| Name | 5ec6077b84555f40_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 24 16:48:15 2021, mtime=Tue Aug 24 16:48:15 2021, atime=Tue Aug 24 16:48:15 2021, length=451072, window=hide |
| MD5 | 9fb6f024bd7177deaa69daa4059fdb19 |
| SHA1 | c10fb95b514737a187b30e924caca0c0d76738e6 |
| SHA256 | 5ec6077b84555f40a318a95ddea960743bf442aea2565202c02bed022698375f |
| CRC32 | 1BFC8B6F |
| ssdeep | 24:8wlvyuvqVRdxzIoBxLjzNYuTZwwgCLPyeSR:8wlvy4KXbpYuTOMyx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 00cc11fa78d1af78_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 58adcc150985c1091acd472f267bb7b9 |
| SHA1 | 57aa26616de992f7bbc6429f28bd92a329d5baca |
| SHA256 | 00cc11fa78d1af78b282ade82a0a90f6a331a59b691586195e53e06d6665d75f |
| CRC32 | 9F25B8FF |
| ssdeep | 3:yW2lWRdUSyW6L7mgTK7hpJlFIttGALtKJll:y1lWAvWmVTK7vWrh+l |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{926dd95c-6bd2-4bac-8a56-d349df86b09f}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{926DD95C-6BD2-4BAC-8A56-D349DF86B09F}.tmp |
| Size | 2.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c28363e5f16fc623_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | b27cc5401c814cf3ae672166f842c516 |
| SHA1 | 7b446338eaa5fab6b392f9c10852bf91de38ce68 |
| SHA256 | c28363e5f16fc6232aadc5081624313c94740a0b8320202cfebbc6326a043c85 |
| CRC32 | 729C3645 |
| ssdeep | 3:yW2lWRdUSyW6L7mgTK7hpJlFIttGALlLnll/:y1lWAvWmVTK7vWrpLll/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0e70c20a370e518a_e3c0b7bb.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3C0B7BB.emf |
| Size | 4.9KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | ebc0f126663622777d5d60b9f1227e31 |
| SHA1 | 66b370d1ef561e41014651a7a84fecb34b3436a6 |
| SHA256 | 0e70c20a370e518a45d9be1a791cee6de471cee1414817ade54c69e7d0721795 |
| CRC32 | 7D260F20 |
| ssdeep | 48:cADMNAygsdBg6qjpLkwOEG6kpYjdHkNla5b:clhlBFq9gVU5ENOb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2a94ee3495d61a2b_~wrs{58450c60-c3e2-4231-a8f7-1fb878e366f8}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{58450C60-C3E2-4231-A8F7-1FB878E366F8}.tmp |
| Size | 1.5KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 2306e28be68ce7c0c1e8025cc8af4428 |
| SHA1 | 25fb8c2f9120444587789d645926a5885d3c3654 |
| SHA256 | 2a94ee3495d61a2b756ba6291cf0c5ca3583b7418c5fe462f9a4874a72db9b7c |
| CRC32 | 39E6F657 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNDlwW1D/StwPxZlhRt3POD7jCj:CpUElClDK/8GePlcYWMwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{8e67f1e6-9d18-4675-8473-fd699dad0c79}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8E67F1E6-9D18-4675-8473-FD699DAD0C79}.tmp |
| Size | 1.0KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 912eb4f629ddf570_~$24_2382378251.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$24_2382378251.doc |
| Size | 162.0B |
| Processes | 1896 (WINWORD.EXE) |
| Type | data |
| MD5 | efa9456b9d632c57fc2deba023b06b04 |
| SHA1 | b64ee32cdbf097ac80f1ac537dd2b2841a5ebf81 |
| SHA256 | 912eb4f629ddf570983f35ce620b11f1011a58dfb4bef201e0dcba848658f551 |
| CRC32 | C9E16EF7 |
| ssdeep | 3:yW2lWRdUSyW6L7mgTK7hpJlFIttGALY:y1lWAvWmVTK7vWrc |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 28b8a1e363936c69_4b40d680.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4B40D680.emf |
| Size | 4.9KB |
| Processes | 1896 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 6c83465ae5615219498deb5b90a19636 |
| SHA1 | 369ccd9f4f41b26b7fc50cc444d76287e9fa2faf |
| SHA256 | 28b8a1e363936c69db757f7de3ba245fc423ae10584cf2a97c382a48892d75cd |
| CRC32 | 4DD8091A |
| ssdeep | 48:FC3hNZMVbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaV:CToLBvt1X6YU5Ep |
| Yara | None matched |
| VirusTotal | Search for analysis |