| Name | 3c26de62bcaced1e_~wrs{47e38a4d-7d01-44f9-860b-a4a57a6fdf44}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{47E38A4D-7D01-44F9-860B-A4A57A6FDF44}.tmp |
| Size | 1.5KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | ac05db0277427c1a4004563e441a40f5 |
| SHA1 | 6af9f6d3d24a9a6e0421e47af3f2ad03f2d0bebf |
| SHA256 | 3c26de62bcaced1e9fc053087c224ae230907faad81835d61a6fe098ee261819 |
| CRC32 | 52912E26 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNfj1fl4wPxZlhRt3POD7jX:fgFpUElClDK/CGePlIR4wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 17a9c2824d615572_65012db2.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\65012DB2.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | c5a13ef30c3245929f2337e710b4bfbb |
| SHA1 | c503055fde12d6dd1a430c01a9b2b09bc5d390d9 |
| SHA256 | 17a9c2824d615572599a3ed1ab32052fe64e3b976122c739d84f5a5529904c89 |
| CRC32 | 0B1BFB00 |
| ssdeep | 48:k6ANXybEc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbtccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{cf18dc45-e3c5-45d3-a1cd-51effe1c0601}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CF18DC45-E3C5-45D3-A1CD-51EFFE1C0601}.tmp |
| Size | 2.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4310852fc93f58e1_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Sep 13 16:13:58 2021, mtime=Mon Sep 13 16:13:58 2021, atime=Mon Sep 13 16:13:58 2021, length=326144, window=hide |
| MD5 | 9bc613d4c8a23f7f30c214def228ae71 |
| SHA1 | 5424c12121a47c38dba24214d3a74524168c00d8 |
| SHA256 | 4310852fc93f58e19eb22dbf9ec257eed005c230cd76fb31372a119d9a52caec |
| CRC32 | BEAA9CA6 |
| ssdeep | 12:8c2KCggXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTyy09+/iluXu7izCCOLAHSuTQF:8c2avyuvqVRdxzIoa+31zNYuTuCLPyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5c9d949df63ba18d_~$13_1576787967287.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$13_1576787967287.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | bc407b766591e104a6216690a4246b1b |
| SHA1 | 05b8df8c031d889ce490a3d6f02ebf5ee1228ef6 |
| SHA256 | 5c9d949df63ba18daa51e3f84b86cace15606f3b0dc656adea38364c95fadad9 |
| CRC32 | F0FC37E1 |
| ssdeep | 3:yW2lWRdB2dW6L75lZJK732xaItXlmq+DSl/n:y1lWCWmHK7GvIFDSt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{f5f0c24c-ce3c-423e-a9f0-527dff167f26}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F5F0C24C-CE3C-423E-A9F0-527DFF167F26}.tmp |
| Size | 1.0KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf2267ff756c047b_ba7d0135.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BA7D0135.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ca5f12cb86be2df5811bba74e718312d |
| SHA1 | eccf19182003e990e8fb70c2844555119775af48 |
| SHA256 | cf2267ff756c047bbf2d633bb465edcc21ad4c80764f906ae06d9e89e85ca1eb |
| CRC32 | 4F78E4CB |
| ssdeep | 48:FXN8ArsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:38A2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2c6cbd751a837dfe_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 6d1aeb4826daba42effe3948f479cde0 |
| SHA1 | c04487d81cf7c567896c71a644135192c490dd8b |
| SHA256 | 2c6cbd751a837dfeaaee1b9f73e011429dfab29adfdb1c6aad6daeba751b45a8 |
| CRC32 | F7226F44 |
| ssdeep | 3:yW2lWRdB2dW6L75lZJK732xaItXlmKlt:y1lWCWmHK7GvIKlt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 527f691f8c00040e_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 2f3d158b3203cf4e4d76c9235bf675ba |
| SHA1 | 5d828c388ef1b06e80c2f2d157cd8708cfb8c1ca |
| SHA256 | 527f691f8c00040ed9b883d06040c6e3dee887efdffecf6397e46e814d9ff392 |
| CRC32 | 01B17814 |
| ssdeep | 3:yW2lWRdB2dW6L75lZJK732xaItXlmy/0x:y1lWCWmHK7GvIVx |
| Yara | None matched |
| VirusTotal | Search for analysis |