| Name | 4f7709bdcf279b88_~wrs{c6d3df08-d7b9-44f4-9fb5-7781c16dae0d}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C6D3DF08-D7B9-44F4-9FB5-7781C16DAE0D}.tmp |
| Size | 1.5KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 9f6e25571f661e0debb6810b3fe79c7d |
| SHA1 | d51ce9b608683b3babe58831a91b573d0987fd91 |
| SHA256 | 4f7709bdcf279b888b2753dfab2f9f232701bdd52b86f631f9754b9fe511d4dd |
| CRC32 | 34027967 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNOtkPNb94wPxZlhRt3PODX:fgFpUElClDK/CGePlIL94wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{7a323c3d-587c-4a41-836a-b4ba7fef34a5}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7A323C3D-587C-4A41-836A-B4BA7FEF34A5}.tmp |
| Size | 1.0KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2e5bd44c4ec6bd82_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 122.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 338499d1eb18d346bc1d0064924a466b |
| SHA1 | 0df7cfe50b7d0ac4d787debba081394c83f0588a |
| SHA256 | 2e5bd44c4ec6bd82a40ec9bd13dbeb80a3ade6502fffbd6a244138f19633192b |
| CRC32 | F4180D74 |
| ssdeep | 3:bDuMJlwcXAlWCP9XI1nzCmxWqJHp6rp2mX1FI1nzCv:bCkAk2CZzK9MZzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{c1d25890-24e4-49ad-a849-17d6aaf4357a}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1D25890-24E4-49AD-A849-17D6AAF4357A}.tmp |
| Size | 2.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7c95a3a82a389ad_972df395.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\972DF395.emf |
| Size | 4.9KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 9b08e1d906a65ec3fa800e7e9d69606f |
| SHA1 | 767e0ae27c2d6aff2f527ccca9604db47210c2e2 |
| SHA256 | b7c95a3a82a389ad54c777bc650ef8a9b36855570a15d26e3c2616bebb93318d |
| CRC32 | 820C5393 |
| ssdeep | 48:FXNyrpqrsdBg6qjpLkwOEG6kpYjdHkLWaKLLN:3IA2BFq9gVU5EL6N |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 578b2f6970f76192_~$15_2365641049347.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$15_2365641049347.doc |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 1e0e3ffd28dcb401849534c76e62c915 |
| SHA1 | c1441669eea319a50e6866ed85fb878ed7f46fc5 |
| SHA256 | 578b2f6970f7619225cd7a99186c17930b9268f65ac5d73476b51507fb3aeeba |
| CRC32 | 08D1D76A |
| ssdeep | 3:yW2lWRdnl/dW6L71cK7QSgFItn+P//:y1lW7XWmuK7QpWkX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e47f36353faef319_reform.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\reform.doc.LNK |
| Size | 1.2KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 15 15:39:14 2021, mtime=Wed Sep 15 15:39:14 2021, atime=Wed Sep 15 15:39:14 2021, length=176128, window=hide |
| MD5 | fe8b1dad0cb6fa7424193dc8e67d5c60 |
| SHA1 | 03eec78d8b848e0cefc7f8a54e73138be81cef02 |
| SHA256 | e47f36353faef319632af12af50fe15fca3f2eaa4913054180141c7640202ef0 |
| CRC32 | B1DCBD5E |
| ssdeep | 12:87KVyP8yggXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTy69ASil57AizCCOLAHSuTq:8pevyuvqVRdxzIonAffzNYuTuCLPyeSR |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2e92bb5542a54f75_c5efbc92.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C5EFBC92.emf |
| Size | 4.9KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 57b7fa377fa791a71c8f0006eff3187c |
| SHA1 | 52fbd373552ab3c037f92065c4f31ed3de72da48 |
| SHA256 | 2e92bb5542a54f75a9384c5fb3ced31aee4989e5fa06a158ec604e1a6cd159e9 |
| CRC32 | F03C5968 |
| ssdeep | 48:k6ANCcGc7ngzi+fUzhtsaSVZNzB1sIS8sNIT0kjaNhN:kb+ccxfUzhSjVCN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d8eca57b4e10d40a_~$reform.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$reform.doc |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 07fcd744970377659da47228fc87c10f |
| SHA1 | 2fd3aa72d7f03579bdaea9190758b69e73c4abab |
| SHA256 | d8eca57b4e10d40a7e6f469777f3645c466b83b8eb646eb38e47ca981e57ecce |
| CRC32 | 6A426B7B |
| ssdeep | 3:yW2lWRdnl/dW6L71cK7QSgFItn+Zl:y1lW7XWmuK7QpW4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d2f14b663bce2da9_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | bb77f4efbebab6a0aae4bfe1d5c61401 |
| SHA1 | eef020cf0f931d45cfcadefc364ac5f2c73aa57e |
| SHA256 | d2f14b663bce2da9f613eecf60460475f1e1eeb4a90aa9fb99ce65be0d32fd74 |
| CRC32 | 2DFC50D8 |
| ssdeep | 3:yW2lWRdnl/dW6L71cK7QSgFItn+dl/n:y1lW7XWmuK7QpWQ |
| Yara | None matched |
| VirusTotal | Search for analysis |