Dropped Files | ZeroBOX
Name 3f547687e9c89f5b_~wrs{27863006-7d21-4dc0-a0a1-b6a3d45fffaa}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27863006-7D21-4DC0-A0A1-B6A3D45FFFAA}.tmp
Size 39.8KB
Processes 2552 (WINWORD.EXE)
Type data
MD5 95849f8d7a319cc918834a5725b0da7d
SHA1 a648e1a11b4bab9fb0285003baa3b6e46c9e605b
SHA256 3f547687e9c89f5b9eb9540c1de85410b1abcc4977bd9a87eb3d1c539fe7d342
CRC32 DE1F3473
ssdeep 768:WnZiEE39UIsSaLaOv4wjOdawLjr1WdjOYRUS68V9+0aCDj3EEMR1uJ:WnZa3iVSaLaOv4wjOdFPEdjOX8VkrCDN
Yara
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b3d510ef04275ca8_excludedictionaryen0409.lex
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
Size 2.0B
Processes 2552 (WINWORD.EXE)
Type Little-endian UTF-16 Unicode text, with no line terminators
MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
CRC32 88F83096
ssdeep 3:Qn:Qn
Yara None matched
VirusTotal Search for analysis
Name c08aabaf1b358795_~$w_recovery_tool_to_help_with_crowdstrike_issue_impacting_windows.docm
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\~$w_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm
Size 162.0B
Processes 2552 (WINWORD.EXE)
Type data
MD5 8eaf2c8f5ea34b3b5c7fa888490d54ba
SHA1 c8325bc276b480f765ea4714b780cae7f4cac778
SHA256 c08aabaf1b358795aa5e0252a27f12f360803e19a1904233714fd31e6cec214d
CRC32 3BC40096
ssdeep 3:yW2lWRdvL7YMlbK7lhZ2nAkcl:y1lWnlxK7Rdk
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_cerF56C.tmp
Empty file or file not found
Filepath C:\Windows\cerF56C.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 818ac9d3621dd802_~$normal.dotm
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
Size 162.0B
Processes 2552 (WINWORD.EXE)
Type data
MD5 ee32490f318ff4e444547a5f83870e80
SHA1 09f2ae32c5f293e2ad8ab9eef34b353b0f27362c
SHA256 818ac9d3621dd80293562e5769e503579c6e9fe996e67c6145f7984c532d2f9b
CRC32 1A78502A
ssdeep 3:yW2lWRdvL7YMlbK7lznXl:y1lWnlxK7
Yara None matched
VirusTotal Search for analysis
Name 4826c0d860af884d_~wrs{bfb6cb33-d795-45a3-83f9-e6d7f4190124}.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BFB6CB33-D795-45A3-83F9-E6D7F4190124}.tmp
Size 1.0KB
Processes 2552 (WINWORD.EXE)
Type data
MD5 5d4d94ee7e06bbb0af9584119797b23a
SHA1 dbb111419c704f116efa8e72471dd83e86e49677
SHA256 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
CRC32 23C03491
ssdeep 3:ol3lYdn:4Wn
Yara None matched
VirusTotal Search for analysis