| Name | 3812b6429128386a_diplo.doc.lnk |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\diplo.doc.LNK |
| Size | 1.2KB |
| Processes | 2608 (WINWORD.EXE) |
| Type | MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Sep 23 18:02:34 2021, mtime=Thu Sep 23 18:02:34 2021, atime=Thu Sep 23 18:02:34 2021, length=172544, window=hide |
| MD5 | 238f2872e13d86d23d3b701316679c0d |
| SHA1 | 7dbf6034fc95d86e408407716caab72f5124e5c4 |
| SHA256 | 3812b6429128386adc1c22117e440600e5c61bd9735a537eebcb20525c77207d |
| CRC32 | 597B3398 |
| ssdeep | 12:8GC4RgXo1vyCPCH2fvqVPR8EvSobf6SLcpt9UTyGF9xiluh/f6izCCOLAHSuTQfi:8GhvyuvqVRdxzIoNjhxzNYuTKqDCLPyh |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | e545d395bb3fd971_~wrs{e29a8b63-8227-480e-9369-b09de6ef861d}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E29A8B63-8227-480E-9369-B09DE6EF861D}.tmp |
| Size | 2.0B |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | 32649384730b2d61c9e79d46de589115 |
| SHA1 | 053d8d6ceeba9453c97d0ee5374db863e6f77ad4 |
| SHA256 | e545d395bb3fd971f91bf9a2b6722831df704efae6c1aa9da0989ed0970b77bb |
| CRC32 | 890098F7 |
| ssdeep | 3:X:X |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f9614b15c1d4679_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 120.0B |
| Processes | 2608 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 7455090d1d76ef1ab9c632c91be5c116 |
| SHA1 | 3426135fbf05ffed4ea64720bc915777c1faea81 |
| SHA256 | 0f9614b15c1d4679fc17aee32f11b06d9e72adc78013beea9318415f2fed6d44 |
| CRC32 | 6F214E83 |
| ssdeep | 3:bDuMJlwcXAlWCZUJK1nzCmxWqJHp6rp2mX1621nzCv:bCkAkgUJUnzK9sgnzs |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5dfd38c9a84532be_~wrs{8a17a472-8821-46e8-8c63-4f98ae51978c}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8A17A472-8821-46E8-8C63-4F98AE51978C}.tmp |
| Size | 1.5KB |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | 1dfcb583ef2101158eef11169713fe5f |
| SHA1 | 09344e18c17fd18284e77b37ba568c675ff01f35 |
| SHA256 | 5dfd38c9a84532bec35b04abf049e43716b93aca205e3c437e70cff852acf0b2 |
| CRC32 | EAEBCB40 |
| ssdeep | 3:FlgAg7NNKElClDK/ldl5vWGePllHl3lldfZl/BAlVzNZmElGwPxZlhRt3POD7jlF:fgFpUElClDK/CGePlIv54wPxZfODwi |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 90aa97cc885cff60_~$23_690278402563.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$23_690278402563.doc |
| Size | 162.0B |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | c1f090f1bb413f6c0bef2d48359a06bf |
| SHA1 | a9b69f8ca31a4d11ac989527e66e58c0259be15c |
| SHA256 | 90aa97cc885cff6000a2a669ac2dbf71db60ecd570c1b8ca6ed3889846b9a3ee |
| CRC32 | EBC18EAE |
| ssdeep | 3:yW2lWRdI8ll/W6L7X2ZJK7gcpuItG2X:y1lWP1Wm8K7gcrL |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | bd338b6d0bed22d7_19a6d671.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\19A6D671.emf |
| Size | 4.9KB |
| Processes | 2608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | bb7722a0184f576e9d9f1f42d260cb43 |
| SHA1 | 5679a52893aeb47774f47c9c3b352794bc6bee42 |
| SHA256 | bd338b6d0bed22d71d6232c4e20f610fc46a47721a9eeb2e57ad236b453462a8 |
| CRC32 | 5678CC33 |
| ssdeep | 48:OMDLvNfGYQ6dsdBg6qjpLkwOEG6kpYjdHkpaayN:bnVfT9MBFq9gVU5EfyN |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{a7451648-1a1f-4e66-be5e-aa0c1b2ef363}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A7451648-1A1F-4E66-BE5E-AA0C1B2EF363}.tmp |
| Size | 1.0KB |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d067254c2a117310_~$diplo.doc |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$diplo.doc |
| Size | 162.0B |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | 458f71cd0329cbbdc707434d09d6444e |
| SHA1 | dd66afd52ac33884b0b7d06588511a558f128309 |
| SHA256 | d067254c2a1173106a5f79f0d52f5e2cba4e43611c9e715e8cdca15434188372 |
| CRC32 | 6DF24B95 |
| ssdeep | 3:yW2lWRdI8ll/W6L7X2ZJK7gcpuItGtIrl:y1lWP1Wm8K7gcrRx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ef10b60ebe0d8db3_b7f2e9be.emf |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B7F2E9BE.emf |
| Size | 4.9KB |
| Processes | 2608 (WINWORD.EXE) |
| Type | Windows Enhanced Metafile (EMF) image data version 0x10000 |
| MD5 | 710e4d91678c5ae9dbf0aed585dc0554 |
| SHA1 | a1b682a2c5ee2b8ceed8a84f5943a2981abcbb01 |
| SHA256 | ef10b60ebe0d8db31064509384853b941f833c7c94816e55a62e98f72567f54b |
| CRC32 | F17482A5 |
| ssdeep | 96:QzOhv2+tgPk7mS+Dan9MYpnY9GumWB6VR237gO4xwgnamn:QzOhe+tH7ADa9MsnYoMB6VR2Lwugnh |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ca8330c4ff86c4cf_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2608 (WINWORD.EXE) |
| Type | data |
| MD5 | 189fda417aff6f61c5bd6c088d29fbb6 |
| SHA1 | 777031221b7f0141c6640882054eb4f4690e2963 |
| SHA256 | ca8330c4ff86c4cfbe4a9ffe8085c5ec06123a1f182d01b626f112e070f4507b |
| CRC32 | DCDE6E03 |
| ssdeep | 3:yW2lWRdI8ll/W6L7X2ZJK7gcpuItGlTrl:y1lWP1Wm8K7gcrm |
| Yara | None matched |
| VirusTotal | Search for analysis |