Dropped Files | ZeroBOX
Name ac5c92fe6c51cfa7_nss3.dll
Submit file
Filepath C:\ProgramData\nss3.dll
Size 2.0MB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
CRC32 7DC07205
ssdeep 49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 169c04331f72fe4a_HDAKJDHIEBFIIDGDGDBAEGCGDA
Submit file
Filepath C:\ProgramData\HDAKJDHIEBFIIDGDGDBAEGCGDA
Size 5.0MB
Type SQLite 3.x database, user version 53, last written using SQLite version 3031001
MD5 f77930486de1b1bb4b397d5d8f3cd124
SHA1 e3f5727a0774c7cba17f0b10569012dcea24cb55
SHA256 169c04331f72fe4ae9958da09e1b28ec5910f7ea523d6105b7e4ad521b2baaee
CRC32 D85072F9
ssdeep 96:Dm8j5PnH6xY2Wi+67tH2iB4q2xfX7ZbiZzdFzb4PPwI3A7:l5/IYOTAlQzdFzaDm
Yara None matched
VirusTotal Search for analysis
Name 5136a49a682ac8d7_msvcp140.dll
Submit file
Filepath C:\ProgramData\msvcp140.dll
Size 439.5KB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 5ff1fca37c466d6723ec67be93b51442
SHA1 34cc4e158092083b13d67d6d2bc9e57b798a303b
SHA256 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062
CRC32 FE675AE5
ssdeep 12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name e3b0c44298fc1c14_cookies.sqlite-wal
Empty file or file not found
Filepath C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\cookies.sqlite-wal
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name fd4c9fda9cd3f9ae_cookies.sqlite-shm
Submit file
Filepath C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\cookies.sqlite-shm
Size 32.0KB
Type data
MD5 b7c14ec6110fa820ca6b65f5aec85911
SHA1 608eeb7488042453c9ca40f7e1398fc1a270f3f4
SHA256 fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
CRC32 DDC506B6
ssdeep 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
Yara None matched
VirusTotal Search for analysis
Name b3dfa692f7da19ee_HIJEGDBGDBFIJKECBAKFBFIDGC
Submit file
Filepath C:\ProgramData\HIJEGDBGDBFIJKECBAKFBFIDGC
Size 5.0MB
Type SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5 c395620f9a8337341636a78a98f5b3d9
SHA1 97700ec4db7362e02a56df5e70dd828ad9823d24
SHA256 b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624
CRC32 476CDB88
ssdeep 192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z
Yara None matched
VirusTotal Search for analysis
Name edb006e05cfa8501_AAKJKJDGCGDBGDHIJKJECFCFBG
Submit file
Filepath C:\ProgramData\AAKJKJDGCGDBGDHIJKJECFCFBG
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 3f5ca3e29b1b60e298aeca0a32164c03
SHA1 f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66
SHA256 edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488
CRC32 E1ACA097
ssdeep 24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5
Yara None matched
VirusTotal Search for analysis
Name 88f9dc0b9a633e43_AKJDGDGDHDGDBFIDHDBAFHCAAA
Submit file
Filepath C:\ProgramData\AKJDGDGDHDGDBFIDHDBAFHCAAA
Size 512.0KB
Type SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5 dd47ebe6866ad2ab59d0caa1de28d09e
SHA1 afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663
SHA256 88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3
CRC32 8DEE9EEA
ssdeep 24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm
Yara None matched
VirusTotal Search for analysis
Name 824fae3331b95e2f_AFIEGIECGCBKFIEBGCAA
Submit file
Filepath C:\ProgramData\AFIEGIECGCBKFIEBGCAA
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 41c19a9e8541fcb934c13c075bf47721
SHA1 648a7622d533d79b9a0bb31dc370134ec3a75ed7
SHA256 824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c
CRC32 560F7642
ssdeep 48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u
Yara None matched
VirusTotal Search for analysis
Name edd043f2005dbd59_freebl3.dll
Submit file
Filepath C:\ProgramData\freebl3.dll
Size 669.3KB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 550686c0ee48c386dfcb40199bd076ac
SHA1 ee5134da4d3efcb466081fb6197be5e12a5b22ab
SHA256 edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa
CRC32 085C6D2B
ssdeep 12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name ba06a6ee0b15f5be_mozglue.dll
Submit file
Filepath C:\ProgramData\mozglue.dll
Size 593.8KB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
CRC32 28C04754
ssdeep 12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Malicious_Packer_Zero - Malicious Packer
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name c119a54b6bef3a48_KJKJKFCB
Submit file
Filepath C:\ProgramData\KJKJKFCB
Size 80.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 255929949dea51a2f43a1f40e63764ec
SHA1 8f32ab419264fdad05f4f3828db3c1cd38d919fd
SHA256 c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6
CRC32 F7A79605
ssdeep 96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/
Yara None matched
VirusTotal Search for analysis
Name d820603eb308a436_DHIECGCAEBFIIDHIDGIE
Submit file
Filepath C:\ProgramData\DHIECGCAEBFIIDHIDGIE
Size 12.0KB
Type UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5 0647d44f50372ccfa8f1e56b37e9fe76
SHA1 5e7fac4675932c1faa55f925c958ca1c75324a20
SHA256 d820603eb308a43651cc248106d188c1602f5de460de659300721f03cd863dbc
CRC32 A8996995
ssdeep 192:O6nHM58sK1zjyPySpI+JpVgxXhKQuylvICf/eEoBqIrv0bEHa+n:O6sPPZIcpmxO3BqIr0IH/n
Yara None matched
VirusTotal Search for analysis
Name 8916fb1d76be83e4_BKFCAFCFBAEHIDHJDBGCGCAEGC
Submit file
Filepath C:\ProgramData\BKFCAFCFBAEHIDHJDBGCGCAEGC
Size 192.0KB
Type SQLite 3.x database, user version 4, last written using SQLite version 3031001
MD5 6b9c2ac2b5025e180231d8d38ece698c
SHA1 36f5cfe6ac59aaa7d7173555edeef5caa9bf61c6
SHA256 8916fb1d76be83e42cd2f7b41ee06706fe0adb936259ed7a7daa4dbcb4c51fcb
CRC32 95ACFD74
ssdeep 12:DBl/lkf12Of5LZWfY0xpMujuHWMu6N2OHjWOzMbdym/eRgBoQFmgW2FOmO6Mz6LX:DLlI1x7WxHaiSlMxosJF/Ezo
Yara None matched
VirusTotal Search for analysis
Name 0b8607fdf72f3e65_DHDAFBFCFHIDAKFIIEBAAEHIJD
Submit file
Filepath C:\ProgramData\DHDAFBFCFHIDAKFIIEBAAEHIJD
Size 96.0KB
Type SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
CRC32 842B3569
ssdeep 12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO
Yara None matched
VirusTotal Search for analysis
Name 74ebbac956e519e1_softokn3.dll
Submit file
Filepath C:\ProgramData\softokn3.dll
Size 251.8KB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4e52d739c324db8225bd9ab2695f262f
SHA1 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
CRC32 1CE2A51D
ssdeep 6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name 8934aaeb65b6e6d2_vcruntime140.dll
Submit file
Filepath C:\ProgramData\vcruntime140.dll
Size 79.0KB
Processes 1700 (lamp.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 a37ee36b536409056a86f50e67777dd7
SHA1 1cafa159292aa736fc595fc04e16325b27cd6750
SHA256 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825
CRC32 A23699DD
ssdeep 1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name cecf59649ccf1d76_DHIECGCAEBFIIDHIDGIE
Submit file
Filepath C:\ProgramData\DHIECGCAEBFIIDHIDGIE
Size 8.8KB
Type ASCII text, with very long lines, with CRLF line terminators
MD5 07951590532d8114ea1caca9ed7e0a39
SHA1 7a4bebc2f20ead9546fa5749aafe739ad5f551de
SHA256 cecf59649ccf1d7668ad3c7119bf9b380d6d5c339d7f0faeb2f29f163fd3f3ee
CRC32 E3F3A320
ssdeep 192:ZDnijRILMMdaWaLbFlp/PuFbylfFw8AxSwSO:pmsy7wIO
Yara None matched
VirusTotal Search for analysis