Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
10.02 02:10
66fbfccd837ac_vadggdsa...
10.02 02:10
66fc5c187ba75_lyla343.exe
10.02 02:10
66fbfcc301a31_swws.exe
10.02 02:10
66fbd9a4db4c9_Governme...
10.02 02:10
66fb2538369cb_EdgeUpda...
10.02 02:10
cc.js
10.02 02:10
kixx.js
10.02 02:10
66f55533ca7d6_RDPWInst...
10.02 02:10
SPOOF.exe
10.02 02:10
ienetworkupdateshere.hta

Latest News
10.02 09:10
Pump up your skills: T...
10.02 09:10
Chip Firms Monitoring ...
10.02 09:10
Nvidia Partners With A...
10.02 09:10
Adam Neumann’s Latest ...
10.02 09:10
Talent Gap ‘Critical T...
10.02 09:10
5 Must-Have Tools for ...
10.02 08:10
TI Lookup: Real-World ...
10.02 08:10
RCE Vulnerability in Z...
10.02 08:10
How Hurricane Helene J...
10.02 08:10
heise-Angebot: Das neu...

Dropped Files | ZeroBOX

Name	95d65e85e2bdfa6f_recoverystore.{d4a0bfa5-807f-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4A0BFA5-807F-11EF-AC50-94DE278C3274}.dat
Size	4.5KB
Processes	204 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`98564b802db811fa7e9a889113820e6c`
SHA1	`1b75f7edb1fb1f776187ced9ce0314a96c9c24c6`
SHA256	`95d65e85e2bdfa6fb0141c2ac97c6e2ebdf631732017cef2f693ebcc5de29284`
CRC32	`2FE99972`
ssdeep	`12:rlfF2AHrEg5+IaCrI0F7+F2NUrEg5+IaCrI0F7ugQNlTqbaxTy707Q97ONlTqbav:rqe5/1e5/3QNlWIoCQZONlWIoCbUZUZ`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	9b1314faff00a380_yyt_sflz.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.dll
Size	3.5KB
Processes	2860 (csc.exe) 2120 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`32dec5839a2d277aa893070fdc1d48de`
SHA1	`8d1e73fa66b7d977a1ac86988f8ad524724c2005`
SHA256	`9b1314faff00a380238163ac839278c3e53bbd9ee13d4714c804659ebe11c678`
CRC32	`538D50F5`
ssdeep	`24:etGSoN6G7wcp6wSgkqITK1ETUbdPtkZfqQH1oGmI+ycuZhNYakS0PNnq:6D/9pTMuJqiK91ulYa3Uq`
Yara	Network_Downloader - File Downloader PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9b09e9aa9a7eecce_yyt_sflz.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.out
Size	598.0B
Processes	2120 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`af6b619b2a4b33d6e0cea3f02613ba66`
SHA1	`8379ebe265afc0731226731e053be1ae4d0c8eec`
SHA256	`9b09e9aa9a7eecce4cfcea6819a26095a8fbfd734de5959aa09f46f54fa7bdf6`
CRC32	`9F9C178F`
ssdeep	`12:K4X/NzR37LvXOLMhBmnPAE2xOLMhBaKai31bIKIMBj6I5BFR5y:KyNzd3B6nIE2nmKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	a341b266576ef18b_yyt_sflz.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.pdb
Size	7.5KB
Processes	2860 (csc.exe) 2120 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`45f051c050f783728c28f60a7a5dcdeb`
SHA1	`ec400779bf55fc5d2474ccb27589544a1f2c8dfc`
SHA256	`a341b266576ef18bcf6fa4702bb4c5291008b60a345fd407a724d690cb90fbf9`
CRC32	`8DFFB94A`
ssdeep	`6:zz/BamfXllNS/uMxl/31mllxrS/77715KZYXJMxlyMoGggksl/3YXBGQu+e0KWEb:zz/H1W/uAtSXS/pwOydmqRi`
Yara	None matched
VirusTotal	Search for analysis

Name	ae6a9289442d2912_yyt_sflz.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.0.cs
Size	474.0B
Processes	2120 (powershell.exe)
Type	C++ source, UTF-8 Unicode (with BOM) text, with very long lines
MD5	`e51899cab87aeebfbc4b5895e20dcbca`
SHA1	`743d9d6f1c67e086fa834921c2ba8ad0b1362fb9`
SHA256	`ae6a9289442d29125a158a5b50e7d6fe34119062620dc283f2cf203c53445f79`
CRC32	`B2B71A58`
ssdeep	`6:V/DsYLDS81zu7VoyTFVMmFfplQXReKJ8SRHy4HbmHCmOwKqQy:V/DTLDfuRoWFTQXfHHFwKzy`
Yara	Network_Downloader - File Downloader
VirusTotal	Search for analysis

Name	0ed5b0823e71e0e3_590aee7bdd69b59b.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size	7.8KB
Processes	2120 (powershell.exe)
Type	data
MD5	`f4a8a3e56bca0190031a365f104571cf`
SHA1	`7a4eac7016b8feca961f757cfe05bfeb4b76c10f`
SHA256	`0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41`
CRC32	`E95A2C69`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	879084c688575d83_{d4a0bfa6-807f-11ef-ac50-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4A0BFA6-807F-11EF-AC50-94DE278C3274}.dat
Size	3.5KB
Processes	204 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4d191ab392e7563a98b4e69e5a970ed7`
SHA1	`e63d3f6726d7c821f860cccdeed728c1e97e63f2`
SHA256	`879084c688575d83d264377b1f68e35c18ec5bef89587c9fe289d58394668d5f`
CRC32	`5AF38856`
ssdeep	`12:rl0oXGFDxrEgmfYB76FlrEgmfox7qTNl39baxsKtHaK+whiEr44:ryxGRGASNltilh+MT`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	46b2ad5e7667f85a_yyt_sflz.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.cmdline
Size	311.0B
Processes	2120 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`6baf225f2720daa2ab1efdd0d2da0978`
SHA1	`5a130cbef861a39b7054d81b3553131c6feb5370`
SHA256	`46b2ad5e7667f85a112e538728ff1e3bc2838b3c3c6990d22b4c32cbd0629a79`
CRC32	`539AA500`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fJnBBQmGsSAE2NmQpcLJ23fJnBb:p37LvXOLMhBmnPAE2xOLMhBb`
Yara	None matched
VirusTotal	Search for analysis

Name	79fcd65228f9e70e_CSC5C7E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC5C7E.tmp
Size	652.0B
Processes	2860 (csc.exe)
Type	MSVC .res
MD5	`a224fc7e8ac9c45bb8e5f661b7954efd`
SHA1	`4cbd7762abaf68ff115aff83ddcf3b53c874a854`
SHA256	`79fcd65228f9e70e058bd37e66c09d25f0c99a20a1697983a182e33e1dc8ac3c`
CRC32	`7A1A6D62`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryf+ak7YnqqifPN5Dlq5J:+RI+ycuZhNYakS0PNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	63a647cbb5bf0549_RES5CEC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES5CEC.tmp
Size	1.2KB
Processes	1608 (cvtres.exe) 2860 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`e7d8390caa937191c798d8084f4361c3`
SHA1	`aa3bd256b90544df09ed795479f54911968bb901`
SHA256	`63a647cbb5bf054934bda45e67c82e79699dbbc08cd38059af5c16e4458e26ca`
CRC32	`60FB11E3`
ssdeep	`24:HjJ9Yernf5+mHTUnhKLI+ycuZhNYakS0PNnqjtd:sernYmAnhKL1ulYa3UqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_yyt_sflz.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\yyt_sflz.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis