| Name | a38e9b5ccdeac8b8_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 6a88cfa5e9541fef953ca2fb38c415fc |
| SHA1 | 6ce85665874475a788fe435516b3e5ef7f924888 |
| SHA256 | a38e9b5ccdeac8b84c6733f2e2eb58823c2289d91267e733cceb26088a49a192 |
| CRC32 | F6F3D463 |
| ssdeep | 3:yW2lWRdEloW6L7c5llpTK7yzTHItK5/FoQShX:y1lWQloWmIhdK7yzT4K5/SQy |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e9eb51e08019040_~wrs{ed3e47f5-d824-4cb4-ad09-5597767f6758}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ED3E47F5-D824-4CB4-AD09-5597767F6758}.tmp |
| Size | 1.5KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | bd974407b629f5c512abc7aa2c3c1d4b |
| SHA1 | 6139754dd8b959d551d3910e9ee6d19c074f2a75 |
| SHA256 | 9e9eb51e080190407e4c216a46a0afc68020a5055506de693b1f887b70ba7aad |
| CRC32 | 81ADF6F4 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNdwtwn9m/wPxZlhRt3POD7jCj:CpUElClDK/8GePlcXL94wPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8c555356c25b4f29_~$08_4652590689245.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$08_4652590689245.doc |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 46f296a85914583ab0bb1315f37480b8 |
| SHA1 | cf4eb4e865a7f4200a92b15d897e9ec11b01da1c |
| SHA256 | 8c555356c25b4f296ba8f5c14d50d5eb8019398bca5267ba8c1e2be789aa02a5 |
| CRC32 | 5538AFC2 |
| ssdeep | 3:yW2lWRdEloW6L7c5llpTK7yzTHItK5/Fogd/n:y1lWQloWmIhdK7yzT4K5/Sgd/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3fb4d3a268e5ba28_e22be519.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E22BE519.emf |
| Size | 4.9KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 599fd905d092949b82fef3026c0cfe95 |
| SHA1 | 1ac19d7b1ebf17924b82d1511ec7faacb04d3ff9 |
| SHA256 | 3fb4d3a268e5ba2826ef62b0edbfee176874421723ee6b40d170489448ba75c6 |
| CRC32 | B37FA39A |
| ssdeep | 48:k6AN5Wc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbMccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8105bd53fb918d25_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 19b6e859171bd487ab3d3f1092e3b0c2 |
| SHA1 | 21f8b997abb6076748a76d393ff80a258b8047df |
| SHA256 | 8105bd53fb918d2585ec61546bbe0c8e521426a96456406c3d01bbcfd5148184 |
| CRC32 | CC4E09FF |
| ssdeep | 3:yW2lWRdEloW6L7c5llpTK7yzTHItK5/Fo9sJ/n:y1lWQloWmIhdK7yzT4K5/SOJ/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a4a56fd6263669ad_67878b78.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67878B78.emf |
| Size | 4.9KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | aacdecc6f5c6c851000eef4c49618a08 |
| SHA1 | 9b77caf2467fad5dda8b6c84d5ea2d3594209fec |
| SHA256 | a4a56fd6263669ad315cf9d20f9142b43e3a857c737da519e7e4f8e215798bb0 |
| CRC32 | A7F7F4E9 |
| ssdeep | 48:FXNFqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3Fq2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{6d6d7526-8419-4d0f-8f91-171498ee7ed8}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D6D7526-8419-4D0F-8F91-171498EE7ED8}.tmp |
| Size | 2.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7a62b886f87a3df8_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 8 18:17:09 2021, mtime=Wed Sep 8 18:17:09 2021, atime=Wed Sep 8 18:17:09 2021, length=340480, window=hide |
| MD5 | 26e0af7afe74ce7506777453f283d8dd |
| SHA1 | 3406ffb2f4f66efaccb2d48395c477a4c5858159 |
| SHA256 | 7a62b886f87a3df8770532970de2be4f3e75f4920f0d71108b2ca8e4650ee9b1 |
| CRC32 | 4AD310EA |
| ssdeep | 12:8/CW1ggXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTyTj9qilmKcq/izCCOLAHSuTQV:8qFvyuvqVRdxzIo+2qKzNYuTuCLPyeSR |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{2e86eb60-0749-46a9-995b-697580234924}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2E86EB60-0749-46A9-995B-697580234924}.tmp |
| Size | 1.0KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |