| Name | 9fbf37b17342abea_~$20_9597866810567.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$20_9597866810567.doc |
| Size | 162.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 97dbd35d4138e385ac92a6b4d9c05ccc |
| SHA1 | 99a78e6e5ca76008e2fc158031522181b7567db7 |
| SHA256 | 9fbf37b17342abeaee2de938cfcbba76f56f1c4a070cc785829da94e16928337 |
| CRC32 | 3AFB66C2 |
| ssdeep | 3:yW2lWRdvL7YMlbK7lIJkrlt:y1lWnlxK7Ykj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5198fa0f5db0645b_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 8eb7ef27966ff233cf87b14b723ff88a |
| SHA1 | 8c0734adcb7a05ccf6d588c3a11749fd6c902126 |
| SHA256 | 5198fa0f5db0645b75383f7ff4a2a183b1233d88fa1585d3b72289901f4338ae |
| CRC32 | 8D0535B5 |
| ssdeep | 3:yW2lWRdvL7YMlbK7l0:y1lWnlxK7S |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2d939b5aee78649b_kaosdma.txt |
|---|---|
| Filepath | C:\ProgramData\kaosdma.txt |
| Size | 15.0B |
| Processes | 6420 (svchost.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | f8bbb031d638ee9ad641d31dcf876ceb |
| SHA1 | 3e8ab5f4a8497d4ddbdc0c85409fd8ad85d36d9a |
| SHA256 | 2d939b5aee78649ba5dcf483ea0aaa5e19e86948b4778e339f04998c89927566 |
| CRC32 | DFD5C328 |
| ssdeep | 3:Lb+:/+ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{36773fa7-b334-4cb5-befd-554cd568effc}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{36773FA7-B334-4CB5-BEFD-554CD568EFFC}.tmp |
| Size | 1.0KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f7c41fd77ad01b8a_bb1e7f76.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BB1E7F76.emf |
| Size | 4.8KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | e53903ac2c9a77065afadd6ca0788389 |
| SHA1 | 1f09704250f319ba849a8f350a0f0c43b7023540 |
| SHA256 | f7c41fd77ad01b8a2c79993742a2a05da592fea24e0d99f831cc6c9ed56c6971 |
| CRC32 | B39601F9 |
| ssdeep | 48:FUD3hNLxsT5AMobmsdBg6qjpLkwOEG6kpYjdHkya52:mTLwAhLBFq9gVU5Ee |
| Yara | None matched |
| VirusTotal | Search for analysis |