popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9ad643ed6ce085c3_qcrtuser.dic
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\User\Shared80\Dics\QCRTUSER.DIC
Size 151.4KB
Processes 200 (Hwp.exe)
Type data
MD5 cb1b438dc7a86eba15d37a9fff0243ff
SHA1 df7b6631409b7fcf1ebd7ff74d9cada858349df6
SHA256 9ad643ed6ce085c3eb5075ba3fac9e35c2f96e0956d9c90fe6cc5614fb9b355c
CRC32 A0E86182
ssdeep 3072:p6XVX4IL2AFp0OcGat3QxRn6At3H6dK5yU3TjNKG+TnUQrScr2sGVR87lkkXFiU5:pOpmiYqJhm0zzOp
Yara None matched
VirusTotal Search for analysis
Name 9350da1161167b12_temp.folder.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Size 823.0B
Processes 200 (Hwp.exe)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Wed Jan 24 19:53:39 2024, atime=Wed Jan 24 19:53:39 2024, length=65536, window=hide
MD5 d4b645a80f9b2328124f1dd9705a6efa
SHA1 c4dd79663897af28d51da4dc64120e218d263536
SHA256 9350da1161167b123b8be09a76d9cede596ff8d011c021c73e2e8eecfd32e32d
CRC32 A0643D8A
ssdeep 12:8pZ89sh64cZCrR8EvSWxER+/x8izCCOLMa1Swua4t2YLEPKzlX8yVwu:8pZ8SsERddERYzNRak6Pyxwu
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 2c2de2336cb5cde1_조선 시장 물가 분석(신의주).hwp.lnk
Submit file
Size 1.1KB
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Sep 26 19:57:22 2022, mtime=Mon Sep 26 19:57:22 2022, atime=Mon Sep 26 19:57:22 2022, length=68096, window=hide
MD5 659de8f2163938d884083c1cc7e703e8
SHA1 6ad12cad1d9618531ebcd8bcb73417169cecd29a
SHA256 2c2de2336cb5cde1359d6fc4ec62c2a3bb659c9980bc85d3844bc5a5f5745fd5
CRC32 5E0809E4
ssdeep 24:8psERddERiTxSaCDdjIR6ZWdjmWdjR6PyR:8ps1RiTApDlIR6ZWlmWl4yR
Yara
  • lnk_file_format - Microsoft Windows Shortcut File Format
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 76296ca80ceb9d2d_sharefont.ini
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\User\Common\80\Fonts\ShareFont.ini
Size 183.0B
Processes 200 (Hwp.exe)
Type ASCII text, with CRLF line terminators
MD5 34766d17d04c24aaa62124eae6b5bac4
SHA1 984e092e32fe8f7bd340a7799541c2600d96a4fb
SHA256 76296ca80ceb9d2db0b4ed08ba1b060c92a75805d71978c30dd33b87bd698b6e
CRC32 E0E924A3
ssdeep 3:5xxovKdVo6LR5nE9Aj4I5tLGoW+QRX7AMWRUrNmWxpcL4EaKC5YoH1KLDTjEcKl0:5RVogR5nEk55GoW+QWMWRKNmQpcLJaZg
Yara None matched
VirusTotal Search for analysis
Name 0771b95c54006093_normal80.hwt
Submit file
Filepath C:\Users\test22\AppData\Roaming\HNC\User\Shared80\HwpTemplate\Doc\ENU\Normal80.hwt
Size 14.5KB
Processes 200 (Hwp.exe)
Type Hangul (Korean) Word Processor File 5.x
MD5 bfe569dbee47f5bb41f91e83de5b6c40
SHA1 299509b6c808074026d938884f5ff01914c28aa1
SHA256 0771b95c540060936dd22571145e86141021dfc869b78f1eeef86fde228463c9
CRC32 AD69E2DD
ssdeep 96:Hr6MSQ0gWep/GtbBKYDoylxrvKLNYSjKQMgWSpEtbBKYDoylxrj:Hr6MSdepgBomxUpjKlSpaBomx3
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
  • HWP_file_format - HWP Document File
VirusTotal Search for analysis