Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...
01.18 09:01
IT Sicherheitsnews tae...
01.18 08:01
TikTok’s national secu...

Dropped Files | ZeroBOX

Name	46c9ddd2d8f217f5_lngas4ix.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\LNGAS4IX.txt
Size	130.0B
Processes	2276 (iexplore.exe)
Type	ASCII text
MD5	`fdfc1a4cc99dafd83792493e2ed7affb`
SHA1	`7a1a79828ace00e895d6c3f389cf75ff6e6dcf81`
SHA256	`46c9ddd2d8f217f59e118206e0fad39f0989c8c8e88ac71ebbb34443b8528a27`
CRC32	`8E9F6282`
ssdeep	`3:LDM8vUuvbEZwt3bUE5c0QJ3uJcSMJVLtczOU4rcFjWUOQ+n:Lg+PvbSwSE5Ha+SVJtuHFqU/+n`
Yara	None matched
VirusTotal	Search for analysis

Name	1a9251dc3b3c064c_dinosaur[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dinosaur[1].png
Size	57.7KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
MD5	`bdda3ffd41c3527ad053e4afb8cd9e1e`
SHA1	`0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b`
SHA256	`1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399`
CRC32	`136A1553`
ssdeep	`768:C7Fv/DCdkYu6D+4+T9Z3PYLwkz5Z1sVvxjhL1y4ViUnMQCIR7N0gZ9fkJeZvPxG/:avJx6Dr+7PYRzz1yho4LCQL3kJEvJy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f96168c5424f1bba_qw3hzqngedjao2m6tqiqx5e-avs5_rsejo46_pctrspj0oosolrbejl3hmxfxqaslul2m_danvawbpsf[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF[1].woff
Size	15.7KB
Processes	2708 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 16064, version 1.1
MD5	`abdc8e6afbaa73ba597c324fc3b406a7`
SHA1	`2377637714b411ed4a9f17ceb50cf8b5b1f6325e`
SHA256	`f96168c5424f1bba2850136b382125b1e3b29b7ebe667ed4400fc72d68cee43c`
CRC32	`C1E243E3`
ssdeep	`384:VCe221gKo9IPiwUYBt8jainMwYedOStxi7g+s23zvT8Eb:rgKoPMGjaqM9mi0+s23zL`
Yara	None matched
VirusTotal	Search for analysis

Name	d9a9195b8f20ded9_{ae6727b0-7178-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE6727B0-7178-11EE-948E-94DE278C3274}.dat
Size	9.5KB
Processes	1356 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e5d0c8a58b080f504b6e26a5b9a3166a`
SHA1	`2df87ca8af5f7969772a051f89ad815a61db18a1`
SHA256	`d9a9195b8f20ded9c31709fa2dd4b2d400e6016e787549174244a36d596931e5`
CRC32	`D5AA2002`
ssdeep	`192:u3Hbezeid3OG3HlbeG3HbeE3Hbem3HbeR/fs3Hbey:UqBYuRvZB`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	9ce7f3ac47b91743_kfolcnqeu92fr1mmeu9fbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
Size	20.1KB
Processes	2708 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20544, version 1.1
MD5	`40bcb2b8cc5ed94c4c21d06128e0e532`
SHA1	`02edc7784ea80afc258224f3cb8c86dd233aaf19`
SHA256	`9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1`
CRC32	`2CDC4561`
ssdeep	`384:yIaxgESUyNlegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyn:yIw8UElewHxRmqd8PdwLLeR/ZLGwZLbX`
Yara	None matched
VirusTotal	Search for analysis

Name	88268caddfea0502_{ae6727af-7178-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE6727AF-7178-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	1356 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`5aebe01bea8cb643167c6650ffe3ccee`
SHA1	`6a9d6ce7fe4280d73df48249b5313ff10de49337`
SHA256	`88268caddfea05027d4f3f5da9631c93bac0ae770835348abe8bc594e53c0dba`
CRC32	`F35A6F96`
ssdeep	`12:rl0ZGFcOrEgmfQB06FaCbDrEgmfh0qgNNlTVbaxGNlx/U9baxk7b9QWll69:rQOGxC/GmNNlpTNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	6fb31acdaf443a97_edgium[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\edgium[1].png
Size	7.0KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`01010c21bdf1fc1d7f859071c4227529`
SHA1	`cd297bf459f24e417a7bf07800d6cf0e41dd36bc`
SHA256	`6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e`
CRC32	`C5C47D22`
ssdeep	`192:vRb1blB+w3GiZiTUH3Fxkiss/qophQc+PvzFDdSqqF:vXPLgo1xkteqkOvh5SqqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	20fad8097502c4e4_css[3].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[3].css
Size	354.0B
Processes	2708 (iexplore.exe)
Type	ASCII text
MD5	`1bb2a157e6de2f7e7078a5aaef8516a0`
SHA1	`877ce405de56783d9351b524cfcd0c7da02627a9`
SHA256	`20fad8097502c4e4256f6acaa5a88a4f71e48bef44a3412d7cbaa54af6d1aa94`
CRC32	`D99E72F0`
ssdeep	`6:0IFFli+56ZRWHTizlpdAxI6sVuNijFFli+56ZXizlpdAxI2JNin:jF/iO6ZRoT6pix3sEqF/iO6ZX6pixRJY`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_87E8.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\87E8.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	a2c4a6f5a56359ec_recoverystore.{ae6727ae-7178-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE6727AE-7178-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	1356 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cc08e7d0f1557edced051519ce0f9a30`
SHA1	`142ad4c40dc67871d8235534a4db5559f213d301`
SHA256	`a2c4a6f5a56359ec2bcad742164539e8022b421ec688dbca6bf6d6951215e004`
CRC32	`52B99CF5`
ssdeep	`12:rlfF2xrEg5+IaCrI0F7uF2oFOrEg5+IaCrI0F7+gQNlTqbaxfY40NlTqbaxfg:rqx5/lgO5/HQNlWm0NlWH`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	23a1cd1983c632d1_nnt5wa1k.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\NNT5WA1K.txt
Size	278.0B
Processes	2708 (iexplore.exe)
Type	ASCII text
MD5	`4dd7940ee58e374765770d1ac65f848e`
SHA1	`62eb33f1a67d8ca51511c14ea70f66fbcb8d3c24`
SHA256	`23a1cd1983c632d14d33c3873a33ee0eda00f6518fe94f17962562a11f184b9c`
CRC32	`D5AE5373`
ssdeep	`6:2UdGkxGRXbUTwrv0F+26nqGRXbWNHtQ9++KH0oMNGRXbWNHtQ9Ws+n:2ctGRXbr0ddGRXbWNHt90oMNGRXbWNHb`
Yara	None matched
VirusTotal	Search for analysis

Name	02f95fbdb68f232b_opera[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\opera[1].png
Size	2.3KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`5cb98952519cb0dd822d622dbecaef70`
SHA1	`2849670ba8c4e2130d906a94875b3f99c57d78e1`
SHA256	`02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7`
CRC32	`AD4AD45A`
ssdeep	`48:T/9xo755n07P4gcVK+VJOuCORmJtLnzvzNkYzGQqvz3EP3/pFqcU:no755nQPeVKMbNYJtLzvxkMheEP3/3s`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f2abf7fbabe298e5_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	2708 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20344, version 1.1
MD5	`d3907d0ccd03b1134c24d3bcaf05b698`
SHA1	`d9cfe6b477b49d47b6241b4281f4858d98eaca65`
SHA256	`f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f`
CRC32	`B5ADEB16`
ssdeep	`384:pVO/VZJNNePVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkA4Y:pVQemOSu1guh+fZhLSxkAN`
Yara	None matched
VirusTotal	Search for analysis

Name	482fed1a79de8171_accounts_google_com[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\accounts_google_com[1].htm
Size	329.0B
Processes	2276 (iexplore.exe)
Type	gzip compressed data, last modified: Fri Jan 19 20:33:04 1996, from TOPS/20
MD5	`272c0292045b051231365e28d2396370`
SHA1	`6dbbd562f5f8e07c67bb4187c92d8d9bfa263723`
SHA256	`482fed1a79de8171720acef0bf4aace88d8d9903a6fce879f05eb5ee8b32fff2`
CRC32	`F69CAC56`
ssdeep	`6:XtZTC/VGTGTGTGUlU8SXCtnx2vPjUe+VZ/tif5YcADh/EpMyztr:XDG2UXCtnKPozTixnANEpMo`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6f5d8f32f13d58_yt_logo_rgb_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\yt_logo_rgb_light[1].png
Size	9.0KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 1588 x 356, 8-bit colormap, non-interlaced
MD5	`d654f892f287a28026cd4d4df56c29c8`
SHA1	`98779a55fe32a66ebec8338c838395d265e45013`
SHA256	`fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8`
CRC32	`ADDC0391`
ssdeep	`192:xTgkM9IY3KfGF7OhNzYlIgLUZt6oBhRLpiUQgkM4ICB6CvE9:NNM9IY3DF60lA6kLpbQgkdze`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c3dea90ca9898500_87F9.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat
Size	124.0B
Processes	232 (6li43XC.exe)
Type	ASCII text, with CRLF line terminators
MD5	`dec89e5682445d71376896eac0d62d8b`
SHA1	`c5ae3197d3c2faf3dea137719c804ab215022ea6`
SHA256	`c3dea90ca98985007f0de66bf0197fdcd2d4a35e365135bf37a18a4895d81668`
CRC32	`18EC74F9`
ssdeep	`3:NNgr+jn3lYrSLYXqhSCMLQXjn3lYrSLUxGTCjn3lYcKVJ3uD:Nu+DuGLYX2SPLQXDuGLUxGeDucw+D`
Yara	None matched
VirusTotal	Search for analysis

Name	0f85a460508e13e8_css[2].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[2].css
Size	311.0B
Processes	2708 (iexplore.exe)
Type	ASCII text
MD5	`abf4a58313e9cb88d0aa60fa2f66cab2`
SHA1	`ddfc2aabd0426c23e21070528b302f483ac4b724`
SHA256	`0f85a460508e13e863d0de5174f053e7d6c6adf7e8c627f6810210dfe34d7892`
CRC32	`BFE53539`
ssdeep	`6:U+4OUr940FFTf21C5+56ZXizlpdaQHHcKK8ueiyAZ4wcM4Nin:UJO6940FRt5O6ZX6pt8k+5crY`
Yara	None matched
VirusTotal	Search for analysis

Name	4cf5b584cf79ac52_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	2896 (explothe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e913b0d252d36f7c9b71268df4f634fb`
SHA1	`5ac70d8793712bcd8ede477071146bbb42d3f018`
SHA256	`4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da`
CRC32	`3D1216D0`
ssdeep	`1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU19aB89p:RoUCWbBNpplToUs1uNhj25LJU/aB89p`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5f3c80056c7b1104_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	273.0B
Processes	2896 (explothe.exe)
Type	HTML document, ASCII text
MD5	`a5b509a3fb95cc3c8d89cd39fc2a30fb`
SHA1	`5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c`
SHA256	`5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529`
CRC32	`D879A09E`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaGjEcXaoD:J0+oxBeRmR9etdzRxGezH0qa5ma+`
Yara	None matched
VirusTotal	Search for analysis

Name	39f9942adc112194_firefox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\firefox[1].png
Size	9.1KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7f980569ce347d0d4b8c669944946846`
SHA1	`80a8187549645547b407f81e468d4db0b6635266`
SHA256	`39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7`
CRC32	`AD988195`
ssdeep	`192:swtZ0EaLRTVeaA8vS4ooLD76IujS/izb8dSEG07bjHG/T7emn3CtmVU:lgbNJeahv3BLKjS/inwBG0PjcemnKZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	846a9b551e74f824_chrome[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\chrome[1].png
Size	6.1KB
Processes	2708 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ac10b50494982bc75d03bd2d94e382f6`
SHA1	`6c10df97f511816243ba82265c1e345fe40b95e6`
SHA256	`846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd`
CRC32	`601FBBE8`
ssdeep	`96:JSI2DA4yfvxQfGx7VW/Jagwy8dwMwjU9KgmgJLdcJLHZp5r8wdDMhlJGD/nmw8v6:8dDA/gidaUswM5bwSoaew8v6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis