| Name | 4826c0d860af884d_~wrs{b514cac3-31d2-4837-87f8-d78d7761c721}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B514CAC3-31D2-4837-87F8-D78D7761C721}.tmp |
| Size | 1.0KB |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | aa51bc1e1243878c_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2336 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Sep 5 14:37:24 2021, mtime=Sun Sep 5 14:37:24 2021, atime=Sun Sep 5 14:37:24 2021, length=256000, window=hide |
| MD5 | 45a6e1ce21b4b84b84cb5dbca5acc609 |
| SHA1 | 002badcac3b4eef89623f32e3957c9b748f575bc |
| SHA256 | aa51bc1e1243878c88bcbd9f7efac61fdc5adadef1e03d6a2b765bf575b4bd1b |
| CRC32 | C10C4393 |
| ssdeep | 24:89vyuvqVRdxzIoHnP0K5jzNYuTZwwgCLPyeSR:89vy4KXHTNpYuTOMyx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2336 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9eee0b9a1660e1fd_f069c4d2.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F069C4D2.emf |
| Size | 4.9KB |
| Processes | 2336 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 5977f22dbb4b6bc8c6798e3a8c75f5c8 |
| SHA1 | 19f61da7a6b6d15eaa4b474512cc99f0702e76b1 |
| SHA256 | 9eee0b9a1660e1fd140def0e4b8a9ab6a08b0cebcb392638dd8b0df970290378 |
| CRC32 | C9659E0D |
| ssdeep | 48:FC3hNNSxobmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaK:CTNSxoLBvt1X6YU5EG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5f6aadb10721084c_~wrs{4a9d2511-8614-4026-8a57-a6d82012c2ae}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4A9D2511-8614-4026-8A57-A6D82012C2AE}.tmp |
| Size | 1.5KB |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | 22b9921061a9309c5366115801531d2f |
| SHA1 | 05d8bf210e86111f868a4b3f86e00d3707db9f8c |
| SHA256 | 5f6aadb10721084c2ccdf2b851520b6cd006fd9fb354b8936bf70ec74b631dbe |
| CRC32 | 15393288 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNxwWjhjmXwPxZlhRt3POD7jCj:CpUElClDK/8GePlcQWEXwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d47b02c31a333281_~$31_3314378773.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$31_3314378773.doc |
| Size | 162.0B |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | 44d636b3282d80488644cac74d59b613 |
| SHA1 | f4ea2056ac06bd5d220d80f8186a54062aaa2cad |
| SHA256 | d47b02c31a33328180131c149b16f4ce8da2801c47499f843759122fe7315e7a |
| CRC32 | 2950973C |
| ssdeep | 3:yW2lWRd3l4yW6L7i/7lJK7moXl/OHIt8nChGJlln:y1lW7l4yWmu/vK7mQl/O48Ck/n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1531ad8a66f69bda_f1ec4cd5.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F1EC4CD5.emf |
| Size | 4.9KB |
| Processes | 2336 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 3fac4c2bc0e1df2f9a22e89586420bbf |
| SHA1 | d84959d54a4d8f0e9b4a524df7717f855949abaf |
| SHA256 | 1531ad8a66f69bdabe341d23ce2478278044e778c0731e7f1a38eb968aaadc3a |
| CRC32 | F4C5FB0F |
| ssdeep | 48:cADMN5ner6gsdBg6qjpLkwOEG6kpYjdHkNla5b:cl26lBFq9gVU5ENOb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{be680bdf-30c3-4a48-a361-8c6b7260da09}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BE680BDF-30C3-4A48-A361-8C6B7260DA09}.tmp |
| Size | 2.0B |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 44a0b9cd8edbd405_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | e516741d1a78c9a1ac056bddf569dd8b |
| SHA1 | 8ff881f269becb39c4273f7301cfcc5c17a35212 |
| SHA256 | 44a0b9cd8edbd405d55719e6831e2f7c70ed69924d2bf891d7ba10c70eec9745 |
| CRC32 | 8CCC21C2 |
| ssdeep | 3:yW2lWRd3l4yW6L7i/7lJK7moXl/OHIt8nChQP//n:y1lW7l4yWmu/vK7mQl/O48Cm/ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ff1390ade75cc4ac_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2336 (WINWORD.EXE) |
| Type | data |
| MD5 | faf501d2039bfa2b8d279a635c97a7c8 |
| SHA1 | e89443a923e453a00119ee0784042c6537514c24 |
| SHA256 | ff1390ade75cc4ac537bec530989dfa0fb0a8411cf634cad6a529356fe8c478d |
| CRC32 | 97074773 |
| ssdeep | 3:yW2lWRd3l4yW6L7i/7lJK7moXl/OHIt8nChzt:y1lW7l4yWmu/vK7mQl/O48Cxt |
| Yara | None matched |
| VirusTotal | Search for analysis |