| Name | f4d28cf0f12006f9_590aee7bdd69b59b.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms |
| Size | 7.8KB |
| Processes | 2312 (powershell.exe) |
| Type | data |
| MD5 | b770148dd160455bac8fe186a882733d |
| SHA1 | f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a |
| SHA256 | f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e |
| CRC32 | 94B533F7 |
| ssdeep | 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0548fbb832b262a3_~$mplate.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$mplate.dotm |
| Size | 162.0B |
| Processes | 1080 (WINWORD.EXE) |
| Type | data |
| MD5 | 337eb5b71c2e3d20cd790c0332a98d0e |
| SHA1 | 4d99d8f4a23b753744276fd10a516033da0e7c92 |
| SHA256 | 0548fbb832b262a39acedb0164a148cdbc934b66cf500ddbfcd3b7228d222671 |
| CRC32 | A25161B1 |
| ssdeep | 3:yW2lWRdvL7YMlbK7lZynAke:y1lWnlxK73xk |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 352b4205853545c0_~wrs{f73968fe-e3df-4d31-a321-448daad216ad}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F73968FE-E3DF-4D31-A321-448DAAD216AD}.tmp |
| Size | 1.5KB |
| Processes | 1080 (WINWORD.EXE) |
| Type | data |
| MD5 | f4866049183d843a3d424fe7efec92b8 |
| SHA1 | f79adb2950215ac4e1d513cd30bf856d97b1ef9c |
| SHA256 | 352b4205853545c087cb5ba93f39f30ed231104fb5f3ec87c2fa2b6b881fa3d6 |
| CRC32 | 89B7603D |
| ssdeep | 6:YmWmG2GW2GJOl42VdTokZgdlj/h7ZS8CPX6yz:YXHH3RlxTeld7ZS8CPXX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 955e0f806c3c2589_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1080 (WINWORD.EXE) |
| Type | data |
| MD5 | 378a5abdaf971f65fafc6fe92c4e9cec |
| SHA1 | ae5757b4504c5f29db4f3318cab2799a1b600e5c |
| SHA256 | 955e0f806c3c2589cc56dd5eeba708a1c0b0314656ab5cce18e99008f3aac25a |
| CRC32 | 6C42E2A1 |
| ssdeep | 3:yW2lWRdvL7YMlbK7lNnX:y1lWnlxK7 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{49f0111d-868e-4fa0-b0e0-7477ab9be03f}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{49F0111D-868E-4FA0-B0E0-7477AB9BE03F}.tmp |
| Size | 1.0KB |
| Processes | 1080 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |