| Name | 8726a709e068a8c0_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | 87a819e1dd1fd534b5cfda48b78e6294 |
| SHA1 | 2501b7a7cb80d6fb3d08269010f1e5ff4e11ed8d |
| SHA256 | 8726a709e068a8c032a58144ceed39a0188b4c01b573211d8ed4de1a51540eaf |
| CRC32 | 680AC5B5 |
| ssdeep | 3:yW2lWRdNSNQloW6L71FjTK7yGclMHItASHtH90E//n:y1lWaQloWmLXK7yH24A0teEX |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e011140948149207_~$18_7617422488.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$18_7617422488.doc |
| Size | 162.0B |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | f47dc6d28768244fb2ed9486fb22d34b |
| SHA1 | 2192ab792f0dbb5eacb67694d60a3f7d4fcf756a |
| SHA256 | e01114094814920710d027c91fe7d9c2a195267ef41ba0a5a35752f2e0022c96 |
| CRC32 | 30D325DF |
| ssdeep | 3:yW2lWRdNSNQloW6L71FjTK7yGclMHItASHtH90lslt:y1lWaQloWmLXK7yH24A0telEt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2268 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d3af944189c626ad_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2268 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 18 22:27:41 2021, mtime=Wed Aug 18 22:27:41 2021, atime=Wed Aug 18 22:27:41 2021, length=444416, window=hide |
| MD5 | 6de7069d043f4cfacb92842f7c5f07c0 |
| SHA1 | 823dc6c731f9062b27b2b5bf8fd7de67446a72ec |
| SHA256 | d3af944189c626ad165e1775c739b2f0da0326fc214e4216abaa5f6c66439dd3 |
| CRC32 | 645E2BDC |
| ssdeep | 24:8Tyo/vyuvqVRdxzIo/hnjzNYuTZwwgCLPyeSR:8Thvy4KX9pYuTOMyx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 38dfde88f0db5f79_~wrs{d35082e7-4c9a-4981-b886-8a7d0924ac49}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D35082E7-4C9A-4981-B886-8A7D0924AC49}.tmp |
| Size | 1.5KB |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | 803ce583313c0686e9f3c68b5d0306b5 |
| SHA1 | c72937ed1e26c91aa48f95a4b5582668cf33db7a |
| SHA256 | 38dfde88f0db5f79b0a4f9f4e6d9153c3b533cd72edaf8017631b93c34ccba76 |
| CRC32 | 39B1182C |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNVqtINV/94wPxZlhRt3POD7jCj:CpUElClDK/8GePlcOtDwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 203e33649f2a3cfa_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | 0d68403aee41fe674d7cd8a68a152065 |
| SHA1 | 6e87be036172d2af0a1206973c9ce5bd1359e4bb |
| SHA256 | 203e33649f2a3cfa723e2703c274db5f85bb4a4e6e3e99111a95de573cddc5c4 |
| CRC32 | EA67C7BA |
| ssdeep | 3:yW2lWRdNSNQloW6L71FjTK7yGclMHItASHtH90dzzl/:y1lWaQloWmLXK7yH24A0texzt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d7922ee96fa7ba7f_1721f251.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1721F251.emf |
| Size | 4.9KB |
| Processes | 2268 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | b5ed963e5b24f2b139b9fc68c72fce85 |
| SHA1 | 93d7ddb535070e05af7ead9517efb9fbefd3ce48 |
| SHA256 | d7922ee96fa7ba7fc7518b4a1c4e19e0460dc39cf6170ae610290d4c29fbde99 |
| CRC32 | 56982141 |
| ssdeep | 48:FHqhN1l5UtCbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkM:FqTv5UsLBvt1X6YU5EM |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{07cf74d1-9151-4349-a4af-8d9a62d5b7bd}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{07CF74D1-9151-4349-A4AF-8D9A62D5B7BD}.tmp |
| Size | 1.0KB |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 99eff9f9f8b287ee_de6af790.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DE6AF790.emf |
| Size | 4.9KB |
| Processes | 2268 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 2d132b8d63a6ada5df4919d1c9630a51 |
| SHA1 | 173e4c5e4b79a252fe729273e45790326f1fae4f |
| SHA256 | 99eff9f9f8b287ee675cac900b549c7bff212e743cdc9785190d087cda93a0f6 |
| CRC32 | 7E48DCF7 |
| ssdeep | 48:c10MNyOklhwxgsdBg6qjpLkwOEG6kpYjdHkNMb:c1ByrhwxlBFq9gVU5ENMb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{6bf24e48-6c43-4a4b-84b0-a87708a297f3}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6BF24E48-6C43-4A4B-84B0-A87708A297F3}.tmp |
| Size | 2.0B |
| Processes | 2268 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |