Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 09:04
Kt 엠모바일(ktm 모바일) 유심보호서...
04.30 09:04
New Slips version v1.1...
04.30 09:04
Secrets leaks increase...
04.30 09:04
UK Grocer Co-op Suffer...
04.30 09:04
Marcelo Claure Expands...
04.30 09:04
IT Sicherheitsnews tae...
04.30 09:04
Nach Durows Festnahme:...
04.30 09:04
Dell schützt PowerProt...
04.30 09:04
[NEU] [mittel] IBM Ope...
04.30 09:04
[NEU] [mittel] Docker ...

Dropped Files | ZeroBOX

Name	7341724dc5bc1183_RES9B61.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES9B61.tmp
Size	1.2KB
Processes	1152 (cvtres.exe) 2964 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`692500df0b92cbd68affb9dcb3e30df8`
SHA1	`cee4c6d918e40a2a56126e45fdba1a5110280666`
SHA256	`7341724dc5bc118383f80f384baa74aaacb81349e80507ba4badc1d672d0b6ca`
CRC32	`3F02D012`
ssdeep	`24:HoJ9YernycTmH1UnhKLI+ycuZhNhGakSuXPNnqjtd:JernBmynhKL1ulMa3QqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	f5dd93b97da23b66_CSCB5BE.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCB5BE.tmp
Size	652.0B
Processes	1728 (csc.exe)
Type	MSVC .res
MD5	`a89a4e383d1f3b82034672406fc16e87`
SHA1	`6b61ec5bf42f53671057997fb832c3e832bea460`
SHA256	`f5dd93b97da23b666efcbb5b433a9c3f733ea5622341de02385897c53275a3ff`
CRC32	`7B4625E4`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry2ak7YnqqEPN5Dlq5J:+RI+ycuZhNIakSEPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_F30A.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\F30A.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	cadbd544de1a5cb2_f31c.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\F30A.tmp\F31B.tmp\F31C.ps1
Size	3.3KB
Processes	2568 (Finance.exe)
Type	Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`5451a0b40ed3e107d75163e99fe6ee4d`
SHA1	`926eb2f0d7884815c96664f27cd2c1d9120ccc94`
SHA256	`cadbd544de1a5cb2dc9c87440719b15994000a6d1f1d63c84f5217c49c1ebfd4`
CRC32	`889660D8`
ssdeep	`96:z2ryr1mJvK3cKHp8bKjDKMuBph9J1ABphCzxzvPemD:qhiJe4luB/hAB/M5`
Yara	None matched
VirusTotal	Search for analysis

Name	3adc3e8a6b31b9a5_RESB64C.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESB64C.tmp
Size	1.2KB
Processes	196 (cvtres.exe) 1728 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`0626733e96cf04a8092f6256a17bc744`
SHA1	`471e6695395ea4cb69b296d82a8a0e0593d4dbe7`
SHA256	`3adc3e8a6b31b9a5fbf9f727aced44c731d4e01e53862029bd9ec5e38c881244`
CRC32	`1CF7A1DE`
ssdeep	`24:HmJ9YernxAmH0UnhKLI+ycuZhNIakSEPNnqjtd:LernamfnhKL1ulIa3EqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	c51307b4f56f1d03_dsbups9j.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dsbups9j.pdb
Size	7.5KB
Processes	1728 (csc.exe) 2680 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`c00a42e1236c4b8b30fffee8c7db4035`
SHA1	`2929a547cfa125baadd78f0bc130e3a7c7492f39`
SHA256	`c51307b4f56f1d03f672ad0baa37387a2c307d87a8dab6f93b26a1aa67e380ca`
CRC32	`E2A5D1EE`
ssdeep	`6:zz/BamfXllNS/wC/62IOUPn1mllxrS/77715KZYXhC/62IOUt4ioGggksl/3YXBe:zz/H1W/wCyZSXS/pwQCyR4imqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	e978cfcd4de84b4f_wb0pvs3w.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wb0pvs3w.pdb
Size	7.5KB
Processes	2964 (csc.exe) 2680 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`ab0999e0ba358aef523aae2e1de3bc5f`
SHA1	`949ff0d4d6388350cdd8cf07910e5c8232278531`
SHA256	`e978cfcd4de84b4f92701917105286129c6fcfa31fde28173a9abbf381f4e83c`
CRC32	`960B9B83`
ssdeep	`6:zz/BamfXllNS/Qmkl11mllxrS/77715KZYXzmHMoGggksl/3YXBGQu+e0KWEi+:zz/H1W/z8SXS/pwTHMmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	44e8aa0601fffe82_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2680 (powershell.exe)
Type	data
MD5	`ee6cfd78f72f03663db2a7df0c696dd7`
SHA1	`56126e81a5f6577f8e24a890185d0c9eb600fa02`
SHA256	`44e8aa0601fffe82c494bbc7d7280aa3bc5e90effe2aee2d716d5716e1d6b568`
CRC32	`F27137C4`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCworu4tDHXyGlUVul:EtCgXoRtCgbHnorBTyY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	18f045e2b759dc0e_dsbups9j.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dsbups9j.out
Size	609.0B
Processes	2680 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`def38cb1e19b1792b665c2db6cc7d7d3`
SHA1	`0232d426ea1d60f1b3ff83a26ba480372c3d312b`
SHA256	`18f045e2b759dc0e9c1b6653d2755dd538bd67cb0161ac6a2af4686319b37c2c`
CRC32	`D791897C`
ssdeep	`12:K4OLM9NzR37LvXOLMhenPAE2xOLMcKai31bIKIMBj6I5BFR5y:K+9Nzd3B4nIE2ncKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	b31ca21e223ab7ab_dsbups9j.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dsbups9j.0.cs
Size	316.0B
Processes	2680 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5	`e6a04aa055583c70b4f6043ef67ab9f7`
SHA1	`7de84e412b762c3aa38cc8961bbb13938b15d2a5`
SHA256	`b31ca21e223ab7abe9e61f903da6f9ac39cd192d11fb8312be7a3295db2d3815`
CRC32	`A4A99EB5`
ssdeep	`6:V/DsYLDS81zuo04FM92SRBHALR53/JFqmzqsYEz/KjPVKl5AFQy:V/DTLDfuotEtc9JFqmmsmPSeKy`
Yara	None matched
VirusTotal	Search for analysis

