| Name | ad2279a8e75ced37_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 45527099d52cb6cc549a32007088f582 |
| SHA1 | c21ffaf5a7c3ee34fd9123567122c42236af39ae |
| SHA256 | ad2279a8e75ced3754d6ae6d2167aa7b94e50a85fd53c0a3b827d42638c7f40e |
| CRC32 | 7D5E58B3 |
| ssdeep | 3:yW2lWRdHlQyW6L7nolJK71BMHIt1w32qn:y1lWTlQyWmgK7fM4yGq |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2319e98f983b0903_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 118.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | be31fe64d3a3e4406fe4488b34667322 |
| SHA1 | 1aa4b1279c14d2b18c7be723f666c589e3e6775d |
| SHA256 | 2319e98f983b0903637237a37d24c4dcc190acef023c3109c57e2b92c72dec21 |
| CRC32 | 45DB5986 |
| ssdeep | 3:bDuMJlwcXAlWCapGCmxWqJHp6rp2mX1K/GCv:bCkAkVGK9g/Gs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{ba586bb8-b620-4976-b5e0-ebcc46b62a28}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BA586BB8-B620-4976-B5E0-EBCC46B62A28}.tmp |
| Size | 1.0KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4ebeac928b066d42_glib.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\glib.doc.LNK |
| Size | 1.2KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Sep 5 14:39:47 2021, mtime=Sun Sep 5 14:39:47 2021, atime=Sun Sep 5 14:39:47 2021, length=254976, window=hide |
| MD5 | 57784747d04c4882c0ad49d14fb80bd6 |
| SHA1 | 5ac3e8b60a99391f4897b39f8d7cd46c8f849769 |
| SHA256 | 4ebeac928b066d4252af73e60460cfe4df3177ec898069ad39ad2117f7893356 |
| CRC32 | 52BB5A40 |
| ssdeep | 24:8/vyuvqVRdxzIon7+ljzNYuTZwwgCLPyh:8/vy4KXypYuTOMyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a26079d7cc615d0c_~wrs{122b0aba-65d5-4489-b1c6-b89c320e4eac}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{122B0ABA-65D5-4489-B1C6-B89C320E4EAC}.tmp |
| Size | 1.5KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 39d13d7ea50f04590e4d35ccb53ab35b |
| SHA1 | 4ff49d1c66f7ea26b79ccb860985be998ca0c2da |
| SHA256 | a26079d7cc615d0c2046aee71aaed649522b92921cedf1feab901e417dee1723 |
| CRC32 | D6C4CA50 |
| ssdeep | 3:9g7NNKElClDK/l1lLltvWGePllHl3llV1s/tzNPNwtqzNP39mPXwPxZlhRt3PODg:CpUElClDK/8GePlcMt80PXwPxZfODCj |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cfc3054c0360bc24_f36b3321.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F36B3321.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 556fa1046a06f5a8237cdbef295d230c |
| SHA1 | 0a9a4e23b7875e69d1e266e61e4b0275db0f3eab |
| SHA256 | cfc3054c0360bc24bd12301b819e32da714edab265f07b6d160e712126acc815 |
| CRC32 | 6CB88B3F |
| ssdeep | 24:YJhfE9MN44HTfqFjsdB3g6G7OdE5qOppcWfswKnZFwG6uvX5YXmkZdHkHtXBUAib:c10MNVgsdBg6qjpLkwOEG6kpYjdHkNMb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b8c041bbb5421a17_~$glib.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$glib.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | b9fcc765fbf773ad6e72a7739547d48f |
| SHA1 | dbae02fc3a5b26f90dcd098921f4b57d9a361b98 |
| SHA256 | b8c041bbb5421a173c317a1faf914861d50ca0e29dc8e63afb9e499fc00d9bd5 |
| CRC32 | 16AEA357 |
| ssdeep | 3:yW2lWRdHlQyW6L7nolJK71BMHIt1w3G2//:y1lWTlQyWmgK7fM4y22X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | df243f5127c93e9b_~$02_6686864155.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$02_6686864155.doc |
| Size | 162.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | d9c36b14049f4cf204fa8e431096c0cd |
| SHA1 | 376d1571fb0e5650e1417c3fe2fece688e168fcd |
| SHA256 | df243f5127c93e9b601f44dcade5f27a7f7cf73f58074bc519409842d0da1f67 |
| CRC32 | B9E3E508 |
| ssdeep | 3:yW2lWRdHlQyW6L7nolJK71BMHIt1w3mUG:y1lWTlQyWmgK7fM4yWv |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1841aae6d9a5235b_1109beae.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1109BEAE.emf |
| Size | 4.9KB |
| Processes | 2508 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | df08a6026ea0ff9ad5e8462a952e8076 |
| SHA1 | e161e429f38b47cfbe7279b394d4bb5db5c43904 |
| SHA256 | 1841aae6d9a5235b80856839c38d38ec18877b94b5f78399d439b6e436b20c8b |
| CRC32 | 676F7862 |
| ssdeep | 48:FC3hNviSbmsdBgD89t1Tb4HKKZX3Y6kpYjdHkUaK:CTnLBvt1X6YU5EG |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{3b9521d4-7d66-4da5-9bcc-e4d1a31c6dab}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3B9521D4-7D66-4DA5-9BCC-E4D1A31C6DAB}.tmp |
| Size | 2.0B |
| Processes | 2508 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |