| Name | a4d6f8adb72d9815_receipt on 103.155.80.150.url |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\receipt on 103.155.80.150.url |
| Size | 56.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | MS Windows 95 Internet shortcut text (URL=<http://103.155.80.150/receipt/>), ASCII text, with CRLF line terminators |
| MD5 | 91038f88207ffd27a6138725e4f6fd7c |
| SHA1 | 4450a8c1577c18830dcdc30de2270001186323bb |
| SHA256 | a4d6f8adb72d981513e4b51269ae1590e7a2278cdab867249550fb2bea38cb7c |
| CRC32 | BEC8F8A7 |
| ssdeep | 3:HRAbABGQYm/GMJ63yn:HRYFVm/9My |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 52dd4ea6825814ab_fsd-cnry.fsd |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD |
| Size | 128.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 42164a460f52e18fc905bd075f58055a |
| SHA1 | 2a27207d580ad2ae5c9cd29991d8913c5a3ee5aa |
| SHA256 | 52dd4ea6825814ab701723bb234ac09872b5415ae1696e5536bd800ad4233788 |
| CRC32 | C9373366 |
| ssdeep | 48:I3aBWRHUIDcybtfRpzc4gebkL/79sW/r3xRHD0R7S8pXp:KCqcybNUV/5nT3xRHD67So5 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 17f15c1157e89fc6_centraltable.laccdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.laccdb |
| Size | 64.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | df0769a8ceead9c39f7f2888adab2e0a |
| SHA1 | a3c5648b5260a83617865b49822f5e4b566383e8 |
| SHA256 | 17f15c1157e89fc67fd7cfe674a6812bed4415b3ef2640048700340475398fbd |
| CRC32 | 90BB9F05 |
| ssdeep | 3:IkFaV:zu |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4f665bb9bfc95f8c_fsd-cnry.fsd |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\FSD-CNRY.FSD |
| Size | 128.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | aa420e2bab73409afa9dbf280f216961 |
| SHA1 | db761ccbf01cf46ee6ac3fbc9ff81f333c6fb5f6 |
| SHA256 | 4f665bb9bfc95f8c6a0447637f1b0187f161a9a3e7556af5dfbe6f2f94346944 |
| CRC32 | E2C95899 |
| ssdeep | 48:I3ZpdBD0D8C0t6VEGS6UnC2s/G7r6+W5r3PGU/NXZi1BX4hZi1BX4:K3nD+dIOfxF3PGUhZCX0ZCX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eaf9cdc741596275_centraltable.ini |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.ini |
| Size | 36.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 1f830b53ca33a1207a86ce43177016fa |
| SHA1 | bdf230e1f33afba5c9d5a039986c6505e8b09665 |
| SHA256 | eaf9cdc741596275e106dddcf8aba61240368a8c7b0b58b08f74450d162337ef |
| CRC32 | BA4496DE |
| ssdeep | 3:5NixJlElGUR:WrEcUR |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f2da15ccf13ae023_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 2aae9fa50e2eebc69f6783340fc17f53 |
| SHA1 | d0469f89485dce1747caf4deddeba86d328c914a |
| SHA256 | f2da15ccf13ae0234d83606e9d30925b5b4ec3706ab33dd1dc721e1f3982dfce |
| CRC32 | 9D2CF5F2 |
| ssdeep | 3:yW2lWRd4/woW6L7T/vK7UV/iItsMXIjSl/:y1lW0/woWmXvK7UrsBjG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 478867918f882f67_0a6wdc.url |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\0a6wdc.url |
| Size | 47.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | MS Windows 95 Internet shortcut text (URL=<http://cml.lol/0a6wdc>), ASCII text, with CRLF line terminators |
| MD5 | a405003fd092c859d592706b2dc57412 |
| SHA1 | eac480d8052c0b1dedee41e3644d052769506201 |
| SHA256 | 478867918f882f67741da99fe087263c407ffe0ce615fff03361689a373e3cd4 |
| CRC32 | 48E35BBB |
| ssdeep | 3:HRAbABGQYm/gI1V5BGy:HRYFVm/N1jBGy |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 139a70983b620fb2_~$sd po 2021090120.docx |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$SD PO 2021090120.docx |
| Size | 162.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | f80d9f7e9a4509502f87f31529d10113 |
| SHA1 | 175a771421d07e29250f003f561167711af72577 |
| SHA256 | 139a70983b620fb2fee01bb9254602d4c5cfdaeb0dcffd6a4b4fda18f7845853 |
| CRC32 | E20086CB |
| ssdeep | 3:yW2lWRd4/woW6L7T/vK7UV/iItsMXIhm//:y1lW0/woWmXvK7UrsBhmX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5251391902a213a5_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 126.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 92241b60291c0c5f96b89ec94870b752 |
| SHA1 | 3e0176bc63ed22fb00c53ee817fd2c61e50d2d51 |
| SHA256 | 5251391902a213a5289ef8211aa436f82c0e13600e419d1b549f7781be977ee7 |
| CRC32 | 767A57C4 |
| ssdeep | 3:bDuMJlwcXAlWCKCJ4OVjQaVMYgMWqJHp6rp2v:bCkAkfCSORVMv9I |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{af5db18e-c9e0-46c3-94ba-4501513a8a0e}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AF5DB18E-C9E0-46C3-94BA-4501513A8A0E}.tmp |
| Size | 1.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 828d2f7f37cb684e_eaee1698.htm |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EAEE1698.htm |
| Size | 9.3KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | ISO-8859 text, with very long lines, with CRLF, CR, LF line terminators, with overstriking |
| MD5 | d22ba5af380fe520c038a458e12483fa |
| SHA1 | bca66580a6eca278ccf1c95676bfb4416f16dbfc |
| SHA256 | 828d2f7f37cb684e3436f8a4e22a464ad86c11fa14494be6283ea9bf0f5d5b39 |
| CRC32 | B6B4B42F |
| ssdeep | 192:MH+Mw0p6asUI2wL19g6DdqRqsw6FOArnyeEqLHAO8:MHAe6n2dcdMtw6HrnyeEqLc |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0877a3fc43a5f341_~wrs{ae02606f-ac22-4978-ae1e-5e1792bf6c62}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AE02606F-AC22-4978-AE1E-5E1792BF6C62}.tmp |
| Size | 1.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | dBase III DBT, version number 0, next free block index 7536653 |
| MD5 | 28adf62789fd86c3d04877b2d607e000 |
| SHA1 | a62f70a7b17863e69759a6720e75fc80e12b46e6 |
| SHA256 | 0877a3fc43a5f341429a26010ba4004162fa051783b31b8dd8056eca046cf9e2 |
| CRC32 | 8E6A7128 |
| ssdeep | 3:Ghl/dlYdn:Gh2n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 14102c4f915c124e_~wrs{b9bd0c57-ab78-44d2-bba1-c96cbb437534}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B9BD0C57-AB78-44D2-BBA1-C96CBB437534}.tmp |
| Size | 6.5KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 8ff04d5669506aa0f70a8527980ce2cc |
| SHA1 | 2a456b8b3c862864ab129c7bfc3fe28606da13c9 |
| SHA256 | 14102c4f915c124ee7171908e35ac6690e8315f5b1f58fb35f8309f713906b9a |
| CRC32 | 5274090E |
| ssdeep | 192:K/ZNWTq8Pg0NZ83TFNqULEfLUmRQ2HuvZ:KbWTq8Pg0ruTFNhLcLjy2OvZ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4c9c906543c81558_fsf-{0e1eee64-e8c6-4e2a-9759-63cf07fd8988}.fsf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF |
| Size | 114.0B |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 254ca5a1074055048db1f1405edde58b |
| SHA1 | f51624c9d4319c275f9bdba31f526fde0902cd3d |
| SHA256 | 4c9c906543c81558c7b6e2137bb6a14be238578b7e37fe47de9ef7442e1c0b61 |
| CRC32 | 2B2F82C9 |
| ssdeep | 3:yVlgsRlz/z5albYuWEaeIlRrsSUwIf276:yPblz/talbYuWx09wIf22 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f94490fe06f15ba4_fsd-{2044f8e3-aafb-4efb-98a2-37078846ac95}.fsd |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{2044F8E3-AAFB-4EFB-98A2-37078846AC95}.FSD |
| Size | 128.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | data |
| MD5 | 46b3de7ef0e39d3c41ae8350ff9d3aef |
| SHA1 | 79b36b53e33066b1edb5bc33ac97cde4d978f838 |
| SHA256 | f94490fe06f15ba4b9b82f6c5f5556ff3cd8681b5291f7ab6dc5c2a4e448d92f |
| CRC32 | E21203ED |
| ssdeep | 48:I30B2km4f4N1RMAi2HzN7z7UT2+3F67tF67:KkKikET2+16v6 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f9745e20d31adda6_centraltable.accdb |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.accdb |
| Size | 472.0KB |
| Processes | 1336 (WINWORD.EXE) |
| Type | Microsoft Access Database |
| MD5 | f08085e489184eb5d84c7040933a9053 |
| SHA1 | 4b7bac867e4792cca5f9fb0c962322b0a73844fa |
| SHA256 | f9745e20d31adda6f0b9f5df2b404aed0fd48b03ba335728ecbaa0813ef5dd75 |
| CRC32 | D99D683C |
| ssdeep | 384:5DGR7JCg5ISFvI7ITRuAFSuR9OzNgEmVZO4FqZ:ILCCTQ7KRu1iwgRyZ |
| Yara | None matched |
| VirusTotal | Search for analysis |