Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	d96856cd944a9f15_nskbfltr.inf Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\nskbfltr.inf
Size	328.0B
Processes	2548 (snd16061.exe)
Type	Windows setup INFormation, ASCII text, with CRLF line terminators
MD5	`26e28c01461f7e65c402bdf09923d435`
SHA1	`1d9b5cfcc30436112a7e31d5e4624f52e845c573`
SHA256	`d96856cd944a9f1587907cacef974c0248b7f4210f1689c1e6bcac5fed289368`
CRC32	`91EDA8F7`
ssdeep	`6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn`
Yara	None matched
VirusTotal	Search for analysis

Name	3c072532bf7674d0_htctl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\HTCTL32.DLL
Size	320.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c94005d2dcd2a54e40510344e0bb9435`
SHA1	`55b4a1620c5d0113811242c20bd9870a1e31d542`
SHA256	`3c072532bf7674d0c5154d4d22a9d9c0173530c0d00f69911cdbc2552175d899`
CRC32	`0EF370EB`
ssdeep	`6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2b92ea2a7d2be8d6_tcctl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\TCCTL32.DLL
Size	387.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2c88d947a5794cf995d2f465f1cb9d10`
SHA1	`c0ff9ea43771d712fe1878dbb6b9d7a201759389`
SHA256	`2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e`
CRC32	`A34D709C`
ssdeep	`12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a74612ae5234d1a8_audiocapture.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\AudioCapture.dll
Size	91.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4182f37b9ba1fa315268c669b5335dde`
SHA1	`2c13da0c10638a5200fed99dcdcf0dc77a599073`
SHA256	`a74612ae5234d1a8f1263545400668097f9eb6a01dfb8037bc61ca9cae82c5b8`
CRC32	`15D1C8E1`
ssdeep	`1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b4b58ed6d771c145_autorunns.ini.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autorunns.ini.lnk
Size	1.7KB
Processes	2548 (snd16061.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Hidden, Archive, ctime=Thu Apr 17 17:47:26 2025, mtime=Thu Apr 17 17:47:26 2025, atime=Tue Dec 6 13:58:26 2016, length=105848, window=hide
MD5	`223b7b43ff8a5717eb8c31cd4e3e0095`
SHA1	`baaecd85c7e020aa7092cc52cc4eaafb338f4756`
SHA256	`b4b58ed6d771c145755cda12bba191900d8a28b50d262d79d6d23bdc7f444d7e`
CRC32	`E1F09A75`
ssdeep	`24:8sBnsERdonwR3GltdlTrzNEkM006wvlg31c:8IscRIlHpLWvlGc`
Yara	Lnk_Format_Zero - LNK Format lnk_file_format - Microsoft Windows Shortcut File Format
VirusTotal	Search for analysis

Name	fedd609a16c717db_remcmdstub.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\remcmdstub.exe
Size	62.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`6fca49b85aa38ee016e39e14b9f9d6d9`
SHA1	`b0d689c70e91d5600ccc2a4e533ff89bf4ca388b`
SHA256	`fedd609a16c717db9bea3072bed41e79b564c4bc97f959208bfa52fb3c9fa814`
CRC32	`1DE794F0`
ssdeep	`1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3efe6b8ec7e9751a_client32.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\client32.ini
Size	922.0B
Processes	2548 (snd16061.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7bb1ec296d0d1b255fb99b52a413735a`
SHA1	`51d3b917b776816297181f46c8a24087bffba72f`
SHA256	`3efe6b8ec7e9751a01b92c73ca08785b142b2421311530462f51025a63b409a9`
CRC32	`33EE91A5`
ssdeep	`12:ux/vONhz7q+mPXjxGSGpzWVTXuZ7/PfY837GXoKIDWUpYL7XBGSaCYubluYSE+q7:upOhzZmPTxapz1l1yXtIDJCPBmuQtqoQ`
Yara	None matched
VirusTotal	Search for analysis

Name	05f0b1546fa629e5_nsm.lic Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\NSM.LIC
Size	256.0B
Processes	2548 (snd16061.exe)
Type	ASCII text, with CRLF line terminators
MD5	`523727c74d4097a62a16d15cf8ad1db5`
SHA1	`14dc19cf244e45d66c103044eeb016946249dd13`
SHA256	`05f0b1546fa629e5c9b0f08f8232cd9714f0aa556ebb7acd8e3a27603ed061a8`
CRC32	`32708157`
ssdeep	`6:O/oPp3Xk4xRPjwx+FaaydDKHMoEEjLgpW2McYwXZNWYpPM/iomcLa8l6i7s:Xh3XZR7wx+FI8JjjqW2MbiNBPM/ioJuX`
Yara	None matched
VirusTotal	Search for analysis

Name	38684adb2183bf32_pcicl32.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\PCICL32.DLL
Size	3.6MB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`d3d39180e85700f72aaae25e40c125ff`
SHA1	`f3404ef6322f5c6e7862b507d05b8f4b7f1c7d15`
SHA256	`38684adb2183bf320eb308a96cdbde8d1d56740166c3e2596161f42a40fa32d5`
CRC32	`9CB15CBA`
ssdeep	`49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library IsDLL - (no description) Antivirus - Contains references to security software Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	4bfa4c00414660ba_nsm_vpro.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\nsm_vpro.ini
Size	46.0B
Processes	2548 (snd16061.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3be27483fdcdbf9ebae93234785235e3`
SHA1	`360b61fe19cdc1afb2b34d8c25d8b88a4c843a82`
SHA256	`4bfa4c00414660ba44bddde5216a7f28aeccaa9e2d42df4bbff66db57c60522b`
CRC32	`1FC5A049`
ssdeep	`3:lsylULyJGI6csM:+ocyJGIPsM`
Yara	None matched
VirusTotal	Search for analysis

Name	60fe386112ad51f4_nsm.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\NSM.ini
Size	6.3KB
Processes	2548 (snd16061.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`88b1dab8f4fd1ae879685995c90bd902`
SHA1	`3d23fb4036dc17fa4bee27e3e2a56ff49beed59d`
SHA256	`60fe386112ad51f40a1ee9e1b15eca802ced174d7055341c491dee06780b3f92`
CRC32	`B9FA7C89`
ssdeep	`96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_31261031 Empty file or file not found
Filepath	C:\Users\test22\AppData\Roaming\__tmp_rar_sfx_access_check_31261031
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	4d24b35917638930_client32.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\client32.exe
Size	103.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c60ac6a6e6e582ab0ecb1fdbd607705b`
SHA1	`ba9de479beb82fd97bbdfbc04ef22e08224724ba`
SHA256	`4d24b359176389301c14a92607b5c26b8490c41e7e3a2abbc87510d1376f4a87`
CRC32	`AC78CE65`
ssdeep	`384:qqDV5+6j6Qa86Fkv2Wr120hZgoTSPT+TWit:qOVZl6FhWr80/goTwiTWit`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8793353461826fbd_msvcr100.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\msvcr100.dll
Size	755.8KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0e37fbfa79d349d672456923ec5fbbe3`
SHA1	`4e880fc7625ccf8d9ca799d5b94ce2b1e7597335`
SHA256	`8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18`
CRC32	`4623CD62`
ssdeep	`12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2d6c6200508c0797_pcicapi.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\pcicapi.dll
Size	32.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`34dfb87e4200d852d1fb45dc48f93cfc`
SHA1	`35b4e73fb7c8d4c3fefb90b7e7dc19f3e653c641`
SHA256	`2d6c6200508c0797e6542b195c999f3485c4ef76551aa3c65016587788ba1703`
CRC32	`76398878`
ssdeep	`768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	956b9fa960f913cc_pcichek.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WinSupUpdata\PCICHEK.DLL
Size	18.4KB
Processes	2548 (snd16061.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`104b30fef04433a2d2fd1d5f99f179fe`
SHA1	`ecb08e224a2f2772d1e53675bedc4b2c50485a41`
SHA256	`956b9fa960f913cce3137089c601f3c64cc24c54614b02bba62abb9610a985dd`
CRC32	`788D89FB`
ssdeep	`192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis