Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.19 03:01
A Look Inside a Modern...
01.19 03:01
Apple, Google Remove T...
01.19 03:01
How to Get Around the ...
01.19 03:01
[사전규격공개] 2025 APCERT 국...
01.19 12:01
시몬스 침대, 카카오톡 선물하기 통해 설...
01.19 12:01
Zero Trust and Entra I...
01.19 12:01
Stealth AirTag Broadca...
01.19 12:01
US TikTok Users Get No...
01.19 09:01
하이텍 그룹, 산업방송 채널i ‘히든 챔...
01.19 09:01
I3C Bit-banging Fun fo...

Dropped Files | ZeroBOX

Name	3baadc49c95799d6_centraltable.accdb Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.accdb
Size	472.0KB
Processes	652 (WINWORD.EXE)
Type	Microsoft Access Database
MD5	`9968d551b96c4eac720f0f77b3dac8d1`
SHA1	`40c6502fc0541eb1ebe9c885ddb389c895018024`
SHA256	`3baadc49c95799d633d4925733d690091a3e4323dc78286d2a1aafd153a2a1fe`
CRC32	`858DABC0`
ssdeep	`384:YGQVmpJujISF+I7ITwuRpkvjbus8NG4mVZO4F/Z:bLJCTL7Kwu0PWGFXZ`
Yara	None matched
VirusTotal	Search for analysis

Name	def1c960dccb368c_fsd-{235ec4de-3896-4433-9cef-0f692fb2a083}.fsd Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{235EC4DE-3896-4433-9CEF-0F692FB2A083}.FSD
Size	128.0KB
Processes	652 (WINWORD.EXE)
Type	data
MD5	`167142bbf9350031776b432b858d2681`
SHA1	`9ad053f8a32de868b0c689bea60a496dee30fc48`
SHA256	`def1c960dccb368c44333d84613639ce514a2cf42e0850e31abe4161741979fe`
CRC32	`B8027216`
ssdeep	`48:I3EEFBuVsbl4sYiJyFMUV7z7mJhdw1K1:KjfumJRBKlPk`
Yara	None matched
VirusTotal	Search for analysis

Name	b066102429799dc4_~wrs{ab034307-da36-49fc-9139-fee3cc5c54a4}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB034307-DA36-49FC-9139-FEE3CC5C54A4}.tmp
Size	1.8KB
Processes	652 (WINWORD.EXE)
Type	data
MD5	`af0e64454188a062b3c2a7e70376b186`
SHA1	`0dee9a2ba4fa145154f77d96eaf1e637f702af13`
SHA256	`b066102429799dc45eb99d10130251672ff12d2c985ec5e5e48441e6d56b423f`
CRC32	`AB025B2F`
ssdeep	`12:Fbb2cYd4llakuHrkRGZS81G9q8w8ZCLXBBtP+6:FbbVY+0Jo8LLLXRb`
Yara	None matched
VirusTotal	Search for analysis

Name	a3cce0204b61f85d_~$normal.dotm Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size	162.0B
Processes	652 (WINWORD.EXE)
Type	data
MD5	`35173197686f32948a0b0f022f49c8e2`
SHA1	`699c80a1f4f07a5676fd04fcb65d1b2f4823cb35`
SHA256	`a3cce0204b61f85d812f5e7a5603d4af8d10289bba68c03fdcbcbf3930299f1e`
CRC32	`97A68B3D`
ssdeep	`3:yW2lWRd3EdW6L7EszJK7aeEcIt8EhmfG:y1lWjOWmYwK7aeu8I`
Yara	None matched
VirusTotal	Search for analysis

Name	eaf9cdc741596275_centraltable.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.ini
Size	36.0B
Processes	652 (WINWORD.EXE)
Type	data
MD5	`1f830b53ca33a1207a86ce43177016fa`
SHA1	`bdf230e1f33afba5c9d5a039986c6505e8b09665`
SHA256	`eaf9cdc741596275e106dddcf8aba61240368a8c7b0b58b08f74450d162337ef`
CRC32	`BA4496DE`
ssdeep	`3:5NixJlElGUR:WrEcUR`
Yara	None matched
VirusTotal	Search for analysis

Name	e73d9fab37cd6bf9_centraltable.laccdb Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\CentralTable.laccdb
Size	128.0B
Processes	652 (WINWORD.EXE) 2240 (MSOSYNC.EXE)
Type	data
MD5	`0c2be3153a6602550b658e4bb5f073d5`
SHA1	`3fe515761d3c3744fcb12b10de15e0d94ed36ba9`
SHA256	`e73d9fab37cd6bf9f8a66e6de08e8178a7d5b5d7ee7bd314f7a25132b17ec5f8`
CRC32	`D05CFEE4`
ssdeep	`3:IkFafOkFaV:zQu`
Yara	None matched
VirusTotal	Search for analysis

Name	4826c0d860af884d_~wrs{be4cdfd2-8279-41d0-b946-07cb50716005}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BE4CDFD2-8279-41D0-B946-07CB50716005}.tmp
Size	1.0KB
Processes	652 (WINWORD.EXE)
Type	data
MD5	`5d4d94ee7e06bbb0af9584119797b23a`
SHA1	`dbb111419c704f116efa8e72471dd83e86e49677`
SHA256	`4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1`
CRC32	`23C03491`
ssdeep	`3:ol3lYdn:4Wn`
Yara	None matched
VirusTotal	Search for analysis

Name	17e2ef7b37219097_~$demo.dotx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~$Demo.dotx
Size	162.0B
Processes	652 (WINWORD.EXE)
Type	data
MD5	`d955956c875d112cf3ac1578b7f708fb`
SHA1	`23fcec628ebfc67760a3a3afdf235785766ac126`
SHA256	`17e2ef7b3721909714f3893e8419f47180d64f67fa5df28fc6e8ddc8877e38b3`
CRC32	`2599AA2B`
ssdeep	`3:yW2lWRd3EdW6L7EszJK7aeEcIt8Ehmd4lll:y1lWjOWmYwK7aeu84l`
Yara	None matched
VirusTotal	Search for analysis

Name	959ce0374e2c447e_fsd-cnry.fsd Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Size	128.0KB
Processes	652 (WINWORD.EXE)
Type	data
MD5	`8897fca138615198c4b2c7895cdf56a1`
SHA1	`5d551c977b16b19c75b279248f43b0ca49c4b1a7`
SHA256	`959ce0374e2c447edddc2fe691059bc9be264f026813d547fc7ec3382000c057`
CRC32	`4D924885`
ssdeep	`48:I33FBBH7umJ6lfup+fEI+GtxhooH9/2sb1Kr3d4Lj4vXv:KVbb5J6lm4MK/R83d4Lj4f`
Yara	None matched
VirusTotal	Search for analysis

Name	3c55d4b588c3564d_fsf-{0e1eee64-e8c6-4e2a-9759-63cf07fd8988}.fsf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
Size	114.0B
Processes	652 (WINWORD.EXE)
Type	data
MD5	`9088fcb42964214344dbfa8eef7275dd`
SHA1	`a707a53ff7ccde3ee197ad9dc33c5803433ffdd2`
SHA256	`3c55d4b588c3564d442dff8d1a72155afbc233f68154ba7f62fe903f3a3edded`
CRC32	`EECF2CCE`
ssdeep	`3:yVlgsRlzSVl8aI47otGlLlXlsVECjl276:yPblzelS4UMlL86g22`
Yara	None matched
VirusTotal	Search for analysis

Name	5343bd9875876a4f_fsd-cnry.fsd Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Office\15.0\OfficeFileCache\FSD-CNRY.FSD
Size	128.0KB
Processes	652 (WINWORD.EXE)
Type	data
MD5	`ed145066700cf2f5e33c2e6ced4308fb`
SHA1	`e8d2decbf8a3423d4e7858242f06b9d6f3626d87`
SHA256	`5343bd9875876a4f7f248837628e39ad1aeeee539129ac6b056bbb74ef0d4749`
CRC32	`5B7FD7C4`
ssdeep	`48:I3mBVZeju7sd8U0ytrIXpSusDSLr3YknyDnNOhkDnNOh:KOneK4d8HkuCSX3fiQgQ`
Yara	None matched
VirusTotal	Search for analysis

Name	88454e73f6ff7add_html[1].hta Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\HTML[1].hta
Size	164.6KB
Processes	652 (WINWORD.EXE)
Type	HTML document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`983e6b8aa3297cb348097d6df0e51e3a`
SHA1	`193a92708b2591397ebc706511f817e3ab069322`
SHA256	`88454e73f6ff7add5733d4925d26d3102df75c0b86a354c7b185475441597fe2`
CRC32	`2EF9B682`
ssdeep	`3072:S1QvI2X1Kwu7U1t66r+BBBT1BTQbQOQKQ+QSQHQrQhQ7QxQgQEQNQmQLQ8QyQBQO:SuHFiU68H4V4N4x4f4n4w4L4SQX2eq2E`
Yara	None matched
VirusTotal	Search for analysis