Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Dropped Files | ZeroBOX

Name	75ae3fd1640ea0e0_0lmkrb0q.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.out
Size	598.0B
Processes	2132 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5bde9aedc0b1740a9363852e3d4cb956`
SHA1	`cacb0744b894087b712c50273ddc373046d543f9`
SHA256	`75ae3fd1640ea0e0ba18f1be7d9e677eacfe88726e4f4ed9e04bbaa544011547`
CRC32	`60153BA3`
ssdeep	`12:K4X/NzR37LvXOLMdnPAE2xOLMQOKai31bIKIMBj6I5BFR5y:KyNzd3BdnIE2nQOKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_0lmkrb0q.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	5383de585f440b0c_CSC4397.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC4397.tmp
Size	652.0B
Processes	2280 (csc.exe)
Type	MSVC .res
MD5	`b805762a1c4a83f07ffa4e707ece8d0e`
SHA1	`05831516514059267ca8f6845199d17a6a857fcf`
SHA256	`5383de585f440b0cbc03ea5610181343931324c6f6d895a6bed29828f61af7df`
CRC32	`7E6115E4`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry2qak7YnqqDbPN5Dlq5J:+RI+ycuZhNoqakSDbPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	b7d6b2d976cb4488_recoverystore.{7f98c433-8b99-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F98C433-8B99-11EF-AC50-94DE278C3274}.dat
Size	5.0KB
Processes	1884 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b1954e9a62c41b5075b057ff3d6c2479`
SHA1	`0bc7978360f31027ad78ef41f83b933dd87cd867`
SHA256	`b7d6b2d976cb448873b76eeee859d8ea83887891df32543d70bc680620307deb`
CRC32	`BD2DEEC3`
ssdeep	`12:rlfF2RrEg5+IaCrI0CI7eF2LTrEgmZ+IaCrI0CIc8GmRVOeMiqI771NlTqbaxLhD:rqR5/fLTG5/k85jBM+NlW46NlW4`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	00aebf773a3c5019_{7f98c434-8b99-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F98C434-8B99-11EF-AC50-94DE278C3274}.dat
Size	4.0KB
Processes	1884 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`7c86774c35fe3f15df8903c0b3451f91`
SHA1	`03beb4698e7ca087296f14866a10139f7686b9dd`
SHA256	`00aebf773a3c501941e6d9704845701091e902c0a1ec5b5b4071022adf438bdf`
CRC32	`C4E05D1F`
ssdeep	`12:rl0YmGFMrEgmf0x6KFvrEgmfa6qguNlTVbax9m/Q1OGzqtlW4yNli+U9baxbKtHH:rSG8RGVuNlpCkGOXwNli73lh+D5OX`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2132 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	599f2389d9a89b78_0lmkrb0q.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.0.cs
Size	457.0B
Processes	2132 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`14d219d91317f8e96c799ee941fe086e`
SHA1	`8fdd925bbf4c3114297a09a97612d6e8dd01888a`
SHA256	`599f2389d9a89b784e06cceb4e613c6bf9a9e708655257fda775e8850e605910`
CRC32	`1957047D`
ssdeep	`6:V/DsYLDS81zuyF0CFWmMK/RQXReKJ8SRHy4HUCCCtbNuv/VfPQy:V/DTLDfuWNFsXfHSQy`
Yara	None matched
VirusTotal	Search for analysis

Name	33c741d0bc62214e_RES4405.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES4405.tmp
Size	1.2KB
Processes	964 (cvtres.exe) 2280 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`97b2d441a0fc7d69b86efb36166bd160`
SHA1	`f2c33d2536bc18dc4dbd9c9c8d6ba7c00246c196`
SHA256	`33c741d0bc62214e4f08595b655bc36f08701b143502031de86b74f3f9ccf2ae`
CRC32	`F68B788F`
ssdeep	`24:HpiJ9YernyhmHGUnhKLI+ycuZhNoqakSDbPNnqjtd:9ernGmxnhKL1ulpa3FqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	45e292f67bcb51bd_0lmkrb0q.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.dll
Size	3.5KB
Processes	2280 (csc.exe) 2132 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3cc03d312132de791a1e9830e311758a`
SHA1	`ddf236f791917b8fa4aa88f1114a3da34185a49f`
SHA256	`45e292f67bcb51bdf66f390afd3f3a3bdab921b4abc3cfb1e1796acdbec267db`
CRC32	`03B3B8AD`
ssdeep	`24:etGSf9iWaEwR/ZNkeX7EUbdPtkZf561uLmI+ycuZhNoqakSDbPNnq:6gxBZJXoMuJ56My1ulpa3Fq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d89277062226d228_0lmkrb0q.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.cmdline
Size	311.0B
Processes	2132 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0a62cfbbecd71fda62e6ae1a7dd10e98`
SHA1	`3f9faa6685765153572b05f0492ba543a9362567`
SHA256	`d89277062226d22846d138ac4e11b4ba68f6063967c7409292ff3b2a50902e1c`
CRC32	`E5394315`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fLiQmGsSAE2NmQpcLJ23fLUH:p37LvXOLMdnPAE2xOLMQH`
Yara	None matched
VirusTotal	Search for analysis

Name	b83dfd8dbaf648c7_0lmkrb0q.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0lmkrb0q.pdb
Size	7.5KB
Processes	2280 (csc.exe) 2132 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`84ca18113a57e5472d57d7a1a77a39cb`
SHA1	`f5d88322fb84b6a1446124486b2174a16235c8f5`
SHA256	`b83dfd8dbaf648c7b39c57d8baa22b27080dc498782f43f28d438cc41e9fbe25`
CRC32	`5C700417`
ssdeep	`6:zz/BamfXllNS/c8891mllxrS/77715KZYXP8SyMoGggksl/3YXBGQu+e0KWEi+:zz/H1W/clSXS/pw8fmqRi`
Yara	None matched
VirusTotal	Search for analysis