Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...

Dropped Files | ZeroBOX

Name	96bcec06264976f3_2d85f72862b55c4eadd9e66e06947f3d Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Size	1.4KB
Processes	2084 (vlcdownloader.exe)
Type	data
MD5	`0cd2f9e0da1773e9ed864da5e370e74e`
SHA1	`cabd2a79a1076a31f21d253635cb039d4329a5e8`
SHA256	`96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6`
CRC32	`65E5A5B2`
ssdeep	`24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1`
Yara	None matched
VirusTotal	Search for analysis

Name	b47be1394b882f77_tmp2D99.tmp.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp2D99.tmp.bat
Size	152.0B
Processes	2180 (None) 2984 (cmd.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`ebbd7dd61404df81868061f89f38d88c`
SHA1	`7b432ad44718119d117b0567c3aded473420f7a1`
SHA256	`b47be1394b882f779e7c1e238d63a009cbdf5b2e64f5c25245fcf21516d317cd`
CRC32	`D5568EC3`
ssdeep	`3:mKDDCMNqTtvL5omWxpcL4EaKC5ayCSmqRDmWxpcL4E2J5xAInTRI9HLiVZPy:hWKqTtT6mQpcLJaZ57mq1mQpcLJ23fTW`
Yara	None matched
VirusTotal	Search for analysis

Name	c9f9f193409217f7_datalogs.conf Submit file
Filepath	C:\Users\test22\AppData\Roaming\MyData\DataLogs.conf
Size	8.0B
Processes	2180 (None)
Type	ASCII text
MD5	`cf759e4c5f14fe3eec41b87ed756cea8`
SHA1	`c27c796bb3c2fac929359563676f4ba1ffada1f5`
SHA256	`c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761`
CRC32	`830CDA1B`
ssdeep	`3:Rt:v`
Yara	None matched
VirusTotal	Search for analysis

Name	0cff69c9468dfe73_svhost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\svhost.exe
Size	695.1KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7ba214f8174004943d83942dda0f9731`
SHA1	`85cd390a22288377642a986a230b997618f25d5d`
SHA256	`0cff69c9468dfe7337570c12c44510f162de14e08c0cee8f5d8f699e3013bb40`
CRC32	`FF5B02D1`
ssdeep	`12288:NNK/wV8oSStivGrmU6KQUGUrLmUWBJb+Ayy4nBkAexc5XyaPY3wOpchdlgapFzGX:zK/a7tAUIoBqyhnPYgOpidlpVG55dN`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	31eac207b0b8a90c_2d85f72862b55c4eadd9e66e06947f3d Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Size	192.0B
Processes	2084 (vlcdownloader.exe)
Type	data
MD5	`6f0e6952bf60ad69dde974fec6be0a13`
SHA1	`018bfdd070d58d15356e60f046b79ec099a798ef`
SHA256	`31eac207b0b8a90cdcc6d0f9733ef46fbdee94f1e2f92ff92f6e9233f453b118`
CRC32	`C83526A7`
ssdeep	`3:kkFklvVaf/kfllXlE/HT8kxCzvNNX8RolJuRdxLlGB9lQRYwpDdt:kK/tT84gNMa8RdWBwRd`
Yara	None matched
VirusTotal	Search for analysis

Name	39298a93381427df_vlcdownloader.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vlcdownloader.exe
Size	17.0KB
Processes	1000 (Ermnnolfu.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`aa8dce8788f40340a2918179bf514df1`
SHA1	`e199c97137801241629955bde7280ada3706c139`
SHA256	`39298a93381427dfaf333f5817246a8357b83d7bd73e382fd862de3882828ce6`
CRC32	`B1768336`
ssdeep	`384:fNolTV+rs0J/UFmdxQGYDM4hhy6dEV9hV:VolTV+rhJ3OG6e6yV9j`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	b819fc1434ae848c_svhost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\svhost.exe
Size	39.4KB
Processes	2180 (None)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`10363f4af78e7e8bbe27cd176c3098b3`
SHA1	`2d851f3a862a263ba7745f6f64166247157e914b`
SHA256	`b819fc1434ae848c9aeb4b4e9ca04a363475a31eb645b8c9be6ed3df4c3d50a8`
CRC32	`D4EFF13E`
ssdeep	`384:Bbf3f5rrOZsQRk94cs1J5aVKJ9Yl6dnPU3SERztmbqCJstdMardz/JikPZ+ugYPY:NnQccz6Iq8xA2oWi7HDiP`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	deb2f069f11189bc_svhost.vbs Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svhost.vbs
Size	82.0B
Processes	1000 (Ermnnolfu.exe)
Type	ASCII text, with no line terminators
MD5	`70ffd645c09003475577a2dbc4ce8c27`
SHA1	`70b619526697f8da64e0ead49421fd83e93683a0`
SHA256	`deb2f069f11189bc10f70d832f90d0fddfa577702529b34d6aec320e64046745`
CRC32	`02A8E1E1`
ssdeep	`3:FER/n0eFHHomWxpcL4EaKC5ayCHn:FER/lFHImQpcLJaZ5u`
Yara	None matched
VirusTotal	Search for analysis