Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...
11.13 02:11
ua.exe

Latest News
11.13 04:11
가트너, “AI 데이터센터 40%, 20...
11.13 04:11
미라트 쇼룸, DDP에서 약 1.5만명 방문
11.13 04:11
IBM, AI와 복잡내성 보안 강화한 I...
11.13 04:11
Fake Job Ads and Fake ...
11.13 04:11
노크, 전국 30만 대학생 소통의 장 열어
11.13 04:11
종로 골드게이트, 예물반지용 랩다이아몬드...
11.13 04:11
코오롱베니트, 글로벌 소프트웨어 기업 에...
11.13 04:11
사회복지법인 대한사회복지회, 한양대학교 ...
11.13 04:11
한싹, AI 답변 생성 솔루션 ‘블루러닝...
11.13 04:11
'바툼 시스템 히터' 오는15일 현대홈쇼...

Dropped Files | ZeroBOX

Name	b3cd4b5e105b60ee_{1e241a2a-594c-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E241A2A-594C-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	2032 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9d7da56374ede03490a3c8079147feb0`
SHA1	`1ec0ada4756842a8f27abc2e1c0d26bc6f290484`
SHA256	`b3cd4b5e105b60ee6f6dba5859ac29d2749311305991a3d7c3d457f1a7019d08`
CRC32	`9899729D`
ssdeep	`12:rl0ZGFLrEgmfS76FY9HrEgmfcB7qgONlLNbaxY/Q1cy4jNlb9bax3KtHaK+wx4R4:rfGIGKONlZWqtNlZDlh+C`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	6610097101887aa3_nxrovjic.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.0.cs
Size	461.0B
Processes	2552 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`d76effe105415f187adfc3a79d00263f`
SHA1	`d294ab154198c14b907ac506b17c4a455819113b`
SHA256	`6610097101887aa3c992d08cf3096070fd1dfd81e8c3c78e2d6638356ca9833d`
CRC32	`7366DACF`
ssdeep	`6:V/DsYLDS81zux7QPMCbQXReKJ8SRHy4Hu3Km+4yf/qgYwy:V/DTLDfulS8XfH5Q3wy`
Yara	None matched
VirusTotal	Search for analysis

Name	faf860023ad10aea_RES5E82.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES5E82.tmp
Size	1.2KB
Processes	1620 (cvtres.exe) 1116 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`00de3034bca8f0cdb4eabf0a10d38dcd`
SHA1	`2544e959ec6376df0106121544279e5623c14bee`
SHA256	`faf860023ad10aeabd85c9394bf8051d3c375bee943755afc3d8fdd1d3c9a2d7`
CRC32	`FF2F0682`
ssdeep	`24:HzJ9YernEShsmHzUnhKLI+ycuZhN/akSBPNnqjtd:cernwmgnhKL1ul/a3zqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2552 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nxrovjic.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	9220d2aa1b21f2e8_nxrovjic.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.dll
Size	3.5KB
Processes	1116 (csc.exe) 2552 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cce7b63d530652bce4470b6f71cff8e4`
SHA1	`0faf0beb046116b54fe0cefd8b0068245552f400`
SHA256	`9220d2aa1b21f2e8d55e3365b735369521da4231b854b54971b00467cfdd4ff8`
CRC32	`09DCBB5C`
ssdeep	`24:etGSbm9KxWnwzVHYk85UUTaUbdPtkZfrQun1wuamI+ycuZhN/akSBPNnq:69HOuU+MuJrQunCup1ul/a3zq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b1e0bc642789817d_CSC5E14.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC5E14.tmp
Size	652.0B
Processes	1116 (csc.exe)
Type	MSVC .res
MD5	`356f73d5ada39007ad0dbeaa6ce5248a`
SHA1	`00584ad0ecd7b8dd5d02655e9cd8e3327dccfd0e`
SHA256	`b1e0bc642789817db663bbecde92f3f14b2b83d5c8fd873d7abac6d972d8a761`
CRC32	`89A56BE2`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry9ak7YnqqBPN5Dlq5J:+RI+ycuZhN/akSBPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	38f7418f1fdf1def_recoverystore.{1e241a29-594c-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1E241A29-594C-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	2032 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`789240a98f2914aefc278061dcb31a91`
SHA1	`0b661410fcd0a16610e5afb72add81197905b483`
SHA256	`38f7418f1fdf1defc43f78cb6b53cf500bef5a7e3fe6cb4ee8f4acbce72f0fbb`
CRC32	`7AB6C3C7`
ssdeep	`12:rlfF2RrEg5+IaCrI0F7+F2DorEg5+IaCrI0F7ugQNlTqbaxiNlTqbax:rqR5/1s5/3QNlWDNlW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	5dcc3188ad6560cb_nxrovjic.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.pdb
Size	7.5KB
Processes	1116 (csc.exe) 2552 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`35d8861b65706acf359275aeece327c0`
SHA1	`f6fff66c949e0a04d79b5e419fce80f9d5b50cbd`
SHA256	`5dcc3188ad6560cb039d43e809f516d23b64b6482e6fca84c855e69966eb01ad`
CRC32	`7E77ADBC`
ssdeep	`6:zz/BamfXllNS/T3o11mllxrS/77715KZYXa3q8MoGggksl/3YXBGQu+e0KWEi+:zz/H1W/T3YSXS/pwz3q8MmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	c44eb5f0f2aa1e4d_nxrovjic.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.cmdline
Size	311.0B
Processes	2552 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`62b79db77be407f57acc1d2243c1e8a8`
SHA1	`f18a71cb76a50c3aaaa9de814bda7795b9b8a83a`
SHA256	`c44eb5f0f2aa1e4d80a46441456302e271c7516623b25c59806375695e22c0bb`
CRC32	`404E8A12`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fATdQmGsSAE2NmQpcLJ23fATn:p37LvXOLMuCnPAE2xOLMun`
Yara	None matched
VirusTotal	Search for analysis

Name	adfa72d30e867932_nxrovjic.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nxrovjic.out
Size	598.0B
Processes	2552 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5e625d161f16fad7ada916ef455e810d`
SHA1	`d0d04ae0ea75332b1fd952c1632b14d8ce19cb8e`
SHA256	`adfa72d30e867932999a49b5c4f273f61ea9367f1e6733292aa849c399520dac`
CRC32	`CF38F7A2`
ssdeep	`12:K4X/NzR37LvXOLMuCnPAE2xOLMuuKai31bIKIMBj6I5BFR5y:KyNzd3BuCnIE2nuuKai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis