| Name | e545d395bb3fd971_~wrs{d5987543-b8c2-4db7-82de-a6c659fffd34}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D5987543-B8C2-4DB7-82DE-A6C659FFFD34}.tmp |
| Size | 2.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{f784d698-12b4-48ef-b30d-0c89e56c380b}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F784D698-12B4-48EF-B30D-0C89E56C380B}.tmp |
| Size | 1.0KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6662a1dcb1fc8d2c_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 95bbcfafb0e318303498e389fac4d60c |
| SHA1 | 6282881e7ae17eb2971d62c12c50b33993b87bdb |
| SHA256 | 6662a1dcb1fc8d2c2d295b04f150b887e4e83b7ec667ab0ad9f6837d16c20b1f |
| CRC32 | 7EC8944F |
| ssdeep | 3:yW2lWRdd4elvW6L7IK7JsFItGtD1:y1lWWelvWmsK7yWGtD1 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7c95a3a82a389ad_81bbd133.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\81BBD133.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 9b08e1d906a65ec3fa800e7e9d69606f |
| SHA1 | 767e0ae27c2d6aff2f527ccca9604db47210c2e2 |
| SHA256 | b7c95a3a82a389ad54c777bc650ef8a9b36855570a15d26e3c2616bebb93318d |
| CRC32 | 820C5393 |
| ssdeep | 48:FXNyrpqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3IA2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf6497974d2add4f_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 15 15:31:49 2021, mtime=Wed Sep 15 15:31:49 2021, atime=Wed Sep 15 15:31:49 2021, length=176128, window=hide |
| MD5 | 02fef565e4c5c4eead94407436b23a11 |
| SHA1 | cb084357df06ed5167ff769c687cde90b03527e2 |
| SHA256 | cf6497974d2add4f397e8cb2da895276de9828f57632fbdab28809ae6a9402de |
| CRC32 | 02A9077B |
| ssdeep | 24:8B5VlvyuvqVRdxzIo4U9aLzNYuTuCLPyeSR:8B5Vlvy4KX5aLpYuT3yx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4f7709bdcf279b88_~wrs{1431237d-310e-4a5d-b2bd-b4e00f93848f}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1431237D-310E-4A5D-B2BD-B4E00F93848F}.tmp |
| Size | 1.5KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 9f6e25571f661e0debb6810b3fe79c7d |
| SHA1 | d51ce9b608683b3babe58831a91b573d0987fd91 |
| SHA256 | 4f7709bdcf279b888b2753dfab2f9f232701bdd52b86f631f9754b9fe511d4dd |
| CRC32 | 34027967 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNOtkPNb94wPxZlhRt3PODX:fgFpUElClDK/CGePlIL94wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f42a5bdeda588d33_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | bbcb779bc5c95012c0ae0e4446881632 |
| SHA1 | 10a9c20bb40560cff61da064c3adc9395afc4e57 |
| SHA256 | f42a5bdeda588d33186fecc2324f9d9e56a3b9dd4207b01ff150eb6c9f5b975c |
| CRC32 | D42C01B4 |
| ssdeep | 3:yW2lWRdd4elvW6L7IK7JsFItGtDDJ/n:y1lWWelvWmsK7yWGtDDJ/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e92bb5542a54f75_d9def198.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D9DEF198.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 57b7fa377fa791a71c8f0006eff3187c |
| SHA1 | 52fbd373552ab3c037f92065c4f31ed3de72da48 |
| SHA256 | 2e92bb5542a54f75a9384c5fb3ced31aee4989e5fa06a158ec604e1a6cd159e9 |
| CRC32 | F03C5968 |
| ssdeep | 48:k6ANCcGc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kb+ccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e40899204abcdcdc_~$15_1865054706334.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$15_1865054706334.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | f2bbd5d9d9d29c82729ad96cef01c704 |
| SHA1 | 6647d96c20316c6609879f93f85fef774dc4a587 |
| SHA256 | e40899204abcdcdc28945a9ebd8e610ac8959113827c0ab72f4ce2cc570ef388 |
| CRC32 | E4443A02 |
| ssdeep | 3:yW2lWRdd4elvW6L7IK7JsFItGtDYgll:y1lWWelvWmsK7yWGtDPll |
| Yara | None matched |
| VirusTotal | Search for analysis |