Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New Years Quiz.pptx

Overview

General Information

Sample Name:New Years Quiz.pptx
Analysis ID:778234
MD5:aaef4b88a0786189d40ef96e7c6c7dfc
SHA1:97191fc7bb61c677785d316cd8bb4a7c36f34fa4
SHA256:84108e3fdd2d9270764c51ae9e8012448173cfd82e95e6aa22365d3cf1fe97a1

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64_ra
  • POWERPNT.EXE (PID: 1004 cmdline: C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\alfredo\Desktop\New Years Quiz.pptx" /ou " MD5: 51D7379A407A1D7A5B0D1C4F61165269)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dll
Source: powerpnt.exeMemory has grown: Private usage: 2MB later: 163MB
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEFile created: C:\Users\alfredo\AppData\Local\Temp\{623894A8-1F58-4A5C-98D1-A45B3C2C368D} - OProcSessId.dat
Source: classification engineClassification label: clean0.winPPTX@1/243@0/57
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEFile created: C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\WebServiceCache
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: New Years Quiz.pptxStatic file information: File size 3698551 > 1048576
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dll
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Extra Window Memory Injection		1
Masquerading		OS Credential Dumping1
File and Directory Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Extra Window Memory Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
New Years Quiz.pptx0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.32.24
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.89.14
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.23.192.37
unknownEuropean Union
1273CWVodafoneGroupPLCEUfalse
2.16.238.28
unknownEuropean Union
20940AKAMAI-ASN1EUfalse
52.109.13.64
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.168.112.66
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.111.243.5
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
88.221.168.226
unknownEuropean Union
16625AKAMAI-ASUSfalse
2.17.100.210
unknownEuropean Union
4230CLAROSABRfalse

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:778234
Start date and time:2023-01-05 09:07:04 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:New Years Quiz.pptx
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:16
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean0.winPPTX@1/243@0/57
Cookbook Comments:
  • Found application associated with file extension: .pptx

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.32.24, 52.109.89.14, 52.113.194.132, 52.109.13.64, 88.221.168.226, 52.168.112.66, 2.17.100.210, 2.17.100.200, 2.16.238.28, 2.16.238.14
  • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdeus01.eastus.cloudapp.azure.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, e26769.b.akamaiedge.net, prod.nexusrules.live.com.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, metadata.templates.cdn.office.net, ecs.office.trafficmanager.net, nexusrules.officeapps.live.com, europe.configsvc1.live.com.akadns.net, binaries.templates.cdn.office.net
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtCreateKey calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtSetValueKey calls found.

Created / dropped Files

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (1284), with no line terminators
Category:dropped
Size (bytes):1284
Entropy (8bit):5.170594889414003
Encrypted:false
SSDEEP:
MD5:D4C8F765A71AA04279C21384706BA348
SHA1:49BBBB440E8B5F79A150D9A6884C5E620A551AF1
SHA-256:62BD85B88C58A79FD644AE6A1AFC84E6ED154C7D9E0394348A08EC03DA549D0A
SHA-512:47EE46131D92620ED05F756EE55C90A5699E76FA79A6C55CF0AE75E7102EE3E252076DDC656F049606EAFDF627881A68C127D4D264E424BD0B349938E7FC56F3
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>8</Count><Resource><Id>Broadway_26215680</Id><LAT>2023-01-05T08:07:38Z</LAT><key>27289878557.ttf</key><folder>Broadway</folder><type>4</type></Resource><Resource><Id>Gill Sans MT_26215680</Id><LAT>2023-01-05T08:08:34Z</LAT><key>31805007993.ttf</key><folder>Gill Sans MT</folder><type>4</type></Resource><Resource><Id>Tw Cen MT_26215168</Id><LAT>2023-01-05T08:08:34Z</LAT><key>29602640380.ttf</key><folder>Tw Cen MT</folder><type>4</type></Resource><Resource><Id>Tw Cen MT_26215680</Id><LAT>2023-01-05T08:08:34Z</LAT><key>35523432091.ttf</key><folder>Tw Cen MT</folder><type>4</type></Resource><Resource><Id>Rockwell_26215680</Id><LAT>2023-01-05T08:08:36Z</LAT><key>34805489950.ttf</key><folder>Rockwell</folder><type>4</type></Resource><Resource><Id>Calisto MT_26215680</Id><LAT>2023-01-05T08:08:41Z</LAT><key>30111742330.ttf</key><folder>Calisto MT</folder><type>4</type></Resource><Resource><Id>Century Schoolb

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JSON data
Category:dropped
Size (bytes):379722
Entropy (8bit):4.9088149211082355
Encrypted:false
SSDEEP:
MD5:E9FB5A0DF105C6F7F80E8B650DF56AAB
SHA1:0B7F6ADA05673F2535E61267C3CB428489ECEB55
SHA-256:A24470762A1F9F5F069C0F70EF53D693D08B7C99797935800FF294BD3B2566F3
SHA-512:65C83135CE550981ED88CB4A83127CB3C94D5C616F26B05185FCC129E5201A88EB0A1351D144E1511B50ADB388071BFCC60388FDD613EBBA5B202FFC76F7D42B
Malicious:false
Reputation:low
Preview:{"MajorVersion":4,"MinorVersion":17,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Agency FB"}],"gn":"Agency FB","id":"31150835240","p":[2,11,8,4,2,2,2,2,2,4],"sub":[],"t":"ttf","u":[3,0,0,0],"v":67502,"w":45875968},{"c":[536870913,0],"dn":"Agency FB","fs":52680,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Agency FB"}],"gn":"Agency FB","id":"29260917085","p":[2,11,5,3,2,2,2,2,

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Broadway\27289878557.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 14 tables, 1st "OS/2", 39 names, Macintosh, Data copyright \251 URW Software & Type GmbH, additional data copyright \251 The Monotype Corpor
Category:dropped
Size (bytes):54068
Entropy (8bit):6.837393037047299
Encrypted:false
SSDEEP:
MD5:FF4B052F2B0A1BD9910889E21C922948
SHA1:108386FEE49DB0AE3F26439D4952E341A5B70511
SHA-256:418160D917FFC40D113CB626C5A48175EBD30A4EBC1818BCF6E2D04E2D720DEB
SHA-512:E40DA82737416B252355E27A974670D0814C8331D0BEF0285CDB4F28D044FFF7A5B00A1D4217A2A242CA317ED4A04A1CAFC3BD064F51C0E3D9AE3903BD6380B0
Malicious:false
Reputation:low
Preview:...........`OS/2.;.....h...`cmapc.g........cvt 3.J....X....fpgm...4........glyf*;.....0....head.T.........6hhea._.N...$...$hmtx.\F.........kern.G.[...@...^loca!gJj...H....maxp.......H... name.2|2......tpost...d....... prep <.................\J.y._.<..........v.......`......1.M.................M.>...>.....1.........................p...T.......A.....9.........Z.........3.......3...&.d..............................URW .@. .........M.. ........`.h... .....3...............Y...Y.,.:.,...&.0...0...Y...f.....(.6.,.b...L.......[...=.,.6.,...,...,...,.(.,.%.,.9.,.0.,.C.,.-...[...K...J.,.`...K.m.J...Q.?.....t...7...t.[.t.8.t...7...u.L.t.......t.[.t.......`...7...t...7...t...D.......t.E.......3.......a.0...t...=...t...............0...t...0...0...0.....}.=...t...t.-.....t...t.>.t...t...0...t...0.>.t...8.v.....f.................?...,.....z.,...U...?...?.....7.[.t...`...7...t...0...0...0...0...0...0...0...0...0...0...0...t...N...........t...0...0...0...0...0...f...f...f...f.,.`...6.,...,.K.,.t.U..

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Calisto MT\30111742330.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 16 tables, 1st "OS/2", 49 names, Macintosh, Digitized data copyright (C) 1991-1997 The Monotype Corporation. All rights reserved. Calisto\25
Category:dropped
Size (bytes):72184
Entropy (8bit):6.905579645036388
Encrypted:false
SSDEEP:
MD5:4F7371BA417EACF6DD5B62E47407C82A
SHA1:EA1759A2EFA734ACD881EAF19D462AFFB2D6C031
SHA-256:6C68E9444AC0974A055FF7A2EED3E1FBE482075203AA05A9FF47336D538C01A2
SHA-512:484BE7CEBE505AA2F19258E648E73705836041D3DE888D8EAD1FEA95FE814FC625D32FE0123D0751AC03CBD6E0EC7A4FC7D8F20A6ADA4C86D6F95B13B8BEA342
Malicious:false
Reputation:low
Preview:............OS/2x..#.......`cmap...D..#.....cvt .U3..1$...<fpgm...1..&....?gasp............glyf......;L...^hdmxAt.b........head.Tn........6hhea.s.k...D...$hmtx+.A.........kernECK.........locaF^yR..9`....maxp.......h... namem..!...`...gpost.O.f....... prep......+<...........G*m!1_.<..........l!H.....`....F.h.\.................f.*.........h.........................b...^.........A............._.......+.....".+.....f.f..............................MONO.@. .....R...f.. .............. ...................?...?...V.X...I...K.?.;.j.Q...I...+...<.V...?...V.7.?...?.u...L.......0...h.......k...@...q...h...S.?...?...V...V...V.....0.V.a.+...+.2..._...0.V.(...*...Y.j.,...4...8.+.!.?...........V.`...,.V._...'.j.p.?.*.j.......V.....-.....?.X.....?.t...:...%.......w...I.......D.V.S...J.j.4.....j...?.8...t.....+.....+.j...V.M.?...+.K... ...R.j...j...........+.........>.....?.......V...+...+....._.V.(.....V.`.j.....I...I...I...I...I...I...D...J...J...J...J.?.8.?.8.?...?...j...V.M.V.M.V.M.V.M.V.M.j...j..

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Century Schoolbook\39048582419.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 18 tables, 1st "LTSH", 47 names, Macintosh, Typeface \251 The Monotype Corporation plc. Data \251 The Monotype Corporation plc / Type Soluti
Category:dropped
Size (bytes):148828
Entropy (8bit):6.965995473329857
Encrypted:false
SSDEEP:
MD5:277FE10CF3A8F3AD7F76B56E7BB2C237
SHA1:748EA8F59CC1072D5F6AC20123A165BC844A2998
SHA-256:13938B851436C6CF7A7EBC1D8C1B83B55176997CBC6C7FE9E09F8C0BE23B9C4A
SHA-512:F1294DCB946CF4FBEACAA9C0D62516032418BED2FF9D90C77F30A2A8429B8D04148A0ED022647EA013057B4AA0EBB13CA3D3B7EEC8267689D5AF394C6BB75CEC
Malicious:false
Reputation:low
Preview:........... LTSHV......|....OS/2z.p........`VDMX.&..... ...ncmap.B.7..e....Jcvt .?....v.....fpgm.<.:..k.....gasp......EL....glyf!s.........Zhdmx.}...&...?.head......,...6hhea.......d...$hmtx.........tkern.+.-..3P...vloca.G...{....<maxp........... name7=....5....bpost.6.f..E,... prephL|...ph...4......^.^p.._.<..........8.0.....`............................F...N.................................<.q.......#.;...Z.4.................3.......3.....f..............................MONO.@. .....q...... .............. ...........9...9...^.....o.s...s.....i.......k...........b...E.9.......9...9...s.e.s...s.`.s...s.m.s...s.u.s...s.|.s.v.9...9.....F...E...F...Q...........a.....9.F.....V.j.9.h...`.B.L.s...9.S.V.@..."...T.9.o.V.P.9.t...4.....V.:...6.......#...%.......J.......".................s.e.s.....=...m...W.../.L.c...+...1.^.....3...2...e...C...E...=.s.k...4...q...3...8.L...9.5.L.0.L.+...b...m...*.......I...................T.9.o...6.s.e.s.e.s.e.s.e.s.e.s.e...=...W...W...W...W...1...1...-....

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Gill Sans MT\31805007993.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1995. All rights reserved. Gill Sans\250
Category:dropped
Size (bytes):60276
Entropy (8bit):6.677529334455376
Encrypted:false
SSDEEP:
MD5:819FC8B7DAD24A4923E5A21D10CFD1DA
SHA1:89DB48291FD6DACA993DEB179D8308EA4C41E3A3
SHA-256:55ECC8624601C62D9A6EFE78DA98B93AF49BFA0025E23C09DC686C8B449AC00F
SHA-512:7AF62A9C7D4A6E744F79B314DFC014C6EAB73B987A76AAA9B941D31E7E3C40E253C00951B34F5DDD02E792629EE7D00967F94E79A091884F6F22D904812A1483
Malicious:false
Reputation:low
Preview:........... LTSH_2.D.......0OS/2r........`VDMXo.wD........cmapBh....2.....cvt -.A...>.....fpgm......6T...igasp.......d....glyf.....C....Phdmx...1......$.head.^....,...6hhea.z._...d...$hmtx..^.........kern.h.W...T....loca..d...@....Zmaxp........... name.. ........(post.i.f...D... prep..W...;................._.<..........x.......`......T.X.................o.(...V.....T.................,.....,.Q...D......./...............B.........3.......3.....f..............................MONO.@. .....).1.o.. ..........u... ...........9...9...+.....^.....V.h.h.3...;...Z.........V.#...r...N...R...f.?.....?.......F...........f...\...d...B...J...^...f...p...r...p.......n.V.........d...............h.............?.......?...?.....\.......Z.......T...#...}.....V...........+.......?.........5.j.....{.j.7...y...N...Z...T.....j.....}...u.............+.y...}.j.L...u...H.+.....T.......}.................V.....9......./...V.V...V.....d.....?.....\...}.j.7.j.7.j.7.j.7.j.7.j.7...N...T...T...T...T................

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Rockwell\22994219909.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 14 tables, 1st "OS/2", 45 names, Macintosh, Digitized data copyright (C) 1992 - 1996 The Monotype Corporation. All rights reserved. Rockwell
Category:dropped
Size (bytes):47604
Entropy (8bit):6.76349595744851
Encrypted:false
SSDEEP:
MD5:AD1D66027DA137FC2BC98CD71CAA150D
SHA1:DEF81492202C62DCD0E4F4B8FB4E3343226B44AE
SHA-256:1004A6D9595010CADE12660E559BDC5EDE0460F74FF8EFEE1181E24023EFAC52
SHA-512:6E740A9A57519C78A6DC318DEB38023E539A03620E2E8FE13A9E65BAB180B228BF0AFB75346EB3CA62BFA0DB9E8F276E4CA015B4A31C9EDC1C43F6F49ACDCAF0
Malicious:false
Reputation:low
Preview:...........`OS/2u......h...`cmap%T.\.......Lcvt ..9....0....fpgm.&.o........glyf.qoK.......Thead.G.........6hhea.o.....$...$hmtx7.A.........kern"q!....$....loca.u..........maxp.......H... name.|.l........post.6.f....... prepL}O$... ............J..__.<...........-5.....`........r.......................................................O...?.........9...n...................3.......3.....f..............................MONO.@. .....5...... .............. ...................V.D...N.X.T...?...!...=...`...d...+...3.V...V.1...7.V.D...\...H.......3...N...#...?...R...-...H...?.V.D.V.1.V...V...V.....H.......#.j./.?.N...J.+./.../.?.N.../...-......./...1...-...5.V.N.V.1.V.N...!...R.j.-...#...........!.......3.......\...-...5.......y...D...)...F...1...D...9...B...)...?.......)...).j.).../...F.......R.?.+...9.......+.?.........+.?.....5...T.7.....y.?.....#...#.?.N.+./...5.V.N...#...D...D...D...D...D...D...F...D...D...D...D...?.............../...F...F...F...F...F...+...+...+...+...5.3.....F.+.9...F...m

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Rockwell\34805489950.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 18 tables, 1st "LTSH", 45 names, Macintosh, Digitized data copyright (C) 1992 - 1997 The Monotype Corporation. Rockwell\250 is a trademark
Category:dropped
Size (bytes):64128
Entropy (8bit):6.7834746442259215
Encrypted:false
SSDEEP:
MD5:19688646462F503EEE2236317063181C
SHA1:3CE5FCADDFE60AF34D1F6AE3D8A9E60535655EFF
SHA-256:FDD9AECCBA119696D748B6D0BF743AB0F7C3D5352C25A09D2411E90E47D8893F
SHA-512:AC306A4952CAF157976E63F8A1C6CA22698B09520BEADBAF3424ADCEE157B96F380A7FD4537D6688FCBDC41AD3C54D62A07F40A3F590E7FCD9E86AFA64D37A54
Malicious:false
Reputation:low
Preview:........... LTSH............OS/2I<.........`VDMXO`g.........cmap.,.B..6p....cvt 2oB...B.....fpgm.h-@..9.....gasp.......p....glyf..-m..F....Phdmx..*....`....head..5C...,...6hhea.......d...$hmtx2fC.........kern.b..........loca.....D.....maxp.n......... name..........post.c.f...P... prep0.0...>....E........XH.v_.<............Q.....`......u.M...................,.........u.........................A...A.......#.8...%.q...............P.P...,.P.P...H.f..............................MT .@. .....8.<.... ..........o... ...................V...?...V.U.V.?.....j.?.j.Q.......9.+.C.V...V.....?.V.......V.H.V.'.V.R.V.D.V.<.V.I.V.d.V.y.V.D.V.^.V...V...V...V...V.....>...r...........W.......8.j.%.j.c...7...@.......%.+.....2.....j.f...).j.f.....?.B.....j...........?...+.....3...........;...6.......o.?.^.+.6.+.H...Z...J.V.8...H...*.V.B.V.....2.V.)...6...7...N.......J.V.-...T.j.>...5.V...+...j.$.......!...:.7.....-...1...........W...8.....j.f.j...?.^.?.^.?.^.?.^.?.^.?.^.+.H...J...J...J...J.V.B.V...V...V..

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Tw Cen MT\29602640380.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1997. All rights reserved. Twentieth Cent
Category:dropped
Size (bytes):61112
Entropy (8bit):6.651555118650965
Encrypted:false
SSDEEP:
MD5:EC30C7137295826590ED7893E7BC416A
SHA1:DE0109C7F802446DA6FDD1175A80D903D9253B5A
SHA-256:C2702C214118910040F2D4CE5AFFB1C5EBB3CE06D36350387037282C4BCA579F
SHA-512:7F0405D8C70C4793E82C1791FCD8A8EBF80213806E3E2A0C3FBB2058B000DE6AED7B13E0131972D6D17351B4BFF1D2BF7D5A77B75197A63442A6BA43B6DB35F0
Malicious:false
Reputation:low
Preview:........... LTSH.L.........-OS/2s..C.......`VDMXm.t.........cmap+..x..2.....cvt ..&5..=(....fpgm.&.o..5.....gasp. .........glyf.T.z..A ....hdmx..........$\head......,...6hhea.M.....d...$hmtx.?n4........kernF.H$... ...JlocaGAl...>....Tmaxp........... name.......l....post.i.x...... prepF.....:....B..........._.<...........<......`........V...........................z...................).....).\...6......./.9.....).......h.........3.......3.....x..............................MONO.@. ...9........ ........j..... ...........u...u.....u...^.X.Z...P.......h...\...%...+...V.V.....P...X...m.+.;...d.......L...d...d...P...h.......f...h...m...=.V...V...V.....o...u.V.d.........V...........X...V.......+.5.V.........\.V.}...................T...B.V.....;.j.N...1...;...P.....+.....D...5.......X...m.....+.h...q...u...;...s...}...y...s.........j.....y...j.......q.+.y.......=...{...Z...m...B...B...T...9.7...../.?...V.d.V.d.........V.\.....V.....m...m...Y...R...C...m.+.`...u...u...9...B...L............

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\CloudFonts\Tw Cen MT\35523432091.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 18 tables, 1st "LTSH", 51 names, Macintosh, Digitized data copyright The Monotype Corporation 1991-1997. All rights reserved. Twentieth Cent
Category:dropped
Size (bytes):70608
Entropy (8bit):6.638401506377789
Encrypted:false
SSDEEP:
MD5:9A5D7DCE2D86E010DFF5CF19F17C5F6A
SHA1:F2E071956980C2529C578053393E0EB30F3A53CF
SHA-256:E32ABBEB5B314CBAB5CEE0F7A9022AA51E37AABC02CD39F78B0194A7B2A86CCA
SHA-512:380E9DB9550A19D2CDA1FE48306D95138ED76A14B467A2AADB0C6D0A3AA9AC19F44829828B30994F18AF7A07C0B5C998498923F3E93C6D7E01AF818FF6E4E47D
Malicious:false
Reputation:low
Preview:........... LTSH..{........-OS/2w..........`VDMXm.uF........cmap+..x..2.....cvt .{*...>.....fpgm.&.o..5.....gasp. ..........glyfa..s..B.....hdmx.Wu,......$\head.?1...,...6hhea.......d...$hmtx..a.........kern`.b.........loca..:...@,...Tmaxp........... nameZ..7........post.k.x....... prep......:................._.<..................`......m.V...................#...?.....m.................).....).a...4.......#.9...b.........1.........3.......3.....x..............................MONO.@. .....}...... ........9..... ...........5...5.....s...^.X.Z.j.....;.V.R...\.+.m.+.X...V.V.........m...V...5.j.T.j...j.m.j.{.j...j.?.j.b.j.5.j.}.j.f...V.+.H.V...V...V.....1...u...........H.......w...w.+.N...........F.j.......+.).V.{.+.P.....+.N.......L...7.........../.j.F.j.9...B.+.....D.+.!...5.......X.j.f.j.....1.j.`...N...;.j.\...N...T...V...j.....V.d...T...F.j...j.`.......3.+.#...V.....V.7...;...?...)...9.7...../.?.............H...w.V.{.+.P.....j.f.j.f.j.f.j.f.j.f.j.f...1...N...N...N...N...j............

C:\Users\alfredo\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_17.ttf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_17RegularVersion 4.17;O365
Category:dropped
Size (bytes):672416
Entropy (8bit):6.566110770587873
Encrypted:false
SSDEEP:
MD5:4DFB7AADD4771ADDF1BA168C12DEDBF3
SHA1:B379DC0E19FE0F51E77305BE0A7F3421B80E8A0F
SHA-256:DB9B46CC2132D76EF90CA9A59AF03CB478BB91EA2CDA3E8E42DD0801873416E2
SHA-512:1C5AE2C794017A81A4232A2EF43725A0DA30F9672123940D85D34A4A77744D2D7ECA5FFE9A91E2FEDDBDBADE4EEAD6AB80E565C1F8FBB813C5A2BC25F7F0A359
Malicious:false
Reputation:low
Preview:........... OS/29.P...(...`cmap.s.........pglyf..e.......0.head-@;,.......6hheaE.@B.......$hmtx...........ploca..@....h...tmaxp........... name.T+...A|....post...<..B.... ........Me.._.<...........<.............Aa.x.................Q....Aa....Aa.........................~...........................j.......................3..............................MS .@.......(...Q................. ...........d.......0...J.......8...>..........+a..#...,................K.......z...............N......*...!...-...+....z.......h..%^..3...&j..+...+%.."....................l......$A...,.......g...&...=.......X..&........*......&...(B...............#.......j...............+...P...5...@...)..........#............*...N...7......<...;>.............. ]...........5......#....s.......$.......$.......^...................H.......%...7.......6.......O...V...........K.......c......!...........$...&...*p..+<..+...-....q.......O...................F..(....5..0K..$...0V...k..*e...o...........S...*...0..0...*M......9...

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{238C290D-0C97-46DE-BD64-9F14ED6C027A}mi33552983.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):33626
Entropy (8bit):7.965887842736553
Encrypted:false
SSDEEP:
MD5:62AC3DEE6787F06749ABC64859935C49
SHA1:6420D089E14541F4E53E3AD5E267C06D860C2FD9
SHA-256:32E2B26C0C073EAB9C0B22A76044B9B331AB0DC7BEBBB38D3C71F87F4AD54DA8
SHA-512:CBFB57AE929F781D5DE4A57FD496C242F4AE57C708E8AAE6197434A68F3CC93CE88BD3AEE49AF218909E67E62BFC6CD23F6D0A55379DBD32E33FD2F9568D384D
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........(J.....IDATx^....uGU>|...+.....4)......4.Q..)" .#(]E........... H/...I(.;.....q.iy.'^....s..3k..gM..../....^.'...2d..*.B........NW...X...C......N'...................................................................................".c>....w..t.?..t.?..3...6.....?..../.....;]...~.e..r..u..0..mNG.....>.......3.<.GO.z......\o.b/...G?6]...e...2].JW.r...\.............<..7?..C.........:C..~...?.....qC............~n..m.......L...k...<.C.r...p....r...........N.~......::..'GR........'>cz.S.=..*.{.3......;~..m...s..N<q:...r..N.N<.C.6M'}...._...AV...._.../... .b/......8...<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p@..<000p

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{43A445D3-7727-4F2E-9472-F92BACF22F60}mi78438558.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):17077
Entropy (8bit):7.955496041674705
Encrypted:false
SSDEEP:
MD5:89491620526FB557381C97F5159F36ED
SHA1:1394C15301FC23A6163B4B405F5C2A493C4A4A06
SHA-256:EE8D00409134C1FAE8AA63489CEDCB49977B80DB8A51F63BAA7C2232BACC4DC3
SHA-512:4A57CD62A7545C8C083173AAF456B0655E42D2F4F86D7EC4DBDE61FC4C0E932B0929A952F7E9600F05621BDFC263CECDB4F03BE66EBFBE9D86A57DBC7F76D42B
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........o.d..BJIDATx^..|....y...7o.:...0..!!......Z.. @...z.@h......{.....w.M.$..{.%W....7..F..=i.twz.....g.......).LY..mBrV..E..0.9.@............e.n...|Ef.........Vm;%iY..U.4q..&L...o..Q..0..*...W...t.........|(sB...E..0.9.......s$..`..Mq........a\.....Y....0.......8.X......,.....0.,..`....`.1`....p...3..../X.....a.X.}....,..c.......`.f...`_.....0.......8.X......,.....0.,..`....`.1`....p...3..../X.....a.X.}....,..c.......`.f...`_.....0.......8.X......,.....0.,..`....`.1`....p...3..../X.....a.X.}....,..c.......`.f...`_.....0.......8.X......,.....0.,..`....`.1`....p...3..../X.....a.X.}....,.5Ca~vX..`".../X....88l.iR.w.........`_.....px......[.....O.vN..../X.....M...6S..p.^.....p......t.....k5,..`....`.].l.....(T...4.`.K}6...Lt[`.>...`_...@m.`%8.D..........<.r.0...1.u{3.v....`_...@m.`]TL.qCO.....3.m..-.=.,K....M.=\a....../X.. ..X..S\B...y.a........3?.Y..(.=.<61m.8..N.X.}.....(..H(..../..*

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{46D8A058-AD83-4418-BC1B-14B5F1063F02}mi12214701.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):141414
Entropy (8bit):7.97730194336646
Encrypted:false
SSDEEP:
MD5:9314E2C904CB70E9F42929E0BA74415E
SHA1:7CFDBD0BC37BBD19470289A315041F0309B7C72A
SHA-256:CEA729DE164BFB8295E37A7DE3290CD3515D32A6AFB6524DBB04DA5DB25EE400
SHA-512:E5B1F7339DB29858C8ADC7B4F5DD452CE5E5BF7E5845D2914D2D985C6A04DE863607F786E7F6E4957ECF295A6F0A6B18214EB06B30AEF1A4CE8810EF84389917
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........(J.....IDATx^...z$I.......teepp.9wp.9.@..9.4#.TuO..{....<.....1u.....@.37.f..~**...+W........_....-..........Y..>...&&....V.V.6.6..6v....vd............U...kg.d.G'g..g.On...........n7X^.yv..X^.....[g.o.>.s......;..n.9.+..-.}.6v7[.9{p'.Y..?.s....{...{..........e.?t....<..e.9..Z..:.&.}.k......^v...g....s...W........z..g...g..gK..gs.Kg..sg...Y..<+.kgc#.....`.lp0.600...7|6.?t..?.o./#.....e...X.6Y....Y^.t..................]..z...gO...x.....g._.:{........>~.p.......?.}......n.?.>../..r...W7.{-..;...[:...m..c~.Z~.}8.....w..>..w...K.~u..........]8{..>{.]={s2~.|.r.t.x.r.~.b.v..t............^.O.=^.....p.......Kg...>.={s<s.N.^_.?{#{.{...<.>{..>{.?q.|.y.l.q.t.~.h.|.`.tv{.pvK.p.zv]....;S.[.......Qe.l.4r...:[..<...8[..8.-..]k....#g.........x..j;.vm.rvm.|vk.~.`{.....g7w..z.......g.n..=.n..=.}M........g/.>9{..........X......}.wo..{.N..........?x.x...:i!Li...G.."Mh....O.6

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{8495E18B-412D-4B1B-8704-42D9816247F3}mi56535239.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):45741
Entropy (8bit):7.906583578601499
Encrypted:false
SSDEEP:
MD5:62E3A125CC1380C07A17CADB62885A5F
SHA1:1B14FA60F0324F9EFA0FB8596E3870D3AA7392DB
SHA-256:28D60D922C2FE6D983631EEE48458CE314C05D3BF27D59D40969557E6A520916
SHA-512:43DBFFCBF92B1DAF68E5050A896999E9BEA9662A95C957ED81AFF2CFAF4FBDA657C54A427C3392F47EFF209F52B03109D71E67DF95CCDB62E35F009B0872399D
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........(J....BIDATx^....&.U.q.pw....{p..,.H.......wwwX...B............t.LO[.Z{.SG....].=.>..........k..~....X..u.]|..z<b.h9.6?.....c.[.....;Z{...|....=......?.... |"z..{....\.o.q....;.N.q.t.[.vmn....u..o4....;.Lm.|..z....:~..Ve..F<Zs.u.=.z.}..-..y..>..Q >...xGs.Z..h....7....X..5....!.=R.,..=r..>P...x.P.E..7..*R.0.b..].....;...F.lm...Lx...o.Qt.cd.....OZ./.56.o4...i....X....`9ot.e..t#.\6.+...k..r~..C@m.?i..,.....*.......W!NnF...1...}..9.......-.f[.,h.'.B...mt.h....s.u..].7:..p..F..w...K.. FY.?...g]$.,v9..4...6.k6..4.o.........[D...j..[...t.t].....nL.lm|I.......8..mt..8.;O....4..n...#......._.M.....V._1.Lk.Mgu.y...~..'-.....x..._....=.6..o.............y.s|..#..6..@p.|... f.l..F..$..8.s.Bc..*.pZ...4y..;....k..mt...s.u..4.-.6:.......Ew....l..6..4.2...A.IG.m...z....}..].'...F.mt{.F.V>...7.;MP\>..m....#..[...t.t=....Fsn.u.|k.K.....Mw..).6~.h..F'.e...?.6:....yml...:.S`m.".E.}..'~?.

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{A046CC4D-7B23-4B53-8616-1CDEBE4EFE24}mi56160789.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):71880
Entropy (8bit):7.977631623268977
Encrypted:false
SSDEEP:
MD5:14F2A95B1D0C1A2F1643280AF8B27B7B
SHA1:11AF2540E50851B6BE93E00DA0895BF9C945045D
SHA-256:C107DD95B3286A4BC540D5860AB9AB3BC3E1C6232D7F92C3129B2FA16AD57B7D
SHA-512:7192C880B24D29F163F54ED35ECCD6F2EFAC7B1CE5260FE7582E2A843FB48CA8C3D869DE0DB2F075D968D55C7C7CFCA1B2B5FAC724588E08160C2375D6BE692F
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........(J.....IDATx^.....y.....M.6i.a;q...33K.$.,fZ......+f.lI.....9Z'f........u.P.......o....<.9...7.Y.....6.....f,Xwl..c7.^vl.c..f...&..U...,O>6ki..V..[........w........zlU...y..N...Z......9.f,.?6{E........f._sl..cI|..I..V...[.V......ck3.-.Pxl}F.....sk.%...[.Tp,!..X|v.^W.cd.[.R....5.K)l......e...K.=.S.q,)..XbN....cy....e.4..]~,...XNi..7...c.%..R.......:F..yU......Vv.K.k.r+[.....K-..~..R.%f...[},).R.Z....5.y....XZq.o..-[..}n..|...ck....\.U.&....s...Syle.s.L..k.:......c...%......4...:..K...\...e|.I.....mU.....].=v..%..>..s.^|.....b..m_y.m+...Tm.D..t...\....E.M`4..u.gs.'.`iK..lq\.ns}..m....f.u....[.\d..lej.....u[bq9...mEb..L*.Vd.....2./6..6..Y|V........[...eT..J.~]F..N).kJm.BK....6...uY.;...2..,..S..[.e...._..;.|.%..x..._.a...z...Z}.|.].8..q....,ek6...3.-1...k-)..6...._..'.~Ny....ZFI..._g..o9.]~.>..............:^..M+.[z...{...eV.:)[..Z.^n.R.l]V...uK.

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{A9368E30-AB01-4AE6-85D7-0976C7B52F44}mi56410444.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 352 x 198, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):43242
Entropy (8bit):7.983454839708982
Encrypted:false
SSDEEP:
MD5:C1F7D8EC22091D84E2806C62D1D560F5
SHA1:0149186A7C9B4EABF36361AC0EC36F082081ABF1
SHA-256:337897A933AFA31C14343E6CBF74781001C5DE77C85C46BD0591D67F114D0B32
SHA-512:7A2729B208797216CEA563D91A6CA33C6AEE309BDB01028FB13E7A1C2EFAD66EB0B8387AA0D42545AC6FD9CD92EC68520B37C4C323C5E90001C32EC8210CA0DD
Malicious:false
Reputation:low
Preview:.PNG........IHDR...`..........SZ.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..et].-....}..k.......k..a03...;.c;ffK.......,Y..`...S.q...jJ..(YI,{......sL......U..ou=....._..T\q..W..x.@.....o..u..a4..*...+.....i...b...w._..W\q..7......+..y.y..~x...f..8.v]O7.K..._.s...h.=E.i..O...m...xp.....;Fq....V.9v..6...q......t.7..........W........M......f!...^..N....=.......>.n.,.O...GA_q....V..t.E......".2...%8Q....pd..............w'.MCL...Z.P...H..d........H;.K.K..?...H..........5=...Y.i.b.'F..a....V.......uu.....f....}.500Z.S....5...~.F; 6........ENI.r.s..w..y.....^...e.4....]v..N.iL.t.ux..'S......W4.) .......?..!.^....DRV...6.t.C...02].}....]....pq?.......#v....)..QTS....x..@Jn.1.&:v?.m.!>=..g...Ez~".<..(;.e`............P.%.N10.....W|"W.X......8..24..V....O.1<|u`...~.9.>.......Qv..1.....j...{.^~.PR_.....:l....j;[P.P..H;xx....#.<.mg..^gi............4....GC?9.W.'...+......2....N....u.....9....5A|.7.-..n.g....0.Co..]S...b=bS<q.,

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{D0AA75E6-088B-4A97-AEA4-DEE27432CA3A}mt16411177.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):11224
Entropy (8bit):7.9614300831372695
Encrypted:false
SSDEEP:
MD5:B4A0AE40C2B3D3285360CFC77B11838F
SHA1:EBE8BCB8C84FE9E2E04F9A73653242B512853DCE
SHA-256:389A976126320BD3B24525C2388F3EE00FD489B1B1491F9B759FE1D706EF3EF0
SHA-512:EB390A12EEDF971A9C80F7840516DC46F8F10445E524FEE952A47F73E1BFB52BB451BCF8032759D80A660EAB56F82432FB0131BA372BE14EBC643A156365F02A
Malicious:false
Reputation:low
Preview:.PNG........IHDR.......q........#....sRGB.........gAMA......a.....pHYs..........o.d..+mIDATx^.g.]..}..f......`@....."R+..!.L..(.l...cl..p.9.=.c....\..6...RK.!..f.....V.>..>}$A. A.x...W_U}o.W............k..SPPP.x.u.....&........0"^0...."JAAA...E!HA..(.)(.B....(.)(.B....(.)(.B....(.)(.B....(.)(.B....(.)(.B....(.)(.B....(.)(.B.....0..=..a...S.j...N.;...O....".....P.P.{.@?.Au..6iv.../......d......3..3..k....i.=.......:Wy.g.+tw..H(.e....=s.z..#.!...)...i..a......i...9fY._{.[+b..?4t.~.K.s.(.;A...O.....S..%<../.-....+.S.9..a.w..s&Gc .f..*9.P.......HF......lX7.6.5.}c...Gl.kO|...n@...2..~.?............F..|...f.+.i....:.g..V.y.t.e.C.Q.Z...;$......'Y.h...z...V..?.S..../..I..jGP+.....a..&. ....[?.@x..........8F......3. ..!..._..6....I.(....5!.g.T..c.......C.2.]qZ...G|..i.Y.[...8..YO.1T..zO=\.....~.?.g>.....i..?......?z<.9.m..-.gR.]x...F..."..O=]....t.$.}_...A...k&.5lX.8<..u/.dY..cY.....|,..].0z.'......i..U9.......f....h....Ya.g.3A0.g..i..

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\DTS\en-US{98DE69B2-6F80-47C2-AC66-AA353EC06934}\{F094975A-ACAD-4B10-8B84-3BB8626B1ED2}mt10001108.png

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):4792
Entropy (8bit):7.919519824286398
Encrypted:false
SSDEEP:
MD5:0487A314ED07DBC89E92E8F17F7DFED1
SHA1:F01A61125FF490AE2107CEB7D275C0EEFA87F5FC
SHA-256:1E37A0FB4AFAED6EED7ECA76992EF1DD67749DA8B3CD9CBA7603E6EBA24DCA03
SHA-512:394278BFA2C4DE420FA00DC62518D5D60F962274C9207251B8E2D827C6B4A699A46162823F1BE341626E045CF02BD5F2427C57CE5074C38D357F9650A0C90243
Malicious:false
Reputation:low
Preview:.PNG........IHDR.......q........#....sRGB.........gAMA......a.....pHYs..........(J....MIDATx^.i.U....ku...CKTp.(.D..d...g.E.e...E....'&E!.8...v.&...e.v.R.5.EQ@1.h.....o.w.WEqR.+T................v.hU.?......E....!.%.P+.q.p.*...q.:.@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q..@.'...q.|..iQ.1.......J..^,Yi?..v.....sQ.r../....b.....u0V.WF....tL....vqR{.....T2{i..;.|.4X .w..>.?..qC....S.{`V..K.h.P..vE......L..[...4....n]p..S.J.[e...K..#...m.v|O.X..'...l.Y..9.....j).s|.....}t....|s.,.<V.].../....?1..?..|..c=...os..y..y.u.5......4.t./...m..<...F.<:.{K.(^.. j.c.....MD+..wd.......Z....|.}..r.n..z'.J".K....:...5R2o....3..5Q_.(..}.fu.0.1...~.].......^M..{...m....'WJ....x.uR....h.D..=m.:.n."...O...?....;"...>.....i...b..%..y.5.D$<..*+..i.$..?..&..g...W....(..gK.q..r.^..^.l....L..dF[.ud.9.....J.[....1..... :[].3.KF.s.t.R~....tY....n.+.X.3.%...*...|..m)[z.y.n.J..!Q[..=!.dt=G.....k.a.yw

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4636D7E0-DF9D-422B-96D7-0AA1309D86F8

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):152820
Entropy (8bit):5.3552592415743705
Encrypted:false
SSDEEP:
MD5:4151EBE6150A50F304D0C89CD403F6B8
SHA1:1F83FEC2A15FDFF3DF08F659C691AA8946EB1D5C
SHA-256:E861F51D904BB288A73D8DD919DE62EC7404C4B73417CBB54E3CA300FBC042D5
SHA-512:A63C2EEFB546DE76F2DF30AC7CF94900C8DC9C4DF7A762A1179BE5E637CFDDEA5911D1CEDECA7B896297BC29D8DAF47183A954BC892828B63B2D950A5FFFCE66
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-01-05T08:07:35">.. Build: 16.0.16012.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\alfredo\AppData\Local\Microsoft\Office\16.0\powerpnt.exe_Rules.xml

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
Category:dropped
Size (bytes):232945
Entropy (8bit):5.12845402951343
Encrypted:false
SSDEEP:
MD5:A59DF65BA101FF3F9EE92D36D1777318
SHA1:A55D663EDC0E4A75762576BDB2B81D14B40CE911
SHA-256:ABF046F7126CED276F961EFBE48D19E4303C244FC1A280CDF9F10C7D56636999
SHA-512:337C9EA5E6BD5A00202544885DBC19C9198DE96D3F88129CD2060D74EADD0E02A5356D60BD66ADB2DF8D054847FB1F32CCEBC02D103142BAB333E7447FE7DA56
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?><Rules xmlns="urn:Rules"><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU" xmlns=""><S><Etw T="1" E="159" G="{02fd33df-f746-4a10-93a0-2bc6273bc8e4}" /><F T="2"><O T="AND"><L><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="37" T="U32" /></R></O></L><R><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="29" T="U32" /></R></O></R></O></F><TI T="3" I="10min" /><A T="4" E="TelemetrySuspend" /><A T="5" E="TelemetryShutdown" /></S><G I="true" R="TriggerOldest"><S T="2"><F N="RuleID" /><F N="RuleVersion" /><F N="Warning" /><F N="Info" /></S></G><C T="U32" I="0" O="false" N="ErrorCount"><C><S T="2" /></C></C><C T="U32" I="1" O="false" N="ErrorRuleId"><S T="2" F="RuleID" /></C><C T="U16" I="2" O="false" N="ErrorRuleVersion"><S T="2" F="RuleVersion" /></C><C T="U8" I="3" O="false" N="WarningInfo"><S T="2"

C:\Users\alfredo\AppData\Local\Microsoft\Office\OTele\powerpnt.exe.db-journal

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):4616
Entropy (8bit):0.13760166725504608
Encrypted:false
SSDEEP:
MD5:455C6B37CF40D5437E23E404E92ECC6E
SHA1:01A5FF99F424D4BE604358F0A2565120F53E7591
SHA-256:049C2701C0F8983325113E36C947B3D2CEBBF9B674A28048BDBB9BE0E1054C59
SHA-512:FA610167E23DE41313D837CBF8BC0E880D65B340E45ABD7C0940F467E0C87F720049ECD39878C456B80EEDE9188784B653587CFDBE007636E2D1EE29635B5D6D
Malicious:false
Reputation:low
Preview:.... .c.....:}q.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):2278
Entropy (8bit):3.842548705375362
Encrypted:false
SSDEEP:
MD5:4A69C0F7097BCFC99AE99614ADC2392D
SHA1:6823038586E3A0784ABA604432B11217CF066272
SHA-256:49C28A700C260184E85AA3862C62B2DEA0609DB23C2E64EF13062D65F11EDC41
SHA-512:9D2B8FFFB51AB510C5F1DB6B86C2D9D983D415BA54C6638A50B7C6AB1E3812465E2864CEF3861DF12BDBB63D6EF966A4A026286F4EA8BEA7B516E277B6BE544F
Malicious:false
Reputation:low
Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.O.l.O.K.O.U.g.2.Q.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.S.c.x.0.U.

C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):2684
Entropy (8bit):3.9005353256550435
Encrypted:false
SSDEEP:
MD5:A1BC73130737D82E54866B5427EC474B
SHA1:EB494E65A2E05E36DBB112FB77F4564F0237CB32
SHA-256:D82E49F54C0079CF3965ED96BFC13BE4B91E9225148CEE67B22541AAD19359A8
SHA-512:5BBBEDB9C376582C088EC5665E08C8153CC27CB97AD314828D9ECCED3E88359511C0C9B21183DC869F1DF9442BCFCDCBB92B7FDE0E17D42E8641400DB28230A0
Malicious:false
Reputation:low
Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Q.u.4.l.Q.a.4./.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.S.c.x.0.U.

C:\Users\alfredo\AppData\Local\Microsoft\TokenBroker\Cache\9aad439831564ef9f88438a70a63c87e26ef3852.tbres

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):3902
Entropy (8bit):3.9894358014824247
Encrypted:false
SSDEEP:
MD5:1BC223474CE43E344DB28355CDE1B024
SHA1:049E6F5D87AB8A1AD2600C35F3CB115E291184D4
SHA-256:95B0854C03F0D54823500421975F75F5F88266917C5ACBB06AD69D0FACE296E9
SHA-512:794CD4FC6C5FAB98A446FCB0A0B38F25DD45AB6DED0D16A4E7C45ABB12B639E69B1853CBB859F2C0BCFC5671F0256DEEF2EF8C4BA744E0E20DACC4D61FE4EEFE
Malicious:false
Reputation:low
Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".m.q.1.D.m.D.F.W.T.v.n.4.h.D.i.n.C.m.P.I.f.i.b.v.O.F.I.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".r.S.F.8.D.d.0.g.2.Q.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.5.S.c.x.0.U.

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2A1F0D83.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):216909
Entropy (8bit):7.904234639639555
Encrypted:false
SSDEEP:
MD5:F2FCE02C8E3C1F69C6462E8F50518B92
SHA1:6B3A1A6B6679C8DF1D0B81FDBD46368FC82FA2A1
SHA-256:C118A62559E0D16441F20928A9EB68581F46890487944F39CAE530512F23EBBC
SHA-512:DC480DF5BD72044E548B0CD9550A185250AE098596AE86CF22013B299C43C16EA4BD963500709139A231D71269456BB95F81AE1BB09CA0D11DBC7B6150DA9F64
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......U.....C....................................................................C.......................................................................8.............................................?.....................!.1A.Qa"2..q...B#........Rb3rC..S.c$..s4..................................................!1.AaQq............?...Q.......(l~D[}L...p.t...0#.mz...c.x.....q......U..]Z.O..........G...1.......=k...2.......r=,K0.@...6<...p.t....5n..........WJ....Y..@...q.k.7.D...........*....8.VM....9...U{..K;..^G^.+....:Z.9....(.._.x...2^.X..6......Z..A..\y..... .k.....T..(...>B....O].:....@..?h.@E.;...).o.30.7=:.8....G.:@. .V........G...4.........P....a..w...l......8b8. N...o..%R....B.j.?..V......\.n.1...`.R..60....i..T.x.....j...0.(a.)]....mH.......o#..@.(4..H....{..E.9WJ. ..(....7.K.....d`...N.....,.8.0.R..c.S.E.@RK5R.0.A..N...F. Y2...E....\..G^.*.).,z@.".4.......`....C..._. .....+.@..?h.@...X.

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\379F7A11.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):698841
Entropy (8bit):7.948223172892605
Encrypted:false
SSDEEP:
MD5:5B6CEBC52A32FBB69153430736A977AD
SHA1:59563C8AFFE36D46BBBBBB1F5581B01ACBC04DCE
SHA-256:FB796009FA6034727156769A44BA6CD8C82A6ABB1BC0E526C70BF321E5801F34
SHA-512:41C03836618A5D6F2F6F1BA5618EE12055B42C23A12EFD9DF29451E716D12CFF7CF73D00232E8DBC7E6E5DC1DC9E59DA10A5F5E4F781CCD165F4123BF6B4C202
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......K.....C....................................................................C.......................................................................8.............................................E.......................!.1A.Q".a2q.B#..R..3...b$...rC.S4.%.c...Ds........................................................?..t...R.8.[.'`.?...Vj>U...x&$...X..#B2.`..@...`...I.L...H.....Rt.a2..UM.......zO.h+{....p.$..h....unZU..%vfx..L...@>b..A.8...F..7..E..j...).C.C..A..=.......}...z...].i..JD.@8VG.....@04.YjREy..=.@..Du=;h<....G...-....{m.....V.x`|..e........}.s...1..v3..;..@.y.g..+.v)..7........9..`.H...o......mp=...F.a...t...9.m.,....^....E/pz...U.#.$L..c..Z.S...._p*'....L.^F:.5.q...}............k..`G^...A...(ed......L.w].NEl.....f0&d.?^..7..B3MI`.[w... I.r..M....p$....._........G.......s...kS.H....F...x.m...d].'..]..=.^....O.r.Qe...d.TKp.Du.... P.....g....x..w1..G....T..._!.b..OS..EQp>...k

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3946BDF6.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):528727
Entropy (8bit):7.942279931323295
Encrypted:false
SSDEEP:
MD5:5610340C45AC614CECC4B45A260A41ED
SHA1:4774619D33A8714E1E4061F99F5DC1C1BD45017D
SHA-256:A54A9ED63B284B6438301F1DC098DA87D66C00C3F9BBE80A7F31CB6DB331A324
SHA-512:09A8BD9ED8CE2538F2474DBDABA80F3AF67883B11C8B190A037BEB37F63F357A0F513AA66BA4E4DC594CE43A5A14084308722969355C559C5251E2D20B37F2B4
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......K.....C....................................................................C.......................................................................8.............................................@....................!.1..AQ"aq2.....B#.....Rb3.rC$.....S%.c4..............................&....................!1Aa..qQ...."..2............?...X.PNUr..1...>./._u.]...._.X..du4..M...^aT........x.rT......w..c..F.q.V.....0.pF.~:tb.....K^C...E{'.)B.~.|.y(.....?.N......}.@...'d......f..=...V7..b.].:..6..9.-w...#w....%..+.o.Z...P..#..o.n...............u.u....f.[....'......J(.........t.._..........:.G.W..W.'......?.C......F.{'3....mE....'....X-....I... ....6.....y|~rj.p...~......hv.3..d....-G.a...'..._.^....i.KPv@...p.....Q..-g.......u.;....U...L.6...........=...}.w.....-.....|O.j.:..?p..%..x....D..E.W.....Wa....R.(~Em7.V..r)....u...8Y.kS..N.0.E.g.S..}...q._....VK...q^.z.Z{....c..R..u...

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4964F8DE.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 57x56, components 3
Category:dropped
Size (bytes):2406
Entropy (8bit):7.350722063542453
Encrypted:false
SSDEEP:
MD5:DE9E2081CA419F1F313DEF734E92B3C2
SHA1:E78FB1997A3CCE6F5AF763F2ACE1CFA1761B9980
SHA-256:393D6596C0845C8E24D64BC731A35425377E952C164BDEC551F798DB48270E14
SHA-512:D5FF7A33A3986F54CA6555126299CE6067B68870DE084FA0F18221CF8B36F78932BF65D842DB694DAC87940C7CFA9F8F7F4D8054F17784B0B7770A686A2121A2
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....C....................................................................C.......................................................................8.9.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......*..V.....>..3../.X.......o...G...Y...o....m.g.....?.)...{... ..<w.[..'.!.....l...o...?.........[.}.g......3........J..I<m.|F.?....Z|5...O.&.m...p....2.::,.$.C..$a.1....;.,.......o4..G..........!..?e....)..X..+..?...%...G.ggm.y_b.v>.~.3.F..............|1...o.+o.W..6..%.....h....o.../.[...y.........O.......H...z?......O.......H...z......\.......O...?.B.

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DAE6E50.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):278917
Entropy (8bit):7.858243593920861
Encrypted:false
SSDEEP:
MD5:335E607D2CC7BB1E8CB5B1C3BD59CBF9
SHA1:ED555AA9DE4737D7A225EEC37C08C71BBABE7619
SHA-256:6CA1E4602E9B1F90460CBBBFA4069E79F7B11D2571602980207655CA25661F06
SHA-512:864B60811F10C8C1EF92193B2335F2B5725454B6C67793B6457E63342A70769A89FA4D0F3978C7D5AB91E2163BBEA04653E0FEEB857CCB4131EFAC30C2E5443A
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......X.....C....................................................................C.......................................................................8..............................................>.....................!1.A.Qaq"..2......B...R#b3r..C...S..cs........................................................?.... .".. .".. .".. .".. .".. .".. .".. .".. .".. .)..A.{ ...~..2.....BKpt...t.........Ah".._.A.6d..Y.8...:..?...}uAtA[...9..(WW..@@.82.t...y..z .4q~(.5k...r....A...... ...BPU.....T.T.r...........f...~.....!.SV..v.-..D.Z..N/........$...A.t....c^(%.p..].A.......=...iR.=..P]OC..^..A..w.L.^.+qA_.PR...Nh".A: .AH".. .".. .".. ."...z:..-....WAE....A.D..A.D......2:...\.A>.).A.D..7...4...t...A.D...@./....v..;....".K.b.}PB]. ."..!.8z...=.47@.N.4......D.H...+..2%. .%.8.d...s.. ...........).A..H.....].JA..m.r@.o..:..:}u@....f.wr@$. ..Kh..,....]..J..&[......./T....m..z..,.hmJ .x.h.... .L.P-.?..

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5A5BBD72.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 10x1, components 3
Category:dropped
Size (bytes):651
Entropy (8bit):6.584685575659917
Encrypted:false
SSDEEP:
MD5:A646BB573B7C5AEB4EBEC789D384A2B5
SHA1:9AC454BE8B3173E1A7D5591FE38796427E0E3E4E
SHA-256:BC4ADD3C3D2A97243818BB1464C7C8426643696348B91EB27299CEFC5BF96E98
SHA-512:1060ED1E3DC2690DCAD06AECBD475704CB294BD8E7390300252B46CD5815F0E36A42A594177FE682528C53AF1903E4E6422155E1478C65751C244CE06EC95F71
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......\..:...?.?....._...P...

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7A1D47ED.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 2540x1429, components 3
Category:dropped
Size (bytes):221286
Entropy (8bit):7.673562418106071
Encrypted:false
SSDEEP:
MD5:96621688ADD6E84DB55045D657EA054D
SHA1:674A71EB639FF99097924471AFC9DFA165C0BB5A
SHA-256:E8575111AEFD2D78CD37A703704EDBF63760A34BDAC48A030913E17BBD468D44
SHA-512:62B6E94CD5B5128D610AE60F6FB4FF3E0DA8D6A816CC9AC8F962E2D7CDF6B7C46BD5414C951582C5A215678F6B98A09F432E0D0BF7F61921F076B3E0B9F713DB
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d........C....................................................................C.........................................................................................................................................s.......!.1AQ..a"q..2.....B#.R..3.b.$r..%C4S...cs.5D'...6.Tdt....&.......EF..V.U(........eu........fv........7GWgw........8HXhx........)9IYiy........*:JZjz.............................................................m......!.1A.Q.a".q..2.......#B.Rbr.3$4C...S%.c...s.5.D..T......&6E.'dtU7..().........eu........FVfv........GWgw........8HXhx........9IYiy........*:JZjz.............>............?..9..0.U..b...]...o.'b......].....*.b.S...+....v*.*.U......v*.P.U.U.R......]...5...p...T.#..E|1E,...G....b..[......'..8.+p.ZX...n.;.8.t...|P......ZF.R.U..;...m+.WF78B..Y.w8......q..b..E).....k....b.NE.G.4zaB.U.P..v*..Z..7LP..KG....O\*.......`K.LV.p...B.j`J.*........*T.,... .h]....-=qKX.Bq....0..[.!.;......P.P.U..]...&..)....4.<qJ.).....

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7C5B5FA2.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):820038
Entropy (8bit):7.957734979229796
Encrypted:false
SSDEEP:
MD5:1924AC53015DA65542BB42E40FD962EA
SHA1:8AB31F61B7B82C036AB844E5C6888CD8D9D45180
SHA-256:D01CE8FFE0965853F207CA0829AAC69AAAF4C764A2D9CF35E23837F190C63E8D
SHA-512:8D33FFE1CE4756491A55E09E158C0FB7201C0A58E100244D3FAF06EF595E8D82F04CAB64A2F2991355866A814F1EDD531FB607A54F7F0C7CD5AEF47F4A0E893B
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......P.....C....................................................................C.......................................................................8..............................................F......................!...1AQ".aq....2..B#....$R3b.4.rC%...SD5..cs........................................................?...N~...Z5f.mbxY...!'S.t....>.,...Ib...Gn.\k.......R(l.^..\(&df...2@$..#8.:.a.....k.u.t{.......v..k<....,...;.X..._...@a..*..c.=.. `..(.P..>].I9nW...nGq..tQ.F....O@1.f.a.....I..3.v..A.wg.b...;....`......Ai'Jj...X$.r..>=...|.~Ek.VG.....i...?.....A.e?...S.%,.c.\......=j.xz1r0.nJ..q.`s..9..A....y.z......c`...i...5..z.....D....o+.......G.......oI.....8............9C.e.b.....M=..[.(...p..v$...AY`).g.c..I......:.^.[V.dQ.d...3....#..b3:.........m{.>.].nz..Q.|Vv.!1.8m...k.H..@..K.....b.].6.Q.........J...rJr.RO1>...l...7...<5,..r.... .!..]..Ca>.Y@...z....5..a.!Bx.b.K....<.Gc....J..X

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\860FEEE5.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 10x3, components 3
Category:dropped
Size (bytes):650
Entropy (8bit):6.587598234229773
Encrypted:false
SSDEEP:
MD5:8B502486F7CB690DC0F8F474363C1404
SHA1:843F1350C1F773D425FB4167A01A1C21F71D1D4D
SHA-256:DD289CE38BBB5E97E2A18A4BAAB3B2FEA571CE6492CDB3793CBA4010D00DD2AF
SHA-512:C06DC1289FB485CE33BBCA7DC17248F36B24E6DAF5F47A051D1E166900B5E39DA5B1E3F1282C954C2742E2EA605EBBC3C7AAF6C306C667E5A6837B1D51F24031
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....r...........9i...E....

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A38B76C6.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):558041
Entropy (8bit):7.9426360654130646
Encrypted:false
SSDEEP:
MD5:4E718B48B0DA3FC918FF52BDF58A79C7
SHA1:04CBE4EC63AA9813C0705C94BA1782798D86CB78
SHA-256:068A5CB556887FAE17A67DACF36CCC0EE1D578D8822A95E5ABE9EBFAB3F5096D
SHA-512:C19D82B4D20CA9C509B7A5EAC85AF253F701FA5A67F9D305B2B4BD470510B1F7BAE95792218BD007D4A694CA85C8F32BDEBFD03B763370D4D62D47AD4827B403
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......P.....C....................................................................C.......................................................................8.............................................@....................!.1..AQ"aq2........B#...Rb3.rC...S$.4.c..D........................................................?..=.%...Q.....M.W..+^R.|.....[./+d.~:..b....r.3.....R.......h....[+V.g......b/Z.[m.......x..Z.....!ot...&.#..a^"........3r}...C1....2..),.....-.UxY}.wF.U.#@.<-`I.;n..2..Tl.B.&E..M.0q'8G23....uK...D.r...'x.m(Y..T...O....UF..l_0...|> .....6.S.fWg....V.2.......+B.-.{...q.......0...f...;..6^p5...a......h:.b....8..._..k@..>....8.}........9..>.}7..@eM.B.-..Lh6.^6..p.K.....C.qX........dX.+......2.I.....}.V.5g|G..h6..^..1...O._:.*G;5*.Tgh`........%.-....-_..X...5...u#.1.:...zR.)....?....$.A....~....{.=.$0nI/....F.....!...%......A...6.q...@.6.Z.6.V..y...@_o...T}.;.?...5..M.Vm..Vgo>.h

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A4460ACB.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):264405
Entropy (8bit):7.930410397393636
Encrypted:false
SSDEEP:
MD5:5AC4A5F3DC3713108189228077312139
SHA1:78DD5CFA187B2DE8D963CF60B67D2066C2248188
SHA-256:51BDC7D7F70702980CFC01864C9BF2128972730D9C199A247F728A75EA2AB685
SHA-512:642AE0C44D8C5DD345BFC3952548182E79540ADC961BE9ADAB6F46FCD61651068C685C4EBD33015E2FE9BB6D4CDE3CD0117A345B078054170EEDEFB85B684438
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......U.....C....................................................................C.......................................................................8............................................=.....................!.1A.Q"aq2......B..#.....Rb3.r..C$.S%c................................$.......................!1A..aQ"q..............?....o..{W....X....L.v.M...Q..).S.9;E.&.#..p..kX..&..t.LC.n$w....-...HM...Z..LkY...N...I.".J..$L.@..&.mQ.....t.J.X.zl.J..Z..Q.Z..".,/!..TZ..F.:4...@A$q'.QQ..0t.4&..p..V.u~F..A........CCA......_.f.Sz..$G.f....5..c-rb...2m.@.J.5D.c...0...F...7..A..PW...}i.T.M..}......<..Wf......-..:.../..Y...$t5.Z....M4..QJ.MeEF.|e.^.+q.XE.....v...h......GU.....>eL.....4...I.M.l..j..w..;W.:...:.....{l...TA...........j0..I..v.4.E....]j..'....m.C..R:..:.*Q...J.v|..|a.zH....,.w..=..o._.."]k...9c...q...C[q..;.41...!..p....x...P..t...d....<.j+4.o4..M.:...q..N../.6.......V.......1.(....n.

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A54DA97F.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):70603
Entropy (8bit):7.140447789990316
Encrypted:false
SSDEEP:
MD5:5887BC78EAC0C8D784C5898D4913FEBD
SHA1:8B72A130479222C0DB48C1EB3529B1F9C37EC70C
SHA-256:26E736EB8B7FB54B6FCF9A681BC7092AED59FF711ACFF4886CE668383AD0D060
SHA-512:27197C9B253CDDCD5C939710F24B2D2CDAEF9612165D300BE1DB8BF12D03E3C2E058794515CBD24BC58B928EC9BE6F363B02706C90DB605A56F4918113DA3268
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......L.....C....................................................................C.......................................................................8...........................................!......................1AQ...a!q........................................................?......A.@..s}.......P\. ` `\...................(0000000000000000............................<.....y...@... \..d..x....@... \....(.....<.....x..@.s.... @P.y........'.......'.(,.@.r....N..d......Pi9...`_ .>....P^...7........q...N..h7.....N..P@`n '...........}.<.y.....`.k9...N9...O .p.....,...%...Y..@l...@A,.....K.@l...@@l...@.,....MOP...OP@..6..........:...A./.@M.... .......K..0,..@.R......./.@.R...........^.............../.@..................0000000000000..............0.AA.. `0`0i...y.....|.....`....A@....x.... Y.... @P.>@...Y...N ... \.PP98..@.r..' @.r....N........^8.......g.....Az...A.....Pn(7............u....u..P@`N..X..r.e...>.

