Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.30 02:04
BEWERBUNG.pdf.htm
04.30 01:04
BEWERBUNG.pdf.htm
04.30 01:04
Adobe%20PDF.hta
04.30 01:04
VXCX.exe
04.30 01:04
test.ps1
04.30 01:04
rah.exe
04.30 01:04
Microsoft.hta
04.30 01:04
XZCADEEW22.exe
04.30 01:04
CZXZDTGS.exe
04.30 01:04
ui.exe

Latest News
04.30 02:04
노르마, UAE 알 파르단과 양자 R&a...
04.30 02:04
모니터랩, 인도 기업 ‘Velosting...
04.30 02:04
굿모닝아이텍, 클라우드 SaaS 사업부문 신설
04.30 02:04
Back to Reality with t...
04.30 02:04
넷앱, 스토리지 계층 사이버보안 표준 새...
04.30 02:04
Xiaomi Joins China AI ...
04.30 02:04
Toyota to Partner With...
04.30 02:04
한국핀테크지원센터, ‘2025년 핀테크 ...
04.30 02:04
KISA, 공공기관 고객만족도 조사 최고...
04.30 01:04
레퍼런스체크코리아, 커리어플랜과 전략적 ...

Dropped Files | ZeroBOX

Name	8f65223004a75f44_verswindowsupdatebypass.txt Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\sys\verswindowsupdatebypass.txt
Size	3.0B
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	ASCII text, with no line terminators
MD5	`7fd3cdaaba74a0b0ef3d707a8545df7c`
SHA1	`58e6d386c363c2665ea43e7a57f0a497da13416e`
SHA256	`8f65223004a75f44404f485a1e84090699acef51f39de9411d6d9b377ae859a5`
CRC32	`6952FA96`
ssdeep	`3:SSn:SSn`
Yara	None matched
VirusTotal	Search for analysis

Name	b513c2f57579cdc2_unins000.dat Submit file
Filepath	C:\Program Files (x86)\Windows 11 Update Bypass\unins000.dat
Size	3.8KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	data
MD5	`a7e67c1dd855d17b9ff1dfa306df20b3`
SHA1	`197866b31a702c6f367090d92a93bb2ff2222a1d`
SHA256	`b513c2f57579cdc230716a9d8d3acb25cb110edb2276eaf98022167900ce4c53`
CRC32	`41650DD8`
ssdeep	`48:aJR5ZdidXrCy1Qdsd7dgdUded+dddSd+dZd7YVdS4Pd5rCycrCym+cxDxvx0vxee:kR2C09QHC9CacfvuvHhms`
Yara	None matched
VirusTotal	Search for analysis

Name	771ceb5a45a3fb73_Windows Update.exe Submit file
Filepath	C:\Program Files (x86)\Windows 11 Update Bypass\Windows Update.exe
Size	768.5KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9275f57a56340dbdda1ca71be4fb7149`
SHA1	`8d6c0f297da8e2f584fda92b87291272c2474beb`
SHA256	`771ceb5a45a3fb73fa1e7843be34f9c88f541e815eeb469592e127345a9e254d`
CRC32	`8606B6E2`
ssdeep	`24576:ya8ea8NutGp+8H0Mpapm+rJVXLp/pAFwpSpp6MmBJpINiq/Z5pyXnpd1:hutGp+8H0Mpapm+rJVXLp/pAFwpSpp61`
Yara	Malicious_Library_Zero - Malicious_Library Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c3ab2a359bedaa19_windows update.xml Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\windows update.xml
Size	688.0B
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`6ee9ba1221607fa2420354c7f29b59de`
SHA1	`b7bf4732532e0655da504a3e5b4f59b455e241b3`
SHA256	`c3ab2a359bedaa19ee1f50b196cd029d31ebb2ef3ed21a1dc0ace1c88cedafaf`
CRC32	`8BB9848C`
ssdeep	`12:MMGtdMrc+i3D+Wa3QRCDn+bG8YQRCD6R02Vh+KNboQR3puu:88IWWaAHG8vdhNbf/uu`
Yara	None matched
VirusTotal	Search for analysis

Name	2f59fe45928ac08c_ico2.ico Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\imm\ico2.ico
Size	232.2KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	MS Windows icon resource - 1 icon, 255x226, 32 bits/pixel
MD5	`8adabb74199d5319754aa6130a5e3752`
SHA1	`7d8e33a139026a1a631ceeedd363eb467a1d3bd8`
SHA256	`2f59fe45928ac08c52adee7e6e1c7b86423e656f5b46e7d907b33db7c4c7d873`
CRC32	`C030BFFB`
ssdeep	`3072:hUap+fkNF2uaoefeMKUlxS+kG/0iR6CbuNEfcYH5eUnUA3FwyDlj:h/+fkvSYMKOz6CiNEfcm7j`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	9106223fbe1fed1f_Windows_11_Update_Bypass_Setup.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-EE47J.tmp\Windows_11_Update_Bypass_Setup.tmp
Size	3.2MB
Processes	2560 (Windows_11_Update_Bypass_Setup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d3591ce69d20c1e4375df04db5a0d728`
SHA1	`d04105dbdba43de02ee920e8213239ce51b91af0`
SHA256	`9106223fbe1fed1f31ddc89491527d950a6da3c65cde0638a01619bf27f44a07`
CRC32	`C49228A2`
ssdeep	`49152:fdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEj2333uj:EHDYsqiPRhINnq95FoHVB2333O`
Yara	Malicious_Library_Zero - Malicious_Library ASPack_Zero - ASPack packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	7a38204007a041da_unins000.exe Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\unins000.exe
Size	3.2MB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`63e3ca5303e53af0ec68c2f59eb2a00c`
SHA1	`8315a7c9bc6aa2e32cf665a678e5082e5ffcac80`
SHA256	`7a38204007a041da2e1c2a3bfa0c7e9f661485672904cb95522e8aaec6301c47`
CRC32	`64A8174D`
ssdeep	`49152:ndx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEj2333uX:sHDYsqiPRhINnq95FoHVB2333M`
Yara	Malicious_Library_Zero - Malicious_Library ASPack_Zero - ASPack packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9169cba3c8c9a9e0_lingua.txt Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\sys\lingua.txt
Size	7.0B
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`d7d1560b9be5f5161d4a5c932286decb`
SHA1	`40da203f6d55dd9a908d995e2c3760515216d049`
SHA256	`9169cba3c8c9a9e04dc5f812a6ccacf7129653c155a67b8ad19c252b00c80405`
CRC32	`52CC737B`
ssdeep	`3:Av:Av`
Yara	None matched
VirusTotal	Search for analysis

Name	59eabf660a7e7b0d_windows update.pdb Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\windows update.pdb
Size	73.5KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	MSVC program database ver 7.00, 512*147 bytes
MD5	`03bd2da4ed453e67ab4b107fd32beb2a`
SHA1	`15a1ba9707ce370595d6c8067bef92a8c3adf343`
SHA256	`59eabf660a7e7b0d29578eeb837206a6e89487ffc92401738cf5b565b7fa2834`
CRC32	`CFB47E70`
ssdeep	`768:5koZkoCy0uSzM9L4rMkvkw+0MTh/VAxfjy0uSzM9zMkQB:14rMkMwhMThNAxf+MkA`
Yara	None matched
VirusTotal	Search for analysis

Name	5bc91f6263ac9367_bypass_tpm_processore_ram_v.10_22-10-2022.cmd Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\sys\bypass_tpm_processore_ram_v.10_22-10-2022.cmd
Size	2.0KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	ASCII text, with CRLF line terminators
MD5	`49684f66139d6ed7799cb828458a1d58`
SHA1	`89d30d4897bc2d8f8fa61fe8d20e146239eed185`
SHA256	`5bc91f6263ac93674fddbe9b7886254c77c729d97144234a361e808bf6f4e895`
CRC32	`B87C7D1E`
ssdeep	`48:j311yhc5gYPj978pvvtAkbfYgtFjoLWKdwc/LvD0wchG73ugk:j3Qcm4jypXtNr1oRe4LvDp77k`
Yara	None matched
VirusTotal	Search for analysis

Name	acee268e830f4f30_windows update.exe.config Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\windows update.exe.config
Size	186.0B
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`45d18aef241eded19eeaa4de4e7240ee`
SHA1	`78843dbfd0503464c6d909130439cbcf93a99c09`
SHA256	`acee268e830f4f30b545d13e04cbdfd257f2c069ad3ac29f13dea7f9245ae7ce`
CRC32	`495B3C81`
ssdeep	`3:JLWMNHU8LdgCzMvHcIMOofMuQVK/F9URAmIRMNHjFHr0lUfEyhTRpFKaFvREBAWq:JiMVBdTMkIGMfVKNS7VJdfEyFRpwOJuQ`
Yara	None matched
VirusTotal	Search for analysis

Name	95c810b5539a0d62_ico1.ico Submit file
Filepath	c:\program files (x86)\windows 11 update bypass\imm\ico1.ico
Size	262.0KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	MS Windows icon resource - 1 icon, 255x255, 32 bits/pixel
MD5	`8c2c3dcd178cc60fdbb3a32d066a346f`
SHA1	`835328a43f5624fcf469f8318f722ecc7cba61d4`
SHA256	`95c810b5539a0d62d22a5fe9574681ec1c21012695287c9361f3614dcb170b22`
CRC32	`89D9F88C`
ssdeep	`6144:Wo8utGp+8H0Mpapm+rJVXLp/pAFwpSpp6MmBJpINiq/Z5pyXnpdG:38utGp+8H0Mpapm+rJVXLp/pAFwpSppb`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	341ce87ec176a091_windows 11 update bypass.lnk Submit file
Filepath	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 11 Update Bypass.lnk
Size	1.1KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 29 03:50:55 2024, mtime=Fri Nov 29 03:50:55 2024, atime=Thu Nov 10 23:50:12 2022, length=786944, window=hide
MD5	`7617b4a885429a68d79b53ee72554b80`
SHA1	`a4f541ec502eb9f432d5ceeb21e618d1647976f0`
SHA256	`341ce87ec176a091a6f8cbee2f8d9a064e1328d6f176e0dc17db1ce1fc244d8a`
CRC32	`C6C8E5C3`
ssdeep	`24:8m8xyHdOES0QFwUjAk+yMhgdB5XUedB5ZUPPyx:8m8xMdO3ElyugdddKnyx`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-C6OFS.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2636 (Windows_11_Update_Bypass_Setup.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis