| Name | a4a56fd6263669ad_63996e79.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63996E79.emf |
| Size | 4.9KB |
| Processes | 2280 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | aacdecc6f5c6c851000eef4c49618a08 |
| SHA1 | 9b77caf2467fad5dda8b6c84d5ea2d3594209fec |
| SHA256 | a4a56fd6263669ad315cf9d20f9142b43e3a857c737da519e7e4f8e215798bb0 |
| CRC32 | A7F7F4E9 |
| ssdeep | 48:FXNFqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3Fq2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7a7c1c1727d312b5_~$08_1433632206833.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$08_1433632206833.doc |
| Size | 162.0B |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | 3bf767237aba1bedb74d0cf7b3cf8706 |
| SHA1 | 1f8c4bd9b4ee1aaa302cce4bd3b366e1da01c17e |
| SHA256 | 7a7c1c1727d312b5e0547e7cdcffbe42325bc7ca09148825400aeddafe390ba2 |
| CRC32 | AF64DB37 |
| ssdeep | 3:yW2lWRd/cFtQloW6L7C0llpTK7IpMHItvtHqWpkln:y1lWoQloWmOcldK7Ii4vtKWpsn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e9eb51e08019040_~wrs{c1cc0669-79c1-4169-8c9a-098c3b7e602a}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1CC0669-79C1-4169-8C9A-098C3B7E602A}.tmp |
| Size | 1.5KB |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | bd974407b629f5c512abc7aa2c3c1d4b |
| SHA1 | 6139754dd8b959d551d3910e9ee6d19c074f2a75 |
| SHA256 | 9e9eb51e080190407e4c216a46a0afc68020a5055506de693b1f887b70ba7aad |
| CRC32 | 81ADF6F4 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNdwtwn9m/wPxZlhRt3POD7jCj:CpUElClDK/8GePlcXL94wPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 79e47fa7566fdbb1_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | 0c97c907ef3b4ae8157a51f7ddfa91f6 |
| SHA1 | 8037070edcc50ae54642850d2bd8ab86b3396e13 |
| SHA256 | 79e47fa7566fdbb146f15df43c78e7dd5255b71449a44c1c8f6e034839bae46c |
| CRC32 | 65962987 |
| ssdeep | 3:yW2lWRd/cFtQloW6L7C0llpTK7IpMHItvtHqbJ/:y1lWoQloWmOcldK7Ii4vtKV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{0a5cb037-516d-4dfd-abb1-b8c6d2763596}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0A5CB037-516D-4DFD-ABB1-B8C6D2763596}.tmp |
| Size | 2.0B |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3fb4d3a268e5ba28_fa9fd226.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FA9FD226.emf |
| Size | 4.9KB |
| Processes | 2280 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 599fd905d092949b82fef3026c0cfe95 |
| SHA1 | 1ac19d7b1ebf17924b82d1511ec7faacb04d3ff9 |
| SHA256 | 3fb4d3a268e5ba2826ef62b0edbfee176874421723ee6b40d170489448ba75c6 |
| CRC32 | B37FA39A |
| ssdeep | 48:k6AN5Wc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbMccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 2280 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{dffd5415-57fc-4043-815f-a40a07f47eba}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFFD5415-57FC-4043-815F-A40A07F47EBA}.tmp |
| Size | 1.0KB |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7ce13c917d4321bf_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 2280 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 8 18:47:04 2021, mtime=Wed Sep 8 18:47:04 2021, atime=Wed Sep 8 18:47:04 2021, length=340480, window=hide |
| MD5 | 1d9e42e48faeb0de43e2a78f81e424bc |
| SHA1 | 2133e0499b4b67683889bafd88ba098e6d107970 |
| SHA256 | 7ce13c917d4321bf6f9c6be201c10eb952dfd286ffece97381225b6814b927e8 |
| CRC32 | 3E380362 |
| ssdeep | 24:8UZmwvyuvqVRdxzIoYbH+8zNYuTuCLPyeSR:8UZFvy4KXMLpYuT3yx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 63b68a00c5b87453_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2280 (WINWORD.EXE) |
| Type | data |
| MD5 | 7847968b37bd97a687ab010d47e66e9c |
| SHA1 | c78ab73e3a2778f6c165a4255449c1e06987d912 |
| SHA256 | 63b68a00c5b874533e48251e6d2be3bbcbae03ee9de81aa4c1f4e8e81a856547 |
| CRC32 | D74C0625 |
| ssdeep | 3:yW2lWRd/cFtQloW6L7C0llpTK7IpMHItvtHqmqyhXn:y1lWoQloWmOcldK7Ii4vtKmJxn |
| Yara | None matched |
| VirusTotal | Search for analysis |