| File Path | Type and Hashes |
|---|---|
|
C:\Users\user\AppData\Local\Temp\11fa3ac12d53d73f552d949a04ad3ab4f00cc0e1 |
Type : Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Dec 15 12:07:00 2019, Last Saved Time/Date: Mon Dec 16 05:40:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Security: 0 MD5 : 7f06fe0374ee77ebcac1adcbd584ba68 SHA-1 : 11fa3ac12d53d73f552d949a04ad3ab4f00cc0e1 SHA-256 : 73057aa6ab03fc75be12ee33592348bf187ba086aa9a18d6eb7b26b9eb378daf SHA-512 : 82c1631443e6b6d706a4f5de7297207ea5ff538ede30e5b8a37b283529505a49c19335d3ab789d714232d5183c0410830ea6026e9cf9543c02565a8be2d05068 Size : 103.936 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Office\VB12.pip |
Type : data MD5 : 7979c5c3fd69d94988076d47b7dce4e9 SHA-1 : 598cce51c83ac5558daef1349b7cd0438d333336 SHA-256 : ee089995478107bfe464aeecbccc34662bb53fa5c9e4801235fe9774cd9810c7 SHA-512 : fbd69dca37216ef16ac731160a4b3f82f06197a853c34eec589f2a8cc3ed1bb4ebd9b501b56014af13496468aa4e5c8a8d16fb04e61eb0067f7748bdd0efe5a6 Size : 0.144 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm |
Type : Microsoft Word 2007+ MD5 : 2dc5aa70cd867260f95e83835d98e346 SHA-1 : f6bdec581d916111b444d292991252097e542f3f SHA-256 : 0365447c742e87d6d138f4a6d54d84b767988dd461716000818d9e00804f891a SHA-512 : 5d9b198ce23aed2e41b9253168417cad18c453577b9e9d360580dc9f2597ec6c0098f67ccf320a09961f44c417451215067e0aa19b4851823f96c5dc4ac65641 Size : 15.366 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{696B216C-6D40-41B7-A719-0E2A13DB84E7}.tmp |
Type : FoxPro FPT, blocks size 0, next free block index 218103808, 1st used item "\375" MD5 : 5d4d94ee7e06bbb0af9584119797b23a SHA-1 : dbb111419c704f116efa8e72471dd83e86e49677 SHA-256 : 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 SHA-512 : 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4 Size : 1.024 Kilobytes. |
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Word12.pip |
Type : data MD5 : 22c098e39258b1e81d362e9bf3656c95 SHA-1 : 3fd8a9f0b8c3a394bb1885115bea1af04cb19497 SHA-256 : 96268b33f4feaf985ab8713fb4f0524884e0009c69a0a6ae01d3ede51f1e231a SHA-512 : 834d00252a17c2c5fd746148fcde23ff794f809d88487aa7e04782b43efb4ff4edee07875072840e46eca9457edd395d2f08302c10341d3be242178130a5f051 Size : 1.684 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\~DF6742BAA80FD74FAA.TMP |
Type : Composite Document File V2 Document, No summary info MD5 : 72f5c05b7ea8dd6059bf59f50b22df33 SHA-1 : d5af52e129e15e3a34772806f6c5fbf132e7408e SHA-256 : 1dc0c8d7304c177ad0e74d3d2f1002eb773f4b180685a7df6bbe75ccc24b0164 SHA-512 : 6ff1e2e6b99bd0a4ed7ca8a9e943551bcd73a0befcace6f1b1106e88595c0846c9bb76ca99a33266ffec2440cf6a440090f803abbf28b208a6c7bc6310beb39e Size : 1.536 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\~$fa3ac12d53d73f552d949a04ad3ab4f00cc0e1 C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
Type : data MD5 : d65daaa6e2f60692cc9edb55e7c5fb81 SHA-1 : 57067e4d495f6ce37d9a1a119746f2e0f2f6e171 SHA-256 : 5b46371c4ecc6617fc6fed8a39ad5105918ee2823a1c02d3f5944ee5c8c878d9 SHA-512 : 84ebf89f6ac1b009403186c95ac4c0e92cf37d56cf1992cc41af8385d8f2a56d3cbbe91c0f93a937993a7e5040cf655abc348cc50f928ef8a2c321033da202ab Size : 0.162 Kilobytes. |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{DD0D8F4D-ABCA-40BA-B4C7-D89B2A61AF2E}.tmp |
Type : Composite Document File V2 Document, No summary info MD5 : 69ebf3097890dbe97443c51b82cd32b5 SHA-1 : b292944b124a638be18ff0caf30897aebe01c80d SHA-256 : f23e7f21f1596afb33fd5c83f8019828a965d4444a2dfd6f69ef964c6f82b39b SHA-512 : 1e8bab1b1a5255fc24a1dc2ed571bbf2e622d93e6c7f06ea51c81d970d6b7b972126d0e7c6c927bac33af2c08bdb8fa22cd6089d2477d6baced46ae4727538af Size : 80.384 Kilobytes. |
|
C:\Users\user\AppData\Local\Temp\18033734.od |
Type : ASCII text, with CRLF line terminators MD5 : 0676f96fd5bdd1d4dbc2bfae982f75d5 SHA-1 : 9b04a75768f0153479ccba5e9512320d0a709fc9 SHA-256 : 5b7b63dc1d737e8a0a862db21f1828beb56a9e81d61860b68dd1a3228e579ed5 SHA-512 : 77dddde6a93ab66ad78f842d3a284cae82c238cf20a9e92e1c9b4189927f732d99ad466fd588fa804630489b56c77827abf33aaf40d2f21561fc25e566997fa6 Size : 0.134 Kilobytes. |
| Match Rules |
|---|
| File Name: | rt6.doc |
| File Type: | Composite Document File V2 Document, Can't read SAT |
| SHA1: | 11fa3ac12d53d73f552d949a04ad3ab4f00cc0e1 |
| MD5: | 7f06fe0374ee77ebcac1adcbd584ba68 |
| First Seen Date: | 2019-12-19 22:02:57.745052 ( ) |
| Number of Clients Seen: | 4 |
| Last Analysis Date: | 2019-12-19 22:02:57.745052 ( ) |
| Human Expert Analysis Result: | No human expert analysis verdict given to this sample yet. |
| Property | Value |
|---|---|
| magic literal enum | 43 |
| file type enum | 16 |
| file size | 103936 |
| sha256 | 73057aa6ab03fc75be12ee33592348bf187ba086aa9a18d6eb7b26b9eb378daf |
| mime type | application/CDFV2-unknown |