| Name | 1d9819048aff36c5_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1680 (WINWORD.EXE) |
| Type | data |
| MD5 | 889e030ff972133903d5a80ad3a055b4 |
| SHA1 | 1314519ec85d9f7e6d737f86303f9aebe7ec74f9 |
| SHA256 | 1d9819048aff36c57b24490c098e578046a08d362c1e69df1ea15416cc683bc7 |
| CRC32 | 7B8E9196 |
| ssdeep | 3:yW2lWRdtR3/W6L7oplllvXK7YCRzgFItJcfprl:y1lWxx/Wm8R1XK7YC1gWWfll |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 69f1dffeff03b283_~$crosoftdecidedtoupdateentirethingsonthepctodeletehistorycachecookieverythingfromthepc.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$crosoftdecidedtoupdateentirethingsonthepctodeletehistorycachecookieverythingfromthepc.Doc |
| Size | 162.0B |
| Processes | 1680 (WINWORD.EXE) |
| Type | data |
| MD5 | 743dbe0ed94dafe48b1d635529f88a38 |
| SHA1 | 079de4da93da2f2eaeb72376d9b580ebf7b90b21 |
| SHA256 | 69f1dffeff03b283616c9a9fe1c71774451852755341fd3d0f828e3762937920 |
| CRC32 | E7B00509 |
| ssdeep | 3:yW2lWRdtR3/W6L7oplllvXK7YCRzgFItJcfeXFltn:y1lWxx/Wm8R1XK7YC1gWWfel |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{be4ca11a-8279-41d0-b946-07cb50716005}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BE4CA11A-8279-41D0-B946-07CB50716005}.tmp |
| Size | 1.0KB |
| Processes | 1680 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9cfa5529015edfef_~wrs{c4e2f51f-da36-49fc-b9d5-108ccc5c54a4}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C4E2F51F-DA36-49FC-B9D5-108CCC5C54A4}.tmp |
| Size | 15.5KB |
| Processes | 1680 (WINWORD.EXE) |
| Type | data |
| MD5 | 349be3bf4c119da67179af87f08b6994 |
| SHA1 | b37cd45705a3aa47eac6d197e944a41106196795 |
| SHA256 | 9cfa5529015edfef139d4a1f5c354b285f9aa18a0a61e8ba5328a57f5ecbe3b9 |
| CRC32 | 6A93A8B9 |
| ssdeep | 384:GR7Q/lJ4ulhdmrkpMYf/RwuwZqoE6bBwW/PMaC4rZ:e7Q/lfCIN/GRqmbBTPMalZ |
| Yara | None matched |
| VirusTotal | Search for analysis |