Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...
09.21 02:09
66ed7ef071886_crypted....

Latest News
09.21 11:09
Against Elitism
09.21 11:09
5 Best Practices For E...
09.21 10:09
Fälschung enttarnt: De...
09.21 10:09
ChatGPT o1: Revolution...
09.21 09:09
Sicherheitsgründe: Ukr...
09.21 08:09
Steel Reinforcement To...
09.21 07:09
Iranian Hackers Tried ...
09.21 06:09
Prime Day is approachi...
09.21 06:09
heise-Angebot: NEU im ...
09.21 06:09
Datenschutzvorfall bei...

Dropped Files | ZeroBOX

Name	8ada58c8fa6bfaee_wxt848r0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.dll
Size	3.5KB
Processes	2872 (csc.exe) 2748 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b8bd50cdc38374f738489296e86a279d`
SHA1	`cf8e1705fdbfc06e1b29bbffbfb265788c847aa6`
SHA256	`8ada58c8fa6bfaeeb877fde343aa97aa94e4512ed213895b7e648b06428ad48f`
CRC32	`801991BF`
ssdeep	`24:etGS39KxWnwzVt7x7WukzXNUbdPtkZfjbHRN1WNmI+ycuZhNfakShPNnq:60+tMuJjbxN0o1ulfa3Tq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1f30dcbcd96e6f31_RESFA20.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFA20.tmp
Size	1.2KB
Processes	2920 (cvtres.exe) 2872 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`b9162bc8bdb723a87df20a88a0804840`
SHA1	`bee6f7251dfe42c6b986929e410aab94c78b00e7`
SHA256	`1f30dcbcd96e6f31df290f3cac3037ffee715dd92f33be2fcc92e64625e2bdd3`
CRC32	`53E2328F`
ssdeep	`24:H+J9YernleImHKUnhKLI+ycuZhNfakShPNnqjtd:zernlmVnhKL1ulfa3TqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_wxt848r0.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	4b5a948f466405b2_wxt848r0.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.out
Size	607.0B
Processes	2748 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`31c41529b327c90da0dad54e55eb728f`
SHA1	`b19fa7527b7697e6a2fae8f3a2b1b4802a14e1fd`
SHA256	`4b5a948f466405b29efc9d7a6a8201a4ead48b3086b8707862233e214639d963`
CRC32	`A46F8415`
ssdeep	`12:K4OLM9nzR37LvXOLMPnPAE2xOLMFKai31bIKIMBj6I5BFR5y:K+9nzd3BPnIE2nFKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	3d8e3a49c0baade4_wxt848r0.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.0.cs
Size	456.0B
Processes	2748 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`d92562bb10c45a8479c6f2ca27d4aad2`
SHA1	`bf719a03faf19275b3b660779eb3cfdbda6d4ed5`
SHA256	`3d8e3a49c0baade4d70a96b0bc4c30053324aaf4564edac2fc547aa1ad123a83`
CRC32	`1C8B430B`
ssdeep	`6:V/DsYLDS81zuSH0bMGffQXReKJ8SRHy4HiBSrYC9Zf/cy5RBEwdKy:V/DTLDfu8NXfHesUgZfEy5R6y`
Yara	None matched
VirusTotal	Search for analysis

Name	18ebef8df7877c20_wxt848r0.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.cmdline
Size	311.0B
Processes	2748 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`ee06b2c2e69839f3acd50139507ecf0b`
SHA1	`19f98b7e61d44717eb11a609db4820d77c585d10`
SHA256	`18ebef8df7877c2021b0a89d8610856e5352ae98750fdb5fb0a4c008176fc32e`
CRC32	`A0B99E0D`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fHmGsSAE2NmQpcLJ23fI:p37LvXOLMPnPAE2xOLMQ`
Yara	None matched
VirusTotal	Search for analysis

Name	122d63d99dffb099_CSCFA0F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFA0F.tmp
Size	652.0B
Processes	2872 (csc.exe)
Type	MSVC .res
MD5	`a993341dd3b38b6eec736b7e7b542b97`
SHA1	`ecdffb30f028543ed56df0b650bc2f5f235fdb7a`
SHA256	`122d63d99dffb0999beffcede0bf6a9db68c61effb343ea92e1526f28de96d88`
CRC32	`16C5A96E`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryI+ak7YnqqZfPN5Dlq5J:+RI+ycuZhNfakShPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2748 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	6fc49bbb2b923d4a_wxt848r0.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wxt848r0.pdb
Size	7.5KB
Processes	2872 (csc.exe) 2748 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`92b6679f96ae62962cd1b17dbecc01dd`
SHA1	`3707ee01c18de0b8286bc2df1e83312d0dc060a4`
SHA256	`6fc49bbb2b923d4a14a49844abe4bdb6e2e9ae8f31b79ff3e4e7b5eddbb15b93`
CRC32	`5D639983`
ssdeep	`6:zz/BamfXllNS/BU11mllxrS/77715KZYXxGQu+e0KpYXQ0oGggksl/cEDf:zz/H1W/BUfSXS/pw2qR0RD`
Yara	None matched
VirusTotal	Search for analysis