Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe
01.17 05:01
beacon.exe
01.17 05:01
remcos_a2.exe
01.17 05:01
ogpayload.exe

Latest News
01.18 10:01
‘Sneaky Log’ phishing ...
01.18 10:01
리튬코리아, 일본 스이린과 리튬 배터리 ...
01.18 10:01
Feds worry AT&T br...
01.18 10:01
AIs in Love, UEFI, For...
01.18 09:01
프롬한라, 제주 유정란 담은 반려견 간식...
01.18 09:01
무암(MooAm), 생성형 AI로 26종...
01.18 09:01
Trinteract Mini Space ...
01.18 09:01
IT Sicherheitsnews tae...
01.18 09:01
IT Sicherheitsnews tae...
01.18 08:01
TikTok’s national secu...

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_491A.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\491A.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	1a9251dc3b3c064c_dinosaur[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dinosaur[1].png
Size	57.7KB
Processes	2644 (iexplore.exe)
Type	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
MD5	`bdda3ffd41c3527ad053e4afb8cd9e1e`
SHA1	`0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b`
SHA256	`1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399`
CRC32	`136A1553`
ssdeep	`768:C7Fv/DCdkYu6D+4+T9Z3PYLwkz5Z1sVvxjhL1y4ViUnMQCIR7N0gZ9fkJeZvPxG/:avJx6Dr+7PYRzz1yho4LCQL3kJEvJy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f96168c5424f1bba_qw3hzqngedjao2m6tqiqx5e-avs5_rsejo46_pctrspj0oosolrbejl3hmxfxqaslul2m_danvawbpsf[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF[1].woff
Size	15.7KB
Processes	2644 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 16064, version 1.1
MD5	`abdc8e6afbaa73ba597c324fc3b406a7`
SHA1	`2377637714b411ed4a9f17ceb50cf8b5b1f6325e`
SHA256	`f96168c5424f1bba2850136b382125b1e3b29b7ebe667ed4400fc72d68cee43c`
CRC32	`C1E243E3`
ssdeep	`384:VCe221gKo9IPiwUYBt8jainMwYedOStxi7g+s23zvT8Eb:rgKoPMGjaqM9mi0+s23zL`
Yara	None matched
VirusTotal	Search for analysis

Name	bb188bb8d67909f0_{6bbe2366-71f5-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BBE2366-71F5-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	2580 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`10c1e5cb3262031e398de69a7ac163c0`
SHA1	`b1b7b4378d89eaf41e2a8f4ca7e6210a3c92b9f5`
SHA256	`bb188bb8d67909f0e427ab429a15fcea5b6f7a2385db3205f1b965b642d76108`
CRC32	`E1AF3E76`
ssdeep	`12:rl0ZGFjrEgmfQB06Fb6DrEgmfh0qgNNlTVbaxGNlx/U9baxk7b9QWll69:r3G6OGmNNlpTNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	9ce7f3ac47b91743_kfolcnqeu92fr1mmeu9fbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
Size	20.1KB
Processes	2644 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20544, version 1.1
MD5	`40bcb2b8cc5ed94c4c21d06128e0e532`
SHA1	`02edc7784ea80afc258224f3cb8c86dd233aaf19`
SHA256	`9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1`
CRC32	`2CDC4561`
ssdeep	`384:yIaxgESUyNlegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyn:yIw8UElewHxRmqd8PdwLLeR/ZLGwZLbX`
Yara	None matched
VirusTotal	Search for analysis

Name	6fb31acdaf443a97_edgium[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\edgium[1].png
Size	7.0KB
Processes	2644 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`01010c21bdf1fc1d7f859071c4227529`
SHA1	`cd297bf459f24e417a7bf07800d6cf0e41dd36bc`
SHA256	`6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e`
CRC32	`C5C47D22`
ssdeep	`192:vRb1blB+w3GiZiTUH3Fxkiss/qophQc+PvzFDdSqqF:vXPLgo1xkteqkOvh5SqqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	20fad8097502c4e4_css[3].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[3].css
Size	354.0B
Processes	2644 (iexplore.exe)
Type	ASCII text
MD5	`1bb2a157e6de2f7e7078a5aaef8516a0`
SHA1	`877ce405de56783d9351b524cfcd0c7da02627a9`
SHA256	`20fad8097502c4e4256f6acaa5a88a4f71e48bef44a3412d7cbaa54af6d1aa94`
CRC32	`D99E72F0`
ssdeep	`6:0IFFli+56ZRWHTizlpdAxI6sVuNijFFli+56ZXizlpdAxI2JNin:jF/iO6ZRoT6pix3sEqF/iO6ZX6pixRJY`
Yara	None matched
VirusTotal	Search for analysis

Name	bba900e8dc192c09_8xsgsw11.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\8XSGSW11.txt
Size	129.0B
Processes	2368 (iexplore.exe)
Type	ASCII text
MD5	`556e337d799f6e8e8a6ce6217624cdc7`
SHA1	`05ef85da7adae6972a1520e239bd989346cb6b4f`
SHA256	`bba900e8dc192c095ea46171a74fd483fdc190418f69c8ab889027cc0f74f265`
CRC32	`04FBA92A`
ssdeep	`3:LDM8vUEgz2qO1GAOgwqxVmSAJ3uJcSMMVMUXvbUmNFUjaTWln:Lg+7gKqOp5xVlK+SVUMUXvDTCZ`
Yara	None matched
VirusTotal	Search for analysis

Name	02f95fbdb68f232b_opera[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\opera[1].png
Size	2.3KB
Processes	2644 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`5cb98952519cb0dd822d622dbecaef70`
SHA1	`2849670ba8c4e2130d906a94875b3f99c57d78e1`
SHA256	`02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7`
CRC32	`AD4AD45A`
ssdeep	`48:T/9xo755n07P4gcVK+VJOuCORmJtLnzvzNkYzGQqvz3EP3/pFqcU:no755nQPeVKMbNYJtLzvxkMheEP3/3s`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f2abf7fbabe298e5_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	2644 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20344, version 1.1
MD5	`d3907d0ccd03b1134c24d3bcaf05b698`
SHA1	`d9cfe6b477b49d47b6241b4281f4858d98eaca65`
SHA256	`f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f`
CRC32	`B5ADEB16`
ssdeep	`384:pVO/VZJNNePVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkA4Y:pVQemOSu1guh+fZhLSxkAN`
Yara	None matched
VirusTotal	Search for analysis

Name	c3dea90ca9898500_492B.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\491A.tmp\492A.tmp\492B.bat
Size	124.0B
Processes	2940 (6PI22HQ.exe)
Type	ASCII text, with CRLF line terminators
MD5	`dec89e5682445d71376896eac0d62d8b`
SHA1	`c5ae3197d3c2faf3dea137719c804ab215022ea6`
SHA256	`c3dea90ca98985007f0de66bf0197fdcd2d4a35e365135bf37a18a4895d81668`
CRC32	`18EC74F9`
ssdeep	`3:NNgr+jn3lYrSLYXqhSCMLQXjn3lYrSLUxGTCjn3lYcKVJ3uD:Nu+DuGLYX2SPLQXDuGLUxGeDucw+D`
Yara	None matched
VirusTotal	Search for analysis

Name	482fed1a79de8171_accounts_google_com[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\accounts_google_com[1].htm
Size	329.0B
Processes	2368 (iexplore.exe)
Type	gzip compressed data, last modified: Fri Jan 19 20:33:04 1996, from TOPS/20
MD5	`272c0292045b051231365e28d2396370`
SHA1	`6dbbd562f5f8e07c67bb4187c92d8d9bfa263723`
SHA256	`482fed1a79de8171720acef0bf4aace88d8d9903a6fce879f05eb5ee8b32fff2`
CRC32	`F69CAC56`
ssdeep	`6:XtZTC/VGTGTGTGUlU8SXCtnx2vPjUe+VZ/tif5YcADh/EpMyztr:XDG2UXCtnKPozTixnANEpMo`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6f5d8f32f13d58_yt_logo_rgb_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\yt_logo_rgb_light[1].png
Size	9.0KB
Processes	2644 (iexplore.exe)
Type	PNG image data, 1588 x 356, 8-bit colormap, non-interlaced
MD5	`d654f892f287a28026cd4d4df56c29c8`
SHA1	`98779a55fe32a66ebec8338c838395d265e45013`
SHA256	`fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8`
CRC32	`ADDC0391`
ssdeep	`192:xTgkM9IY3KfGF7OhNzYlIgLUZt6oBhRLpiUQgkM4ICB6CvE9:NNM9IY3DF60lA6kLpbQgkdze`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0f85a460508e13e8_css[2].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\css[2].css
Size	311.0B
Processes	2644 (iexplore.exe)
Type	ASCII text
MD5	`abf4a58313e9cb88d0aa60fa2f66cab2`
SHA1	`ddfc2aabd0426c23e21070528b302f483ac4b724`
SHA256	`0f85a460508e13e863d0de5174f053e7d6c6adf7e8c627f6810210dfe34d7892`
CRC32	`BFE53539`
ssdeep	`6:U+4OUr940FFTf21C5+56ZXizlpdaQHHcKK8ueiyAZ4wcM4Nin:UJO6940FRt5O6ZX6pt8k+5crY`
Yara	None matched
VirusTotal	Search for analysis

Name	4cf5b584cf79ac52_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	2856 (explothe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e913b0d252d36f7c9b71268df4f634fb`
SHA1	`5ac70d8793712bcd8ede477071146bbb42d3f018`
SHA256	`4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da`
CRC32	`3D1216D0`
ssdeep	`1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU19aB89p:RoUCWbBNpplToUs1uNhj25LJU/aB89p`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	06f1881b654e2f70_recoverystore.{6bbe2365-71f5-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6BBE2365-71F5-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	2580 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`09dce2d2d829de80bd00ece3f0416140`
SHA1	`8ef91394c9927630f67114c7483e708de8ad2569`
SHA256	`06f1881b654e2f7053e1a48c14ae9d6e5723c9377ea3f75906bbfb69864c2efb`
CRC32	`3CF79523`
ssdeep	`12:rlfF2xvOrEg5+IaCrI0F7uF2FsrEg5+IaCrI0F7+gQNlTqbaxsdbhFNlTqbaxsdM:rqxvO5/lFs5/HQNlWTdbhFNlWTdM`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	5f3c80056c7b1104_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	273.0B
Processes	2856 (explothe.exe)
Type	HTML document, ASCII text
MD5	`a5b509a3fb95cc3c8d89cd39fc2a30fb`
SHA1	`5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c`
SHA256	`5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529`
CRC32	`D879A09E`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaGjEcXaoD:J0+oxBeRmR9etdzRxGezH0qa5ma+`
Yara	None matched
VirusTotal	Search for analysis

Name	39f9942adc112194_firefox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\firefox[1].png
Size	9.1KB
Processes	2644 (iexplore.exe) 2368 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7f980569ce347d0d4b8c669944946846`
SHA1	`80a8187549645547b407f81e468d4db0b6635266`
SHA256	`39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7`
CRC32	`AD988195`
ssdeep	`192:swtZ0EaLRTVeaA8vS4ooLD76IujS/izb8dSEG07bjHG/T7emn3CtmVU:lgbNJeahv3BLKjS/inwBG0PjcemnKZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	846a9b551e74f824_chrome[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\chrome[1].png
Size	6.1KB
Processes	2644 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ac10b50494982bc75d03bd2d94e382f6`
SHA1	`6c10df97f511816243ba82265c1e345fe40b95e6`
SHA256	`846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd`
CRC32	`601FBBE8`
ssdeep	`96:JSI2DA4yfvxQfGx7VW/Jagwy8dwMwjU9KgmgJLdcJLHZp5r8wdDMhlJGD/nmw8v6:8dDA/gidaUswM5bwSoaew8v6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9545ae8baca68f29_dmdi7sy4.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\DMDI7SY4.txt
Size	275.0B
Processes	2644 (iexplore.exe)
Type	ASCII text
MD5	`a1814adf56e7e132d8264b3d95805105`
SHA1	`5c8c96df8806b1a8012881b6ba8f262b71b0b24a`
SHA256	`9545ae8baca68f29855c71950f16ef651c8b247d164bde79318831cc52ea5536`
CRC32	`ECBC1D80`
ssdeep	`6:2UdGkxGRXbWWRnqx4QGRXbUFbF6H0oMNGRXbUFbzZ:2ctGRXbWCnI3GRXboa0oMNGRXbyZ`
Yara	None matched
VirusTotal	Search for analysis

Name	5390defb8f8bd2ac_{6bbe2367-71f5-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BBE2367-71F5-11EE-948E-94DE278C3274}.dat
Size	9.5KB
Processes	2580 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`cebee52443908f468dfed08b26ae9db6`
SHA1	`d3b2ef84d3d5cfde56864fcdcf5506bd0821bf01`
SHA256	`5390defb8f8bd2ac4fa984fe3ee66f5a68f1c79441df8564ebd299be4b8ce902`
CRC32	`9EC84FEE`
ssdeep	`96:8YQ6nHnbcdtQ6n6UQ6nHntnbwQ6nHnb6Q6nHnbgQ6nHnbYow7P1fYQ6nHnbA:z3Hit36U3HFk3H23H03HIdfY3H0`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis