Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	363d9db084b031e9_invited Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Invited
Size	64.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`4511ed954df31c85ff6592e0fb8f5b7e`
SHA1	`1fea5bb9cb36dab401597c76450fa1fc59b089a9`
SHA256	`363d9db084b031e9c49973926ef9e2f93db234326dbc70c5002a7587d058bf43`
CRC32	`7C6FCD82`
ssdeep	`1536:dqA5IbHujobvZo9odkPRywtMfRzMItTOL6VlQuY:PIbHMobvQyw6fbT3jq`
Yara	None matched
VirusTotal	Search for analysis

Name	827a86fcfc664de3_democrats Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Democrats
Size	51.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`74c116364b2aaad0b6812dc77bee777a`
SHA1	`56a2bbc96de0e0e3b4f7830a42dfda5bfa3fa5a3`
SHA256	`827a86fcfc664de3179f9a74dd397d2f2d397451c9a3ca4956facf5ce7b41250`
CRC32	`139DD8CB`
ssdeep	`1536:ljpwQ+4NtcDvdQJUuKG3mLvX/MYM06a4cJO80Mw:dpJNtc76JU23mLHMYMi4cJ9Tw`
Yara	None matched
VirusTotal	Search for analysis

Name	5f037d0b99af195f_they Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\They
Size	866.2KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`8af5c3c2071e4780e7454dfcde05e052`
SHA1	`ca5db2f4e4f556a15377cd12e6f2686b1f816317`
SHA256	`5f037d0b99af195f73d07b4f36e3e1c9b8721e5d2bac6fd0fd815fa823ac1a32`
CRC32	`F17AB963`
ssdeep	`12288:+V0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:Uxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2823213eddd21eb3_avon Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Avon
Size	58.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`0e1f67387d6fec8b8f58b0156db95c41`
SHA1	`29ea1e626e5a83be10b2864824b5d0c95cc11ad1`
SHA256	`2823213eddd21eb3ebfa4a2f674ce72c405119a88c81fcc8b66292f5b1a02950`
CRC32	`7E060F35`
ssdeep	`768:XoLizx+J1C6JP7IpdL1mRCabxF3VTSNF3IrIfVolbgyU6mw1WpEtDGbwL/mVgp8v:Xnz4YCP7Md0L355rpgy9mWEEtragztmx`
Yara	None matched
VirusTotal	Search for analysis

Name	b57252ee073750ef_subscribe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Subscribe
Size	24.1KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`c24d35bf84a9b45f93289a0c21cb06b8`
SHA1	`44e1939023c0a92df2939ce66b3abbf875426f95`
SHA256	`b57252ee073750ef25328671bf71ed42435ede4493c83620901f41bb44a9d54e`
CRC32	`42F63F20`
ssdeep	`384:q01ruzm33cay8+xVV3mV8BnGmC2jyiphTerAHupizVwr5hVJj1INCEV3zSiuyCz:MS3CpVV3zBRvZwr5hVGJgiuz`
Yara	None matched
VirusTotal	Search for analysis

Name	8cc088a60e97c188_steve Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Steve
Size	87.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`6da3a70262046616f87b4a2eed638aba`
SHA1	`2fd4f9f073bca64bbb07706ff25854d0305297e5`
SHA256	`8cc088a60e97c188b596f86c09ea3739ac6e998f1693d0f52b2c07980dd96ab2`
CRC32	`71EC68D1`
ssdeep	`1536:fXJPAtNDTc34rsMIoC0FT8FZJizMohKs1B0bKFa0G3Z7djTr/wwuvHPWA8WVWUQm:fXKg4g50FArMp70bK83Z7pTrwXWN8V`
Yara	None matched
VirusTotal	Search for analysis

Name	04a117546d344001_myself Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Myself
Size	88.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`97fe2ea7ca31c6990b5a2eeda7dc84a9`
SHA1	`a6241c5338250c88469c4a8f932eb0bf0bc84bb4`
SHA256	`04a117546d344001a2cf453fec1987de4383007883c00b04f6f0d18c279cebf6`
CRC32	`CEFAC069`
ssdeep	`1536:tH8Y8HWVnol1go3TMI8a5YsFLRBkwvC6WeIa6v8Jt697Bd4v8SjSpIfOUnhwzt:tcYrVno/R3TMbsYsFdV7XJ0n4kMSpIhM`
Yara	None matched
VirusTotal	Search for analysis

Name	bf11f4b238136642_exclude Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Exclude
Size	72.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`875c36f6e3df618f9667846c8013b8ad`
SHA1	`f1a0eab12939cfded09716c5e1e7bc1972f7f6eb`
SHA256	`bf11f4b238136642816685b2e7006503a206b2fbe264a66ef739aee29f9395a8`
CRC32	`4F2DA7FD`
ssdeep	`1536:9GtwIQPf+By5qpiu2eTCNaTYLiEm4TIgyr9RSeP4vn5hkhE:tIQX+M5q4u2exTYLR38g0DSePGfGE`
Yara	None matched
VirusTotal	Search for analysis

Name	531186225180117b_makers Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Makers
Size	69.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`2154ac39c812c710bda86b3cd7dd134e`
SHA1	`52c6c9f3fd0cdab376def2e819bf3535769f80c8`
SHA256	`531186225180117b464ee81d2f4996446a7bca52527f6b56e5a01d067bf823d1`
CRC32	`3FC13878`
ssdeep	`1536:aLsyKSvwKR6RyshxYl5oBLoQ4ToOwCRkoT1oaCy9msebOV/Iwnoa:agx7FgzqLPqwCRkoTOVqmtw/`
Yara	None matched
VirusTotal	Search for analysis

Name	c1781ee9f2a77922_m Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\233773\M
Size	569.1KB
Processes	2584 (cmd.exe)
Type	data
MD5	`656682372d2639a52e87b82365ccf05a`
SHA1	`7b1e3b8fe804b11002ceb7d3aa33081a93fe3d58`
SHA256	`c1781ee9f2a77922054757b9d5fb87c9c8e38f10317b5bbc507d5d3ee66ac0dd`
CRC32	`18BE9E4B`
ssdeep	`12288:PWoZ4cUzW2lHaSbnFkF52xlagM0OOSzx5G5HKDuBZygP:wrVlHa+Fkqag/DSl5GN5BrP`
Yara	None matched
VirusTotal	Search for analysis

Name	d8b7c7178fbadbf1_ranch.pif Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\233773\Ranch.pif
Size	872.7KB
Processes	2084 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`18ce19b57f43ce0a5af149c96aecc685`
SHA1	`1bd5ca29fc35fc8ac346f23b155337c5b28bbc36`
SHA256	`d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd`
CRC32	`388D364B`
ssdeep	`12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0d6a98414198b39f_runtime.bat Submit file
Filepath	c:\users\test22\appdata\local\temp\runtime.bat
Size	18.3KB
Processes	1648 (MpgRat.exe) 2084 (cmd.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`f1435821ce83c2661e52355154a3e1bc`
SHA1	`ae420bc95bb83a162e16276ecc1058f5fb71b2f1`
SHA256	`0d6a98414198b39f70c9ce44d870ac06cf749a669008cab5cd28b036d3d0b8b1`
CRC32	`54FB4DDB`
ssdeep	`384:Dv2qmDwRpq3vZ6P/GablBTTxs5g+3ZrZ5RcOXoBbLEg:Ycjq2rLTTi5T3ZrVLMLR`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsrC157.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsrC157.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	3a3bdcf18b3a73fb_diploma Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Diploma
Size	56.0KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`38fadfd3101346b0aef0c0bad4e06c60`
SHA1	`b45a706d2fe9184471b53eadeb75640eb3f357fd`
SHA256	`3a3bdcf18b3a73fbca807007b0c1bc93ce2c6048e98e91b2afb7457d0e18b8e4`
CRC32	`C74EC9D0`
ssdeep	`1536:juWbymzceE7Hx9WV/59omp/v7EJ+cdI01R9:imRzE7fWtzpbEJ+KBJ`
Yara	None matched
VirusTotal	Search for analysis

Name	1173db28951a7ea5_bathroom Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Bathroom
Size	6.5KB
Processes	1648 (MpgRat.exe)
Type	data
MD5	`e461198d4218d51e95621f239ce89f19`
SHA1	`0f8fab1482d23dd08b5a196c6a7440c6b1f2a9c7`
SHA256	`1173db28951a7ea5772ecee4e951bed7d4680c8a25fe19ee88d6dfad3815000e`
CRC32	`9EDDBEAA`
ssdeep	`192:wHAeOqAFDw09CV/2nPvj6DdMP3r1HI5jMp:wHAHhww+/2nlP3r1WK`
Yara	None matched
VirusTotal	Search for analysis