| Name | 4826c0d860af884d_~wrs{fef87382-1199-4915-af8b-841320b92fac}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FEF87382-1199-4915-AF8B-841320B92FAC}.tmp |
| Size | 1.0KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9eee0b9a1660e1fd_5f771605.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5F771605.emf |
| Size | 4.9KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 5977f22dbb4b6bc8c6798e3a8c75f5c8 |
| SHA1 | 19f61da7a6b6d15eaa4b474512cc99f0702e76b1 |
| SHA256 | 9eee0b9a1660e1fd140def0e4b8a9ab6a08b0cebcb392638dd8b0df970290378 |
| CRC32 | C9659E0D |
| ssdeep | 48:FC3hNNSxobmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaK:CTNSxoLBvt1X6YU5EG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{88f0c60c-6554-45e9-b859-bad55056d14a}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{88F0C60C-6554-45E9-B859-BAD55056D14A}.tmp |
| Size | 2.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9644fe7f4c7dd89b_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 31 20:12:41 2021, mtime=Tue Aug 31 20:12:41 2021, atime=Tue Aug 31 20:12:41 2021, length=256000, window=hide |
| MD5 | c8c9c6618c58fb0a79d5b26ef8ade1ba |
| SHA1 | 5976da6652ab1c65443700f264e40f656fdcf49c |
| SHA256 | 9644fe7f4c7dd89b149ff2f296ae3561906e6b0bb3e612e0c79ec6cbdfe98af3 |
| CRC32 | 1C3C0B73 |
| ssdeep | 24:85Cw1vyuvqVRdxzIobbx2TjzNYuTZwwgCLPyh:8bvy4KXb1EpYuTOMyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 027a7b79d752b85f_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 071cbd0af0e18f7c3116c1100cc3313d |
| SHA1 | f19f60f98af0680acf75b4fe10e811610a2940b9 |
| SHA256 | 027a7b79d752b85ff5b74a999b301f5950417d9a05013972c3c6bb559ebe9990 |
| CRC32 | F76F128A |
| ssdeep | 3:yW2lWRdwiyW6L77djTK7UFglFItR3dllt:y1lW8iyWm9XK7UFglWR33 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 342b41aa5b31df58_~$31_4532643085.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$31_4532643085.doc |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 83823f45d9543c65a12bcea3f5fae847 |
| SHA1 | 7f6ee0a26f7f94d15ba827d5d0b4efdaad88d829 |
| SHA256 | 342b41aa5b31df586954192654d1c7539ea70d96dc0bfb78fdb9604e21126ea6 |
| CRC32 | A2F6333A |
| ssdeep | 3:yW2lWRdwiyW6L77djTK7UFglFItR3dM/n:y1lW8iyWm9XK7UFglWR3y/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1531ad8a66f69bda_a1b55114.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1B55114.emf |
| Size | 4.9KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 3fac4c2bc0e1df2f9a22e89586420bbf |
| SHA1 | d84959d54a4d8f0e9b4a524df7717f855949abaf |
| SHA256 | 1531ad8a66f69bdabe341d23ce2478278044e778c0731e7f1a38eb968aaadc3a |
| CRC32 | F4C5FB0F |
| ssdeep | 48:cADMN5ner6gsdBg6qjpLkwOEG6kpYjdHkNla5b:cl26lBFq9gVU5ENOb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5f6aadb10721084c_~wrs{91043461-3305-4a94-91c0-8ac93adf93f6}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{91043461-3305-4A94-91C0-8AC93ADF93F6}.tmp |
| Size | 1.5KB |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 22b9921061a9309c5366115801531d2f |
| SHA1 | 05d8bf210e86111f868a4b3f86e00d3707db9f8c |
| SHA256 | 5f6aadb10721084c2ccdf2b851520b6cd006fd9fb354b8936bf70ec74b631dbe |
| CRC32 | 15393288 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNxwWjhjmXwPxZlhRt3POD7jCj:CpUElClDK/8GePlcQWEXwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e0dc54aeef31c769_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 1608 (WINWORD.EXE) |
| Type | data |
| MD5 | 8346b7713642ac30fb610e3f041f0b39 |
| SHA1 | 06a663737bfad42f43cdca5a3eb25ebb70e345ab |
| SHA256 | e0dc54aeef31c76980512eeeb86749476a296b0dd743928efee43d8c7bdc2b00 |
| CRC32 | A01369C3 |
| ssdeep | 3:yW2lWRdwiyW6L77djTK7UFglFItR3dWz/l:y1lW8iyWm9XK7UFglWR3sx |
| Yara | None matched |
| VirusTotal | Search for analysis |