| Name | e545d395bb3fd971_~wrs{403e592b-a5aa-4b95-afe9-3c9d6ed07a5f}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{403E592B-A5AA-4B95-AFE9-3C9D6ED07A5F}.tmp |
| Size | 2.0B |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1fc846e053ad1bbe_~$09_2427575404904.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$09_2427575404904.doc |
| Size | 162.0B |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | aaba1df58d0f3d79f3547717213281b1 |
| SHA1 | afb7e2d8ce8fb75343160e6734cc1eabafe13fa0 |
| SHA256 | 1fc846e053ad1bbee596c02c602ca1448571fc06a884814e7eb534e06b4f2dfd |
| CRC32 | B18F3475 |
| ssdeep | 3:yW2lWRdNoW6L7r/vK7WHl/cIta4ls4Jll:y1lWhoWm//vK7WHl/ra4C4J/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 2492 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 65b0601cb6ce1932_cbddb137.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CBDDB137.emf |
| Size | 4.9KB |
| Processes | 2492 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 7951ed45175883f177c24262ee790ac8 |
| SHA1 | af6b0b7e2a0e545c4b3b7c3a5052cd264d2d8794 |
| SHA256 | 65b0601cb6ce1932aa244531c0cf267f46dd4a6bd917ae2599e32e07d21b5df7 |
| CRC32 | B115C9C3 |
| ssdeep | 48:k6ANc3c7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbc3ccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f9f1d091651cd67_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 2492 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Sep 9 15:01:48 2021, mtime=Thu Sep 9 15:01:48 2021, atime=Thu Sep 9 15:01:48 2021, length=326144, window=hide |
| MD5 | 28062641e241da36c355384eb45cd572 |
| SHA1 | dbf0e1d4e7e3dad8568422636c0be0e3ce376027 |
| SHA256 | 0f9f1d091651cd670fdd22f82d27639705c06168abfaf57219a9ec6b6f195c90 |
| CRC32 | F5F2D831 |
| ssdeep | 24:8xUOoFvyuvqVRdxzIoUebTVzNYuTuCLPyh:8WHFvy4KXZHVpYuT3yh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 25e0a0dde4092ae2_~wrs{0848dec0-3541-449e-ba8b-47109b15e1e4}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0848DEC0-3541-449E-BA8B-47109B15E1E4}.tmp |
| Size | 1.5KB |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | c76bfbd66dad50182486f235d201071f |
| SHA1 | e77858b57913d2d9b5df87fe4cccd69da19c8c2a |
| SHA256 | 25e0a0dde4092ae2757ab4ecf95616b9777d156f81cf24f3896b514da339247c |
| CRC32 | 366A666F |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNvkPNA4wPxZlhRt3POD7jX:fgFpUElClDK/CGePlI1UwPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 32c5e338a0602a65_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | a0579cc43363cf79c5dbb171c6203bfc |
| SHA1 | ee6d06e457fc10f7abc82366fe642200a895f042 |
| SHA256 | 32c5e338a0602a65f13d1e820def0c4aa8184c6bad87b9afbe1cd0796c5f9095 |
| CRC32 | 0C544DA5 |
| ssdeep | 3:yW2lWRdNoW6L7r/vK7WHl/cIta4lsShX:y1lWhoWm//vK7WHl/ra4CSx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5326b415dbfcaed2_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | 4ae42d0ddada81190d653bbff1173461 |
| SHA1 | c57790631f643a8a2d62dea77de4485b8401ab2d |
| SHA256 | 5326b415dbfcaed2ab635ec1a9f35f6cac6011a436faf40e5ff15366c3e768bc |
| CRC32 | 7F56A87F |
| ssdeep | 3:yW2lWRdNoW6L7r/vK7WHl/cIta4lsHJlln:y1lWhoWm//vK7WHl/ra4Cplln |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{3f9e8609-0807-43ff-9a8e-37011ae62545}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3F9E8609-0807-43FF-9A8E-37011AE62545}.tmp |
| Size | 1.0KB |
| Processes | 2492 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c731dcbf7301ab5f_b9c3ee8e.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9C3EE8E.emf |
| Size | 4.9KB |
| Processes | 2492 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 1f5508575dafc5b68095d00a4ef4299a |
| SHA1 | 53bcb1314c3e4c4c3e5604d851d81ea9dc61c4ab |
| SHA256 | c731dcbf7301ab5f49f5da87658c026200b30a17a59929119b8daf66cd5c890b |
| CRC32 | F1EF5E04 |
| ssdeep | 48:FXNghrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3gh2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |