Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 09:11
Spotted at Supercon: G...
11.16 09:11
IT Sicherheitsnews tae...
11.16 09:11
Bitfinex Hacker Gets 5...
11.16 07:11
(g+) Datenschutz: Spor...
11.16 06:11
티오더, 메뉴 사진 무료 촬영 서비스 진행
11.16 06:11
WiFi Status Indicator ...
11.16 06:11
PAN-OS Firewall Vulner...
11.16 06:11
Dahua und Delo vereine...
11.16 05:11
NSO 그룹, 소송 중에도 ‘페가수스’로...
11.16 04:11
Warning: DEEPDATA Malw...

Dropped Files | ZeroBOX

Name	2cd2857eb08c547c_luascriptmgr.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\LuaScriptMgr.lua
Size	9.0KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`7f926b561d1f965fc35afb137fe19816`
SHA1	`b12786b4469089a1ed807df8b842c16fbf2fe5a3`
SHA256	`2cd2857eb08c547cd5e50e73e3966672e0ed5e56e08b177ca62e940b28cf6b6b`
CRC32	`697511EA`
ssdeep	`96:LLXusDG4u+NRGXGiu+auOyCub/X+WthulkLX1GW:nXG4uTXGL+auOyCub/X+WqlkLlGW`
Yara	None matched
VirusTotal	Search for analysis

Name	8ef7a862ac2c8871_gulliversmall.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\GulliverSmall.lua
Size	3.0KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`8ad6c9ddf73e58e9eb7af0ebcbbe9859`
SHA1	`b20f3abb967667fba44957717f71731b2e6a29b0`
SHA256	`8ef7a862ac2c88711fce72107b8738e59157692b58dd6dca976bc2a5a024afe7`
CRC32	`2E97FED8`
ssdeep	`48:LpG52hwvOwVL/TfEfHLNHFqnzfUf8Z3u1In/oiUc3EvHJkhKX4TFYMVkgo9:LpGECxnMpknzcUZ3Gmoa3RMXmYL`
Yara	None matched
VirusTotal	Search for analysis

Name	a3d86d4d382439d4_servers.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Servers.dat
Size	3.9KB
Processes	112 (7213.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`b7498e0e7101c1de58f4485b9d141556`
SHA1	`ddbb09b51a61a6d20b6012aad4c7a2165726bb2c`
SHA256	`a3d86d4d382439d42f837fa618486455af13f9d86c81f77cd7fee068765f1da1`
CRC32	`C108769F`
ssdeep	`96:6HM+x7j7Uor7qW7qc7qvM7S1L7coW7071oW7vb9bOrIF9higlphpzpKi3phpzpK8:6sAfUo3qcqKqvaMXcocS1oczviglphpP`
Yara	None matched
VirusTotal	Search for analysis

Name	d253c8220c76e5f6_thelittlemermaidbegin.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\TheLittleMermaidBegin.lua
Size	2.4KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`5c7d39a27ae7f4078426def8e3511ba9`
SHA1	`be317949b05572bbed03376f3b73887a53d11db7`
SHA256	`d253c8220c76e5f601cf9185b37f0444e3c3b27acd732bd669e0e4ab984f691f`
CRC32	`04060609`
ssdeep	`24:LpE+OT+nWL7dVtQSfk6qj7NELR1wN6NFfLl5JEcJ2dtQ0n6PenXtQbnIN4NtQkO/:LpGqOP8jMxJ5JDJ2pHcroRsjNSxrJs2X`
Yara	None matched
VirusTotal	Search for analysis

