Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...
09.21 12:09
Updated CISA exploited...
09.21 12:09
Several orgs purported...
09.21 12:09
New CISA guidance seek...
09.21 12:09
Lumma Stealer deployed...

Dropped Files | ZeroBOX

Name	278683e8625c03f9_temp.folder.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Size	823.0B
Processes	3016 (Hwp.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Thu Sep 14 01:02:22 2023, atime=Thu Sep 14 01:02:22 2023, length=65536, window=hide
MD5	`da9de504a376700b3e37b023146f3f88`
SHA1	`b879300f43e075ee3b5e0db99f1fe906360e8764`
SHA256	`278683e8625c03f9c925471c93436d2a77dd439546c4f013a18a0d11452b5a5f`
CRC32	`C33E255E`
ssdeep	`12:8pePsh64cZCrR8EvSWCR+/7mpFW8izCCOLMa1Swua4t2YLEPKzlX8yajbjM:8plsERdWRpFczNRak6Pyd`
Yara	Lnk_Format_Zero - LNK Format lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal	Search for analysis

Name	9ad643ed6ce085c3_qcrtuser.dic Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\User\Shared80\Dics\QCRTUSER.DIC
Size	151.4KB
Processes	3016 (Hwp.exe)
Type	data
MD5	`cb1b438dc7a86eba15d37a9fff0243ff`
SHA1	`df7b6631409b7fcf1ebd7ff74d9cada858349df6`
SHA256	`9ad643ed6ce085c3eb5075ba3fac9e35c2f96e0956d9c90fe6cc5614fb9b355c`
CRC32	`A0E86182`
ssdeep	`3072:p6XVX4IL2AFp0OcGat3QxRn6At3H6dK5yU3TjNKG+TnUQrScr2sGVR87lkkXFiU5:pOpmiYqJhm0zzOp`
Yara	None matched
VirusTotal	Search for analysis

Name	9cc6602d6cf64d68_20231025_정책간담회 사례비 양식.hwp.lnk Submit file
Size	1.1KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Sep 26 19:38:04 2022, mtime=Mon Sep 26 19:38:04 2022, atime=Mon Sep 26 19:38:04 2022, length=39424, window=hide
MD5	`53093c841816d7f8256111508b6f1286`
SHA1	`89f8cdf465778239a756753ece4e82d8fd5f16c6`
SHA256	`9cc6602d6cf64d685da52331dfb41659311bd432f7470015108b70bd0930838e`
CRC32	`1719DD92`
ssdeep	`12:8zoXw4cZCrR8EvSWCR+/7mpFWCex7xmlzTtzCOLMz04Q1ulzTX1ulzTjwua4t2YN:8YsERdWRpFTex7gPtWR4NcPXcPj6PyF`
Yara	Lnk_Format_Zero - LNK Format lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal	Search for analysis

Name	76296ca80ceb9d2d_sharefont.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\User\Common\80\Fonts\ShareFont.ini
Size	183.0B
Processes	3016 (Hwp.exe)
Type	ASCII text, with CRLF line terminators
MD5	`34766d17d04c24aaa62124eae6b5bac4`
SHA1	`984e092e32fe8f7bd340a7799541c2600d96a4fb`
SHA256	`76296ca80ceb9d2db0b4ed08ba1b060c92a75805d71978c30dd33b87bd698b6e`
CRC32	`E0E924A3`
ssdeep	`3:5xxovKdVo6LR5nE9Aj4I5tLGoW+QRX7AMWRUrNmWxpcL4EaKC5YoH1KLDTjEcKl0:5RVogR5nEk55GoW+QWMWRKNmQpcLJaZg`
Yara	None matched
VirusTotal	Search for analysis

Name	0771b95c54006093_normal80.hwt Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\User\Shared80\HwpTemplate\Doc\ENU\Normal80.hwt
Size	14.5KB
Processes	3016 (Hwp.exe)
Type	Hangul (Korean) Word Processor File 5.x
MD5	`bfe569dbee47f5bb41f91e83de5b6c40`
SHA1	`299509b6c808074026d938884f5ff01914c28aa1`
SHA256	`0771b95c540060936dd22571145e86141021dfc869b78f1eeef86fde228463c9`
CRC32	`AD69E2DD`
ssdeep	`96:Hr6MSQ0gWep/GtbBKYDoylxrvKLNYSjKQMgWSpEtbBKYDoylxrj:Hr6MSdepgBomxUpjKlSpaBomx3`
Yara	HWP_file_format - HWP Document File Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis