| Name | 5092394343bd5ddf_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 18 17:47:12 2021, mtime=Wed Aug 18 17:47:12 2021, atime=Wed Aug 18 17:47:12 2021, length=444416, window=hide |
| MD5 | 45761d0dabc85c4c4c1119d4ce75bfbd |
| SHA1 | 390a16a0059801ef714383f7519d66356152cabb |
| SHA256 | 5092394343bd5ddfd91e12477ea4e4ccfbe0039406319f169d32f7094e9cc80f |
| CRC32 | 2A45DAA1 |
| ssdeep | 24:84RvyuvqVRdxzIo8+jJjzNYuTZwwgCLPyeSR:84Rvy4KXpdpYuTOMyx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{ff6384b7-85c4-4bf9-8ca3-f2e6171ea1db}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FF6384B7-85C4-4BF9-8CA3-F2E6171EA1DB}.tmp |
| Size | 1.0KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ab0049bfcbcfb117_~$18_1021705814.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$18_1021705814.doc |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 4825fe8f9ec764c5ee62c5d740511a8b |
| SHA1 | e2176f07e5b0a92320603de15fdb53bcd8b6a78f |
| SHA256 | ab0049bfcbcfb1177fe5851462608206a229c7a6649055554ba29497136219be |
| CRC32 | 34EA2F46 |
| ssdeep | 3:yW2lWRdfZl/tiyW6L7WvjTK7NdpglFItsttAsr/:y1lWH/t/Wm6vjTK7DpgWsttAg/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | df2d6d1ce3050b30_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 479f0e184788a52e7bad13742b44d91e |
| SHA1 | f5a37ccabb327ee3fcddf1637c4a24a1ded56b2b |
| SHA256 | df2d6d1ce3050b304c2a09d7565640f52f6d08f4222227388d999c97947e001c |
| CRC32 | A8975BDF |
| ssdeep | 3:yW2lWRdfZl/tiyW6L7WvjTK7NdpglFItsttAahl:y1lWH/t/Wm6vjTK7DpgWsttAw |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 38dfde88f0db5f79_~wrs{787103fd-6a56-4e87-8822-e4bb85a47bc5}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{787103FD-6A56-4E87-8822-E4BB85A47BC5}.tmp |
| Size | 1.5KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 803ce583313c0686e9f3c68b5d0306b5 |
| SHA1 | c72937ed1e26c91aa48f95a4b5582668cf33db7a |
| SHA256 | 38dfde88f0db5f79b0a4f9f4e6d9153c3b533cd72edaf8017631b93c34ccba76 |
| CRC32 | 39B1182C |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNVqtINV/94wPxZlhRt3POD7jCj:CpUElClDK/8GePlcOtDwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{6c4dd08c-66f6-4969-a2f2-e279418953f9}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C4DD08C-66F6-4969-A2F2-E279418953F9}.tmp |
| Size | 2.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d7922ee96fa7ba7f_2293a5b2.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2293A5B2.emf |
| Size | 4.9KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | b5ed963e5b24f2b139b9fc68c72fce85 |
| SHA1 | 93d7ddb535070e05af7ead9517efb9fbefd3ce48 |
| SHA256 | d7922ee96fa7ba7fc7518b4a1c4e19e0460dc39cf6170ae610290d4c29fbde99 |
| CRC32 | 56982141 |
| ssdeep | 48:FHqhN1l5UtCbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkM:FqTv5UsLBvt1X6YU5EM |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c6ff028a76ce54f5_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2300 (WINWORD.EXE) |
| Type | data |
| MD5 | 97566ccb53992b36afe359b418c377cd |
| SHA1 | 378cfb79a6f3c2badcea608ea2d3539f8a9549b6 |
| SHA256 | c6ff028a76ce54f56a0b9e18b52f877d393c9a19050f2373cf8df006bfcbf12d |
| CRC32 | C367A03B |
| ssdeep | 3:yW2lWRdfZl/tiyW6L7WvjTK7NdpglFItsttAqv//:y1lWH/t/Wm6vjTK7DpgWsttA8X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 99eff9f9f8b287ee_f5735935.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F5735935.emf |
| Size | 4.9KB |
| Processes | 2300 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 2d132b8d63a6ada5df4919d1c9630a51 |
| SHA1 | 173e4c5e4b79a252fe729273e45790326f1fae4f |
| SHA256 | 99eff9f9f8b287ee675cac900b549c7bff212e743cdc9785190d087cda93a0f6 |
| CRC32 | 7E48DCF7 |
| ssdeep | 48:c10MNyOklhwxgsdBg6qjpLkwOEG6kpYjdHkNMb:c1ByrhwxlBFq9gVU5ENMb |
| Yara | None matched |
| VirusTotal | Search for analysis |