Name	ea590b813a5eec4b_dsbups9j.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dsbups9j.dll
Size	3.5KB
Processes	1728 (csc.exe) 2680 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`32574e903b077160dc002b4a395169d4`
SHA1	`9325d0de0ee1e6c71d399da1e5ff425e34ede89a`
SHA256	`ea590b813a5eec4b2c3226832ed3c471e6ec6824743cc33950f6063794a0e7b5`
CRC32	`6AD4AB01`
ssdeep	`24:etGSgNiG+DmZ1rB7bdPtkZf8bXIJKN5A2W1umI+ycuZhNIakSEPNnq:6TJUHuJ8LN42Wz1ulIa3Eq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	041c75e2ab79f949_CSC9AC4.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC9AC4.tmp
Size	652.0B
Processes	2964 (csc.exe)
Type	MSVC .res
MD5	`10761ca0e02abbe721f27761b4a76de6`
SHA1	`f59ab3aa55fa2f0ce95c1df9bb92a8e61ddaa72d`
SHA256	`041c75e2ab79f9492cbf3ef14bf92bfa0a699e644c5aa81f2ad65e0747496e3b`
CRC32	`D4FFDF35`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryjGak7YnqquXPN5Dlq5J:+RI+ycuZhNhGakSuXPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	d1fa204ce0a46b6e_wb0pvs3w.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wb0pvs3w.0.cs
Size	263.0B
Processes	2680 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators
MD5	`723d6c1d7e6e53b68b6cd3dd73e75ca6`
SHA1	`19494f811512956f9d6255559fbec56537b2436e`
SHA256	`d1fa204ce0a46b6eb691e386a27571b559e6de2fafac5ef0af0f92f1579c5287`
CRC32	`648B9242`
ssdeep	`6:V/DsYLDS81zuo0I2M92SRcBuhmwORXWw9OLtl5Akuy:V/DTLDfuovcB4mwoFcekuy`
Yara	None matched
VirusTotal	Search for analysis

Name	a6416ffde2f27c9e_wb0pvs3w.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wb0pvs3w.dll
Size	3.5KB
Processes	2964 (csc.exe) 2680 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5fc76ea41fcfe7359019ef73d0f92a50`
SHA1	`f6358b55b16851cc855f2f87b608d44a09ade3a4`
SHA256	`a6416ffde2f27c9e870bd90d7a3c421dab3ddf2bede799b68d01ac5ee2a0ac5a`
CRC32	`0DA4AB45`
ssdeep	`24:etGSfdatX2i6g/rJScatbdPtkZfLmTEH6mI+ycuZhNhGakSuXPNnq:6QpFF+uJ6IHJ1ulMa3Qq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4f0450a83793302f_wb0pvs3w.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wb0pvs3w.out
Size	609.0B
Processes	2680 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`73c58494b533a8db4fcb010399765254`
SHA1	`fdcab6c7953b916eaddb5182612ad996a31e92a1`
SHA256	`4f0450a83793302fe571e1d435d13b08fdc141d0a19087519bf652f76c57976c`
CRC32	`C3897207`
ssdeep	`12:K4OLM9NzR37LvXOLManPAE2xOLMvHuKai31bIKIMBj6I5BFR5y:K+9Nzd3BanIE2nvHuKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	44241cd1f5dd8427_wb0pvs3w.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\wb0pvs3w.cmdline
Size	311.0B
Processes	2680 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`a7d472750f5c8ca011b581c4970e688e`
SHA1	`9172c82e8523708fb562e6fe274aafb6b35cd83d`
SHA256	`44241cd1f5dd8427bdc25bc88ebc942e828190a0a27fe91ad9873d29b2243fb7`
CRC32	`C599A74E`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fYOHQmGsSAE2NmQpcLJ23fYKFHn:p37LvXOLManPAE2xOLMvHn`
Yara	None matched
VirusTotal	Search for analysis

Name	347d0aa975ff924f_dsbups9j.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dsbups9j.cmdline
Size	311.0B
Processes	2680 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fce4975648269f02053d437433e6718a`
SHA1	`7b4984a21a2de82d001a9274210a486529a01cf3`
SHA256	`347d0aa975ff924f84245d022562dd7abb804321935046b5107cf389f671d390`
CRC32	`B57A224A`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fXJemGsSAE2NmQpcLJ23fh:p37LvXOLMhenPAE2xOLMZ`
Yara	None matched
VirusTotal	Search for analysis