| Name | b7c95a3a82a389ad_b1e378cc.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B1E378CC.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 9b08e1d906a65ec3fa800e7e9d69606f |
| SHA1 | 767e0ae27c2d6aff2f527ccca9604db47210c2e2 |
| SHA256 | b7c95a3a82a389ad54c777bc650ef8a9b36855570a15d26e3c2616bebb93318d |
| CRC32 | 820C5393 |
| ssdeep | 48:FXNyrpqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3IA2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8969a0d98ae71e7d_~$15_2121773768090.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$15_2121773768090.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | f07fbc651f47bd84a6a35b6936d74e1f |
| SHA1 | 0441dcf2434c757feb62a1156181745e46a9b8bd |
| SHA256 | 8969a0d98ae71e7d0a4874abbecafc527d4323fda3d1492a557fd140f4630f24 |
| CRC32 | 6F2FDAB3 |
| ssdeep | 3:yW2lWRdHlvW6L78llvK7lbMFItG/0Vtzt:y1lWpWmgdK7pMW2e |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e135d468ede5d169_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 15 15:34:53 2021, mtime=Wed Sep 15 15:34:53 2021, atime=Wed Sep 15 15:34:53 2021, length=176128, window=hide |
| MD5 | adb3a235d27e030b5591690bea037df1 |
| SHA1 | 9502c77e52c6d319cbe29b05cca1f3abd4f0e9ef |
| SHA256 | e135d468ede5d169f62b03012babbe01a7d67ba59b4d0bc31352dd313631c3b1 |
| CRC32 | 68479A00 |
| ssdeep | 12:8bggXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTyEF9MSiljWTmizCCOLAHSuTQiilx:8cvyuvqVRdxzIoLM4T1zNYuTuCLPyeSR |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{6ce02aa2-d5e2-4632-92d5-8984ace2df4a}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6CE02AA2-D5E2-4632-92D5-8984ACE2DF4A}.tmp |
| Size | 2.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{fcc23f7b-a81a-4ccb-b931-46e082ab59fe}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FCC23F7B-A81A-4CCB-B931-46E082AB59FE}.tmp |
| Size | 1.0KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 807ce1dc4a86c48c_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | cdc1024bcfe4c63ab8122d121dc9d910 |
| SHA1 | b7b2b9174a65ccee3a080e93d5bf79c05863487a |
| SHA256 | 807ce1dc4a86c48cf94ce0b10ce429e89fb9d78c1891dc627f9504fb5fb6cf97 |
| CRC32 | 7AD8D8C9 |
| ssdeep | 3:yW2lWRdHlvW6L78llvK7lbMFItG/0lyl/:y1lWpWmgdK7pMW27 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e92bb5542a54f75_769a6a5d.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\769A6A5D.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 57b7fa377fa791a71c8f0006eff3187c |
| SHA1 | 52fbd373552ab3c037f92065c4f31ed3de72da48 |
| SHA256 | 2e92bb5542a54f75a9384c5fb3ced31aee4989e5fa06a158ec604e1a6cd159e9 |
| CRC32 | F03C5968 |
| ssdeep | 48:k6ANCcGc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kb+ccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fa880afc86198b22_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 4c423b1c2a2cce3892b31de736f93261 |
| SHA1 | 3e89410af9546879c0da2d8493afd98e70ba5e98 |
| SHA256 | fa880afc86198b22189000cf4a7bfc9bbdb6d161f37b7da11ca1e27494a1314d |
| CRC32 | 4710DA29 |
| ssdeep | 3:yW2lWRdHlvW6L78llvK7lbMFItG/0NLW/:y1lWpWmgdK7pMW2P/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4f7709bdcf279b88_~wrs{9e68fded-f8ba-47b8-866b-fe74778c5bf3}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9E68FDED-F8BA-47B8-866B-FE74778C5BF3}.tmp |
| Size | 1.5KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 9f6e25571f661e0debb6810b3fe79c7d |
| SHA1 | d51ce9b608683b3babe58831a91b573d0987fd91 |
| SHA256 | 4f7709bdcf279b888b2753dfab2f9f232701bdd52b86f631f9754b9fe511d4dd |
| CRC32 | 34027967 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNOtkPNb94wPxZlhRt3PODX:fgFpUElClDK/CGePlIL94wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |