| Name | 4ab9b7732f38de5d_~$08_3382318512000.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$08_3382318512000.doc |
| Size | 162.0B |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | e8f8c62c11bcce0db14e9781794e57bb |
| SHA1 | 28c02df720ad5dba7c7c7e7d6ba825a9a3ae0ef2 |
| SHA256 | 4ab9b7732f38de5dfc7d7d60cf995901e6453b17b6bb8ebcd71b7a3d8b4b336f |
| CRC32 | 41F73063 |
| ssdeep | 3:yW2lWRdxloW6L7Dpll7TK7AR2HItfqwmtJ+G:y1lWnoWmxll7TK7ARDfqf+G |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{e630eb6b-3db0-4105-a0e5-27ec37927f35}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E630EB6B-3DB0-4105-A0E5-27EC37927F35}.tmp |
| Size | 1.0KB |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3fb4d3a268e5ba28_f67fe285.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F67FE285.emf |
| Size | 4.9KB |
| Processes | 2496 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 599fd905d092949b82fef3026c0cfe95 |
| SHA1 | 1ac19d7b1ebf17924b82d1511ec7faacb04d3ff9 |
| SHA256 | 3fb4d3a268e5ba2826ef62b0edbfee176874421723ee6b40d170489448ba75c6 |
| CRC32 | B37FA39A |
| ssdeep | 48:k6AN5Wc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbMccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d1b9f978eeb9d57b_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | 717b27de98704ce5e8c09f432113eccd |
| SHA1 | cd86d3e679865ec04ba879047b78329f43a953c6 |
| SHA256 | d1b9f978eeb9d57bf542a0f4f874272194939d22ec1bf8fa74f2e37deba3bf46 |
| CRC32 | C9B0E6A7 |
| ssdeep | 3:yW2lWRdxloW6L7Dpll7TK7AR2HItfqwmAX:y1lWnoWmxll7TK7ARDfqEX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 2496 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 88fe35d78a2109be_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 2496 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 8 18:14:03 2021, mtime=Wed Sep 8 18:14:03 2021, atime=Wed Sep 8 18:14:03 2021, length=340480, window=hide |
| MD5 | c2585b69d9849d791295862e3f911aae |
| SHA1 | 78cc7fd87bebc420d40e83a3e075d9f75dacaebf |
| SHA256 | 88fe35d78a2109bee15f3ed47e4e1afdaf43299ffd0b6830aad5d44053881fa1 |
| CRC32 | 6C5EA79D |
| ssdeep | 24:8uMCvyuvqVRdxzIoyecMwozNYuTuCLPyh:8xCvy4KXvRpYuT3yh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a4a56fd6263669ad_d1c6af94.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D1C6AF94.emf |
| Size | 4.9KB |
| Processes | 2496 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | aacdecc6f5c6c851000eef4c49618a08 |
| SHA1 | 9b77caf2467fad5dda8b6c84d5ea2d3594209fec |
| SHA256 | a4a56fd6263669ad315cf9d20f9142b43e3a857c737da519e7e4f8e215798bb0 |
| CRC32 | A7F7F4E9 |
| ssdeep | 48:FXNFqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3Fq2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b961ebc4488e72ed_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d5f2d1f62460009af85be0f514a54ec |
| SHA1 | aabee277536e916e030db206615a5b82d087e185 |
| SHA256 | b961ebc4488e72edf1f380fb5038c80d55943151044fdb95a1abad908f6c2673 |
| CRC32 | 6BEEE0E7 |
| ssdeep | 3:yW2lWRdxloW6L7Dpll7TK7AR2HItfqwm9iln:y1lWnoWmxll7TK7ARDfqQn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e9eb51e08019040_~wrs{dbe7171c-34b9-4ff0-b232-1be5f4665e85}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DBE7171C-34B9-4FF0-B232-1BE5F4665E85}.tmp |
| Size | 1.5KB |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | bd974407b629f5c512abc7aa2c3c1d4b |
| SHA1 | 6139754dd8b959d551d3910e9ee6d19c074f2a75 |
| SHA256 | 9e9eb51e080190407e4c216a46a0afc68020a5055506de693b1f887b70ba7aad |
| CRC32 | 81ADF6F4 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNdwtwn9m/wPxZlhRt3POD7jCj:CpUElClDK/8GePlcXL94wPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{5f4541e2-520e-410a-9f64-9c14543cf2f6}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5F4541E2-520E-410A-9F64-9C14543CF2F6}.tmp |
| Size | 2.0B |
| Processes | 2496 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |