| Name | fc816f24645309db_ad5b63ab.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AD5B63AB.emf |
| Size | 4.9KB |
| Processes | 2248 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 4a700e862f09f479770116a6b68a2b54 |
| SHA1 | 2b7c54aaa5733decddc318b25be68c958da083c1 |
| SHA256 | fc816f24645309dbe5db245a3d4b7af651cd175ac4c9b97b6d781e884db254ee |
| CRC32 | C508BF55 |
| ssdeep | 96:Qbl3aPk7mS+Dan9MYpnY9GumWB6VR237gO4xwgnamn:QbL7ADa9MsnYoMB6VR2Lwugnh |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b33d66c9dc1fce97_b25621d2.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B25621D2.emf |
| Size | 4.9KB |
| Processes | 2248 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 039600ea9469a239a7bc7aceaedc8180 |
| SHA1 | e7a39c9d7ad6788ebcc9887dcdcae7ef4e1979b7 |
| SHA256 | b33d66c9dc1fce97faa9443883a5321cb7f26ccb3925ef566a4d923dc73c2895 |
| CRC32 | 8E69E82B |
| ssdeep | 48:OMDLvNovJdsdBg6qjpLkwOEG6kpYjdHkpaatZN:bnVovJMBFq9gVU5EftZN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f9614b15c1d4679_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 120.0B |
| Processes | 2248 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7455090d1d76ef1ab9c632c91be5c116 |
| SHA1 | 3426135fbf05ffed4ea64720bc915777c1faea81 |
| SHA256 | 0f9614b15c1d4679fc17aee32f11b06d9e72adc78013beea9318415f2fed6d44 |
| CRC32 | 6F214E83 |
| ssdeep | 3:bDuMJlwcXAlWCZUJK1nzCmxWqJHp6rp2mX1621nzCv:bCkAkgUJUnzK9sgnzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1a11113963443404_~$22_1191338386338.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$22_1191338386338.doc |
| Size | 162.0B |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | dbeb316c9af318c54f6ab17f95108f68 |
| SHA1 | 38daeb2c330fae7c9462bbbbf9487fae7694603d |
| SHA256 | 1a11113963443404e31cdcba15f682249a9e31e01483f4aa4df9280347f0ffcf |
| CRC32 | B1CD40C9 |
| ssdeep | 3:yW2lWRdAr/vW6L7JhJK7QKItR6Qm//:y1lWkWmtvK7Q5R6zX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2740739a1c0f6465_~$diplo.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$diplo.doc |
| Size | 162.0B |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | 4037bda49a0656976b8d381817ea2ae2 |
| SHA1 | 5d25d4d4f4cc4885ce66d2c2c56b7c6b6525b771 |
| SHA256 | 2740739a1c0f64658cb996c1d9a9c1fb4bc2b3a22e9ec1f0590c4df5a4a8869f |
| CRC32 | 53497364 |
| ssdeep | 3:yW2lWRdAr/vW6L7JhJK7QKItR6dyhltn:y1lWkWmtvK7Q5R6dyltn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{132ef50d-d599-43b4-91b9-345e3b4681d5}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{132EF50D-D599-43B4-91B9-345E3B4681D5}.tmp |
| Size | 1.0KB |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eab6711c2decb560_~wrs{e6df981e-55c2-40ef-ad7f-3f567cbd7be9}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E6DF981E-55C2-40EF-AD7F-3F567CBD7BE9}.tmp |
| Size | 1.5KB |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | 9a0bbed9953ac73cd38c89654657eecb |
| SHA1 | ba605e7cf11a8e34108bcf3d18bc0212b4c7b5a5 |
| SHA256 | eab6711c2decb560709e07f1ab45ab51669636a76eb3e06c8b94403710120a5f |
| CRC32 | 7BF12BBA |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNBmUE/wPxZlhRt3POD7jlF:fgFpUElClDK/CGePlIX8/wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ed98257ad1c3efbe_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | b4cd4f84662484ee94755d409780f06c |
| SHA1 | dbdd0e374d051bcce508ea2539e18d56269742d2 |
| SHA256 | ed98257ad1c3efbe67691a5f2f431e855583bb9ae560108e5b6c6cf3772a0440 |
| CRC32 | 2CCBDDA4 |
| ssdeep | 3:yW2lWRdAr/vW6L7JhJK7QKItR6Fo/ll:y1lWkWmtvK7Q5R6Fotl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{a1dfe829-e357-4159-a9e8-5971e16e7077}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A1DFE829-E357-4159-A9E8-5971E16E7077}.tmp |
| Size | 2.0B |
| Processes | 2248 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 028a215c7cb6be3e_diplo.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\diplo.doc.LNK |
| Size | 1.2KB |
| Processes | 2248 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 22 23:20:18 2021, mtime=Wed Sep 22 23:20:18 2021, atime=Wed Sep 22 23:20:18 2021, length=160256, window=hide |
| MD5 | 009f87d9be021d543f9bc49928dc4608 |
| SHA1 | 05c37b33b20c841e698becc96c5cfd7eb12c2387 |
| SHA256 | 028a215c7cb6be3e39509ee2281f3bf29e3cfc8899ddb1c51bbfbb46e44fb7ba |
| CRC32 | A897206D |
| ssdeep | 24:8TRhvyuvqVRdxzIoMZB/fhzNYuTKqDCLPyeSR:8Tvy4KXMrfhpYuTKHyx |
| Yara |
|
| VirusTotal | Search for analysis |