| Name | 2c7ea9d3a995371b_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 2731e30e62cb331327b9e777ed2162c5 |
| SHA1 | a4778e6c8b176a5807f60f34563d948bfee9865b |
| SHA256 | 2c7ea9d3a995371bfc85a7d0bd0cda9e774f82e8e7b426a995ccbd520efcdfdc |
| CRC32 | F9ABAB0B |
| ssdeep | 3:yW2lWRdvW6L78K7UGKFItje/llyul:y1lWjWmwK7UNWyf |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b6b3ea2e64e1c054_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Sep 2 15:42:21 2021, mtime=Thu Sep 2 15:42:21 2021, atime=Thu Sep 2 15:42:21 2021, length=254976, window=hide |
| MD5 | 785ecbfc5a89476693a22a3eeb334bf3 |
| SHA1 | dbcea180e895fe2371c444a983e235f2d3596b65 |
| SHA256 | b6b3ea2e64e1c054d05bc6b5429f03d6553108978cafba8300a80472e33a6aed |
| CRC32 | C9AAA583 |
| ssdeep | 24:8q9TvyuvqVRdxzIoFdbgTJjzNYuTZwwgCLPyh:8ATvy4KXFKdpYuTOMyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1841aae6d9a5235b_8b79d990.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8B79D990.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | df08a6026ea0ff9ad5e8462a952e8076 |
| SHA1 | e161e429f38b47cfbe7279b394d4bb5db5c43904 |
| SHA256 | 1841aae6d9a5235b80856839c38d38ec18877b94b5f78399d439b6e436b20c8b |
| CRC32 | 676F7862 |
| ssdeep | 48:FC3hNviSbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaK:CTnLBvt1X6YU5EG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9d3fb80a35b8ec74_~$02_7424105065.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$02_7424105065.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 71787abf38454606f54d3dceec795d48 |
| SHA1 | 887e3c86d4da2033ef45eaf9ed181d5577e1183f |
| SHA256 | 9d3fb80a35b8ec74bb869e70bb4dadee07087c925a5e71f551894df588652fff |
| CRC32 | B5B7836F |
| ssdeep | 3:yW2lWRdvW6L78K7UGKFItje/llDiln:y1lWjWmwK7UNWyjG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a26079d7cc615d0c_~wrs{2e08e7e5-6360-4bd5-a4d0-d9fa91beb3db}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2E08E7E5-6360-4BD5-A4D0-D9FA91BEB3DB}.tmp |
| Size | 1.5KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 39d13d7ea50f04590e4d35ccb53ab35b |
| SHA1 | 4ff49d1c66f7ea26b79ccb860985be998ca0c2da |
| SHA256 | a26079d7cc615d0c2046aee71aaed649522b92921cedf1feab901e417dee1723 |
| CRC32 | D6C4CA50 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNPNwtqzNP39mPXwPxZlhRt3PODg:CpUElClDK/8GePlcMt80PXwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{100b732e-f95b-4a76-ae14-cc1525066843}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{100B732E-F95B-4A76-AE14-CC1525066843}.tmp |
| Size | 2.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{f8a2e605-dbb2-4db1-be68-2553e89b2095}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F8A2E605-DBB2-4DB1-BE68-2553E89B2095}.tmp |
| Size | 1.0KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 29b0b400a89dc1bc_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 1c6f9f20e50c53dda9a8631d5fd1d597 |
| SHA1 | 54a9975034e9bdc743a2be62efe2bbac1ef35eac |
| SHA256 | 29b0b400a89dc1bc9b3b042222d0aadd11a0d374f91860a8eee580baa2a53fce |
| CRC32 | 0490D6AF |
| ssdeep | 3:yW2lWRdvW6L78K7UGKFItje/lliKn:y1lWjWmwK7UNWyj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cfc3054c0360bc24_76ad930b.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\76AD930B.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 556fa1046a06f5a8237cdbef295d230c |
| SHA1 | 0a9a4e23b7875e69d1e266e61e4b0275db0f3eab |
| SHA256 | cfc3054c0360bc24bd12301b819e32da714edab265f07b6d160e712126acc815 |
| CRC32 | 6CB88B3F |
| ssdeep | 24:YJhfE9MN44HTfqFjsdB3g6G7OdE5qOppcWfswKnZFwG6uvX5YXmkZdHkHtXBUAib:c10MNVgsdBg6qjpLkwOEG6kpYjdHkNMb |
| Yara | None matched |
| VirusTotal | Search for analysis |