Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.16 02:11
HPE security advisory ...
11.16 01:11
Malicious QR codes sen...
11.16 01:11
Microsoft Edge securit...
11.16 01:11
More bugs in Palo Alto...
11.16 01:11
Malicious QR codes sen...
11.16 01:11
Cofense Intelligence I...
11.16 01:11
How Runtime Insights H...
11.16 01:11
Akamai?s Perspective o...
11.16 12:11
김수키 에서 만든 피싱 사이트 동덕여자대...
11.16 12:11
This Week in Security:...

Dropped Files | ZeroBOX

Name	5993c37fe8dfca6e_3046902713-ieretrofit[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\3046902713-ieretrofit[1].js
Size	26.0KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`85043398f9ca5c22e9a79497cfdd1033`
SHA1	`32fd378df293efe9c26e2e53267b586f92d76011`
SHA256	`5993c37fe8dfca6e242e6e5b7c48ae99c9d41a8fe3d209dd38a0d161516b519a`
CRC32	`E1C93723`
ssdeep	`384:12aOYTYDWsss8m/LFB9qxCXhHotj33fLAVMDXufjWFNPvyQe601DeP+eF4MegkQO:12M1IqkqZvyQetojF4Vgj4Dlagz`
Yara	None matched
VirusTotal	Search for analysis

Name	ea50ac7fddb61a5c_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	2512 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20332, version 1.1
MD5	`dc3e086fc0c5addc09702e111d2adb42`
SHA1	`b1138b84ff19eac5f43c4202297529d389bd09b7`
SHA256	`ea50ac7fddb61a5ce248a7f8b3a31a98fe16285e076b16e6da6b4e10910724bb`
CRC32	`F6DA8D99`
ssdeep	`384:U0iwaxoOUPVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkAOY:75mlUmOSu1guh+fZhLSxkAr`
Yara	None matched
VirusTotal	Search for analysis

Name	416383056b9ae44d_css[2].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[2].css
Size	613.0B
Processes	2512 (iexplore.exe)
Type	ASCII text
MD5	`e061445ce9fa2bcd1ec9ed28fdbae3ab`
SHA1	`50aa0e173c9bffb3dc4b9625a413e3c29e02f56f`
SHA256	`416383056b9ae44d4f3247b8ee2a780620bc9d88eabfad6e487bd6df682efa2e`
CRC32	`92E65C9E`
ssdeep	`12:UJO6940FD7O6ZRoT6pYwE5r37uqF/iO6ZRoT6pixUEqF/iO6ZN76pixQvJY:G9XD7OYs/frR/iOYsNxUv/iOYN7Nxn`
Yara	None matched
VirusTotal	Search for analysis

Name	dd811235eebc317b_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2716 (powershell.exe)
Type	data
MD5	`53022532ed8f602580ffdaed44444fd4`
SHA1	`093d7dacd3e846d7a7f5ecf532f3afc63bac658c`
SHA256	`dd811235eebc317b385893288ddec88c0ff80fb222072397a7faa65ee1effbb8`
CRC32	`05FC75D1`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:UtvXoxtvbHnorxTyQ`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	8684a32d1a10d050_maia[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\maia[1].css
Size	42.5KB
Processes	2512 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`9e914fd11c5238c50eba741a873f0896`
SHA1	`950316ffef900ceecca4cf847c9a8c14231271da`
SHA256	`8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a`
CRC32	`021CA9F6`
ssdeep	`768:xwAbmEw+jAJFnSCZ9vWdmIfhjQucISYsU8/F+:bAJFnSC3W1QXISYsU8t+`
Yara	None matched
VirusTotal	Search for analysis

Name	9d358297f944faf6_2583860411-widgets[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\2583860411-widgets[1].js
Size	147.0KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`240e54a94b26e52448ffc9a3c636a745`
SHA1	`bf5027952004bfda99748df9a6350b7d1acc0bae`
SHA256	`9d358297f944faf6cfd24e3069ef42fa2aaef6fe243b61389a9a02c8d6de9a50`
CRC32	`7A5FF0DE`
ssdeep	`1536:nqiw5y9yYXzWa9M0BoCymryo2z4R8513YQJUSvY/esMSxT1GEN8pEdWltdHgmE4D:lJzrRRevGSv0/oZtXb4Zby`
Yara	None matched
VirusTotal	Search for analysis

Name	049d229c448e844e_alosh.ps1 Submit file
Filepath	C:\Users\Public\alosh.ps1
Size	12.5KB
Processes	2716 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`199afc572f448386b8a72f872b64778c`
SHA1	`012a4e164be0c2b67a58b149e8a4ae48b929e323`
SHA256	`049d229c448e844e1e6d7e30478d986f549c05471764db32ee349f494c3e1314`
CRC32	`79EE6F64`
ssdeep	`384:PyM1vXMlK1iMT758EMd43++2MfbMHMMnMjM+:/1xc43Lh`
Yara	None matched
VirusTotal	Search for analysis

Name	c98b647124c63dea_mem5yags126mizpba-un_r8ouuhv[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\mem5YaGs126MiZpBA-UN_r8OUuhv[1].woff
Size	18.3KB
Processes	2512 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 18744, version 1.1
MD5	`2a6051095e2330fb1a45b836e3ba038e`
SHA1	`1da733c279aa12c3d8857aed80cd910c2b209eae`
SHA256	`c98b647124c63dea93b52bcf6a97a76a6944b9894dc0377b70f8c3b47d91382a`
CRC32	`CACCA3BD`
ssdeep	`384:zawWpQHZNpxHreHjc5bHhYc9ON58zWZnmiN4RHcSd2UrrMKCWX:zawPscLqqO/8zG/4RHvdh33X`
Yara	None matched
VirusTotal	Search for analysis

Name	cbad27c35fbc84e2_blogger-logotype-color-black-1x[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\blogger-logotype-color-black-1x[1].png
Size	1.1KB
Processes	2512 (iexplore.exe)
Type	PNG image data, 112 x 27, 8-bit colormap, non-interlaced
MD5	`a9d652846aeacdf8da5401f6e4d4a409`
SHA1	`6127321cafe0be999bc0c9d952715ede2b9dd83d`
SHA256	`cbad27c35fbc84e2da4280476adeb197566db2750b8b4a79eb7e872db8d8acb7`
CRC32	`66E5D8E4`
ssdeep	`24:pHw9USYaX/4NI/2E9sif2iEOMyraXw0RkG:gtYaX/RsOEOK5RkG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e61660c659c426e4_analytics[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\analytics[1].js
Size	48.2KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`025480759f536e68bdd754e900ce36ac`
SHA1	`49302efe3ae872b0be3a37df4fc4222b8be85b3d`
SHA256	`e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd`
CRC32	`9403457C`
ssdeep	`768:/yR3fYFBCwsNDsP5XqY5TyPnHOl1TY3SoavnVv6PT+CgYUD0lgEw0stZK:/y9g1r5h5UHO/Y3SoL/w0sy`
Yara	None matched
VirusTotal	Search for analysis

Name	7abd7a477c90d6ca_urnm91p8.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\URNM91P8.txt
Size	196.0B
Processes	2512 (iexplore.exe)
Type	ASCII text
MD5	`d2bbf35e4aec588f94f9585335ca7547`
SHA1	`449e92e44534768f989b08c1e986c9ffc4e67e61`
SHA256	`7abd7a477c90d6ca55ed09f0f342d218ccad91355290ba2ec162688a43294c6c`
CRC32	`94A583E4`
ssdeep	`3:qPCJjQuUbdFZBc4v75vXQVLQ9UvUQRTE2V+qx0jLmdQjZBc4v75vHG6cVrcXhQ3I:DEndFZBDvAVL17Hxx0j8iZBDvH7c00a`
Yara	None matched
VirusTotal	Search for analysis

Name	a01a632e56731a85_kfolcnqeu92fr1mmwulfbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff
Size	19.9KB
Processes	2512 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20396, version 1.1
MD5	`68d6dabfe54e245e7d5d5c16c3c4b1a9`
SHA1	`7fdab895eaebecedb3fb5473eab94a1b292cef19`
SHA256	`a01a632e56731a854f35701aa8c3a6a19a113290d9032ff9048f8064c45383bd`
CRC32	`657DC019`
ssdeep	`384:SfXdUIIA0zhyKR28ePpAwxZ5M3py8wtshtdf45DEVTGdYb7H2Q/VEgm:Svdj0zhbRmjIQ8wtsV4lEVGdY3/i/`
Yara	None matched
VirusTotal	Search for analysis

Name	ee850d70656c6a74_blogin[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\blogin[1].htm
Size	306.0B
Processes	2512 (iexplore.exe)
Type	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
MD5	`b15641754c5dc715ba26511ccec8e12a`
SHA1	`839a06e830a48a1bb3af6738eb879d9608c6603d`
SHA256	`ee850d70656c6a7475807baa41aed946ef5889099f7d2583a90842ae002a2270`
CRC32	`DCC9CF95`
ssdeep	`6:XtFyXJFaUZto+opVhUu0sgNOvUjVJt2Xyw8xss0myKo1dDG5/:XPwZTo7h34OvUXty99Gro1dD2/`
Yara	None matched
VirusTotal	Search for analysis

Name	224d95cce0810861_3822632116-css_bundle_v2[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\3822632116-css_bundle_v2[1].css
Size	36.1KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`d390c06d2ab36f422aa956a5422f641c`
SHA1	`3451d2fa56bf7d5f66fd09c79376dd36fab85e46`
SHA256	`224d95cce08108610c46ef4134793dbdd619e43e90e9d9cf42716a08f45222f9`
CRC32	`65924129`
ssdeep	`384:B0OhFvg3AwN6VysImDyPWquJMpx/SCYW0bS8+Rl9yaZwuJ86YKSQCNL/J69nKg9N:B0Oh+/N6nIm6IvW0ErVJwxgngRdFr2`
Yara	None matched
VirusTotal	Search for analysis

Name	5aaf8c7d64664ff5_css[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[1].css
Size	188.0B
Processes	2512 (iexplore.exe)
Type	ASCII text
MD5	`c7e28724ff56496ea7278e03c5da56bf`
SHA1	`638b86af4c9391c558996c4ff8735b95a157b6fb`
SHA256	`5aaf8c7d64664ff55523e06967d4fb0fa02bbc8d3158c88ec1f150a369c67e11`
CRC32	`2E6B5312`
ssdeep	`3:0SYWFFWlIYCiF15RI5XwDKLRIHDfFWYhfqzrZqcdJ1IuRlGwLYTL5JYARNin:0IFFm15+56ZzhizlpdplB69JNin`
Yara	None matched
VirusTotal	Search for analysis

Name	ecb30886406e3f77_gradients_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\gradients_light[1].png
Size	403.0B
Processes	2512 (iexplore.exe)
Type	PNG image data, 20 x 1100, 8-bit/color RGBA, non-interlaced
MD5	`4f7de2e6afefb125b1f14fa5cda610ee`
SHA1	`57a145f234b504a73f9d55cf39f2231a04719456`
SHA256	`ecb30886406e3f776ff7bc3834de849944471e626ff148bed2fa389d02866044`
CRC32	`DC34595E`
ssdeep	`12:6v/74Qlk8WIyzs740Oc5maj4m3YULe3dk:Hgk8uw740OcWAY13dk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	21cc4dc6c3c01b84_3101730221-analytics_autotrack[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\3101730221-analytics_autotrack[1].js
Size	24.7KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`094ce5dcaccf632457ae9fbf4f325399`
SHA1	`87e144f51c7bee2d624709c8f596037a92d06e66`
SHA256	`21cc4dc6c3c01b84c808004173f42e3ed1b4f09551a10d69b4cec7394a1590e6`
CRC32	`AFC34DF4`
ssdeep	`768:xkt9hXjJ9UP+8qeyDVrQi7xD21qTOxcVB9yNGY:xc9hXjJYyDVrQi7xD21qTfBg`
Yara	None matched
VirusTotal	Search for analysis

Name	0fdcb4746995f0d5_body_gradient_tile_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\body_gradient_tile_light[1].png
Size	95.0B
Processes	2512 (iexplore.exe)
Type	PNG image data, 10 x 10, 1-bit colormap, non-interlaced
MD5	`3b2a20d5b0ba4ca0c5dd90865ad6b9c4`
SHA1	`a90928a16d11d21e112b45b60990a9d7d19cc1d5`
SHA256	`0fdcb4746995f0d5240e5ec11370cb950722a894f3cff4118aa68ccc92010edd`
CRC32	`B96E65DC`
ssdeep	`3:yionv//thPlH1kmlS1jmTQ9IyehXhbp:6v/lhPcS5TeIFdhbp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0fc52ef116f03fd9_281434096-static_pages[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\281434096-static_pages[1].css
Size	3.7KB
Processes	2512 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`b3e61df6e41a93485461f77324fcd93e`
SHA1	`46efb1044ff1cb854e02bcb49ada1d501ce0aff4`
SHA256	`0fc52ef116f03fd95f9857856f1e2cbdfa2cacc398e066db0d8d5481739bc2d7`
CRC32	`A124C187`
ssdeep	`96:Tpnj64Z4HufeAA4DhRXRBd031AkDhRXRBd039YAH/hv:xjnRfp`
Yara	None matched
VirusTotal	Search for analysis

Name	737d179cca0dc6ec_run.ps1 Submit file
Filepath	C:\Users\Public\run.ps1
Size	316.0B
Processes	2716 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e1bde97f0018bf1af98e2d8c7f337770`
SHA1	`2f3e9816c62cb89c59581ddbf6a1fdfc8f33c670`
SHA256	`737d179cca0dc6ec132013df7ad99891454c257ec0a7f50565db1bce20592e4d`
CRC32	`20BE8A06`
ssdeep	`6:Cf6A8vyUdkwc1+EWlFgIKNBW7aHPWyAofaqJ2pS33Y9s8AV/j9j1jqtE96Nj:/TLktkEqgIKqAAZ6d33Y9s8AV/jR1aEk`
Yara	None matched
VirusTotal	Search for analysis