Name	bdfca738de1a7faf_license.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\license.dll
Size	3.2MB
Processes	112 (7213.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f027192144a4ebdcedec7974e64afb03`
SHA1	`4b8cd7b9fb65b21bc83ac44dfaca26ddf8c7b915`
SHA256	`bdfca738de1a7faf8532de358c92400de7ac1792ec32292a6e43eb7af1685e81`
CRC32	`E79829B1`
ssdeep	`49152:966wVreP+g/6B2zfq97+7W7zl7oe+P9ETuI4UDufHtd98BKOOZr6Xbf0m8yc9FWm:Q++ZYqbl7orVaut3vKAVZOLsZyc9sm`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) themida_packer - themida packer IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6ce1feebcdc639bd_thelittlemermaidend.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\TheLittleMermaidEnd.lua
Size	2.5KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`b73ccd1d9cde54abcfe934214ccdafea`
SHA1	`d034453b65320134f356191fc1ce5fbf1af58a77`
SHA256	`6ce1feebcdc639bdbe4c20649169add9efe3ecf910c8533e499aacf9fbe0bd04`
CRC32	`5DC0D81E`
ssdeep	`48:LpGd4QrfGDjLZZzkJjy09k/yxZ2gzwDWWfo6ifnuikjg:LpGnr+T7zYZvWJenRk8`
Yara	None matched
VirusTotal	Search for analysis

Name	df221b1cae436fc3_social_foolsday_bgm.wav Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\sound\social_foolsday_bgm.wav
Size	12.1MB
Processes	112 (7213.exe)
Type	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
MD5	`9861a1e813b1fa9c2088cd88573d7dc5`
SHA1	`bae6ec2ce382c94e02950b35253c6f92e1941add`
SHA256	`df221b1cae436fc3d247911fb70bb994f0b8bb367e8d838493316bb7fbdc0aa9`
CRC32	`F78A922C`
ssdeep	`196608:qtLIAvldvjgqMIEYpNli+73uHbIPRZEctRxpOnbOjwVOxic8Xvl1t8BYWNJZ2zhj:qtLIAvEbwvI+73sGqnqjA/fUJZ2zhj`
Yara	None matched
VirusTotal	Search for analysis

Name	acf03c99dacadff3_gulliverbig.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\GulliverBig.lua
Size	2.3KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`99b5f0de4d621d31f4dc24e772cafee6`
SHA1	`48b76b5591e4444d46c1c502fd0eae0c68799110`
SHA256	`acf03c99dacadff3a2b15ffb1a8c15b4e47376fd2bd87a7ad526746804f0b135`
CRC32	`9CE1DEEE`
ssdeep	`48:LpGG2hITjPAfRvfG+RTf6fQsn7I5GJTm0n+7XjUJW6iZe9:LpG/cjPAZF1C57aqF0lP6`
Yara	None matched
VirusTotal	Search for analysis

Name	0d96204ab7ef5a3c_valentinesdaynpc.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\ValentinesDayNPC.lua
Size	3.6KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`9eb2fde1ac170ffa8ef190cbdec4ce4c`
SHA1	`1f31f5197a90d6cfe39456cef4827f3d91507d91`
SHA256	`0d96204ab7ef5a3c6454baa88ab6dcaec64d8ee68968f61b28de11112d0662b3`
CRC32	`4FEC4DCE`
ssdeep	`48:LbVQ7UqDpa6H8qt3f0untnf60AitREb3j6R3RclP8zPsUPjTPOHPigQtPw7M6RF:LbwY6PNHAcEzj6gRy6D`
Yara	None matched
VirusTotal	Search for analysis

Name	2bea17a0f8ba383b_version.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\version.dat
Size	6.0B
Processes	112 (7213.exe)
Type	ASCII text, with CRLF line terminators
MD5	`febfab16189fe743898d9ee8169c6716`
SHA1	`4e0be0916f1f2031736949c19c0d9d31fe3b48b6`
SHA256	`2bea17a0f8ba383bbb47bb6c31ef4b2b18cd32133f247bb68cb1582e152e0cb7`
CRC32	`489D2E0E`
ssdeep	`3:kU3n:kU3n`
Yara	None matched
VirusTotal	Search for analysis

Name	ef3ef74ac092fe25_whitevalentinesdays2021plot2.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\WhiteValentinesDays2021Plot2.lua
Size	2.5KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`3e0fd39ef99446ab201d38364121c4ef`
SHA1	`dce6982c5adce92427e5f5b4ba82f83cb7ad0cb6`
SHA256	`ef3ef74ac092fe25cd1a26cd9cd76e59b2f5e140f5b73bf51f4cec1de44407bf`
CRC32	`7485D3D9`
ssdeep	`48:L8TFMZUIhalaGaHDTSD/kD5DTvDTDDb2a4jalaCZD3BPjdwdPj5PxZP7bafjbfPQ:L8TFM/T9yH3`
Yara	None matched
VirusTotal	Search for analysis

Name	e0922084b4e60886_tqpdata.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tqpdata.dll
Size	5.9MB
Processes	112 (7213.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`888d59fa13ad58a7b4c842ae41744d16`
SHA1	`dfa2ae4b13ae263d3979724ae43e2d3ce5424e2a`
SHA256	`e0922084b4e60886d330574f40ef4e3e4b2fefcb92e264aed81d8b5e9f33be06`
CRC32	`FFF31D1E`
ssdeep	`98304:XXDaK5NVpU5NrvS8oq3yfIqZtgLAq5KQga0alY7vHaTSKkv:zXn8U3tgB90aOHYkv`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8e774277da39e041_magiccardhouse.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\AprilFoolsDay\2021\MagicCardHouse.lua
Size	9.8KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`8c2a2e0289aa4d2ad5cc6523ba454cd7`
SHA1	`d73d17a6a044b53d530f4f0062697551ea8d1d9a`
SHA256	`8e774277da39e041a652d2beedb701ce20dc953ea5d84e809f32539fd5e12493`
CRC32	`675623B3`
ssdeep	`96:LCWdT99aWoZqo4IonL6B56zNm1707uX0D1Goa/RGvBoRaTfBqlioRZYvc0xC+PBe:Xdh9jibKO7JaTf425j6Ng5PCoPQ`
Yara	None matched
VirusTotal	Search for analysis

Name	3eeff89060cae7e6_valentinesdaymap.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\ValentinesDayMap.lua
Size	1.1KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`7331e2785cd21131c9aca0a838753d08`
SHA1	`4437d1667853ad8a9555b31b811ad6df285964d7`
SHA256	`3eeff89060cae7e6ee8d2b614e62ffee06cb76ee1d78839c5f1f241de3b0b6bc`
CRC32	`E0423332`
ssdeep	`12:LP9HMT65ubDg7T5bk7EZ6UFgVAbeMmjYL1DMU4wgWbNQUVKM7GpLa2OSeWyGVVZk:LZFc30QEZTg2HJDCUVKb2AQ+c`
Yara	None matched
VirusTotal	Search for analysis

Name	8986e407d20ce355_autopatch.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AutoPatch.dat
Size	21.0B
Processes	112 (7213.exe)
Type	ASCII text, with CRLF line terminators
MD5	`06c4d6f43c7a4f28619286d2d9e296cd`
SHA1	`d68b2b8573e012ac93f01b09a1c1b5a22a63efb8`
SHA256	`8986e407d20ce355ce39092ed28f2b0aa906648382b66e69d0e40da40a08f466`
CRC32	`AC0ED309`
ssdeep	`3:EQgGigqv:EQgGigU`
Yara	None matched
VirusTotal	Search for analysis

Name	873e696b15f2e936_whitevalentinesdays2021plot4.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\WhiteValentinesDays2021Plot4.lua
Size	1.3KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`f156f3c073f5e4faf20b4dd99aa5678a`
SHA1	`c45628a3b9d6ddb5ec8d1c12d410d6fcbf7babc4`
SHA256	`873e696b15f2e9364fd04e3ca23f55964b433a267c05632d4a4145df215472da`
CRC32	`AA46FACC`
ssdeep	`24:L8Tsc3FIi+PDULaqDBxx/PjT90WHRku+PKcLyNnPjWDkruFPn:L8TFD+7GaqlxxXjT90+RkuSKceNPjWD/`
Yara	None matched
VirusTotal	Search for analysis

