Encrypted: | false |
| SSDEEP: | 1536:7LPx4QfgceatqBb1NTaYIjlQYYmatL6ZDngEaSa7XYtHoylWg3HK:7LZ4QoTatqBb1NTaYIRjyL6ZbhaSarYy |
| MD5: | BD7A9EBA72D2A2A8CC97260EC906B842 |
| SHA1: | ECF9F969B5F2B687AAF73C6173807CDAAD151ADB |
| SHA-256: | 6DD61F18A3CD350DAF98D26C0CE32C935FAE9A5458EE6E0D8F9FA843BE227E02 |
| SHA-512: | 8EB5705BBA4A86DF8B08D3C9B7DB67FA382541469905E3196C5D95F02AB77DA5BFC60BA2316AE3C9102190BBF8BF09FD642889916A68C4D0452F4F911177EE69 |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4156 |
| Entropy (8bit): | 1.8710420288411482 |
| Encrypted: | false |
| SSDEEP: | 24:YAPJ7gXxBBBmor/C/KnTqh/m7XC/S6kTnhens/6enKuvae:vNgXxBBBmvJ5unUsKaae |
| MD5: | AF9A863EB81D969F89B999DE5566D9C5 |
| SHA1: | 5A2D18FF23F6EBDFC21302B0E44D2D15DEA0CB48 |
| SHA-256: | 1A9D9A4FA31CAB21E370DCDB7B1AA49F48D1B2ECCF397415E1808968EEAD9BAB |
| SHA-512: | BCFD2BDA19FDABE173B468A94C47681542EEFFB0E77C416D4898DA68B2B48E9996C0919470C1656CD6840393958EA3841FEBE2821B956747F05B5FCED011F932 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42740 |
| Entropy (8bit): | 3.1653747469968625 |
| Encrypted: | false |
| SSDEEP: | 384:pHBbVMylhuIC4KdUW2OHWrCJ9yzJqCfOICe3oYQcMwwzq/H:ptRNKGGmzJqCWICe4LcMVA |
| MD5: | 389653BB40EEC3E461952D216748CE49 |
| SHA1: | 8CDD0731E6B8B7F3F213EF6644986FE22EDBCC6F |
| SHA-256: | 16FAC9FD73F24AE9E03B315562F2711C977F833BD0A71430F261590A22180121 |
| SHA-512: | ABF98EF6B5CB9188B26E56EB244C7CA7B75DC1A3BEFC25B50DF293822A51EE4494B35EB55DACEB9C037CBAD46D2CE1B8D399CE63EF1955C1ABF3417F479E723D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42740 |
| Entropy (8bit): | 3.1534751061566912 |
| Encrypted: | false |
| SSDEEP: | 384:JUH/yyA0IZjKXF2s4WrCJ9yzJqCfOICe3oYQcMwwzq/H:JikBKVemzJqCWICe4LcMVA |
| MD5: | D8B304DB21C362FA0DA85B6727835D09 |
| SHA1: | B2A1B71D1207471115579FE77303B6B3D4AAFCB5 |
| SHA-256: | DCB35A8F61E96B1DA90064D968C27C207AF4B701F0E7F5567C6304E387960565 |
| SHA-512: | 1C02F43AB9084F2009FDCB8EEEB97E7F793DAAE85728A5BD5EECCF5493BF9CCE3A9A74D64E47E4806BAFDCA46025168950C107AAA1207F77FCD7838A1778A11E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4180 |
| Entropy (8bit): | 1.8745052253610124 |
| Encrypted: | false |
| SSDEEP: | 24:YbPJ7gXxBBBmor/C/KnTqh/m7XC/S6kTnhens/6enKTvae:0NgXxBBBmvJ5unUsKTae |
| MD5: | A9D3FAC69E7DC7900823033536F7209A |
| SHA1: | 68E4EDEA410FF9A24CFD2CA05C0F1CF5B59690DF |
| SHA-256: | C40D645BA1625199531EF7E943E367A545D2B2E3A75848AFFF8221501D77AEE5 |
| SHA-512: | 28A2B01DE568DFC972D12F54AE1D520E87A85F82145967CCB1CD167116547EAFF510A687B6286239302B8C252EA8E23401A3B1D1320E69D77852F6FB1A48923C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42716 |
| Entropy (8bit): | 3.167976143863506 |
| Encrypted: | false |
| SSDEEP: | 384:1P86qJrBI4pKe42iKWrCJ9yzJqCfOICe3oYQcMwwzq/H:1TCrKFGmzJqCWICe4LcMVA |
| MD5: | 24C85AB2EA220402142523895BFE9AD0 |
| SHA1: | DA44D95F4D03F8A2B1BC0F3CC5708D8AF7CC4C9A |
| SHA-256: | CC5027FDF33709C694ADC7FB518E611C87A61FFACA704A463B583E6538BEC206 |
| SHA-512: | 5F078CB924A3377D0986767D6112DBD7F21A742EEBDBB2093C9E45503FB8952625ED89023EC690C198310F45099535EA35F4AF3A78BFDDB7187F9B1822D0FED7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4180 |
| Entropy (8bit): | 1.8745052253610124 |
| Encrypted: | false |
| SSDEEP: | 24:YbPJ7gXxBBBmor/C/KnTqh/m7XC/S6kTnhens/6enKTvae:0NgXxBBBmvJ5unUsKTae |
| MD5: | A9D3FAC69E7DC7900823033536F7209A |
| SHA1: | 68E4EDEA410FF9A24CFD2CA05C0F1CF5B59690DF |
| SHA-256: | C40D645BA1625199531EF7E943E367A545D2B2E3A75848AFFF8221501D77AEE5 |
| SHA-512: | 28A2B01DE568DFC972D12F54AE1D520E87A85F82145967CCB1CD167116547EAFF510A687B6286239302B8C252EA8E23401A3B1D1320E69D77852F6FB1A48923C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{396CDDC9-7EA9-42FD-A939-742396F648D6}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16384 |
| Entropy (8bit): | 1.5788473405525263 |
| Encrypted: | false |
| SSDEEP: | 48:rTC6xYxt6jvVFPZkGCG0U8AgK1a6lYL/R6p3z:Wt6jzBkZNA114L/R6pj |
| MD5: | B68B36110E7B5E6AA6DDEF55583C29E8 |
| SHA1: | B2BC44575EE5F37D78D4D059205B802A764FDED3 |
| SHA-256: | C2B07D09B2FDC47E170189E55784DCB935888843D3730596B9ED57B0D8760470 |
| SHA-512: | 033BD185B45101297FA727D96D9E1B037DBCEB00DB33E60D14791CE1BFA18B2587E52F61A929C4105554FF3A7041DCD14F77263510584D50A4420366A2D5F8AF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1F86639B-C3D5-48FB-9979-754EEE70E8F1}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{31B7BFBC-6CB8-4795-93EE-FA1B99996BEC}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{32A0A95F-5DDB-4E41-9FA6-DAD406E53734}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{335E5542-007C-4DA6-8682-476A9B957270}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1536 |
| Entropy (8bit): | 1.4901979557151126 |
| Encrypted: | false |
| SSDEEP: | 3:ml+lGl+l+l+l1PPPHRlALlP//lXl7lhlJvl5hzldlxpxl/b1l/pl/Ppl/Rl/Pbhl:mEMEEE3Dmlc9lCgKeUQqrzPJgGHkY |
| MD5: | DD0814152E088E09E0C4EE700BEBE2FD |
| SHA1: | 839BBE456F1DE95A87573CA868BE63C4E55818A8 |
| SHA-256: | 3C1E759DA29C9661217B8C31B554A6E9009B3FDFD6022848914F83B13DD6D9D3 |
| SHA-512: | A4142D1A21EE871A3E82AB5607DAD1B5B0590406DE0F33864DD24BC019D032DBC1FD2230E8202C6EF8A50B1DCC257D78E9644C663142B6BA716A7CE64AD3E1CA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{346D66A1-0C04-494F-BB0D-5DAAC2F8AF4F}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{4D341DDD-1511-455C-A529-D8FEADFBF05E}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{682EB5AB-3589-412E-A6D8-A46833822464}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{6B48A2C6-DA67-4E6E-A245-2AEE860CF3FB}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{79B52EBD-4123-4154-B255-DCB1B3F160DC}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8112FFE3-BCFB-442B-8FB7-7BD8804AD9C5}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8940E098-352D-4C01-BC6D-8B306FB5676B}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.288511995009958 |
| Encrypted: | false |
| SSDEEP: | 3:QlHl3lldHzlblXllZrnlPlXllXa:wA |
| MD5: | 2AB4EFC5E58B2C45C502D4884BF74679 |
| SHA1: | 2EF9FB1452ECB08DD858E43F931607DA241E29C5 |
| SHA-256: | A9DE0B40497AEF1418780367599DC605E4F75BF64746FECFC0E0A7A4413A15C7 |
| SHA-512: | C3824EEEDFB90DE361498CE8E119A4AD156BD551DEEEAB29578A0FFC1E78B0AF733F1DFEA5E8F5CE5AD92602869778A28FDA312553E60D0A0648C8F7B8F3CDBD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8D4BE7CA-C2A4-4405-915F-2BE81624681C}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13312 |
| Entropy (8bit): | 3.5455355786558234 |
| Encrypted: | false |
| SSDEEP: | 384:9IaTK1TPPbuQDfzDVl0YLoZkmgAxN6T0gp:JKI8LD8YMZkmgAxN6Tpp |
| MD5: | 771449A535C2381842A9CED37C02BCE5 |
| SHA1: | C414DBE9154F9DB18A3C9D0D6CF147CF0EC18295 |
| SHA-256: | 01758D847DAF742DB406A74A992C2A0B0DFFEC620CAD4E4524ABD94A0FEF9D48 |
| SHA-512: | D485068D81FB4AD44826594F4B8AF1E639DEC2EF8BDE82EE2BEEE66761FE67CC4D4E463FB400B086649C26FFDCA8870A5E57177A3A154757AE01BC321E5637F7 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{97AD3BEF-DAC5-48CE-9041-61DC0172E317}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C4C7F473-B475-4C8E-861D-E7433EE837CE}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CC4B953B-F47B-4368-B008-4B7B335180F3}.tmp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.03351732319703582 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lG:40 |
| MD5: | 830FBF83999E052538EAF156AB6ECB17 |
| SHA1: | 9F6C69FA4232801D3A4857C630BA7A719662135A |
| SHA-256: | D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869 |
| SHA-512: | A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 14 |
| Entropy (8bit): | 3.182005814760214 |
| Encrypted: | false |
| SSDEEP: | 3:0MXAG3D:0MQE |
| MD5: | 2EA624D388B73C5AD7976BBB9D758A4F |
| SHA1: | A7E1D420AEC892C6E2D9EA786A9B2533417CC1D1 |
| SHA-256: | CD23991B4E02A17E5A224A1F8265C5A187AB366B40B8F8A14608371FEB8F6E25 |
| SHA-512: | 04D4A6191C1624C89FD74A275C055FB6B0F1B0F8F62E3C8C63EAA2CF99EAAC3C099FEBBA2C9EEF31578774AB1DF78911AFA241A4542B19F80A2A878E3D914D0D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\morningworkingforgetbackwithentireprocessgetmebacktomesheisverydetailedinprojectgetunderstand___sheisverybeautifulsheisgreat[1].doc 
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71518 |
| Entropy (8bit): | 3.308934944497388 |
| Encrypted: | false |
| SSDEEP: | 1536:7LPx4QfgceatqBb1NTaYIjlQYYmatL6ZDngEaSa7XYtHoylWg3HK:7LZ4QoTatqBb1NTaYIRjyL6ZbhaSarYy |
| MD5: | BD7A9EBA72D2A2A8CC97260EC906B842 |
| SHA1: | ECF9F969B5F2B687AAF73C6173807CDAAD151ADB |
| SHA-256: | 6DD61F18A3CD350DAF98D26C0CE32C935FAE9A5458EE6E0D8F9FA843BE227E02 |
| SHA-512: | 8EB5705BBA4A86DF8B08D3C9B7DB67FA382541469905E3196C5D95F02AB77DA5BFC60BA2316AE3C9102190BBF8BF09FD642889916A68C4D0452F4F911177EE69 |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46592 |
| Entropy (8bit): | 7.762028754865989 |
| Encrypted: | false |
| SSDEEP: | 768:r3zqmF7r+NdSD4NQ66j1e2SDYLCxNupaEzuWIOmcyyDxyyFIjYQlv:r3zBF7redSDsQ665e2/hXuWIOmcR9Fkv |
| MD5: | AC3CCF6BA86342240E944AA061B931CB |
| SHA1: | 596638C40034FCCE285FB70CDB0D9492C274C46D |
| SHA-256: | 84D65103661E6329381D8B2FB304B1630803CD9862DAC6879EEC8B27272075FA |
| SHA-512: | 78D70451FEEA44365154475DD21983E7D795BE09D6CAB628CA5EC86EFC97C510D883BF84632681C6AA77C4DC21E811A0C53DE6BCBD031B77A0BBD73262C161EA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 40040 |
| Entropy (8bit): | 7.449590984595257 |
| Encrypted: | false |
| SSDEEP: | 768:jCmPt1T3f+r7MpWHTcfTTPmFxe0Z7cvsBqMrMaBf+tcOLrBkN5:hP7qcWQPLyc0Btr5qc0tkj |
| MD5: | 9B842DB76D17EC6C833F8E4B7959CB84 |
| SHA1: | 081EE75B9DDA83FBBCE6CE930BAFFA102C495275 |
| SHA-256: | 0A0CB2CBEE1B9FAD72284645C496BA851C5864F7837D98AAFBA85C2931372125 |
| SHA-512: | C9DD268B82613CCB081BCB4AF65F2921FDE18B7ACBF6E6BB8677DE192ABAD788B73E243910B7907A064BFD3DB258EEFF005688BCC163981DD90FADD9081C3561 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46592 |
| Entropy (8bit): | 7.762028754865989 |
| Encrypted: | false |
| SSDEEP: | 768:r3zqmF7r+NdSD4NQ66j1e2SDYLCxNupaEzuWIOmcyyDxyyFIjYQlv:r3zBF7redSDsQ665e2/hXuWIOmcR9Fkv |
| MD5: | AC3CCF6BA86342240E944AA061B931CB |
| SHA1: | 596638C40034FCCE285FB70CDB0D9492C274C46D |
| SHA-256: | 84D65103661E6329381D8B2FB304B1630803CD9862DAC6879EEC8B27272075FA |
| SHA-512: | 78D70451FEEA44365154475DD21983E7D795BE09D6CAB628CA5EC86EFC97C510D883BF84632681C6AA77C4DC21E811A0C53DE6BCBD031B77A0BBD73262C161EA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1714070710955804900_D95CD8F6-A651-473D-BC33-0CB2B219F20F.log
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 45921 |
| Entropy (8bit): | 5.522699874621474 |
| Encrypted: | false |
| SSDEEP: | 768:mrTcYjcQ9cEEecLoJcbI+He3e/BUwPIZTea3BtOvVj7hSEz8YEorEayCfyCKeQ5p:mrTcYjcQLE7/bHe3e/BUwPIZT/BtOvVu |
| MD5: | 04E0A7C3946EFCF917F01FFCDE15F4FC |
| SHA1: | 41BCF6E04827DE8E1E629869739ABD7A6ADF5AC6 |
| SHA-256: | B7D45F9C16E8FC2C871CC594912D5B9C1C2B8144F56BB03DD9B9471133F23616 |
| SHA-512: | 0BCB9AEC987C7814892E45068F167E773C33998D2F71D2ED93B62F3AB675CA8E56C901BED67EA872AAAE3891ECBB2DAA3B453D20CF3A5D66F1E38517BCF7357A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5081874837369886 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXCOzi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnydONGHmD0wbnKYZAH/lMZqiv |
| MD5: | 8D9B02CC69FA40564E6C781A9CC9E626 |
| SHA1: | 352469A1ABB8DA1DC550D7E27924E552B0D39204 |
| SHA-256: | 1D4483830710EF4A2CC173C3514A9F4B0ACA6C44DB22729B7BE074D18C625BAE |
| SHA-512: | 8B7DB2AB339DD8085104855F847C48970C2DD32ADB0B8EEA134A64C5CC7DE772615F85D057F4357703B65166C8CF0C06F4F6FD3E60FFC80DA3DD34B16D5B1281 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255948 |
| Entropy (8bit): | 5.103631650117028 |
| Encrypted: | false |
| SSDEEP: | 6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW |
| MD5: | 9888A214D362470A6189DEFF775BE139 |
| SHA1: | 32B552EB3C73CD7D0D9D924C96B27A86753E0F97 |
| SHA-256: | C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7 |
| SHA-512: | 8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5161159456784024 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX+l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyulNGHmD0wbnKYZAH/lMZqiv |
| MD5: | C15EB3F4306EBF75D1E7C3C9382DEECC |
| SHA1: | A3F9684794FFD59151A80F97770D4A79F1D030A6 |
| SHA-256: | 23C262DF3AEACB125E88C8FFB7DBF56FD23F66E0D476AFD842A68DDE69658C7F |
| SHA-512: | ACDF7D69A815C42223FD6300179A991A379F7166EFAABEE41A3995FB2030CD41D8BCD46B566B56D1DFBAE8557AFA1D9FD55143900A506FA733DE9DA5D73389D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344303 |
| Entropy (8bit): | 5.023195898304535 |
| Encrypted: | false |
| SSDEEP: | 6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6 |
| MD5: | F079EC5E2CCB9CD4529673BCDFB90486 |
| SHA1: | FBA6696E6FA918F52997193168867DD3AEBE1AD6 |
| SHA-256: | 3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB |
| SHA-512: | 4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 302 |
| Entropy (8bit): | 3.537169234443227 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXfQIUA/e/Wl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXZ/eulNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 9C00979164E78E3B890E56BE2DF00666 |
| SHA1: | 1FA3C439D214C34168ADF0FBA5184477084A0E51 |
| SHA-256: | 21CCB63A82F1E6ACD6BAB6875ABBB37001721675455C746B17529EE793382C7B |
| SHA-512: | 54AC8732C2744B60DA744E54D74A2664658E4257A136ABE886FF21585E8322E028D8243579D131EF4E9A0ABDDA70B4540A051C8B8B60D65C3EC0888FD691B9A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217137 |
| Entropy (8bit): | 5.068335381017074 |
| Encrypted: | false |
| SSDEEP: | 6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P |
| MD5: | 3BF8591E1D808BCCAD8EE2B822CC156B |
| SHA1: | 9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0 |
| SHA-256: | 7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8 |
| SHA-512: | D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 262 |
| Entropy (8bit): | 3.4901887319218092 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXqhBMl0OoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyiMl0OoGHmD0+dAH/luWvv |
| MD5: | 52BD0762F3DC77334807DDFC60D5F304 |
| SHA1: | 5962DA7C58F742046A116DDDA5DC8EA889C4CB0E |
| SHA-256: | 30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB |
| SHA-512: | FB68B1CF9677A00D5651C51EC604B61DAC2D250D44A71D43CD69F41F16E4F0A7BAA7AD4A6F7BB870429297465A893013BBD7CC77A8F709AD6DB97F5A0927B1DD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5596 |
| Entropy (8bit): | 7.875182123405584 |
| Encrypted: | false |
| SSDEEP: | 96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X |
| MD5: | CDC1493350011DB9892100E94D5592FE |
| SHA1: | 684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA |
| SHA-256: | F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548 |
| SHA-512: | 3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4026 |
| Entropy (8bit): | 7.809492693601857 |
| Encrypted: | false |
| SSDEEP: | 96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D |
| MD5: | 5D9BAD7ADB88CEE98C5203883261ACA1 |
| SHA1: | FBF1647FCF19BCEA6C3CF4365C797338CA282CD2 |
| SHA-256: | 8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F |
| SHA-512: | 7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250 |
| Entropy (8bit): | 3.4916022431157345 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXsAl8xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8A8xoGHmD0+dAH/luWvv |
| MD5: | 1A314B08BB9194A41E3794EF54017811 |
| SHA1: | D1E70DB69CA737101524C75E634BB72F969464FF |
| SHA-256: | 9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379 |
| SHA-512: | AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4721586910685547 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX9+RclTloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyteUTloGHmD0+dAH/luWvv |
| MD5: | 4DD225E2A305B50AF39084CE568B8110 |
| SHA1: | C85173D49FC1522121AA2B0B2E98ADF4BB95B897 |
| SHA-256: | 6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4 |
| SHA-512: | 0493AB431004191381FF84AD7CC46BD09A1E0FEEC16B3183089AA8C20CC7E491FAE86FE0668A9AC677F435A203E494F5E6E9E4A0571962F6021D6156B288B28A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4243 |
| Entropy (8bit): | 7.824383764848892 |
| Encrypted: | false |
| SSDEEP: | 96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf |
| MD5: | 7BC0A35807CD69C37A949BBD51880FF5 |
| SHA1: | B5870846F44CAD890C6EFF2F272A037DA016F0D8 |
| SHA-256: | BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA |
| SHA-512: | B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4845992218379616 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXQFoElh/lE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8lLGHmD0+dAH/luWvv |
| MD5: | E8B30D1070779CC14FBE93C8F5CF65BE |
| SHA1: | 9C87F7BC66CF55634AB3F070064AAF8CC977CD05 |
| SHA-256: | 2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB |
| SHA-512: | C0D5363B43D45751192EF06C4EC3C896A161BB11DBFF1FC2E598D28C644824413C78AE3A68027F7E622AF0D709BE0FA893A3A3B4909084DF1ED9A8C1B8267FCA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6024 |
| Entropy (8bit): | 7.886254023824049 |
| Encrypted: | false |
| SSDEEP: | 96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd |
| MD5: | 20621E61A4C5B0FFEEC98FFB2B3BCD31 |
| SHA1: | 4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4 |
| SHA-256: | 223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7 |
| SHA-512: | BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 3.547857457374301 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXSpGLMeKlPaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyipTIw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 4EC6724CBBA516CF202A6BD17226D02C |
| SHA1: | E412C574D567F0BA68B4A31EDB46A6AB3546EA95 |
| SHA-256: | 18E408155A2C2A24D91CD45E065927FFDA726356AAB115D290A3C1D0B7100402 |
| SHA-512: | DE45011A084AB94BF5B27F2EC274D310CF68DF9FB082E11726E08EB89D5D691EA086C9E0298E16AE7AE4B23753E5916F69F78AAD82F4627FC6F80A6A43D163DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284415 |
| Entropy (8bit): | 5.00549404077789 |
| Encrypted: | false |
| SSDEEP: | 6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y |
| MD5: | 33A829B4893044E1851725F4DAF20271 |
| SHA1: | DAC368749004C255FB0777E79F6E4426E12E5EC8 |
| SHA-256: | C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924 |
| SHA-512: | 41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260 |
| Entropy (8bit): | 3.4895685222798054 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX4cPBl4xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyPl4xoGHmD0+dAH/luWvv |
| MD5: | 63E8B0621B5DEFE1EF17F02EFBFC2436 |
| SHA1: | 2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953 |
| SHA-256: | 9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06 |
| SHA-512: | A27CDA84DF5AD906C9A60152F166E7BD517266CAA447195E6435997280104CBF83037F7B05AE9D4617323895DCA471117D8C150E32A3855156CB156E15FA5864 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3075 |
| Entropy (8bit): | 7.716021191059687 |
| Encrypted: | false |
| SSDEEP: | 48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE |
| MD5: | 67766FF48AF205B771B53AA2FA82B4F4 |
| SHA1: | 0964F8B9DC737E954E16984A585BDC37CE143D84 |
| SHA-256: | 160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667 |
| SHA-512: | AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256 |
| Entropy (8bit): | 3.4842773155694724 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXDAlIJAFIloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyMlI7loGHmD0+dAH/luWvv |
| MD5: | 923D406B2170497AD4832F0AD3403168 |
| SHA1: | A77DA08C9CB909206CDE42FE1543B9FE96DF24FB |
| SHA-256: | EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF |
| SHA-512: | A4CD8C74A3F916CA6B15862FCA83F17F2B1324973CCBCC8B6D9A8AEE63B83A3CD880DC6821EEADFD882D74C7EF58FA586781DED44E00E8B2ABDD367B47CE45B7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11380 |
| Entropy (8bit): | 7.891971054886943 |
| Encrypted: | false |
| SSDEEP: | 192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ |
| MD5: | C9F9364C659E2F0C626AC0D0BB519062 |
| SHA1: | C4036C576074819309D03BB74C188BF902D1AE00 |
| SHA-256: | 6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2 |
| SHA-512: | 173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 256 |
| Entropy (8bit): | 3.464918006641019 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXR+EqRGRnRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyB+5RmRGHmD0wbnKYZAH+Vwv |
| MD5: | 93149E194021B37162FD86684ED22401 |
| SHA1: | 1B31CAEBE1BBFA529092BE834D3B4AD315A6F8F1 |
| SHA-256: | 50BE99A154A6F632D49B04FCEE6BCA4D6B3B4B7C1377A31CE9FB45C462D697B2 |
| SHA-512: | 410A7295D470EC85015720B2B4AC592A472ED70A04103D200FA6874BEA6A423AF24766E98E5ACAA3A1DBC32C44E8790E25D4611CD6C0DBFFFE8219D53F33ACA7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51826 |
| Entropy (8bit): | 5.541375256745271 |
| Encrypted: | false |
| SSDEEP: | 384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu |
| MD5: | 2AB22AC99ACFA8A82742E774323C0DBD |
| SHA1: | 790F8B56DF79641E83A16E443A75A66E6AA2F244 |
| SHA-256: | BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D |
| SHA-512: | E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246 |
| Entropy (8bit): | 3.5039994158393686 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX4f+E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvGHmD0+dAH/luWvv |
| MD5: | 16711B951E1130126E240A6E4CC2E382 |
| SHA1: | 8095AA79AEE029FD06428244CA2A6F28408448DB |
| SHA-256: | 855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9 |
| SHA-512: | 454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3683 |
| Entropy (8bit): | 7.772039166640107 |
| Encrypted: | false |
| SSDEEP: | 96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r |
| MD5: | E8308DA3D46D0BC30857243E1B7D330D |
| SHA1: | C7F8E54A63EB254C194A23137F269185E07F9D10 |
| SHA-256: | 6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4 |
| SHA-512: | 88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.5280239200222887 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXQAl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyllNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 877A8A960B2140E3A0A2752550959DB9 |
| SHA1: | FBEC17B332CBC42F2F16A1A08767623C7955DF48 |
| SHA-256: | FE07084A41CF7DB58B06D2C0D11BCACB603D6574261D1E7EBADCFF85F39AFB47 |
| SHA-512: | B8B660374EC6504B3B5FCC7DAC63AF30A0C9D24306C36B33B33B23186EC96AEFE958A3851FF3BC57FBA72A1334F633A19C0B8D253BB79AA5E5AFE4A247105889 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268317 |
| Entropy (8bit): | 5.05419861997223 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9 |
| MD5: | 51D32EE5BC7AB811041F799652D26E04 |
| SHA1: | 412193006AA3EF19E0A57E16ACF86B830993024A |
| SHA-256: | 6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97 |
| SHA-512: | 5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.538396048757031 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXcel8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyMelNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 149948E41627BE5DC454558E12AF2DA4 |
| SHA1: | DB72388C037F0B638FCD007FAB46C916249720A8 |
| SHA-256: | 1B981DC422A042CDDEBE2543C57ED3D468288C20D280FF9A9E2BB4CC8F4776ED |
| SHA-512: | 070B55B305DB48F7A8CD549A5AECF37DE9D6DCD780A5EC546B4BB2165AF4600FA2AF350DDDB48BECCAA3ED954AEE90F5C06C3183310B081F555389060FF4CB01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250983 |
| Entropy (8bit): | 5.057714239438731 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP |
| MD5: | F883B260A8D67082EA895C14BF56DD56 |
| SHA1: | 7954565C1F243D46AD3B1E2F1BAF3281451FC14B |
| SHA-256: | EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353 |
| SHA-512: | D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 264 |
| Entropy (8bit): | 3.4866056878458096 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XrZUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXWloGHmD0+dAH/luWvv |
| MD5: | 6C489D45F3B56845E68BE07EA804C698 |
| SHA1: | C4C9012C0159770CB882870D4C92C307126CEC3F |
| SHA-256: | 3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45 |
| SHA-512: | D1355C48A09E7317773E4F1613C4613B7EA42D21F5A6692031D288D69D47B19E8F4D5A29AFD8B751B353FC7DE865EAE7CFE3F0BEC05F33DDF79526D64A29EB18 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6448 |
| Entropy (8bit): | 7.897260397307811 |
| Encrypted: | false |
| SSDEEP: | 192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK |
| MD5: | 42A840DC06727E42D42C352703EC72AA |
| SHA1: | 21AAAF517AFB76BF1AF4E06134786B1716241D29 |
| SHA-256: | 02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7 |
| SHA-512: | 8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 314 |
| Entropy (8bit): | 3.5230842510951934 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXJuJaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyZuUw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | F25AC64EC63FA98D9E37782E2E49D6E6 |
| SHA1: | 97DD9CFA4A22F5B87F2B53EFA37332A9EF218204 |
| SHA-256: | 834046A829D1EA836131B470884905856DBF2C3C136C98ADEEFA0F206F38F8AB |
| SHA-512: | A0387239CDE98BCDE1668B582B046619C3B3505F9440343DAD22B1B7B9E05F3B74F2AE29E591EC37B6570A0C0E5FE571442873594B0684DDCCB4F6A1B5E10B1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294178 |
| Entropy (8bit): | 4.977758311135714 |
| Encrypted: | false |
| SSDEEP: | 6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b |
| MD5: | 0C9731C90DD24ED5CA6AE283741078D0 |
| SHA1: | BDD3D7E5B0DE9240805EA53EF2EB784A4A121064 |
| SHA-256: | ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF |
| SHA-512: | A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 238 |
| Entropy (8bit): | 3.472155835869843 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGE2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny4GHmD0+dAH/luWvv |
| MD5: | 2240CF2315F2EB448CEA6E9CE21B5AC5 |
| SHA1: | 46332668E2169E86760CBD975FF6FA9DB5274F43 |
| SHA-256: | 0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D |
| SHA-512: | 10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5151 |
| Entropy (8bit): | 7.859615916913808 |
| Encrypted: | false |
| SSDEEP: | 96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti |
| MD5: | 6C24ED9C7C868DB0D55492BB126EAFF8 |
| SHA1: | C6D96D4D298573B70CF5C714151CF87532535888 |
| SHA-256: | 48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F |
| SHA-512: | A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.5502940710609354 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXfQICl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXClNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 9B8D7EFE8A69E41CDC2439C38FE59FAF |
| SHA1: | 034D46BEC5E38E20E56DD905E2CA2F25AF947ED1 |
| SHA-256: | 70042F1285C3CD91DDE8D4A424A5948AE8F1551495D8AF4612D59709BEF69DF2 |
| SHA-512: | E50BB0C68A33D35F04C75F05AD4598834FEC7279140B1BB0847FF39D749591B8F2A0C94DA4897AAF6C33C50C1D583A836B0376015851910A77604F8396C7EF3C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270198 |
| Entropy (8bit): | 5.073814698282113 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We |
| MD5: | FF0E07EFF1333CDF9FC2523D323DD654 |
| SHA1: | 77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4 |
| SHA-256: | 3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5 |
| SHA-512: | B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 242 |
| Entropy (8bit): | 3.4938093034530917 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX44lWWoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvToGHmD0+dAH/luWvv |
| MD5: | A6B2731ECC78E7CED9ED5408AB4F2931 |
| SHA1: | BA15D036D522978409846EA682A1D7778381266F |
| SHA-256: | 6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744 |
| SHA-512: | 666926612E83A7B4F6259C3FFEC3185ED3F07BDC88D43796A24C3C9F980516EB231BDEA4DC4CC05C6D7714BA12AE2DCC764CD07605118698809DEF12A71F1FDD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4888 |
| Entropy (8bit): | 7.8636569313247335 |
| Encrypted: | false |
| SSDEEP: | 96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb |
| MD5: | 0A4CA91036DC4F3CD8B6DBF18094CF25 |
| SHA1: | 6C7EED2530CD0032E9EEAB589AFBC296D106FBB9 |
| SHA-256: | E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50 |
| SHA-512: | 7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.4680595384446202 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXivlE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyydGHmD0+dAH/luWvv |
| MD5: | D79B5DE6D93AC06005761D88783B3EE6 |
| SHA1: | E05BDCE2673B6AA8CBB17A138751EDFA2264DB91 |
| SHA-256: | 96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1 |
| SHA-512: | 34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5783 |
| Entropy (8bit): | 7.88616857639663 |
| Encrypted: | false |
| SSDEEP: | 96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk |
| MD5: | 8109B3C170E6C2C114164B8947F88AA1 |
| SHA1: | FC63956575842219443F4B4C07A8127FBD804C84 |
| SHA-256: | F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416 |
| SHA-512: | F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 258 |
| Entropy (8bit): | 3.4692172273306268 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXcq9DsoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnysmYoGHmD0+dAH/luWvv |
| MD5: | C1B36A0547FB75445957A619201143AC |
| SHA1: | CDB0A18152F57653F1A707D39F3D7FB504E244A7 |
| SHA-256: | 4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9 |
| SHA-512: | 0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7370 |
| Entropy (8bit): | 7.9204386289679745 |
| Encrypted: | false |
| SSDEEP: | 192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV |
| MD5: | 586CEBC1FAC6962F9E36388E5549FFE9 |
| SHA1: | D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E |
| SHA-256: | 1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40 |
| SHA-512: | 68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16806 |
| Entropy (8bit): | 7.9519793977093505 |
| Encrypted: | false |
| SSDEEP: | 384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H |
| MD5: | 950F3AB11CB67CC651082FEBE523AF63 |
| SHA1: | 418DE03AD2EF93D0BD29C3D7045E94D3771DACB4 |
| SHA-256: | 9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974 |
| SHA-512: | D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254 |
| Entropy (8bit): | 3.4720677950594836 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXOu9+MlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnycMlWlzGHmD0+dAH/luWvv |
| MD5: | D04EC08EFE18D1611BDB9A5EC0CC00B1 |
| SHA1: | 668FF6DFE64D5306220341FC2C1353199D122932 |
| SHA-256: | FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9 |
| SHA-512: | 97EBCCAF64FA33238B7CFC0A6D853EFB050D877E21EE87A78E17698F0BB38382FCE7F6C4D97D550276BD6B133D3099ECAB9CFCD739F31BFE545F4930D896EEC3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 332 |
| Entropy (8bit): | 3.4871192480632223 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXsdDUaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyoRw9eNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 333BA58FCE326DEA1E4A9DE67475AA95 |
| SHA1: | F51FAD5385DC08F7D3E11E1165A18F2E8A028C14 |
| SHA-256: | 66142D15C7325B98B199AB6EE6F35B7409DE64EBD5C0AB50412D18CBE6894097 |
| SHA-512: | BFEE521A05B72515A8D4F7D13D8810846DC60F1E85C363FFEBD6CACD23AE8D2E664C563FC74700A4ED4E358F378508D25C46CB5BE1CF587E2E278EBC22BB2625 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254875 |
| Entropy (8bit): | 5.003842588822783 |
| Encrypted: | false |
| SSDEEP: | 6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a |
| MD5: | 377B3E355414466F3E3861BCE1844976 |
| SHA1: | 0B639A3880ACA3FD90FA918197A669CC005E2BA4 |
| SHA-256: | 4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF |
| SHA-512: | B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 288 |
| Entropy (8bit): | 3.523917709458511 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXC1l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnySvNGHmD0wbnKYZAH/lMZqiv |
| MD5: | 4A9A2E8DB82C90608C96008A5B6160EF |
| SHA1: | A49110814D9546B142C132EBB5B9D8A1EC23E2E6 |
| SHA-256: | 4FA948EEB075DFCB8DCA773A3F994560C69D275690953625731C4743CD5729F7 |
| SHA-512: | 320B9CC860FFBDB0FD2DB7DA7B7B129EEFF3FFB2E4E4820C3FBBFEA64735EB8CFE1F4BB5980302770C0F77FF575825F2D9A8BB59FC80AD4C198789B3D581963B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296658 |
| Entropy (8bit): | 5.000002997029767 |
| Encrypted: | false |
| SSDEEP: | 6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M |
| MD5: | 9AC6DE7B629A4A802A41F93DB2C49747 |
| SHA1: | 3D6E929AA1330C869D83F2BF8EBEBACD197FB367 |
| SHA-256: | 52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293 |
| SHA-512: | 5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 292 |
| Entropy (8bit): | 3.5026803317779778 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXC89ADni8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyf9ADiNGHmD0wbnKYZAH/lMZqiv |
| MD5: | A0D51783BFEE86F3AC46A810404B6796 |
| SHA1: | 93C5B21938DA69363DBF79CE594C302344AF9D9E |
| SHA-256: | 47B43E7DBDF8B25565D874E4E071547666B08D7DF4D736EA8521591D0DED640F |
| SHA-512: | CA3DB5A574745107E1D6CAA60E491F11D8B140637D4ED31577CC0540C12FDF132D8BC5EBABEA3222F4D7BA1CA016FF3D45FE7688D355478C27A4877E6C4D0D75 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251032 |
| Entropy (8bit): | 5.102652100491927 |
| Encrypted: | false |
| SSDEEP: | 6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA |
| MD5: | F425D8C274A8571B625EE66A8CE60287 |
| SHA1: | 29899E309C56F2517C7D9385ECDBB719B9E2A12B |
| SHA-256: | DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938 |
| SHA-512: | E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.438490642908344 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXZlaWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyplagN2RGHmD0wbnKYZAH+Vwv |
| MD5: | 0F98498818DC28E82597356E2650773C |
| SHA1: | 1995660972A978D17BC483FCB5EE6D15E7058046 |
| SHA-256: | 4587CA0B2A60728FF0A5B8E87D35BF6C6FDF396747E13436EC856612AC1C6288 |
| SHA-512: | 768562F20CFE15001902CCE23D712C7439721ECA6E48DDDCF8BFF4E7F12A3BC60B99C274CBADD0128EEA1231DB19808BAA878E825497F3860C381914C21B46FF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34415 |
| Entropy (8bit): | 7.352974342178997 |
| Encrypted: | false |
| SSDEEP: | 768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7 |
| MD5: | 7CDFFC23FB85AD5737452762FA36AAA0 |
| SHA1: | CFBC97247959B3142AFD7B6858AD37B18AFB3237 |
| SHA-256: | 68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270 |
| SHA-512: | A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 252 |
| Entropy (8bit): | 3.48087342759872 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXXt1MIae2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyfMIaRGHmD0+dAH/luWvv |
| MD5: | 69757AF3677EA8D80A2FBE44DEE7B9E4 |
| SHA1: | 26AF5881B48F0CB81F194D1D96E3658F8763467C |
| SHA-256: | 0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3 |
| SHA-512: | BDA862300BAFC407D662872F0BFB5A7F2F72FE1B7341C1439A22A70098FA50C81D450144E757087778396496777410ADCE4B11B655455BEDC3D128B80CFB472A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4326 |
| Entropy (8bit): | 7.821066198539098 |
| Encrypted: | false |
| SSDEEP: | 96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z |
| MD5: | D32E93F7782B21785424AE2BEA62B387 |
| SHA1: | 1D5589155C319E28383BC01ED722D4C2A05EF593 |
| SHA-256: | 2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478 |
| SHA-512: | 5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.4670546921349774 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XPYDxUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPYDCloGHmD0+dAH/luWvv |
| MD5: | 3D52060B74D7D448DC733FFE5B92CB52 |
| SHA1: | 3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC |
| SHA-256: | BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518 |
| SHA-512: | 952EF139A72562A528C1052F1942DAE1C0509D67654BF5E7C0602C87F90147E8EE9E251D2632BCB5B511AB2FF8A3734293D0A4E3DBD3D187F5E3C042685F9A0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5630 |
| Entropy (8bit): | 7.87271654296772 |
| Encrypted: | false |
| SSDEEP: | 96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5 |
| MD5: | 2F8998AA9CF348F1D6DE16EAB2D92070 |
| SHA1: | 85B13499937B4A584BEA0BFE60475FD4C73391B6 |
| SHA-256: | 8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580 |
| SHA-512: | F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 374 |
| Entropy (8bit): | 3.5414485333689694 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX8FaE3f8AWqlQqr++lcWimqnKOE3QepmlJ0+3FbnKfZObdADryMluxHZypo:fxnyj9AWI+acgq9GHmD0wbnKYZAH/lMf |
| MD5: | 2F7A8FE4E5046175500AFFA228F99576 |
| SHA1: | 8A3DE74981D7917E6CE1198A3C8E35C7E2100F43 |
| SHA-256: | 1495B4EC56B371148EA195D790562E5621FDBF163CDD8A5F3C119F8CA3BD2363 |
| SHA-512: | 4B8FBB692D91D88B584E46C2F01BDE0C05DCD5D2FF073D83331586FB3D201EACD777D48DB3751E534E22115AA1C3C30392D0D642B3122F21EF10E3EE6EA3BE82 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Temp\TCD901A.tmp\Text Sidebar (Annual Report Red and Black design).docx
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47296 |
| Entropy (8bit): | 6.42327948041841 |
| Encrypted: | false |
| SSDEEP: | 768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE |
| MD5: | 5A53F55DD7DA8F10A8C0E711F548B335 |
| SHA1: | 035E685927DA2FECB88DE9CAF0BECEC88BC118A7 |
| SHA-256: | 66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303 |
| SHA-512: | 095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.484503080761839 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGdQ1MecJZMlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny2dQ98MlWlzGHmD0+dAH/luWvv |
| MD5: | 1309D172F10DD53911779C89A06BBF65 |
| SHA1: | 274351A1059868E9DEB53ADF01209E6BFBDFADFB |
| SHA-256: | C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56 |
| SHA-512: | 31B38AD2D1FFF93E03BF707811F3A18AD08192F906E36178457306DDAB0C3D8D044C69DE575ECE6A4EE584800F827FB3C769F98EA650F1C208FEE84177070339 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9191 |
| Entropy (8bit): | 7.93263830735235 |
| Encrypted: | false |
| SSDEEP: | 192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA |
| MD5: | 08D3A25DD65E5E0D36ADC602AE68C77D |
| SHA1: | F23B6DDB3DA0015B1D8877796F7001CABA25EA64 |
| SHA-256: | 58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1 |
| SHA-512: | 77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 333258 |
| Entropy (8bit): | 4.654450340871081 |
| Encrypted: | false |
| SSDEEP: | 6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i |
| MD5: | 5632C4A81D2193986ACD29EADF1A2177 |
| SHA1: | E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346 |
| SHA-256: | 06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B |
| SHA-512: | 676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 328 |
| Entropy (8bit): | 3.541819892045459 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXuqRDA5McaQVTi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxny+AASZQoNGHmD0wbnKYZAH/lMZqiv |
| MD5: | C3216C3FC73A4B3FFFE7ED67153AB7B5 |
| SHA1: | F20E4D33BABE978BE6A6925964C57D6E6EF1A92E |
| SHA-256: | 7CF1D6A4F0BE5E6184F59BFB1304509F38E480B59A3B091DBDC43B052D2137CB |
| SHA-512: | D3B78BE6E7633FF943F5E34063B5EFA4AF239CD49F437227FC7575F6CC65C497B7D6F6A979EA065065BEAF257CB368560B5462542692286052B5C7E5C01755BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 260 |
| Entropy (8bit): | 3.494357416502254 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUX0XPE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPGHmD0+dAH/luWvv |
| MD5: | 6F8FE7B05855C203F6DEC5C31885DD08 |
| SHA1: | 9CC27D17B654C6205284DECA3278DA0DD0153AFF |
| SHA-256: | B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175 |
| SHA-512: | C518A243E51CB4A1E3C227F6A8A8D9532EE111D5A1C86EBBB23BD4328D92CD6A0587DF65B3B40A0BE2576D8755686D2A3A55E10444D5BB09FC4E0194DB70AFE6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6193 |
| Entropy (8bit): | 7.855499268199703 |
| Encrypted: | false |
| SSDEEP: | 192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp |
| MD5: | 031C246FFE0E2B623BBBD231E414E0D2 |
| SHA1: | A57CA6134779D54691A4EFD344BC6948E253E0BA |
| SHA-256: | 2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7 |
| SHA-512: | 6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 562113 |
| Entropy (8bit): | 7.67409707491542 |
| Encrypted: | false |
| SSDEEP: | 12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV |
| MD5: | 4A1657A3872F9A77EC257F41B8F56B3D |
