Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 12:11
김수키 에서 만든 피싱 사이트 동덕여자대...
11.16 12:11
This Week in Security:...
11.16 12:11
Sintesi riepilogativa ...
11.16 12:11
Babble Babble Babble B...
11.16 12:11
Updated whitepaper: Ar...
11.16 12:11
Wie KI räumliche Vorst...
11.16 12:11
Whatsapp erinnert euch...
11.16 12:11
SaaS für Standards dig...
11.16 12:11
Gegen den Trend: Diese...
11.16 12:11
Das erste Remote-Meeti...

Dropped Files | ZeroBOX

Name	f5ef468807613479_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	1960 (Qputuwjvixr.exe)
Type	data
MD5	`0f30410080e76dc903e91b89b36649ae`
SHA1	`9619e78c82fb6432191e3f4689850349cc8f91e5`
SHA256	`f5ef46880761347949470a398af7ea3c35b447de10986c7a13375a2c60413c66`
CRC32	`DBD8507A`
ssdeep	`3:kkFkl3E13/tfllXlE/Bi9llPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB15RNU2U3:kKg2YiZliBAIdQZV742MN`
Yara	None matched
VirusTotal	Search for analysis

Name	8c4c71bbff15d4f3_tswbdzzhdxro.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Tswbdzzhdxro.exe
Size	738.5KB
Processes	2500 (scandk464646464.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bf9923d189e5976471fe6becd5638ee4`
SHA1	`49bd6e2bce1a114c04db5f2283f556cb2e73b985`
SHA256	`8c4c71bbff15d4f3b06aad71b30327db010880005b8de1be35aca4c028709785`
CRC32	`47DDBF28`
ssdeep	`12288:I6b0u9PSzWUAPSzWUpeRNq0tnJ3n+YUWtK/RxCBC42Eyzv:L0u5dUmdUeRRB+VzCBC4Bg`
Yara	Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_cookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Roaming\b5obcbra.5pz\Firefox\Profiles\1pfa5s83.default-release\cookies.sqlite
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis

Name	5de39368fe80ef49_qputuwjvixr.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Qputuwjvixr.exe
Size	2.0MB
Processes	2500 (scandk464646464.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`aa8d7080773627ba1687c23a1e202f00`
SHA1	`d5b074c8877fd6232f09fa6396dfcf319fda8c1a`
SHA256	`5de39368fe80ef49986db86c1fd8719ea2db295d4e036cebea57f1592eefe74f`
CRC32	`05DD42E6`
ssdeep	`3072:Pg4pxdLrA1CwQ7x0b2LOpdtQE6j9X4VMU6n3NgS4bVnbCQ2WkaShhkltin+bAfTz:4SvCbTdI9X4+30tcC/i1UHvOkZkFX`
Yara	Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	edb006e05cfa8501_Cookies Submit file
Filepath	C:\Users\test22\AppData\Roaming\b5obcbra.5pz\Chrome\Default\Cookies
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`3f5ca3e29b1b60e298aeca0a32164c03`
SHA1	`f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66`
SHA256	`edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488`
CRC32	`E1ACA097`
ssdeep	`24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5`
Yara	None matched
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	1960 (Qputuwjvixr.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RFb8e33c.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFb8e33c.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_cookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Roaming\b5obcbra.5pz\Thunderbird\Profiles\g8t0pe67.default-release\cookies.sqlite
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RFb92f3a.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFb92f3a.TMP
Size	7.8KB
Processes	2164 (Powershell.exe) 2964 (Powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis