Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.29 05:04
tomcaterror.bmpqoq
04.29 04:04
qoq.ps1
04.29 04:04
Important_Document.pdf...
04.29 04:04
dllbase64reverse.txt.exe
04.29 10:04
RuntimeBroker.exe
04.29 10:04
2555d50c-0b7e-4aa3-8d8...
04.29 10:04
csr.bin
04.29 10:04
test.exe
04.29 10:04
FreePhotoShop%20Meme%2...
04.29 10:04
discord.exe

Latest News
04.30 02:04
The DIY 1982 Picture P...
04.30 02:04
More Scans for SMS Gat...
04.30 02:04
Quantum threat mitigat...
04.30 02:04
Palo Alto Networks' re...
04.30 02:04
Google Serverless Spar...
04.30 02:04
Google Serverless Spar...
04.30 02:04
Meta Launches Standalo...
04.30 02:04
Intel Says Clients Pre...
04.30 02:04
Elektronische Patiente...
04.30 02:04
Microsoft announces th...

Dropped Files | ZeroBOX

Name	52ca4bd77ff1e1f6_jOZbKetygLS.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\jOZbKetygLS.docx
Size	846.2KB
Type	data
MD5	`cd41527b06277ef0cbe440e622b3f261`
SHA1	`f1d0254ec11d26ab42b5d2a620eb87f3a33d3c69`
SHA256	`52ca4bd77ff1e1f662203e4146f678219c3a056a9cc086cdbec6549a10299ff6`
CRC32	`EB0DA17A`
ssdeep	`24576:dcK1pUDhJBzbCth71SzAw1+v37IkHDfAUS66ON8l:dB16xPCpSzAwtkHDfAU38l`
Yara	None matched
VirusTotal	Search for analysis

Name	82babd57f9e1ea69_rLMWKWnBLt.docm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\rLMWKWnBLt.docm
Size	488.8KB
Type	data
MD5	`cc218a4380b291c100a0bcf98779ab46`
SHA1	`fb5204d3a381b8ebf08516f15161487baf840b57`
SHA256	`82babd57f9e1ea6913f6359c923de933cc9911edefc2402298aa2145549bc05d`
CRC32	`548756E2`
ssdeep	`12288:mXLxuny3mS+OjaLyekwIS7BUeweJetVpV+:4wCuy5voB8HtjV+`
Yara	None matched
VirusTotal	Search for analysis

Name	3cb758a17e273b1b_TUCFzMhEAYUmnPNy.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\TUCFzMhEAYUmnPNy.txt
Size	168.7KB
Type	data
MD5	`7e55128fbd5f81cf80cde34e0ded4656`
SHA1	`5335dfdf76a6794262748099750cf5fa7e34d633`
SHA256	`3cb758a17e273b1ba6767c18c7527f1079d8c21a59e3b9f796531447122bb541`
CRC32	`F074D89D`
ssdeep	`3072:Zm+BWLJkpyiqtk4jqE5e0NQcjnnYv+q9Yg8UQyvlmeXB3lJBSu4Jzp2:ZjBWLJk8i6HqIe0NPLnYvwgL/pXxG6`
Yara	None matched
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2844 (img-078-410-00.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	73dfb54053b22383_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2844 (img-078-410-00.exe)
Type	data
MD5	`2d7cd13f125f693d4e4849a6c8ead977`
SHA1	`499d48e99847e6e88ee9aab10283e89e7c5acfd9`
SHA256	`73dfb54053b22383fd3069bf5f3d51ba19f7f379b14c2984da74a7f0b11a6bc2`
CRC32	`AD19F82E`
ssdeep	`3:kkFklT0kVltfllXlE/so82llPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB15XnTo+:kKeVlO9liBAIdQZV7MGieX`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_readme.doc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\readme.doc
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	777b7ff2e56ee5be_c9f84c0a-8624-489e-95fc-efba523a6379.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\c9f84c0a-8624-489e-95fc-efba523a6379.zip
Size	5.1MB
Processes	2844 (img-078-410-00.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`9f6e914572e28a05e9e86a6de06599eb`
SHA1	`9b29ec09cfa314991815e0fa8a4d36a3b0a32949`
SHA256	`777b7ff2e56ee5be4b2909f701fd7f5247d0c9a191ac851c2897e56d23afd17c`
CRC32	`D86B486A`
ssdeep	`98304:hYUna7Hlb2NBel4W1CjPdhdBmBGl9f2y1PKghug8FuQb3My1VptnbCHtCd:hYGahizenCLdkBkhPc1FL3lpZb0Ad`
Yara	None matched
VirusTotal	Search for analysis

Name	3971e3c795bc8328_tmp2745.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp2745.tmp
Size	1.6KB
Processes	2052 (img-078-410-00.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`16693fafda03f5af75c26e39da3c34fa`
SHA1	`f64753e6bc391863989caf6742ff9ded9c37c8e6`
SHA256	`3971e3c795bc8328654940725c7d6066a0563c319018b83623c93ff9c21a9e17`
CRC32	`A71C3819`
ssdeep	`24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB+ytn:cbhf7IlNQQ/rydbz9I3YODOLNdq3Z`
Yara	None matched
VirusTotal	Search for analysis

Name	dd81b5e9d9958863_phishing_file.pdf Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\phishing_file.pdf
Size	76.9KB
Type	PDF document, version 1.4
MD5	`c4d757196a348dbc813b65774a370dc3`
SHA1	`30674233ebfa9ecf3bd64095cf055ec24ae10724`
SHA256	`dd81b5e9d99588633b73117e3b1f84f1a6952f9d573057d804047a85abfb8328`
CRC32	`000DC085`
ssdeep	`1536:4IhgBQgoSXCvW8qYCinLlpJys6zg3H9TNSo+lipx5bo4W0AMysS/:jSsWAFLhDZNTgo+li35tyb`
Yara	PDF_Suspicious_Link_Z - PDF Suspicious Link PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	ff784858aa8a1b80_pkEQhIYeMF.docm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\pkEQhIYeMF.docm
Size	500.9KB
Type	data
MD5	`e7edd011e0663192acb9df9165c7c4ba`
SHA1	`90f5b94005881c59517a76f112bef852e2c192d1`
SHA256	`ff784858aa8a1b80021d2bc7835d02502583b83b2c58478757330a4bdcc336c9`
CRC32	`ABFEC8A7`
ssdeep	`12288:fcqHxkuM571LSz6PYp0zCGdJRxTePK/nQZ5EkYEWnS1SMJU:JxkuMLYp0zrdJePcnQHAwU`
Yara	None matched
VirusTotal	Search for analysis

Name	2b3aaa175f97c142_tuhocz.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\tUhoCz.exe
Size	1.6MB
Processes	2052 (img-078-410-00.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a6280d3f50d1b373d5fa5f45247ac08b`
SHA1	`421569147d9734ed3a9277bd3fbeacd42f1552ca`
SHA256	`2b3aaa175f97c142679b9d9e7e9b9a2b2d85bf3990b1f9276f0dc79b0aaab06e`
CRC32	`1004D157`
ssdeep	`49152:mgNagVJMQ4ATyMYVyRGx9rJqaCDTws6Ieplr2VaX2:mgNagVJMRNmGHJrC3l6MVK`
Yara	IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ce011d80c2be5a21_FMITjPkAfoV.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\FMITjPkAfoV.txt
Size	508.7KB
Type	data
MD5	`602837524318e2c8335515dc724cebde`
SHA1	`93e1521064ac2f67b3d55265b073b9ffd8f15d9b`
SHA256	`ce011d80c2be5a210a3b7b4bd7aab450a4d3307ca5386556267ee488c6dd7be5`
CRC32	`DAB1357F`
ssdeep	`12288:vg8idlZMqeQpY+gipcetHorp18iM/6VAtlWZSlec16rO:vslZMqTpY+giltu1NM/xlPL`
Yara	None matched
VirusTotal	Search for analysis

