Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.20 04:01
strings_output.txt
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe

Latest News
01.20 03:01
Bambu Connect’s Authen...
01.20 03:01
TikTok to Restore Serv...
01.20 01:01
KI statt Kanzler? Drei...
01.20 01:01
Donald Trump und die T...
01.20 12:01
An Instant Gratificati...
01.19 10:01
Apple Is Unlikely to B...
01.19 09:01
DIY Handheld is an Emu...
01.19 07:01
Behörde stärkt Sicherh...
01.19 07:01
Keine Bewegung, kein S...
01.19 07:01
Computing und KI: Die ...

Dropped Files | ZeroBOX

Name	2dbd637f2914f388_facing Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Facing
Size	126.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	data
MD5	`8932a445b3a14b6e8c0308b8ba1521f0`
SHA1	`9aea78cd5ab6be81df9be1a8c7ad13bed0099759`
SHA256	`2dbd637f2914f388cd38ddfc1dac866d8c26a58b1a8350284df66d8d555f7e91`
CRC32	`FD852E4E`
ssdeep	`1536:LTcohiPfKj+wsxjgarB3RZg3EYrDWyu0uZo2+9BkxXiblenlJJyIE2UWb/hx:qKj+wsxjgarB3RZgDWy4ZNogXJ3i2Umx`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	bc209160b86a98b2_ultimately Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Ultimately
Size	10.6KB
Processes	2636 (SoftwareMeetup.exe)
Type	data
MD5	`fc5f6a0d362c72588f7e3fb40888d6ad`
SHA1	`5cb8eff81ade662e5c463afdbed7858f09d28bb4`
SHA256	`bc209160b86a98b227d611f3e2270295ebf13b82ec05128286c5239307127cab`
CRC32	`AE9DB0F9`
ssdeep	`192:+YUU2SVZPkZeCeAHRXVEVFJ84kcGNq4/C+Q3ISVSWMZMQ3KaUMGy:+QTVaeCV1VEVFJ8ZcGwGBk7/UMQ3K6`
Yara	None matched
VirusTotal	Search for analysis

Name	bbc59eb43822e646_a4oEN5oyPY37 Submit file
Filepath	C:\Users\test22\AppData\LocalLow\a4oEN5oyPY37
Size	18.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`53ea322f91d6f0de8448b68583284d22`
SHA1	`b6c835867fbf7e432b834f7366eb0407f3eebbfa`
SHA256	`bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34`
CRC32	`CA013001`
ssdeep	`24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W`
Yara	None matched
VirusTotal	Search for analysis

Name	9d02e952396bdff3_vcruntime140.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\vcruntime140.dll
Size	78.2KB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`1b171f9a428c44acf85f89989007c328`
SHA1	`6f25a874d6cbf8158cb7c491dcedaa81ceaebbae`
SHA256	`9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c`
CRC32	`C6B85AE4`
ssdeep	`1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	44be3153c15c2d18_softokn3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\softokn3.dll
Size	248.4KB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`63a1fe06be877497c4c2017ca0303537`
SHA1	`f4f9cbd7066afb86877bb79c3d23eddaca15f5a0`
SHA256	`44be3153c15c2d18f49674a092c135d3482fb89b77a1b2063d01d02985555fe0`
CRC32	`73C5E146`
ssdeep	`6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c65b7afb05ee2b26_nss3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\nss3.dll
Size	1.9MB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f67d08e8c02574cbc2f1122c53bfb976`
SHA1	`6522992957e7e4d074947cad63189f308a80fcf2`
SHA256	`c65b7afb05ee2b2687e6280594019068c3d3829182dfe8604ce4adf2116cc46e`
CRC32	`5AD02FD1`
ssdeep	`49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9a8ea0e2df7554c5_f7828QM839wl Submit file
Filepath	C:\Users\test22\AppData\LocalLow\f7828QM839wl
Size	72.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`0539a773e44d21a84fd97fee0dffd4a3`
SHA1	`5904058c20aad54c552edc57826babd36ab61149`
SHA256	`9a8ea0e2df7554c57fb4ee6a8a12782f5a2474a3e4c23dc61e4768631dc4eb9f`
CRC32	`964BC0B2`
ssdeep	`96:P0CWo3dOOctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:PXt769TYndTJMb3j0`
Yara	None matched
VirusTotal	Search for analysis

Name	2db7fd3c9c3c4b67_msvcp140.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\msvcp140.dll
Size	438.8KB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`1fb93933fd087215a3c7b0800e6bb703`
SHA1	`a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb`
SHA256	`2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01`
CRC32	`946682DF`
ssdeep	`12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	73eb2e52c429eeff_twenty Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Twenty
Size	155.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	data
MD5	`e5b6d122a277a0b3b24fcf176ffe8d61`
SHA1	`3a2624694f26fac2414ee67c7a80ea357e257455`
SHA256	`73eb2e52c429eeff406e615a70eed473db80e689167fcfa8394923cb3d782b5c`
CRC32	`3A92D2CC`
ssdeep	`3072:LqRWO/9EAehuqCkrwzW3Nzl8F5hPLaLWysRIO7vHZnBfzHl8Dz5YaZYv8:LqlEAehuqN8zwNzlmhPL1b5nZ2tZ68`
Yara	None matched
VirusTotal	Search for analysis

Name	760ccbfd6bacb27b_transcription Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Transcription
Size	165.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	data
MD5	`6e579d87b8f41b6ced0be6da22fa57ed`
SHA1	`16b50b6dd6a28d5dfc78b8427d1a120e859d3a9f`
SHA256	`760ccbfd6bacb27b98412b96dc12e24fd4e54b3a6369bf6f682af655c4927ed0`
CRC32	`6BDACA35`
ssdeep	`1536:z5EDuVGHj1vtKs51VqaHwsWcfcd0vtmgMbFuz08QuklMBNIi9u5aAwubPdMaj6u:z5A3q5eAg0Fuz08XvBNbIaAtbPf6u`
Yara	None matched
VirusTotal	Search for analysis

Name	e58bce258dc9c7ff_layer Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Layer
Size	247.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2cfb93e98c265b90e75917162a38289c`
SHA1	`08062592c168176e5319ea7b3e13512cbb735b43`
SHA256	`e58bce258dc9c7ff11ccb7f1eb15487a56da6e6f7fa6b8de827cef7838196d4c`
CRC32	`FA831336`
ssdeep	`6144:LQBk7JjX74cN0lrztgwU0Wyw3mFygyE4mqd12x:LO0z8e0lvSr0Wyw20K4mqCx`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	512e4e95427a8c66_OM3725q6TLw1 Submit file
Filepath	C:\Users\test22\AppData\LocalLow\OM3725q6TLw1
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`f4c540f52d5c08d24a79805eda1d7abf`
SHA1	`22be46826df7693f58736adb232ab2da790f2571`
SHA256	`512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94`
CRC32	`95C9FB3A`
ssdeep	`24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z`
Yara	None matched
VirusTotal	Search for analysis

Name	5db4acc8901e4dd1_x Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\18919\X
Size	511.0KB
Processes	2192 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`2ebf94c059b356d8f92e2748635b0a69`
SHA1	`e534b1fffcfee1887ae418c3a683423561a5a3db`
SHA256	`5db4acc8901e4dd1db65cc58720e00548c742a01e8f70f0b7663044670f11b8f`
CRC32	`3D24DB22`
ssdeep	`3072:1MnZOMS9b2+S8OpwFN4mb4mkw4VqnQbUXiDihn7p0seftPsidsiHw5yxHRXDVowA:C0MSnSj3aiipARXZRI3SG7ti+z`
Yara	None matched
VirusTotal	Search for analysis

Name	f58d3a4b2f3f7f10_lone.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\18919\Lone.pif
Size	924.6KB
Processes	192 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`848164d084384c49937f99d5b894253e`
SHA1	`3055ef803eeec4f175ebf120f94125717ee12444`
SHA256	`f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3`
CRC32	`4FCA9037`
ssdeep	`24576:LOo8pEnK4mrqlEZuVZ2HOI+X0l1lMZyYFaeBmyF:LF8p4KpqlEZeXI+X0TVcae3F`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	01cfed8fea337dce_lay Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Lay
Size	13.8KB
Processes	2636 (SoftwareMeetup.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`83d482d2799e2bc9287ebb583b45c99d`
SHA1	`a8864eecb093e9229a58194dec4452a653337d63`
SHA256	`01cfed8fea337dce2c2d76a7c8ef8ad1ac0b9d424a58ce8b3984f9ebad8a71a2`
CRC32	`029F75DC`
ssdeep	`192:O6jIsfTBTEMH0dxOErtP03W3Hpxgsv1YtM8snBOZM9sYeM81h+Peqx7xj82+f3:dTBgftN3Hpesv1YisYvPeqx7x42S`
Yara	None matched
VirusTotal	Search for analysis

Name	4191faf7e5eb105a_mozglue.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\mozglue.dll
Size	612.4KB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f07d9977430e762b563eaadc2b94bbfa`
SHA1	`da0a05b2b8d269fb73558dfcf0ed5c167f6d3877`
SHA256	`4191faf7e5eb105a0f4c5c6ed3e9e9c71014e8aa39bbee313bc92d1411e9e862`
CRC32	`ED48E95A`
ssdeep	`12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b2ae93d30c8beb0b_freebl3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\freebl3.dll
Size	668.9KB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`15b61e4a910c172b25fb7d8ccb92f754`
SHA1	`5d9e319c7d47eb6d31aaed27707fe27a1665031c`
SHA256	`b2ae93d30c8beb0b26f03d4a8325ac89b92a299e8f853e5caa51bb32575b06c6`
CRC32	`906605E4`
ssdeep	`12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a7a0d448e5574959_celebrity Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Celebrity
Size	221.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	data
MD5	`4b9a1ba9e61b62f7c56445888557220d`
SHA1	`8d2ef3958684227511ea9bbb2d473772f0004524`
SHA256	`a7a0d448e55749596194b7968687537813d416f7c7a2ae395e9136829625c109`
CRC32	`4687F457`
ssdeep	`6144:+fA6Gfm608DsvqJX4xNAB+xHFq9O0lHPOGUWLhxjRYmFqZh:8KmNvqJWNAB+X0lHPOGNnlMZh`
Yara	None matched
VirusTotal	Search for analysis

Name	01148a35f3033f57_cal Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Cal
Size	440.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`0fcae781fd17a5615eebc1133d6d10d8`
SHA1	`c7147dc0382f34cf7a701e6cfc8ec740db58d1c3`
SHA256	`01148a35f3033f573130015ec4d43a912f45fd1b650e3f27aa648ecb0e984d47`
CRC32	`98037CD2`
ssdeep	`3072:1MnZOMS9b2+S8OpwFN4mb4mkw4VqnQbUXiDihn7p0seftPsidsiHw5yxHRXDVowc:C0MSnSj3aiipARXZRI3SGr`
Yara	None matched
VirusTotal	Search for analysis

Name	47b64311719000fa_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\sqlite3.dll
Size	1.0MB
Processes	604 (Lone.pif)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`dbf4f8dcefb8056dc6bae4b67ff810ce`
SHA1	`bbac1dd8a07c6069415c04b62747d794736d0689`
SHA256	`47b64311719000fa8c432165a0fdcdfed735d5b54977b052de915b1cbbbf9d68`
CRC32	`7926712E`
ssdeep	`24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8bd834c3578ea62a_ict Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\35483\Ict
Size	71.0KB
Processes	2636 (SoftwareMeetup.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`fe046b40042b4efcdaa5250f40288b47`
SHA1	`8264d6d8d922028928c57454118e6ac64ca2c955`
SHA256	`8bd834c3578ea62a4ea411c202a98fdaa47af2dc745708959a5910104316ca22`
CRC32	`2923DDA5`
ssdeep	`1536:KdCr4zDCsK4x67P5PC81a1ONBqPKRKpRzPW+7rQujXTeWe7bzLVyVw8yO668J4Qx:PtOxEd61vGzcw`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis