Dropped Files | ZeroBOX

Name	5a1374fd97d66e9a_fnvtdhen.url Submit file
Filepath	C:\Users\Public\Fnvtdhen.url
Size	100.0B
Processes	652 (None)
Type	MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Fnvtdhen.PIF">), ASCII text, with CRLF line terminators
MD5	`d207e2e495c4ba264c292a0a9fe1aaab`
SHA1	`8249e5a76a20c8deb48bb3cd90cde3f4e045d3e8`
SHA256	`5a1374fd97d66e9ac1f51283dc17de8abc1a205c00b0e92bac410959c8f5c383`
CRC32	`2CFDB24F`
ssdeep	`3:HRAbABGQYmTWAX+rSF55i0XMTRuL1Eysb+Qovt1Asv:HRYFVmTWDyz08BZEvyoO`
Yara	url_file_format - Microsoft Windows Internet Shortcut File Format
VirusTotal	Search for analysis

Name	56a3dc5c90ade897_fnvtdhen.pif Submit file
Filepath	C:\Users\Public\Libraries\Fnvtdhen.PIF
Size	1.2MB
Processes	652 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cffe529403460c6affe0f52c1e7de602`
SHA1	`3e03898f87c2cc47d57893c3dd55302281e9f2b5`
SHA256	`56a3dc5c90ade897e349ba0fd0433770dcdda32b5bd2a1c6608b2af2f9b34c05`
CRC32	`5906EE6F`
ssdeep	`24576:ORTaL+A2f8Zhp8bYm1EnyWjkf0eFuPD+4m:gTaKsh`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6b307f739bb1fcb0_logs.dat Submit file
Filepath	C:\ProgramData\remcos\logs.dat
Size	320.0B
Processes	2412 (SndVol.exe)
Type	data
MD5	`3e4bf384a3096d4be6c99701f37a7330`
SHA1	`8b481319ddd740983d3c9ea816d27b435d816765`
SHA256	`6b307f739bb1fcb0a6c8ff7dd2a0bf2265972c6f09a77a7e8f3ee83647bae41b`
CRC32	`BB559EEB`
ssdeep	`6:KljlpNN7b5YcIeeDAl2i63geSChtQbFdbJWEogltmgXl1oV:KlXNN7Dec8/3ShbNW+ltZI`
Yara	None matched
VirusTotal	Search for analysis