Name	b7d7be320964748f_gulliverbig.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\GulliverBig.lua
Size	2.3KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`4f42f26e411e596477e18a85981627fe`
SHA1	`bcdc1adc3ecfba73d84f9dc08543b546aee29b13`
SHA256	`b7d7be320964748fe409353a4d935898d975387acf8dfdbc86501b99af0c502e`
CRC32	`E3C3B90F`
ssdeep	`48:LpGG2hITjTAfRvfG+RTf6fQsn7I5GJTm0n+7XjUJW6iZe9:LpG/cjTAZF1C57aqF0lP6`
Yara	None matched
VirusTotal	Search for analysis

Name	05c6d1b5569f1f71_autopatchrestart.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AutoPatchRestart.exe
Size	360.0KB
Processes	112 (7213.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0e474db910fecb80bedb06e33fd03309`
SHA1	`c1870ec95a0d5f5157741a62a361f99c28c0bb4f`
SHA256	`05c6d1b5569f1f71a6f16dea5f35f2ed070a1b15702675cc82a45b9b68348f11`
CRC32	`4D68B83E`
ssdeep	`6144:u9YSn6nQAvhSNLlzGyslwpsDz3HZXiqiEW5RvfqQ17d:uIQAvA7z/slysDz3ZX81`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) ASPack_Zero - ASPack packed file
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_12550312 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\__tmp_rar_sfx_access_check_12550312
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	81a4bf7e3f30313c_tqplat.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TQPlat.dll
Size	7.6MB
Processes	112 (7213.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5d2a6ccf486feaeb4ae4cccd305678c9`
SHA1	`ed7bbd162c823e8cb46b8e660a1aac19eb37251e`
SHA256	`81a4bf7e3f30313c0ea7a15ce166d811daad58e9b18ec307db2fbbc866f654a4`
CRC32	`A95A89B3`
ssdeep	`98304:ViRjGznyXQovconcwfJa/TmLPqJB+fGfA73Eg5zCnZy7lIVsnallnKp04VZCIBJ5:yakHXcwf4SG8VsZy7sjKphVVpu0bD`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	97cc01f72439a772_whitevalentinesdays2021plot3.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\WhiteValentinesDays2021Plot3.lua
Size	1.4KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`7661b93bcf86af6d1c4544fcb71168dd`
SHA1	`20e3d11e9281dcec812bd313bcada1f16d57d212`
SHA256	`97cc01f72439a7727f753b6c6b908bb217b2f37ea1008835b2244af6c472ac06`
CRC32	`813656C5`
ssdeep	`24:L8Tsc3FI0DPkfdwVwGSpPEd8PSOPVsDTZnPjU+WnPj1MPjTGV/znO:L8TFDMwpSdXdSDTZPjU+WPj1sjTy/zO`
Yara	None matched
VirusTotal	Search for analysis

Name	47e6aec7f1a32bf8_whitevalentinesdays2021plot1.lua Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Script\ValentinesDay\2021\WhiteValentinesDays2021Plot1.lua
Size	2.2KB
Processes	112 (7213.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`cb342f38b9315b9cda5e62ebe44f1839`
SHA1	`2925cc5408319a78ddf853d83b30028e221a8179`
SHA256	`47e6aec7f1a32bf83db810fd34c3f8f9f31ac88e33be0a2a2426cc50110b3d06`
CRC32	`B2764E07`
ssdeep	`48:L8TFVfgNOefx3kDMkDmZkDTJPOETIoiXLxXqXKXT9n6XudNcMy:L8TFmNO2TKjqftNcMy`
Yara	None matched
VirusTotal	Search for analysis