Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	824fae3331b95e2f_tmpE9DD.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE9DD.tmp
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	88fcd40de3be1bce_Presto.avi Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Presto.avi
Size	460.0B
Processes	1660 (louises.exe)
Type	ASCII text, with CRLF line terminators
MD5	`12a00af162e73c00a804e39563d5af33`
SHA1	`fabc671160eaaa780cb34b03e3e4f13327d452fe`
SHA256	`88fcd40de3be1bce7b5455803c587552e639718ae4eeb97c698b1749452e1b98`
CRC32	`1DE45D47`
ssdeep	`12:VMKyyLPuv5CNfgwBrtKJnjxaPLz+UIFAmn:jFPuv5CN1tSA+0m`
Yara	None matched
VirusTotal	Search for analysis

Name	d810cc18d8384723_txlyenwcdd.url Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TXLyenwcDd.url
Size	174.0B
Processes	2404 (Hai.exe.com)
Type	MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\gdftSIhEMP\WUoCSEEilMzfhv.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`4cff6dd80a7c7ff78d4084e0f33cfabc`
SHA1	`015cf60f20a882f73d429a64b1c9a71f53819b22`
SHA256	`d810cc18d8384723382c49d45395059a89660124603b1e7b65ccf103e8d9b991`
CRC32	`BE59DC86`
ssdeep	`3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7CdCs1gW2qQ8lk9lRi:Q+2lJglZyKm/UEZglJPZCcsq5qQ8lkQ`
Yara	None matched
VirusTotal	Search for analysis

Name	5692e38b4a16cddc_l Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\l
Size	962.8KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`70dc7bb146c142a18f6c2dd61e92a013`
SHA1	`4873a183a5683f407796647d0bfaaedfda62efc4`
SHA256	`5692e38b4a16cddcfc8890c9b94d347e5c82f23356eae20b2f8c0806666921dd`
CRC32	`FA861E2E`
ssdeep	`12288:J2xWVDXB1KY46OZPrr7Hr8F0k+JFGwHjo:UxWFXD9aL8/+Tz0`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	b40c89b34b08a164_tmpF1C9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1C9.tmp
Size	790.3KB
Type	data
MD5	`ec30280881b8103a298c3d19b75d81e3`
SHA1	`fc9a5f4ba760b2417a7e9dece14c07458d524487`
SHA256	`b40c89b34b08a164b108ddf90addf03a4184b777bbd40631e551e113a83d08a6`
CRC32	`69884BB4`
ssdeep	`24576:ykpK3SF2yNFFvJ5ep0oUd/Vs9q+3GADO+YiAqF8:ymrFzei/C9F3GAPhAM8`
Yara	None matched
VirusTotal	Search for analysis

Name	308c4da9cd82b2c3_tmpF1C7.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1C7.tmp
Size	452.6KB
Type	data
MD5	`fa992a5f80ef0c3c2f5d1e29b999b564`
SHA1	`993b5f3497e8033ea5e658fde54b5f4b6a4e29ae`
SHA256	`308c4da9cd82b2c33a81f2579d8b2a891cd398b36f9025ade9a608f768689c81`
CRC32	`DB9B445A`
ssdeep	`12288:Zk/au1PVKgieg9EX5MEmmty/HEWoMzJNkiTQdNsryeu:Z6ghyxleQM1NkiEbsDu`
Yara	None matched
VirusTotal	Search for analysis

Name	de0c33e276b278a7_Oggi.avi Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Oggi.avi
Size	872.8KB
Processes	1660 (louises.exe)
Type	data
MD5	`e754e91d06db81809a9b5438ee45256b`
SHA1	`b2b305afd2a062fc17934fcd0552319a3796e39d`
SHA256	`de0c33e276b278a7b049500396ba597d150e24166f1fb2d91fd757486163ec43`
CRC32	`9307E16A`
ssdeep	`12288:KpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:KT3E53Myyzl0hMf1tr7Caw8M01`
Yara	OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	22e028ba71ade1f7_wuocseeilmzfhv.js Submit file
Filepath	C:\Users\test22\AppData\Roaming\gdftSIhEMP\WUoCSEEilMzfhv.js
Size	273.0B
Processes	2404 (Hai.exe.com)
Type	ASCII text, with no line terminators
MD5	`cdb16b0cffeff5669d89e566d77a9a93`
SHA1	`891c47f92d981bff47f00e47ee609b51cf32c538`
SHA256	`22e028ba71ade1f7cf2c236f2244b98bb985379ca8b54f315ac3f2113f0a682c`
CRC32	`41D38F3E`
ssdeep	`6:5AThIH8CYM2h2sUS4tRZDbRXp+NI5WTO6NbRXp+NI5WjWDbRXp+NI5WLW:5GS6R4t7vVWTX9VWqvVWLW`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_tmpF1C6.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1C6.tmp
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	112e19321c5dd0f8_tmpF1DA.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1DA.tmp
Size	420.6KB
Type	data
MD5	`8717629274d39d802471af49aff40deb`
SHA1	`755f51f3613cb7ca8921aee0a44951586fe33b16`
SHA256	`112e19321c5dd0f8261d9ec1056d2114a1dcfbd24413438db9908c434eec4f6d`
CRC32	`B7EB4A49`
ssdeep	`12288:GBxvGQN9ijwRatcbABrsXhFSw/btcXS6Nk9/Pld:gG89CwROOABgxFSw5cXoZld`
Yara	None matched
VirusTotal	Search for analysis

Name	e5c7931e871678ae_tmpEA02.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpEA02.tmp
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`8e36f9cfbb4e98a1ea4cb31b1dfd18ba`
SHA1	`271e10b8bb5623e6552f2be568b01ae93b3e5a3a`
SHA256	`e5c7931e871678ae9bf44ed496a03ba8524a3d7600a44b29a60847ddda90eb86`
CRC32	`C73EAD8F`
ssdeep	`24:TLea0RlPbXaFpEO5bNmISHdL6UwcOxvyUU3Z:TYLOpEO5J/KdGU1EyU2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	f7b799ad9ffc5c72_tmpF1EC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1EC.tmp
Size	718.1KB
Type	data
MD5	`ab243cd9bf216a14ce900e8fc483aeef`
SHA1	`5b5f59ca21fd10142590d70f7c7d5fc2ffe37f23`
SHA256	`f7b799ad9ffc5c72a9bd1799538fea3768ddfbc2ee7f52839dded6fa56bf1cfb`
CRC32	`93FBA291`
ssdeep	`12288:X4OFppOZoCj7+HUDRAK4bhx+8/qZaNNpk+UjGkwQ3xAt80NtXW8c2hU7+CMw5:XHpu7+0DRcf+8CYpUVA1lrc2hIt5`
Yara	None matched
VirusTotal	Search for analysis

Name	783758f5b90c894c_RegAsm.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
Size	62.9KB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`53690d6dbf8e3f7bd54529131f1be127`
SHA1	`b28ab7d6a4f0fba872310d0dd60bf9bb233b5cff`
SHA256	`783758f5b90c894c7d57d6dd257683194b4f4d3bc470e0fd51b1b8c6171494d8`
CRC32	`C59F6165`
ssdeep	`768:Z+R1Viwqkh+tGi6HYDKnJzQOgFQ04mzGnvclLz3oWK6Iq8rAOzWipD6BXl:ELiwrh+tL64DKnJJAzGvchUCQFa6D6B1`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_tmpEA81.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpEA81.tmp
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	77b3ff7b2c4212f4_tmpF1D9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpF1D9.tmp
Size	183.0KB
Type	data
MD5	`d7160c047fc217548d160dd972d027de`
SHA1	`ae7f43c78378d3289119b18502372f758a5a4fb0`
SHA256	`77b3ff7b2c4212f4644d50df1ed3cac4c6bac4802149624cc090210033c60dbf`
CRC32	`6FCED97E`
ssdeep	`3072:VCL35lBvK73PgKFH9B8AjtgOugSyGzAzrP9F27Ut08Kf2H1FBUs/Eb50ZNnZ2yse:AyPjBXiZgScVF2kjHM22ys6+E`
Yara	None matched
VirusTotal	Search for analysis

Name	babe465ecbdcfcf7_Egli.avi Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Egli.avi
Size	100.0KB
Processes	1660 (louises.exe) 2404 (Hai.exe.com)
Type	data
MD5	`4fda868e190543a68bbfbb7cf7841d8b`
SHA1	`2db183e0cfe6bec8d2b04ac2ad712cd8f5fec550`
SHA256	`babe465ecbdcfcf7aebd05fa2b2dc95e550b03ce609d9c92c0db080a55c1368e`
CRC32	`8090F56B`
ssdeep	`1536:m1MscFXQj2rnL6W9CfJtwkxGzN/W2FVM1ulaHycB9+labSHhVNDHfDe8v1EaFb6:m/c0GLfkgzNnkuIH97OzNDHL/vL6`
Yara	None matched
VirusTotal	Search for analysis

Name	079473a1752fb5e1_tmpEA27.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpEA27.tmp
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`5f98cfac1d9c02587e0db4a6e5a20739`
SHA1	`be4f97d8544c22d01a1b941fe835d91ffc8a5efd`
SHA256	`079473a1752fb5e18f755627476b14192bb76894459f1430888e6ae3d07bd763`
CRC32	`B01FA20E`
ssdeep	`96:JBc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9ul:JBPOUNlCTJMb3rEDFA867/`
Yara	None matched
VirusTotal	Search for analysis

Name	237d1bca6e056df5_Hai.exe.com Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Hai.exe.com
Size	872.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c56b5f0201a3b3de53e561fe76912bfd`
SHA1	`2a4062e10a5de813f5688221dbeb3f3ff33eb417`
SHA256	`237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d`
CRC32	`76090EE7`
ssdeep	`12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis