Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
l6E.exe
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...

Latest News
09.21 02:09
This New Video Game Is...
09.21 02:09
FTC finds social media...
09.21 02:09
FTC finds social media...
09.21 01:09
Automate detection and...
09.21 01:09
Hackaday Podcast Episo...
09.21 01:09
The Russian Bot Army T...
09.21 01:09
Australia’s Labor Part...
09.21 12:09
Inviting the Public to...
09.21 12:09
How Ransomhub Ransomwa...
09.21 12:09
Middle East backdoored...

Dropped Files | ZeroBOX

Name	9e64f0aca3cb577f_passwords.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\passwords.txt
Size	4.8KB
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`d2a3146478b270d48107b3db96c4864e`
SHA1	`41fa166d431562c7bc1893e96cba4189f089af32`
SHA256	`9e64f0aca3cb577f1e20227d1f3892557bcc0655d64dc84957c650be14a1d7f4`
CRC32	`1AC8F34A`
ssdeep	`48:ZMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMME:S`
Yara	None matched
VirusTotal	Search for analysis

Name	30914c396afd519c_NUrS2P4ky5DkRw2Vffuqqbt81cwUCGbw.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\NUrS2P4ky5DkRw2Vffuqqbt81cwUCGbw.zip
Size	1.4MB
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	Zip archive data, at least v2.0 to extract
MD5	`374309dced5d74f8187ec6591ecfe74e`
SHA1	`f2eebf93bb28aee4c13fd83ee0fef28390faccc9`
SHA256	`30914c396afd519c25c7e415cc35fbbc63caa5584db16abc31820c1666f1f297`
CRC32	`BF7441C8`
ssdeep	`24576:4KdCXAf/9eztZYsQQeuFQp48jEdmK3ND7ip7WZ+3vhsFviims/sh0AT9F9U8:4KUXANaIsQQeuyCmE5N8H3Zk6JZT9F9L`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	c119a54b6bef3a48_EcFzRtECXnsBWeb Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\EcFzRtECXnsBWeb Data
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`255929949dea51a2f43a1f40e63764ec`
SHA1	`8f32ab419264fdad05f4f3828db3c1cd38d919fd`
SHA256	`c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6`
CRC32	`F7A79605`
ssdeep	`96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/`
Yara	None matched
VirusTotal	Search for analysis

Name	b217b0203a10a8d6_information.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\information.txt
Size	2.7KB
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`48973de03d9f543b3a80b900debfaadd`
SHA1	`577313c47d18fa7d288ad6d21a8138b9248d1377`
SHA256	`b217b0203a10a8d6f00f301e7ff190d6bbdc452038273695fc2249106fd6c905`
CRC32	`DA06DD82`
ssdeep	`48:t/ataFLnTGRc3F/S6ZfZOkUXwrphi0Mwxv+mLAhH1eZ07uxqU8rf2dIv2OvhiU2c:tyeCc3FPRwMrphi0Nxv+mLqVeZ07uYUa`
Yara	None matched
VirusTotal	Search for analysis

Name	5f622a2bfeb83b59_thunderbird_g8t0pe67.default-release.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\Cookies\Thunderbird_g8t0pe67.default-release.txt
Size	361.0B
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	ASCII text, with CRLF line terminators
MD5	`95dff27b67a96f98827e72f9330eb164`
SHA1	`2d86a3aca1d9a7c16127a333fe642cae08cea0c8`
SHA256	`5f622a2bfeb83b597d9556ffc8bc107e219eb6ab2ef3cff2d4428e5048ebddad`
CRC32	`4C9B7FD3`
ssdeep	`6:JiKjaphXX7aQ2vSI95Bj9GfBHthf+CthfMl0kq/H+LkiKjaphXXrSdrNBPPi1H:J/EhXraQ2v795BxGfBHff+CffMOkqP0J`
Yara	None matched
VirusTotal	Search for analysis

Name	b4570f5cc139cb06_screenshot.png Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\screenshot.png
Size	1.4MB
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5	`2fd2c0785b7dbf4cab8decaac0149123`
SHA1	`d42993d08af5ff08fe38d867b4dcd01b81f0919c`
SHA256	`b4570f5cc139cb06c5157c5193c94d4e31d2cf7128d7faa350ce1c22edbad487`
CRC32	`47AE8FDD`
ssdeep	`24576:IqUc08ir/YMak6iHtbli2uBWB6JYARoMMB7a/YG9cKMPFIF7qSdFVQmpQkDyCIsi:s/DYMakvblinBYGoMeYsU+SdFVQ+DqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8916fb1d76be83e4_cZwB5yHbLI5iformhistory.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\cZwB5yHbLI5iformhistory.sqlite
Size	192.0KB
Type	SQLite 3.x database, user version 4, last written using SQLite version 3031001
MD5	`6b9c2ac2b5025e180231d8d38ece698c`
SHA1	`36f5cfe6ac59aaa7d7173555edeef5caa9bf61c6`
SHA256	`8916fb1d76be83e42cd2f7b41ee06706fe0adb936259ed7a7daa4dbcb4c51fcb`
CRC32	`95ACFD74`
ssdeep	`12:DBl/lkf12Of5LZWfY0xpMujuHWMu6N2OHjWOzMbdym/eRgBoQFmgW2FOmO6Mz6LX:DLlI1x7WxHaiSlMxosJF/Ezo`
Yara	None matched
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_7ty2wBVNyWvtcookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\7ty2wBVNyWvtcookies.sqlite
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	edb006e05cfa8501_wJDNoZ3FEHQsCookies Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\wJDNoZ3FEHQsCookies
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`3f5ca3e29b1b60e298aeca0a32164c03`
SHA1	`f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66`
SHA256	`edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488`
CRC32	`E1ACA097`
ssdeep	`24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5`
Yara	None matched
VirusTotal	Search for analysis

Name	f2fbca0382f09e3d_firefox_1pfa5s83.default-release.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\History\Firefox_1pfa5s83.default-release.txt
Size	112.0B
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	ASCII text, with CRLF line terminators
MD5	`7d57e8ff52a0c1b84ee6bf4b69866205`
SHA1	`b36da5af6958763cc09ae34f5bff8726710b8631`
SHA256	`f2fbca0382f09e3db0f60af6034d9bd1826e20e5b09a8019398ec5b83b5381ba`
CRC32	`FD46669E`
ssdeep	`3:N8DSLvIJiMgTE2WdkfRbyD6DSLvIJiMhKVX3L2WdkfRbyn:2OLciodY1yD6OLciA8dY1yn`
Yara	None matched
VirusTotal	Search for analysis

Name	0c7cd52abdb6eb3e_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\sqlite3.dll
Size	791.5KB
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0fe0a178f711b623a8897e4b0bb040d1`
SHA1	`01ea412aeab3d331f825d93d7ee1f5fa6d3c46e6`
SHA256	`0c7cd52abdb6eb3e556d81caac398a127495e4a251ef600e6505a81385a1982d`
CRC32	`C173DE02`
ssdeep	`24576:2/ZHet+kwxRLvxx/ccPA7leR+g/oU6xGmdRA7G4fRjqTr:eZ+t+v/nMleR+g/oUI/dmi4cT`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b3dfa692f7da19ee_6RJWMKNvx0Ykplaces.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite
Size	5.0MB
Type	SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5	`c395620f9a8337341636a78a98f5b3d9`
SHA1	`97700ec4db7362e02a56df5e70dd828ad9823d24`
SHA256	`b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624`
CRC32	`476CDB88`
ssdeep	`192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z`
Yara	None matched
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_HduiEdOVtb9vcookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\HduiEdOVtb9vcookies.sqlite
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis

Name	824fae3331b95e2f_px6CdZNd054ULogin Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\px6CdZNd054ULogin Data
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	54cfed4f859d0ec3_LMnDiCLLA2IZHistory Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\LMnDiCLLA2IZHistory
Size	116.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`6f490da5428093674c9e609077dcdef2`
SHA1	`d77592944313656a90f359fea62921c20078ff19`
SHA256	`54cfed4f859d0ec37535b9f16acfe42cae6206fad4b1652c2a3d33d5acf636c7`
CRC32	`A046246D`
ssdeep	`48:T4ItVG+3C7nNfVcS2+VANULn36uw5NPM5ETQTpUPxK2PIs6kJL5R2+zaSZ00LTLU:ce/C7n/c0VANUjwQU+KraSZ00LTL0J`
Yara	None matched
VirusTotal	Search for analysis

Name	fd4c9fda9cd3f9ae_6RJWMKNvx0Ykplaces.sqlite-shm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite-shm
Size	32.0KB
Type	data
MD5	`b7c14ec6110fa820ca6b65f5aec85911`
SHA1	`608eeb7488042453c9ca40f7e1398fc1a270f3f4`
SHA256	`fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb`
CRC32	`DDC506B6`
ssdeep	`3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_6RJWMKNvx0Ykplaces.sqlite-wal Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite-wal
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	0fd43168b7100e78_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	data
MD5	`dbe74eafe9b2f3152073a76fcecb90ad`
SHA1	`8f1278f4cecb1c8befc943443f3309326b97cde9`
SHA256	`0fd43168b7100e78a3bad797163e00724b2217b4ec477615ba9746aff59d4458`
CRC32	`F3A50EB7`
ssdeep	`3:kkFkl113lXfllXlE/zwEkhlHllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8VbAH:kKqEwrlXliBAIdQZV7IpAhx`
Yara	None matched
VirusTotal	Search for analysis

Name	169c04331f72fe4a_cZwB5yHbLI5iplaces.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\cZwB5yHbLI5iplaces.sqlite
Size	5.0MB
Type	SQLite 3.x database, user version 53, last written using SQLite version 3031001
MD5	`f77930486de1b1bb4b397d5d8f3cd124`
SHA1	`e3f5727a0774c7cba17f0b10569012dcea24cb55`
SHA256	`169c04331f72fe4ae9958da09e1b28ec5910f7ea523d6105b7e4ad521b2baaee`
CRC32	`D85072F9`
ssdeep	`96:Dm8j5PnH6xY2Wi+67tH2iB4q2xfX7ZbiZzdFzb4PPwI3A7:l5/IYOTAlQzdFzaDm`
Yara	None matched
VirusTotal	Search for analysis

Name	b68c806b865138b9_thunderbird_g8t0pe67.default-release.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\History\Thunderbird_g8t0pe67.default-release.txt
Size	243.0B
Processes	2052 (PolymodXT.exe#test_rise_sharp)
Type	ASCII text, with CRLF line terminators
MD5	`fbe6fb6b88fdf88b05dab4f5bb1bdf4c`
SHA1	`507830cf07886621b22fb3295dcdd0e321adeb0a`
SHA256	`b68c806b865138b919b53dd85b29f464f68224a8355e5a0fe3becfcf76f2f5dd`
CRC32	`783327C1`
ssdeep	`6:2OLciKBNHOLci+GbZyHOLciVGbZyHOLciAqGbZyM:2DHHD9DHDADHDyDM`
Yara	None matched
VirusTotal	Search for analysis