| Name | e545d395bb3fd971_~wrs{a97a9dea-c9fc-4ca1-9c35-7b6aae595e25}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A97A9DEA-C9FC-4CA1-9C35-7B6AAE595E25}.tmp |
| Size | 2.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5dfd38c9a84532be_~wrs{7145f2df-daf5-439a-88b3-0ea08fb8dea5}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7145F2DF-DAF5-439A-88B3-0EA08FB8DEA5}.tmp |
| Size | 1.5KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 1dfcb583ef2101158eef11169713fe5f |
| SHA1 | 09344e18c17fd18284e77b37ba568c675ff01f35 |
| SHA256 | 5dfd38c9a84532bec35b04abf049e43716b93aca205e3c437e70cff852acf0b2 |
| CRC32 | EAEBCB40 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNZmElGwPxZlhRt3POD7jlF:fgFpUElClDK/CGePlIv54wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f9614b15c1d4679_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 120.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7455090d1d76ef1ab9c632c91be5c116 |
| SHA1 | 3426135fbf05ffed4ea64720bc915777c1faea81 |
| SHA256 | 0f9614b15c1d4679fc17aee32f11b06d9e72adc78013beea9318415f2fed6d44 |
| CRC32 | 6F214E83 |
| ssdeep | 3:bDuMJlwcXAlWCZUJK1nzCmxWqJHp6rp2mX1621nzCv:bCkAkgUJUnzK9sgnzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bd338b6d0bed22d7_46df5a4b.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46DF5A4B.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | bb7722a0184f576e9d9f1f42d260cb43 |
| SHA1 | 5679a52893aeb47774f47c9c3b352794bc6bee42 |
| SHA256 | bd338b6d0bed22d71d6232c4e20f610fc46a47721a9eeb2e57ad236b453462a8 |
| CRC32 | 5678CC33 |
| ssdeep | 48:OMDLvNfGYQ6dsdBg6qjpLkwOEG6kpYjdHkpaayN:bnVfT9MBFq9gVU5EfyN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{fc8d9638-1a70-4683-b356-013aefa6c245}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FC8D9638-1A70-4683-B356-013AEFA6C245}.tmp |
| Size | 1.0KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 32db342fb6238b6d_~$diplo.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$diplo.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 09c39bd4e981a6f63dca5dfefb1e8148 |
| SHA1 | 377cb54cd682d95ff4a67dae82da8b2865a84234 |
| SHA256 | 32db342fb6238b6d6da99bbabb730c2750a182e0e0b6acde212634c662f92c1c |
| CRC32 | 72E28BE1 |
| ssdeep | 3:yW2lWRdYuvW6L78dK7hHkFItD8F/C4X:y1lW8uvWmsK7FkWO64X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4c6e6e5820db44cd_diplo.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\diplo.doc.LNK |
| Size | 1.2KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Sep 23 17:58:03 2021, mtime=Thu Sep 23 17:58:03 2021, atime=Thu Sep 23 17:58:03 2021, length=172544, window=hide |
| MD5 | 06f7f4ca503a70ac8540d83505f72b2e |
| SHA1 | 12589e3ec21dde9746fa1e0a5bd1b289ca6d45eb |
| SHA256 | 4c6e6e5820db44cdfa09943979eedded82a206b6256452afa167edb74f502f1d |
| CRC32 | F6F3C5B1 |
| ssdeep | 24:8RYhvyuvqVRdxzIo5ERyPezNYuTKqDCLPyeSR:8ivy4KXqEPepYuTKHyx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e5935c353f808b74_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | 027553675501029b158515ac2459a15d |
| SHA1 | 63e511262feaa93105ccfaf60ed19a6d50aca309 |
| SHA256 | e5935c353f808b74cdc3e7e56602fd903c770f00ff7a7e993d751016bfb073d2 |
| CRC32 | 62149B98 |
| ssdeep | 3:yW2lWRdYuvW6L78dK7hHkFItD8F/C+ll:y1lW8uvWmsK7FkWO6al |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ef10b60ebe0d8db3_68a477d0.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\68A477D0.emf |
| Size | 4.9KB |
| Processes | 1940 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 710e4d91678c5ae9dbf0aed585dc0554 |
| SHA1 | a1b682a2c5ee2b8ceed8a84f5943a2981abcbb01 |
| SHA256 | ef10b60ebe0d8db31064509384853b941f833c7c94816e55a62e98f72567f54b |
| CRC32 | F17482A5 |
| ssdeep | 96:QzOhv2+tgPk7mS+Dan9MYpnY9GumWB6VR237gO4xwgnamn:QzOhe+tH7ADa9MsnYoMB6VR2Lwugnh |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 51d32e6cf6d974e8_~$23_1108167054640.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$23_1108167054640.doc |
| Size | 162.0B |
| Processes | 1940 (WINWORD.EXE) |
| Type | data |
| MD5 | cf742a8d628227081abfd5303744770c |
| SHA1 | 4756f5131d9dec4defa03809f48af819d047dd87 |
| SHA256 | 51d32e6cf6d974e878b8ca4cd969d83f6e749470f2caad1ddacb58860aa4ca7e |
| CRC32 | 43E986F5 |
| ssdeep | 3:yW2lWRdYuvW6L78dK7hHkFItD8F/SmW/:y1lW8uvWmsK7FkWOqh |
| Yara | None matched |
| VirusTotal | Search for analysis |