| Name | 0877a3fc43a5f341_~wrs{c1f6def0-21e6-4220-a36a-0c46c8dd7dd0}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1F6DEF0-21E6-4220-A36A-0C46C8DD7DD0}.tmp |
| Size | 1.0KB |
| Processes | 9068 (WINWORD.EXE) |
| Type | dBase III DBT, version number 0, next free block index 7536653 |
| MD5 | 28adf62789fd86c3d04877b2d607e000 |
| SHA1 | a62f70a7b17863e69759a6720e75fc80e12b46e6 |
| SHA256 | 0877a3fc43a5f341429a26010ba4004162fa051783b31b8dd8056eca046cf9e2 |
| CRC32 | 8E6A7128 |
| ssdeep | 3:Ghl/dlYdn:Gh2n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 22fd882350bde65a_188ad09f.htm |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\188AD09F.htm |
| Size | 6.3KB |
| Processes | 9068 (WINWORD.EXE) |
| Type | HTML document, ASCII text |
| MD5 | f4990c095a0b523453b4b88d8c9fc14a |
| SHA1 | dad943431ad491a55c634f3afb95486e37224179 |
| SHA256 | 22fd882350bde65a98a58af6641f81157ea4d2b1688b7f84c017f2bd4875b20b |
| CRC32 | 33772ED5 |
| ssdeep | 192:Zy/O8yw4RlDEvHLgszgA8cydXDChxiqEuf:8/O8yXRiLgszgA8c9iqEuf |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1189f4d8af0ea163_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 9068 (WINWORD.EXE) |
| Type | data |
| MD5 | a4bebca8c21b30e59e59ac3f07e76b42 |
| SHA1 | 5627c0530fb648d1906bc8b70ea7a5c556783544 |
| SHA256 | 1189f4d8af0ea1638e68969655bf99bef5f5d24505fed20a68df352fe6328d83 |
| CRC32 | 9E617C55 |
| ssdeep | 3:yW2lWRdvL7YMlbK7l6:y1lWnlxK7E |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{f4f910bc-5b2e-4157-82b9-95ec742c9cdf}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F4F910BC-5B2E-4157-82B9-95EC742C9CDF}.tmp |
| Size | 1.0KB |
| Processes | 9068 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 28e8c09b98d82d01_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 55.0B |
| Processes | 9068 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 308fd39b77a328aa1ee816d7c63535ff |
| SHA1 | 091212673ce685622c2830cdc8ce00d29b410209 |
| SHA256 | 28e8c09b98d82d01332e01eb49a1f9e4b6c595eb95e4761900b19782255e8276 |
| CRC32 | D6AE7366 |
| ssdeep | 3:bDuMJlbCJ71K9y:bCQu71K9y |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7aa8b130066b1964_fqxx8.url |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\fQXx8.url |
| Size | 45.0B |
| Processes | 9068 (WINWORD.EXE) |
| Type | MS Windows 95 Internet shortcut text (URL=<http://bit.do/fQXx8>), ASCII text, with CRLF line terminators |
| MD5 | e306d4fffd8dbe1ed255eef3af67667a |
| SHA1 | e6d3c7be9f5fcc6204cc7a88f7042a3eb6eba527 |
| SHA256 | 7aa8b130066b196412570a52e1fdeb94cfb0e70ccbbe0781444fa7bf819736a9 |
| CRC32 | 0B22BA08 |
| ssdeep | 3:HRAbABGQYm/hQ1uVyn:HRYFVm/hY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5252f70dcff3bfcf_bit.do.url |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\bit.do.url |
| Size | 40.0B |
| Processes | 9068 (WINWORD.EXE) |
| Type | MS Windows 95 Internet shortcut text (URL=<http://bit.do/>), ASCII text, with CRLF line terminators |
| MD5 | 63a65732e855916e4f980a14dff10293 |
| SHA1 | 2b60cbf31f524a207f512dd9d3a208dc1abde286 |
| SHA256 | 5252f70dcff3bfcfb5d7db4f8d53732250dc1161466b80d97671510dad35b073 |
| CRC32 | 7DC0B149 |
| ssdeep | 3:HRAbABGQYm/hQ1A:HRYFVm/hd |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bc21f83d32c32e2d_bit-do-url-shortener-logo-66x66[1].png |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\bit-do-url-shortener-logo-66x66[1].png |
| Size | 4.0KB |
| Processes | 9068 (WINWORD.EXE) |
| Type | PNG image data, 66 x 66, 8-bit/color RGB, non-interlaced |
| MD5 | bff83b87460c31c38fb192435b01665a |
| SHA1 | b6004a258c93ed6258c2ccadc12329d31f81dd69 |
| SHA256 | bc21f83d32c32e2d174138ec2bb7bb6954c673f82a1e8dcbe49b8a50f3ed8167 |
| CRC32 | FCB2CBEB |
| ssdeep | 96:hY23S/iHpyKEaEcR+q/mADBxAOZOuRSt+:hfSRIEc0A7Bxst+ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e262a97aa4e39851_~wrs{a9d000c4-a339-4d01-b697-289a33647fe6}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A9D000C4-A339-4D01-B697-289A33647FE6}.tmp |
| Size | 8.1KB |
| Processes | 9068 (WINWORD.EXE) |
| Type | data |
| MD5 | 24247a89ae9131d8be7083dc5a7b1eac |
| SHA1 | 9d52e994d179ee880176446313a1e443ecad38a9 |
| SHA256 | e262a97aa4e39851ed8c7a93158fd7ef78f53870f18bc0645991d68777ac1d17 |
| CRC32 | C252562E |
| ssdeep | 96:rPr8B4DUdJ0cVAHXlD8IgzNmqP+3D7qSYO6OO+hut/HE:rT8B4wdNAJWrm3D7/YtEhz |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3e5000ad5aed6f80_~$uwa.docx |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$uwa.docx |
| Size | 162.0B |
| Processes | 9068 (WINWORD.EXE) |
| Type | data |
| MD5 | 078be4177606bf04c1ecd0dc3b513cd7 |
| SHA1 | 3c359cf69fb556337e8a03fc2a5343bbae158cfd |
| SHA256 | 3e5000ad5aed6f805fe9ecc9596367d01bdc8b23a1b5bd2cf4e041185d3e27bf |
| CRC32 | ED7DF54A |
| ssdeep | 3:yW2lWRdvL7YMlbK7lDnlZw/:y1lWnlxK7tlq/ |
| Yara | None matched |
| VirusTotal | Search for analysis |