Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.21 01:04
update.exe
04.21 01:04
dxw86.exe
04.21 01:04
USDTFlash.exe
04.21 01:04
newfour.exe
04.21 01:04
nircmd.exe
04.21 01:04
dwinxp64.exe
04.21 01:04
rr.exe
04.21 01:04
Deku_X_Cheat.dll
04.21 01:04
random.exe
04.21 01:04
Explerer.exe

Latest News
04.21 03:04
본아페티, 미국 와이오밍 S급 벤토나이트...
04.21 03:04
TSMC Warns of Limits o...
04.21 03:04
코오롱베니트, 자체 개발 ‘AI 비전 인...
04.21 02:04
뮤즈라이브 키트앨범, Those Damn...
04.21 02:04
쿠도커뮤니케이션, ‘2025 TXOne ...
04.21 02:04
Preventing Galvanic Co...
04.21 02:04
엠리무진, ‘디 올 뉴 팰리세이드 하이리...
04.21 02:04
케이토네트웍스, 단일 벤더 SASE 플랫...
04.21 02:04
시큐아이 'BLUEMAX WIPS', W...
04.21 02:04
엔키화이트햇, K-CTI 2025서 ‘O...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_utxsr0o0.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	8ad810caf4da8eb5_ogafcj7v.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ogafcj7v.dll
Size	3.5KB
Processes	2812 (csc.exe) 2544 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`582a86c092e3be93ff23a71e56d2c292`
SHA1	`cff9a59e83f43fdba8e2442329fcd93bb1223511`
SHA256	`8ad810caf4da8eb5b11dd659485c55850bd927cb4d955e448710ced47fc50448`
CRC32	`DBB982AF`
ssdeep	`24:etGSxdJ2afDY5H7Le7tl0/cor7bdPtkZfEmbXIJKNkx765dmI+ycuZhN1akSDPNq:6VRfEd3a0/copuJEmLNOu5Y1ul1a3pq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9d6f6e1fe9b40ddf_utxsr0o0.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.cmdline
Size	311.0B
Processes	2544 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bef02b9959bcdd278286826a9411c6d7`
SHA1	`4a9694983701eecd311999cc3383ab00ccdc9b39`
SHA256	`9d6f6e1fe9b40ddf05cd15de9cdbfbd8b45122080392e630ec8afcc3585c18a7`
CRC32	`9AC138F0`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fZO1HwmGsSAE2NmQpcLJ23fZOP:p37LvXOLMhOVwnPAE2xOLMhOP`
Yara	None matched
VirusTotal	Search for analysis

Name	989ca7b9768456d7_ogafcj7v.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ogafcj7v.cmdline
Size	311.0B
Processes	2544 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`67f7936e14a7ed8d2aaaa324a4d080a4`
SHA1	`dc8185b8215ff5eb663a64cc5094ca25b840b3fe`
SHA256	`989ca7b9768456d7b30d183b22bc53778849fe8446c7c243b03a152bddee015a`
CRC32	`C6EBB5E2`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fuEewmGsSAE2NmQpcLJ23fuEc:p37LvXOLMewnPAE2xOLMc`
Yara	None matched
VirusTotal	Search for analysis

Name	1f8a9c648b5579e9_RESFCC0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFCC0.tmp
Size	1.2KB
Processes	2860 (cvtres.exe) 2812 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`feeb4ddd9c6ad0f9ae1064b7fa45be4a`
SHA1	`e4832e1bf6c67755a00fbdd1905809cc61094216`
SHA256	`1f8a9c648b5579e9586219b6b333e4481094c665ad288e0dba98a46047d19982`
CRC32	`9BB4A573`
ssdeep	`24:HnJ9YerndNmHTUnhKLI+ycuZhN1akSDPNnqjtd:wernHmAnhKL1ul1a3pqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	c2b62c2c5da0ee38_CSCFACB.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFACB.tmp
Size	652.0B
Processes	2720 (csc.exe)
Type	MSVC .res
MD5	`664c83cac0a043e33e591facd20f5e3c`
SHA1	`0f7e35331a0f33295efb5f3da66ec81a78f3b1a4`
SHA256	`c2b62c2c5da0ee3858a56f2a03553cc545c1ce84c4e82b9f06d84d201097bb73`
CRC32	`5068509A`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryKs9ak7YnqqHsSPN5Dlq5J:+RI+ycuZhNlakSDPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	5fed6484d04195d1_ogafcj7v.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ogafcj7v.pdb
Size	7.5KB
Processes	2812 (csc.exe) 2544 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`5f48ca92d55b0d4e3a6da0e386059c97`
SHA1	`da7be8733526082c35920f98554b32beb423ee39`
SHA256	`5fed6484d04195d171b97a5906e47857c46eb056c3e8ae3d2d3bbd4f4189e056`
CRC32	`86CE6CF9`
ssdeep	`6:zz/BamfXllNS/EGst31mllxrS/77715KZYXxGQu+e0KpYX3GMoGggksl/cEDf:zz/H1W/ERlSXS/pw2q0BRD`
Yara	None matched
VirusTotal	Search for analysis

Name	c74de0172514acf3_RESFADB.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFADB.tmp
Size	1.2KB
Processes	2764 (cvtres.exe) 2720 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`89cea51816c02bcaafdd455017a7deb1`
SHA1	`e67434ec199f7ff65038213349f1582b43b4aedd`
SHA256	`c74de0172514acf37c34c3c2e4f8f5f28a71b3c5b7469fd8ff715e1a25f24109`
CRC32	`CEB58E46`
ssdeep	`24:HnJ9YernB6AmHiUnhKLI+ycuZhNlakSDPNnqjtd:wernUAmdnhKL1ulla3pqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	1b10b43304707a50_CSCFCAF.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFCAF.tmp
Size	652.0B
Processes	2812 (csc.exe)
Type	MSVC .res
MD5	`7b049be2680883141a3ade36886566f6`
SHA1	`596c595f73b406f63bb971008f223d43c051fe6e`
SHA256	`1b10b43304707a505d1c490d9d5185fd4f69bab03f76d67459056a067215b8c4`
CRC32	`82D7D55E`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryfPak7YnqqUoPN5Dlq5J:+RI+ycuZhN1akSDPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	cbc63b57aa0dc6b5_utxsr0o0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.dll
Size	3.5KB
Processes	2720 (csc.exe) 2544 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b0cdd77bdff6e9fe6766807605199e40`
SHA1	`fa9797d2c25ac80b5199049c15bb83908e3e2ff8`
SHA256	`cbc63b57aa0dc6b5cff0c953cad9fb92ee8eca358f39ce3f7a976b45dc79c12e`
CRC32	`49C88290`
ssdeep	`48:6OgpKXTzIb//J6D7uJP7qhXhOt1ulla3pq:4l8Rx53K`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d9dfbb8b732f54f4_utxsr0o0.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.0.cs
Size	261.0B
Processes	2544 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text
MD5	`9b6c82997db035ddd077b5960a13d19a`
SHA1	`d780a10d4476c2c3692862bea6e6488bc68ecb74`
SHA256	`d9dfbb8b732f54f4e863de056cdc94f141b340690a7426fadcf972d9d045f925`
CRC32	`46A36266`
ssdeep	`6:V/DsYLDS81zu1q/FMRSRNuhmwpS2TiW77y:V/DTLDfuY+mwphpy`
Yara	None matched
VirusTotal	Search for analysis

Name	71a09a41ef72b349_ogafcj7v.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ogafcj7v.out
Size	607.0B
Processes	2544 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`9e2520ae8282000dcd9f8702994e25ea`
SHA1	`e2e8298fc7b990121b9ee220abe610c9ab1a9ad5`
SHA256	`71a09a41ef72b3493a3729aaeceff47e361b4192d12364cd076da0d64a9d249c`
CRC32	`82241DA0`
ssdeep	`12:K4OLM9nzR37LvXOLMewnPAE2xOLMJKai31bIKIMBj6I5BFR5y:K+9nzd3BewnIE2nJKai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	64a366214658ca1d_utxsr0o0.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.pdb
Size	7.5KB
Processes	2720 (csc.exe) 2544 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`81660f5048a473e0b55908dfc0f7cd17`
SHA1	`efac63fd5c28b1102ab73f68b9a5cf9b24ac6e79`
SHA256	`64a366214658ca1dfd3ef6b88e1799ac7d16e45ffa3ea5a582e4fc0e592055f4`
CRC32	`B0D13D5F`
ssdeep	`6:zz/BamfXllNS/YpMilbIlP1mllxrS/77715KZYXxGQu+e0KpYX7pMilbINoGggkI:zz/H1W/YpMEIltSXS/pw2qIpMEINRD`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2544 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d308d2c91cfa3925_ogafcj7v.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ogafcj7v.0.cs
Size	326.0B
Processes	2544 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text
MD5	`c395adb422eedb33ae024d833117df7e`
SHA1	`867155f355a29dd4423f954234f97681582c5625`
SHA256	`d308d2c91cfa3925ec5200dc34b41ece26a8ce2588b98afd3050ef3a061b7f2d`
CRC32	`BC44D852`
ssdeep	`6:V/DsYLDS81zu1jXTMRSRBHALR53vCS2RpJFqmzqsYEzfslUSmXhPVEcyFQy:V/DTLDfu9LtcJCrpJFqmmsiCnPScyKy`
Yara	None matched
VirusTotal	Search for analysis

Name	bed6cd0549c1d715_utxsr0o0.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\utxsr0o0.out
Size	607.0B
Processes	2544 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`0421952f4737df2df5c20cf9e7161e7f`
SHA1	`fcfd6cced8071cd6991b1965d511a6a37e21ec62`
SHA256	`bed6cd0549c1d715e316bb80b3ac1aff5acba1134db9299b8ce2fc3b8ee6a403`
CRC32	`0F09D7C6`
ssdeep	`12:K4OLM9nzR37LvXOLMhOVwnPAE2xOLMhO2Kai31bIKIMBj6I5BFR5y:K+9nzd3BhOqnIE2nhO2Kai31bIKIMl6v`
Yara	None matched
VirusTotal	Search for analysis