Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	fe1bc2e424f53710_checkbox-symbolic.symbolic.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\checkbox-symbolic.symbolic.png
Size	200.0B
Processes	2792 (.svchost.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`7b0643282432289c5cc51c36f764aed0`
SHA1	`050843e582388f0d94ef39a7de60e0fe48d89006`
SHA256	`fe1bc2e424f5371004a247b886524e5502abb46384c75731bbbba33529661949`
CRC32	`928C360C`
ssdeep	`6:6v/lhPys1Nrtegcr8daTQdQT40nTmzldp:6v/7H4zodaMd8Pmz9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6817ac2ecaa79bd2_gram9.wad Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Gram9.wad
Size	75.2KB
Processes	2792 (.svchost.exe)
Type	data
MD5	`ebdbd0f4309ade338cad53e15d7b6465`
SHA1	`a8bc58954a5c1f308a741e3b7693017f8b7f6e52`
SHA256	`6817ac2ecaa79bd27ae14d4797181d34ac9dc9aaca6a632e3d527a94b2645719`
CRC32	`FB868BC5`
ssdeep	`1536:SA15yKy0pBVH7b+Vt2Lyx9pzKW4/1O6ZvXi5c:SAfAKBVH7b+Vt2ex9pcxi5c`
Yara	None matched
VirusTotal	Search for analysis

Name	d5c5357fd293a087_newtonsoft.json.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Newtonsoft.Json.dll
Size	644.7KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8df88843e400821e482aa6493a26e1cf`
SHA1	`4e6c72454c80e0cc1bdf9b321af2662155684fc8`
SHA256	`d5c5357fd293a087fb91c3eae8a212c571b5a5f7ed6fa560d3767f5201555240`
CRC32	`533E45AD`
ssdeep	`12288:XG86nitqrIT6Eqk56i258EJsUQUUJ9LBHd2U:27itqr3e6d18J9LBHd2`
Yara	IsPE32 - (no description) Is_DotNET_DLL - (no description) UPX_Zero - UPX packed file IsDLL - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ed55aecc825884c3_calcifugal.lnk Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CALCIFUGAL.lnk
Size	916.0B
Processes	2792 (.svchost.exe)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`258af2ccd4233c6df6c09869af631606`
SHA1	`fdacb276ac8e19c1659cbbaf0fd21dd80a898c41`
SHA256	`ed55aecc825884c347e907e1629cfed02e71d1cd87896474c9643fbc114fd475`
CRC32	`DF4BA81E`
ssdeep	`12:8wl0EY3HV7GyuR+/fGUGYGytmm/Q18/omNJkKA54t2YLEPKzlX8:8XZqRQTGYGytYSoCHADPy`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	fc1488a9c15cf2b3_lang-1109.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\lang-1109.dll
Size	97.8KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`9dc331414bde12a793bb1ee289e3282a`
SHA1	`74d1bcf3747b50fa23241043b7034a7033898f94`
SHA256	`fc1488a9c15cf2b3ba2953372ef4e8a5de3fe408f06b14d70668a7d164087673`
CRC32	`E0ED5066`
ssdeep	`1536:dbLtXDNll2dYd9vqqsg0pgLevXKrmFqYdvt7ZtUfD:vtcAvqxxpgLevXKrmFqYDZO`
Yara	IsPE32 - (no description) UPX_Zero - UPX packed file IsDLL - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a73e4eb8717744c3_applications-science-symbolic.svg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\applications-science-symbolic.svg
Size	1.3KB
Processes	2792 (.svchost.exe)
Type	SVG Scalable Vector Graphics image
MD5	`34b609c28e866f234decd00aead2f1bb`
SHA1	`28ca96eaeb0da936479eb82d88393faf9ab5503b`
SHA256	`a73e4eb8717744c3a00abb9ba8492d881093bdb1042641248a1027f8f2f3ab5f`
CRC32	`E805E674`
ssdeep	`24:t4CBGEAgSo6X1nKGr4vk/g0arfwqLEyKbRAecFxxPRhj4E:gGl6X1KAOuU4NtAecFXPJ`
Yara	None matched
VirusTotal	Search for analysis

Name	40ee240ea4ffc90e_help-about.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\help-about.png
Size	530.0B
Processes	2792 (.svchost.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`e625b0e040a80cb80a41768b52c61078`
SHA1	`46473224a92322e273f339b4712aca9f892d5110`
SHA256	`40ee240ea4ffc90e6de04d9aa8f3f0c06f8e8f9b2fc1c2f9b760d689eecbec29`
CRC32	`1D3C700B`
ssdeep	`12:6v/7SFDtNOvm3pHNQvsV2IxaOG86Dd/STpujADFViVmk5FgFWdIGafpiEZ:NDuipHNQvsgOt6RCAWiT8QcZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8dc562cda7217a3a_system.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsaE2BF.tmp\System.dll
Size	12.0KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`cff85c549d536f651d4fb8387f1976f2`
SHA1	`d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e`
SHA256	`8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8`
CRC32	`7D3D580E`
ssdeep	`192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr`
Yara	IsPE32 - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	f03c45b29d8db5c2_sharpdx.dxgi.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SharpDX.DXGI.dll
Size	86.0KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0edd7743db76d68d2e198f137e56360c`
SHA1	`76b0aca1c410901c8399fbfdac2ac36e80c4837c`
SHA256	`f03c45b29d8db5c2bd9461efb834723c2f9c84a1fed921d9577bc0511ae0b86d`
CRC32	`B0EAAA80`
ssdeep	`1536:QFNovLGNuZPQtwhY4SFDivO5Ib6VU3x8sDKxq:QFNsLGNulhY4SG+xq`
Yara	IsPE32 - (no description) Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4489541a0eb79ae4_unmg.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\unmg.dll
Size	70.3KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`9ce4437b78de0ae2cb261318f7fb9821`
SHA1	`d9906fef261761f86b38ee2caab07bb29ee763e4`
SHA256	`4489541a0eb79ae4ccab08c71fc2f1be4db0052f15dfa5b41eb2466fc21ecbff`
CRC32	`EC9FF09F`
ssdeep	`1536:+FTqGGqZQywTyRpKOEnZhan5EY8+9G8GqqLuqjfzjs:+FTqHqDwG/x8duqDM`
Yara	IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	5090dd556de84f56_user-offline-symbolic.svg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\user-offline-symbolic.svg
Size	500.0B
Processes	2792 (.svchost.exe)
Type	SVG Scalable Vector Graphics image
MD5	`560eaca90be8dede5d5a5c0ea6da4c78`
SHA1	`e96d5dfdf1c048e4116663f04f74688f9ed0ac09`
SHA256	`5090dd556de84f567cb1ab3702406281360ae5b12d887d721c5a67d20b032d02`
CRC32	`E8A8150F`
ssdeep	`12:t4CDqQ7NSffHVZ0VKN7FR74dtm0cHBrCKUJEYnt9A0/:t4CdpuMKNFh4d80w5CK1Yntl/`
Yara	None matched
VirusTotal	Search for analysis

Name	3adea2e495b1a805_mail-replied.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mail-replied.png
Size	658.0B
Processes	2792 (.svchost.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`5b0eb37b2d76c93f34470cd410e93c10`
SHA1	`fbf7409804a37177927142dee5a5e5ae008122c5`
SHA256	`3adea2e495b1a80544ae6f5e5afe2eeae77c934abed4d8c12f7a4ed6dc3d79e6`
CRC32	`F8A8C752`
ssdeep	`12:6v/7rMISmUU+cyoN0pt5BM1KWcTbcsk6etQCHmpVaccyWSmwIQe25d3XG/3S1Ju:a/DD1yfptXMQWCc1hFHV/y3m+m/3S1A`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	153d635b18dc3382_document-print.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\document-print.png
Size	532.0B
Processes	2792 (.svchost.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`3fe83515f1990df1bf1df027fe65cb42`
SHA1	`60bfd7236879fcc545d8e025bd2f4a00b8faa436`
SHA256	`153d635b18dc33820440491d3297be273431991ad7697934ce104e4d50afa7a2`
CRC32	`F8B70B13`
ssdeep	`12:6v/7cX+CBs8NliRFicWeYHSsznMsKjBbAm5QHnRm7ATmYOQByFI:DX+CBsSlOF6x3n0Bn5SnUL3QEFI`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	5331d12b2f89f2fb_lang-1026.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\lang-1026.dll
Size	171.0KB
Processes	2792 (.svchost.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`726030b3909a4c3fd5810f45e55a989d`
SHA1	`df628878449cb026352d2a31e98a70ba6632ab0f`
SHA256	`5331d12b2f89f2fb013bc4d05fd449d1dcfe7c470a20271cfe13043e74c974ef`
CRC32	`212515A3`
ssdeep	`768:RSlFida9bh1hROyu8YLPiOqdo3Hioanc1rfs648UPU5hTIFUqxtIB870kWZtnJkX:RJryZYLqtboZqFpx+eovZtlffdGUmx`
Yara	IsPE32 - (no description) UPX_Zero - UPX packed file IsDLL - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6244b0bca05976dd_eula.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\EULA.txt
Size	12.2KB
Processes	2792 (.svchost.exe)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`f9e500769c9fc8d38ad484d16fb20d7a`
SHA1	`e15f81a1b35264bab6b4e8db45c4a1150fb2ad0c`
SHA256	`6244b0bca05976ddd4a69a2142abddd945d5fb7de73770f9a56c7aad1b2617df`
CRC32	`F9C29CB4`
ssdeep	`384:tDLPvWu/A4ZaeyXmEoZiG1Z4ocb/i6v7T:tPvWu44Z3yPoPEocbv7T`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsvE251.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsvE251.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	5268ea682e7d4b83_clretwrc.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\clretwrc.dll
Size	297.6KB
Processes	2792 (.svchost.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`81afd296f19aee75c49346cbb0489e3f`
SHA1	`79fc7afed759eb75b63cf4985338b1a6a7e49a4e`
SHA256	`5268ea682e7d4b83d29e9f266fa2ba5539c33b5bb9b849c8105077c9c94be2da`
CRC32	`E10BE79D`
ssdeep	`3072:1SX9Xit++0PJSKtOJsgI3mwNdmLZ8mTQfsqxf3W:Y9xacWIfsqQ`
Yara	UPX_Zero - UPX packed file IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis