| Name | ba06484372c6f596_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 56cf9b8fcb4dc576d98891086410c568 |
| SHA1 | 6f63dbfe18890c636da3edbd571f2170982a9bb8 |
| SHA256 | ba06484372c6f5967869b436aaf3b8300fd1b431aa45c6794d2687f65e663fc6 |
| CRC32 | 4987AE34 |
| ssdeep | 3:yW2lWRdO/vW6L7rBzJK7BEtcItVlGx:y1lWC/vWmPBVK7WJVI |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{d4152d2b-b7a7-4d16-87ad-aad18aa6510b}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D4152D2B-B7A7-4D16-87AD-AAD18AA6510B}.tmp |
| Size | 1.0KB |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2488 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8b4aae46585669a8_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2488 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 31 20:16:07 2021, mtime=Tue Aug 31 20:16:07 2021, atime=Tue Aug 31 20:16:07 2021, length=256000, window=hide |
| MD5 | 38758f1491116f4950002118d16b4110 |
| SHA1 | fc8c1c92814c4c29b08abc3bfe3d85b593759551 |
| SHA256 | 8b4aae46585669a899a1c4ec3c2efab0b11c90fc66add8f05d211814ea9606f1 |
| CRC32 | 07111249 |
| ssdeep | 24:8yUsavyuvqVRdxzIod/RQXRjzNYuTZwwgCLPyh:8yHavy4KXz4pYuTOMyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{be2b9f84-5e2d-4273-9874-427105d5e825}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BE2B9F84-5E2D-4273-9874-427105D5E825}.tmp |
| Size | 2.0B |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b90345068e5b089c_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 1050f8339821257fc80a7afef49068c9 |
| SHA1 | 88e037559305b38879aa84212d875228e5ecadc5 |
| SHA256 | b90345068e5b089c77f2eb7e856ed9564b4e6a34c82a46684105893b6837f353 |
| CRC32 | A648DDDC |
| ssdeep | 3:yW2lWRdO/vW6L7rBzJK7BEtcItVlgSl/n:y1lWC/vWmPBVK7WJVfl/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5f6aadb10721084c_~wrs{da3d48bf-ff97-45cc-aa62-7feb5fc229da}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DA3D48BF-FF97-45CC-AA62-7FEB5FC229DA}.tmp |
| Size | 1.5KB |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 22b9921061a9309c5366115801531d2f |
| SHA1 | 05d8bf210e86111f868a4b3f86e00d3707db9f8c |
| SHA256 | 5f6aadb10721084c2ccdf2b851520b6cd006fd9fb354b8936bf70ec74b631dbe |
| CRC32 | 15393288 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNxwWjhjmXwPxZlhRt3POD7jCj:CpUElClDK/8GePlcQWEXwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1531ad8a66f69bda_2fc9da48.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FC9DA48.emf |
| Size | 4.9KB |
| Processes | 2488 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 3fac4c2bc0e1df2f9a22e89586420bbf |
| SHA1 | d84959d54a4d8f0e9b4a524df7717f855949abaf |
| SHA256 | 1531ad8a66f69bdabe341d23ce2478278044e778c0731e7f1a38eb968aaadc3a |
| CRC32 | F4C5FB0F |
| ssdeep | 48:cADMN5ner6gsdBg6qjpLkwOEG6kpYjdHkNla5b:cl26lBFq9gVU5ENOb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9eee0b9a1660e1fd_2b40c5a9.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2B40C5A9.emf |
| Size | 4.9KB |
| Processes | 2488 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 5977f22dbb4b6bc8c6798e3a8c75f5c8 |
| SHA1 | 19f61da7a6b6d15eaa4b474512cc99f0702e76b1 |
| SHA256 | 9eee0b9a1660e1fd140def0e4b8a9ab6a08b0cebcb392638dd8b0df970290378 |
| CRC32 | C9659E0D |
| ssdeep | 48:FC3hNNSxobmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaK:CTNSxoLBvt1X6YU5EG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6a76857b64827cb5_~$31_8300668682.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$31_8300668682.doc |
| Size | 162.0B |
| Processes | 2488 (WINWORD.EXE) |
| Type | data |
| MD5 | 5839bae2dc4f89b5257fc571abee3fc4 |
| SHA1 | 12fa575a98447568a9bfe8d63e9f6db1f6507984 |
| SHA256 | 6a76857b64827cb5d0021bf0d9431972c508556a0c1f9f5580b75a2db8ccb9e2 |
| CRC32 | 4822EF98 |
| ssdeep | 3:yW2lWRdO/vW6L7rBzJK7BEtcItVlultn:y1lWC/vWmPBVK7WJVct |
| Yara | None matched |
| VirusTotal | Search for analysis |