Name	e1b8d6ad93823a46_VxBMqtxyCtqj.docm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\VxBMqtxyCtqj.docm
Size	482.7KB
Type	data
MD5	`58b797dd0c319f83a6dab31cbe60794c`
SHA1	`49f75d47d0735d8ea9276110a96be3989292a9f0`
SHA256	`e1b8d6ad93823a46243d5603417976da97a16e2533cffb83fbd89b508ccfb805`
CRC32	`92D92466`
ssdeep	`12288:ULoIOYReQ/k0nUB59LdiTHzdCXz3M2OM9+r:goIZsQM0OhKHzdCXwNMa`
Yara	None matched
VirusTotal	Search for analysis

Name	dc819dfec0f95a49_PgmXxTPEmHHM.docm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\PgmXxTPEmHHM.docm
Size	311.0KB
Type	data
MD5	`2bc52dbfe7c8bc1c9ea57e74e2895461`
SHA1	`3fc189e560cdf163feb0f2753b809cf98bfb25b3`
SHA256	`dc819dfec0f95a499e11138c5debced7e4b634b312950f1f4afe1d02e73d211a`
CRC32	`A2DB28FD`
ssdeep	`6144:X0AxEobB6VIrUGfCF4nSYCYe28jAv7VsuuJ/8iXGh:EAxEUmGUGf84nSYGAvyZ2h`
Yara	None matched
VirusTotal	Search for analysis

Name	477ef00a407adfdf_userinfo.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\userinfo.txt
Size	205.0B
Processes	2844 (img-078-410-00.exe)
Type	ASCII text, with CRLF line terminators
MD5	`69ebc3548b3921b6bb86fe0f328e593c`
SHA1	`ed91bd1dff5672448a7f58161682248295e17110`
SHA256	`477ef00a407adfdfa9b643b00c46f548d746ac4827b6dae1a72bd8258da84d76`
CRC32	`3AD3DCEF`
ssdeep	`6:cWxXLmtBMj1X00gBbb4emQpcLJ23fbRmNtdBBQWokjQx:VKtBMx3abMoOLMtm7WQUx`
Yara	None matched
VirusTotal	Search for analysis

Name	69801607fbc980a0_cMLOeXxlVIqd.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\cMLOeXxlVIqd.txt
Size	673.0KB
Type	data
MD5	`68ed6a333c6d205632af18c69a811674`
SHA1	`170dcd2154759bde3f108f540764e357da39b6dc`
SHA256	`69801607fbc980a038f2671b21c82b959b5a73ff2309b3764d4c51e68ba22820`
CRC32	`C9376CD4`
ssdeep	`12288:8AkK/dUSAAdvn6n+3snRUsocentAI7qhKIl/I1K8UkWJrWiVXgwRMOma8FCa:l/LAUvn6n+38n7oAGVIRR8xW3hRMu8D`
Yara	None matched
VirusTotal	Search for analysis

Name	1f3ba8bfb72c424c_pTCCkSolPbOS.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\pTCCkSolPbOS.txt
Size	469.0KB
Type	data
MD5	`7fa39c9819532b1aaa91ebf9810b152e`
SHA1	`017a578749f6ae5b5390fab918ccf704ceb3833e`
SHA256	`1f3ba8bfb72c424cc0e27d30504143bed32757f261f6a6462fcaa118f415a036`
CRC32	`1C5229F0`
ssdeep	`6144:mmFFJrSK9OeIQ3eyPHhMP5wOqcOjX4ORyBy6tEq2J0RmMT0BgbD5DNa9mfwBDiyD:LgeIty/iRwy+lRX6urJt3eP5U9`
Yara	None matched
VirusTotal	Search for analysis

Name	a987517ada617ee9_QLzXTwpCruiaQFO.docm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\irdekf2u.c2f\SensitiveFiles\QLzXTwpCruiaQFO.docm
Size	703.9KB
Type	data
MD5	`74082676297a1bde33328c2a0925a77f`
SHA1	`924b3f135f6c5067ed3dad5eb07edfd35b5cf6f3`
SHA256	`a987517ada617ee9131f90d5b632260e63abdf370de0b0b851c68944f87e7b62`
CRC32	`9790FF22`
ssdeep	`12288:+MOKNx45khLcZOUR/iHBIj2GldW80RFPLWQJ5xHKIuAO57CrRD1j/7QEGrG4m5Eb:+PKykhLcZO9hISGlIjhJvHXu5tCjfQEk`
Yara	None matched
VirusTotal	Search for analysis