Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...
09.22 02:09
Hacker behind Snowflak...
09.22 01:09
03 - Identifying Signs...

Dropped Files | ZeroBOX

Name	47fcfea661590d24_CSC4135.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC4135.tmp
Size	652.0B
Processes	2472 (csc.exe)
Type	MSVC .res
MD5	`a8c0a46c1cc82d728960e60f0420746b`
SHA1	`5b996aca5dd5d69588e899eb2cd3e926c3e3ed04`
SHA256	`47fcfea661590d24dfc0dc50484efa6b365592ce53ed645fb973564e7868bc07`
CRC32	`0BEC1446`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryaTak7YnqqH8PN5Dlq5J:+RI+ycuZhNsTakSH8PNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_ac3xdhob.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	9ef8ccd491530f4b_ac3xdhob.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.0.cs
Size	468.0B
Processes	2336 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`7734075c50835dd0aa579997b1feacfd`
SHA1	`b2b42485dfcf88999d6780c0f1aa88e638081515`
SHA256	`9ef8ccd491530f4be74ad14c37d6c10b340045ac58c8bf65cc41c0766552a0e3`
CRC32	`E8985CFC`
ssdeep	`6:V/DsYLDS81zuoaLfw8Y0MmMmJJ/fQXReKJ8SRHy4HSxMLmw5mjNxHQy:V/DTLDfuNLfwXvGaXfHOxKJGrwy`
Yara	None matched
VirusTotal	Search for analysis

Name	6f1db72127ba7488_RES41A4.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES41A4.tmp
Size	1.2KB
Processes	3012 (cvtres.exe) 2472 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`74a031abc2c1c6b427097909790b0f61`
SHA1	`b9a371c3bbc64bc487501dbdd570d14970f5a42e`
SHA256	`6f1db72127ba7488d11d5a1236636423f6737ba904f0443977807826d41841d7`
CRC32	`6583750E`
ssdeep	`24:HPJ9YernFy3mHZUnhKLI+ycuZhNsTakSH8PNnqjtd:IernOmWnhKL1ulQa3MqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	dce1090ff074e3b6_ac3xdhob.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.pdb
Size	7.5KB
Processes	2472 (csc.exe) 2336 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`31afbec78b248dc8a67fdc31a83b1114`
SHA1	`872a49e11dd1718aae769933bb24b00e3fd68010`
SHA256	`dce1090ff074e3b6d242080591a4114f63b6a892e28a78b46053ced026f9ad75`
CRC32	`37192EB5`
ssdeep	`6:zz/BamfXllNS/Vo2rJ131mllxrS/77715KZYXso2rJEMoGggksl/3YXBGQu+e0Kd:zz/H1W/+e1lSXS/pweelmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	f2e216ed6561556e_ac3xdhob.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.out
Size	598.0B
Processes	2336 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1ffc4c2e6f9e53ca507c304fdc474bb7`
SHA1	`2e8cd58bb08d9dd2cbe61dd9892cbf4a079afdbd`
SHA256	`f2e216ed6561556ed2fe0a8b5cde17495a9a05b55ffa6ec94034500c7c8f7a3e`
CRC32	`D3461272`
ssdeep	`12:K4X/NzR37LvXOLMzwnPAE2xOLMYKai31bIKIMBj6I5BFR5y:KyNzd3BMnIE2nYKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2336 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f3458dbfb514c495_ac3xdhob.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.cmdline
Size	311.0B
Processes	2336 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`c57856f29a4aabcacb34b644f667c1d7`
SHA1	`8a1cb7374cc6bc074ab0826a2d02580b443345c0`
SHA256	`f3458dbfb514c4955eb72d7ed968d9459f177bf5a46e6ab34625fd024b32bfa9`
CRC32	`363A97FD`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f7K8wmGsSAE2NmQpcLJ23f7Kg9:p37LvXOLMzwnPAE2xOLMd`
Yara	None matched
VirusTotal	Search for analysis

Name	fb4ee4f5e936044c_{b63a0a5a-4686-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B63A0A5A-4686-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	3064 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9ec4fb71545c8ac9114d5eeaa2c01de3`
SHA1	`9507167e70bdbeee68203a857f36128a66ea29c5`
SHA256	`fb4ee4f5e936044c00ab147462a9cb1fcaa4c8bf771514ffc5edfe217b87cb94`
CRC32	`8748A4BB`
ssdeep	`12:rl0ZGFGrEgmfS76FtrEgmfcB7qgONlLNbaxlUm/Q1CnO4rNlb9baxOhKtHaK+wt1:riGdGKONlZHRIBNlZklh+g`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	88bd2327993d493c_ac3xdhob.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ac3xdhob.dll
Size	3.5KB
Processes	2472 (csc.exe) 2336 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`82a19d87b230b2b2c6bdae296484f311`
SHA1	`469830c8620de8180e1f9cd7bb4fbcbd879b2a7c`
SHA256	`88bd2327993d493c27eeb0910c8c70a2cfc56d6caaf82e36b4ea86e5b884fb41`
CRC32	`46725AE1`
ssdeep	`24:etGStNiGTw3lqHskpWkBxmjrVUbdPtkZf0k2Rq1nfcmI+ycuZhNsTakSH8PNnq:6CpMj1xsMuJ0kkq5v1ulQa3Mq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	6ecfecbd4c1e264c_recoverystore.{b63a0a59-4686-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B63A0A59-4686-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	3064 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`2265ae12e9bddaf4565dc8e348516254`
SHA1	`42a16ee6d26fc6c81732a3459d3c6da653d5597e`
SHA256	`6ecfecbd4c1e264ca6f6f45f2fcac61e6bc90cebbc7836e7f4b8e2dcd6203377`
CRC32	`B6DC46E5`
ssdeep	`12:rlfF2IarEg5+IaCrI0F7+F29rEg5+IaCrI0F7ugQNlTqbaxhA+O8NlTqbaxhA+ua:rqIa5/195/3QNlWyNlW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis