popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 5d8e75750695b756_nsExec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\nsExec.dll
Size 6.0KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 47452b427911d43b8fef70b6ab1d48e7
SHA1 8be26e8222b9ef4c7acd7ea36955571618ad09a3
SHA256 5d8e75750695b756625ae46ba4302b54808e82790074518b1eafc4411c3fdb0f
CRC32 5B5474E8
ssdeep 96:Rj6zFERX/tDeB/iYonzmrZursr9d1hhUoPYZ4BzS2oOK3EfVhiI:05ETDeB/lSz+Ars1hWUIz3EfVh
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 95e160aa477097a6_recoverystore.{ab224187-b44d-11eb-bde1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB224187-B44D-11EB-BDE1-94DE278C3274}.dat
Size 4.5KB
Processes 8400 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 368df91c3d3ca4bf4e95a0ab33bd75b8
SHA1 0ddb0ce11546acacaef77a83dfcd5c544a7fdda6
SHA256 95e160aa477097a66f9328e2e6baedbccc698050edebaa39a1a7af1235ed9bff
CRC32 DD27B85B
ssdeep 12:rlfF20rEg5+IaCrI0F7+F2crEg5+IaCrI0F7ugQNlTqbaxXpA2bA5o0AZNlTqbaT:rq05/1c5/3QNlWSvnNlWSXMOL
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name a7a625a0546192ce_modern-wizard.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\modern-wizard.bmp
Size 50.5KB
Processes 7092 (OctodadSetup.exe)
Type PC bitmap, Windows 3.x format, 164 x 314 x 8
MD5 c538956513783bca6d42363be72b7031
SHA1 983bfa449bcce77b83671a2edd724c376a4218da
SHA256 a7a625a0546192ce588072bd2550e264756b7ef6067d63d166d0eb0e693ebc02
CRC32 B6F54613
ssdeep 48:WzdP513BDNvZ23guMH0WpMfK9gDKsiO8CCPe:WzdPIguMHyV8E
Yara None matched
VirusTotal Search for analysis
Name e3875ea6a3cdde76_nsDialogs.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\nsDialogs.dll
Size 9.5KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0975b6008916c7bea5bb2b5d0e020b8c
SHA1 fec8699abd22d588846130619221f96b0bd69eab
SHA256 e3875ea6a3cdde76661536ca4e742b843b3215df9bd98195c33022e7529cecde
CRC32 AB6EE7A1
ssdeep 192:SoAf1alNDVyAI+MU3MrHH3Km3hgPqjE7x:SoColNQ5WQ6mKPqjE7
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 265159e770ad4066_MZXYE1W6.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\MZXYE1W6.txt
Size 147.0B
Processes 3360 (iexplore.exe)
Type ASCII text
MD5 446b02a8bd0136c939219f72f7c28830
SHA1 dec4294376cf861da62b46c31394210aef5fcba0
SHA256 265159e770ad40661965420348162278dd375b2d8114fb49b71600852c337be6
CRC32 E679F25A
ssdeep 3:z+QGPtIAyqzNRBkkWk0wUkLYd9Rjq9ILAAoAbM3Kqd/hECemcH31/:KQGqABhgkw9Q9Coh3Tm3F
Yara None matched
VirusTotal Search for analysis
Name 4c9e804ce1a391f8_modern-header.bmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\modern-header.bmp
Size 9.5KB
Processes 7092 (OctodadSetup.exe)
Type PC bitmap, Windows 3.x format, 150 x 57 x 8
MD5 583c38fb0f5af5fe584d9a9b01d6a3e7
SHA1 84dedf7064bb740614f8661793f429f5ee950d86
SHA256 4c9e804ce1a391f8e603b7b9c732a6529c1e81be4d12f125c8562ea9d49095c2
CRC32 03AB02BF
ssdeep 192:Tg1E8f7JvEeXUUZn7ZkZ85leVlN0sfCm8:Tg1E87ZEYn7Zl4zNhO
Yara None matched
VirusTotal Search for analysis
Name 656ca89b2f85a8bd_{ab224188-b44d-11eb-bde1-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB224188-B44D-11EB-BDE1-94DE278C3274}.dat
Size 4.5KB
Processes 8400 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 24ad9283224fc190b2dfd67e7a5b1b30
SHA1 2daee119d794d3708a73a90cb7cfc3f311134be8
SHA256 656ca89b2f85a8bd593077c8d3ae7d3367e1beb97c756cf18aee995a220003db
CRC32 85EA59F3
ssdeep 12:rl0ZGFJorEgmf506FCJDrEgmfh0qgNNlTVbaxLNlb9baxH:rGG2NGmNNlp+NlZ
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsj7E3.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsj7E3.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 3183481f09352ead_bat[1].js
