| Name | a9220271c0eb79e5_d93f411851d7c929.customdestinations-ms |
|---|---|
| Filepath | c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms |
| Size | 7.8KB |
| Processes | 2088 (powershell.exe) |
| Type | data |
| MD5 | b0c9ff441742f3847ea27da9dee7f2cd |
| SHA1 | c42a1eb32ba953a0ce5d8635caabf71b5b281495 |
| SHA256 | a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4 |
| CRC32 | 0BBCAB1A |
| ssdeep | 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b92148078916fb95_ed0899d4.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED0899D4.dat |
| Size | 608.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 86 x 65536 x 0 +2 "\004" |
| MD5 | bc7861feda4914c307a3af1dfb0e7d14 |
| SHA1 | 54056c3c5faadcaf99231d4197f44316cb850f78 |
| SHA256 | b92148078916fb9551e4aee699ddfbf6e33dd0a4f8a5bcb1a5f0fa5943cc856e |
| CRC32 | 8377B572 |
| ssdeep | 12:MVvp0HIQXhPnG6qljzgP1gPCQtoh/wqAunTUAlZxV8Ytl:a0NXwHfSQC/wQnwI/6Il |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 51b56efc033634a9_446f2302.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\446F2302.dat |
| Size | 156.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 9 x 65536 x 0 +1 "\004" |
| MD5 | 2f1a7d74e7937a09a1cc1b8863228c7e |
| SHA1 | b94a8d1ca7dfa8e70a56250ee8dd3ef9bee2fd7a |
| SHA256 | 51b56efc033634a91c7d11486ab9deb62af74c8aaa2b3d8395e0c10ec24695d9 |
| CRC32 | 26ADE88B |
| ssdeep | 3:VmxllsMl6ktK0Xg/lJllltlGklC53lBlilog/l6lkXDol7KkAllll:MxlaLkK0XgtJ8sKSogtOkXM7Kztl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 89b0233e11b39498_51047dac.wmf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\51047DAC.wmf |
| Size | 3.4KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 167 x 65536 x 0 +6 "\004" |
| MD5 | cebb0c6f32e103df29a8529ef0c411fb |
| SHA1 | d2add49a4dd61ea4bad94fc5429f9e60a18cb363 |
| SHA256 | 89b0233e11b39498e1edfbb43a1ce43ccc06b2b96a3dcff9ad3d4f434f844390 |
| CRC32 | C51E4749 |
| ssdeep | 96:TqV8WqpSgVdDjPUg9ngWQcM9MygJp2H5Ex9fqDG90Z9999999N9999999o992:Z0Sgg6WUtgL/ADF |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{2602b9b0-c690-4cc2-981a-f5a6f2652672}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2602B9B0-C690-4CC2-981A-F5A6F2652672}.tmp |
| Size | 1.0KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8313832c3ae2c8e9_~wrs{24078c0d-5eb4-4c4f-a04c-18e62a0d1db7}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{24078C0D-5EB4-4C4F-A04C-18E62A0D1DB7}.tmp |
| Size | 1.5KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | dBase III DBT, version number 0, next free block index 524301 |
| MD5 | c8e9592bb5fd5dd9e40124cb1207e503 |
| SHA1 | b1a0d225fe32b34994f9b840aea96cdd6745d88c |
| SHA256 | 8313832c3ae2c8e92abde15d6a7640e53e8262e8333c95598285a03d92dd952d |
| CRC32 | D5631E92 |
| ssdeep | 3:9lo3llNlell//q/nlWtyj/ysTQtFl3lldHHC07IkmleIlll8vqYdXhRt3P5c4YH/:HoVMlnG/n0IvkQeI/uvqg5c4xo |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cb3e15983f0d5fa7_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 7cafa74a8e6bc5a1a14bf389e6facd79 |
| SHA1 | efa3f237972217540922e4206a04017e91c34a8b |
| SHA256 | cb3e15983f0d5fa77a6371f1ca1cae1394a15bfb3dc070945077212c4777dd67 |
| CRC32 | 37A1F9B9 |
| ssdeep | 3:yW2lWRdiBt/W6L7VSQ1ZJK7VgbuItDf5hX:y1lWGb/WmLXK7SVDf5x |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dacb4a9f874f76a3_2cc9931b.wmf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2CC9931B.wmf |
| Size | 155.0KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 10385 x 1 x 0 +1 +2 "\004" |
| MD5 | 1f88fa8cd70869098236e98f6f860caa |
| SHA1 | 0d2ea89e6ef4af58d1a5e0e6ecf94b1b94b9929f |
| SHA256 | dacb4a9f874f76a399da65e1bcc7591545f701c1a757e5871788d1c37df4ab18 |
| CRC32 | 25386C6D |
| ssdeep | 1536:MRMYn4R9u36PQaZVk98LWx2qh3aMV5EskTabVac1ihDmfsvNwo7MpOML5sUMtAf/:43RsGTR |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 63cdaca7851509a7_f47c3a60.wmf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F47C3A60.wmf |
| Size | 608.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 86 x 65536 x 0 +2 "\004" |
| MD5 | 802d159fd7a92de619b5f635575a799d |
| SHA1 | 097f86872a035eb560fc1b183cf9687df07e6318 |
| SHA256 | 63cdaca7851509a7cd2598bfa2a48eab69d62b1838082cde2a163b7af6ecb788 |
| CRC32 | 87249938 |
| ssdeep | 12:MVvp0HIQXhPnGshTjzgP1gPCQtoh/wqAunTUAlZxV8Ytl:a0NXwmTfSQC/wQnwI/6Il |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | df555cd9509e9e00_msforms.exd |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\Word8.0\MSForms.exd |
| Size | 162.8KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 0e8fd8948b7fc827502a715c044f2e05 |
| SHA1 | ddb04a0d7dced12ba5f7c422095c24749cc0928f |
| SHA256 | df555cd9509e9e00b4e71361ed97ce3a676fe6408960e22be78cfdfa5d738aea |
| CRC32 | B0818BF9 |
| ssdeep | 1536:IQWulL6wNSc8SetKB4YuiMOqQ/WVMO+O9sOHK7K2xBmsqsDPza7vKp:I+ljNSc83tKBduiMnWOXTK7K1Kp |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0c8e5333cab43299_70166f6e.wmf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\70166F6E.wmf |
| Size | 2.3KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 35 x 65536 x 0 +6 "\004" |
| MD5 | b6eebfec7ca9140adf4340714affae26 |
| SHA1 | 1ccf4416fb76d236f9968ea9ab4f7d0af4fdf6d4 |
| SHA256 | 0c8e5333cab4329931b4c113f8d0905e0e7006e25593022ab38b4634973a342b |
| CRC32 | DD86C75C |
| ssdeep | 48:Cn7s7Y1YnqxaBLfhgRkj0qXj9YhmjrIfmiwjL905QKMWkiTDCM97VW/jKghC:Uscwq6LpgRQ0qXj9YhmjrIfmiwP905Q8 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 497f6c316778d6e6_~$cket00073146.docm |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$cket00073146.docm |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 293b6cf2e1d2a5a706b1478ccf58f6c1 |
| SHA1 | b5823f96959f8372bd6398acac039c588bb59329 |
| SHA256 | 497f6c316778d6e6e2d365ad7620d8d3c34b7e961fd1153903b8f138ae233e3f |
| CRC32 | 571617DE |
| ssdeep | 3:yW2lWRdiBt/W6L7VSQ1ZJK7VgbuItDfNtl:y1lWGb/WmLXK7SVDfNtl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ddf4b6d3f26b75b8_83477c97.wmf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\83477C97.wmf |
| Size | 5.8KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 73 x 65536 x 0 +6 "\004" |
| MD5 | a99cf4a51a81d892ff532ff07320b534 |
| SHA1 | 541856a5407f2f4a49a26d0ede29c34f1d997398 |
| SHA256 | ddf4b6d3f26b75b8b3e18a77dd6b5242fa2f620540b8d2fa961d3cbd14c38f1e |
| CRC32 | B886DC74 |
| ssdeep | 96:JjdVNqcgebY0jSw+z9QZwNpYQ49NX90zW6Di69GVdeqJgpSJgfK99qW9ipp9JLsc:axE6YZgglTHruVi1YkWN4uL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 63ee3a95585dc49f_38905b56.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\38905B56.dat |
| Size | 155.0KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Targa image data - Map - RLE 10385 x 1 x 0 +1 +2 "\004" |
| MD5 | 60b8ca7a4172a10c7070c693d2cfe607 |
| SHA1 | 1241936635bd91f6c8831ff3521ec603a4b23e16 |
| SHA256 | 63ee3a95585dc49f99f670e56a10575be6931f1ceba59306e6fa9ca7a2ba646f |
| CRC32 | 602DF780 |
| ssdeep | 1536:MRMYn4R9u36PQaZVk98LWx2qh3aMV5EskTabVac1ihDmfsvNwo7MpOML5sUMtAfV:43RsGTf |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ea7a951dbd93d5ef_skfk.txt |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\skfk.txt |
| Size | 6.5KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | ae3e8679df2976d31da858fd7af67185 |
| SHA1 | 4c6c04af547b7df04e3bdb3f69e812a30b200016 |
| SHA256 | ea7a951dbd93d5ef6ca535820499da29753331e1e8a38c6fef9398a57a679ef0 |
| CRC32 | 9412010E |
| ssdeep | 96:ZhTcXV4FodXjo3xIcI6H7Ggo5ZLA7o6FCm+jyU4:zgV4FodXjo3+Z6bGBTk+jyD |
| Yara |
|
| VirusTotal | Search for analysis |