| Name | 786f8913debcd97c_~wrs{8bba7815-ab71-44be-83a7-36b39cd39edf}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8BBA7815-AB71-44BE-83A7-36B39CD39EDF}.tmp |
| Size | 1.5KB |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 6b8295e8163f4dde2ce741191b5b3dc4 |
| SHA1 | e4a20b01603b1ef402ed1280c4894cd7464f9766 |
| SHA256 | 786f8913debcd97c9404ffd46175a2d7840d2cc29b6fd2c3ba6adb9d678eb96b |
| CRC32 | 5E9EBC26 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNBq6NBllE/wPxZlhRt3POT:fgFpUElClDK/CGePlI/qas/wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f2b91a926edc0c45_zoro.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\zoro.doc.LNK |
| Size | 1.2KB |
| Processes | 2332 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Nov 23 18:21:14 2021, mtime=Tue Nov 23 18:21:14 2021, atime=Tue Nov 23 18:21:14 2021, length=291840, window=hide |
| MD5 | 3fcd2bf897993d902ba84632bd97b73a |
| SHA1 | 55f989d0c1b83988cecbaaa0ffe2d2d1992b0131 |
| SHA256 | f2b91a926edc0c45bc435ee0d6d92d8e256ff9873530f36090ba1a194dbb45ab |
| CRC32 | 554894BF |
| ssdeep | 24:8BX+1vyuvqVRdxzIoK2hvuKzNYuTGTCLPyBww:8Y1vy4KXKYpYuTG0yBww |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 22cb1cd8c46465ed_9513436a.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9513436A.emf |
| Size | 4.9KB |
| Processes | 2332 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ffb63dc6ca8cb27f9d6a0141da1482c8 |
| SHA1 | 1e5b332cefb686a169e1198cbc3c2a95e6e6692b |
| SHA256 | 22cb1cd8c46465ed697881645d7fbad3ad5b4b460b1f89d905f9c128d7f9f5b8 |
| CRC32 | F7B48E5D |
| ssdeep | 48:F63hNdSEysbmsdBg6qjpLkwOEG6kpnydHk5az:6TdSEysLBFq9gV+EU |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e94effbd667e243c_~$23_4206263640.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$23_4206263640.doc |
| Size | 162.0B |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 35d56bf1e612bc2006dadb936295c09e |
| SHA1 | 619b273fca42cb3b630114ba8a438a7241919708 |
| SHA256 | e94effbd667e243cf7cb3fb23eaaa8e731dacf1166875154d9f6cb46fd51a3c0 |
| CRC32 | 9EFBCE74 |
| ssdeep | 3:yW2lWRdQloW6L7mjTK7CiEHItYVlK9Klln:y1lWUloWmWK7CP4YVQwl |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7b6d5b2db971304_~$zoro.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$zoro.doc |
| Size | 162.0B |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 70b60a2f0b8f2633706ddb3e99e35529 |
| SHA1 | e717fa37bcdee26360afd9cf079f25aaa24060ee |
| SHA256 | b7b6d5b2db9713041a0214f0b2e11f729d0d7a91a8dd5e36da474f1f61dc5772 |
| CRC32 | DDF33F86 |
| ssdeep | 3:yW2lWRdQloW6L7mjTK7CiEHItYVlK9S//n:y1lWUloWmWK7CP4YVQg |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 986161dcdb4c9f3c_80def7cd.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\80DEF7CD.emf |
| Size | 4.9KB |
| Processes | 2332 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 88af49e428980454f268003bd987ce4b |
| SHA1 | 26d31759a93894f5665581ec9ded5bbb0a1967de |
| SHA256 | 986161dcdb4c9f3ca867b6627395359b822c973c56d299dec658577e85912fd3 |
| CRC32 | 816A1C35 |
| ssdeep | 48:XQNdSEysssdBg6qjpLkwOEG6kpnydHk1a/Z:gdSEysBBFq9gV+Eu |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b6284e7116c8609e_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2332 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 0bb3c49fb8a3f4306022a64f30ca8a28 |
| SHA1 | 528b7463905e34156cc478af0efec1710427a8fc |
| SHA256 | b6284e7116c8609ef428f6e1e9ff2e6f118d3f377a50b93bb7e03744527e6274 |
| CRC32 | 17D29944 |
| ssdeep | 3:bDuMJlwcXAlWCHJddzCmxWqJHp6rp2mX1z1ddzCv:bCkAk+lzK9Hzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{e1bf9f08-68fc-4f68-a6b4-6e07e0c92f8c}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E1BF9F08-68FC-4F68-A6B4-6E07E0C92F8C}.tmp |
| Size | 2.0B |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{a5ac01e8-6f14-4ef0-bcdc-4c5525345816}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A5AC01E8-6F14-4EF0-BCDC-4C5525345816}.tmp |
| Size | 1.0KB |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 25b8924c44e2ce9f_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2332 (WINWORD.EXE) |
| Type | data |
| MD5 | 2a2788bd5b2fc3b4002ec8e6c1ca2e2c |
| SHA1 | 4a24fcf3a273516b6152d044e0ad6157d752dfc1 |
| SHA256 | 25b8924c44e2ce9f0f181b16e4db34ad0cd77f218ef76b46e0f55324e9a4fd23 |
| CRC32 | 73603330 |
| ssdeep | 3:yW2lWRdQloW6L7mjTK7CiEHItYVlK92Xn:y1lWUloWmWK7CP4YVQ8 |
| Yara | None matched |
| VirusTotal | Search for analysis |