| SHA1: | 4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B |
| SHA-256: | C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60 |
| SHA-512: | 7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.535736910133401 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXeAlFkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyRGymD0wbnKNAH/lMz1 |
| MD5: | 487E25E610F3FC2EEA27AB54324EA8F6 |
| SHA1: | 11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C |
| SHA-256: | 022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2 |
| SHA-512: | B8DF351E2C0EF101CF91DC02E136A3EE9C1FDB18294BECB13A29D676FBBE791A80A58A18FBDEB953BC21EC54EB7608154D401407C461ABD10ACB94CE8AD0E092 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 570901 |
| Entropy (8bit): | 7.674434888248144 |
| Encrypted: | false |
| SSDEEP: | 6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T |
| MD5: | D676DE8877ACEB43EF0ED570A2B30F0E |
| SHA1: | 6C8922697105CEC7894966C9C5553BEB64744717 |
| SHA-256: | DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01 |
| SHA-512: | F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.5459495297497368 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXvBAuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnypJymD0wbnKNAH/lMz1 |
| MD5: | 76340C3F8A0BFCEDAB48B08C57D9B559 |
| SHA1: | E1A6672681AA6F6D525B1D17A15BF4F912C4A69B |
| SHA-256: | 78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC |
| SHA-512: | 49099F040C099A0AED88E7F19338140A65472A0F95ED99DEB5FA87587E792A2D11081D59FD6A83B7EE68C164329806511E4F1B8D673BEC9074B4FF1C09E3435D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1649585 |
| Entropy (8bit): | 7.875240099125746 |
| Encrypted: | false |
| SSDEEP: | 24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65 |
| MD5: | 35200E94CEB3BB7A8B34B4E93E039023 |
| SHA1: | 5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D |
| SHA-256: | 6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD |
| SHA-512: | ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284 |
| Entropy (8bit): | 3.5552837910707304 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXtLARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygymD0wbnKNAH/lMz1 |
| MD5: | 5728F26DF04D174DE9BDFF51D0668E2A |
| SHA1: | C998DF970655E4AF9C270CC85901A563CFDBCC22 |
| SHA-256: | 979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840 |
| SHA-512: | 491B36AC6D4749F7448B9A3A6E6465E8D97FB30F33EF5019AF65660E98F4570711EFF5FC31CBB8414AD9355029610E6F93509BC4B2FB6EA79C7CB09069DE7362 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 486596 |
| Entropy (8bit): | 7.668294441507828 |
| Encrypted: | false |
| SSDEEP: | 6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L |
| MD5: | 0E37AECABDB3FDF8AAFEDB9C6D693D2F |
| SHA1: | F29254D2476DF70979F723DE38A4BF41C341AC78 |
| SHA-256: | 7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349 |
| SHA-512: | DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.535303979138867 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX3IlVARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnynG6ymD0wbnKNAH/lMz1 |
| MD5: | 35AFE8D8724F3E19EB08274906926A0B |
| SHA1: | 435B528AAF746428A01F375226C5A6A04099DF75 |
| SHA-256: | 97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35 |
| SHA-512: | ACF4F124207974CFC46A6F4EA028A38D11B5AF40E55809E5B0F6F5DABA7F6FC994D286026FAC19A0B4E2311D5E9B16B8154F8566ED786E5EF7CDBA8128FD62AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 523048 |
| Entropy (8bit): | 7.715248170753013 |
| Encrypted: | false |
| SSDEEP: | 6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N |
| MD5: | C276F590BB846309A5E30ADC35C502AD |
| SHA1: | CA6D9D6902475F0BE500B12B7204DD1864E7DD02 |
| SHA-256: | 782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58 |
| SHA-512: | B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5159096381406645 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXQIa3ARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygIaqymD0wbnKNAH/lMz1 |
| MD5: | 71CCB69AF8DD9821F463270FB8CBB285 |
| SHA1: | 8FED3EB733A74B2A57D72961F0E4CF8BCA42C851 |
| SHA-256: | 8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4 |
| SHA-512: | E62FC5BEAEC98C5FDD010FABDAA8D69237D31CA9A1C73F168B1C3ED90B6A9B95E613DEAD50EB8A5B71A7422942F13D6B5A299EB2353542811F2EF9DA7C3A15DC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 924687 |
| Entropy (8bit): | 7.824849396154325 |
| Encrypted: | false |
| SSDEEP: | 12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n |
| MD5: | 97EEC245165F2296139EF8D4D43BBB66 |
| SHA1: | 0D91B68CCB6063EB342CFCED4F21A1CE4115C209 |
| SHA-256: | 3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C |
| SHA-512: | 8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.51145753448333 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXKsWkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6svymD0wbnKNAH/lMz1 |
| MD5: | 7956D2B60E2A254A07D46BCA07D0EFF0 |
| SHA1: | AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5 |
| SHA-256: | C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E |
| SHA-512: | 668F5D0EFA2F5168172E746A6C32820E3758793CFA5DB6791DE39CB706EF7123BE641A8134134E579D3E4C77A95A0F9983F90E44C0A1CF6CDE2C4E4C7AF1ECA0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 558035 |
| Entropy (8bit): | 7.696653383430889 |
| Encrypted: | false |
| SSDEEP: | 12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA |
| MD5: | 3B5E44DDC6AE612E0346C58C2A5390E3 |
| SHA1: | 23BCF3FCB61F80C91D2CFFD8221394B1CB359C87 |
| SHA-256: | 9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2 |
| SHA-512: | 2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5361139545278144 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXeMWMluRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnycMlMymD0wbnKNAH/lMz1 |
| MD5: | 133D126F0DE2CC4B29ECE38194983265 |
| SHA1: | D8D701298D7949BE6235493925026ED405290D43 |
| SHA-256: | 08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68 |
| SHA-512: | 75D7322BE8A5EF05CAA48B754036A7A6C56399F17B1401F3F501DA5F32B60C1519F2981043A773A31458C3D9E1EF230EC60C9A60CAC6D52FFE16147E2E0A9830 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 777647 |
| Entropy (8bit): | 7.689662652914981 |
| Encrypted: | false |
| SSDEEP: | 6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d |
| MD5: | B30D2EF0FC261AECE90B62E9C5597379 |
| SHA1: | 4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3 |
| SHA-256: | BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976 |
| SHA-512: | 2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 290 |
| Entropy (8bit): | 3.5091498509646044 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX1MiDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyFdMymD0wbnKNAH/lMz1 |
| MD5: | 23D59577F4AE6C6D1527A1B8CDB9AB19 |
| SHA1: | A345D683E54D04CC0105C4BFFCEF8C6617A0093D |
| SHA-256: | 9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C |
| SHA-512: | B85027276B888548ECB8A2FC1DB1574C26FF3FCA7AF1F29CD5074EC3642F9EC62650E7D47462837607E11DCAE879B1F83DF4762CA94667AE70CBF78F8D455346 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 608122 |
| Entropy (8bit): | 7.729143855239127 |
| Encrypted: | false |
| SSDEEP: | 6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq |
| MD5: | 8BA551EEC497947FC39D1D48EC868B54 |
| SHA1: | 02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF |
| SHA-256: | DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89 |
| SHA-512: | CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.516359852766808 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXKwRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6qymD0wbnKNAH/lMz1 |
| MD5: | 960E28B1E0AB3522A8A8558C02694ECF |
| SHA1: | 8387E9FD5179A8C811CCB5878BAC305E6A166F93 |
| SHA-256: | 2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0 |
| SHA-512: | 89EA06BA7D18B0B1EA624BBC052F73366522C231BD3B51745B92CF056B445F9D655F9715CBDCD3B2D02596DB4CD189D91E2FE581F2A2AA2F6D814CD3B004950A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 976001 |
| Entropy (8bit): | 7.791956689344336 |
| Encrypted: | false |
| SSDEEP: | 24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ |
| MD5: | 9E563D44C28B9632A7CF4BD046161994 |
| SHA1: | D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11 |
| SHA-256: | 86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86 |
| SHA-512: | 8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.5270134268591966 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXa3Y1kRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyt1mymD0wbnKNAH/lMz1 |
| MD5: | 327DA4A5C757C0F1449976BE82653129 |
| SHA1: | CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71 |
| SHA-256: | 341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6 |
| SHA-512: | 9184C3FB989BB271B4B3CDBFEFC47EA8ABEB12B8904EE89797CC9823F33952BD620C061885A5C11BBC1BD3978C4B32EE806418F3F21DA74F1D2DB9817F6E167E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 966946 |
| Entropy (8bit): | 7.8785200658952 |
| Encrypted: | false |
| SSDEEP: | 24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs |
| MD5: | F03AB824395A8F1F1C4F92763E5C5CAD |
| SHA1: | A6E021918C3CEFFB6490222D37ECEED1FC435D52 |
| SHA-256: | D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD |
| SHA-512: | 0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 282 |
| Entropy (8bit): | 3.5323495192404475 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXhduDARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyxdumymD0wbnKNAH/lMz1 |
| MD5: | BD6B5A98CA4E6C5DBA57C5AD167EDD00 |
| SHA1: | CCFF7F635B31D12707DC0AC6D1191AB5C4760107 |
| SHA-256: | F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7 |
| SHA-512: | A178299461015970AF23BA3D10E43FCA5A6FB23262B0DD0C5DDE01D338B4959F222FD2DC2CC5E3815A69FDDCC3B6B4CB8EE6EC0883CE46093C6A59FF2B042BC1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1204049 |
| Entropy (8bit): | 7.92476783994848 |
| Encrypted: | false |
| SSDEEP: | 24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5 |
| MD5: | FD5BBC58056522847B3B75750603DF0C |
| SHA1: | 97313E85C0937739AF7C7FC084A10BF202AC9942 |
| SHA-256: | 44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F |
| SHA-512: | DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.5364757859412563 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXARkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnywMymD0wbnKNAH/lMz1 |
| MD5: | CD465E8DA15E26569897213CA9F6BC9C |
| SHA1: | 9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C |
| SHA-256: | D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610 |
| SHA-512: | 869A42679F96414FE01FE1D79AF7B33A0C9B598B393E57E0E4D94D68A4F2107EC58B63A532702DA96A1F2F20CE72E6E08125B38745CD960DF62FE539646EDD8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1750795 |
| Entropy (8bit): | 7.892395931401988 |
| Encrypted: | false |
| SSDEEP: | 24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc |
| MD5: | 529795E0B55926752462CBF32C14E738 |
| SHA1: | E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF |
| SHA-256: | 8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05 |
| SHA-512: | A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.528155916440219 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXcmlDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyMmloymD0wbnKNAH/lMz1 |
| MD5: | AA7B919B21FD42C457948DE1E2988CB3 |
| SHA1: | 19DA49CF5540E5840E95F4E722B54D44F3154E04 |
| SHA-256: | 5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9 |
| SHA-512: | 01D27377942F69A0F2FE240DD73A1F97BB915E19D3D716EE4296C6EF8D8933C80E4E0C02F6C9FA72E531246713364190A2F67F43EDBE12826A1529BC2A629B00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1463634 |
| Entropy (8bit): | 7.898382456989258 |
| Encrypted: | false |
| SSDEEP: | 24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/ |
| MD5: | ACBA78931B156E4AF5C4EF9E4AB3003B |
| SHA1: | 2A1F506749A046ECFB049F23EC43B429530EC489 |
| SHA-256: | 943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878 |
| SHA-512: | 2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.5286004619027067 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXOzXkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6WymD0wbnKNAH/lMz1 |
| MD5: | 40FF521ED2BA1B015F17F0B0E5D95068 |
| SHA1: | 0F29C084311084B8FDFE67855884D8EB60BDE1A6 |
| SHA-256: | CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB |
| SHA-512: | 9507E6145417AC730C284E58DC6B2063719400B395615C40D7885F78F57D55B251CB9C954D573CB8B6F073E4CEA82C0525AE90DEC68251C76A6F1B03FD9943C0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1091485 |
| Entropy (8bit): | 7.906659368807194 |
| Encrypted: | false |
| SSDEEP: | 24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ |
| MD5: | 2192871A20313BEC581B277E405C6322 |
| SHA1: | 1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085 |
| SHA-256: | A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC |
| SHA-512: | 6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 280 |
| Entropy (8bit): | 3.5301133500353727 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXp2pRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyZ2vymD0wbnKNAH/lMz1 |
| MD5: | 1C5D58A5ED3B40486BC22B254D17D1DD |
| SHA1: | 69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A |
| SHA-256: | EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055 |
| SHA-512: | 4736E4F26C6FAAB47718945BA54BD841FE8EF61F0DBA927E5C4488593757DBF09689ABC387A8A44F7C74AA69BA89BEE8EA55C87999898FEFEB232B1BA8CC7086 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2218943 |
| Entropy (8bit): | 7.942378408801199 |
| Encrypted: | false |
| SSDEEP: | 49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK |
| MD5: | EE33FDA08FBF10EF6450B875717F8887 |
| SHA1: | 7DFA77B8F4559115A6BF186EDE51727731D7107D |
| SHA-256: | 5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20 |
| SHA-512: | AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 278 |
| Entropy (8bit): | 3.544065206514744 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXCARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyy6ymD0wbnKNAH/lMz1 |
| MD5: | 06B3DDEFF905F75FA5FA5C5B70DCB938 |
| SHA1: | E441B94F0621D593DC870A27B28AC6BE3842E7DB |
| SHA-256: | 72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A |
| SHA-512: | 058792BAA633516037E7D833C8F59584BA5742E050FA918B1BEFC6F64A226AB3821B6347A729BEC2DF68BB2DFD2F8E27947F74CD4F6BDF842606B9DEDA0B75CC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3078052 |
| Entropy (8bit): | 7.954129852655753 |
| Encrypted: | false |
| SSDEEP: | 49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O |
| MD5: | CDF98D6B111CF35576343B962EA5EEC6 |
| SHA1: | D481A70EC9835B82BD6E54316BF27FAD05F13A1C |
| SHA-256: | E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734 |
| SHA-512: | 95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.5303110391598502 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXzRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnylymD0wbnKNAH/lMz1 |
| MD5: | 8D1E1991838307E4C2197ECB5BA9FA79 |
| SHA1: | 4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93 |
| SHA-256: | 4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9 |
| SHA-512: | DCDC9DB834303CC3EC8F1C94D950A104C504C588CE7631CE47E24268AABC18B1C23B6BEC3E2675E8A2A11C4D80EBF020324E0C7F985EA3A7BBC77C1101C23D01 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2924237 |
| Entropy (8bit): | 7.970803022812704 |
| Encrypted: | false |
| SSDEEP: | 49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH |
| MD5: | 5AF1581E9E055B6E323129E4B07B1A45 |
| SHA1: | B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD |
| SHA-256: | BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98 |
| SHA-512: | 11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 286 |
| Entropy (8bit): | 3.5434534344080606 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXIc5+RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny4KcymD0wbnKNAH/lMz1 |
| MD5: | C9812793A4E94320C49C7CA054EE6AA4 |
| SHA1: | CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA |
| SHA-256: | A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC |
| SHA-512: | D28AADEDE0473C5889F3B770E8D34B20570282B154CD9301932BF90BF6205CBBB96B51027DEC6788961BAF2776439ADBF9B56542C82D89280C0BEB600DF4B633 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3611324 |
| Entropy (8bit): | 7.965784120725206 |
| Encrypted: | false |
| SSDEEP: | 49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm |
| MD5: | FB88BFB743EEA98506536FC44B053BD0 |
| SHA1: | B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537 |
| SHA-256: | 05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF |
| SHA-512: | 4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 288 |
| Entropy (8bit): | 3.5359188337181853 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUXe46x8RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyO3UymD0wbnKNAH/lMz1 |
| MD5: | 0FEA64606C519B78B7A52639FEA11492 |
| SHA1: | FC9A6D5185088318032FD212F6BDCBD1CF2FFE76 |
| SHA-256: | 60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13 |
| SHA-512: | E04102E435B8297BF33086C0AD291AD36B5B4A97A59767F9CAC181D17CFB21D3CAA3235C7CD59BB301C58169C51C05DDDF2D637214384B9CC0324DAB0BB1EF8D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 3.4699940532942914 |
| Encrypted: | false |
| SSDEEP: | 6:fxnxUXGWWYlIWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxny2WzIgN2RGHmD0wbnKYZAH+Vwv |
| MD5: | 55BA5B2974A072B131249FD9FD42EB91 |
| SHA1: | 6509F8AC0AA23F9B8F3986217190F10206A691EA |
| SHA-256: | 13FFAAFFC987BAAEF7833CD6A8994E504873290395DC2BD9B8E1D7E7E64199E7 |
| SHA-512: | 3DFB0B21D09B63AF69698252D073D51144B4E6D56C87B092F5D97CE07CBCF9C966828259C8D95944A7732549C554AE1FF363CB936CA50C889C364AA97501B558 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3465076 |
| Entropy (8bit): | 7.898517227646252 |
| Encrypted: | false |
| SSDEEP: | 98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM |
| MD5: | 8BC84DB5A3B2F8AE2940D3FB19B43787 |
| SHA1: | 3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE |
| SHA-256: | AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD |
| SHA-512: | 558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2357051 |
| Entropy (8bit): | 7.929430745829162 |
| Encrypted: | false |
| SSDEEP: | 49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX |
| MD5: | 5BDE450A4BD9EFC71C370C731E6CDF43 |
| SHA1: | 5B223FB902D06F9FCC70C37217277D1E95C8F39D |
| SHA-256: | 93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50 |
| SHA-512: | 2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276 |
| Entropy (8bit): | 3.516423078177173 |
| Encrypted: | false |
| SSDEEP: | 6:Q+sxnxUX7kARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny5ymD0wbnKNAH/lMz1 |
| MD5: | 5402138088A9CF0993C08A0CA81287B8 |
| SHA1: | D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A |
| SHA-256: | 5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137 |
| SHA-512: | F40A8704F16AB1D5DCD861355B07C7CB555934BB9DA85AACDCF869DC942A9314FFA12231F9149D28D438BE6A1A14FCAB332E54B6679E29AD001B546A0F48DE64 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28911 |
| Entropy (8bit): | 7.7784119983764715 |
| Encrypted: | false |
| SSDEEP: | 384:WnJY165YD0tPYoCKa3HueqRyzVscLk1Yj2GjcgbA8E0GftpBjE2kWTpjFLrHRN7N:X4rtPzCK6uRoljXBA8Pi62ZphL0HRA5p |
| MD5: | 6D787B1E223DB6B91B69238062CCA872 |
| SHA1: | A02F3D847D1F8973E854B89D4558413EA2E349F7 |
| SHA-256: | DA2F261C3C82E229A097A9302C8580F014BB6442825DB47C008DA097CFCE0EE4 |
| SHA-512: | 9856D88D5C63CD6EBCF26E5D7521F194FA6B6E7BF55DD2E0238457A1B760EB8FB0D573A6E85E819BF8E5BE596537E99BC8C2DCE7EC6E2809A43490CACCD44169 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31835 |
| Entropy (8bit): | 7.81952379746457 |
| Encrypted: | false |
| SSDEEP: | 768:ltJDH8NmUekomvNufaqA8Pi6x5q3KQIGu:lvINukgzP7x5mRIGu |
| MD5: | 92A819D434A8AAEA2C65F0CC2F33BB3A |
| SHA1: | 85C3F1801EFFEA1EA10A8429B0875FC30893F2C8 |
| SHA-256: | 5D13F9907AC381D19F0A7552FD6D9FC07C9BD42C0F9CE017FFF75587E1890375 |
| SHA-512: | 01339E04130E08573DF7DBDFE25D82ED1D248B8D127BB90D536ECF4A26F5554E793E51E1A1800F61790738CC386121E443E942544246C60E47E25756F0C810A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20235 |
| Entropy (8bit): | 7.61176626859621 |
| Encrypted: | false |
| SSDEEP: | 384:j3W3yGyjgbA8E0GftpBjEHvFLrHRN7pDAlI66Yv1:j3WFyAA8Pi6HVpDZ66c1 |
| MD5: | E3C64173B2F4AA7AB72E1396A9514BD8 |
| SHA1: | 774E52F7E74B90E6A520359840B0CA54B3085D88 |
| SHA-256: | 16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094 |
| SHA-512: | 7ED618578C6517ED967FB3521FD4DBED9CDFB7F7982B2B8437804786833207D246E4FCD7B85A669C305BE3B823832D2628105F01E2CF30B494172A17FC48576D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 43653 |
| Entropy (8bit): | 7.899157106666598 |
| Encrypted: | false |
| SSDEEP: | 768:+bjfeR1OOZvv439PlDe5/QzhgFSo0UEDmJwkqTA8Pi63Bsgn66w:IM3CN9ZzhFbUUwaP73BsB6w |
| MD5: | DA3380458170E60CBEA72602FDD0D955 |
| SHA1: | 1D059F8CFD69F193D363DA337C87136885018F0F |
| SHA-256: | 6F8FFB225F3B8C7ADE31A17A02F941FC534E4F7B5EE678B21CD9060282034701 |
| SHA-512: | 17080110000C66DF2282FF4B8FD332467AF8CEFFA312C617E958FDFEBEE8EEA9E316201E8ABC8B30797BB6124A5CC7F649119A9C496316434B5AB23D2FBD5BB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20457 |
| Entropy (8bit): | 7.612540359660869 |
| Encrypted: | false |
| SSDEEP: | 384:KyeISBuydn5rpmp77G8E0GftpBjE/kFLrHRN7ngslI66YVj:KHISBvd5rpmFG8Pi6/6nK666j |
| MD5: | 4EFA48EC307EAF2F9B346A073C67FCFB |
| SHA1: | 76A7E1234FF29A2B18C968F89082A14C9C851A43 |
| SHA-256: | 3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2 |
| SHA-512: | 2705644D501D85A821E96732776F61641FE82820FD6A39FFAF54A45AD126C886DC36C1398CDBDBB5FE282D9B09D27F9BFE7F26A646F926DA55DFF28E61FBD696 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22149 |
| Entropy (8bit): | 7.659898883631361 |
| Encrypted: | false |
| SSDEEP: | 384:b98FG/zdCbf7BOEawSi8E0GftpBjEPTFPxFLrHRN7S5ll7PK/pA2:N/zAbDae8Pi6PFPSRIA2 |
| MD5: | 66C5199CF4FB18BD4F9F3F2CCB074007 |
| SHA1: | BA9D8765FFC938549CC19B69B3BF5E6522FB062E |
| SHA-256: | 4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F |
| SHA-512: | 94C434A131CDE47CB64BCD2FB8AF442482F8ECFA63D958C832ECA935DEB10D360034EF497E2EBB720C72B4C1D7A1130A64811D362054E1D52A441B91C46034B0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31482 |
| Entropy (8bit): | 7.808057272318224 |
| Encrypted: | false |
| SSDEEP: | 768:LgHv7aLOcoLGQ4EykdrHwLa+A8Pi6Iv8ACIa:LwvWyx4EykdTwLaWP7I0ACIa |
| MD5: | F10DF902980F1D5BEEA96B2C668408A7 |
| SHA1: | 92D341581B9E24284B7C29E5623F8028DBBAAFE9 |
| SHA-256: | E0100320A4F63E07C77138A89EA24A1CBD69784A89FE3BF83E35576114B4CE02 |
| SHA-512: | 00A8FBCD17D791289AC8F12DC3C404B0AFD240278492DF74D2C5F37609B11D91A26D737BE95D3FE01CDBC25EEDC6DA0C2D63A2CCC4AB208D6E054014083365FB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34816 |
| Entropy (8bit): | 7.840826397575377 |
| Encrypted: | false |
| SSDEEP: | 768:i3R9VYnIYfPYmqX0CnF1SRHVnLG8Pi61YbEIFO:ih9VjYfPYlk+F1SJxP71YbEIFO |
| MD5: | 62863124CDCDA135ECC0E722782CB888 |
| SHA1: | 2543B8A9D3B2304BB73D2ADBEC60DB040B732055 |
| SHA-256: | 23CCFB7206A8F77A13080998EC6EF95B59B3C3E12B72B2D2AD4E53B0B26BB8C3 |
| SHA-512: | 2734D1119DC14B7DFB417F217867EF8CE8E73D69C332587278C0896B91247A40C289426A1A53F1796CCB42190001273D35525FCEA8BA2932A69A581972A1EF00 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22008 |
| Entropy (8bit): | 7.662386258803613 |
| Encrypted: | false |
| SSDEEP: | 384:M7FUtfIdqSHQs7G8E0GftpBjED/C4RQrFLrHRN7TT8DlvQyUTL2mH:sWgdqR2G8Pi6D6YQZTTMvU+mH |
| MD5: | ABBF10CEE9480E41D81277E9538F98CB |
| SHA1: | F4EA53D180C95E78CC1DA88CD63F4C099BF0512C |
| SHA-256: | 557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957 |
| SHA-512: | 9430DAACF3CA67A18813ECD842BE80155FD2DE0D55B7CD16560F4AAEFDA781C3E4B714D850D367259CAAB28A3BF841A5CB42140B19CFE04AC3C23C358CA87FFB |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 23597 |
| Entropy (8bit): | 7.692965575678876 |
| Encrypted: | false |
| SSDEEP: | 384:y6aR//q0bJi/Uj+957G8E0GftpBj/4YOFLrHRN7LxhKll7PK/ph:y6I/Li/UjmVG8PiZ4YsLxh6Ih |
| MD5: | 7C645EC505982FE529D0E5035B378FFC |
| SHA1: | 1488ED81B350938D68A47C7F0BCE8D91FB1673E2 |
| SHA-256: | 298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D |
| SHA-512: | 9F410DA5DB24B0B72E7774B4CF4398EDF0D361B9A79FBE2736A1DDD770AFE280877F5B430E0D26147CCA0524A54EA8B41F88B771F3598C2744A7803237B314B2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 25314 |
| Entropy (8bit): | 7.729848360340861 |
| Encrypted: | false |
| SSDEEP: | 384:75V23GNhfG/YvmBqWDP7G8E0GftpBjEB1vrFLrHRN7mKll7PK/pRU0:LS/Yvc7TG8Pi6BLm6IS0 |
| MD5: | C47E3430AF813DF8B02E1CB4829DD94B |
| SHA1: | 35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC |
| SHA-256: | F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3 |
| SHA-512: | 6F8904E658EB7D04C6880F7CC3EC63FCFE31EF2C3A768F4ECF40B115314F23774DAEE66DCE9C55FAF0AD31075A3AC27C8967FD341C23C953CA28BDC120997287 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33610 |
| Entropy (8bit): | 7.8340762758330476 |
| Encrypted: | false |
| SSDEEP: | 768:IlFYcxiahedKSDNAPk5WEEfA8Pi6xnOKMRA58:2JitdKsNAM5WBDP7xOKMq58 |
| MD5: | 51804E255C573176039F4D5B55C12AB2 |
| SHA1: | A4822E5072B858A7CCA7DE948CAA7D2268F1BB4B |
| SHA-256: | 3C6F66790C543D4E9D8E0E6F476B1ACADF0A5FCDD561B8484D8DDDADFDF8134B |
| SHA-512: | 2AC8B1E433C9283377B725A03AE72374663FEC81ABBA4C049B80409819BB9613E135FCD640ED433701795BDF4D5822461D76A06859C4084E7BAE216D771BB091 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31471 |
| Entropy (8bit): | 7.818389271364328 |
| Encrypted: | false |
| SSDEEP: | 768:eNtFWk68dbr2QxbM971RqpzAA8Pi6TlHaGRA5yr:eNtEkpGSbuHAkP7TlHaGq54 |
| MD5: | 91AADBEC4171CFA8292B618492F5EF34 |
| SHA1: | A47DEB62A21056376DD8F862E1300F1E7DC69D1D |
| SHA-256: | 7E1A90CDB2BA7F03ABCB4687F0931858BF57E13552E0E4E54EC69A27325011EA |
| SHA-512: | 1978280C699F7F739CD9F6A81F2B665643BD0BE42CE815D22528F0D57C5A646FC30AAE517D4A0A374EFB8BD3C53EB9B3D129660503A82BA065679BBBB39BD8D5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31605 |
| Entropy (8bit): | 7.820497014278096 |
| Encrypted: | false |
| SSDEEP: | 384:7SpOUxgQ9gFodHZktfHa2TSmcAg76j8/xorK0JoZgbA8E0GftpBjE2PzFLrHRN7S:OngHltf7Bcp/xoB3A8Pi625D8RA54 |
| MD5: | 69EDB3BF81C99FE8A94BBA03408C5AE1 |
| SHA1: | 1AC85B369A976F35244BEEFA9C06787055C869C1 |
| SHA-256: | CEBE759BC4509700E3D23C6A5DF8D889132A60EBC92260A74947EAA1089E2789 |
| SHA-512: | BEA70229A21FBA3FD6D47A3DC5BECBA3EAA0335C08D486FAB808344BFAA2F7B24DD9A14A0F070E13A42BE45DE3FF54D32CF38B43192996D20DF4176964E81A53 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30957 |
| Entropy (8bit): | 7.808231503692675 |
| Encrypted: | false |
| SSDEEP: | 384:rKfgT03jNkAFbgUQWtxq9OGh1bBkd/1MVHb5iVOdMgbA8E0GftpBjEl8tFLrHRNF:r303jOrUQAkfhopWHbA8Pi6l8zuUIq |
| MD5: | D3C9036E4E1159E832B1B4D2E9D42BF0 |
| SHA1: | 966E04B7A8016D7FDAFE2C611957F6E946FAB1B9 |
| SHA-256: | 434576EB1A16C2D14D666A33EDDE76717C896D79F45DF56742AFD90ACB9F21CE |
| SHA-512: | D28D7F467F072985BCFCC6449AD16D528D531EB81912D4C3D956CF8936F96D474B18E7992B16D6834E9D2782470D193A17598CAB55A7F9EB0824BC3F069216B6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26944 |
| Entropy (8bit): | 7.7574645319832225 |
| Encrypted: | false |
| SSDEEP: | 384:sbUX16g8/atF4NB3TJOvqeMRD/8svIZj/OwgbA8E0GftpBjEYwFLrHRN7mYll7PY:sbhg8yY4nMZK2hA8Pi6Yum4IVR |
| MD5: | F913DD84915753042D856CEC4E5DABA5 |
| SHA1: | FB1E423C8D09388C3F0B6D44364D94D786E8CF53 |
| SHA-256: | AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578 |
| SHA-512: | C48850522C809B18208403B3E721ABEB1187F954045CE2F8C48522368171CC8FAF5F30FA44F6762AFDE130EC72284BB2E74097A35FE61F056656A27F9413C6B6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19893 |
| Entropy (8bit): | 7.592090622603185 |
| Encrypted: | false |
| SSDEEP: | 384:v3Zh3VlkpSIcgbA8E0GftpBjEmm3UFLrHRN7GYvlvQyUTL2mTAp:v31qp/A8Pi6mUqGGvU+mcp |
| MD5: | EF9CB8BDFBC08F03BEF519AD66BA642F |
| SHA1: | D98C275E9402462BF52A4D28FAF57DF0D232AF6B |
| SHA-256: | 93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E |
| SHA-512: | 4DFBDF389730370FA142DCFB6F7E1AC1C0540B5320FA55F94164C0693DB06C21E6D4A1316F0ABE51E51BCBDAB3FD33AE882D9E3CFDB4385AB4C3AF4C2536B0B3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20554 |
| Entropy (8bit): | 7.612044504501488 |
| Encrypted: | false |
| SSDEEP: | 384:zEAH676iPi8+IS5iqn7G8E0GftpBjExDxIHFLrHRN7Ke/ll7PK/pGaz6:zEhG8+ISrG8Pi6xDxCKoIGaz6 |
| MD5: | 486CBCB223B873132FFAF4B8AD0AD044 |
| SHA1: | B0EC82CD986C2AB5A51C577644DE32CFE9B12F92 |
| SHA-256: | B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616 |
| SHA-512: | 69A48BF2B1DB64348C63FC0A50B4807FB9F0175215E306E60252FFFD792B1300128E8E847A81A0E24757B5F999875DA9E662C0F0D178071DB4F9E78239109060 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31562 |
| Entropy (8bit): | 7.81640835713744 |
| Encrypted: | false |
| SSDEEP: | 384:yhsBScEWkrljntbzuMmWh7ezPnGgbA8E0GftpBjohgsRFLrHRN7ybll7PK/p:MsBScwtnBmWNeTzA8PiuWsvyDI |
| MD5: | 1D6F8E73A0662A48D332090A4C8C898F |
| SHA1: | CF9AD4F157772F5EDC0FDDEEFD9B05958B67549C |
| SHA-256: | 8077C92C66D15D7E03FBFF3A48BD9576B80F698A36A44316EABA81EE8043B673 |
| SHA-512: | 5C03A99ECD747FBC7A15F082DF08C0D26383DB781E1F70771D4970E354A962294CE11BE53BECAAD6746AB127C5B194A93B7E1B139C12E6E45423B3A509D771FC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31083 |
| Entropy (8bit): | 7.814202819173796 |
| Encrypted: | false |
| SSDEEP: | 384:0XbSq3W46TVZb5fOFo1HtZwGqtRT44hS+nyBoiuFgbA8E0GftpBjEcBFLrHRN7Ku:0XpOflfOFo1DMr/iuuA8Pi6cfKjW66b |
| MD5: | 89A9818E6658D73A73B642522FF8701F |
| SHA1: | E66C95E957B74E90B444FF16D9B270ADAB12E0F4 |
| SHA-256: | F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6 |
| SHA-512: | 321782B0B633380DA69BD7E98AA05BE7FA5D19A131294CC7C0A598A6A1A1AEF97AB1068427E4223AA30976E3C8246FF5C3C1265D4768FE9909B37F38CBC9E60D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35519 |
| Entropy (8bit): | 7.846686335981972 |
| Encrypted: | false |
| SSDEEP: | 768:2LFougzHaUdBKUsM+Z56zBjA8Pi6bo+ld8IX:MFodzHaULR9P7bo+l6IX |
| MD5: | 53EE9DA49D0B84357038ECF376838D2E |
| SHA1: | AB03F46783B2227F312187DD84DC0C517510DE20 |
| SHA-256: | 9E46B8BA0BAD6E534AF33015C86396C33C5088D3AE5389217A5E90BA68252374 |
| SHA-512: | 751300C76ECE4901801B1F9F51EACA7A758D5D4E6507E227558AAAAF8E547C3D59FA56153FEA96B6B2D7EB08C7AF2E4D5568ACE7E798D1A86CEDE363EFBECF7C |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21791 |
| Entropy (8bit): | 7.65837691872985 |
| Encrypted: | false |
| SSDEEP: | 384:PWew5RNDcvPgbA8E0GftpBjE0hsyaFLrHRN7BD9lI66YR:P3GRNDcEA8Pi60hsyABDo66g |
| MD5: | 7BF88B3CA20EB71ED453A3361908E010 |
| SHA1: | F75F86557051160507397F653D7768836E3B5655 |
| SHA-256: | E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283 |
| SHA-512: | 2C3DFB0F8913D1D8FF95A55E1A1FD58CE1F9D034268CD7BC0D2BF2DCEFEA8EF05DD62B9AFDE1F983CACADD0529538381632ADFE7195EAC19CE4143414C44DBE3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46413 |
| Entropy (8bit): | 7.9071408623961394 |
| Encrypted: | false |
| SSDEEP: | 768:WaxA0CH65GY3+fvCXCttfR8JEBrkquwDn+QV5V+vNWBatX/xG8Pi65sMuMjvU+mQ:hne65GYOfKXMSEBrBtDnzFAI4JxP75sM |
| MD5: | C455C4BC4BEC9E0DA67C4D1E53E46D5A |
| SHA1: | 7674600C387114B0F98EC925BE74E811FB25C325 |
| SHA-256: | 40E9AF9284FF07FDB75C33A11A794F5333712BAA4A6CF82FA529FBAF5AD0FED0 |
| SHA-512: | 08166F6CB3F140E4820F86918F59295CAD8B4A17240C206DCBA8B46088110BDF4E4ADBAB9F6380315AD4590CA7C8ECDC9AFAC6BD1935B17AFB411F325FE81720 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32833 |
| Entropy (8bit): | 7.825460303519308 |
| Encrypted: | false |
| SSDEEP: | 768:+0TU06CkaUYMoi//YX428RaFA8Pi6e9iA4I3w:vICTm/QorUpP7eAA4I3w |
| MD5: | 205AF51604EF96EF1E8E60212541F742 |
| SHA1: | D436FE689F8EF51FBA898454CF509DDB049C1545 |
| SHA-256: | DF3FFF163924D08517B41455F2D06788BA4E49C68337D15ECF329BE48CF7DA2D |
| SHA-512: | BCBA80ED0E36F7ABC1AEF19E6FF6EB654B9E91268E79CA8F421CB8ADD6C2B0268AD6C45E6CC06652F59235084ECDA3BA2851A38E6BCD1A0387EB3420C6EC94AC |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 31008 |
| Entropy (8bit): | 7.806058951525675 |
| Encrypted: | false |
| SSDEEP: | 768:ktH7oN/HbwiV+M+4Jc+5UrT3czi5uOHQA8Pi6DxUR/WTZIy:87sPEANXJc+eTMsuzP7DmN0ZIy |
| MD5: | E033CCBC7BA787A2F824CE0952E57D44 |
| SHA1: | EEEA573BEA217878CD9E47D7EA94E56BDAFFE22A |
| SHA-256: | D250EB1F93B43EFB7654B831B4183C9CAEC2D12D4EFEE8607FEE70B9FAB20730 |
| SHA-512: | B807B024B32E7F975AED408B77563A6B47865EECE32E8BA993502D9874B56580ECC9D9A3FEFA057FDD36FB8D519B6E184DB0593A65CC0ACF5E4ACCBEDE0F9417 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21111 |
| Entropy (8bit): | 7.6297992466897675 |
| Encrypted: | false |
| SSDEEP: | 384:wWZsOvbMZGgbA8E0GftpBjEtnFLrHRN7Dfll7PK/pirk:xZRvuzA8Pi6t9DPISk |
| MD5: | D30AD26DBB6DECA4FDD294F48EDAD55D |
| SHA1: | CA767A1B6AF72CF170C9E10438F61797E0F2E8CE |
| SHA-256: | 6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF |
| SHA-512: | 7B519F5D82BA0DA3B2EFFAD3029C7CAB63905D534F3CF1F7EA3446C42FA2130665CA7569A105C18289D65FA955C5624009C1D571E8960D2B7C52E0D8B42BE457 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22594 |
| Entropy (8bit): | 7.674816892242868 |
| Encrypted: | false |
| SSDEEP: | 384:L7d2l8FbHaaIKbtv1gDISi8E0GftpBjEZRFLrHRN74bUll7PK/pd:LUlCIOt/8Pi6Zv4bMId |
| MD5: | EE0129C7CC1AC92BBC3D6CB0F653FCAE |
| SHA1: | 4ABAA858176B349BDAB826A7C5F9F00AC5499580 |
| SHA-256: | 345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72 |
| SHA-512: | CDDABE701C8CBA5BD5D131ABB85F9241212967CE6924E34B9D78D6F43D76A8DE017E28302FF13CE800456AD6D1B5B8FFD8891A66E5BE0C1E74CF19DF9A7AD959 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21875 |
| Entropy (8bit): | 7.6559132103953305 |
| Encrypted: | false |
| SSDEEP: | 384:k73HRpZA6B3ulrnxtRT7G8E0GftpBjEdHqlFLrHRN7uhFlvQyUTL2m4c:k7XRgIkrG8Pi6dmuNvU+mp |
| MD5: | E532038762503FFA1371DF03FA2E222D |
| SHA1: | F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0 |
| SHA-256: | 5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E |
| SHA-512: | E0712B481F1991256A01C3D02ED56645F61AA46EB5DE47E5D64D5ECD20052CDA0EE7D38208B5EE982971CCA59F2717B7CAE4DFCF235B779215E7613AA5DCD976 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19288 |
| Entropy (8bit): | 7.570850633867256 |
| Encrypted: | false |
| SSDEEP: | 384:5ZII4Hf+7G8E0GftpBjCwBFLrHRN7bcClvQyUTL2mH:pG8PicgbcAvU+mH |
| MD5: | B9A6FF715719EE9DE16421AB983CA745 |
| SHA1: | 6B3F68B224020CD4BF142D7EDAAEC6B471870358 |
| SHA-256: | E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070 |
| SHA-512: | 062A765AC4602DB64D0504B79BE7380C14C143091A09F98A5E03E18747B2166BD862CE7EF55403D27B54CEB397D95BFAE3195C15D5516786FEBDAC6CD5FBF9CD |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 22340 |
| Entropy (8bit): | 7.668619892503165 |
| Encrypted: | false |
| SSDEEP: | 384:GByvLdFHny7G8E0GftpBjE8upFLrHRN778lvQyUTL2mm2y:Oy3HkG8Pi6887mvU+ma |
| MD5: | 8B29FAB506FD65C21C9CD6FE6BBBC146 |
| SHA1: | CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF |
| SHA-256: | 773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F |
| SHA-512: | AFA82CCBC0AEF9FAE4E728E4212E9C6EB2396D7330CCBE57F8979377D336B4DACF4F3BF835D04ABCEBCDB824B9A9147B4A7B5F12B8ADDADF42AB2C34A7450ADE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 21357 |
| Entropy (8bit): | 7.641082043198371 |
| Encrypted: | false |
| SSDEEP: | 384:zdx+NRrogu6fzCI7Th7G8E0GftpBjEzZq4FLrHRN7/Oll7PK/pB:/+NRrFf/G8Pi6zZb/GIB |
| MD5: | 97F5B7B7E9E1281999468A5C42CB12E7 |
| SHA1: | 99481B2FA609D1D80A9016ADAA3D37E7707A2ED1 |
| SHA-256: | 1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118 |
| SHA-512: | ACE9718D724B51FE04B900CE1D2075C0C05C80243EA68D4731A63138F3A1287776E80BD67ECB14C323C69AA1796E9D8774A3611FE835BA3CA891270DE1E7FD1F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42788 |
| Entropy (8bit): | 7.89307894056 |
| Encrypted: | false |
| SSDEEP: | 768:Hx+UzBiwDQTXgBm029ClGn4BZz6i5kIew/jG8Pi6lYJz1gH:0ZXc29eGn2n5klwjxP7l2z1gH |
| MD5: | 21A4B7B71631C2CCDA5FBBA63751F0D2 |
| SHA1: | DE65DC641D188062EF9385CC573B070AAA8BDD28 |
| SHA-256: | AE0C5A2C8377DBA613C576B1FF73F01AE8EF4A3A4A10B078B5752FB712B3776C |
| SHA-512: | 075A9E95C6EC7E358EA8942CF55EFB72AC797DEE1F1FFCD27AD60472ED38A76048D356638EF6EAC22106F94AFEE9D543B502D5E80B964471FA7419D288867D5D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 307348 |
| Entropy (8bit): | 7.996451393909308 |
| Encrypted: | true |
| SSDEEP: | 6144:7vH3uG+yiWx0eVJyORloyyDqnHefzOs81MrXLXx7:b36yiWH/LRS2CJl1 |
| MD5: | 0EBC45AA0E67CC435D0745438371F948 |
| SHA1: | 5584210C4A8B04F9C78F703734387391D6B5B347 |
| SHA-256: | 3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7 |
| SHA-512: | 31761037C723C515C1A9A404E235FE0B412222CB239B86162D17763565D0CCB010397376FB9B61B38A6AEBDD5E6857FD8383045F924AF8A83F2C9B9AF6B81407 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271273 |
| Entropy (8bit): | 7.995547668305345 |
| Encrypted: | true |
| SSDEEP: | 6144:zfdvQnJMwXse4Vradf3mrC7woyWbjKlCVC7K:zfJwJse4VrS1AK |
| MD5: | 21437897C9B88AC2CB2BB2FEF922D191 |
| SHA1: | 0CAD3D026AF2270013F67E43CB44F0568013162D |
| SHA-256: | 372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384 |
| SHA-512: | A74DA3775C19A7AF4A689FA4D920E416AB9F40A8BDA82CCF651DDB3EACBC5E932A120ABF55F855474CEBED0B0082F45D091E211AAEA6460424BFD23C2A445CC7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 295527 |
| Entropy (8bit): | 7.996203550147553 |
| Encrypted: | true |
| SSDEEP: | 6144:nwVaEqsf23c9shf6UyOGgDWDn/p3fd+zkPWnvGL3n9bQnkmVheyqtkl:MlPfW6sVEDn/pPdhWnvGL36zyyqal |
| MD5: | 9A07035EF802BF89F6ED254D0DB02AB0 |
| SHA1: | 9A48C1962B5CF1EE37FEEC861A5B51CE11091E78 |
| SHA-256: | 6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674 |
| SHA-512: | BE13D6D88C68FA16390B04130838D69CDB6169DC16AF0E198C905B22C25B345C541F8FCCD4690D88BE89383C19943B34EDC67793F5EB90A97CD6F6ECCB757F87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 276650 |
| Entropy (8bit): | 7.995561338730199 |
| Encrypted: | true |
| SSDEEP: | 6144:H2a+HFkDF8gpmMt4kzwVVqhSYO6DITxPWgJl1CFExwXyo7N:mlZgFtIVVTuDExeWuv7N |
| MD5: | 84D8F3848E7424CBE3801F9570E05018 |
| SHA1: | 71D7F2621DA8B295CE6885F8C7C81016D583C6B1 |
| SHA-256: | B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A |
| SHA-512: | E27873BFD95E464CB58B3855F2DA404858B935530CF74C7F86FF8B3FC3086C2FAEA09FA479F0CA7B04D87595ED8C4D07D104426FF92DFB31BED405FA7A017DA8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 723359 |
| Entropy (8bit): | 7.997550445816903 |
| Encrypted: | true |
| SSDEEP: | 12288:NPnBZX7wR3tMwYqNDQGnXTtfzO5U7yo6O7bLhe8yE3LLDok4a:JBMbYE7xzO5U917bLh/DL3oJa |
| MD5: | 748A53C6BDD5CE97BD54A76C7A334286 |
| SHA1: | 7DD9EEDB13AC187E375AD70F0622518662C61D9F |
| SHA-256: | 9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351 |
| SHA-512: | EC8601D1A0DBD5D79C67AF2E90FAD44BBC0B890412842BF69065A2C7CB16C12B1C5FF594135C7B67B830779645801DA20C9BE8D629B6AD8A3BA656E0598F0540 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 222992 |
| Entropy (8bit): | 7.994458910952451 |
| Encrypted: | true |
| SSDEEP: | 6144:k8/c2cF9GTLqsTmYstUdx+dwb2ooiVOfiI17zWbQ:jbzqGdpbZ/Mf3h68 |
| MD5: | 26BEAB9CCEAFE4FBF0B7C0362681A9D2 |
| SHA1: | F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601 |
| SHA-256: | 217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767 |
| SHA-512: | 2BBEA62360E21E179014045EE95C7B330A086014F582439903F960375CA7E9C0CF5C0D5BB24E94279362965CA9D6A37E6AAA6A7C5969FC1970F6C50876582BE1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 550906 |
| Entropy (8bit): | 7.998289614787931 |
| Encrypted: | true |
| SSDEEP: | 12288:N4Ar9NyDhUQM0Hk86V1YnOIxQ9e6SJbj2OjK:jAG8wa5Qw6SZ2Oj |
| MD5: | 1C12315C862A745A647DAD546EB4267E |
| SHA1: | B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6 |
| SHA-256: | 4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0 |
| SHA-512: | CA8916694D42BAC0AD38B453849958E524E9EED2343EBAA10DF7A8ACD13DF5977F91A4F2773F1E57900EF044CFA7AF8A94B3E2DCE734D7A467DBB192408BC240 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 261258 |
| Entropy (8bit): | 7.99541965268665 |
| Encrypted: | true |
| SSDEEP: | 6144:9blShNYrHNn0JU+D+kh8CIjXHWC7X0nZLC9Ge2KY/WfI:9ZSTYrtn0Sk+CIDHWC7chVKYx |
| MD5: | 65828DC7BE8BA1CE61AD7142252ACC54 |
| SHA1: | 538B186EAF960A076474A64F508B6C47B7699DD3 |
| SHA-256: | 849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF |
| SHA-512: | 8C129F26F77B4E73BF02DE8F9A9F432BB7E632EE4ABAD560A331C2A12DA9EF5840D737BFC1CE24FDCBB7EF39F30F98A00DD17F42C51216F37D0D237145B8DE15 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 230916 |
| Entropy (8bit): | 7.994759087207758 |
| Encrypted: | true |
| SSDEEP: | 6144:OTIPtMXmJWnzPS3pqnkeuJXW+FNx1a72rLiQxEBTR:750nz63/FJRFLISnp+Bt |
| MD5: | 93FA9F779520AB2D22AC4EA864B7BB34 |
| SHA1: | D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A |
| SHA-256: | 6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833 |
| SHA-512: | AA91B4565C88E5DA0CF294DC4A2C91EAEB6D81DCA96069DB032412E1946212A13C3580F5C0143DD28B33F4849D2C2DF2214CE1E20598D634E78663D20F03C4E6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 698244 |
| Entropy (8bit): | 7.997838239368002 |
| Encrypted: | true |
| SSDEEP: | 12288:bUfKzAwwP7XAMWtr4FvMRt4lX0hnBdThiSb32+TdysrQgn7v4EemC6:sr7AMkJ34xu1bm4ZrQaY6 |
| MD5: | E29CE2663A56A1444EAA3732FFB82940 |
| SHA1: | 767A14B51BE74D443B5A3FEFF4D870C61CB76501 |
| SHA-256: | 3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE |
| SHA-512: | 6BC420F3A69E03D01A955570DC0656C83C9E842C99CF7B429122E612E1E54875C61063843D8A24DB7EC2035626F02DDABF6D84FC3902184C1EFF3583DBB4D3D8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 640684 |
| Entropy (8bit): | 7.99860205353102 |
| Encrypted: | true |
| SSDEEP: | 12288:eV7ivfl+kbkIrWu+2aoRjwv/cSUWauGPo2v65s4QqcT3ZCCz6CSj8aC:fdhr1+3y4MWaC2CO4V+3ZCCDsO |
| MD5: | F93364EEC6C4FFA5768DE545A2C34F07 |
| SHA1: | 166398552F6B7F4509732E148F93E207DD60420B |
| SHA-256: | 296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899 |
| SHA-512: | 4F0965B4C5F543B857D9A44C7A125DDD3E8B74837A0FDD80C1FDC841BF22FC4CE4ADB83ACA8AA65A64F8AE6D764FA7B45B58556F44CFCE92BFAC43762A3BC5F4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1065873 |
| Entropy (8bit): | 7.998277814657051 |
| Encrypted: | true |
| SSDEEP: | 24576:qehtHA3nsAOx7yN7THwxdGpkw8R60aTcua5U4c:hhmnsBMNAxdGpV5za5Uv |
| MD5: | E1101CCA6E3FEDB28B57AF4C41B50D37 |
| SHA1: | 990421B1D858B756E6695B004B26CDCCAE478C23 |
| SHA-256: | 69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E |
| SHA-512: | B1EDEA65B6D0705A298BFF85FC894A11C1F86B43FAC3C2149D0BD4A13EDCD744AF337957CBC21A33AB7A948C11EA9F389F3A896B6B1423A504E7028C71300C44 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1310275 |
| Entropy (8bit): | 7.9985829899274385 |
| Encrypted: | true |
| SSDEEP: | 24576:NN3M9UHpHZE4aubaPubP3M6d71FdtmFAjq+54/79LVzG+VnS:NN3M9UJHZE4abPyU4JtmFCq+q/7JlVS |
| MD5: | 9C9F49A47222C18025CC25575337A965 |
| SHA1: | E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0 |
| SHA-256: | ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A |
| SHA-512: | 9FDCBAB988CBE97BFD931B727D31BA6B8ECF795D0679A714B9AFBC2C26E7DCF529E7A51289C7A1AE7EF04F4A923C2D7966D5AF7C0BC766DCD0FCA90251576794 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1881952 |
| Entropy (8bit): | 7.999066394602922 |
| Encrypted: | true |
| SSDEEP: | 49152:6Wp9u/ZAvKz7ZFCejPiSmYXKIr6kBwBUA:6W6Bn7ZFNiiKo2l |
| MD5: | 53C5F45B22E133B28D4BD3B5A350FDBD |
| SHA1: | D180CFB1438D27F76E1919DA3E84F307CB83434F |
| SHA-256: | 8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273 |
| SHA-512: | 46AD3DA58C63CA62FCFC4FAF9A7B5B320F4898A1E84EEF4DE16E0C0843BAFE078982FC9F78C5AC6511740B35382400B5F7AC3AE99BB52E32AD9639437DB481D1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 953453 |
| Entropy (8bit): | 7.99899040756787 |
| Encrypted: | true |
| SSDEEP: | 24576:9B1Onw3vg7aeYPagzbJ5Vhv6LnV2Dhl7GEYqVjcyd:vww3o7BYPJbJ5Vh6UCqZfd |
| MD5: | D4EAC009E9E7B64B8B001AE82B8102FA |
| SHA1: | D8D166494D5813DB20EA1231DA4B1F8A9B312119 |
| SHA-256: | 8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D |
| SHA-512: | 561653F9920661027D006E7DEF7FB27DE23B934E4860E0DF78C97D183B7CEBD9DCE0D395E2018EEF1C02FC6818A179A661E18A2C26C4180AFEE5EF4F9C9C6035 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1097591 |
| Entropy (8bit): | 7.99825462915052 |
| Encrypted: | true |
| SSDEEP: | 24576:UE9BMy98gA4cDWHkSrDans3MfEE6w8OaVuCibol0j41dwD:UE9Bdy3D4keQWt7w85VuVoaj4/Q |
| MD5: | BF95E967E7D1CEC8EFE426BC0127D3DE |
| SHA1: | BA44C5500A36D748A9A60A23DB47116D37FD61BC |
| SHA-256: | 4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26 |
| SHA-512: | 0697E394ABAC429B00C3A4F8DB9F509E5D45FF91F3C2AF2C2A330D465825F058778C06B129865B6107A0731762AD73777389BB0E319B53E6B28C363232FA2CE8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2591108 |
| Entropy (8bit): | 7.999030891647433 |
| Encrypted: | true |
| SSDEEP: | 49152:ZSBBeAefkpB5iXfQJgi7JBaCCRZ3cM2VDHkvSJO6qzI1tE9Rn:EBI6gbCkMPDHKSJO6qsP6n |
| MD5: | BEB12A0464D096CA33BAEA4352CE800F |
| SHA1: | F678D650B4A41676BA05C836D462F34BDC5BF648 |
| SHA-256: | A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA |
| SHA-512: | B6E7CCD1ECBB9A49FC72E40771725825DAF41DDB2FF8EA4ECCE18B8FA1A59D3B2C474ADD055F30DA58C7E833A6E6555EBB77CCC324B61CA337187B4B41F7008B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2527736 |
| Entropy (8bit): | 7.992272975565323 |
| Encrypted: | true |
| SSDEEP: | 49152:NFXdpz4d98p/q5jA4q+9Uf5kx6wHR8WfPJZVhWzH4dRze76YP9nJ7yyAInT76nSY:NFXdKx5sM9SmxHKexZVhutJJVpCSqa0Z |
| MD5: | F256ACA509B4C6C0144D278C7036B0A8 |
| SHA1: | 93F6106D0759AFD0061F73B876AA9CAB05AA8EF6 |
| SHA-256: | AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67 |
| SHA-512: | 08C57661F8CC9B547BBE42B4A5F8072B979E93346679ADE23CA685C0085F7BC14C26707B3D3C02F124359EBB640816E13763C7546FF095C96D2BB090320F3A95 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3256855 |
| Entropy (8bit): | 7.996842935632312 |
| Encrypted: | true |
| SSDEEP: | 98304:wh7I1aeH9YvgK+A+a7GiiQzP4YZDpQ2+Sd6Y:w21ay93aypQzzhpBL/ |
| MD5: | 8867BDF5FC754DA9DA6F5BA341334595 |
| SHA1: | 5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9 |
| SHA-256: | 42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58 |
| SHA-512: | 93421D7FE305D27E7E2FD8521A8B328063CD22FE4DE67CCCF5D3B8F0258EF28027195C53062D179CD2EBA3A7E6F6A34A7A29297D4AF57650AA6DD19D1EF8413D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3417042 |
| Entropy (8bit): | 7.997652455069165 |
| Encrypted: | true |
| SSDEEP: | 98304:1YYkj2mRz6vkkB15AW4QD0ms+FdniD60bDUpS:qYkj7d6vP7NZDLn+PM8 |
| MD5: | 749C3615E54C8E6875518CFD84E5A1B2 |
| SHA1: | 64D51EB1156E850ECA706B00961C8B101F5AC2FC |
| SHA-256: | F2D2DF37366F8E49106980377D2448080879027C380D90D5A25DA3BDAD771F8C |
| SHA-512: | A5F591BA5C31513BD52BBFC5C6CAA79C036C7B50A55C4FDF96C84D311CCDCF1341F1665F1DA436D3744094280F98660481DCA4AA30BCEB3A7FCCB2A62412DC99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1766185 |
| Entropy (8bit): | 7.9991290831091115 |
| Encrypted: | true |
| SSDEEP: | 24576:O/gjMj+RP9Q07h9F75a0BXjBccHMVk2Hq2SkGa0QglyZtxmdPP2LcSUtfgfp16Yx:kJ6RP9Q07/X5V7yVF0QgktxAPutUt0zP |
| MD5: | 828F96031F40BF8EBCB5E52AAEEB7E4C |
| SHA1: | CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2 |
| SHA-256: | 640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7 |
| SHA-512: | 61F6355FF4D984931E79624394CCCA217054AE0F61B9AF1A1EDED5ACCA3D6FEF8940E338C313BE63FC766E6E7161CAFA0C8AE44AD4E0BE26C22FF17E2E6ABAF7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 46592 |
| Entropy (8bit): | 7.762028754865989 |
| Encrypted: | false |
| SSDEEP: | 768:r3zqmF7r+NdSD4NQ66j1e2SDYLCxNupaEzuWIOmcyyDxyyFIjYQlv:r3zBF7redSDsQ665e2/hXuWIOmcR9Fkv |
| MD5: | AC3CCF6BA86342240E944AA061B931CB |
| SHA1: | 596638C40034FCCE285FB70CDB0D9492C274C46D |
| SHA-256: | 84D65103661E6329381D8B2FB304B1630803CD9862DAC6879EEC8B27272075FA |
| SHA-512: | 78D70451FEEA44365154475DD21983E7D795BE09D6CAB628CA5EC86EFC97C510D883BF84632681C6AA77C4DC21E811A0C53DE6BCBD031B77A0BBD73262C161EA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:KVC+cAmltV:KVC+cR |
| MD5: | 9C7132B2A8CABF27097749F4D8447635 |
| SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
| SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
| SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32768 |
| Entropy (8bit): | 2.595033055453035 |
| Encrypted: | false |
| SSDEEP: | 192:QfjeMtUtjLwsxQoaZe4jTQypXq+XIuHb:QyMtUtjss+tTQNU7 |
| MD5: | C027A2D6E5D2C7EAD700A5B6710C63AE |
| SHA1: | B2D2008CD06AF5661E8B35FFACC25A23FBB50DA5 |
| SHA-256: | 2B7505C76001BF93B4A3BFE587A4BA41E9DAF3F28E3B93ECEE4D249B027F9300 |
| SHA-512: | B2707FAAEABDEAB374A2BFCF73B37CD57045709F3959C6C6C1782E40755E85321F5FCEC9CBEDE89F502790AD11DAC5EDFC3E2606CF4F2E46F435B4AE561083A2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 6.04540664152549 |
| Encrypted: | false |
| SSDEEP: | 96:p6ofjoiqwXSlkhrZh7CoGGEkQPjERyujjIxQefaZe4jTQTiXT90QXqn+XvQuN6:5fjeMtUtjLwsxQoaZe4jTQypXq+XIu |
| MD5: | 7E493D3A25AA5F9BD63FA1E34011451E |
| SHA1: | 2E257E003D8561A4D11B1F7759EA935BDAED117B |
| SHA-256: | 1464E2A66EEDFDB849F6443169AA86CCA80BDD65BE92F21686654F48F9B0FBD4 |
| SHA-512: | 6E1CB85B7814E0672B3512D6B7BC420F8E80FCA92C4433F240483CF569BC1AE9EB1BDF757EF3893BA435222AA0E3E88CE249AA5A4DC44D1F9A9FD86E8C4F324F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 6.047059186506688 |
| Encrypted: | false |
| SSDEEP: | 96:4pofjoiAOPRlkhrZh7CoGGEkQPjERyujjIxQefaZe4jTQTiXT9/QXqnbXvQ+gZ:FfjOqMtUtjLwsxQoaZe4jTQyqXqbXI+ |
| MD5: | F41AED9AA4D18C4B3144D7C5662C0AF4 |
| SHA1: | B793B4F91C8FA20A0C151AA4E244390EA3C9B1D4 |
| SHA-256: | 9ACFAC7884099389350AF53499BE011D5F1D2BAAD9C2E46CD7EED6370D764003 |
| SHA-512: | 45F012DE8D8D253FE4BB5BFB2C789224D2C2F99CA2EF50DA514FDD95591668F83926A90061054A04D7ACF0339D9C2355375FBA58B2B3AE5B36CFBC2C9B649DEE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 1.2389205950315936 |
| Encrypted: | false |
| SSDEEP: | 3:Mfz1:M |
| MD5: | 9645CDEFB6FB0AC416F8DC2F2CA5A585 |
| SHA1: | CF0694596B2422E58C080919594454671C2E0401 |
| SHA-256: | F7B415677A6D8347CC781ED7C5BFCAD20386F8801EC1ABFD308B709F6391A5BF |
| SHA-512: | 3E6560DA960B13D10FC00DFA5B1AC5DF5BAFC5B75BB61DC57BACD15DFE691E4F1B5B8301DD8DBA318BEAAD699E918EE1CED7F23A454207F6B2F50C309DD31178 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 48 |
| Entropy (8bit): | 4.560769595330945 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm/0NlJEBin:HRYFVm/4n |
| MD5: | BB63380055628601A9AEA443F8D27A96 |
| SHA1: | 072F3CC7BA9AD9B01AAE83208834D8CE5A8C3BD6 |
| SHA-256: | FF6C0497A5B3AD89A33D28B11813E209F92FA42E5676570D1402E73846C76A6E |
| SHA-512: | 753563CB07524EEE9703AAD4EA0C7E881B157CA8F9374BAAD7BC06EF66045798359EC3CE7E9EFE25AA72FE5CDEEFF03CC1803D65B72EEAFB8EE0DFFFDC526F34 |
| Malicious: | true |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1164 |
| Entropy (8bit): | 4.685876475628173 |
| Encrypted: | false |
| SSDEEP: | 12:89C4UlGI7fglCICH28bd/+Q1d0/Yp0LwUTXjXu178l+EjAArHSuT1lilG3mNfBdI:89aGygMbdV6QpWwQAAmuTqTFvqyFm |
| MD5: | 364689C33215654B8948A71DFB5B8030 |
| SHA1: | 1D53DC2CE4E695323CE95CA7F1D63FF7991EA77C |
| SHA-256: | 6451B9F2C6A598C74E164A8D66500D32D6A5DEECC908CF81F06600119101E338 |
| SHA-512: | CDF99CA520372F7EDAA97EABB7213DCC3D45B7DD6D56B0C422EAD9766014AA7D2860371EBD891D36B68A3E6867C65442EA519D827C149A6B5DCFD6B199B2EA20 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 58 |
| Entropy (8bit): | 4.659981970035089 |
| Encrypted: | false |
| SSDEEP: | 3:bDThQuJgTPXWVjobJlv:beGgTPmVjy |
| MD5: | 8A0C0BF3FAE3676AB51D99CE01ADF22B |
| SHA1: | AD8F3D7BC7C6339EA8BD4FD3701912EFA13921FF |
| SHA-256: | 487683FD2D28C006086DA54C1FA01B8EC92CBA06DB16AB721954B4B0AA4E0E0A |
| SHA-512: | BAD00BCABD349B754F67368E7B4BEBD124E009237DCF53ED6ACC9372EE4E6F1F140D17E17D7DA26D5088783CC4F72B1850C796D138AF9D472DD704408276BE54 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 42 |
| Entropy (8bit): | 4.269430292808995 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm/0NlJKn:HRYFVm/b |
| MD5: | E8A2696BE9E9186349D5F366CA3E4E63 |
| SHA1: | F42FFC7B900D64E3A6EB8DD836F5B1FD93A45FCB |
| SHA-256: | F96CAF22D06DE7F638FBE49201F2AD658724A88A9F0EA5077DD505846FC7F626 |
| SHA-512: | 41F89CCD58AAED407CDBE0932CFCBAD51304D74388B9D91923E3FEDE61E6A744B7D9E10C9051AAB5AB72D69AB009017D1C0810AB874A86A8293110CFEA33377F |
| Malicious: | true |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 562113 |
| Entropy (8bit): | 7.67409707491542 |
| Encrypted: | false |
| SSDEEP: | 12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV |
| MD5: | 4A1657A3872F9A77EC257F41B8F56B3D |
| SHA1: | 4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B |
| SHA-256: | C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60 |
| SHA-512: | 7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1649585 |
| Entropy (8bit): | 7.875240099125746 |
| Encrypted: | false |
| SSDEEP: | 24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65 |
| MD5: | 35200E94CEB3BB7A8B34B4E93E039023 |
| SHA1: | 5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D |
| SHA-256: | 6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD |
| SHA-512: | ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 558035 |
| Entropy (8bit): | 7.696653383430889 |
| Encrypted: | false |
| SSDEEP: | 12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA |
| MD5: | 3B5E44DDC6AE612E0346C58C2A5390E3 |
| SHA1: | 23BCF3FCB61F80C91D2CFFD8221394B1CB359C87 |
| SHA-256: | 9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2 |
| SHA-512: | 2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 570901 |
| Entropy (8bit): | 7.674434888248144 |
| Encrypted: | false |
| SSDEEP: | 6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T |
| MD5: | D676DE8877ACEB43EF0ED570A2B30F0E |
| SHA1: | 6C8922697105CEC7894966C9C5553BEB64744717 |
| SHA-256: | DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01 |
| SHA-512: | F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 523048 |
| Entropy (8bit): | 7.715248170753013 |
| Encrypted: | false |
| SSDEEP: | 6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N |
| MD5: | C276F590BB846309A5E30ADC35C502AD |
| SHA1: | CA6D9D6902475F0BE500B12B7204DD1864E7DD02 |
| SHA-256: | 782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58 |
| SHA-512: | B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3078052 |
| Entropy (8bit): | 7.954129852655753 |
| Encrypted: | false |
| SSDEEP: | 49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O |
| MD5: | CDF98D6B111CF35576343B962EA5EEC6 |
| SHA1: | D481A70EC9835B82BD6E54316BF27FAD05F13A1C |
| SHA-256: | E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734 |
| SHA-512: | 95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 777647 |
| Entropy (8bit): | 7.689662652914981 |
| Encrypted: | false |
| SSDEEP: | 6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d |
| MD5: | B30D2EF0FC261AECE90B62E9C5597379 |
| SHA1: | 4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3 |
| SHA-256: | BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976 |
| SHA-512: | 2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 924687 |
| Entropy (8bit): | 7.824849396154325 |
| Encrypted: | false |
| SSDEEP: | 12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n |
| MD5: | 97EEC245165F2296139EF8D4D43BBB66 |
| SHA1: | 0D91B68CCB6063EB342CFCED4F21A1CE4115C209 |
| SHA-256: | 3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C |
| SHA-512: | 8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 966946 |
| Entropy (8bit): | 7.8785200658952 |
| Encrypted: | false |
| SSDEEP: | 24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs |
| MD5: | F03AB824395A8F1F1C4F92763E5C5CAD |
| SHA1: | A6E021918C3CEFFB6490222D37ECEED1FC435D52 |
| SHA-256: | D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD |
| SHA-512: | 0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1204049 |
| Entropy (8bit): | 7.92476783994848 |
| Encrypted: | false |
| SSDEEP: | 24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5 |
| MD5: | FD5BBC58056522847B3B75750603DF0C |
| SHA1: | 97313E85C0937739AF7C7FC084A10BF202AC9942 |
| SHA-256: | 44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F |
| SHA-512: | DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 486596 |
| Entropy (8bit): | 7.668294441507828 |
| Encrypted: | false |
| SSDEEP: | 6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L |
| MD5: | 0E37AECABDB3FDF8AAFEDB9C6D693D2F |
| SHA1: | F29254D2476DF70979F723DE38A4BF41C341AC78 |
| SHA-256: | 7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349 |
| SHA-512: | DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 976001 |
| Entropy (8bit): | 7.791956689344336 |
| Encrypted: | false |
| SSDEEP: | 24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ |
| MD5: | 9E563D44C28B9632A7CF4BD046161994 |
| SHA1: | D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11 |
| SHA-256: | 86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86 |
| SHA-512: | 8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1463634 |
| Entropy (8bit): | 7.898382456989258 |
| Encrypted: | false |
| SSDEEP: | 24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/ |
| MD5: | ACBA78931B156E4AF5C4EF9E4AB3003B |
| SHA1: | 2A1F506749A046ECFB049F23EC43B429530EC489 |
| SHA-256: | 943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878 |
| SHA-512: | 2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2218943 |
| Entropy (8bit): | 7.942378408801199 |
| Encrypted: | false |
| SSDEEP: | 49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK |
| MD5: | EE33FDA08FBF10EF6450B875717F8887 |
| SHA1: | 7DFA77B8F4559115A6BF186EDE51727731D7107D |
| SHA-256: | 5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20 |
| SHA-512: | AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1750795 |
| Entropy (8bit): | 7.892395931401988 |
| Encrypted: | false |
| SSDEEP: | 24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc |
| MD5: | 529795E0B55926752462CBF32C14E738 |
| SHA1: | E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF |
| SHA-256: | 8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05 |
| SHA-512: | A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2924237 |
| Entropy (8bit): | 7.970803022812704 |
| Encrypted: | false |
| SSDEEP: | 49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH |
| MD5: | 5AF1581E9E055B6E323129E4B07B1A45 |
| SHA1: | B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD |
| SHA-256: | BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98 |
| SHA-512: | 11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2357051 |
| Entropy (8bit): | 7.929430745829162 |
| Encrypted: | false |
| SSDEEP: | 49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX |
| MD5: | 5BDE450A4BD9EFC71C370C731E6CDF43 |
| SHA1: | 5B223FB902D06F9FCC70C37217277D1E95C8F39D |
| SHA-256: | 93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50 |
| SHA-512: | 2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3611324 |
| Entropy (8bit): | 7.965784120725206 |
| Encrypted: | false |
| SSDEEP: | 49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm |
| MD5: | FB88BFB743EEA98506536FC44B053BD0 |
| SHA1: | B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537 |
| SHA-256: | 05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF |
| SHA-512: | 4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1091485 |
| Entropy (8bit): | 7.906659368807194 |
| Encrypted: | false |
| SSDEEP: | 24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ |
| MD5: | 2192871A20313BEC581B277E405C6322 |
| SHA1: | 1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085 |
| SHA-256: | A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC |
| SHA-512: | 6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 608122 |
| Entropy (8bit): | 7.729143855239127 |
| Encrypted: | false |
| SSDEEP: | 6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq |
| MD5: | 8BA551EEC497947FC39D1D48EC868B54 |
| SHA1: | 02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF |
| SHA-256: | DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89 |
| SHA-512: | CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5783 |
| Entropy (8bit): | 7.88616857639663 |
| Encrypted: | false |
| SSDEEP: | 96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk |
| MD5: | 8109B3C170E6C2C114164B8947F88AA1 |
| SHA1: | FC63956575842219443F4B4C07A8127FBD804C84 |
| SHA-256: | F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416 |
| SHA-512: | F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4026 |
| Entropy (8bit): | 7.809492693601857 |
| Encrypted: | false |
| SSDEEP: | 96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D |
