| Name | 9e28097f05e88ee8_2ef5e938.wbk |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2EF5E938.wbk |
| Size | 7.8KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | b5d26ba8cc8b2b0fc069698577133fef |
| SHA1 | 7e454c6c265c0c43680295fadf25225447118842 |
| SHA256 | 9e28097f05e88ee88fc04062264da7ce2d6a5c8f5d3776531179c3bf9f5b003d |
| CRC32 | 7D4F1E60 |
| ssdeep | 192:6ewMgEY3y9JUnXDFW6EygSDLP2mRPXwmGgFLXTZk7XAnl9ic:6BEY3YE5W6912mRPXwGhTZLjb |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5bbde359595f2590_index.dat |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat |
| Size | 72.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | eb4950418a1cd89ac67ee31215b0f1e7 |
| SHA1 | 0a7a1ebcfb86cfd2e386ddaa07cf6e8493b43821 |
| SHA256 | 5bbde359595f259018bb4955636fc2e5dce4e123659ceeff28b39d4355af900e |
| CRC32 | A5BE14E7 |
| ssdeep | 3:bDuMJlbCJEMhSXfQFLkb:bCQuDhkf4kb |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5c53b5fe6e9b0b79_23.95.122.53에 있는 pawpaw.url |
|---|---|
| Size | 53.0B |
| Type | MS Windows 95 Internet shortcut text (URL=<http://23.95.122.53/pawpaw/>), ASCII text, with CRLF line terminators |
| MD5 | dbd2be150cb07dd6b787a2bebfc66ece |
| SHA1 | c10c01e3ea30caa96734daf0d9d65eddf070afb8 |
| SHA256 | 5c53b5fe6e9b0b79bbbba14e44bb8ed224dad3c000ab1e476deac23923f94204 |
| CRC32 | E96EA8C8 |
| ssdeep | 3:HRAbABGQYm/ehLOXfOE+D:HRYFVm/K4fyD |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 564fc53f136aa527_~$uwa.docx |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\~$uwa.docx |
| Size | 162.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | d10bf6295ee104deef0386f060fc0cef |
| SHA1 | 17defec8891ed5289c4aa67925742a13baf23cef |
| SHA256 | 564fc53f136aa527d69a35259b32f161eb1a532c1212c3b98cb9bf46dd8b3b57 |
| CRC32 | 56E3D0CA |
| ssdeep | 3:yW2lWRdvL7YMlbK7lhNFLmlNX:y1lWnlxK7rNFLS |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4826c0d860af884d_~wrs{36773fa7-b334-4cb5-befd-554cd568effc}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{36773FA7-B334-4CB5-BEFD-554CD568EFFC}.tmp |
| Size | 1.0KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| CRC32 | 23C03491 |
| ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2f69b9d296023d06_fqxx8[1].htm |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\fQXx8[1].htm |
| Size | 312.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | HTML document, ASCII text |
| MD5 | f6073ae13ad0807125826cf87bff89a5 |
| SHA1 | dce781b7761b4978c763ed5884738b17e04fc807 |
| SHA256 | 2f69b9d296023d06de3058a832f74adf0f3ff0e4f75f991920a6d7e06aaf38aa |
| CRC32 | 2FEF870A |
| ssdeep | 6:pn0+Dy9xwol6hEr6VX16hu9nPiJ4fyYKRSXnbFEcXaoD:J0+ox0RJWWPHfyFAXnyma+ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 49a7d15151afd26d_~wrs{1bc29605-e12d-42c1-b602-55c9afff5a82}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BC29605-E12D-42C1-B602-55C9AFFF5A82}.tmp |
| Size | 4.0KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 9238321c0e81ac89936168205e47d992 |
| SHA1 | 43eaaa3439f8aaaef674179bc0926b28b2043e65 |
| SHA256 | 49a7d15151afd26db88556d4feb89a63599253440fc4aaf81a053bc13fd8ce6b |
| CRC32 | C02B0E6B |
| ssdeep | 48:Ibashk0aipcikdQyIul+ZGoOTleuZzVHALEAlrxrzwD5lUK+MlNkOMu2fUt:Iba7iwTIuE50wuJHufxrzwdln+ykcIUt |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7aa8b130066b1964_fqxx8.url |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\fQXx8.url |
| Size | 45.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | MS Windows 95 Internet shortcut text (URL=<http://bit.do/fQXx8>), ASCII text, with CRLF line terminators |
| MD5 | e306d4fffd8dbe1ed255eef3af67667a |
| SHA1 | e6d3c7be9f5fcc6204cc7a88f7042a3eb6eba527 |
| SHA256 | 7aa8b130066b196412570a52e1fdeb94cfb0e70ccbbe0781444fa7bf819736a9 |
| CRC32 | 0B22BA08 |
| ssdeep | 3:HRAbABGQYm/hQ1uVyn:HRYFVm/hY |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0877a3fc43a5f341_~wrs{dec40d4b-fbb2-45cb-b98a-0cfa2459dbb1}.tmp |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DEC40D4B-FBB2-45CB-B98A-0CFA2459DBB1}.tmp |
| Size | 1.0KB |
| Processes | 2864 (WINWORD.EXE) |
| Type | dBase III DBT, version number 0, next free block index 7536653 |
| MD5 | 28adf62789fd86c3d04877b2d607e000 |
| SHA1 | a62f70a7b17863e69759a6720e75fc80e12b46e6 |
| SHA256 | 0877a3fc43a5f341429a26010ba4004162fa051783b31b8dd8056eca046cf9e2 |
| CRC32 | 8E6A7128 |
| ssdeep | 3:Ghl/dlYdn:Gh2n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 955e0f806c3c2589_~$normal.dotm |
|---|---|
| Filepath | C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
| Size | 162.0B |
| Processes | 2864 (WINWORD.EXE) |
| Type | data |
| MD5 | 378a5abdaf971f65fafc6fe92c4e9cec |
| SHA1 | ae5757b4504c5f29db4f3318cab2799a1b600e5c |
| SHA256 | 955e0f806c3c2589cc56dd5eeba708a1c0b0314656ab5cce18e99008f3aac25a |
| CRC32 | 6C42E2A1 |
| ssdeep | 3:yW2lWRdvL7YMlbK7lNnX:y1lWnlxK7 |
| Yara | None matched |
| VirusTotal | Search for analysis |