| Name | b405cea6dfd14b9d_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 114.0B |
| Processes | 1728 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7ea6e5b42ce1a6a1bf384f6062ec884e |
| SHA1 | 95a653fe85117bb6d770b7358e3651f85f1d9548 |
| SHA256 | b405cea6dfd14b9d7fc970a2ebc4406d227a06621947ed734b2b3985d3f44a8b |
| CRC32 | 913A0AC0 |
| ssdeep | 3:bDuMJlwcXAlWCMU1d9CmxWqJHp6rp2mX1ZX9Cv:bCkAkG9K9j9s |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{17642b1f-843c-4d16-88f5-b9a72652a55f}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{17642B1F-843C-4D16-88F5-B9A72652A55F}.tmp |
| Size | 1.0KB |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 77462d2345dd0347_~$qq.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$qq.doc |
| Size | 162.0B |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | 2448317e2604968103a74483964ddff6 |
| SHA1 | 80e420f17f7985867b2c9da899a19a42024c98f9 |
| SHA256 | 77462d2345dd034708d059198b42ebb3aa4efe3af0d0ea0189ff17edc727cebb |
| CRC32 | 78A6DF6B |
| ssdeep | 3:yW2lWRdl+oW6L7C/lvK78qzaItw/lbRezt:y1lWkoWmedK78q9w/ezt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a030606ec289c748_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | b2c5b5e277c04c88aebc94b3dfebe3b2 |
| SHA1 | 3fed3606f59427dd2d965e03f0dac1d4dce9c40c |
| SHA256 | a030606ec289c7487681ef467af273e8226c966f13b7d9f4ad1982c31cd58c1f |
| CRC32 | 785C3284 |
| ssdeep | 3:yW2lWRdl+oW6L7C/lvK78qzaItw/lbR9l:y1lWkoWmedK78q9w/9l |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7ca162581b980dfb_~wrs{6aa1531b-527d-421d-bbc1-e4bcefd4f6fc}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6AA1531B-527D-421D-BBC1-E4BCEFD4F6FC}.tmp |
| Size | 1.5KB |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | 96de2d2d313550b929562ce9489c7edf |
| SHA1 | a3ea8125ba4c66d80e009abc295c26d7256fcc2f |
| SHA256 | 7ca162581b980dfb673dff61288bd1e812155b8940c24f1bbaa6d56804c6dfa0 |
| CRC32 | 61B2ECC8 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzN4Nwm/wPxZlhRt3PO27NpNjn:CpUElClDK/8GePlcpm/wPxZfO0 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b66c673f143a0a75_~$03_6700186721.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$03_6700186721.doc |
| Size | 162.0B |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | 27671af813bbc9521cefae28ca137a40 |
| SHA1 | 635891f0ee2c99b581a5e0bdd1958426c8062ace |
| SHA256 | b66c673f143a0a7515b30c28ee658eac5d6faedc2d0dc6e977118a6c6b3b4312 |
| CRC32 | 15CBBE7D |
| ssdeep | 3:yW2lWRdl+oW6L7C/lvK78qzaItw/lbRqWztn:y1lWkoWmedK78q9w/qG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 84f2cec55ff8b4c0_qq.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\qq.doc.LNK |
| Size | 1.2KB |
| Processes | 1728 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 3 16:44:40 2021, mtime=Tue Aug 3 16:44:40 2021, atime=Tue Aug 3 16:44:40 2021, length=368640, window=hide |
| MD5 | 140c83c3bf1808a03811af6deeacd2b8 |
| SHA1 | 32b1265b62867fd0d5e01cf11954f037b1b417a8 |
| SHA256 | 84f2cec55ff8b4c0ff45e67b2f0ab819a8f4e909c5a36ee51f887eb46e82f1b9 |
| CRC32 | A1FBBFB9 |
| ssdeep | 12:83WLL1EgXo1vyCPCH2fvqVPR8EvSobf6SLcPD9cTyY9dilxfAAizCCOLAHSuTQb/:8mivyuvqVRdxzgQtWAjzNYuTEJCLPyp |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ea0cebe8874b6b49_a819a676.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A819A676.emf |
| Size | 4.9KB |
| Processes | 1728 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 8054abe59b2badee71e12edb5e1db182 |
| SHA1 | 150f33966a99e449b498eb8f2552b56db0cd09a9 |
| SHA256 | ea0cebe8874b6b4977a59759638015bc125f5e768f74056b74fe9bf55df0115d |
| CRC32 | 50044EBD |
| ssdeep | 48:c7vNU1FsdBg6qjpLkwOEG6kpYjdHkYagY:IQ0BFq9gVU5Ev |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dafca1618afa2cd4_32677ff.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\32677FF.emf |
| Size | 4.9KB |
| Processes | 1728 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ff6a77c6072d38dad1ded7fe7b1cdfa1 |
| SHA1 | 5c3457475f3584d18ba5a5d765fce16ce16f69c5 |
| SHA256 | dafca1618afa2cd4e9f89e97bfd0e7aea61453ddca26ba7de4e2045a2e85bc84 |
| CRC32 | 1202169F |
| ssdeep | 48:FC3hNwqLbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkFl/aE:CTvLBvt1X6YU5Ed |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{6122cfac-7a43-4f4f-9071-2f669f60b9e3}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6122CFAC-7A43-4F4F-9071-2F669F60B9E3}.tmp |
| Size | 2.0B |
| Processes | 1728 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |