| Name | b405cea6dfd14b9d_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 114.0B |
| Processes | 1488 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7ea6e5b42ce1a6a1bf384f6062ec884e |
| SHA1 | 95a653fe85117bb6d770b7358e3651f85f1d9548 |
| SHA256 | b405cea6dfd14b9d7fc970a2ebc4406d227a06621947ed734b2b3985d3f44a8b |
| CRC32 | 913A0AC0 |
| ssdeep | 3:bDuMJlwcXAlWCMU1d9CmxWqJHp6rp2mX1ZX9Cv:bCkAkG9K9j9s |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{b69cad8b-f91c-4249-9e7f-8aa7ce50ee8c}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B69CAD8B-F91C-4249-9E7F-8AA7CE50EE8C}.tmp |
| Size | 1.0KB |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7ca162581b980dfb_~wrs{b87b7320-1a1f-4f99-809e-58532db5daea}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B87B7320-1A1F-4F99-809E-58532DB5DAEA}.tmp |
| Size | 1.5KB |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | 96de2d2d313550b929562ce9489c7edf |
| SHA1 | a3ea8125ba4c66d80e009abc295c26d7256fcc2f |
| SHA256 | 7ca162581b980dfb673dff61288bd1e812155b8940c24f1bbaa6d56804c6dfa0 |
| CRC32 | 61B2ECC8 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzN4Nwm/wPxZlhRt3PO27NpNjn:CpUElClDK/8GePlcpm/wPxZfO0 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e97bb5ffaaf74fe5_qq.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\qq.doc.LNK |
| Size | 1.2KB |
| Processes | 1488 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 3 16:41:00 2021, mtime=Tue Aug 3 16:41:00 2021, atime=Tue Aug 3 16:41:00 2021, length=368640, window=hide |
| MD5 | dadd0fffa226aa4a3ecb7797a59064f2 |
| SHA1 | c9ff0a464e02b8c861a1e2efec7a92373995bf39 |
| SHA256 | e97bb5ffaaf74fe5d4ca966506ee063ebd0895312005f56f00035f52cd096974 |
| CRC32 | 61E5EC1A |
| ssdeep | 24:8j0vyuvqVRdxzgQhbqYlpqjzNYuTEJCLPyp:8Ivy4KLhVlkjpYuTEWyp |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{35d399c4-b8fe-4745-9868-6b3831601925}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{35D399C4-B8FE-4745-9868-6B3831601925}.tmp |
| Size | 2.0B |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5c9d3be3efdfe49f_~$03_1140088877.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$03_1140088877.doc |
| Size | 162.0B |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | e1b5f5491a2f50764cd7074b14052d58 |
| SHA1 | db3e2bfde1369040a5f9a29e1d2b32c5826bbe9c |
| SHA256 | 5c9d3be3efdfe49fc13be7a089bbf330a91d1656a67434a70142492fa5cb253f |
| CRC32 | 66088A1E |
| ssdeep | 3:yW2lWRdv/SyW6L7El7lJK7cm2HItaVhh+Fh//n:y1lWr/SyWmgvK7cm24BFx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dafca1618afa2cd4_f30b99d.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F30B99D.emf |
| Size | 4.9KB |
| Processes | 1488 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ff6a77c6072d38dad1ded7fe7b1cdfa1 |
| SHA1 | 5c3457475f3584d18ba5a5d765fce16ce16f69c5 |
| SHA256 | dafca1618afa2cd4e9f89e97bfd0e7aea61453ddca26ba7de4e2045a2e85bc84 |
| CRC32 | 1202169F |
| ssdeep | 48:FC3hNwqLbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkFl/aE:CTvLBvt1X6YU5Ed |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bac3df645079c17b_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | 63b0eb6471f2dff01e57f179b886d5fd |
| SHA1 | 99d817d789d57a856e9d6a486dce8f6f07a89475 |
| SHA256 | bac3df645079c17b15faddbb4289542bf073c90a74f8e15f25eedb2219ea9822 |
| CRC32 | 58505AF9 |
| ssdeep | 3:yW2lWRdv/SyW6L7El7lJK7cm2HItaVhhdphtl:y1lWr/SyWmgvK7cm24a |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f8ec8100df95265c_~$qq.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$qq.doc |
| Size | 162.0B |
| Processes | 1488 (WINWORD.EXE) |
| Type | data |
| MD5 | 2111fa4aa345adb54baa16707aea7385 |
| SHA1 | bbc3b37ebffae5de8fd2b494f43326ca31bc478d |
| SHA256 | f8ec8100df95265c85616b086fab2a3e1b697d8d42d616ca3e3d925ff3a7ba53 |
| CRC32 | 6D2D8CB9 |
| ssdeep | 3:yW2lWRdv/SyW6L7El7lJK7cm2HItaVhhIgl/ln:y1lWr/SyWmgvK7cm24ngl/ln |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ea0cebe8874b6b49_a0cc750c.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0CC750C.emf |
| Size | 4.9KB |
| Processes | 1488 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 8054abe59b2badee71e12edb5e1db182 |
| SHA1 | 150f33966a99e449b498eb8f2552b56db0cd09a9 |
| SHA256 | ea0cebe8874b6b4977a59759638015bc125f5e768f74056b74fe9bf55df0115d |
| CRC32 | 50044EBD |
| ssdeep | 48:c7vNU1FsdBg6qjpLkwOEG6kpYjdHkYagY:IQ0BFq9gVU5Ev |
| Yara | None matched |
| VirusTotal | Search for analysis |