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D4C0E1A8.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:dropped
Size (bytes):1177633
Entropy (8bit):7.949732545805057
Encrypted:false
SSDEEP:
MD5:42B7913ADEA6A320F6B667A072E0E4EF
SHA1:18ED27C14BF85708CD97CC9EB7107D33E70EEA48
SHA-256:B0CA80CF95664A89DB69895AB3E4D7B122FC3A63A3847BD59B1140F2C8F8E353
SHA-512:0DB02309479375D769C5856AF6760723B777662B377C3775627BAC567B9B20CD9BF5AD9C0D9AC2940125A972BE1168BBE657B372DD878F5F12D1EBF886776F6D
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......U.....C....................................................................C.......................................................................8...........................................B........................!...1..AQ".a.q.2#......B..R...3$br..C4%.........................................................?...r.;..f..`K.2.)N%.:...-(..n)-.%......$..5..{..!].1d.n.8..N6..r........H$..E... f<K.}.....T..K..../..tq..^.(.)......K.p..<N..l..C..Bu..j.].6.H..JT...z..E.....{...].S....B..%H...qp.Z..*.....o]p.t...'$bK.V....(0..v.@x)....PR.>{t.r.rq...).-.".G..95....\.i.......:......+.r?..v.!W..e?...0^y..8.E... ...5$...{.{..y.YN4..R<...-.~?.y...BA+.".$jt..c....y....G..........3.%Ky.......Y.....F....Ne'..l}..a....S3X.....D..Z(j5.(.....;.e.E...T.......%...G..4....s.9...z.WKK.7...4...p.8..&....R.t...8W...q..x.d.-mF&K.).VKl2P....QSMI.A..|c.^3.Yo6....mJ....:...i..'...PGq.E.o..~.N=o.6E.IPJ.i..C`U

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB29F6C4.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, software=Adobe ImageReady], baseline, precision 8, 174x138, components 3
Category:dropped
Size (bytes):9054
Entropy (8bit):7.871446681431426
Encrypted:false
SSDEEP:
MD5:7027A1BF5F1026419278DE39A7DEDB49
SHA1:2846234BDE825EBE0250140F0D5D9E94D62A8287
SHA-256:EE0E328A138B5E5BBA977BE895178762B7F49985A28764C7EC43B04F22C7A683
SHA-512:405BDC38592E72C8A2076A7ACDD0BEA41C193D22157A0BA36C036048EFB808326B942B2857ACDA640F076E464A9B61C5BE29D4945682DDA0320BB79E57D0D5C3
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....XExif..MM.*.......1.........>Q...........Q...........Q...............Adobe ImageReady.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..9vy......._...F.........c.A.........JZ..v..c..+.B..=3.v.)...)'eu<..',O.v..G..2[.^...&.!"X.s.w8.=Gn..m.`Y..O6...@}O...E&.yT./T.2.......CL&..H...f..........P.P.."T.@..g.". ..#...$.I%_.i.6$.....<v....T..e. '6.#...............,`../...{t4.O..C..|... .S..B=.h..F.2.z.....

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E3E13574.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 176x176, components 3
Category:dropped
Size (bytes):28392
Entropy (8bit):7.935956341093106
Encrypted:false
SSDEEP:
MD5:D7B5B9ACC51AE4D1952D0807CD730479
SHA1:35B34F36DBD22312E260588EFFCD60E67296B1D1
SHA-256:7569ED3DE1DA6389AF57FD52B839DEDE743C69B340338CA2F363E422F8E2AD0A
SHA-512:09266F2DB97C56759E8EFF656089E5E041D3EDD97990485D0445D8D320C7D3CBFB85DD1DCCD71C4E99CA19496CC2950166501964FAAEC3EEAC7598CFF03A374B
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Ducky......._.....C....................................................................C..................................................................................................................-.............................%..#.bCc..F(A3........................................................?..}..^!.!....%c.<|.w....._'#....X.1.z.[.+....[..&Q#.'Q.<.^.....cV.h&.9..."....8.<.D....IF..S3....%...R...."N.'.e. 1.3.M.......=^....W.%a...S T*......Z.np..l`u.^ ...y.o.x..v.h...`h.^....."..*a..yU2.B.P..7p.V.g...F..D"%.o......6o..3juWV.K....4..&(..(....8.FY.l..J5..hi.?F.(.D..*.!.t.=..$Q....u.S.....q'.....:UJ...w......qZ9.T...}D-......H%./...(.C.H.x./n...v.Fw.........Cc'T.D.S.$t...Y..fa.\..@..s"h.....j.........W....-....'[..aT..p.FHD`.E.K-i..n..*.........$|..#.#[..............^...o.w.._.Eos..5:Vl.k.....@Q\....u.&e0.l(..#E.M.Q......VV.=..*......`.>^...._...$f.~..........2eQ3,..q.v..xf.Yhi.P..P:.dM!.@VtS.x.......I....

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E44A150A.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=0], baseline, precision 8, 100x100, components 3
Category:dropped
Size (bytes):3922
Entropy (8bit):7.825059024683028
Encrypted:false
SSDEEP:
MD5:D526A7CFE31880576A7EFD82B16C6B0A
SHA1:D8B1FA76C45174BDF8083402E4D8AF7F4945217A
SHA-256:E8E64B926CB24F6D2E7C4641E3F1B8225C803306858CDB5881DBF5A071E1BCC8
SHA-512:AC328A8DC1803D6C70BF8435DF32A677EE1D0C87228B78B1F0264CABAFC25249C78691374FC3FD9B70DABCEFC7B68208F54C37439B676863DDF60639E44503F4
Malicious:false
Reputation:low
Preview:......JFIF..............Adobe.d.........Exif..MM.*..............Ducky.......F.....C....................................................................C.......................................................................d.d..........................................7.......................!.1..A"Qa2.q.B#..R3..b..$..C.........................................................?...@0XI.=t..L&..?#.,5Yr.[....N.....h.._.....7;..\c....8.%.I^3...r......-...]..........G.k.e...sX{.8.$..4..~........Lk...6*...X9.(.....='.,.b...q..."X..J.(..5)..F.....G.6.v^U.Mg...k..v...A~.E9..v4..O..DlT.b...Un.Fe.-...*Vz...t....^.cA}kF5kR1..T...F.X..h.b./.c..1...))`{.T.Ev.I....t..........rOc.^s....}.t..W....)k...RH..L.;.....L.-...[A..+(.)U.Y.&...Gy.......I6... ..<A.t...>....U..[#..3.....S.!..*Ic. ....4...9...P.V;.z.L.......h..U3...f.>Ek...!Z.X.....r.c@{...2(....#.....F.....0A.... ..y!...u...Z..kr..P5..`:..!...m.Ac.|......OTJU.h.....a....@o.{.G?.}bzN...X..T..+...o..#..<....=.9"....x.a

C:\Users\alfredo\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F90673B.jpeg

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 352x208, components 3
Category:dropped
Size (bytes):32811
Entropy (8bit):7.951114825435616
Encrypted:false
SSDEEP:
MD5:FEAAED7027775E59B74A76257D7EE600
SHA1:837F0EC190E480D976B0E4F26EE2BA59C0A801B4
SHA-256:8C39120FD4C18F370674148DAA3EB2C80050B2C04B17260227CA6E9BB89CDC54
SHA-512:EA0CAB0B0E9E95FE0CADF355F8279D45A6B61C247D877A10982D42552321DA4B145C97266BB9A493738E62557A29BE89EDAADA718057BFCF8DC6FDFFA3896936
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....ZExif..MM.*.................J............Q...........Q...........Q..........................C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........`.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Z....'M..W9`B.F8..3..Cy..i..6W..om..#i..B..y....z.Y`.r84.$ydi$vwc.f9$..@.....k.....m....P....".~.!,<..16...l.....c<....?.?..w.l..9....t1.1u+&....c.I....^M0..5.N...%.:....@......K....Z\"\...^.....<...}).*.e...Q%..u.3..I.;..A.g.x..{B.h.\....1C..Q...e.Xm.u..F...../,.O{..

C:\Users\alfredo\AppData\Local\Temp\Diagnostics\POWERPNT\App_1672906054575304400_623894A8-1F58-4A5C-98D1-A45B3C2C368D.log

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:ASCII text, with very long lines (15196), with CRLF line terminators
Category:dropped
Size (bytes):72622
Entropy (8bit):5.549400388194359
Encrypted:false
SSDEEP:
MD5:E156FB22A7413BBA1AF0A896DD77C54E
SHA1:651403DB062880D8FB0AD0EF7CEA0D27D0D92D47
SHA-256:09C0103CB59779644DED5CA32DE5770E7425C02E28CC667E740E64F6188E9781
SHA-512:9D57AB7903B21C0EA1F75636161662E2C76ADEFE47567ADC41CE113065BFB009BE5133CAC19EE397A22BDDF3EA23B0C449D07F79763D23919072B16FE0DAA359
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/05/2023 08:07:35.471.POWERPNT (0x3EC).0xE10.Microsoft PowerPoint.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Canvas.GraphImport.EntryPointAppear","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2023-01-05T08:07:35.471Z","Contract":"Office.System.Activity","Activity.CV":"qJQ4YlgfXEqY0aRbPCw2jQ.1.14.1.3","Activity.Duration":54,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Activity.Result.Code":-6,"Activity.Result.Type":"EntryPointResult","Data.DetachedDuration":23,"Data.GoLocalRequestSent":false}...01/05/2023 08:07:36.371.POWERPNT (0x3EC).0xE10.Microsoft PowerPoint.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.RegisterCloudFontCallback","Flags":30962256044949761,"InternalSequenceNumber":38,"Time":"2023-01-05T08:07:36.371Z","Contract":"Office.System.Activity","Activity.CV":"qJQ4YlgfXEqY0aRbPCw2jQ.14.2","Activity.Duration":22,"Activity.C

C:\Users\alfredo\AppData\Local\Temp\TCD4405.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):242
Entropy (8bit):3.4938093034530917
Encrypted:false
SSDEEP:
MD5:A6B2731ECC78E7CED9ED5408AB4F2931
SHA1:BA15D036D522978409846EA682A1D7778381266F
SHA-256:6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
SHA-512:666926612E83A7B4F6259C3FFEC3185ED3F07BDC88D43796A24C3C9F980516EB231BDEA4DC4CC05C6D7714BA12AE2DCC764CD07605118698809DEF12A71F1FDD
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4405.tmp\TabList.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):4888
Entropy (8bit):7.8636569313247335
Encrypted:false
SSDEEP:
MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
Malicious:false
Reputation:low
Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..

C:\Users\alfredo\AppData\Local\Temp\TCD44A3.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):280
Entropy (8bit):3.484503080761839
Encrypted:false
SSDEEP:
MD5:1309D172F10DD53911779C89A06BBF65
SHA1:274351A1059868E9DEB53ADF01209E6BFBDFADFB
SHA-256:C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
SHA-512:31B38AD2D1FFF93E03BF707811F3A18AD08192F906E36178457306DDAB0C3D8D044C69DE575ECE6A4EE584800F827FB3C769F98EA650F1C208FEE84177070339
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.t.e.r.c.o.n.n.e.c.t.e.d.B.l.o.c.k.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD44A3.tmp\InterconnectedBlockProcess.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):9191
Entropy (8bit):7.93263830735235
Encrypted:false
SSDEEP:
MD5:08D3A25DD65E5E0D36ADC602AE68C77D
SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
Malicious:false
Reputation:low
Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......

C:\Users\alfredo\AppData\Local\Temp\TCD4503.tmp\BracketList.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4026
Entropy (8bit):7.809492693601857
Encrypted:false
SSDEEP:
MD5:5D9BAD7ADB88CEE98C5203883261ACA1
SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
Malicious:false
Reputation:low
Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.

C:\Users\alfredo\AppData\Local\Temp\TCD4503.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):250
Entropy (8bit):3.4916022431157345
Encrypted:false
SSDEEP:
MD5:1A314B08BB9194A41E3794EF54017811
SHA1:D1E70DB69CA737101524C75E634BB72F969464FF
SHA-256:9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
SHA-512:AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.r.a.c.k.e.t.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD45D3.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):254
Entropy (8bit):3.4721586910685547
Encrypted:false
SSDEEP:
MD5:4DD225E2A305B50AF39084CE568B8110
SHA1:C85173D49FC1522121AA2B0B2E98ADF4BB95B897
SHA-256:6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
SHA-512:0493AB431004191381FF84AD7CC46BD09A1E0FEEC16B3183089AA8C20CC7E491FAE86FE0668A9AC677F435A203E494F5E6E9E4A0571962F6021D6156B288B28A
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .c.h.e.v.r.o.n.a.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD45D3.tmp\chevronaccent.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4243
Entropy (8bit):7.824383764848892
Encrypted:false
SSDEEP:
MD5:7BC0A35807CD69C37A949BBD51880FF5
SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
Malicious:false
Reputation:low
Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.

C:\Users\alfredo\AppData\Local\Temp\TCD4603.tmp\Dividend.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):570901
Entropy (8bit):7.674434888248144
Encrypted:false
SSDEEP:
MD5:D676DE8877ACEB43EF0ED570A2B30F0E
SHA1:6C8922697105CEC7894966C9C5553BEB64744717
SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD4603.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):282
Entropy (8bit):3.5459495297497368
Encrypted:false
SSDEEP:
MD5:76340C3F8A0BFCEDAB48B08C57D9B559
SHA1:E1A6672681AA6F6D525B1D17A15BF4F912C4A69B
SHA-256:78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
SHA-512:49099F040C099A0AED88E7F19338140A65472A0F95ED99DEB5FA87587E792A2D11081D59FD6A83B7EE68C164329806511E4F1B8D673BEC9074B4FF1C09E3435D
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.i.v.i.d.e.n.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4604.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):260
Entropy (8bit):3.494357416502254
Encrypted:false
SSDEEP:
MD5:6F8FE7B05855C203F6DEC5C31885DD08
SHA1:9CC27D17B654C6205284DECA3278DA0DD0153AFF
SHA-256:B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
SHA-512:C518A243E51CB4A1E3C227F6A8A8D9532EE111D5A1C86EBBB23BD4328D92CD6A0587DF65B3B40A0BE2576D8755686D2A3A55E10444D5BB09FC4E0194DB70AFE6
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.G.r.i.d...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4604.tmp\ThemePictureGrid.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):6193
Entropy (8bit):7.855499268199703
Encrypted:false
SSDEEP:
MD5:031C246FFE0E2B623BBBD231E414E0D2
SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
Malicious:false
Reputation:low
Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~

C:\Users\alfredo\AppData\Local\Temp\TCD48A1.tmp\Celestial.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3295051
Entropy (8bit):7.9549249539064
Encrypted:false
SSDEEP:
MD5:5978107C3CB2A4A8427E643D0A5587EB
SHA1:A3A865B6D128E7C9C5821DF03B9EDFE136F53D17
SHA-256:DDCEAEC2A8E652B60CFA4D5D4C7895D70AD25A214D70DE884302C8FE18F53910
SHA-512:D9E0B9D52665F4C1E4B6CC32E6DEBA4C0CBC9309728415AC9588DDD84CAD47A90567192D24BF7FF2F5DD7836A559F396B5015ABF3E085ABC9B813FF365388D65
Malicious:false
Reputation:low
Preview:PK..........1A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Local\Temp\TCD48A1.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):284
Entropy (8bit):3.5058612801050892
Encrypted:false
SSDEEP:
MD5:1F4035219DC6A0E9FD3A3164C6B6D0E6
SHA1:C6CFB52EC8764F3B27782310DD74A71AB8EFD34C
SHA-256:6AC194049AB034406AD36F9C4436CFC74BF03664A3C025F91D642779D15B9DFC
SHA-512:1D86B380200A41547E2FF9A00CEFAB5895F88BD777EAF3981A0406B1CFD2139069D922A88963431EA781FB766A8410957A33816F8E27F57C1EBA85507540F715
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.e.l.e.s.t.i.a.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4940.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):260
Entropy (8bit):3.4895685222798054
Encrypted:false
SSDEEP:
MD5:63E8B0621B5DEFE1EF17F02EFBFC2436
SHA1:2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953
SHA-256:9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
SHA-512:A27CDA84DF5AD906C9A60152F166E7BD517266CAA447195E6435997280104CBF83037F7B05AE9D4617323895DCA471117D8C150E32A3855156CB156E15FA5864
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.r.y.i.n.g.W.i.d.t.h.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4940.tmp\VaryingWidthList.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3075
Entropy (8bit):7.716021191059687
Encrypted:false
SSDEEP:
MD5:67766FF48AF205B771B53AA2FA82B4F4
SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
Malicious:false
Reputation:low
Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.

C:\Users\alfredo\AppData\Local\Temp\TCD4971.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):256
Entropy (8bit):3.4842773155694724
Encrypted:false
SSDEEP:
MD5:923D406B2170497AD4832F0AD3403168
SHA1:A77DA08C9CB909206CDE42FE1543B9FE96DF24FB
SHA-256:EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
SHA-512:A4CD8C74A3F916CA6B15862FCA83F17F2B1324973CCBCC8B6D9A8AEE63B83A3CD880DC6821EEADFD882D74C7EF58FA586781DED44E00E8B2ABDD367B47CE45B7
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.o.n.v.e.r.g.i.n.g.T.e.x.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4971.tmp\ConvergingText.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):11380
Entropy (8bit):7.891971054886943
Encrypted:false
SSDEEP:
MD5:C9F9364C659E2F0C626AC0D0BB519062
SHA1:C4036C576074819309D03BB74C188BF902D1AE00
SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q

C:\Users\alfredo\AppData\Local\Temp\TCD4A01.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):254
Entropy (8bit):3.4845992218379616
Encrypted:false
SSDEEP:
MD5:E8B30D1070779CC14FBE93C8F5CF65BE
SHA1:9C87F7BC66CF55634AB3F070064AAF8CC977CD05
SHA-256:2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
SHA-512:C0D5363B43D45751192EF06C4EC3C896A161BB11DBFF1FC2E598D28C644824413C78AE3A68027F7E622AF0D709BE0FA893A3A3B4909084DF1ED9A8C1B8267FCA
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .H.e.x.a.g.o.n.R.a.d.i.a.l...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4A01.tmp\HexagonRadial.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):6024
Entropy (8bit):7.886254023824049
Encrypted:false
SSDEEP:
MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".

C:\Users\alfredo\AppData\Local\Temp\TCD4A6F.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):252
Entropy (8bit):3.48087342759872
Encrypted:false
SSDEEP:
MD5:69757AF3677EA8D80A2FBE44DEE7B9E4
SHA1:26AF5881B48F0CB81F194D1D96E3658F8763467C
SHA-256:0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
SHA-512:BDA862300BAFC407D662872F0BFB5A7F2F72FE1B7341C1439A22A70098FA50C81D450144E757087778396496777410ADCE4B11B655455BEDC3D128B80CFB472A
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.i.c.t.u.r.e.F.r.a.m.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4A6F.tmp\PictureFrame.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4326
Entropy (8bit):7.821066198539098
Encrypted:false
SSDEEP:
MD5:D32E93F7782B21785424AE2BEA62B387
SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
Malicious:false
Reputation:low
Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v

C:\Users\alfredo\AppData\Local\Temp\TCD4AFF.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):252
Entropy (8bit):3.4680595384446202
Encrypted:false
SSDEEP:
MD5:D79B5DE6D93AC06005761D88783B3EE6
SHA1:E05BDCE2673B6AA8CBB17A138751EDFA2264DB91
SHA-256:96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
SHA-512:34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .a.r.c.h.i.t.e.c.t.u.r.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4AFF.tmp\architecture.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5783
Entropy (8bit):7.88616857639663
Encrypted:false
SSDEEP:
MD5:8109B3C170E6C2C114164B8947F88AA1
SHA1:FC63956575842219443F4B4C07A8127FBD804C84
SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
Malicious:false
Reputation:low
Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z

C:\Users\alfredo\AppData\Local\Temp\TCD4B6E.tmp\CircleProcess.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):16806
Entropy (8bit):7.9519793977093505
Encrypted:false
SSDEEP:
MD5:950F3AB11CB67CC651082FEBE523AF63
SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..

C:\Users\alfredo\AppData\Local\Temp\TCD4B6E.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):254
Entropy (8bit):3.4720677950594836
Encrypted:false
SSDEEP:
MD5:D04EC08EFE18D1611BDB9A5EC0CC00B1
SHA1:668FF6DFE64D5306220341FC2C1353199D122932
SHA-256:FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
SHA-512:97EBCCAF64FA33238B7CFC0A6D853EFB050D877E21EE87A78E17698F0BB38382FCE7F6C4D97D550276BD6B133D3099ECAB9CFCD739F31BFE545F4930D896EEC3
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.l.e.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4BCF.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):238
Entropy (8bit):3.472155835869843
Encrypted:false
SSDEEP:
MD5:2240CF2315F2EB448CEA6E9CE21B5AC5
SHA1:46332668E2169E86760CBD975FF6FA9DB5274F43
SHA-256:0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
SHA-512:10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .r.i.n.g.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4BCF.tmp\rings.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5151
Entropy (8bit):7.859615916913808
Encrypted:false
SSDEEP:
MD5:6C24ED9C7C868DB0D55492BB126EAFF8
SHA1:C6D96D4D298573B70CF5C714151CF87532535888
SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
Malicious:false
Reputation:low
Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s

C:\Users\alfredo\AppData\Local\Temp\TCD4D00.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):286
Entropy (8bit):3.4670546921349774
Encrypted:false
SSDEEP:
MD5:3D52060B74D7D448DC733FFE5B92CB52
SHA1:3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC
SHA-256:BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
SHA-512:952EF139A72562A528C1052F1942DAE1C0509D67654BF5E7C0602C87F90147E8EE9E251D2632BCB5B511AB2FF8A3734293D0A4E3DBD3D187F5E3C042685F9A0C
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.l.t.e.r.n.a.t.i.n.g.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4D00.tmp\ThemePictureAlternatingAccent.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):5630
Entropy (8bit):7.87271654296772
Encrypted:false
SSDEEP:
MD5:2F8998AA9CF348F1D6DE16EAB2D92070
SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
Malicious:false
Reputation:low
Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt

C:\Users\alfredo\AppData\Local\Temp\TCD4D6F.tmp\Retrospect.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1623260
Entropy (8bit):7.867463315196704
Encrypted:false
SSDEEP:
MD5:126269588DEC71F54D53B563106D0500
SHA1:E4E27B005A9728617832F0F2645980CC2CE6EC52
SHA-256:0C11107C6CF799125DB9352E2F3A0D2B9ED5D55CBBEAED66D79464058598D94B
SHA-512:667F9CA3929926397ED5B43DF4859B8C52973F2603405763308D931C32C4DA831A144ED7041096AFC7CDD291B2978622DED5DD4C16C6BFB0F18235E05B212E5A
Malicious:false
Reputation:low
Preview:PK.........Z&A........a.......[Content_Types].xml...r.`...[a.:%..R.v..p.gh..$d...^../.[0.e..=d....B...c.._?~._>$..}...2.t]...D.ty...I........._....T.M.I..,..APLo.$,z.,J.wf.<...e>..p.=.G......eZFiyT...8....E...P}y}..,.w;...\]k.....o......9(.E<.....>..I;....|.Lq.g....]..g......~>W.<....0/?.I.....g...U.V..3....l.O........m.l...T.....h.GE.......'K....$...z.E..(.Gc.....N......>...b....Z...Y.f.13k..:af..Y..13...........8L....o...s.....k...l.k....K.Z..i[..7mk...m._........~.../.^...{..Z...r@........P.@.....Z..d....R..e.O..jY.S.,..Z..T-K}....Z-^}.}iyS_C.C}.6.w.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_.....}iyS_C.C}C...*....Y.R..uwY.S.,..Z..T-K}...>U.R..e.O..W..o./-o.kha....N.LP..e.O...,..Z..T-K}...>U.R..e.O..jY....w./-o.kha.odC}#...s"kY....K}...>U.R..e.O..jY.S.,..Z..j.x.....M}.-....P....9..,..\[w..>U.R..e.O..jY.S.,..Z..T-K}.Z..N...M}.-...m.o.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_............3..;S0A='...>.k...jY.S.,..Z..T-K}...>U.R..e..V.W.

C:\Users\alfredo\AppData\Local\Temp\TCD4D6F.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):286
Entropy (8bit):3.51951639572024
Encrypted:false
SSDEEP:
MD5:77DEBFBA0B5B6B234F571A6A97E744F3
SHA1:51DD22B67F86F9F21E791D7B08810C297DE4756B
SHA-256:DDEA979C345BDB9F5D33D673CD74C84B2C25A16DE1CAC1D2311FBB52E011C786
SHA-512:428E2C1D370D783B481EA64E3700942F9F74E4B1693793078C8F51E8644A5A8B39DEEFF79A84E3A2C1EBF6A6A5694C26F86D19542FD3DC334A81FA94386E19A0
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .R.e.t.r.o.s.p.e.c.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4E00.tmp\Mesh.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3078052
Entropy (8bit):7.954129852655753
Encrypted:false
SSDEEP:
MD5:CDF98D6B111CF35576343B962EA5EEC6
SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
Malicious:false
Reputation:low
Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Local\Temp\TCD4E00.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):274
Entropy (8bit):3.5303110391598502
Encrypted:false
SSDEEP:
MD5:8D1E1991838307E4C2197ECB5BA9FA79
SHA1:4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93
SHA-256:4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9
SHA-512:DCDC9DB834303CC3EC8F1C94D950A104C504C588CE7631CE47E24268AABC18B1C23B6BEC3E2675E8A2A11C4D80EBF020324E0C7F985EA3A7BBC77C1101C23D01
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.s.h...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4E41.tmp\Frame.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):523048
Entropy (8bit):7.715248170753013
Encrypted:false
SSDEEP:
MD5:C276F590BB846309A5E30ADC35C502AD
SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD4E41.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.5159096381406645
Encrypted:false
SSDEEP:
MD5:71CCB69AF8DD9821F463270FB8CBB285
SHA1:8FED3EB733A74B2A57D72961F0E4CF8BCA42C851
SHA-256:8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
SHA-512:E62FC5BEAEC98C5FDD010FABDAA8D69237D31CA9A1C73F168B1C3ED90B6A9B95E613DEAD50EB8A5B71A7422942F13D6B5A299EB2353542811F2EF9DA7C3A15DC
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .F.r.a.m.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4ED1.tmp\Wood_Type.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1649585
Entropy (8bit):7.875240099125746
Encrypted:false
SSDEEP:
MD5:35200E94CEB3BB7A8B34B4E93E039023
SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
Malicious:false
Reputation:low
Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...

C:\Users\alfredo\AppData\Local\Temp\TCD4ED1.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):284
Entropy (8bit):3.5552837910707304
Encrypted:false
SSDEEP:
MD5:5728F26DF04D174DE9BDFF51D0668E2A
SHA1:C998DF970655E4AF9C270CC85901A563CFDBCC22
SHA-256:979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840
SHA-512:491B36AC6D4749F7448B9A3A6E6465E8D97FB30F33EF5019AF65660E98F4570711EFF5FC31CBB8414AD9355029610E6F93509BC4B2FB6EA79C7CB09069DE7362
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .W.o.o.d._.T.y.p.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD4F6E.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):246
Entropy (8bit):3.5039994158393686
Encrypted:false
SSDEEP:
MD5:16711B951E1130126E240A6E4CC2E382
SHA1:8095AA79AEE029FD06428244CA2A6F28408448DB
SHA-256:855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
SHA-512:454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.b.e.d.A.r.c...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD4F6E.tmp\TabbedArc.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):3683
Entropy (8bit):7.772039166640107
Encrypted:false
SSDEEP:
MD5:E8308DA3D46D0BC30857243E1B7D330D
SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
Malicious:false
Reputation:low
Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.

C:\Users\alfredo\AppData\Local\Temp\TCD50CB.tmp\Quotable.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):966946
Entropy (8bit):7.8785200658952
Encrypted:false
SSDEEP:
MD5:F03AB824395A8F1F1C4F92763E5C5CAD
SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
Malicious:false
Reputation:low
Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.

C:\Users\alfredo\AppData\Local\Temp\TCD50CB.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):282
Entropy (8bit):3.5323495192404475
Encrypted:false
SSDEEP:
MD5:BD6B5A98CA4E6C5DBA57C5AD167EDD00
SHA1:CCFF7F635B31D12707DC0AC6D1191AB5C4760107
SHA-256:F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7
SHA-512:A178299461015970AF23BA3D10E43FCA5A6FB23262B0DD0C5DDE01D338B4959F222FD2DC2CC5E3815A69FDDCC3B6B4CB8EE6EC0883CE46093C6A59FF2B042BC1
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .Q.u.o.t.a.b.l.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5139.tmp\Berlin.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):976001
Entropy (8bit):7.791956689344336
Encrypted:false
SSDEEP:
MD5:9E563D44C28B9632A7CF4BD046161994
SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD5139.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):278
Entropy (8bit):3.5270134268591966
Encrypted:false
SSDEEP:
MD5:327DA4A5C757C0F1449976BE82653129
SHA1:CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71
SHA-256:341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6
SHA-512:9184C3FB989BB271B4B3CDBFEFC47EA8ABEB12B8904EE89797CC9823F33952BD620C061885A5C11BBC1BD3978C4B32EE806418F3F21DA74F1D2DB9817F6E167E
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.e.r.l.i.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD51F6.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):258
Entropy (8bit):3.4692172273306268
Encrypted:false
SSDEEP:
MD5:C1B36A0547FB75445957A619201143AC
SHA1:CDB0A18152F57653F1A707D39F3D7FB504E244A7
SHA-256:4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
SHA-512:0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .p.i.c.t.u.r.e.o.r.g.c.h.a.r.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD51F6.tmp\pictureorgchart.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):7370
Entropy (8bit):7.9204386289679745
Encrypted:false
SSDEEP:
MD5:586CEBC1FAC6962F9E36388E5549FFE9
SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
Malicious:false
Reputation:low
Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}

C:\Users\alfredo\AppData\Local\Temp\TCD5264.tmp\Ion_Boardroom.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1593982
Entropy (8bit):7.907400454215888
Encrypted:false
SSDEEP:
MD5:407ACAACDD935B4C82A2D4AF73D07744
SHA1:E7AB195DF6F9BFD7676C34503E337194DC7631DD
SHA-256:ED85105C65F81EC015215B76ECBD46BEE4CAAA17AD716393DFD15D5DCD57A3E4
SHA-512:03D30E2357319A8153D242EEE035DDFDA718CE93E00C0D99ECF82C1387D1FE1A436111E13AD1CE67214C87CF4709D68FF452C041772A43CB242786ED4090370A
Malicious:false
Reputation:low
Preview:PK..........AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Local\Temp\TCD5264.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):292
Entropy (8bit):3.549050193282821
Encrypted:false
SSDEEP:
MD5:D7052608155B2599CDB50B8F9AAD7BD2
SHA1:F7213641CDC854DD1E7812BCCF9BD918188149F1
SHA-256:577A765CD1FBE2B62887AD32EE0CF7DCD6FCF166772AFB5895F5E11C0C1386AB
SHA-512:173AA81483025EE6A2FA042C8B281226D27E0AB4CF7E61A09FDA3897445CE90D300C9E2173AE10BC051F60CD3576B343F963FB482DC7C6529488AE8E82A5A107
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.o.n._.B.o.a.r.d.r.o.o.m...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD52C3.tmp\Depth.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):2332136
Entropy (8bit):7.9547975506532795
Encrypted:false
SSDEEP:
MD5:2AECC99B664F840799028A20703C3E21
SHA1:0018EAB0CE4900220607F4F80B506AA2F7F89C17
SHA-256:DF93F14304E35E460EEC7F8464AE2C2B0BFFA84D860D4857F41E0F07A3F023E3
SHA-512:E0BD3A86C7AF6B7202E8FBA42BCA27FBB17A21AC94A685A38C8A45F5AE35F350AE18D6B107F553DC95774FAE47F8BD8926F76DDD840BB7EB8E51E5CF2269AA1C
Malicious:false
Reputation:low
Preview:PK........fdlB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD52C3.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.5344681868414707
Encrypted:false
SSDEEP:
MD5:C601540411B7C0E6DE93621C69A0B71D
SHA1:B1F855540B73B163B6FD15B227C0B1D0EDC51AA9
SHA-256:6690E31622155199015B15E94B39C52BEBD081611F4AE0A9E3299CC56AF8EE33
SHA-512:90B14C2D325A091CA3A8CAAE2B4888F79BE0CD9C7E73E3B27A73F5043BB26491ABEEBEC9E25BB27F0E11B7E8F3E5E706F7D0623759301C4FAF0BCA7BCA8F66E2
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.e.p.t.h...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5360.tmp\View.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):486596
Entropy (8bit):7.668294441507828
Encrypted:false
SSDEEP:
MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
Malicious:false
Reputation:low
Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

C:\Users\alfredo\AppData\Local\Temp\TCD5360.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):274
Entropy (8bit):3.535303979138867
Encrypted:false
SSDEEP:
MD5:35AFE8D8724F3E19EB08274906926A0B
SHA1:435B528AAF746428A01F375226C5A6A04099DF75
SHA-256:97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
SHA-512:ACF4F124207974CFC46A6F4EA028A38D11B5AF40E55809E5B0F6F5DABA7F6FC994D286026FAC19A0B4E2311D5E9B16B8154F8566ED786E5EF7CDBA8128FD62AF
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.i.e.w...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD548A.tmp\Savon.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1204049
Entropy (8bit):7.92476783994848
Encrypted:false
SSDEEP:
MD5:FD5BBC58056522847B3B75750603DF0C
SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
Malicious:false
Reputation:low
Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...

C:\Users\alfredo\AppData\Local\Temp\TCD548A.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.5364757859412563
Encrypted:false
SSDEEP:
MD5:CD465E8DA15E26569897213CA9F6BC9C
SHA1:9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C
SHA-256:D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610
SHA-512:869A42679F96414FE01FE1D79AF7B33A0C9B598B393E57E0E4D94D68A4F2107EC58B63A532702DA96A1F2F20CE72E6E08125B38745CD960DF62FE539646EDD8D
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.a.v.o.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5556.tmp\Metropolitan.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):777647
Entropy (8bit):7.689662652914981
Encrypted:false
SSDEEP:
MD5:B30D2EF0FC261AECE90B62E9C5597379
SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
Malicious:false
Reputation:low
Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

C:\Users\alfredo\AppData\Local\Temp\TCD5556.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):290
Entropy (8bit):3.5091498509646044
Encrypted:false
SSDEEP:
MD5:23D59577F4AE6C6D1527A1B8CDB9AB19
SHA1:A345D683E54D04CC0105C4BFFCEF8C6617A0093D
SHA-256:9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
SHA-512:B85027276B888548ECB8A2FC1DB1574C26FF3FCA7AF1F29CD5074EC3642F9EC62650E7D47462837607E11DCAE879B1F83DF4762CA94667AE70CBF78F8D455346
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.t.r.o.p.o.l.i.t.a.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD55B5.tmp\Facet.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):738429
Entropy (8bit):7.8235726750504355
Encrypted:false
SSDEEP:
MD5:8EBD58005DAF9C4EC15AC2530D3A4A30
SHA1:D11B9F2B85F20EB3DB28C4D9C9FDD909848E3E05
SHA-256:D3AB94FDC32B10903AD444F6F3518F93C3D7348FB945168DD8140C74BB7D7E26
SHA-512:00A3A6F8A8D10F4BAD87C3BEAE299D0E28931593EF0FB4145711B1D164A3351A8EF131DA0F26AAB9C3EB7AC214B69E1F03CB52E0E1EA95EB444664D5B0B998E9
Malicious:false
Reputation:low
Preview:PK........e.$A}.4+.....k......[Content_Types].xml..n.@.E_.y.ac $..,........-..g@.u.G.+t.:......A1......=..._..d.....Y:.B...t.e.8]..].....s.M.=.....6...&Z.D.?.u..,."Q.].. W.....p0..Q.Z........Rm7....}\.{.W^.....Z3/N...o.....1'.T.o.HYw?....._,.<<c.qnn...8.:.B9.."^...U.O*q.....>..-]..O...-.q..Y.M...:.M+...}..y..{.0..V'K6.K?Qqz........c^..~GN.*s_..Q=g[k.....8..XCN..'....k.u.u....+..r...!.A....!.Q....a...7U.*uH...!gi=..Y.[.v{&.......q.=.[.v{....k.5.........4Y9..3Y).....v..mi...Wi.~.=G.....t.?.S......bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`...[..u...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C.&2.k...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C..d...*&T9..\..q...W.\...r.?.... .W.C...&+h.r&+f.R.%X..K..-.`.h....e.......zu9JR..7..Y=..6.?PK..

C:\Users\alfredo\AppData\Local\Temp\TCD55B5.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.516936518213681
Encrypted:false
SSDEEP:
MD5:B49384CBC2C04035CAFFB84C03499751
SHA1:43E0C785D194C56EA45833373095E7C7AE8246DB
SHA-256:82CD4A0EF475B600B835565B188702CB4B6CCF0398C13FE27C40C6788396739F
SHA-512:34E085D409BF33837A86EDEC219B5C1F8A5AF698CC77D96996DB725464064822C51173828B1C54ED789CD51B5E4CE1EC10A2CB6D62CF1C67211EC4B60023B0C3
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .F.a.c.e.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5623.tmp\Basis.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):558035
Entropy (8bit):7.696653383430889
Encrypted:false
SSDEEP:
MD5:3B5E44DDC6AE612E0346C58C2A5390E3
SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD5623.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.5361139545278144
Encrypted:false
SSDEEP:
MD5:133D126F0DE2CC4B29ECE38194983265
SHA1:D8D701298D7949BE6235493925026ED405290D43
SHA-256:08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68
SHA-512:75D7322BE8A5EF05CAA48B754036A7A6C56399F17B1401F3F501DA5F32B60C1519F2981043A773A31458C3D9E1EF230EC60C9A60CAC6D52FFE16147E2E0A9830
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.s.i.s...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5682.tmp\Wisp.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):787354
Entropy (8bit):7.849038074328931
Encrypted:false
SSDEEP:
MD5:BBACB56BBFFA78CD4A21A9A6B331D84A
SHA1:5A854FB2FDFB3BD38DDE1AC7C832BA0FFD46F4F1
SHA-256:BD9DE870D21C8A5336ADC759EBFB740E105764810DD4B5B88BCA6213C9133CD7
SHA-512:59D798652E181582593B44015803A13F9838EE1C5971D2992F968D314CDB80B77A9869344D9D1FD26C2D8AFC4574DD9145E795DCFDA706E6CF1B49CAB6402C7B
Malicious:false
Reputation:low
Preview:PK........x.%A}.4+.....k......[Content_Types].xml..n.@.E_.y.ac $..,........-..g@.u.G.+t.:......A1......=..._..d.....Y:.B...t.e.8]..].....s.M.=.....6...&Z.D.?.u..,."Q.].. W.....p0..Q.Z........Rm7....}\.{.W^.....Z3/N...o.....1'.T.o.HYw?....._,.<<c.qnn...8.:.B9.."^...U.O*q.....>..-]..O...-.q..Y.M...:.M+...}..y..{.0..V'K6.K?Qqz........c^..~GN.*s_..Q=g[k.....8..XCN..'....k.u.u....+..r...!.A....!.Q....a...7U.*uH...!gi=..Y.[.v{&.......q.=.[.v{....k.5.........4Y9..3Y).....v..mi...Wi.~.=G.....t.?.S......bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`...[..u...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C.&2.k...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C..d...*&T9..\..q...W.\...r.?.... .W.C...&+h.r&+f.R.%X..K..-.`.h....e.......zu9JR..7..Y=..6.?PK..

C:\Users\alfredo\AppData\Local\Temp\TCD5682.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):274
Entropy (8bit):3.541057232141982
Encrypted:false
SSDEEP:
MD5:92A2AE68F98D9D3037FB248C57EAE3AF
SHA1:7C4EA71979CF442503A45F3738BAF060FCD84999
SHA-256:A2EF06AAEEE6AFECA584F93CD70B018FE915C222D232EED569E990293BB72C41
SHA-512:F9B75F836E072A6F94B61F3673D4D435D5985345872BF428E5777EDD02AD6DB1BE78C9DC04EF4F178DAC9ED9DC41FB4A7352E34AD11264258E8DB21ED6517A90
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .W.i.s.p...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD56B2.tmp\Parcel.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):608122
Entropy (8bit):7.729143855239127
Encrypted:false
SSDEEP:
MD5:8BA551EEC497947FC39D1D48EC868B54
SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
Malicious:false
Reputation:low
Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD56B2.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):278
Entropy (8bit):3.516359852766808
Encrypted:false
SSDEEP:
MD5:960E28B1E0AB3522A8A8558C02694ECF
SHA1:8387E9FD5179A8C811CCB5878BAC305E6A166F93
SHA-256:2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
SHA-512:89EA06BA7D18B0B1EA624BBC052F73366522C231BD3B51745B92CF056B445F9D655F9715CBDCD3B2D02596DB4CD189D91E2FE581F2A2AA2F6D814CD3B004950A
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.c.e.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD574F.tmp\Banded.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):562113
Entropy (8bit):7.67409707491542
Encrypted:false
SSDEEP:
MD5:4A1657A3872F9A77EC257F41B8F56B3D
SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD574F.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):278
Entropy (8bit):3.535736910133401
Encrypted:false
SSDEEP:
MD5:487E25E610F3FC2EEA27AB54324EA8F6
SHA1:11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C
SHA-256:022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
SHA-512:B8DF351E2C0EF101CF91DC02E136A3EE9C1FDB18294BECB13A29D676FBBE791A80A58A18FBDEB953BC21EC54EB7608154D401407C461ABD10ACB94CE8AD0E092
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.n.d.e.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD57AE.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):262
Entropy (8bit):3.4901887319218092
Encrypted:false
SSDEEP:
MD5:52BD0762F3DC77334807DDFC60D5F304
SHA1:5962DA7C58F742046A116DDDA5DC8EA889C4CB0E
SHA-256:30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
SHA-512:FB68B1CF9677A00D5651C51EC604B61DAC2D250D44A71D43CD69F41F16E4F0A7BAA7AD4A6F7BB870429297465A893013BBD7CC77A8F709AD6DB97F5A0927B1DD
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .R.a.d.i.a.l.P.i.c.t.u.r.e.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD57AE.tmp\RadialPictureList.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5596
Entropy (8bit):7.875182123405584
Encrypted:false
SSDEEP:
MD5:CDC1493350011DB9892100E94D5592FE
SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.

C:\Users\alfredo\AppData\Local\Temp\TCD58A9.tmp\Main_Event.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2924237
Entropy (8bit):7.970803022812704
Encrypted:false
SSDEEP:
MD5:5AF1581E9E055B6E323129E4B07B1A45
SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
Malicious:false
Reputation:low
Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....

C:\Users\alfredo\AppData\Local\Temp\TCD58A9.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):286
Entropy (8bit):3.5434534344080606
Encrypted:false
SSDEEP:
MD5:C9812793A4E94320C49C7CA054EE6AA4
SHA1:CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA
SHA-256:A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC
SHA-512:D28AADEDE0473C5889F3B770E8D34B20570282B154CD9301932BF90BF6205CBBB96B51027DEC6788961BAF2776439ADBF9B56542C82D89280C0BEB600DF4B633
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.a.i.n._.E.v.e.n.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5917.tmp\Integral.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):3446188
Entropy (8bit):7.939078022105486
Encrypted:false
SSDEEP:
MD5:AD1C52DB4C29726B3A2D28DDA1110F76
SHA1:46A0656C55202A4ADFAAC7E98E9E1340C4A1FD55
SHA-256:7973C1386416C251569ACC3CDBFE04DA848262A9A2DA998F915E000BFD6B52B3
SHA-512:95C3F09611F977EB3F146C9844D7B96AF3E8123CF3393884CD10EFE7C250F446A565EDAFED1CF1FA6DCAC4D7EADAFACAD134D2A75A8CFB74462F62F5EA8B7400
Malicious:false
Reputation:low
Preview:PK.........Z&A........a.......[Content_Types].xml...r.`...[a.:%..R.v..p.gh..$d...^../.[0.e..=d....B...c.._?~._>$..}...2.t]...D.ty...I........._....T.M.I..,..APLo.$,z.,J.wf.<...e>..p.=.G......eZFiyT...8....E...P}y}..,.w;...\]k.....o......9(.E<.....>..I;....|.Lq.g....]..g......~>W.<....0/?.I.....g...U.V..3....l.O........m.l...T.....h.GE.......'K....$...z.E..(.Gc.....N......>...b....Z...Y.f.13k..:af..Y..13...........8L....o...s.....k...l.k....K.Z..i[..7mk...m._........~.../.^...{..Z...r@........P.@.....Z..d....R..e.O..jY.S.,..Z..T-K}....Z-^}.}iyS_C.C}.6.w.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_.....}iyS_C.C}C...*....Y.R..uwY.S.,..Z..T-K}...>U.R..e.O..W..o./-o.kha....N.LP..e.O...,..Z..T-K}...>U.R..e.O..jY....w./-o.kha.odC}#...s"kY....K}...>U.R..e.O..jY.S.,..Z..j.x.....M}.-....P....9..,..\[w..>U.R..e.O..jY.S.,..Z..T-K}.Z..N...M}.-...m.o.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_............3..;S0A='...>.k...jY.S.,..Z..T-K}...>U.R..e..V.W.

C:\Users\alfredo\AppData\Local\Temp\TCD5917.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):282
Entropy (8bit):3.52879087534807
Encrypted:false
SSDEEP:
MD5:28404EC391B6387F3F2CF0A5BAE7D20E
SHA1:1DFAD8A962FAD4D55E2070689F3EEF4780C677FF
SHA-256:D870840CE4C7EE578CE1932C463B7760E31ECDF143CFBB9C194F488953E3BA70
SHA-512:EE7B29C3F389F25A515E2FC58E6A96617024CE74BBCF2926A5A679B536DBA10D925BDD9EE0089590658B3A20BFD8DBEBE48577A20C9CD93AD2B085BB4C8A3E82
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.t.e.g.r.a.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD59D4.tmp\Parallax.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):924687
Entropy (8bit):7.824849396154325
Encrypted:false
SSDEEP:
MD5:97EEC245165F2296139EF8D4D43BBB66
SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
Malicious:false
Reputation:low
Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Local\Temp\TCD59D4.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):282
Entropy (8bit):3.51145753448333
Encrypted:false
SSDEEP:
MD5:7956D2B60E2A254A07D46BCA07D0EFF0
SHA1:AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5
SHA-256:C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E
SHA-512:668F5D0EFA2F5168172E746A6C32820E3758793CFA5DB6791DE39CB706EF7123BE641A8134134E579D3E4C77A95A0F9983F90E44C0A1CF6CDE2C4E4C7AF1ECA0
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.a.l.l.a.x...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5A42.tmp\Circuit.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1463634
Entropy (8bit):7.898382456989258
Encrypted:false
SSDEEP:
MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD5A42.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):280
Entropy (8bit):3.5286004619027067
Encrypted:false
SSDEEP:
MD5:40FF521ED2BA1B015F17F0B0E5D95068
SHA1:0F29C084311084B8FDFE67855884D8EB60BDE1A6
SHA-256:CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB
SHA-512:9507E6145417AC730C284E58DC6B2063719400B395615C40D7885F78F57D55B251CB9C954D573CB8B6F073E4CEA82C0525AE90DEC68251C76A6F1B03FD9943C0
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.u.i.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5B3D.tmp\Damask.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2218943
Entropy (8bit):7.942378408801199
Encrypted:false
SSDEEP:
MD5:EE33FDA08FBF10EF6450B875717F8887
SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
Malicious:false
Reputation:low
Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-

C:\Users\alfredo\AppData\Local\Temp\TCD5B3D.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):278
Entropy (8bit):3.544065206514744
Encrypted:false
SSDEEP:
MD5:06B3DDEFF905F75FA5FA5C5B70DCB938
SHA1:E441B94F0621D593DC870A27B28AC6BE3842E7DB
SHA-256:72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A
SHA-512:058792BAA633516037E7D833C8F59584BA5742E050FA918B1BEFC6F64A226AB3821B6347A729BEC2DF68BB2DFD2F8E27947F74CD4F6BDF842606B9DEDA0B75CC
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.a.m.a.s.k...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5BCB.tmp\Gallery.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1091485
Entropy (8bit):7.906659368807194
Encrypted:false
SSDEEP:
MD5:2192871A20313BEC581B277E405C6322
SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
Malicious:false
Reputation:low
Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.

C:\Users\alfredo\AppData\Local\Temp\TCD5BCB.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):280
Entropy (8bit):3.5301133500353727
Encrypted:false
SSDEEP:
MD5:1C5D58A5ED3B40486BC22B254D17D1DD
SHA1:69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A
SHA-256:EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055
SHA-512:4736E4F26C6FAAB47718945BA54BD841FE8EF61F0DBA927E5C4488593757DBF09689ABC387A8A44F7C74AA69BA89BEE8EA55C87999898FEFEB232B1BA8CC7086
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .G.a.l.l.e.r.y...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5C0A.tmp\Atlas.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):857650
Entropy (8bit):7.84356939318248
Encrypted:false
SSDEEP:
MD5:9A0B4CB63DD4E749EE4258F897FF42EE
SHA1:BD0F90AAD36C7DB69A57179B9702B13D8C83AABF
SHA-256:9C5471CD01C213E94E699E12331194370D8E3F4FC37776CAACDCF7CCB8949A2E
SHA-512:407AB455623FD3911E6B00CF0A23333979D7E29E7DFB0A759A3FF162B12894C843C51EFF6E1F99BB721851ABB122052ED7F141053FF4F5D955D7842B3600AA44
Malicious:false
Reputation:low
Preview:PK...........JE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK...........J.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Local\Temp\TCD5C0A.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.5321161173982487
Encrypted:false
SSDEEP:
MD5:7A218A379D40D2E5944DF3D26A11273C
SHA1:53780A0EC7DAF776E1A5C66FE40483E46CDA52FA
SHA-256:D1CEBEB92A3F7E0EA94AC966FF80ABC0BDE8B1087DAC1A197EF74C065F38565C
SHA-512:7A935202731A8E711C0FD9FDCDA720D0988DE608AD0B489D6AEC5F52D58EF76DEDD432414CF57F4B2E8FFEC9BB914B8B3BD80BB3CAE44DAB9A43ABB1944E64C3
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .A.t.l.a.s...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5D63.tmp\Droplet.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1750795
Entropy (8bit):7.892395931401988
Encrypted:false
SSDEEP:
MD5:529795E0B55926752462CBF32C14E738
SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD5D63.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):280
Entropy (8bit):3.528155916440219
Encrypted:false
SSDEEP:
MD5:AA7B919B21FD42C457948DE1E2988CB3
SHA1:19DA49CF5540E5840E95F4E722B54D44F3154E04
SHA-256:5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9
SHA-512:01D27377942F69A0F2FE240DD73A1F97BB915E19D3D716EE4296C6EF8D8933C80E4E0C02F6C9FA72E531246713364190A2F67F43EDBE12826A1529BC2A629B00
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.r.o.p.l.e.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5E00.tmp\Madison.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2443359
Entropy (8bit):7.927032974390551
Encrypted:false
SSDEEP:
MD5:960696AF7BBDF3A98F282FD51A641797
SHA1:D884A5875C64C8F3B011E0754BEA633ACACEFBE6
SHA-256:CBFAC1EE697AB73485822088E25CEDB92D495B0B9423464CEBAC2FE3989212FC
SHA-512:9000DD85A0B2EBF5BE41D6C9785D69462D4D1B097D49CF2A57A432AB5D784BB9C95ECF1EB9F7CCC88D0CE47C580014E038D7A716FD1F8C094D2E6A1A42F3F0A3
Malicious:false
Reputation:low
Preview:PK.........k.JH...O...VP......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-q.......0..*!......R5/..Xu..C...5.{H.o/.2.....}.*.V..,..^.n.....c.K.....:...e...(.,..\YgE*.9,6a...b#.a.?..Li.tO?=._....%...`N.........{.j........u..\..9^h.T.<.$.<.#...p.V'......f..r.......Kggx...x....E...H.m.6.)._.2S...l....8..,.fHP}.M.......I.B....c.....4.......=ebN.R..Q=.~EN.*.4.x.v.........rf.8..Y..)g.3.3..g.O.e...7Q.B........L.7..v.6;..v....d....M.Z...ZkWC]k.".k.];u..K.Wk...>Wk.#..Z.| t.6tC}C...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7lJ..ZZ8.7rC}#...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7jJ..ZZ8.7vC}c...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7nJ..ZZ8.7qC}....}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7iJ..ZZ8.7uC}S...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7mJ..ZZ8.7sC}3...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7kJ..ZZ,..ztyJ.<}.2.e..._....PK.........k.J.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70........

C:\Users\alfredo\AppData\Local\Temp\TCD5E00.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):280
Entropy (8bit):3.529695717494243
Encrypted:false
SSDEEP:
MD5:52829318BDC6E0269BFB0626D2D1C1E2
SHA1:80F597C31152B771AADA76DCC598DC7D0162ECA3
SHA-256:A73279946A11C61E07A92A61FEB90A2B741B9CCA0F86C718B79E4BD06C18456D
SHA-512:3D4FF52AF0CF12F36675D5BBD1679C2B03CF11DD944489369DD23764EEEB79DA19944C605B93F1A04F278DE3E8C98437B59EC4FC4675819614C50E222D3D001C
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.a.d.i.s.o.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5E5F.tmp\Content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):264
Entropy (8bit):3.4866056878458096
Encrypted:false
SSDEEP:
MD5:6C489D45F3B56845E68BE07EA804C698
SHA1:C4C9012C0159770CB882870D4C92C307126CEC3F
SHA-256:3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
SHA-512:D1355C48A09E7317773E4F1613C4613B7EA42D21F5A6692031D288D69D47B19E8F4D5A29AFD8B751B353FC7DE865EAE7CFE3F0BEC05F33DDF79526D64A29EB18
Malicious:false
Reputation:low
Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

C:\Users\alfredo\AppData\Local\Temp\TCD5E5F.tmp\ThemePictureAccent.glox

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):6448
Entropy (8bit):7.897260397307811
Encrypted:false
SSDEEP:
MD5:42A840DC06727E42D42C352703EC72AA
SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
Malicious:false
Reputation:low
Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.

C:\Users\alfredo\AppData\Local\Temp\TCD5EBE.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):304
Entropy (8bit):3.599289509037855
Encrypted:false
SSDEEP:
MD5:2D8509303418A7C7E5C2590D70FA6BBC
SHA1:BB75B99280F7955E7E45133EEC2D61D6D04C3722
SHA-256:F6D3A404DC524E41E261C12BFB002762E2F3275E3F4FFF6533C481F15873C0F8
SHA-512:9FF24BBB10CFD783E579518F1FA5B6FE340E0544CC2EC613D378B6A2FD95DEE5CBE964CD74ED5ADB9E093958E12B7B755D6E8E114CC2BB34A17F3B5214E966C6
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .m.y.T.e.m.p.l.a.t.e._.0.2.8.3.6.3.4.2...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD5EBE.tmp\myTemplate_02836342.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1824766
Entropy (8bit):7.941741037170679
Encrypted:false
SSDEEP:
MD5:C5A07069AD7E82F3AEB099F346C4FF62
SHA1:39A58834FD8A25AED63FB83F0C00712AFC3BD2F5
SHA-256:EB7806D9DC3D2ABF82A061709BCD9DB8DD98FA060E66DAF6820D1FA81BB5B845
SHA-512:343FB8BFFA01801EED7289A513564B55B0045FF3D0A842A819CECE416C53C2398D0A0D9B55397BF2EAD5393638085AB6AB83ECB2C701F532BD55C0FED4C98EEC
Malicious:false
Reputation:low
Preview:PK........l.%A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Local\Temp\TCD5F2C.tmp\Slate.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2357051
Entropy (8bit):7.929430745829162
Encrypted:false
SSDEEP:
MD5:5BDE450A4BD9EFC71C370C731E6CDF43
SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD5F2C.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):276
Entropy (8bit):3.516423078177173
Encrypted:false
SSDEEP:
MD5:5402138088A9CF0993C08A0CA81287B8
SHA1:D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A
SHA-256:5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137
SHA-512:F40A8704F16AB1D5DCD861355B07C7CB555934BB9DA85AACDCF869DC942A9314FFA12231F9149D28D438BE6A1A14FCAB332E54B6679E29AD001B546A0F48DE64
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.l.a.t.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD60B4.tmp\Vapor_Trail.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3611324
Entropy (8bit):7.965784120725206
Encrypted:false
SSDEEP:
MD5:FB88BFB743EEA98506536FC44B053BD0
SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Local\Temp\TCD60B4.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):288
Entropy (8bit):3.5359188337181853
Encrypted:false
SSDEEP:
MD5:0FEA64606C519B78B7A52639FEA11492
SHA1:FC9A6D5185088318032FD212F6BDCBD1CF2FFE76
SHA-256:60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13
SHA-512:E04102E435B8297BF33086C0AD291AD36B5B4A97A59767F9CAC181D17CFB21D3CAA3235C7CD59BB301C58169C51C05DDDF2D637214384B9CC0324DAB0BB1EF8D
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.p.o.r._.T.r.a.i.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\TCD62E7.tmp\Organic.thmx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:modified
Size (bytes):8705569
Entropy (8bit):7.955490103632122
Encrypted:false
SSDEEP:
MD5:476CF35ED8367EB98237B6428266D6D8
SHA1:37B320D5109D5FB41044F329187CFECAA8DE2A9C
SHA-256:71739BEA66F1DEE0789A7675ADD098123EC0E8E45EB74D707F6412B28FCBAE81
SHA-512:7280C51F2DC97871C8B959A971445E1CE1499D108204C025043A0B44E9A9D6AC03E1326BBE652EF2EF900BC6F3F5566A32DBA5AA2EEA6A84F1585323E9C9CAE0
Malicious:false
Reputation:low
Preview:PK..........A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Local\Temp\TCD62E7.tmp\content.inf

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):280
Entropy (8bit):3.532897849466528
Encrypted:false
SSDEEP:
MD5:FB2CC12691A46374B7E41C7717EA840C
SHA1:D0D3FCB7822E592D941E93D345038319D0AD5F72
SHA-256:511CC0AD1D792722E928A7FF0A99EA09125D47F6F63381BB9E7B57336A7CAA43
SHA-512:E491B650D49B1136D5AC34B4DD8157F7FB41B9B57906A9A23B6ADD24FEE0EA3CA182CAFD9F4C0D35816D5417D610799E9DEDA248184DBBB7ED1AD52CA0958D4A
Malicious:false
Reputation:low
Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .O.r.g.a.n.i.c...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

C:\Users\alfredo\AppData\Local\Temp\cab43D5.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):21111
Entropy (8bit):7.6297992466897675
Encrypted:false
SSDEEP:
MD5:D30AD26DBB6DECA4FDD294F48EDAD55D
SHA1:CA767A1B6AF72CF170C9E10438F61797E0F2E8CE
SHA-256:6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
SHA-512:7B519F5D82BA0DA3B2EFFAD3029C7CAB63905D534F3CF1F7EA3446C42FA2130665CA7569A105C18289D65FA955C5624009C1D571E8960D2B7C52E0D8B42BE457
Malicious:false
Reputation:low
Preview:MSCF....g.......D...........................g....?..........}.......................TabList.glox.................Content.inf....t....[......@..C...../.U5...........6...`.....T..>3.................=..09`..t......a..Y..BI.Z....=.'0...%...T..........H...>.:A.r......n..p...Pf.h...I.8... ....M.]&.#.vv'.....[c......g....>"......<c..f....i...sb!Z..iu<.%|......q.....G28.h-...7.....W.v...RtdK..F~.0.3.'.e..b7.c......a.3.....a\..]...gp8.+.u/}.w.qF........8.=.=|....\~..S.-q}]0...q.B.H.^J...!...a'.2Tn!..."..%........=.e_-.....{o..%o...a`.w..L.5..r.....e.8...pO..RE.Wgr..b.%.E...O.......8s...E....Um].C..M.....[...H.FZ..4...eZI.$..v.3<]..r....B..............8i......e<.D...Q4.q.^S.....H.b.......r.q..0o.......2..PP,."...JI...xU`.6f..K..Q9.Q..h..t....AI.S6...7............X..`dv..r..S....),7ES....#.....(...\.nh...X.ps%l..F...."<_....q....v........_.e.....P.........|&..fi..4..@..^0..v.]7.......^. ."..}(...w.g.X...=<....p.......L...P..XV....@:....N...Y....

C:\Users\alfredo\AppData\Local\Temp\cab4473.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):25314
Entropy (8bit):7.729848360340861
Encrypted:false
SSDEEP:
MD5:C47E3430AF813DF8B02E1CB4829DD94B
SHA1:35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC
SHA-256:F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
SHA-512:6F8904E658EB7D04C6880F7CC3EC63FCFE31EF2C3A768F4ECF40B115314F23774DAEE66DCE9C55FAF0AD31075A3AC27C8967FD341C23C953CA28BDC120997287
Malicious:false
Reputation:low
Preview:MSCF.....#......D............................#...?...................#..............InterconnectedBlockProcess.glox......#..........Content.inf...<.:#.$[......O..........5f.P.5CU..6..jT..U..U..UM.T.........h................-... .......6...`.....G...........'.,DN:........... "..4..1u.....%.u..{{,....@lp..}..`.......Z...K.....Z..... Z4.<?..C.BF.....k.!Hl...]...Tvf..g....)...vny6.'..f....Z.R.`.......+....!..!.....:..4fj....."q..f..E..^!k.....M.c....R...B......g...~.........o.'.7,.e.,..7.R.e,(.+..+:....Q....f...P.H.I..U.....Jl...l...z.]7...C...<...L.,..@...i.{..e]K...2..KRW..7.-'.G.l!.n7..J.v.C...%/.....q...@..l..e..$..N..sg8]oo.(q(_.?.X.s...Ua..r0...Rz.o.eT.j...b*..}",n.qou..M.[.;%../c.x.4.z.2*.U.]..D...h...-R.$.=\3..P......N.mP......J...}BPn...g]d.5k..C.ee.ml...\.g...[.......<..6$.%.I#S9..I...6.i........_..P.n....c$.3..zw.hF......_{.+...o...[.&........&...M..m.....;....0....D7...4nQ.=/.._`._.nh.D.m..h.+....8..p..q.4.w.\...iy...*...lN6F..c.

C:\Users\alfredo\AppData\Local\Temp\cab44A4.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):20235
Entropy (8bit):7.61176626859621
Encrypted:false
SSDEEP:
MD5:E3C64173B2F4AA7AB72E1396A9514BD8
SHA1:774E52F7E74B90E6A520359840B0CA54B3085D88
SHA-256:16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
SHA-512:7ED618578C6517ED967FB3521FD4DBED9CDFB7F7982B2B8437804786833207D246E4FCD7B85A669C305BE3B823832D2628105F01E2CF30B494172A17FC48576D
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................................BracketList.glox.................Content.inf....7r...[.... G.q..@...B.....?X!.A.......!........X..Vk.JK...Z..=......PD.....P....5...jp..+..T....b.)np5.7.....Zz........... ..!.....S......1....`....h......T?.Nq../......z....[..:..5f;....O...d.FxD...4...Z....[..a...w..W.[..P...5.]...6..."...+t].!...2\%%`Q.\..)...=>.)......a.$.2.,...2,.Lw.?..+..qf....h....T/B.....}T.E...'.%.....,.......X....b..gt.hPYc|.....a...j...=...{..a.`!8!..|...L.T..k..!,.R.z/W....{..,...+..w.m..sQ..7<x..B....?....\.)..l...d...}.....v..W.C..'=p1c.Z=.W.g.e....&wm..N,..K.T../.oV../=9.}.....".28...r.Q....dzj{....S...1m...x9_...2PXpa...Q.n.$z...c..SGq...k......}kPE..*...3.|.5A.>..6.......+)qCB....q....qNkGe...W]..o..Z...J.<.i......qq.8....q..BE.(...._h.U.\@3.F...KdO..=1j+....).*Q.|B..Z..%......LDYk....j.....{klDW..#CVy}...X..O!..}..s..&..DC.....tL.j..b.......[...n.'..1..Xc...9Q..gM.....n..3...v.....~.).

C:\Users\alfredo\AppData\Local\Temp\cab4504.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
Category:dropped
Size (bytes):276650
Entropy (8bit):7.995561338730199
Encrypted:true
SSDEEP:
MD5:84D8F3848E7424CBE3801F9570E05018
SHA1:71D7F2621DA8B295CE6885F8C7C81016D583C6B1
SHA-256:B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
SHA-512:E27873BFD95E464CB58B3855F2DA404858B935530CF74C7F86FF8B3FC3086C2FAEA09FA479F0CA7B04D87595ED8C4D07D104426FF92DFB31BED405FA7A017DA8
Malicious:false
Reputation:low
Preview:MSCF............D................................D..........~..................M. .content.inf............M. .Dividend.thmx..).}.b..[.....`.........?.R...T../..............4..yy....{...f.h..\U......sy.gV0Q.@..A..@..3a.A}........7.q.......8......R....sJ)E..ENr.S*B.1..).s.r.J.D.b."..........(.....E$.V........y.5.L....;gY..QK/nni..x..3.<..Q.Q..K.I.....T.z.,F.....{.p.....;8._.&../...........X...}.;[Gk..._.i`m.u.?...s.w...4.....m......l....5..n.?..c..m...,.....{.k.?......sC.............e..1....oL.8./......1._.K:.]..&......O............qo.....Dd/c...6.q.*......V.v........h....L..h..C+..V..;O.(7Z]{I%....S3.{h....\...b.......5.ES......Z.4...o.c`..YA....9i....M.s....Z3.oq`....>.i..@.@n.a...x.3.zp.<....vU/.|^CvE...aD.P&mhvM>.p..B~....."._.......v-.m..w..?._..=...:...k....i.}x.6....Y.i..n....h...j......LZ.....fk..f0.y.T..Vl.;...s.......B6.f.'z.c.\W?...4U)..aJ.;O....L.d7.J.V#Q.....\J.F.?].d}!..y].6..%..~....|......5...'N.#.....t6.,.E.O."..0fyz....

C:\Users\alfredo\AppData\Local\Temp\cab4572.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):20457
Entropy (8bit):7.612540359660869
Encrypted:false
SSDEEP:
MD5:4EFA48EC307EAF2F9B346A073C67FCFB
SHA1:76A7E1234FF29A2B18C968F89082A14C9C851A43
SHA-256:3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
SHA-512:2705644D501D85A821E96732776F61641FE82820FD6A39FFAF54A45AD126C886DC36C1398CDBDBB5FE282D9B09D27F9BFE7F26A646F926DA55DFF28E61FBD696
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................................chevronaccent.glox.................Content.inf..O.$N...[.........B.....?.....$Zy..Zkr...y<.....Di-.aVX/....h..-.~........#.../.Fz....T...p....A..eHMe[..p...=................f..../%o......F@..=..$.B!....}.0..g..^vlI......f.W.F...Nm..2`...)...,.HL4.nsl.F.ir.k..e.!^.j2.v.iT....t...*..!h..Y...2Q..-.x.,.Xj.U.cj,....9.....)..W..n3f.......(cH.D.4M.!.+..4..3r..y......|r..@.PD.R..#...F..nJAR..1{-.....u3..$..L.b+h....:lZ.>....q.?. ~l..^.%.m....a...cG.h.?.|.?7.'....b.G.4..'..A...o.Z...//..?...d..*.....C..Z.....]Yv.g.]..... .........]x.#=.../.7;R.j....G.....zq=O`[.'5g.D.u..)..../../.v.JmCW.da....3.f..C.z%...S=....;A.q.|....z.E.aRu........ k..J"+.f.S.@.........eD4....\0..t./U..%.H..........M:..U.......J...Z..H.DG..u^..D..P....`.^b.........`c......#.....c.?...#..C.V.&.'..f.'...f.[..F.O..a...&..{TiXg4; .X."..0...B.#..^..........N"..w.@f...gd.S..K.....E....ZR...;.twR>.z.

C:\Users\alfredo\AppData\Local\Temp\cab4573.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2871083 bytes, 2 files, at 0x44 +A "Celestial.thmx" +A "content.inf", flags 0x4, ID 12122, number 1, extra bytes 20 in head, 101 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2887155
Entropy (8bit):7.998455532594825
Encrypted:true
SSDEEP:
MD5:D7751432D989378FF1072BE65D877256
SHA1:90B5BB3EB8B2098E759D52211188B2BDC26E1A1F
SHA-256:A1ACF9D982A2531697766E894FAAB8AD73690E87EC341097FB0F5682E1B76E21
SHA-512:95A305228692F1ACCF57220C201172588B866D8A0733BAC7EAE6A6FBD4DE8870B4E984F4B677AD6CC8CF03A64D39B90E05EC4A17277E166AF3A5FD8DB7A3714C
Malicious:false
Reputation:low
Preview:MSCF....+.+.....D...............Z/..........+.+..>..............e...KG2........Ns. .Celestial.thmx.....KG2....Ns. .content.inf..P1,k..[.....@........./.UUUUCUU5.UUUUCUUU5PUU.AU4.3464a.D3hU.....W.gnqw....I$<'dN9..3).;yI>H'..g.....'..?.....oh...\,wn..A.a..R}.+...H.r.L..._............m(...j'......$.:......o..*).....@.....B4f..|.....4...`.{#.s./.W.^\.L..]4[.e.[@P.A.....E....ZC.ZOr>.iB....{-.{..R.p..G6.i(.....n.H..k.v..]..,.F.Y].m...s.|8^.....O..C...{.v.Tb....E...ir;Gr...2-!@..3uF%.ec.z8}...*VsS.?.....3.V..8p...L....7z..=...y.....6..\......9..-..OY.1...E.{.o.gw.1.....-...(..Q...;.C\...t.I.c[...6...\.S....,V...2.Z..&...\.$......./=~...UG.V.D..........Ry.ri.....=..........d..+...u...)gY_..........?....m8i..J..~<Ej..*.$).c.../h..'.....yH...g.2.._. .....5z....g..Qa\....w....0.v.O7U...YY2O..4.0.Z..4.-J..a.D.DqY..@3... ...}......].PH..".n[.[....f..+V...lu..%.&.MX(...T...Vl....+6..B....^.f.e..i.J2.{...aM.b.."...|...uV..n.8?.}.X..L....*.e1=E...Y......t

C:\Users\alfredo\AppData\Local\Temp\cab45A3.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):22340
Entropy (8bit):7.668619892503165
Encrypted:false
SSDEEP:
MD5:8B29FAB506FD65C21C9CD6FE6BBBC146
SHA1:CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF
SHA-256:773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
SHA-512:AFA82CCBC0AEF9FAE4E728E4212E9C6EB2396D7330CCBE57F8979377D336B4DACF4F3BF835D04ABCEBCDB824B9A9147B4A7B5F12B8ADDADF42AB2C34A7450ADE
Malicious:false
Reputation:low
Preview:MSCF....4.......D...........................4....?..................1...............ThemePictureGrid.glox.....1...........Content.inf....K..5.[.... V.q......B.....?.h.i.J.D...Z...>.....i~...A...Z....H.hy.D..X.....>...L.I..`. z w0}.K`.C{h....W\../.U..p\%...B...;............9..8.^M.....].lP.p...|..?..M....E..S.`..-n........Q'.'.o..C}=..?`.bQ...J"0f.. ....k3n..F.Pu..#...w].`<...."D.].-.#+):..fe..=<.M...4..s.q.f._.=.*T.M..U.[R.kbw.,......t6_I...~.X..$_.q....}2..BR...).[...<.l.3........h%....2.$`>..hG...0.6.S......._3.d~1.c.2g....7tTO..F.D.f.Y..WCG.B..T....Gg&.U'....u.S/......&6w..[bc.4....R.e..f.,....l."........I....J.=~...$x.&2...+,-.;.v.'.AQ.fc...v._..rZ..TYR...g?..Z..!.3mP dj...../...+...q.....>..../...]P.z?DW&.p..GZ....R5n......,..]{].0m.9...o.{...e."...8VH....w"%;.g\.K..p.}....#r.u..l.vS...Y.7U.N*-E@.....~....E...x.....C.......{NP....5Ymk.*._.K...Z...f..;.......b.....,._@B..\.S..d.'\rs..].}.5"XJU.J..'.zk}.+P.)C.X.?9sx.D....(K....P^N_D...Z.........

C:\Users\alfredo\AppData\Local\Temp\cab473D.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2591108
Entropy (8bit):7.999030891647433
Encrypted:true
SSDEEP:
MD5:BEB12A0464D096CA33BAEA4352CE800F
SHA1:F678D650B4A41676BA05C836D462F34BDC5BF648
SHA-256:A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA
SHA-512:B6E7CCD1ECBB9A49FC72E40771725825DAF41DDB2FF8EA4ECCE18B8FA1A59D3B2C474ADD055F30DA58C7E833A6E6555EBB77CCC324B61CA337187B4B41F7008B
Malicious:false
Reputation:low
Preview:MSCF.....D'.....D............................D'..D..........z...^..............M7. .content.inf............M7. .Mesh.thmx....&~j..[.....0.................]............ww,v.\....D......3m..m!f..0..E{..?..`..A...k.:....I..........|bmG.FS...f.;.J.vzb.......R.......-....|.......ESD.....".4M..M..t.N....y..,..#.4.5.2.......'.8.Q..3.D..T....!.......&rJg...s........(..9........Dw..'....9.-..G.c............E.. .O.....a..O.._..s..)7Wz~....bJ..D...o....0..R/.#...?.......~6.Q?....?y...g.?............TP..r-...>....-..!.6...B.....\../...2....4...p$...Oge.G.?.....S.#x(..$.A~.U.%f....dJ..S.f{.g.._..3{.fm2.....Z.\o&.[k.m....ko.8..r.-.Go.OQ..'!6..f.L...Ud.$.q*.L.....R.. J.T&4g...7.2K...#k.[.].:....lk.....;c..DRx.`..&L..cpv*.>.Ngz~.{..v5.\...'C.<R:.C8.|.fE{......K...).....T...gz}..rF..Q.dof7.....D.f=cm...U|.O.]F...5zg(.. ....S..._?D....^..+.i...Z.....+X..U!4qy..._..`I..>./.W.7......=.O....BG..=..%9|...3.?...}.$"..H..u...0.......a..:t?.....8...Z..#g.=<.e.`\......KQ..U....

C:\Users\alfredo\AppData\Local\Temp\cab473E.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):19288
Entropy (8bit):7.570850633867256
Encrypted:false
SSDEEP:
MD5:B9A6FF715719EE9DE16421AB983CA745
SHA1:6B3F68B224020CD4BF142D7EDAAEC6B471870358
SHA-256:E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
SHA-512:062A765AC4602DB64D0504B79BE7380C14C143091A09F98A5E03E18747B2166BD862CE7EF55403D27B54CEB397D95BFAE3195C15D5516786FEBDAC6CD5FBF9CD
Malicious:false
Reputation:low
Preview:MSCF....H.......D...........................H....?..................................VaryingWidthList.glox.................Content.inf...O.....[.... v.q......R.....>.%i.I.HhD.V...qt.....'....N...!..aw$(J.%(..A..h......l|.D.p9`..Y09.:.u....p. :,.*.YD=0.p. ......w.........*..<..;.....u.."......7[....8.....?^........-..;q.|.....B....PJ....r.K#.#.0'...}.........+gpR...T....5.iu.^I...A\..gK....}..z.B.nT.../.m.......N....E'1.E.\..o.....W..R.#.#...8.7...R.SbW-...%......$.obj.F..W_@....sY!........s.O..."k. ..b....j....v...P.\....7d...|"J.T...2p..m.&..r..,2.).....X.`...xt].U...b.h..V.....|L..N.Z.O#....o...1R.w30.g..?;..C.T.:$..MGY.C"i\.f..#..<.k...m..s.w. ..Ga].....wt.h|.Ta<.......(SO.]9.%a..Z... r._JH.=O...P.9a.v.....Kj.".T...m...4.?...F...$...y.....hbW.UA..u.&)....py.C{.=t.....n...}|H3A9.=..W..JJ..y./Y.E.M9..Z..w. .HB.YoIi..i.e..9;n...SpHw,....f....d>..g.m..z...... ...f...KP.M..U.....~vFD.fQ.P?......2!.n.....`@C!G...XI.].s,.X.'...u.E.o..f

C:\Users\alfredo\AppData\Local\Temp\cab473F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):26944
Entropy (8bit):7.7574645319832225
Encrypted:false
SSDEEP:
MD5:F913DD84915753042D856CEC4E5DABA5
SHA1:FB1E423C8D09388C3F0B6D44364D94D786E8CF53
SHA-256:AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
SHA-512:C48850522C809B18208403B3E721ABEB1187F954045CE2F8C48522368171CC8FAF5F30FA44F6762AFDE130EC72284BB2E74097A35FE61F056656A27F9413C6B6
Malicious:false
Reputation:low
Preview:MSCF....0*......D...........................0*...?..................t,..............ConvergingText.glox.....t,..........Content.inf..C..)t-[.....@.........=...xxA. ...E^....x.x.^.......x..^^...DF.......s..d.P.....5.;..]...2.t.w.....O9.G..;.'.T....@I.,.q.u.3..P...9... ....`J.......g.(....).,.h0.....$.3..;.._.....~.de.jj.....U..K.0....`.@.H.1.x.Z.@..q....?....x.wW.....+am8A".....I..)..]...s..-z.2S+|.Cb.t6f],.n.LV......OVg....O.at|..-..x.....:....]s...u..g}.P..v.3....^.".%..%...#.2.....l00...n.......r8.p.....^.....n.)..,..t.^$b...b.q.W...F..R...n.-.+..'........Aw=._OwH....8.:s..{.#..{N.hW..`.._........Wy....>U.?....-.8tg...=..y..@.,.v|......l...t..l#{...H....9..|......~...De..#@y.&K....U...q.c.zK..D.<pV.....Ql..&Y...=#...w....r.`#2....Ug.J(..T...KmW.@...!....j:......M......!..E.7#s.t..F.aU..N....-.i......|w.lr..G.n.,.......=Kl.-m.?F.....v]?.......{q.U.t...<.|..u.....3R.`.t.T.>;v.....KQ...S...7..1...N.kN.y.)v.....3H:..D.{.+.(......u..^W&.

C:\Users\alfredo\AppData\Local\Temp\cab4740.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):22149
Entropy (8bit):7.659898883631361
Encrypted:false
SSDEEP:
MD5:66C5199CF4FB18BD4F9F3F2CCB074007
SHA1:BA9D8765FFC938549CC19B69B3BF5E6522FB062E
SHA-256:4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
SHA-512:94C434A131CDE47CB64BCD2FB8AF442482F8ECFA63D958C832ECA935DEB10D360034EF497E2EBB720C72B4C1D7A1130A64811D362054E1D52A441B91C46034B0
Malicious:false
Reputation:low
Preview:MSCF....u.......D...........................u....?..................................HexagonRadial.glox.................Content.inf.........[.....`........./.mT.T6...CP..z5...0.PcUmCUSUCU.Q.P.0..f............^...H..2e.[..8...ld......*F.%.j.w!R..NA.L............ .r..z....$&.........P.=.r...O...e..dfv_.i%.C....^......?..x...+d..].B.3..EU...|Cc..z.`lQp..fr.....8!;.8.p.ZwH\.........~..T.t..]..H.]..S.2..Vt.....r.H../..-8........!:.Y&..|A..J.U...-.%..k..U...4m.. .q../..b.8.vc~......_q1.?..Bh.v.....L..I.$I..s.".u.. Y....I^5.v...3.......].^)b.t.j...=...Ze~.O...|.}T.._9c........L....BV.^......X..?.....{.>.j..5.m...d.7........g[..f.nST...i..t..|.T.jjS..4p.Pxu..*..W...|.A)..|9;....H.e.^.8D..S...M..Lj.|...M.m+..H.....8.&-....=.L.....n.v..M.9...l....=r......K.F.j.(.(xD.3..r'9.K..-...5..Z..x....._....a[...J...`.b_a\\j.ed..\.3.5....S.T...ms.....E...Xl.y.LH=...}..0.T...04.4..B[..H.....B{B9.h..=.8Mn.*.TL.c..y.s.?.c9$l...).h).6..;.X../_>Pl...O...U.R..v.dy$A

C:\Users\alfredo\AppData\Local\Temp\cab4770.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):20554
Entropy (8bit):7.612044504501488
Encrypted:false
SSDEEP:
MD5:486CBCB223B873132FFAF4B8AD0AD044
SHA1:B0EC82CD986C2AB5A51C577644DE32CFE9B12F92
SHA-256:B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
SHA-512:69A48BF2B1DB64348C63FC0A50B4807FB9F0175215E306E60252FFFD792B1300128E8E847A81A0E24757B5F999875DA9E662C0F0D178071DB4F9E78239109060
Malicious:false
Reputation:low
Preview:MSCF....:.......D...........................:....?..................................PictureFrame.glox.................Content.inf........[.... '.q..@.........<./..+./. ...."o.o./..{^a.7^.D.HA....^J... ...........T%q..b...+pz.n.=....jT.+M..=H..A...py.3.........H...N...[..%..~....>.%....3.r...wx.....0.....7..94..2..45..7f.......D.. ...[...f.:H..../N..4.....8.....:x.I....u|.`."...\..N..%.M#..^v$.*....T.m.....?.-.wki.X..8..F.G..Y.^8...-....+.&.+&.No...e!.#.8.....YF.......<w.....=.Q.S..7....MW....M..9A.3..c..L....|.E-Y....]n".|....b9..l@.d.T...a.f...~.&k.[..yS..q..]L}..)w.....$.@..v...[9..X....V...a.NK....m9.5.....Kq.;9`.U.e...8.<..)Y.H........z.G...3n.yWa.g.>.w!e.B8:......f..h..z....o.1<.RT..WK...?g .N..+..p.B.|...1pR_......@...a....aA......ye..8...+M.l..(.d..f.;....g........8R.\.w.:ba....%...|p....`lrA.|....a.U.m=ld......7....#..?Dq..D.....(.5.K.a..c.G..7..]hF..%:}......}J.j$.....4...l];..v>.&j........Y.vk..$1.@X$...k...9..?...z..![..../...).a.=....aZ^.3?....

C:\Users\alfredo\AppData\Local\Temp\cab47A0.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):31083
Entropy (8bit):7.814202819173796
Encrypted:false
SSDEEP:
MD5:89A9818E6658D73A73B642522FF8701F
SHA1:E66C95E957B74E90B444FF16D9B270ADAB12E0F4
SHA-256:F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
SHA-512:321782B0B633380DA69BD7E98AA05BE7FA5D19A131294CC7C0A598A6A1A1AEF97AB1068427E4223AA30976E3C8246FF5C3C1265D4768FE9909B37F38CBC9E60D
Malicious:false
Reputation:low
Preview:MSCF....[:......D...........................[:...?...................A..............CircleProcess.glox......A..........Content.inf......9.B[.....@*........!...(A.D..K.W.wwpwJj\.K\w...]...K.!.....@0..?,...}won`... ....&I..(;.....X.u..^.R..^......_:....W>f\....T...B..i`|q.....................i.5....(........0q7@.@..F...?A.`.....,L.......5.+../56..a`....1C5..9.*I.N.......@|<+./......... .ya....>l.,t.......y.y5...FF.,F..jCA...SA..H....8u.L..eM?.w8.......~^.Mr.[...(.._......u..+.......j..TJ.:<.3.X`...U.bz...[...r-...[...+..B.......}...\'.i...C.8.B_...c.8</..s.....VQ.Y..m.,.j~;y ...2.5.VQ...K..jP..2..r-...HA...."..9).7.....5.E._.wq.......!.+n+.f...s].4M'.1&...5....4..k..NV.M1.7`a..<.P4.|.mrd.i.R...u...............v.}..n\.C$.....[..2c.^..W..g..._.0.C.o....%.z.!.;.@y.`\..UO#i.)...Q...........L. .\:_..H.{.W...@...T.4..A.a...Wo?o$4.....#.V.s8M.Gh..p?A...Y.....)...........r|...!..o9...8..%#.[....;...3<Z...g....~.Z....,.(...qA.'x#..xC..@...HOuW.[.[....c.........

C:\Users\alfredo\AppData\Local\Temp\cab47A1.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):22008
Entropy (8bit):7.662386258803613
Encrypted:false
SSDEEP:
MD5:ABBF10CEE9480E41D81277E9538F98CB
SHA1:F4EA53D180C95E78CC1DA88CD63F4C099BF0512C
SHA-256:557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
SHA-512:9430DAACF3CA67A18813ECD842BE80155FD2DE0D55B7CD16560F4AAEFDA781C3E4B714D850D367259CAAB28A3BF841A5CB42140B19CFE04AC3C23C358CA87FFB
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................................architecture.glox.................Content.inf..q5.^...[.....0y......../..CL.C5.Q..U5g.z....UUUMPC...C..P....T.....=..s..4c...-3H..E...2..2*..T...../.i.;$..............%...................'h.........#0.......[........c.h.....O...%.61...[.J..:.,^....W.]$..u...N.R.....H.......:%I.g5Kd.n6...W2.#.UL..h.8NN../.P...H.;@.N.F...v."h..K.....~.....8...{.+...&.#A.Q'..A.....[NJ.X.....|.|.G5...vp.h.p..1.....-...gECV.,o{6W.#L....4v..x..z..)[.......T.....BQ.pf..D.}...H....V..[._.'.......3..1....?m..ad..c(K.......N.N.6F%.m......9...4..]?...l6..).\p;w.s....@...I%H.....;\...R......f...3~:C...A..x....X...>...:~.+..r@..."......I..m.y..)F.l..9...6....m...=..Q.F.z..u......J].{WX...V.Z.b.A0B..!....~.;Z.....K.`c..,X.MFz....].Q.2.9..L."...]...6...JOU..6...~../......4A.|.......i.LKrY...2.R.o..X.\....0.%......>H.....8.z..^....5d|...4|...C......R28.E......a....e...J.S..Ng.]<&..mm

C:\Users\alfredo\AppData\Local\Temp\cab47A2.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1072808 bytes, 2 files, at 0x44 +A "content.inf" +A "Retrospect.thmx", flags 0x4, ID 59128, number 1, extra bytes 20 in head, 50 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1088984
Entropy (8bit):7.9927994027199425
Encrypted:true
SSDEEP:
MD5:C4AF49F2FBC299AE7D3B8285BC0890C9
SHA1:BB302051A8E305DFB910AC26D23A67A805C3893C
SHA-256:30AEC7F9ECDAD690A2CB38BA6A2E07C8158175140B76F17AAE7D828A42A727A7
SHA-512:8402A0C75FC6AFD3B6C86794C5F7EAE0B78475989C6B556C89C762F9F312F0F58878C008D0A9CEF28EFFE341F4CF9192EE197575FAA3DA3B1D2189878C13ABF8
Malicious:false
Reputation:low
Preview:MSCF.....^......D............................^..0?..............2..............M.. .content.inf............M.. .Retrospect.thmx.Z..,\..[...............#..0.j.`TU53..U.UU56QS..P.......}"NDCfF.....`.*e3. ...E.....p.....6,.7P...m..!..<.....WKDh.{...<.(&o.F....6AC...D.Tp6o.....#<C\.............A.6.\.[tNX...........jK...O.=.;...............A...?......4.-$....3.@..&....74A6.5..........br.............&...K.`...)....................$..q....sq..w...C............3......co.|..H.sOn.....9_.......33...~......._....h...`..`.o.0.....rTD.$'...A...d.........V.\.....=1Ocj.y.$G..IN.....Y.,.._U..Ul....b.e......%..?."tm>.hE..hM....(.gI.b.G....?..5."A.?.[.3C.7K...B...l-].I._.VJz.V.<z..v.{z.H%.."yg....!_.BUsc.O..7.!y..A.......W....uB.................e.y...N.>.v..".u.?....v5......n.`mja....i.....zwRC..-^.|\.....a..P.(......2.f.J....-...g.f ..O....b.C..A.....f...S....:..@._E=..]C....I......=..-\...]...u..d0...2._..|B&...(......-.y.y7.O..K4.r.t?.6._...e..f.e..G.U......n3.8....g

C:\Users\alfredo\AppData\Local\Temp\cab4801.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):21357
Entropy (8bit):7.641082043198371
Encrypted:false
SSDEEP:
MD5:97F5B7B7E9E1281999468A5C42CB12E7
SHA1:99481B2FA609D1D80A9016ADAA3D37E7707A2ED1
SHA-256:1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
SHA-512:ACE9718D724B51FE04B900CE1D2075C0C05C80243EA68D4731A63138F3A1287776E80BD67ECB14C323C69AA1796E9D8774A3611FE835BA3CA891270DE1E7FD1F
Malicious:false
Reputation:low
Preview:MSCF....].......D...........................]....?..........{.......................rings.glox.................Content.inf..|^.....[......P........<.$.."..0R..xa.Ax#B..d... ....K,.....^.H.....H.........&.j.\f.. ..,....,..!k..R..e..!...E...........................><.RB.....~h...........Q................g..M|,...x.....qV7.u..\...F-N.{-..X..&Zig.~..{.A.p.Z...X..{,-n............`$.%.ND.....>].6cvZ.%d..*a.$..-.K.Hf....L..;.#...H....U,........P.@.*-$C.,.g...%YJE..$.jP........b...Y<..[U...MF]F.K...1... x.}3w.o.#,.}T.....w5+...=.=...c.F^....OM.=.......G_{n.*...WC.w!......{/.~.}..s..6_......)..Xy...4.....<..XZJ........#~._i....%..fM.V.?.q...q.....7...B..sVt...(.:..c....~.e...kGZ...C..(J..o...`...?.)-.T.l....&...gR.$.....g.:...2.e%F.....x....z0...K..a8B...........D..]....7....~.".DR...r)...}b)e.>.\h~f...(}.c........Q...o5H.........C.KC.(.L.l................R..a.pg{..\.......-b........}.C......qTS..%..r.lG..Q.1..Z.>a.D...tC..LV...Rs.C.M18x.:......%O.

C:\Users\alfredo\AppData\Local\Temp\cab4802.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):21875
Entropy (8bit):7.6559132103953305
Encrypted:false
SSDEEP:
MD5:E532038762503FFA1371DF03FA2E222D
SHA1:F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0
SHA-256:5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
SHA-512:E0712B481F1991256A01C3D02ED56645F61AA46EB5DE47E5D64D5ECD20052CDA0EE7D38208B5EE982971CCA59F2717B7CAE4DFCF235B779215E7613AA5DCD976
Malicious:false
Reputation:low
Preview:MSCF....c.......D...........................c....?..................................ThemePictureAlternatingAccent.glox.................Content.inf...3.....[.... .qq...........\<.^......o."......f.o...x.{..q..^.MH^...........{0.K....4pX.i...@6A4X.P.01d....'p.......zA.......... .......7.......a. `.=!@- ......>G.s.k~@.a.lfha:m....1...@.,G`....{....W..N..qs.......j.+TrsT.l.9..L...1+...d..-u..-.......).#u&...3......k.&C...DdZ.'.......8..<PF..r.eq.X6...u..v...s5.m.Q.l.G%.<.]....RV<...S..Dv..s.r.......dh.N.3-.Hf'.....3.GZ..E.kt.5......h...|...?!.L....~.)..v....:2.../F.,....o.qi.i7..E.|.mh.R_.@A.FO@i.....Feo...x.l...{E.\W9|V...=#..3..(......tP.:i....Ox.U.N...%6...p.6&.....<zh.z.|.<Z.?.k....y7m...F.Z$-.:.l.h...{T..7....?..T...d,r...z?../...`/Z......a.v@)....u......V..v.:.._.|.'..[..O.s.OAt-."b.In"..I...J*.~H.:-...?..uV....dZ;z:.l.{.E.,.Q..i]:.0r.I.y..f...../j.wN...^R.....u....>..}....f.f...]A..C~;/....%..^#..N.a..........99.....`.....%..iS....S......$....)

C:\Users\alfredo\AppData\Local\Temp\cab4841.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
Category:dropped
Size (bytes):723359
Entropy (8bit):7.997550445816903
Encrypted:true
SSDEEP:
MD5:748A53C6BDD5CE97BD54A76C7A334286
SHA1:7DD9EEDB13AC187E375AD70F0622518662C61D9F
SHA-256:9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351
SHA-512:EC8601D1A0DBD5D79C67AF2E90FAD44BBC0B890412842BF69065A2C7CB16C12B1C5FF594135C7B67B830779645801DA20C9BE8D629B6AD8A3BA656E0598F0540
Malicious:false
Reputation:low
Preview:MSCF....?.......D...........................?...`J..............3..............M.. .content.inf..+.........M.. .Wood_Type.thmx......r..[.........................!.wwwwqwwwwwwwwwww..."....+......nR..x..\..w..r.5R.....(|.>.$e3.!..g....f..`9NL......o./.O.bxI...7.....|........6.n."J.....4^g.........?...................o.......s3.....8. .T.j...._.Z.Q.t.k,(o.c.t.......?Z....`o........?.a....6.)....6b..../.t...........Mz....q}......C.......+{.......o...K.tQjt............7.._....O.....\....` ..............@..`....%..t....V.]........m..m....u..1.yr;..t..F.'..+{....zqvd.g._..$H..Vl...m..../....g..rG.....:*......8....h...[...a06...U.W....5.Z.W..1I..#.2.....B3...x....$PRh...\{J.c.v.y..5+Y.W.N..hG......<..F..W.d8_....c...g....p|7.]..^.o.H.[$Zj..{4......m.KZ..n.T%...4.Z..Y."q7?kuB......U....).~.......W%..!.e.U.mp.o...h...?.w...T.s.YG#......Y.}....Z.O.i.r,...n..4.\....P..m..=....f........v....g....j...*.wP..4.VK.y.z...C..oum.b.1......?.Z.>.7.!?......A..Q>..Z....-

C:\Users\alfredo\AppData\Local\Temp\cab4842.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
Category:dropped
Size (bytes):271273
Entropy (8bit):7.995547668305345
Encrypted:true
SSDEEP:
MD5:21437897C9B88AC2CB2BB2FEF922D191
SHA1:0CAD3D026AF2270013F67E43CB44F0568013162D
SHA-256:372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
SHA-512:A74DA3775C19A7AF4A689FA4D920E416AB9F40A8BDA82CCF651DDB3EACBC5E932A120ABF55F855474CEBED0B0082F45D091E211AAEA6460424BFD23C2A445CC7
Malicious:false
Reputation:low
Preview:MSCF....Q.......D...............y...........Q...XJ..........{..................M.. .content.inf.(..........M.. .Frame.thmx.1....b..[.........B.....6....ZZ}....BH..-D..}..V.V-........Z..O.....H.f..........;..@d.`......!..=;.,bp..K.q....s.y....D.qZ)p......D...r.S....s=B.4.).8B....4.a6 ...~........."....#.....}....n.Q.1cH.%c/.U....E..E...!..Da*.p....X..G..:.....1.@.....W.'...._........W.c...<.v.k.....&.8......?.h.>d._:-.X.......9..tL}........3.;.N3.D~......>.^?..|:...}......oT.z.......w..[..}:...._fu........Kk.......L..9..p..e..^......K.%...Mapqhvv..E&.^.....[...9|"l...9...U......!..w..Nya...~C.yx...w.K..q.z.j.W?t.......DY.x.S2.....]..na.Qj...X.K..^...S.hK.W...Z....s.0...NF...8C.......j.'Zc...k.%...l....S.....OW..o.Qf.x...X.;<.rO].....W.m.e....T.1.6........".....Q.3........l..v.."..I...&......w..4vE...c.s[.3.m..8.q$.....a...)...&:6..,..#..?....;.!.....~.UP.r=.}h.&U......X...]..X.e\u.G<....E....lG.@.*Z...10.D@.]....z+-.S....p..Y.PK.:.S..p.....1E`..-

C:\Users\alfredo\AppData\Local\Temp\cab4900.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):19893
Entropy (8bit):7.592090622603185
Encrypted:false
SSDEEP:
MD5:EF9CB8BDFBC08F03BEF519AD66BA642F
SHA1:D98C275E9402462BF52A4D28FAF57DF0D232AF6B
SHA-256:93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
SHA-512:4DFBDF389730370FA142DCFB6F7E1AC1C0540B5320FA55F94164C0693DB06C21E6D4A1316F0ABE51E51BCBDAB3FD33AE882D9E3CFDB4385AB4C3AF4C2536B0B3
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................c...............TabbedArc.glox.....c...........Content.inf.;....Y.[.........B.....?.T..ZD...........^C...U.R<Z....z+.I.....Z..-.V...f.....lB..\P.....=.-p....w ...\.kD..x'v..T..A..............".8...d.........FD.ZL.h..T...bp.)9B.v..i..VX...&..\..7.s..qy...l........Rty.Y...rU..>.9...8....L..\.^x.kDU.|TJ..{kN.G..E..$.kvy?.. mv......P..4.....q.1.6<u....e..dD...4.1E..Xi.5.=....1.P.c.K~S...YMO:.?..cL.g.tq\.(b1....E..0A.i..C...BT.m.S......:...}.&U..#QL..O.O../..K......=..........0a..O............BYP......>f.......iu...7.K..;QO~.t....%N.s.]>~#../7YN.....C..9.=cY.......y..U5.....,.....u.....#_..SG.`NR*.....?*..d.R.k.rX$...&.... ..h.4T.D^k-xA...............Hz..ep)e..4..P."fo Ne...o.....0n.Exr.........H..v...A.."..%)2......5...".}j.o8...E.HRQ;}.. .._L.+.jz....{.U..}...=B.o.^..vZ.:5.Z.M....y{\(...N..9...EB*MG...!N.vy..^...nE..2..@.;.4..C..t.4....h..O.8.=.m./...|Lu.|mCU..b.^.n39.h[M...%D{..w.1

C:\Users\alfredo\AppData\Local\Temp\cab4901.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
Category:dropped
Size (bytes):698244
Entropy (8bit):7.997838239368002
Encrypted:true
SSDEEP:
MD5:E29CE2663A56A1444EAA3732FFB82940
SHA1:767A14B51BE74D443B5A3FEFF4D870C61CB76501
SHA-256:3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE
SHA-512:6BC420F3A69E03D01A955570DC0656C83C9E842C99CF7B429122E612E1E54875C61063843D8A24DB7EC2035626F02DDABF6D84FC3902184C1EFF3583DBB4D3D8
Malicious:false
Reputation:low
Preview:MSCF....lh......D...............P...........lh...?..........|..................M. .Berlin.thmx............M. .content.inf..lH.lj..[...............7.I..)........P..5x.B/^y5.xk^^......D.F........s....y...?D.....*.....&....".o..pl..Q.jm?_...6......=%.p.{.)S..y...$......,4..>#.........)..."-....K....4.E...L=.......4..p.c..nQ.0..ZO.#.....e.N..`U......oS....V..X[t.E)|.h..R....$..}.{.F.7....^.....w.,...5rBR.....{.......mi...h.b......w+..;.hV......q..(.7&.Z.l...C."j........[-E4h.....v&..~.p$|\X...8.....Fj'%,.)6w...u|C..,y..E..`*Up../(....2.(....Z.....,.'...d..s..Z....5.g.?Nq..04...f...D.x....q+.b.."v`{.NL....C..... ..n......1N+.I.{W9....2r.0...BaC.....O..=...k..."..8.D\jK.B...Aj....6,B..2...I.. B..^.4..1.K+.....DP...Mr....9..x[...>........?.Zd..'._2.._..>..'.F..#.w...2..~.|........q_Wy.W.....~..Qex.km/..f......t.q..p..gm.|.x.... ,.#\Z....p....a.}...%..v.J.Es......I.b.P?...0......F.x....E..j..6.%..E..-O.k...b .^.h.Cv...Z....D.n.d:.d.F..x...[1...B..

C:\Users\alfredo\AppData\Local\Temp\cab4970.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
Category:dropped
Size (bytes):640684
Entropy (8bit):7.99860205353102
Encrypted:true
SSDEEP:
MD5:F93364EEC6C4FFA5768DE545A2C34F07
SHA1:166398552F6B7F4509732E148F93E207DD60420B
SHA-256:296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899
SHA-512:4F0965B4C5F543B857D9A44C7A125DDD3E8B74837A0FDD80C1FDC841BF22FC4CE4ADB83ACA8AA65A64F8AE6D764FA7B45B58556F44CFCE92BFAC43762A3BC5F4
Malicious:false
Reputation:low
Preview:MSCF............D................4...............?..........~..................M. .content.inf."..........M. .Quotable.thmx..^.u.n..[...............&...U..F.......UU.M.T5.UUQS..j..#>43fD.....`....Vr......19'...P..j.-...6n.0c....4$.c....$.4.k3aQ$.lCN.#.[.."qc....,Z...,Qt@!.@...... ...H.......9.9.y.{....[.`..s3.5.....B....W.g.d...[uv.UW..............P.8.(.?......3.....'/F...0...8.P. .O..B....K...g..L.......#s...%..|4.i....?.3b.".....g...?.........2.O23..'..O~.+..{...C.n.L......3......Y.L...?K...o......g....@.]...T..sU.....<.._.<G.......Tu.U2..v.&..<..^..e.].cY;..9.%..}...I.y.;...WM...3>.:.=.|.-.AtT2OJ.I.#...#.y....A....\]$r...lM.%5.."...+7M..J.....c...".&$.... Y.r.B;..81B. +H...b....@7K.*.F.Z...v..=..ES.f.~.."...f..ho.X.E.a`~*...C>.&..@\.[....(.....h..]...9&...sd.H .1.x.2..t.rj..o..A..^qF.S9.5.....E.{...C|.w.c/V...0Q.M...........O.7;A4u...R..Z.B.7a.C`....p.z.....f!|.u.3t....2e.wWH..'7p....E_...e.._;..k....*&E.^.f=V..{*..al.y:.4a...+.g...-..>e

C:\Users\alfredo\AppData\Local\Temp\cab4972.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2042491 bytes, 2 files, at 0x44 +A "content.inf" +A "Depth.thmx", flags 0x4, ID 63414, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2058715
Entropy (8bit):7.997107658057165
Encrypted:true
SSDEEP:
MD5:A6DE20BA06CD7C8AAB98F8C03BBD49F7
SHA1:CEDA0FE1EEA124EADC13606B5624373B922D24EA
SHA-256:AD50810112E08B981E967A5984DAB3DA6C4AAA890316BA38D44F39D80CCBB4E6
SHA-512:54FC0A7C2BEB082677882E0BC128CD77F13CC8E3C3C286056DB2D5FDC608865ADD3C3FDC4A8AFFD120E3A98128BC15FCE7FE7D90121A5462A66F8FCA0F93AABA
Malicious:false
Reputation:low
Preview:MSCF....{*......D...........................{*..`?..........{...H..............Mn. .content.inf..#........Mn. .Depth.thmx...8.hx..[.....@8....@...=.R.I.:...-..a$IA*.a...Z).D(....u...$Z..G;Nkw.7F...........v.+.L@..":..A.mb.......u.@......`r..+........N...j..>...j}.....bG^.I!.W$C/@X..............j.H.... .1.).....9........ii6..:.m_.X.u.?.47.i...+mx...&:.7n....M...."~...m....f..oD.....\l..9N..w.2...9...4...:..6....k..?L.....'.....y....gY3....__9..~t.......3m.u.......~......f.......O....K....r:u..Y....-.H.w.].^]M...F.oz.........~.3....#fk.E@.R....z...yC.6............"..._..i:<S.?.@.z.Y....*..-..?...t..b.. ....m..9l.7.....(..w.....V.G4..Kf.$f).....ym..4sk.,..c.........j=...f.n.F...r.*C..=#.....+..?../C...t2..v;H{. F..V.u....:(....\...r$Y.q.&o. .1..q.`w......-..I.......~.+.d./.[w(...u..Y...I]..H...xI...?....dE....{.C.[z.....L...#..~......e.......]..l: .; ....8.P.9B....d.o.9\r....V.[BpW...u..|...e|e...{.x.}.tz..N<G(...N9.._|..a.?.....E.Ck..u../v3...N?.

C:\Users\alfredo\AppData\Local\Temp\cab49A2.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1377563 bytes, 2 files, at 0x44 +A "content.inf" +A "Ion_Boardroom.thmx", flags 0x4, ID 26781, number 1, extra bytes 20 in head, 49 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1393811
Entropy (8bit):7.998039489696127
Encrypted:true
SSDEEP:
MD5:0F56B43D83616D6A60134BF50F9E684E
SHA1:2DBCBDC795F5FB637D73099F27C5BE2B6103C060
SHA-256:9F4CD66A196D3874BA6BC74F9320F4EADDE09586DCB0AE00ADF0A56EC3EEE5F4
SHA-512:776F63994648A96C763E883D318B2889E7A3A32C21BAE8E001CDB9E8F8E2C434939C3BFA221956A715DA206BFB9FC837DEBED2EEE532A59523D783F6865BDF75
Malicious:false
Reputation:low
Preview:MSCF............D................h..............x?..............1...$..........M. .content.inf.~R..$......M. .Ion_Boardroom.thmx.f...<l..[...................]...............p..]....XQ....;X...sQT-(`>N....#.@..w..6@.....;.!{@YP.........(..C...!M...(8.a. .e..24...R.,.x.........."."....DU$..3...]...{....Tr]W....`.........h.0............{.T........#.6.....?.........X...@.........o..6.../?.....Q...p.....p...c.../.2....H?.`.r...........<C...P.W..6..$V..~0..f.....%.;....(_.g..4......o./.......&..._....&.......<..~.K.g..6.H..HX.lAqk.b...k..cNS.l\3.......L,.y.3%,..,.....mx.?...3.........#kFR..33g.....B~l.#........'W.Y.c..4.^...yWo.f....+.Q.|....'-P..|e.')..+.UVL.......+...b..2B.E..*.-.....M..x.Sw.>..}+v.[S.......2.K...~...&Q{F.s.C..`-....[...Y...3/.........%..T.m...V.h.EU....W..2.......osEC......5.9.C....2.i-...|..4.H...=An/.w.L\s..o.o.@c.g..0r.U`K.4.H.....U.K.1.................R..p..*~.=>......I.!f..6...T./.3..s9D.yu/..O.Q..M.U1t..&.km.w..m/.Q.<G..R..

C:\Users\alfredo\AppData\Local\Temp\cab4A9F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):23597
Entropy (8bit):7.692965575678876
Encrypted:false
SSDEEP:
MD5:7C645EC505982FE529D0E5035B378FFC
SHA1:1488ED81B350938D68A47C7F0BCE8D91FB1673E2
SHA-256:298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
SHA-512:9F410DA5DB24B0B72E7774B4CF4398EDF0D361B9A79FBE2736A1DDD770AFE280877F5B430E0D26147CCA0524A54EA8B41F88B771F3598C2744A7803237B314B2
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................................pictureorgchart.glox.................Content.inf.W..y....[.............../.jC....U.CUUUTU.5...jjPU..MP....T..0*....o0.......Y.=....P.({.3.p..."pA!>r../3.q..7...........!...TO....(..%......6...3E?....~......CZmndse.Qy....p....h....=.:5...F..%.E.&.v.`I~. ..%._..b]..Y..Q..R.........nN.q8c..a..L..X/.M...PP.q..SpZ.K]>D"Pf..B.c....0..|I.Q.,.g/..Kev.../..=......w..}3.....(....+#T.....K`N.u..Z.....rriK.(...(...6.<R.%.]..NX..b..].C.u....++......Ia.x. .7....J.#............w>....7..R...H>....@%....~.yA.......~.UB..*. .P..$...-...v.....=M."....hw..b....{.....2pR....].C..u@=G."Y..;..gc/N.N.YB.Z.q.#....$....j.D.*.P..!.)S.{..c....&'E.lJ%.|O.a...FG.|.....A..h.=c7.)d.5...D...L...IQ..TTE.*NL-.*M..>..p0.`......m..,.w#rZ..wR\@.Wn..@Q...}..&...E...0K.NY....M.71..`.M./:.>..._L..m...,U.l....._fi...nj9..,..w.s.kJ.m.s.M.vmw.!.....B.s.%.-').h.....)c.l....F..`3r...-.....0..7..&N.....n.#H...<7

C:\Users\alfredo\AppData\Local\Temp\cab4ACF.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
Category:dropped
Size (bytes):222992
Entropy (8bit):7.994458910952451
Encrypted:true
SSDEEP:
MD5:26BEAB9CCEAFE4FBF0B7C0362681A9D2
SHA1:F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601
SHA-256:217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
SHA-512:2BBEA62360E21E179014045EE95C7B330A086014F582439903F960375CA7E9C0CF5C0D5BB24E94279362965CA9D6A37E6AAA6A7C5969FC1970F6C50876582BE1
Malicious:false
Reputation:low
Preview:MSCF.....'......D...............]............'..H?..........z..................M{. .content.inf..l.........M{. .View.thmx......R..[...........@...G...I..(J.....B....Q!....}Ju..(BR..._|.5.%.....6m...........?.w{.rm,....#....;Ba#.:v...Dv.."u.v{!...f}......!......:.S.......".z.f.......==.n.0Km0eh.Kbm.C.r.6.........d..h.....{..w..}....2sb...rvm..x...0(..B... ...BH.r#.@..d".*..F+...Q.sx.....?...d.d.eZ2W2.2d...q.I....4.e4....#.....K...3...1.p.y......>.~V....cm....n^..b.{..._D?..AG...'...k.L&..h}=p.....Wl....(.......>.~.].....'.4.W{......../......7.....'.s...w...6..hn..e.2.).l]u.v4...GF.X..X..X....G.i.\..y.g&.<&ti......Sp,j.....>I..S..%.y..........S..-).+...>...D..............[...d...jt.~<x.a(.MDW..a..ZI.;+..!,.$...~>#...).R4...K.$.Zm......b...........{..._..A{.}..r...X...T.ZI.T.).J...$.".U,.9...r.z.)......}...()<....m....QS.p...;?..5.W~2r.EZu..P.1.%'l.........+/6.Mm.|2....Ty..f.o.S.....3J.._...X,..m....:..1.<GqFy.QA9W4.=....n...ZP...O.\.[...:8.%.^..H.....

C:\Users\alfredo\AppData\Local\Temp\cab4B00.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1065873
Entropy (8bit):7.998277814657051
Encrypted:true
SSDEEP:
MD5:E1101CCA6E3FEDB28B57AF4C41B50D37
SHA1:990421B1D858B756E6695B004B26CDCCAE478C23
SHA-256:69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E
SHA-512:B1EDEA65B6D0705A298BFF85FC894A11C1F86B43FAC3C2149D0BD4A13EDCD744AF337957CBC21A33AB7A948C11EA9F389F3A896B6B1423A504E7028C71300C44
Malicious:false
Reputation:low
Preview:MSCF....q.......D...........................q... ?..........{...%..............M. .content.inf.Q_.........M. .Savon.thmx...O>.o..[..............&.5....UUcC.C....A...`TU...F....".54.E.....g.-.7-D....1g...p.6......@..w(....h'?.....(..........p..J.2n$4.........A......?...........@.C.W.R.5X..:..*..I..?....r.y..~!.....!.A.a...!........O.........5.x<C...?.?....C.C.......'....F../....../.$................4.7...................P...(.w.}6.........7.....01.1r........._..?.............'.._..JOx.CFA<.........*0..2.?...>F.../...;..6-8..4...8&yb....".1%..v'..N...x......}.gYb..~L.....f[..!......Y.G.....p..r...?.p...F.Vy.....o.Whll...+...M.V...:.]...B.%.H....n..@.].zaVxf...y{.@....V.t.W....$Kp-.....7W.J..h..0A3mK.=.ub..R...W......*'T2..G#G,.^..T..XZu...U. ...76.d..#.I.JB.v...d...%.....6..O.K.[.:.L.\.....1.D..2a.>f......X...b5...ZgN.u.f...a!..."...sx....>..?.a.3.8.^._q..JS1.E..9..Lg.n.+....lE.f:j.9)Q..H1=..<.R.......{c>:.p[..S.9h.a.gL.U....8.z..z.!.....2I.~.b..2..c...

C:\Users\alfredo\AppData\Local\Temp\cab4B9E.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2738786 bytes, 2 files, at 0x44 +A "content.inf" +A "Integral.thmx", flags 0x4, ID 26156, number 1, extra bytes 20 in head, 106 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2754858
Entropy (8bit):7.998611101143596
Encrypted:true
SSDEEP:
MD5:57399106826184403A379F7A9A869AD3
SHA1:591AD2D06F93A793441DD6FD18EB7DF02549D7CE
SHA-256:3779E325D94B6FA8023669DA99CF47A3169E6648913018886647ECB9E6F735E9
SHA-512:70789E2D81F52D734AFE2446EB7E4925E354FCE37BC4BBB4CF0BAE7D215144FE81857A507AFF107740B8AB824A1662812A5D450961C02F9BEF2D3E1768C99F69
Malicious:false
Reputation:low
Preview:MSCF....b.).....D...............,f..........b.)..>..........~...j..............N.. .content.inf...4........N.. .Integral.thmx.h.J`.}..[..... ...Rf....O..{.K........Bx]...t.&..7.........n.A]....!.El7.h..........F..DBX..E+4.....d..Wy.!fR.x).=.U.=...4..U....y.]4y..h.^..i.J2..V.O......@....T......~.u........5..}C....~....,.......S.....n/....<*p.}._...N......O.!...?.......DO.8.........cF..~.......e}...>...I.._.g>............n....[..1....W....7w..........A1.q....................B....{_..:..sm..5.9;G7..i...NM..9.G.O..G...=+.<.........#${..#.r..9.....UN^..W.A...{ts....u...e.^...W.u.[.K.q.y....I8....N...<.W..*.Epu6...V....|.u#.k8S!}...8......v..;4Z.z...o..#./....\.......=.un..~..g..X.:&,.eK. n0.....H.L(..y..H..|..Y.L..\.V.'.-..M...\..-.[%.m......x!O;..sw.z6.....bx]|l..YU@....K..J......\.....Y&..L[.'...i.v..4".5L'...G.z.0E.k.l.%.U...1<...K.....(Wn7.}.j::..e......?{.&...'U.n...O4...4..rS.....F.)......l..G.4)=.7...v...w...bw.L.....E.;3.......e....)c.E......

C:\Users\alfredo\AppData\Local\Temp\cab4B9F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2527736
Entropy (8bit):7.992272975565323
Encrypted:true
SSDEEP:
MD5:F256ACA509B4C6C0144D278C7036B0A8
SHA1:93F6106D0759AFD0061F73B876AA9CAB05AA8EF6
SHA-256:AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67
SHA-512:08C57661F8CC9B547BBE42B4A5F8072B979E93346679ADE23CA685C0085F7BC14C26707B3D3C02F124359EBB640816E13763C7546FF095C96D2BB090320F3A95
Malicious:false
Reputation:low
Preview:MSCF.....R&.....D............................R&.8?..............Z..............M). .content.inf..,........M). .Main_Event.thmx......R..[...............=.1.^xa..^...../..^x....QA^"....^/.I.{/F..F..........6Vn. ..._Hmc......<....#.{.@.....Xl../Y....Ye..'V.f.S.Vf.T..0t+..y...5O...{.....-.dT...........!...[ .ns..k.....QAA.. ....B..u.`.....{.\u8.0.....@t........K....@..w.......>...-1F...........1.E....O............_M.m..CP.O......X......g......].../..:C...Q...i.._"...M..1o...S../...9....k;...}S........y..;1o....1h......t.CL.3...].@...T...4.6.}.....M...f...[.s.."f....nZ.W......0.c.{.`.^..Oo.[.JT.2].^.f..a....kO......Q..G..s.5...V.Wj.....e...I,]...SHa..U.N.N.....v.C.....x..J{.Z.t...]WN...77BO-J......g......3:i..2..EFeL.,n..t:..,~4gt.w...M.5.'h.L..#..A&.O.ys%K.Z....F.PW..=jH...jGB.i..j.J.^.#.\n...J@.....-5.f.1jZ68.o...H2.......$O...>..ld&,#$.&_....yl.fkP$.........l....s....i.tx.~<.z...>..2.Gx..B..z.E.3.N<....`$.....b..?.w.[.X..1.=q!.s......v.......r.w

C:\Users\alfredo\AppData\Local\Temp\cab4BD0.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 471473 bytes, 2 files, at 0x44 +A "content.inf" +A "Facet.thmx", flags 0x4, ID 35621, number 1, extra bytes 20 in head, 23 datablocks, 0x1503 compression
Category:dropped
Size (bytes):487545
Entropy (8bit):7.997899883595182
Encrypted:true
SSDEEP:
MD5:B4312FCA4A8A21F8905311D4427E87BB
SHA1:50B314F6CE6D4508557444E04E6265B7353D1087
SHA-256:4087D3C1E0D93567E67FC8F17CD3AD5587C2FC203B1BBEB8D7A01A750D54E924
SHA-512:6F828DEE15B3351CD15C5B9388AFB117B61ABDBC45559A7CC0106173E5BC2088BABC551474E9F27D183F5DBB3273520A1029B5FC514984FFCB473273C1A6F6F9
Malicious:false
Reputation:low
Preview:MSCF.....1......D...............%............1...>..........{..................N.. .content.inf.}D.........N.. .Facet.thmx.]..].k..[......@........&...Qm.UU.A0.U...UU.S.TQS...............XU....>.2...l...K.#........OH.i.w...lX.m_./..._.......q.]s..-.v.kw.M$.v.aq.&..S.n..ad.....D.....hF.........n..@e.$.Z....".G.z........@@..o)o.:...8. .8........p.o........I.........._........9...Qd....i.A....Sp...)...7 .....qSAq.........o.....p>.......?...........y......'...OFk...`b........A.....?(f.....O.4...xO..s...xz...._.H..R....(.........e......5:7..-.9.3^G.....]....WSES..,..9....A..C.r.....d#....I....T.M.=...V.z..|p...[Y....=.Y.m.L.g.w..|....[..M..q...5......]....;.T......c...\|.6.o.QO1>Kb.&.2.B{kA......B.k..sU3{.~.2.. o#.RW...R..J.M.G....b.r.8.,$T.%.V.....h......\:....|<..t...~...-$.....J..#..8q.z..d...aB..<..[?...+msH.B5..t.....(..|...x.=..........\0.iKl.,..-...QTd...H_...`.5.........p......Iw$..?.q....S=0..p.V.........p.]n*j.s+.$..P+..t....f...k..Tv.fj.

C:\Users\alfredo\AppData\Local\Temp\cab4C00.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
Category:dropped
Size (bytes):295527
Entropy (8bit):7.996203550147553
Encrypted:true
SSDEEP:
MD5:9A07035EF802BF89F6ED254D0DB02AB0
SHA1:9A48C1962B5CF1EE37FEEC861A5B51CE11091E78
SHA-256:6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674
SHA-512:BE13D6D88C68FA16390B04130838D69CDB6169DC16AF0E198C905B22C25B345C541F8FCCD4690D88BE89383C19943B34EDC67793F5EB90A97CD6F6ECCB757F87
Malicious:false
Reputation:low
Preview:MSCF.....B......D...............P............B..p?..........{.................M.. .Basis.thmx...........M.. .content.inf.`g..td..[...............5..$..WM.....R.......H\.+\./^...x.^..h..MU..\........v........+......g...$.......g.....~....U].7..T..1k.H...1...c.P.rp.6K..&......,.............U4.WoG.w.....;.....v..922.;]..5_-]..%E]b..5]... (..H..II..ttA4Q..BI!|...H.7J.2D....R.......CXhi`n....6..G.~&.[..N...v..Z"t.a..K..3..).w...._@.}.}.v.......4......h....R;.8.c&.F...B^....Q.....!Bm2...F.`.......M;...#.{....c...?...e...6t..C.-.E.V.v%I..H.....m.n...$D.....vU'.....=6}~...Gw...Y..?.@......G.....k......z...5d.h......1.}..O*;e..t......Y.0...3.v).X.-.2.....~....14.[.w=I....hN....eD..7G.u.z..7.do..!....d..o.wQ.:....@/.^..<e.-..=\.....6.C.'.rW$..Cp.M3.u6z......Q.F.9.5....juc..I...m4]7L....+n......).t......2[.3.p.:.....O5y..wA........^..!..H....{..S.3w.!&.'.;...(..|m.x.S..Z.j..3...n..WU...../w.......xe=.+.D...x..qy.S.....E..... ...uu.`.,..<.6[p

C:\Users\alfredo\AppData\Local\Temp\cab4C01.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
Category:dropped
Size (bytes):261258
Entropy (8bit):7.99541965268665
Encrypted:true
SSDEEP:
MD5:65828DC7BE8BA1CE61AD7142252ACC54
SHA1:538B186EAF960A076474A64F508B6C47B7699DD3
SHA-256:849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
SHA-512:8C129F26F77B4E73BF02DE8F9A9F432BB7E632EE4ABAD560A331C2A12DA9EF5840D737BFC1CE24FDCBB7EF39F30F98A00DD17F42C51216F37D0D237145B8DE15
Malicious:false
Reputation:low
Preview:MSCF............D...............nJ...............D.................."..........M. .content.inf....."......M. .Metropolitan.thmx...cVtP..[.....`Q..B.....=.T.....h.."...Z..|..}hZK.V....Z..Z................?..v...[S$."...H......^u.%.@...>....... f.........1.5......*&lm.tZ.msz:...Noc....1....D .........b..... ..3#pVp....}oo]{m......H*[%i.GNHB1D<......(*# ....H"....DP..b(B.<.....v......_..`.7..;.}............/.p}.:vp....~l0..].........S....G?.....}..U.;......dNi..?........-c..J.z....Z...._.O.....C..o.,......z....F....sOs$..w9......2G..:@...'....=.....M..am.....S......(`.._....'......[..K"....BD...D...^1k.....xi...Gt....{k@.W.....AZ+(,...+..o......I.+.....D..b. T.:..{..v.....g..........L.H.`...uU~C.d...{...4.N.N..m8..v.7..3.`.....,...W...s.;.fo.8.Y...2.i...T&.-...v8..v.U.Y=...8..F.hk..E.PlI.t.8......A.R....+.]lOei..2...... gS*.......%8H.....<.U.D..s.....>.....D_...../....l.......5O1S~.........B.g.++cV.z.f .R.Z.......@6....(..t^5"...#G...

C:\Users\alfredo\AppData\Local\Temp\cab4C40.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
Category:dropped
Size (bytes):230916
Entropy (8bit):7.994759087207758
Encrypted:true
SSDEEP:
MD5:93FA9F779520AB2D22AC4EA864B7BB34
SHA1:D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A
SHA-256:6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
SHA-512:AA91B4565C88E5DA0CF294DC4A2C91EAEB6D81DCA96069DB032412E1946212A13C3580F5C0143DD28B33F4849D2C2DF2214CE1E20598D634E78663D20F03C4E6
Malicious:false
Reputation:low
Preview:MSCF.....F......D................g...........F...?..........|..................L.. .content.inf.zG.........L.. .Parcel.thmx.>2...R..[...0...........7....B+...BH....{...^.../.....B{...1....+".....<.....$........{.......sD"..j...}... P..w..U..f...6.x8. ...C..F.q.7....T.6p......B.P..L..g......A..43.W`.....{{...u.4...:.bb.4"X..m..)$..@(H. H.tBPTF..,.&.B.'...6..2...n..c%...Z@.(.@.......(.<i.i....P......?......o.......F.M.L......i.....C..7..../.....MQ.0..l.U.s.Fu.......1...p.;.(.}..ogd..<.._.Z......._.......O.J......97...~<...4.c....i..........'k.5.......Q.$..C..E... ..5.7....N.a.[ns6hi..kM....?....X......*9q...!O\....0....n.^s.9.6..............;. ..r...rf..C6z..v #.H...O...v/.sl....J.m%.L.Dp.e....*uO..g.y....f...].5.*........W.....h^[..w.|.=.ru.|.M..+.-.B...D.Ma....o.<X SnI....l...{..G..,..y5\W.@..y.;.y ...M..l.....e..A...d.e!.E..3.......k1.......6gY).../....pQ..?..s.W.)+R.S5..../.0..vz.^.......k.....v..9..A.NG...N~#..$.B...*s,(.o.@.ar.!.J.....

C:\Users\alfredo\AppData\Local\Temp\cab4C41.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
Category:dropped
Size (bytes):307348
Entropy (8bit):7.996451393909308
Encrypted:true
SSDEEP:
MD5:0EBC45AA0E67CC435D0745438371F948
SHA1:5584210C4A8B04F9C78F703734387391D6B5B347
SHA-256:3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
SHA-512:31761037C723C515C1A9A404E235FE0B412222CB239B86162D17763565D0CCB010397376FB9B61B38A6AEBDD5E6857FD8383045F924AF8A83F2C9B9AF6B81407
Malicious:false
Reputation:low
Preview:MSCF....tq......D...........................tq.. ?..........|..................Mn. .Banded.thmx............Mn. .content.inf..;.u.i..[...............?....^.j.{j.B...$M/!...W....{!..^0x/.6...&............w......$.B..J.?a.$=...P..L...d..........+./.\..E:h.....-.$..u-.I..L\.M.r..Y..:rtX:....8...........+8.}{......&.-..f.f..s3-P.''.r...Z-"/E../...^%^N(,.$..$.H..O........q>...|.|......y..m.)u....`.....z.n..-.[.5....xL....M...O..3uCX..=4.....7.yh...dg.;..c.x.4..6..e..p.e"..,.!.St{..E..^I.9j....;..`.Y..#.0..f...G.....9~./....QCz.93..u%hz.........t9.""........)..7K.c~E!..x.E.p...[......o..O.j.c.......6.t{...".....t9V;xv....n<.F.S2.gI.#6...u..O..F.9.[.L.....K....#..zL..I...o....k...qog.......V..BKM..#.bET.)..&4..m.w...*....E.a[.Q.y.B...w...r.nd...)...<..#..r[4.y...#.z.....m?.2K.^...R{..m..f......r?]..>@...ra$...C+..l].9...."..rM9=......]".'...b&2e...y..a..4....ML..f...f"..l..&.Rv=2LL..4...3t_x...G....w..I.K....s.t.....).......{ur.y2...O3.K*f.*P(..F..-.y.Z...

C:\Users\alfredo\AppData\Local\Temp\cab4CA0.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 480282 bytes, 2 files, at 0x44 +A "content.inf" +A "Wisp.thmx", flags 0x4, ID 56119, number 1, extra bytes 20 in head, 25 datablocks, 0x1503 compression
Category:dropped
Size (bytes):496354
Entropy (8bit):7.997206654807112
Encrypted:true
SSDEEP:
MD5:AD2D82C2A623C1176D25727003F474A6
SHA1:2E1D67BFC138A7533E13B19FB1747FED47305104
SHA-256:34A36FF02892FD8F89C77992EC7A7EB0FD1459483ECCBBEE139C38646E8685FF
SHA-512:1D0D19CE2A144C6DCC18E894BF2DCC8D47AD4BBCFE93D371686572E1D2DB5954685496681311BDA429684EEEFAB874391A351B0670A7124200C1D49D6717A9F8
Malicious:false
Reputation:low
Preview:MSCF.....T......D...............7............T...>..........z..................N.. .content.inf............N.. .Wisp.thmx..;.V.x..[...............5.!$$.AA.{i..%."../.5x.y.^........{...0dD.h......v.......K..@.5.'..@X..c.O..X.vv.#....^.A.j.~gH...%....:...H..a....j..I...;j &..UB.P.@...a..%..............6..}..A.3IA%..=...|.c.gh.$u`.a...A.Ax@`C` . ...... ...Kj,..d= ..)...D."<".B...w3.. .....oV.....5....$...4;Y..A..G.....4.7...?.. ....w..i....'...s.9.o..;.=.\...0o... ...\......?.......%..............;."..<..h...g'.3;.r.....1.....Y..{.`..S+.+.-.....v.N\I.....mM.s7Q/.....}.. .0....k.E....j.....Xv..i8.d=.O... 7^o..qo.t..w..{....W.N.-.f68.j..Z..gP.."i..(tA..]e.^...f.M...d...JQf....gM.U........dN.:..Wsq.R..Y....l..d8..D~..v.U;..'f3*#.6...}.....%...s....FG.......y.ALV..>...Z...%..V91.`|..3uB..4..}L.R.+.....(k.i&....."..^....D.$$.k..;.*........U..J..Z...}..5Y}`....'.w.<..44.U9....8.\g...{.y".4..@.n.t`...u..7[.z.t.`..ZQ.K._.@a.z!T.VqlR..Y.Q.cMe.a f+...#.. .cpH.,#I;.)n<y.<..l

C:\Users\alfredo\AppData\Local\Temp\cab4CA1.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):21791
Entropy (8bit):7.65837691872985
Encrypted:false
SSDEEP:
MD5:7BF88B3CA20EB71ED453A3361908E010
SHA1:F75F86557051160507397F653D7768836E3B5655
SHA-256:E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
SHA-512:2C3DFB0F8913D1D8FF95A55E1A1FD58CE1F9D034268CD7BC0D2BF2DCEFEA8EF05DD62B9AFDE1F983CACADD0529538381632ADFE7195EAC19CE4143414C44DBE3
Malicious:false
Reputation:low
Preview:MSCF............D................................?..................................RadialPictureList.glox.................Content.inf....8....[.... $nq......C...../U..........a......S.Q...Q....j............(..z,.g.........^...Y..D... #i.TH5.<.=N..$..7.p".7.............`.3..1~,=,(.d8.Z.1....4'G.....!W^gClf._j.-N..&k.....Y3` =.(S..B^...i.zB.U....0O..h...I.(.......L...5.X.8.Sc<=>w.=.?&.....mR.......x.......mpW.T..^.FU...SN.C)......vsa.,x......,....E..i>..[g...#t...M..GR.9..$/4.:..q.bc9..x{bC.0..K.)..t.Y.&.v.d.16.B..c..or..W.,.B.........O.0..k.v........*F+..U.w...d...o8......A).}...#......L.!?.U.r.^.$...e.(..PG)8..+.9.5.l}.)..b.7+. 4....-.lC...|..j..Q.,.....7.W...|;j...%...:...|H..........<..%...K.....Fy.q$.k..}..8.9.M.u.?$].......r.....e.|..._..iT.;Dq5[....f.s..P.......e.T....!Y{.....t.wm..A..w-..7...3..T.:8.4.a[.Oo.. V.l.@.}..........E.&..J.....+..+.9)9<.._R.Hb.....V..Qu....:v.t.Li.0..J..V..b...!..N....-mD..c..(.[&o>.M.b..H.q..lk../..........W.8..z..B...

C:\Users\alfredo\AppData\Local\Temp\cab4D6E.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
Category:dropped
Size (bytes):550906
Entropy (8bit):7.998289614787931
Encrypted:true
SSDEEP:
MD5:1C12315C862A745A647DAD546EB4267E
SHA1:B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6
SHA-256:4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0
SHA-512:CA8916694D42BAC0AD38B453849958E524E9EED2343EBAA10DF7A8ACD13DF5977F91A4F2773F1E57900EF044CFA7AF8A94B3E2DCE734D7A467DBB192408BC240
Malicious:false
Reputation:low
Preview:MSCF....*#......D...............Q...........*#...D..........~..................M{. .content.inf............M{. .Parallax.thmx.9... y..[......(..b.P...E.Q*.R.".RTH.%.T..F......u.{.*+.P.....FK*0].F...a{...D4`D..V.../.P,....2.Mx...u......0...E...{A-"J...)jl_.A..T......u.Y....ZG:....V.A.#~.. ..6..............o..X..<.... .......C.ce.f!nA.).p...p........n..................'6w6H6s.j....l...{?.h..........]..l.....v....%..l}A..................3...W_73.j......6...F.../..qG.?........H..).........7.&km....`m2..m.W.q.<../~<..6*.78..X~.e+..CC*w...T...6....AB..l..._.f......s.e....2....H..r.R.Z....a.,..\Q.q..._SJJ....7.S.R....=f..>....9=....NnC.....].-...\..Z..q..j...q.....Nj..^'..k...Zl.~PRvpz.J..+.C...k.z.w=l.#.............n...C..s.kM.@B{..vL.e....E..(/......f...g..=..V...}...).=s.....y!.,...X.[..[.....\31}..D%...%..+G66.j.v./.e9...P;.o.y..U+...g.g.S.../..B._L..h...Oi.._...:..5ls>>........n6.F.Q..v>..P.r:.a..Z....a...x..D....N...i..=L.u......<;Nv.X/*.

C:\Users\alfredo\AppData\Local\Temp\cab4D9F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1310275
Entropy (8bit):7.9985829899274385
Encrypted:true
SSDEEP:
MD5:9C9F49A47222C18025CC25575337A965
SHA1:E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0
SHA-256:ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A
SHA-512:9FDCBAB988CBE97BFD931B727D31BA6B8ECF795D0679A714B9AFBC2C26E7DCF529E7A51289C7A1AE7EF04F4A923C2D7966D5AF7C0BC766DCD0FCA90251576794
Malicious:false
Reputation:low
Preview:MSCF...........D...............9..............XJ..........}...6..............M.. .content.inf............M.. .Droplet.thmx..m7.>J..[...............2.QQPIj.*.."o^R.H5*^...^(e.W...R..x..^`..m...."..+.....{o.......Q.-....$V.N>...T]..L.... ..N.h..dOY.......S......N.%.d..d....Y.....e..$...<.m...`............@....=.z..n..[...,G..1Fn.qPDH{C<...3.Q...2..r..*...E.E.E.ErM"&a..'..W....:...?I..<.I..6o.`.d.?!..!..._.4\.._.E..).._O.S....; ..#..p.H.....c....o\.K..?$U.e.........!...J.v.....gNe._..[....#A.O.n_.....gm:P._.........{@..-g..j.69b.NH.I.$Hk?.6.n...@......'.C.._.U..:*,j.-G.....e.#.Sr.t.L......d[.[...s.....rx.3.F[.5o..:....K*.x..)M.fb...3IP.&h.Q.VX^%U.......x..l......@6.k.P..zSW.?....F..[L...4..b.l.w."&.....`.j...i.5}".~.-.....{\.:...o.'H\*+)....3.Y......\...f:.;....e........4't7..f...w..j...3....N..9`.J...P..?.....=3_.y]...f.<.......JM5.}Q/ .F.a..Z.._yh......V..>m .......a....f....!.hz..\.....F_..'z...,....h.=.......=.o..T....3.e..........$..g.2.

C:\Users\alfredo\AppData\Local\Temp\cab4DA0.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 437097 bytes, 2 files, at 0x44 +A "Atlas.thmx" +A "content.inf", flags 0x4, ID 18422, number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression
Category:dropped
Size (bytes):453305
Entropy (8bit):7.997509772969848
Encrypted:true
SSDEEP:
MD5:271FF904CEB8B5383B45ECF0DA6A9238
SHA1:6B89CCC79D98A96AB00D045E2CF5FD495CB03193
SHA-256:1D9C6C49026503E16D584633211DF49B82191F3988F466C7F12D29C8AE5E4E4B
SHA-512:3E5197D4F1A24BC903DBF8A0CD3CA9EFB6CBFE725C31EEA454EA1B4D355229E55B4F51F3B13BFB24D32BB6DA6F85B7CB6E31289AD8DE6C9C9F1C4C1491AFB9D2
Malicious:false
Reputation:low
Preview:MSCF....i.......D................G..........i...P?..........{.......2..........J.. .Atlas.thmx.....2......J.. .content.inf....p..[.....P.........&......U...U5.U.T....jP......5....hf.h................g.......s....Mx....Hg...BH.u.%.Q..4i...*.4T.RV.C.b[.F..m..P:.d....xT$.,...............(..{...f.e0..l$ba"..../... N..a~....GyD?..A@|...... ....R.H.....?IL@...P..{...\......Y.21..K.-....D......J../.yj.w..5....=<M.SkB..\w..0.}...>u...m.+ O.{....+....q..:}.=.X.=H...<.~T.kE.-.z..r...7...R\Pad..+r..VW).....t.kje..~Mf.SK+v..........*....o8..<.q...p..4.%K]......:Z.T............V.h.l...._G..m.tl8R....Ma.....l..W0y........U.....Y`.....b.I......cz(u2..\..G.....F.zU..$T.v....HAdN.yo..r...{...j.....]...LM.|.I..ajr..[%..u.Go5vwK..Vod$.)..*...3...)....;1....'?.@.[N.c...b.%S.....ea.svj......I.b.x.....q.i....9o...#.lb.9x..4...b.{iU.N.B...sU.Y.*.....;uXY....1....&.(.........?.v...~...)....j~..}...F..v..Q..w}..i.ci.....|.{......../552......H......k.....

C:\Users\alfredo\AppData\Local\Temp\cab4DA1.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1097591
Entropy (8bit):7.99825462915052
Encrypted:true
SSDEEP:
MD5:BF95E967E7D1CEC8EFE426BC0127D3DE
SHA1:BA44C5500A36D748A9A60A23DB47116D37FD61BC
SHA-256:4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26
SHA-512:0697E394ABAC429B00C3A4F8DB9F509E5D45FF91F3C2AF2C2A330D465825F058778C06B129865B6107A0731762AD73777389BB0E319B53E6B28C363232FA2CE8
Malicious:false
Reputation:low
Preview:MSCF............D...............-,..............x?..........}...-...RU.........M. .Circuit.thmx.....RU.....M. .content.inf.g...&|..[......=..R.....=.*,.!QA?h..Q.!....Uk!.HJ.......VKuk.....q.w.w.U.....;...K.@.URA..0..B..|rv.ND(.`{..@.1.}...s?.....-...O.(V.w..1..a.....aW...a.Z..aX....5.I...!..........(. ./.d...me.( ..f.........w.......Xp.s....c..vB.98.....C.J......V ..ML.M...B.n.>...|....u!.5@t..q4....(K...u qL.S....>/%v%.2..TF.].e..'..-..L.N..c].a..(WU\o.%^..;...|o.6..L..[..;&....^p.Lu.sr,-.R=.:.8.>VOB...:.?$.*h.o....Zh.h....`.B.c.../K......b^...;2..bY.[.V.Q8....@..V7....I0c.cQN7..I.p..}..!..M....1K....+....9.2......a..W.V..........;.J .i......]%O.-......CeQ.0.c....MbP3.0.w..8w..Y...|...H;#.J.+M......>.`y..aWk|.i.BF.pJv;.....S..6....F.....RLG~..........J.=......"..........H.....h..o...u........M.6F?.F.p.B.>./*l....J.R..#P.....K......<iu..gm^..n...#c..zO"7M.O......4'>A..(.E.Cy.N.)....6.tx.r[.....7.......m.t..E?.....5.5.6.\..{.V.T.D.j..=~a^.I

C:\Users\alfredo\AppData\Local\Temp\cab4E3F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1881952
Entropy (8bit):7.999066394602922
Encrypted:true
SSDEEP:
MD5:53C5F45B22E133B28D4BD3B5A350FDBD
SHA1:D180CFB1438D27F76E1919DA3E84F307CB83434F
SHA-256:8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273
SHA-512:46AD3DA58C63CA62FCFC4FAF9A7B5B320F4898A1E84EEF4DE16E0C0843BAFE078982FC9F78C5AC6511740B35382400B5F7AC3AE99BB52E32AD9639437DB481D1
Malicious:false
Reputation:low
Preview:MSCF.....x......D...............l............x..`?..........|...D..............M[. .content.inf...!........M[. .Damask.thmx...o.PI..[.............../.TU.jj0..3jCUPU.jF...m.UU.P}.....PU..*........w..#....E..].................A.. w.$..@..'g.......6%:..r9..d.M;M+.r.8[d{.s..dh..(P..........!.. ..ne..f.Nc..#..Y..q....KB}..b].@..F.&.t....E.........@&.m......$w......q...:.H....p.p.....?.9x.. .....?...ao....I....................o......g.u..;."....O;....{..(k..._.w/.Z......Jb..P.O?...........?....F....ty..72......! #....v..J......?.....!,.5.7..Em.....is.h.. \.H*)i1v..zwp.....P.....x].X{O//..\....Z>z....6...+..a.c...;.K..+...?014..p.w%o^.....]...MguF...`....r.S.......eF..):.dnk#.p{..<..{..Ym...>...H......x.}.hI..M....e......*G.&.?..~.~G6.....+...D..p...._...T....F6.[Cx./Q..Xe.>.;.}>.^..:..SB.X..2.......(A..&j9....\\.......Haf+]Y...$t^Y=........><.w....tL../E...%6.Vr~MI...l.....<.0.I....7.Q8y.f.uu...I.p..O..eYYS.O......9..Qo.......:..........o.............{

C:\Users\alfredo\AppData\Local\Temp\cab4E40.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
Category:dropped
Size (bytes):953453
Entropy (8bit):7.99899040756787
Encrypted:true
SSDEEP:
MD5:D4EAC009E9E7B64B8B001AE82B8102FA
SHA1:D8D166494D5813DB20EA1231DA4B1F8A9B312119
SHA-256:8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D
SHA-512:561653F9920661027D006E7DEF7FB27DE23B934E4860E0DF78C97D183B7CEBD9DCE0D395E2018EEF1C02FC6818A179A661E18A2C26C4180AFEE5EF4F9C9C6035
Malicious:false
Reputation:low
Preview:MSCF....]M......D...............=...........]M...?..........}..."..............Li. .content.inf............Li. .Gallery.thmx.].(.Vq..[.....0Y..........v.....w.wwwww.wwwwww.w.....".83....y8..mg...o*..U..N(..@uD.:O<........{.G....~~.....c.c.5..6./|G .@#1O.B.............PT@...b.d.~..U....B.{.........0.H.....`.H.`..'S.......Ic..W..x...z....... .........g......._....o......S......p...$....._........._...K......x..?.6.U~...'./.r.................../.......5.8..2........2b.@j ....0.........``....H... ,5...........X........|..Y.QoiW..*|.......x.sO8...Yb....7...m..b.f.hv..b......=...:Ar.-...[..A\.D..g..u....].9..M...'.R-`.....<..+.....]...1.^..I.z..W{.._....L.. ...4;..6O.....9,.-.Vt+b/$7..}.O05.Y...-..S.....$*.....1."Z.r;.!..E.mMN..s .U...P%.[.P...cU...j...h.d.../.s..N/..:..X*...p5.7\}h.Q ..._.F.X.C..z$.nV..+.k..|.@.L...&.........^#.G.a..x..w!wx.8e+..E. i..$?9..8...:......|..[."..y..&y..?...W....s..._...3Z0c.....i.q.........1c.jI....W..^%xH.._...n.......&J..

C:\Users\alfredo\AppData\Local\Temp\cab4EA0.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1766185
Entropy (8bit):7.9991290831091115
Encrypted:true
SSDEEP:
MD5:828F96031F40BF8EBCB5E52AAEEB7E4C
SHA1:CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2
SHA-256:640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7
SHA-512:61F6355FF4D984931E79624394CCCA217054AE0F61B9AF1A1EDED5ACCA3D6FEF8940E338C313BE63FC766E6E7161CAFA0C8AE44AD4E0BE26C22FF17E2E6ABAF7
Malicious:false
Reputation:low
Preview:MSCF............D...............)q..............0?..........{...H..............M.. .content.inf.;.#........M.. .Slate.thmx.p.+..P..[......U..............p..K.!.......*...K..w..v........=....D$r...B....6 ...X.F0..d..m.s...$$r........m.)6.m3....vXn.l..o...a...V......Ru.:=2M.........T.....4S`EP......\..r,..v...G.P......'._H0]..%_............X.P.,.............H.?.-.H..".......M..&..o....R........<......`...D.H.._.G.Qv..(.*.U,.9..D...."..T..i.e../.e.."....,S...o.X.....c./..V....Z..o.O..2....{...+... ....0.@J.R.Q.m.....{.....h?u.q.O{...l.d)..Yk`.....#...u.-.m..#CXwrz4..7.>......v.E:.#.oGSKS.TX.Chm.4aQ......avH..{..j+@6[k].....`c..W8..j.v.Zh.]....4......K..#Hzyd..K}.....H|<H..\(l...+..%Z......~.S:^..d>..1..H%..7N-v.....Wu.*..b^.B.....k0gc.2.{.!...E7.}3.d...{.Ye...&#f6...:2......v..&!..k0d.p.b...,..$.....Y..60...h.N}.r...<[./........{...Es..&.nf.....2.@Fh3.9.G....l.[.C..SD/6.H.K....}..m....M..........gl.P.]..I......5....e.c...V....P...[.=.......O.eq+

C:\Users\alfredo\AppData\Local\Temp\cab4EA1.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 2132545 bytes, 2 files, at 0x44 +A "content.inf" +A "Madison.thmx", flags 0x4, ID 44832, number 1, extra bytes 20 in head, 75 datablocks, 0x1503 compression
Category:dropped
Size (bytes):2148753
Entropy (8bit):7.9987997302874785
Encrypted:true
SSDEEP:
MD5:466E5851E601CEFA5F84681011165ED0
SHA1:0FFCC96B7FCB497CC8494F94703EB60452815414
SHA-256:C8B322819A2F84BF80ACD654AAAAC3E08DEBB533B1086021078EFFBA27968A37
SHA-512:E10D1D40F5A56E13CDF533E2A544BC762BBDEC2C08178E7129684E13F93DBBAC834C4606BC5821A8D28D48AF4CC855B5DF92D66207D3F85254867C4813D3D164
Malicious:false
Reputation:low
Preview:MSCF....A. .....D............... ...........A. .P?..........}...K..............Jrl .content.inf._H%........Jrl .Madison.thmx..H..dp..[.....@.........5...lIT...\..S.J........Y..BDQQ..P.`B.., Uq.$..>.Q..."..;..<q.....B...2..!..m7h@..z. @#\{.)N...A..$Bd.F.4..6...n{.1%..Cp#e.g.....\..l2..C]n......#sn...s{....$.............lj....}k.( ......(.p.......G...C.C9FQ.X.|..F..L.31.f.../..kP..Q.(..T/.3..E..Q.(..f9................[?..._3+.P.B9...2.B).7>)...........1.S.....(9.>.m.....~s....3.>..L...>K...._?..Y...7......?V.w..3.."e...%..../.9jJ).Q..v,.V..G.....>}gU.:../......H5.f......l7T[U...E..i.Pe...m...4h..g.wp....^...{7......=<.{.{%.ma...{Y^..~.R.xD.....u.;.|S.."....u......N......4.^.2<a~..!.!e.c.L.J1L.jv.l..7.1....R(dhOU.*....m..._Yu.S.s.k.;..}..p.4...k....<}b..=(U.-..k.........4..3.......Rwf.3..N4.r.....r..[4...c....b....i..OI...h.2l%..3..YWt..P......{...b.94l.>.x..Ucx..W.k....Z.|.D..js..|.%.~b.vjs..f..V.f.v...?.O...C.W..e.b...7.i..rv]k...>uO.... H..KHI8I..O

C:\Users\alfredo\AppData\Local\Temp\cab4F6F.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 1593091 bytes, 2 files, at 0x44 +A "content.inf" +A "myTemplate_02836342.thmx", flags 0x4, ID 49870, number 1, extra bytes 20 in head, 56 datablocks, 0x1503 compression
Category:dropped
Size (bytes):1609163
Entropy (8bit):7.9984205861574775
Encrypted:true
SSDEEP:
MD5:EBCF724F8885692BB8E2EE2406AADC02
SHA1:73B0B931B5D05C2A4B490925E2A54E4A7DEEBA36
SHA-256:80ADC8C9EDE235AD8CD45EEACE2F40227ABA01D9FEF261756F4A4C44EAFB146B
SHA-512:71FCC0E5CF084F673C805EC51DFC68C4B93E85E7D593449E6F9732CAEC32F004F24300A251BA8CBABF1774DBF732FDCB9CFB164B3A77CA0CAD14C2825B78EE68
Malicious:false
Reputation:low
Preview:MSCF.....O......D............................O...>..............8...0..........N.. .content.inf.....0......N.. .myTemplate_02836342.thmx.y.5.|z..[..... b..RP....E..(*.5..J I1.I.P.j...t].mT...2]...k..."...0f....H.h..........F..\.....'D....2...m..&.A...g....Y..".}...t......!.B$..;..(D...F...*....(...............@.?.Hj....T.............Mr.........5..E?G&.....?........M....N.........4....p......$...?.5.y.........8.a....#.....+...q....#..E....?2..u........hw.Y..............q.....................j.t......hS.m..?...._.s....k.....j.n.o."..5.44......q.up.g.X..U......kp.S..4....0..0{.(D..d.X|...#s&7.........M?.Rv-9.~....bvd. .p.C.B..V.f..;.8V..g..e.#f.._f.......`F.....#!.",[.B.7..$....-j.......kO..a..QG<B...2./.>...|..\.+J..x....(.....v.+.:PfO.;..T..Zo<.......]..3..C....LW.0:..8....+....P.k.r.._........PC.......J$...N5.a._g..Zw..!!'5....W.v.....r.gO..&6..w....Cc)..H.7.;...WCXu..j%..0......x...mEo.._8.^....+.h._W...z.3.+s..[..9.cV...\l}wLc3i.Q.3.M....x

C:\Users\alfredo\AppData\Local\Temp\cab4FFD.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
Category:dropped
Size (bytes):22594
Entropy (8bit):7.674816892242868
Encrypted:false
SSDEEP:
MD5:EE0129C7CC1AC92BBC3D6CB0F653FCAE
SHA1:4ABAA858176B349BDAB826A7C5F9F00AC5499580
SHA-256:345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
SHA-512:CDDABE701C8CBA5BD5D131ABB85F9241212967CE6924E34B9D78D6F43D76A8DE017E28302FF13CE800456AD6D1B5B8FFD8891A66E5BE0C1E74CF19DF9A7AD959
Malicious:false
Reputation:low
Preview:MSCF....2.......D...........................2....?..................0...............ThemePictureAccent.glox.....0...........Content.inf.o.@D..8.[.........B.....?. $...K.....~....aZ.WA"...k.......Z......."......"..X.fpB 2@d..87.[.A......p..e.'......F..P^%.%.RK...........T%0..........9..+8 ...&.q.....+.......^.fad^^n...d.....s1..... .3j.c-c7..y<.....6........C5n.KG...Rs[lt..ZkwI.!..Uj.ez_!A^: /.;.Rl4....^..<6..N...'.YY.n*.E{.`..s.7..z.......L.y.Y.....q.kx.....[5.+<to......1...L.r.m..kC.q.k.1..o.w8s.....xh.@.b.`l\...}z1.6..Y.</DY...Z5..D...0..4.;..XAA..0qD..E.....h...C..hH......S..Z.\.VBu......Rxs.+:RKzD......{......a..=......).<.....d.SM.......c!t.4.h..A=J~.>q?Hw.^.....?.....[..`....v.nl..A.u...S!...............c......b.J.I.....D...._?}..or.g.JZ#*."_``.>.....{...w......s...R.iXR..'z....S.z.\..f.....>7m..0q.c-8\..nZw.q..J.l....+..V....ZTs{.[yh..~..c........9;..D...V.s...#...JX~t8%......cP^...!.t......?..'.(.kT.T.y.I ...:..Y3..[Up.m...%.~

C:\Users\alfredo\AppData\Local\Temp\cab4FFE.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 8162257 bytes, 2 files, at 0x44 +A "content.inf" +A "Organic.thmx", flags 0x4, ID 28519, number 1, extra bytes 20 in head, 266 datablocks, 0x1503 compression
Category:dropped
Size (bytes):8178537
Entropy (8bit):7.998487287228825
Encrypted:true
SSDEEP:
MD5:9AED2FBBB427D6FA1A4C0D8909CB3F3F
SHA1:2A8BD0BC0B19EA4D194C442A56A4F3C5A5B24846
SHA-256:8FBA95D2C1904DFD921417CE8829FA9198CB650E7B1C0E7344743A7007BC22F9
SHA-512:DEE6625E3AD33F52A4F9BE4386C718901406A1B834C7BD3CA93D2886F61A26427029FD2C7719925AE7C40C8CEED58C2CB0876A3AA0FB73412BCE6845188F92FA
Malicious:false
Reputation:low
Preview:MSCF.....|.....D...............go...........|..?..........}..................N.. .content.inf.!.........N.. .Organic.thmx.G....{..[..........@....?.TDJE.E..hi.<.$.*.z.....Bh.....>y....~<......33EE.`...V..\.....Q..k..~BjE.6.L...Hn.@d.+.v.....X.y..D..6j...!.e.D%....,...d..rG2..E.".xA../ .....@....`....7.y.$...P..h..x.....-.N.............@...L......:J......h......M....0.<..../........T..1....7N...S.@...*...5.V.`c....B...._.M...7.._.O:....C....iv.........L....R.....F../..,....1.?3B..0O.o..t.....#Q.$%.....f......6.......V[..7.~1...Q..t....m4.&F....p......w...Y.<~~...m..m..t._...|..q.9..._>..^......<(g.Ig..a..i..4.....cUb.JK....[].G..........y..S.P....B.....,+.KL.+,....R..cQz.*.r.r..f....WO....z..w.&.....x.).9xf......i.nLG>.^_Y....U... !'...F.....5R.A/..........).....p..i..z......Ul.(.e....3.G....U`M.#v...`af.../.,yw>...|.....h=3...w&.U...l..;(.d1...BTO...u..h.#....P...T..X..d_|..t...?..1..+......k......}.....LR.-...7t..4.....}j...B\..c'.5br..R....M....F

C:\Users\alfredo\AppData\Local\Temp\cab503D.tmp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
Category:dropped
Size (bytes):3256855
Entropy (8bit):7.996842935632312
Encrypted:true
SSDEEP:
MD5:8867BDF5FC754DA9DA6F5BA341334595
SHA1:5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9
SHA-256:42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58
SHA-512:93421D7FE305D27E7E2FD8521A8B328063CD22FE4DE67CCCF5D3B8F0258EF28027195C53062D179CD2EBA3A7E6F6A34A7A29297D4AF57650AA6DD19D1EF8413D
Malicious:false
Reputation:low
Preview:MSCF....Gm1.....D...............cM..........Gm1..D..............o... ..........MP. .content.inf...7. ......MP. .Vapor_Trail.thmx..n...N..[......L........7...+I..x...P7/...BH..Rm.\yqi.x..B....{.m.............=.....p.%.@......BpV.[......C.4..X./..Y.'SB..........0.Gr.FG.).....R\...2..Jt..1..._.4_B..................cn7H.-.....Q...1..G{G.~.. '.$......@.(....=@=..`....@.@.A. ....'.4`. .@....D...'....S.s..9.7" /....?.aY.c.........LG....k...?_.....P.....?.1.....FB..m..t...['......:...?...W..../~..z.Tr...X.@...._....3..N..p.....b...t.....^..t...~..t.8A...t_....D..3R.Z.=..{.A.8).3-5..v.isz....0A~%.s.D.4....k.K......8......)R.}f.E..n.g&:W...'E....4%T..>......b.y..[..zI....e...j.s....F.....|7826U.C.,..BY.U.F.f......"..#.m..,..._...#.\.....gPP.2.}Kas......g..3.d0.Z.Z.]..n......MY]6.....].m..D.6...?.n.20.,.#...S...JK..#.W.%.Z4.....i..CBf...../..z......n.N...U.....8t...ny...=.!..#..SF..e...1.P..@.Qx*.f.;..t..S.>..... F..)...@.Y..5j....x....vI.mM....Z.W..77...

C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\New Years Quiz.LNK

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Dec 21 09:43:19 2022, mtime=Thu Jan 5 07:07:36 2023, atime=Thu Jan 5 07:07:31 2023, length=3698551, window=hide
Category:dropped
Size (bytes):542
Entropy (8bit):4.822564146099764
Encrypted:false
SSDEEP:
MD5:8A70C2D420EA7C71A6F86F171A6EAC71
SHA1:6228EFC847A109FA60BB0E6AB31DCE634B624D42
SHA-256:7C906B89510936225002B424B9E279D8AE892BB09EF54D8C2C47684476608BA5
SHA-512:B54A10B1E198245C7DFF6EFA9D24D88F4AF398C75E591FA99883E6461DA10C8FBDD3C72CCC1635B4C620C580C30E82FBE304B154F4FD5B0CE4CE1E705C508430
Malicious:false
Reputation:low
Preview:L..................F.... .....M.)...ZVb.. ...A... ..wo8.....................v.t.2.wo8.%V.@ .NEWYEA~1.PPT..X......UjU%V.@....n^....................i.k.N.e.w. .Y.e.a.r.s. .Q.u.i.z...p.p.t.x.......[...............-.......Z...........;S.......C:\Users\alfredo\Desktop\New Years Quiz.pptx..*.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.N.e.w. .Y.e.a.r.s. .Q.u.i.z...p.p.t.x.`.......X.......172892..........N...n..O...}R...V...............N...n..O...}R...V...............E.......9...1SPS..mD..pH.H@..=x.....h....H....F.5./EG.gM.U..............

C:\Users\alfredo\AppData\Roaming\Microsoft\Office\Recent\index.dat

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Generic INItialization configuration [misc]
Category:dropped
Size (bytes):80
Entropy (8bit):4.695313765269135
Encrypted:false
SSDEEP:
MD5:DAB2FD32EB2A611C56616908C2846C1C
SHA1:4286833FAF271B91D13BBAB2A0CCDC954B6DDF1F
SHA-256:F06CE6CA2505736E4A59D07F25F4443E69D0EED848BBE2AF30949F5A380EA523
SHA-512:10CC0E5D7B49AAE6ADEF578E39A36FE892386F17B3C5B87C9D1ED1102FCC93B15CBB3019ED9370199417496AA4FD5D355B5337EA8B14BA71E6B8910A25E657C0
Malicious:false
Reputation:low
Preview:[folders]..Templates.LNK=0..New Years Quiz.LNK=0..[misc]..New Years Quiz.LNK=0..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02836342[[fn=Ion]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1824766
Entropy (8bit):7.941741037170679
Encrypted:false
SSDEEP:
MD5:C5A07069AD7E82F3AEB099F346C4FF62
SHA1:39A58834FD8A25AED63FB83F0C00712AFC3BD2F5
SHA-256:EB7806D9DC3D2ABF82A061709BCD9DB8DD98FA060E66DAF6820D1FA81BB5B845
SHA-512:343FB8BFFA01801EED7289A513564B55B0045FF3D0A842A819CECE416C53C2398D0A0D9B55397BF2EAD5393638085AB6AB83ECB2C701F532BD55C0FED4C98EEC
Malicious:false
Reputation:low
Preview:PK........l.%A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02892315[[fn=Wisp]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):787354
Entropy (8bit):7.849038074328931
Encrypted:false
SSDEEP:
MD5:BBACB56BBFFA78CD4A21A9A6B331D84A
SHA1:5A854FB2FDFB3BD38DDE1AC7C832BA0FFD46F4F1
SHA-256:BD9DE870D21C8A5336ADC759EBFB740E105764810DD4B5B88BCA6213C9133CD7
SHA-512:59D798652E181582593B44015803A13F9838EE1C5971D2992F968D314CDB80B77A9869344D9D1FD26C2D8AFC4574DD9145E795DCFDA706E6CF1B49CAB6402C7B
Malicious:false
Reputation:low
Preview:PK........x.%A}.4+.....k......[Content_Types].xml..n.@.E_.y.ac $..,........-..g@.u.G.+t.:......A1......=..._..d.....Y:.B...t.e.8]..].....s.M.=.....6...&Z.D.?.u..,."Q.].. W.....p0..Q.Z........Rm7....}\.{.W^.....Z3/N...o.....1'.T.o.HYw?....._,.<<c.qnn...8.:.B9.."^...U.O*q.....>..-]..O...-.q..Y.M...:.M+...}..y..{.0..V'K6.K?Qqz........c^..~GN.*s_..Q=g[k.....8..XCN..'....k.u.u....+..r...!.A....!.Q....a...7U.*uH...!gi=..Y.[.v{&.......q.=.[.v{....k.5.........4Y9..3Y).....v..mi...Wi.~.=G.....t.?.S......bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`...[..u...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C.&2.k...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C..d...*&T9..\..q...W.\...r.?.... .W.C...&+h.r&+f.R.%X..K..-.`.h....e.......zu9JR..7..Y=..6.?PK..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900688[[fn=Facet]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):738429
Entropy (8bit):7.8235726750504355
Encrypted:false
SSDEEP:
MD5:8EBD58005DAF9C4EC15AC2530D3A4A30
SHA1:D11B9F2B85F20EB3DB28C4D9C9FDD909848E3E05
SHA-256:D3AB94FDC32B10903AD444F6F3518F93C3D7348FB945168DD8140C74BB7D7E26
SHA-512:00A3A6F8A8D10F4BAD87C3BEAE299D0E28931593EF0FB4145711B1D164A3351A8EF131DA0F26AAB9C3EB7AC214B69E1F03CB52E0E1EA95EB444664D5B0B998E9
Malicious:false
Reputation:low
Preview:PK........e.$A}.4+.....k......[Content_Types].xml..n.@.E_.y.ac $..,........-..g@.u.G.+t.:......A1......=..._..d.....Y:.B...t.e.8]..].....s.M.=.....6...&Z.D.?.u..,."Q.].. W.....p0..Q.Z........Rm7....}\.{.W^.....Z3/N...o.....1'.T.o.HYw?....._,.<<c.qnn...8.:.B9.."^...U.O*q.....>..-]..O...-.q..Y.M...:.M+...}..y..{.0..V'K6.K?Qqz........c^..~GN.*s_..Q=g[k.....8..XCN..'....k.u.u....+..r...!.A....!.Q....a...7U.*uH...!gi=..Y.[.v{&.......q.=.[.v{....k.5.........4Y9..3Y).....v..mi...Wi.~.=G.....t.?.S......bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`........bB..H.%X.W..r.>.... .W.\...rU?.++i..&+g.b&+e\..h....r.V..^.JZ..j`...[..u...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C.&2.k...UN -.`A\a..U. .W.\...r5?..U..............q.....,D.%X5Zz.*i.....C..d...*&T9..\..q...W.\...r.?.... .W.C...&+h.r&+f.R.%X..K..-.`.h....e.......zu9JR..7..Y=..6.?PK..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900720[[fn=Integral]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):3446188
Entropy (8bit):7.939078022105486
Encrypted:false
SSDEEP:
MD5:AD1C52DB4C29726B3A2D28DDA1110F76
SHA1:46A0656C55202A4ADFAAC7E98E9E1340C4A1FD55
SHA-256:7973C1386416C251569ACC3CDBFE04DA848262A9A2DA998F915E000BFD6B52B3
SHA-512:95C3F09611F977EB3F146C9844D7B96AF3E8123CF3393884CD10EFE7C250F446A565EDAFED1CF1FA6DCAC4D7EADAFACAD134D2A75A8CFB74462F62F5EA8B7400
Malicious:false
Reputation:low
Preview:PK.........Z&A........a.......[Content_Types].xml...r.`...[a.:%..R.v..p.gh..$d...^../.[0.e..=d....B...c.._?~._>$..}...2.t]...D.ty...I........._....T.M.I..,..APLo.$,z.,J.wf.<...e>..p.=.G......eZFiyT...8....E...P}y}..,.w;...\]k.....o......9(.E<.....>..I;....|.Lq.g....]..g......~>W.<....0/?.I.....g...U.V..3....l.O........m.l...T.....h.GE.......'K....$...z.E..(.Gc.....N......>...b....Z...Y.f.13k..:af..Y..13...........8L....o...s.....k...l.k....K.Z..i[..7mk...m._........~.../.^...{..Z...r@........P.@.....Z..d....R..e.O..jY.S.,..Z..T-K}....Z-^}.}iyS_C.C}.6.w.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_.....}iyS_C.C}C...*....Y.R..uwY.S.,..Z..T-K}...>U.R..e.O..W..o./-o.kha....N.LP..e.O...,..Z..T-K}...>U.R..e.O..jY....w./-o.kha.odC}#...s"kY....K}...>U.R..e.O..jY.S.,..Z..j.x.....M}.-....P....9..,..\[w..>U.R..e.O..jY.S.,..Z..T-K}.Z..N...M}.-...m.o.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_............3..;S0A='...>.k...jY.S.,..Z..T-K}...>U.R..e..V.W.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900722[[fn=Ion Boardroom]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1593982
Entropy (8bit):7.907400454215888
Encrypted:false
SSDEEP:
MD5:407ACAACDD935B4C82A2D4AF73D07744
SHA1:E7AB195DF6F9BFD7676C34503E337194DC7631DD
SHA-256:ED85105C65F81EC015215B76ECBD46BEE4CAAA17AD716393DFD15D5DCD57A3E4
SHA-512:03D30E2357319A8153D242EEE035DDFDA718CE93E00C0D99ECF82C1387D1FE1A436111E13AD1CE67214C87CF4709D68FF452C041772A43CB242786ED4090370A
Malicious:false
Reputation:low
Preview:PK..........AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900743[[fn=Organic]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):8705569
Entropy (8bit):7.955490103632122
Encrypted:false
SSDEEP:
MD5:476CF35ED8367EB98237B6428266D6D8
SHA1:37B320D5109D5FB41044F329187CFECAA8DE2A9C
SHA-256:71739BEA66F1DEE0789A7675ADD098123EC0E8E45EB74D707F6412B28FCBAE81
SHA-512:7280C51F2DC97871C8B959A971445E1CE1499D108204C025043A0B44E9A9D6AC03E1326BBE652EF2EF900BC6F3F5566A32DBA5AA2EEA6A84F1585323E9C9CAE0
Malicious:false
Reputation:low
Preview:PK..........A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM02900769[[fn=Retrospect]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1623260
Entropy (8bit):7.867463315196704
Encrypted:false
SSDEEP:
MD5:126269588DEC71F54D53B563106D0500
SHA1:E4E27B005A9728617832F0F2645980CC2CE6EC52
SHA-256:0C11107C6CF799125DB9352E2F3A0D2B9ED5D55CBBEAED66D79464058598D94B
SHA-512:667F9CA3929926397ED5B43DF4859B8C52973F2603405763308D931C32C4DA831A144ED7041096AFC7CDD291B2978622DED5DD4C16C6BFB0F18235E05B212E5A
Malicious:false
Reputation:low
Preview:PK.........Z&A........a.......[Content_Types].xml...r.`...[a.:%..R.v..p.gh..$d...^../.[0.e..=d....B...c.._?~._>$..}...2.t]...D.ty...I........._....T.M.I..,..APLo.$,z.,J.wf.<...e>..p.=.G......eZFiyT...8....E...P}y}..,.w;...\]k.....o......9(.E<.....>..I;....|.Lq.g....]..g......~>W.<....0/?.I.....g...U.V..3....l.O........m.l...T.....h.GE.......'K....$...z.E..(.Gc.....N......>...b....Z...Y.f.13k..:af..Y..13...........8L....o...s.....k...l.k....K.Z..i[..7mk...m._........~.../.^...{..Z...r@........P.@.....Z..d....R..e.O..jY.S.,..Z..T-K}....Z-^}.}iyS_C.C}.6.w.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_.....}iyS_C.C}C...*....Y.R..uwY.S.,..Z..T-K}...>U.R..e.O..W..o./-o.kha....N.LP..e.O...,..Z..T-K}...>U.R..e.O..jY....w./-o.kha.odC}#...s"kY....K}...>U.R..e.O..jY.S.,..Z..j.x.....M}.-....P....9..,..\[w..>U.R..e.O..jY.S.,..Z..T-K}.Z..N...M}.-...m.o.`.zNd-K}2...e.O..jY.S.,..Z..T-K}...>U.R_............3..;S0A='...>.k...jY.S.,..Z..T-K}...>U.R..e..V.W.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):562113
Entropy (8bit):7.67409707491542
Encrypted:false
SSDEEP:
MD5:4A1657A3872F9A77EC257F41B8F56B3D
SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1649585
Entropy (8bit):7.875240099125746
Encrypted:false
SSDEEP:
MD5:35200E94CEB3BB7A8B34B4E93E039023
SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
Malicious:false
Reputation:low
Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):558035
Entropy (8bit):7.696653383430889
Encrypted:false
SSDEEP:
MD5:3B5E44DDC6AE612E0346C58C2A5390E3
SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457452[[fn=Celestial]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3295051
Entropy (8bit):7.9549249539064
Encrypted:false
SSDEEP:
MD5:5978107C3CB2A4A8427E643D0A5587EB
SHA1:A3A865B6D128E7C9C5821DF03B9EDFE136F53D17
SHA-256:DDCEAEC2A8E652B60CFA4D5D4C7895D70AD25A214D70DE884302C8FE18F53910
SHA-512:D9E0B9D52665F4C1E4B6CC32E6DEBA4C0CBC9309728415AC9588DDD84CAD47A90567192D24BF7FF2F5DD7836A559F396B5015ABF3E085ABC9B813FF365388D65
Malicious:false
Reputation:low
Preview:PK..........1A.f}......p......[Content_Types].xml..n.@.._......8i.'......}.......(y...H}......3Fi..%.......3..._...j.`.2....cod.(...r...w{s..)...]..3..APF.61...6ug.Y...... 7.....d<..Q.V6.N......{.0.U5...>.-..Ko.nw.f...'.....!.s.=fw.{PaW.. ..82.;.<..os....n....>...w..%....P...v...v....'....m.m..3.[.._...:[,...h..!~s..^..Y..E.....^.9Y.j.....#x......3....=....b}4O.*....k7.+.&.Xg.X.X..XSN.KN.+N.7.X....!..CR....I]...>....L...!=...9..!L.0.v.gEo\.......w..No.a.C.q.}<.........a..n./......e.-)h9a..}i.}.."-..C.C.Xq..0?..M4.........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......4....&T......Wlw.b....}..+.A\...q......~.WK.Z^..........>.h..`......}......k..s.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G.....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ...-Z.>X.2.....>8..S.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G....(.P.'....B\...}..+.A\...q.....~..+.!\-1hyAK.ZV...... ..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):570901
Entropy (8bit):7.674434888248144
Encrypted:false
SSDEEP:
MD5:D676DE8877ACEB43EF0ED570A2B30F0E
SHA1:6C8922697105CEC7894966C9C5553BEB64744717
SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):523048
Entropy (8bit):7.715248170753013
Encrypted:false
SSDEEP:
MD5:C276F590BB846309A5E30ADC35C502AD
SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
Malicious:false
Reputation:low
Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3078052
Entropy (8bit):7.954129852655753
Encrypted:false
SSDEEP:
MD5:CDF98D6B111CF35576343B962EA5EEC6
SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
Malicious:false
Reputation:low
Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):777647
Entropy (8bit):7.689662652914981
Encrypted:false
SSDEEP:
MD5:B30D2EF0FC261AECE90B62E9C5597379
SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
Malicious:false
Reputation:low
Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):924687
Entropy (8bit):7.824849396154325
Encrypted:false
SSDEEP:
MD5:97EEC245165F2296139EF8D4D43BBB66
SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
Malicious:false
Reputation:low
Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):966946
Entropy (8bit):7.8785200658952
Encrypted:false
SSDEEP:
MD5:F03AB824395A8F1F1C4F92763E5C5CAD
SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
Malicious:false
Reputation:low
Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1204049
Entropy (8bit):7.92476783994848
Encrypted:false
SSDEEP:
MD5:FD5BBC58056522847B3B75750603DF0C
SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
Malicious:false
Reputation:low
Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):486596
Entropy (8bit):7.668294441507828
Encrypted:false
SSDEEP:
MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
Malicious:false
Reputation:low
Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):976001
Entropy (8bit):7.791956689344336
Encrypted:false
SSDEEP:
MD5:9E563D44C28B9632A7CF4BD046161994
SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):1463634
Entropy (8bit):7.898382456989258
Encrypted:false
SSDEEP:
MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2218943
Entropy (8bit):7.942378408801199
Encrypted:false
SSDEEP:
MD5:EE33FDA08FBF10EF6450B875717F8887
SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
Malicious:false
Reputation:low
Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033923[[fn=Depth]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):2332136
Entropy (8bit):7.9547975506532795
Encrypted:false
SSDEEP:
MD5:2AECC99B664F840799028A20703C3E21
SHA1:0018EAB0CE4900220607F4F80B506AA2F7F89C17
SHA-256:DF93F14304E35E460EEC7F8464AE2C2B0BFFA84D860D4857F41E0F07A3F023E3
SHA-512:E0BD3A86C7AF6B7202E8FBA42BCA27FBB17A21AC94A685A38C8A45F5AE35F350AE18D6B107F553DC95774FAE47F8BD8926F76DDD840BB7EB8E51E5CF2269AA1C
Malicious:false
Reputation:low
Preview:PK........fdlB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1750795
Entropy (8bit):7.892395931401988
Encrypted:false
SSDEEP:
MD5:529795E0B55926752462CBF32C14E738
SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2924237
Entropy (8bit):7.970803022812704
Encrypted:false
SSDEEP:
MD5:5AF1581E9E055B6E323129E4B07B1A45
SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
Malicious:false
Reputation:low
Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2357051
Entropy (8bit):7.929430745829162
Encrypted:false
SSDEEP:
MD5:5BDE450A4BD9EFC71C370C731E6CDF43
SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3611324
Entropy (8bit):7.965784120725206
Encrypted:false
SSDEEP:
MD5:FB88BFB743EEA98506536FC44B053BD0
SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
Malicious:false
Reputation:low
Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):1091485
Entropy (8bit):7.906659368807194
Encrypted:false
SSDEEP:
MD5:2192871A20313BEC581B277E405C6322
SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
Malicious:false
Reputation:low
Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):608122
Entropy (8bit):7.729143855239127
Encrypted:false
SSDEEP:
MD5:8BA551EEC497947FC39D1D48EC868B54
SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
Malicious:false
Reputation:low
Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401371[[fn=Atlas]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):857650
Entropy (8bit):7.84356939318248
Encrypted:false
SSDEEP:
MD5:9A0B4CB63DD4E749EE4258F897FF42EE
SHA1:BD0F90AAD36C7DB69A57179B9702B13D8C83AABF
SHA-256:9C5471CD01C213E94E699E12331194370D8E3F4FC37776CAACDCF7CCB8949A2E
SHA-512:407AB455623FD3911E6B00CF0A23333979D7E29E7DFB0A759A3FF162B12894C843C51EFF6E1F99BB721851ABB122052ED7F141053FF4F5D955D7842B3600AA44
Malicious:false
Reputation:low
Preview:PK...........JE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK...........J.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM16401375[[fn=Madison]].thmx (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):2443359
Entropy (8bit):7.927032974390551
Encrypted:false
SSDEEP:
MD5:960696AF7BBDF3A98F282FD51A641797
SHA1:D884A5875C64C8F3B011E0754BEA633ACACEFBE6
SHA-256:CBFAC1EE697AB73485822088E25CEDB92D495B0B9423464CEBAC2FE3989212FC
SHA-512:9000DD85A0B2EBF5BE41D6C9785D69462D4D1B097D49CF2A57A432AB5D784BB9C95ECF1EB9F7CCC88D0CE47C580014E038D7A716FD1F8C094D2E6A1A42F3F0A3
Malicious:false
Reputation:low
Preview:PK.........k.JH...O...VP......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-q.......0..*!......R5/..Xu..C...5.{H.o/.2.....}.*.V..,..^.n.....c.K.....:...e...(.,..\YgE*.9,6a...b#.a.?..Li.tO?=._....%...`N.........{.j........u..\..9^h.T.<.$.<.#...p.V'......f..r.......Kggx...x....E...H.m.6.)._.2S...l....8..,.fHP}.M.......I.B....c.....4.......=ebN.R..Q=.~EN.*.4.x.v.........rf.8..Y..)g.3.3..g.O.e...7Q.B........L.7..v.6;..v....d....M.Z...ZkWC]k.".k.];u..K.Wk...>Wk.#..Z.| t.6tC}C...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7lJ..ZZ8.7rC}#...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7jJ..ZZ8.7vC}c...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7nJ..ZZ8.7qC}....}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7iJ..ZZ8.7uC}S...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7mJ..ZZ8.7sC}3...}.k...s.Z]...Z...Z...Z...Z...Z...Z...Z...j..7kJ..ZZ,..ztyJ.<}.2.e..._....PK.........k.J.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70........

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5783
Entropy (8bit):7.88616857639663
Encrypted:false
SSDEEP:
MD5:8109B3C170E6C2C114164B8947F88AA1
SHA1:FC63956575842219443F4B4C07A8127FBD804C84
SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
Malicious:false
Reputation:low
Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4026
Entropy (8bit):7.809492693601857
Encrypted:false
SSDEEP:
MD5:5D9BAD7ADB88CEE98C5203883261ACA1
SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
Malicious:false
Reputation:low
Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4243
Entropy (8bit):7.824383764848892
Encrypted:false
SSDEEP:
MD5:7BC0A35807CD69C37A949BBD51880FF5
SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
Malicious:false
Reputation:low
Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):16806
Entropy (8bit):7.9519793977093505
Encrypted:false
SSDEEP:
MD5:950F3AB11CB67CC651082FEBE523AF63
SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):11380
Entropy (8bit):7.891971054886943
Encrypted:false
SSDEEP:
MD5:C9F9364C659E2F0C626AC0D0BB519062
SHA1:C4036C576074819309D03BB74C188BF902D1AE00
SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):6024
Entropy (8bit):7.886254023824049
Encrypted:false
SSDEEP:
MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):9191
Entropy (8bit):7.93263830735235
Encrypted:false
SSDEEP:
MD5:08D3A25DD65E5E0D36ADC602AE68C77D
SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
Malicious:false
Reputation:low
Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):4326
Entropy (8bit):7.821066198539098
Encrypted:false
SSDEEP:
MD5:D32E93F7782B21785424AE2BEA62B387
SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
Malicious:false
Reputation:low
Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):7370
Entropy (8bit):7.9204386289679745
Encrypted:false
SSDEEP:
MD5:586CEBC1FAC6962F9E36388E5549FFE9
SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
Malicious:false
Reputation:low
Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5596
Entropy (8bit):7.875182123405584
Encrypted:false
SSDEEP:
MD5:CDC1493350011DB9892100E94D5592FE
SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
Malicious:false
Reputation:low
Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):3683
Entropy (8bit):7.772039166640107
Encrypted:false
SSDEEP:
MD5:E8308DA3D46D0BC30857243E1B7D330D
SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
Malicious:false
Reputation:low
Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):4888
Entropy (8bit):7.8636569313247335
Encrypted:false
SSDEEP:
MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
Malicious:false
Reputation:low
Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):6448
Entropy (8bit):7.897260397307811
Encrypted:false
SSDEEP:
MD5:42A840DC06727E42D42C352703EC72AA
SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
Malicious:false
Reputation:low
Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):5630
Entropy (8bit):7.87271654296772
Encrypted:false
SSDEEP:
MD5:2F8998AA9CF348F1D6DE16EAB2D92070
SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
Malicious:false
Reputation:low
Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
Category:dropped
Size (bytes):6193
Entropy (8bit):7.855499268199703
Encrypted:false
SSDEEP:
MD5:031C246FFE0E2B623BBBD231E414E0D2
SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
Malicious:false
Reputation:low
Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3075
Entropy (8bit):7.716021191059687
Encrypted:false
SSDEEP:
MD5:67766FF48AF205B771B53AA2FA82B4F4
SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
Malicious:false
Reputation:low
Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.

C:\Users\alfredo\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):5151
Entropy (8bit):7.859615916913808
Encrypted:false
SSDEEP:
MD5:6C24ED9C7C868DB0D55492BB126EAFF8
SHA1:C6D96D4D298573B70CF5C714151CF87532535888
SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
Malicious:false
Reputation:low
Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s

C:\Users\alfredo\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):20
Entropy (8bit):2.8954618442383215
Encrypted:false
SSDEEP:
MD5:F265DE41A3438656937BE5C5D5533FD0
SHA1:821DB3674A94901FB5EC364B219CD1988114E406
SHA-256:18EB4D03AEAF29E2919C8D5382C2184B16ACFE5E4F3A2CEA39E43D8A02C284F1
SHA-512:7B3485397CFD4F88E2C7A36FB4642A3F9C996127BA36E8C306CB7560B03EE8AE839EE0564FB47A06BCE6DC01CD82BEC5D1479B70054F2186C255C4CE33C5ECF1
Malicious:false
Reputation:low
Preview:..a.l.f.r.e.d.o.....

C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UJUNO8FZC58XOCA50AXF.temp

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):12
Entropy (8bit):0.41381685030363374
Encrypted:false
SSDEEP:
MD5:E4A1661C2C886EBB688DEC494532431C
SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:false
Reputation:low
Preview:............

C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):12
Entropy (8bit):0.41381685030363374
Encrypted:false
SSDEEP:
MD5:E4A1661C2C886EBB688DEC494532431C
SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:false
Reputation:low
Preview:............

C:\Users\alfredo\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms~RF238e8.TMP (copy)

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):12
Entropy (8bit):0.41381685030363374
Encrypted:false
SSDEEP:
MD5:E4A1661C2C886EBB688DEC494532431C
SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:false
Reputation:low
Preview:............

C:\Users\alfredo\Desktop\~$New Years Quiz.pptx

Download File
Process:C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
File Type:data
Category:dropped
Size (bytes):165
Entropy (8bit):1.6126637592865871
Encrypted:false
SSDEEP:
MD5:AFA00B8E0337DF38688128AE4624E9B4
SHA1:CD33BFE41DC6542C50A95FC5D522BDC2ED0E89A9
SHA-256:87DF74E0D8656B0AA4B35F95FC62DEA52E571702BCA547E923092E90A39BDFCD
SHA-512:9C51431BFDEFC282F107BB23E1C2255AB5731FA971BCFAA2E5105479B5C337F3EDC6D3B7616DBCFDEA7A7935A78E313461C7FE91EBF241261FFB6C9EDE86833B
Malicious:false
Reputation:low
Preview:.alfredo. ..a.l.f.r.e.d.o. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General

File type:Microsoft PowerPoint 2007+
Entropy (8bit):7.997266324981801
TrID:
  • PowerPoint Microsoft Office Open XML Format document (133004/1) 76.66%
  • Microsoft PowerPoint Macro-enabled Open XML add-in (32504/1) 18.73%
  • ZIP compressed archive (8000/1) 4.61%
File name:New Years Quiz.pptx
File size:3698551
MD5:aaef4b88a0786189d40ef96e7c6c7dfc
SHA1:97191fc7bb61c677785d316cd8bb4a7c36f34fa4
SHA256:84108e3fdd2d9270764c51ae9e8012448173cfd82e95e6aa22365d3cf1fe97a1
SHA512:a361727e0f5e2e878c2564cf9c70c2a6d79c6cef86d966863f9f4f65126a9129c57ff41f8738aa033503758efa450519da5eb6f257f464ae7a2aa64100d3d761
SSDEEP:98304:dtoIOTcFkbsoi9QhaYuU7myfTRfr6yqj5:sLcssoFB7mEs
TLSH:DC0633F49DD8AD5EE61B113E4CE7C7E8D9E02CB7D5810A292AF85518FF2EB12324C194
File Content Preview:PK..........!.................ppt/presentation.xml...n.0...'....N48. BU.e..I....&.Du..6.:..w..0D........9......v_SgG..8.\t3v...^V.5s...Q.:RaVb...........Y3m...).`..n.....(.L=O..Rcy...@[sQc.]........z.x.{5........... ......u".5y.M.....3..Y\.$..../...3%..;.

File Icon

Icon Hash:74f4c4ccc6c6c0d4