Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	b53c61f1bc82cf36_~wrs{db318622-8a4d-42ab-9cdd-0a8dd7626f82}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DB318622-8A4D-42AB-9CDD-0A8DD7626F82}.tmp
Size	9.2KB
Processes	3032 (WINWORD.EXE)
Type	data
MD5	`648f2b7f3691ce953399c1c439a9bd8c`
SHA1	`babb7ac1bbf26047138f20848d93851f2bfefe68`
SHA256	`b53c61f1bc82cf369aae2e1b708f18a105cd8b85c80ade368f6bcd2221c10f33`
CRC32	`50B9AB50`
ssdeep	`192:KcN9W5cOcRW8uIQAYzfZDfMOU3gGJZYSX6O:AKZRlXYT9KwG7YSX6O`
Yara	None matched
VirusTotal	Search for analysis

Name	a4dd726f0e3f9213_templates.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
Size	1.1KB
Processes	3032 (WINWORD.EXE)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 21:28:02 2018, mtime=Thu Jul 13 19:34:49 2023, atime=Thu Jul 13 19:34:49 2023, length=4096, window=hide
MD5	`c86b8b5e614ed14d9a8afe048a4ce3b7`
SHA1	`c90d6794bebc64d5f595b4d9f3c801a84b92e068`
SHA256	`a4dd726f0e3f92133e99d70708559f173a05c3104b5656c6997f66ca5aaf478e`
CRC32	`6CD06D43`
ssdeep	`24:8AvykJvqVRd5kwDRhvjPdzNYuTTCLPy0VfVI:8Avykh+nbdpYuT0yAdI`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	4826c0d860af884d_~wrs{3206cf92-7f1a-4597-bab3-d1444f5b9d86}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3206CF92-7F1A-4597-BAB3-D1444F5B9D86}.tmp
Size	1.0KB
Processes	3032 (WINWORD.EXE)
Type	data
MD5	`5d4d94ee7e06bbb0af9584119797b23a`
SHA1	`dbb111419c704f116efa8e72471dd83e86e49677`
SHA256	`4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1`
CRC32	`23C03491`
ssdeep	`3:ol3lYdn:4Wn`
Yara	None matched
VirusTotal	Search for analysis

Name	15b04c367d6e66ad_~$이혼의사확인신청서.doc Submit file
Size	162.0B
Type	data
MD5	`d8ce58f2b4d87c3eaaca76500f77e38e`
SHA1	`90d571d4335adeda780c76349fadad635168552b`
SHA256	`15b04c367d6e66ad9cb85d0b96c9455d042c20f852fd7ed043c2fba76bdf86d3`
CRC32	`03E92BC0`
ssdeep	`3:yW2lWRdvL7YMlbK7g7lxIt50iSjlVtHmlll/4Xhn:y1lWnlxK7ghqqFGlX4xn`
Yara	None matched
VirusTotal	Search for analysis

Name	a6ed92dc67623f00_version.ini.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\version.ini.LNK
Size	1.2KB
Processes	3032 (WINWORD.EXE)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jul 13 19:34:49 2023, mtime=Thu Jul 13 19:34:49 2023, atime=Thu Jul 13 19:34:49 2023, length=216, window=hide
MD5	`f9f099faa2183e614ff3f63e6f7b2f6f`
SHA1	`d04b08979728f870f1e9b4fbf2f1eb5b9f72c75f`
SHA256	`a6ed92dc67623f003df5bf0f65fa946bf85c0886d64aca649a5bb891319db40c`
CRC32	`37FC68FC`
ssdeep	`24:8nCvykJvqVRd5kwDRhvjPW9LUxzNYuT2LU1CLPyd:8nCvykh+nbyUxpYuTYUyyd`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	d516a371b6fc0a52_~$normal.dotm Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size	162.0B
Processes	3032 (WINWORD.EXE)
Type	data
MD5	`56a4532b2fc2cf6fd4ec62a29758d231`
SHA1	`60f68bd8ac5b3f7290daa236bebd5f9c0f1510fd`
SHA256	`d516a371b6fc0a5270a1323f271bc2a36bc34f9cf06c783a642020c0da8948c3`
CRC32	`E93E4529`
ssdeep	`3:yW2lWRdvL7YMlbK7g7lxIt50iSjlVtNmk/tyXhn:y1lWnlxK7ghqqFNT/tyxn`
Yara	None matched
VirusTotal	Search for analysis

Name	70774079d036daa9_index.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Office\Recent\index.dat
Size	93.0B
Processes	3032 (WINWORD.EXE)
Type	ASCII text, with CRLF line terminators
MD5	`a8ce312b4092b5a82f8cee561dc8ee39`
SHA1	`3fb72796fcc468a8df0a6820edc9cabce54b46da`
SHA256	`70774079d036daa9a0f44d8f8f6e618b09e8e03dc60e81027ff2237816c1b8df`
CRC32	`AC5E14D8`
ssdeep	`3:bDuMJlLVKcomxWIoBKcov:bCAVnQny`
Yara	None matched
VirusTotal	Search for analysis