| Name | e545d395bb3fd971_~wrs{a12658b2-dd59-4dbb-acb7-867a56b9b699}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A12658B2-DD59-4DBB-ACB7-867A56B9B699}.tmp |
| Size | 2.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b28e6506d981fde9_2e2a4dee.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2E2A4DEE.emf |
| Size | 4.9KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ad167e9b9bf95a12063e9289145bee60 |
| SHA1 | e9c9c952022bc4b62234b18e2afd52079a0839d8 |
| SHA256 | b28e6506d981fde9ac48f53513e15869b17de32c196a5977d72e4ce103f95093 |
| CRC32 | 386C40A9 |
| ssdeep | 48:FXNAUxNrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3bxN2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f21071d39f19d458_~wrs{974a89d0-d09f-4b0b-a216-45c4b689b51e}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{974A89D0-D09F-4B0B-A216-45C4B689B51E}.tmp |
| Size | 1.5KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | a41a5f309a41b272042c6e578de6ab77 |
| SHA1 | 00d621db249fe129fb9f534505fb611931fd96d4 |
| SHA256 | f21071d39f19d45817164b8e643fe2ab0acdabe5344257b1c844622775ca99c9 |
| CRC32 | D143B1D3 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNdqzNWnmPXwPxZlhRt3POT:fgFpUElClDK/CGePlIFnmPXwPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 834b192d31a421b8_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | f57c1eab3df0e2f296524f1af4385249 |
| SHA1 | 335c917ae09b3c95e97e34d7f2045199e2f4e9d8 |
| SHA256 | 834b192d31a421b882d326379b68e8bac6a65e717dfe758452c9fc51aa9408f5 |
| CRC32 | 1C1BB903 |
| ssdeep | 3:yW2lWRdd/SyW6L72l/7lJK7INallOHItktjmdjil:y1lWhvWmu/7TK7INallrc1 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b6c9f6b8029db399_~$14_4534346255302.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$14_4534346255302.doc |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 1a32a210b282adf15913cca606fab3d9 |
| SHA1 | e031795e219622ef529c61d13a19b65757829456 |
| SHA256 | b6c9f6b8029db399c8e65b765dcc32c744ee4f03eb63a9cea4e9cb043183b652 |
| CRC32 | BA500722 |
| ssdeep | 3:yW2lWRdd/SyW6L72l/7lJK7INallOHItktjmTdn:y1lWhvWmu/7TK7INallrcmdn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{f5c666e8-be84-458e-91e8-39811f2da89c}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F5C666E8-BE84-458E-91E8-39811F2DA89C}.tmp |
| Size | 1.0KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 08aa048b68cfa2b9_cf70c917.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CF70C917.emf |
| Size | 4.9KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 6d83f5dc778063f97f9e37f38b876e8f |
| SHA1 | 47845f603b0d34aef189f8c59e42b1d83c764c35 |
| SHA256 | 08aa048b68cfa2b92d1daa7637c162f80796d66709664bffef4f241396c69061 |
| CRC32 | 106D5775 |
| ssdeep | 48:k6ANkcxc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kbrccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bccfbb6a5f398376_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 7e64c69539ef5d3254525ae90cd43ce0 |
| SHA1 | 76fbbacdf654da01b476cada2897f9e0199bf3a1 |
| SHA256 | bccfbb6a5f3983764b07607277c541f628f438362c54728fabc2c6be1c8937a6 |
| CRC32 | E6E36D93 |
| ssdeep | 3:yW2lWRdd/SyW6L72l/7lJK7INallOHItktjml:y1lWhvWmu/7TK7INallrcY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 23cdaeb1b3a1c851_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Sep 14 16:17:36 2021, mtime=Tue Sep 14 16:17:36 2021, atime=Tue Sep 14 16:17:36 2021, length=423424, window=hide |
| MD5 | afbe23916beddb62eb199795eb96367f |
| SHA1 | 3c925b377262d68cf9dfc2657aab83eb5ca53e2d |
| SHA256 | 23cdaeb1b3a1c851d458b03103da4971a6fffecfe83200b9dcfea7d1ceeb002f |
| CRC32 | BE07BD86 |
| ssdeep | 12:8MLMggXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTyk9WoildJkizCCOLAHSuTQiilx:8MLvyuvqVRdxzIoFSNzNYuTuCLPyeSR |
| Yara |
|
| VirusTotal | Search for analysis |