| MD5: | 5D9BAD7ADB88CEE98C5203883261ACA1 |
| SHA1: | FBF1647FCF19BCEA6C3CF4365C797338CA282CD2 |
| SHA-256: | 8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F |
| SHA-512: | 7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4243 |
| Entropy (8bit): | 7.824383764848892 |
| Encrypted: | false |
| SSDEEP: | 96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf |
| MD5: | 7BC0A35807CD69C37A949BBD51880FF5 |
| SHA1: | B5870846F44CAD890C6EFF2F272A037DA016F0D8 |
| SHA-256: | BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA |
| SHA-512: | B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16806 |
| Entropy (8bit): | 7.9519793977093505 |
| Encrypted: | false |
| SSDEEP: | 384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H |
| MD5: | 950F3AB11CB67CC651082FEBE523AF63 |
| SHA1: | 418DE03AD2EF93D0BD29C3D7045E94D3771DACB4 |
| SHA-256: | 9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974 |
| SHA-512: | D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11380 |
| Entropy (8bit): | 7.891971054886943 |
| Encrypted: | false |
| SSDEEP: | 192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ |
| MD5: | C9F9364C659E2F0C626AC0D0BB519062 |
| SHA1: | C4036C576074819309D03BB74C188BF902D1AE00 |
| SHA-256: | 6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2 |
| SHA-512: | 173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6024 |
| Entropy (8bit): | 7.886254023824049 |
| Encrypted: | false |
| SSDEEP: | 96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd |
| MD5: | 20621E61A4C5B0FFEEC98FFB2B3BCD31 |
| SHA1: | 4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4 |
| SHA-256: | 223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7 |
| SHA-512: | BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9191 |
| Entropy (8bit): | 7.93263830735235 |
| Encrypted: | false |
| SSDEEP: | 192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA |
| MD5: | 08D3A25DD65E5E0D36ADC602AE68C77D |
| SHA1: | F23B6DDB3DA0015B1D8877796F7001CABA25EA64 |
| SHA-256: | 58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1 |
| SHA-512: | 77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4326 |
| Entropy (8bit): | 7.821066198539098 |
| Encrypted: | false |
| SSDEEP: | 96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z |
| MD5: | D32E93F7782B21785424AE2BEA62B387 |
| SHA1: | 1D5589155C319E28383BC01ED722D4C2A05EF593 |
| SHA-256: | 2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478 |
| SHA-512: | 5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7370 |
| Entropy (8bit): | 7.9204386289679745 |
| Encrypted: | false |
| SSDEEP: | 192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV |
| MD5: | 586CEBC1FAC6962F9E36388E5549FFE9 |
| SHA1: | D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E |
| SHA-256: | 1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40 |
| SHA-512: | 68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5596 |
| Entropy (8bit): | 7.875182123405584 |
| Encrypted: | false |
| SSDEEP: | 96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X |
| MD5: | CDC1493350011DB9892100E94D5592FE |
| SHA1: | 684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA |
| SHA-256: | F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548 |
| SHA-512: | 3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3683 |
| Entropy (8bit): | 7.772039166640107 |
| Encrypted: | false |
| SSDEEP: | 96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r |
| MD5: | E8308DA3D46D0BC30857243E1B7D330D |
| SHA1: | C7F8E54A63EB254C194A23137F269185E07F9D10 |
| SHA-256: | 6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4 |
| SHA-512: | 88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4888 |
| Entropy (8bit): | 7.8636569313247335 |
| Encrypted: | false |
| SSDEEP: | 96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb |
| MD5: | 0A4CA91036DC4F3CD8B6DBF18094CF25 |
| SHA1: | 6C7EED2530CD0032E9EEAB589AFBC296D106FBB9 |
| SHA-256: | E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50 |
| SHA-512: | 7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6448 |
| Entropy (8bit): | 7.897260397307811 |
| Encrypted: | false |
| SSDEEP: | 192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK |
| MD5: | 42A840DC06727E42D42C352703EC72AA |
| SHA1: | 21AAAF517AFB76BF1AF4E06134786B1716241D29 |
| SHA-256: | 02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7 |
| SHA-512: | 8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5630 |
| Entropy (8bit): | 7.87271654296772 |
| Encrypted: | false |
| SSDEEP: | 96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5 |
| MD5: | 2F8998AA9CF348F1D6DE16EAB2D92070 |
| SHA1: | 85B13499937B4A584BEA0BFE60475FD4C73391B6 |
| SHA-256: | 8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580 |
| SHA-512: | F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6193 |
| Entropy (8bit): | 7.855499268199703 |
| Encrypted: | false |
| SSDEEP: | 192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp |
| MD5: | 031C246FFE0E2B623BBBD231E414E0D2 |
| SHA1: | A57CA6134779D54691A4EFD344BC6948E253E0BA |
| SHA-256: | 2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7 |
| SHA-512: | 6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3075 |
| Entropy (8bit): | 7.716021191059687 |
| Encrypted: | false |
| SSDEEP: | 48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE |
| MD5: | 67766FF48AF205B771B53AA2FA82B4F4 |
| SHA1: | 0964F8B9DC737E954E16984A585BDC37CE143D84 |
| SHA-256: | 160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667 |
| SHA-512: | AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5151 |
| Entropy (8bit): | 7.859615916913808 |
| Encrypted: | false |
| SSDEEP: | 96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti |
| MD5: | 6C24ED9C7C868DB0D55492BB126EAFF8 |
| SHA1: | C6D96D4D298573B70CF5C714151CF87532535888 |
| SHA-256: | 48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F |
| SHA-512: | A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 333258 |
| Entropy (8bit): | 4.654450340871081 |
| Encrypted: | false |
| SSDEEP: | 6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i |
| MD5: | 5632C4A81D2193986ACD29EADF1A2177 |
| SHA1: | E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346 |
| SHA-256: | 06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B |
| SHA-512: | 676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 296658 |
| Entropy (8bit): | 5.000002997029767 |
| Encrypted: | false |
| SSDEEP: | 6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M |
| MD5: | 9AC6DE7B629A4A802A41F93DB2C49747 |
| SHA1: | 3D6E929AA1330C869D83F2BF8EBEBACD197FB367 |
| SHA-256: | 52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293 |
| SHA-512: | 5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268317 |
| Entropy (8bit): | 5.05419861997223 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9 |
| MD5: | 51D32EE5BC7AB811041F799652D26E04 |
| SHA1: | 412193006AA3EF19E0A57E16ACF86B830993024A |
| SHA-256: | 6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97 |
| SHA-512: | 5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255948 |
| Entropy (8bit): | 5.103631650117028 |
| Encrypted: | false |
| SSDEEP: | 6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW |
| MD5: | 9888A214D362470A6189DEFF775BE139 |
| SHA1: | 32B552EB3C73CD7D0D9D924C96B27A86753E0F97 |
| SHA-256: | C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7 |
| SHA-512: | 8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 251032 |
| Entropy (8bit): | 5.102652100491927 |
| Encrypted: | false |
| SSDEEP: | 6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA |
| MD5: | F425D8C274A8571B625EE66A8CE60287 |
| SHA1: | 29899E309C56F2517C7D9385ECDBB719B9E2A12B |
| SHA-256: | DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938 |
| SHA-512: | E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 284415 |
| Entropy (8bit): | 5.00549404077789 |
| Encrypted: | false |
| SSDEEP: | 6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y |
| MD5: | 33A829B4893044E1851725F4DAF20271 |
| SHA1: | DAC368749004C255FB0777E79F6E4426E12E5EC8 |
| SHA-256: | C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924 |
| SHA-512: | 41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 294178 |
| Entropy (8bit): | 4.977758311135714 |
| Encrypted: | false |
| SSDEEP: | 6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b |
| MD5: | 0C9731C90DD24ED5CA6AE283741078D0 |
| SHA1: | BDD3D7E5B0DE9240805EA53EF2EB784A4A121064 |
| SHA-256: | ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF |
| SHA-512: | A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270198 |
| Entropy (8bit): | 5.073814698282113 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We |
| MD5: | FF0E07EFF1333CDF9FC2523D323DD654 |
| SHA1: | 77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4 |
| SHA-256: | 3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5 |
| SHA-512: | B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 217137 |
| Entropy (8bit): | 5.068335381017074 |
| Encrypted: | false |
| SSDEEP: | 6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P |
| MD5: | 3BF8591E1D808BCCAD8EE2B822CC156B |
| SHA1: | 9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0 |
| SHA-256: | 7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8 |
| SHA-512: | D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 254875 |
| Entropy (8bit): | 5.003842588822783 |
| Encrypted: | false |
| SSDEEP: | 6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a |
| MD5: | 377B3E355414466F3E3861BCE1844976 |
| SHA1: | 0B639A3880ACA3FD90FA918197A669CC005E2BA4 |
| SHA-256: | 4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF |
| SHA-512: | B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 344303 |
| Entropy (8bit): | 5.023195898304535 |
| Encrypted: | false |
| SSDEEP: | 6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6 |
| MD5: | F079EC5E2CCB9CD4529673BCDFB90486 |
| SHA1: | FBA6696E6FA918F52997193168867DD3AEBE1AD6 |
| SHA-256: | 3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB |
| SHA-512: | 4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 250983 |
| Entropy (8bit): | 5.057714239438731 |
| Encrypted: | false |
| SSDEEP: | 6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP |
| MD5: | F883B260A8D67082EA895C14BF56DD56 |
| SHA1: | 7954565C1F243D46AD3B1E2F1BAF3281451FC14B |
| SHA-256: | EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353 |
| SHA-512: | D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51826 |
| Entropy (8bit): | 5.541375256745271 |
| Encrypted: | false |
| SSDEEP: | 384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu |
| MD5: | 2AB22AC99ACFA8A82742E774323C0DBD |
| SHA1: | 790F8B56DF79641E83A16E443A75A66E6AA2F244 |
| SHA-256: | BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D |
| SHA-512: | E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47296 |
| Entropy (8bit): | 6.42327948041841 |
| Encrypted: | false |
| SSDEEP: | 768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE |
| MD5: | 5A53F55DD7DA8F10A8C0E711F548B335 |
| SHA1: | 035E685927DA2FECB88DE9CAF0BECEC88BC118A7 |
| SHA-256: | 66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303 |
| SHA-512: | 095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34415 |
| Entropy (8bit): | 7.352974342178997 |
| Encrypted: | false |
| SSDEEP: | 768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7 |
| MD5: | 7CDFFC23FB85AD5737452762FA36AAA0 |
| SHA1: | CFBC97247959B3142AFD7B6858AD37B18AFB3237 |
| SHA-256: | 68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270 |
| SHA-512: | A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3465076 |
| Entropy (8bit): | 7.898517227646252 |
| Encrypted: | false |
| SSDEEP: | 98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM |
| MD5: | 8BC84DB5A3B2F8AE2940D3FB19B43787 |
| SHA1: | 3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE |
| SHA-256: | AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD |
| SHA-512: | 558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19355 |
| Entropy (8bit): | 7.467827666937501 |
| Encrypted: | false |
| SSDEEP: | 384:Jrt+BNxt/ZtNNUe/b6OdMQzw8ggFzaPWW99DM5aZ:VAxllNa8lda+QZ |
| MD5: | 80069A104D82549B6D882F4FBC362F8D |
| SHA1: | 9A525FA5A7F9DF4C5D6E57105F68F09104BAF9B4 |
| SHA-256: | 872DBB98DEE17187963A93EC4CE6A2BBD87CF9C9B218408501AAC33FD7D6C6F5 |
| SHA-512: | A8CFF864DB8AF47615600DEF242DE3D72BB23FEB5C47F8F501673FAB51D432C993213CDD6F0AC3D36DCA37648DC444A626FBE0831FCB2401057179BF3D65DAEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | modified |
| Size (bytes): | 162 |
| Entropy (8bit): | 3.6715434039693506 |
| Encrypted: | false |
| SSDEEP: | 3:KVGl/lilKlRAGl/gxlFNzaVWiQp2d2jll4zVWEYms/TuCjjn:KVy/4KDZgjewzp2WlKzwhT5jn |
| MD5: | C6B919D3A08E0DC1A1A40F13760E6509 |
| SHA1: | 40CF0CCE36155EE133CA788883C76AA606F05607 |
| SHA-256: | 8DFD2A0CB5E4A59E23BEFBFB1495467E80AA5FE12E94BF502CDB2DEFDE037563 |
| SHA-512: | 351BEE427F8D5CD254FB614CD33770EF27797A0C1E4AAD5AD98CB01EB9CA94217690CF717D7F7C1B8BD81338D5EFBF5383B9706F6B8467564365DCA49F5B0AF1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 19355 |
| Entropy (8bit): | 7.467827666937501 |
| Encrypted: | false |
| SSDEEP: | 384:Jrt+BNxt/ZtNNUe/b6OdMQzw8ggFzaPWW99DM5aZ:VAxllNa8lda+QZ |
| MD5: | 80069A104D82549B6D882F4FBC362F8D |
| SHA1: | 9A525FA5A7F9DF4C5D6E57105F68F09104BAF9B4 |
| SHA-256: | 872DBB98DEE17187963A93EC4CE6A2BBD87CF9C9B218408501AAC33FD7D6C6F5 |
| SHA-512: | A8CFF864DB8AF47615600DEF242DE3D72BB23FEB5C47F8F501673FAB51D432C993213CDD6F0AC3D36DCA37648DC444A626FBE0831FCB2401057179BF3D65DAEA |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7BSD5WTZK0XZI56W1A3X.temp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12 |
| Entropy (8bit): | 0.41381685030363374 |
| Encrypted: | false |
| SSDEEP: | 3:/l: |
| MD5: | E4A1661C2C886EBB688DEC494532431C |
| SHA1: | A2AE2A7DB83B33DC95396607258F553114C9183C |
| SHA-256: | B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5 |
| SHA-512: | EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZSD9YPUHYBI11E1BPWSS.temp
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12 |
| Entropy (8bit): | 0.41381685030363374 |
| Encrypted: | false |
| SSDEEP: | 3:/l: |
| MD5: | E4A1661C2C886EBB688DEC494532431C |
| SHA1: | A2AE2A7DB83B33DC95396607258F553114C9183C |
| SHA-256: | B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5 |
| SHA-512: | EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12 |
| Entropy (8bit): | 0.41381685030363374 |
| Encrypted: | false |
| SSDEEP: | 3:/l: |
| MD5: | E4A1661C2C886EBB688DEC494532431C |
| SHA1: | A2AE2A7DB83B33DC95396607258F553114C9183C |
| SHA-256: | B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5 |
| SHA-512: | EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms~RF389e2.TMP (copy)
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12 |
| Entropy (8bit): | 0.41381685030363374 |
| Encrypted: | false |
| SSDEEP: | 3:/l: |
| MD5: | E4A1661C2C886EBB688DEC494532431C |
| SHA1: | A2AE2A7DB83B33DC95396607258F553114C9183C |
| SHA-256: | B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5 |
| SHA-512: | EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C |
| Malicious: | false |
| Preview: |
C:\Users\user\Desktop\~$SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx
Download File
| Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 165 |
| Entropy (8bit): | 1.4377382811115937 |
| Encrypted: | false |
| SSDEEP: | 3:KVC+cAmltV:KVC+cR |
| MD5: | 9C7132B2A8CABF27097749F4D8447635 |
| SHA1: | 71D7F78718A7AFC3EAB22ED395321F6CBE2F9899 |
| SHA-256: | 7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83 |
| SHA-512: | 333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.933508040631662 |
| TrID: |
|
| File name: | SecuriteInfo.com.MSExcel.CVE_2017_0199.DDOC.exploit.32374.20351.xlsx |
| File size: | 51'200 bytes |
| MD5: | 7ecb32ab27106ae197b58938177bffe3 |
| SHA1: | 289ddfd262d770c15f1abdddae71a9159e5a40fc |
| SHA256: | b9c43834feaf98843ffe7bcd5d25829fdc00544433ccf003a19011997540996d |
| SHA512: | d220e1a510651e9532ba79ce8c196b97de3ff2ba13dbcb340867741706bbc2ca0aceb83e5ade76bb3fd854d051334ad6f50971b0c1852a754546bc2fda066c55 |
| SSDEEP: | 1536:j68FlIKAiHHlAU9snxfiOkIaKn7+4At7m:j68Fl/ArjxiOBaYn |
| TLSH: | 3433CF15B345E818D152A9BA8DD9C0DFA22ABC51EE57C70B3580777F58393C28A07B1F |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 35e58a8c0c8a85b9 |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | Microsoft Excel |
| Encrypted Document: | True |
| Contains Word Document Stream: | False |
| Contains Workbook/Book Stream: | True |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | False |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | True |
| Code Page: | 1252 |
| Author: | |
| Last Saved By: | |
| Create Time: | 2006-09-16T00:00:00Z |
| Last Saved Time: | 2024-04-25T08:56:57Z |
| Creating Application: | |
| Security: | 0 |
| Document Code Page: | 1252 |
| Thumbnail Scaling Desired: | false |
| Company: | |
| Contains Dirty Links: | false |
| Shared Document: | false |
| Changed Hyperlinks: | false |
| Application Version: | 12.0000 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
| VBA File Name: | Sheet1.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x M @ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 78 4d a3 40 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
| VBA File Name: | Sheet2.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x M s . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 78 4d c5 73 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
| VBA File Name: | Sheet3.cls |
| Stream Size: | 977 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x M . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 78 4d 95 15 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
| VBA File Name: | ThisWorkbook.cls |
| Stream Size: | 985 |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x M l . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - |
| Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 78 4d 6c 81 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 114 |
| Entropy: | 4.25248375192737 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 244 |
| Entropy: | 2.889430592781307 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 200 |
| Entropy: | 3.2503503175049815 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . . ( . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
| Stream Path: | MBD000DD4E4/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 99 |
| Entropy: | 3.631242196770981 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD000DD4E4/Package |
| CLSID: | |
| File Type: | Microsoft Excel 2007+ |
| Stream Size: | 11581 |
| Entropy: | 7.131027140746126 |
| Base64 Encoded: | True |
| Data ASCII: | P K . . . . . . . . . . ! . . o . . . L . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 a2 c8 b4 f4 6f 01 00 00 4c 05 00 00 13 00 cb 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 c7 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | MBD000DD4E5/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 380 |
| Entropy: | 5.281180082630648 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . { . / > . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . : . / . / . w . h . e . e . l . . . t . o . / . I . O . G . g . 5 . 2 . . . i k . 6 _ h ) H . k } . ` T * p { { P 2 m + x { ) n ] . . k # C . P ! 8 f N I k 2 < B _ : / 3 . . . . . . . . . . . . . . . . . . . N . i . H . I . n . M . x . r . v . z . C . y . B . w . v . W . y . K . M . a . t . 4 . m . J . O . j . Z . y . i . a . r . L . z . p . h . 4 . x . V . 3 . R . U . e . L . i . X . Z . Z . o . 8 . Q . V . D . d . p . 6 . P . |
| Data Raw: | 01 00 00 02 7b 93 a4 17 2f cc c7 3e 00 00 00 00 00 00 00 00 00 00 00 00 8a 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 86 00 00 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 77 00 68 00 65 00 65 00 6c 00 2e 00 74 00 6f 00 2f 00 49 00 4f 00 47 00 67 00 35 00 32 00 00 00 ba 69 6b a9 07 36 5f 68 d0 29 a7 ee ca c4 48 e6 1b 6b d7 7d 98 a5 c0 a4 11 60 86 54 87 2a f6 c7 70 7b |
General | |
| Stream Path: | Workbook |
| CLSID: | |
| File Type: | Applesoft BASIC program data, first line number 16 |
| Stream Size: | 25138 |
| Entropy: | 7.931734311570171 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . u X . . L j 6 x C * F r ] . S . ` . . a - . . . . . . . . . . . . . . \\ . p . . Y & . 1 0 ) s 2 . . . v . . . . ? % w . . e Q v R ( . . _ ( . . L ' . . $ . . . N . & R . R s . . w . | K . I s . b + 4 ' . . B . . . ) = a . . . . . . = . . . . O . L . . . b . U . . 7 2 P . . . 4 . . . . t P . . . . . . . . . . . . . . = . . . . ~ . 9 . ~ , N . 0 @ . . . \\ 8 . . . " . . . V . . . . P . . . . P . . . h : 1 . . . g & [ - x - . a . 9 . . . A $ S Q . 1 . . |
| Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 75 58 ea c2 c6 b0 0b de 4c b0 9d 98 6a 36 78 43 84 ff dc 2a f1 f8 46 f8 f8 a5 72 b3 5d 81 d3 8b 53 0e 92 60 1b bb cc e8 ca 9e f9 61 d0 20 8c 2d 87 00 00 00 e1 00 02 00 b0 04 c1 00 02 00 9d 2e e2 00 00 00 5c 00 70 00 13 59 ca 26 e4 0f b2 c0 95 31 30 b4 ab 29 73 32 7f 1a 05 76 08 15 ab 05 09 e6 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECT |
| CLSID: | |
| File Type: | ASCII text, with CRLF line terminators |
| Stream Size: | 529 |
| Entropy: | 5.25216525592602 |
| Base64 Encoded: | True |
| Data ASCII: | I D = " { 6 A 5 2 1 F 2 0 - F F 9 5 - 4 F D 8 - A 2 F 0 - 8 6 2 3 D 7 8 E B D 1 B } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 7 4 7 6 7 4 F E 7 4 8 2 7 8 8 2 7 |
| Data Raw: | 49 44 3d 22 7b 36 41 35 32 31 46 32 30 2d 46 46 39 35 2d 34 46 44 38 2d 41 32 46 30 2d 38 36 32 33 44 37 38 45 42 44 31 42 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
| CLSID: | |
| File Type: | data |
| Stream Size: | 104 |
| Entropy: | 3.0488640812019017 |
| Base64 Encoded: | False |
| Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
| Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
| CLSID: | |
| File Type: | data |
| Stream Size: | 2644 |
| Entropy: | 3.977860121353803 |
| Base64 Encoded: | False |
| Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
| Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
| Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
| CLSID: | |
| File Type: | data |
| Stream Size: | 553 |
| Entropy: | 6.352124234243747 |
| Base64 Encoded: | True |
| Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . h n 8 h . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . |
| Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 68 6e 38 68 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 25, 2024 20:45:09.981184959 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.090634108 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.090734959 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.090886116 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.200309992 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233524084 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233561039 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233572006 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233612061 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233627081 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.233633041 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.233655930 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.233675957 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.240503073 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.240554094 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.240704060 CEST | 49752 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.241991043 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.242034912 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.242158890 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.242471933 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.242492914 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.350032091 CEST | 80 | 49752 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.508544922 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.509434938 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.512748957 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.512762070 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.513098955 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:10.513514042 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.513659954 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:10.560113907 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.175081968 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.175173998 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.175209045 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:11.175246000 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:11.175384998 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:11.175406933 CEST | 443 | 49753 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.175425053 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:11.175443888 CEST | 49753 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:11.180742025 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.340172052 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.340308905 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.340490103 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.498848915 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.498864889 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.498877048 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.498941898 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.498959064 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.498977900 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.498996973 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499022007 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499038935 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.499083042 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.499083996 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499123096 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.499125004 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499166012 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499176025 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.499198914 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.499216080 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.499242067 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657118082 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657139063 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657176018 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657205105 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657205105 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657243967 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657259941 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657294989 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657337904 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657355070 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657380104 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657407999 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657423973 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657459974 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657543898 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657583952 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657591105 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657604933 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657634974 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657650948 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657670975 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657707930 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657716036 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657730103 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657754898 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657767057 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657789946 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657828093 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657839060 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657879114 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657891035 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657929897 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.657953978 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657982111 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.657993078 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.658009052 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.658021927 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.658050060 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.658121109 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.658162117 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.817672968 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.817688942 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.817755938 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.817789078 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.817801952 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.817815065 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.817842007 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.817868948 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.817965031 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818006992 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818150043 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818164110 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818197012 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818209887 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818348885 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818362951 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818376064 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818389893 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818393946 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818414927 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818444014 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818449020 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818486929 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818655968 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818670034 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818696976 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818722963 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818829060 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818841934 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.818869114 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.818878889 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819025993 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819040060 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819051981 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819067001 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819078922 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819148064 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819188118 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819266081 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819278955 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819305897 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819319010 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819392920 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819406033 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819417953 CEST | 80 | 49754 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:11.819431067 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819443941 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:11.819464922 CEST | 49754 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:12.472769976 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.582129955 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.582216024 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.582633972 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.691950083 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725351095 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725378036 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725388050 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725404024 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725419998 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725497961 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.725511074 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.725538969 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.725578070 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.730345011 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.731242895 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.731308937 CEST | 49756 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.737910032 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.839627981 CEST | 80 | 49756 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.847076893 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.847219944 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.847378016 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.957057953 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.990964890 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991007090 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991019964 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991024017 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991033077 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991044998 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991072893 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991072893 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991089106 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991111994 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991125107 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.991152048 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991173983 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.991477013 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.995631933 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:12.995677948 CEST | 49757 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:12.999908924 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.100769043 CEST | 80 | 49757 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.109608889 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.109672070 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.109818935 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.219075918 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252823114 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252835989 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252845049 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252855062 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252865076 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252902985 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.252907991 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252944946 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.252944946 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.252950907 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252964020 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.252996922 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.253000975 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.253040075 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.256181002 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.257494926 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.259640932 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.259691000 CEST | 49758 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.365545034 CEST | 80 | 49758 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.366847038 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.366923094 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.367027044 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.476270914 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510050058 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510096073 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510104895 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510130882 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510162115 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510171890 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510198116 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510209084 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510339975 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510351896 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510361910 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.510381937 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510395050 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.510582924 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.516386032 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.516438007 CEST | 49759 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.534188986 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.619750977 CEST | 80 | 49759 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.643416882 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.643616915 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.643961906 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.753293991 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787360907 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787409067 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787461042 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787482023 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787518978 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.787525892 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787539005 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787542105 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.787584066 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.787585020 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787599087 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.787642956 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.788181067 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.789546013 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.795021057 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.795082092 CEST | 49760 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.897663116 CEST | 80 | 49760 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.898830891 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:13.898958921 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:13.899122000 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.008438110 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043278933 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043294907 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043307066 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043323994 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043345928 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043356895 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043369055 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.043399096 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.043431044 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.043622971 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.050894022 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.051098108 CEST | 49761 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.056181908 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.152894020 CEST | 80 | 49761 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.165484905 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.165595055 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.165802956 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.277503014 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311465025 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311480045 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311582088 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311587095 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.311593056 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311633110 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.311634064 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.311696053 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.311814070 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.316678047 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.316705942 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.316807032 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.317248106 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.317259073 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.318981886 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.319032907 CEST | 49762 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.421806097 CEST | 80 | 49762 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.578974962 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.579061985 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.580303907 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.580310106 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.580584049 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:14.581734896 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:14.628125906 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.200572968 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.200669050 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.200722933 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.200754881 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.200787067 CEST | 49763 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.200793028 CEST | 443 | 49763 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.210665941 CEST | 49766 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:15.369522095 CEST | 80 | 49766 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.369599104 CEST | 49766 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:15.372701883 CEST | 49766 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:15.533734083 CEST | 80 | 49766 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.571780920 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.575428963 CEST | 49766 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:15.681276083 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.681340933 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.703602076 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.812880039 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829272032 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829293966 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829307079 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829319954 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829349041 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829360962 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829372883 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829396009 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.829422951 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.829422951 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.829435110 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.829504967 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.829520941 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.830684900 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.830724955 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.830810070 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.831286907 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.831302881 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.835073948 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:15.835134029 CEST | 49767 | 80 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:15.938781977 CEST | 80 | 49767 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.089586973 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.089658976 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.094254017 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.094281912 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.094512939 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.094578028 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.094878912 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.136162043 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.693588972 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.693658113 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.693662882 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.693722010 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.693809986 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.693847895 CEST | 443 | 49768 | 76.76.21.21 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.693998098 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.694021940 CEST | 49768 | 443 | 192.168.2.4 | 76.76.21.21 |
| Apr 25, 2024 20:45:16.695895910 CEST | 49770 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:16.854696989 CEST | 80 | 49770 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:16.854775906 CEST | 49770 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:16.855884075 CEST | 49770 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:17.019515991 CEST | 80 | 49770 | 23.95.60.77 | 192.168.2.4 |
| Apr 25, 2024 20:45:17.021213055 CEST | 49770 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:45:26.453396082 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453413963 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453432083 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.453510046 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.453542948 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453622103 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453655005 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.453696966 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453807116 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453851938 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453886032 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.453890085 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.453917980 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.453950882 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.454030037 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.454303026 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.454310894 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.454313993 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.454355001 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.454495907 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.454514980 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.455571890 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.455589056 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.456151009 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.456190109 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.795625925 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.795717955 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.795923948 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.795995951 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.797862053 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.797868967 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.798078060 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.798273087 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.798290014 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.798537970 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.798871994 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.798924923 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.799815893 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.799832106 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.800240993 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.800252914 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.800319910 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.800468922 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.801615000 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.801623106 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.801850080 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.801871061 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.801872015 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.802084923 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.802957058 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.803148031 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.803716898 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.803730011 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.804018021 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.805262089 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:26.844120026 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.844120979 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.848118067 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.848119020 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:26.848155975 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.013053894 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.013154984 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.013212919 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.013497114 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.013497114 CEST | 49784 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.013518095 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.013526917 CEST | 443 | 49784 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.016608953 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.016787052 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.016916037 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.016974926 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.017030954 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.017050028 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.017061949 CEST | 49780 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.017061949 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.017066956 CEST | 443 | 49780 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.017117977 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.017184019 CEST | 49783 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.017205954 CEST | 443 | 49783 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020050049 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020136118 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020179987 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020239115 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020240068 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.020298004 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.020407915 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.020407915 CEST | 49781 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.020432949 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.020446062 CEST | 443 | 49781 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.023806095 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.023838043 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.023916006 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.024966955 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.024982929 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.027095079 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.027189016 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.027261019 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.027436972 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.027472973 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.028001070 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.028033972 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.028091908 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.028357983 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.028373003 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.029514074 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.029536963 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.029805899 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.029962063 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.029975891 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.162699938 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.162754059 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.162888050 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.162920952 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.162930965 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.162975073 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.163028955 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.163028955 CEST | 49782 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.163064003 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.163089991 CEST | 443 | 49782 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.171232939 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.171256065 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.171364069 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.171514034 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.171521902 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.365794897 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.366206884 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.366260052 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.366661072 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367002964 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.367018938 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367211103 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367578030 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.367588997 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367800951 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.367805958 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367924929 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.367990017 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.368046045 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.368176937 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.368205070 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.368899107 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.368913889 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.368976116 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.368982077 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.512808084 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.513267040 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.513290882 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.514420986 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.514429092 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.586719036 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.587204933 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.587260962 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.587316990 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.587338924 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.587357998 CEST | 49788 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.587368011 CEST | 443 | 49788 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.591617107 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.591756105 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.591831923 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.591852903 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.591865063 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.591876984 CEST | 49786 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.591881990 CEST | 443 | 49786 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.592129946 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.592467070 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.592524052 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.592567921 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.592569113 CEST | 49787 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.592593908 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.592611074 CEST | 443 | 49787 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.649796963 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.650029898 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.650150061 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.650214911 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.650229931 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.650259972 CEST | 49789 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.650265932 CEST | 443 | 49789 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.735235929 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.735419989 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.735481024 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.735511065 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.735523939 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:45:27.735533953 CEST | 49790 | 443 | 192.168.2.4 | 13.107.213.41 |
| Apr 25, 2024 20:45:27.735538960 CEST | 443 | 49790 | 13.107.213.41 | 192.168.2.4 |
| Apr 25, 2024 20:46:23.496279001 CEST | 49766 | 80 | 192.168.2.4 | 23.95.60.77 |
| Apr 25, 2024 20:46:23.511430025 CEST | 49770 | 80 | 192.168.2.4 | 23.95.60.77 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 25, 2024 20:45:09.841886997 CEST | 63732 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 25, 2024 20:45:09.975308895 CEST | 53 | 63732 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 25, 2024 20:45:09.841886997 CEST | 192.168.2.4 | 1.1.1.1 | 0xb1ff | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 25, 2024 20:44:23.396240950 CEST | 1.1.1.1 | 192.168.2.4 | 0x2190 | No error (0) | 69.164.42.0 | A (IP address) | IN (0x0001) | false | ||
| Apr 25, 2024 20:45:09.975308895 CEST | 1.1.1.1 | 192.168.2.4 | 0xb1ff | No error (0) | 76.76.21.21 | A (IP address) | IN (0x0001) | false | ||
| Apr 25, 2024 20:45:26.452011108 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc93 | No error (0) | part-0013.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 25, 2024 20:45:26.452011108 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc93 | No error (0) | 13.107.213.41 | A (IP address) | IN (0x0001) | false | ||
| Apr 25, 2024 20:45:26.452011108 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc93 | No error (0) | 13.107.246.41 | A (IP address) | IN (0x0001) | false | ||
| Apr 25, 2024 20:45:26.624692917 CEST | 1.1.1.1 | 192.168.2.4 | 0x43d4 | No error (0) | templatesmetadata.office.net.edgekey.net | CNAME (Canonical name) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49752 | 76.76.21.21 | 80 | 7232 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Apr 25, 2024 20:45:10.090886116 CEST | 192 | OUT | |
| Apr 25, 2024 20:45:10.233524084 CEST | 47 | IN | |
| Apr 25, 2024 20:45:10.233561039 CEST | 47 | IN | |
| Apr 25, 2024 20:45:10.233572006 CEST | 7 | IN | |
| Apr 25, 2024 20:45:10.233612061 CEST | 65 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49754 | 23.95.60.77 | 80 | 7232 | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Apr 25, 2024 20:45:11.340490103 CEST | 317 | OUT | |
| Apr 25, 2024 20:45:11.498848915 CEST | 1289 | IN |