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\bat[1].js
Size 29.5KB
Processes 3360 (iexplore.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 e293a9bf71c8d0c0ff17648523fdabbc
SHA1 b6dcfa29739d64b2f365d219e6af6dfeb6ef0573
SHA256 3183481f09352eade87e53d32ac3c1f6ab5b853e2b5bde4035834680b53d9299
CRC32 1882FC0A
ssdeep 384:otKVCwh9wC22xo5MB4K6WhbwM05Jkr9qNHfs9nB/wDSliNqCET8zT7QAEqnyJYys:ZCwhBRWDOZwDhzT7QSnSYyeh
Yara None matched
VirusTotal Search for analysis
Name 67eff17c53a78c8e_inetc.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\inetc.dll
Size 21.5KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d7a3fa6a6c738b4a3c40d5602af20b08
SHA1 34fc75d97f640609cb6cadb001da2cb2c0b3538a
SHA256 67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e
CRC32 FB680CCE
ssdeep 384:oW4gLK82JvtosNCPhXKJ18hcEP1+f+pvMPbkdTg1Zahzs60Ac9khYLMkIX0+Gbyk:oW4i/2JloB5IQ9AhkwZaKRu
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d6e429a063adf637_ButtonEvent.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\ButtonEvent.dll
Size 4.5KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 55788069d3fa4e1daf80f3339fa86fe2
SHA1 d64e05c1879a92d5a8f9ff2fd2f1a53e1a53ae96
SHA256 d6e429a063adf637f4d19d4e2eb094d9ff27382b21a1f6dccf9284afb5ff8c7f
CRC32 3886619A
ssdeep 96:hrA2+5HGZFYJf9D8IjDflDCoMzncsGSmE:hE2+5mMJfJ8v1zFGSm
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7eb64506f8b1bdd5_u9222qsq.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\U9222QSQ.txt
Size 147.0B
Processes 3360 (iexplore.exe)
Type ASCII text
MD5 8cec77d77c8211031369423c6ed3924e
SHA1 75e046d26e0181ebe659455fb4d0ccd5548ccd62
SHA256 7eb64506f8b1bdd5cb6028a427d6b593ca0c0c9884589d23322e60bc5537d6fa
CRC32 998EA6C1
ssdeep 3:z+QGPtIAyqzNRBkkWk0wUkLYd9Rjq9ILAAoAbM3Kqd4SScmcrd1/:KQGqABhgkw9Q9Coh3UoF
Yara None matched
VirusTotal Search for analysis
Name ef99ac22506e4011_System.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\System.dll
Size 10.0KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1209356a1e393cacf08ff4cede226b13
SHA1 4bda3a2bb5cea83e19561977373ce79e7a318120
SHA256 ef99ac22506e4011523ad4f5f2f212747e8feae35e8a8cca42dece347f2da2c0
CRC32 3333A7E3
ssdeep 192:E4g09uu7tzoKreNh/SlyXMUspRRFtvD4dpWQAXmt2h8oGjXSe0:EpORz202MFmTWQaGT70
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6de598428c334097_IE9CompatViewList[1].xml
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\IE9CompatViewList[1].xml
Size 141.7KB
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 c236e316e1b9ac60ce15dac7bcb8b2de
SHA1 1e240ed5f7cbc3dc8cd2397c7151a0d7e5f173c2
SHA256 6de598428c334097a21eb2dd5963c190fc5f80a6289bce205ded0466393745a4
CRC32 8B345ADA
ssdeep 3072:toSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:mSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR
Yara None matched
VirusTotal Search for analysis
Name ebaa50b7968873c3_yw794biz.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\YW794BIZ.txt
Size 2.2KB
Processes 3360 (iexplore.exe)
Type ASCII text, with very long lines
MD5 9e5000bbf1426639d639071f69276826
SHA1 eab13b7c6bcb37e0014dc2ac0210f40c21f0c0dd
SHA256 ebaa50b7968873c3fe45b2efd29b9f1c78c6c0b6c38d35dbf87d38c44f1fc00f
CRC32 08308A93
ssdeep 48:mIDcpWCgcjhzUD3p+E45HPtddzl4Y1yRB66hOuZuj1Y6E2RCF:LqZgkEmvhOtBrhXyn2
Yara None matched
VirusTotal Search for analysis
Name d2b04b5b33877521_NotifyIcon.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsu823.tmp\NotifyIcon.dll
Size 5.0KB
Processes 7092 (OctodadSetup.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 9ab83d7ef9bd55db63ceb33840431cd5
SHA1 548c54c8b9d683f32b2f1bd8b3f374fc14691fd4
SHA256 d2b04b5b33877521f6f140148521f219e25d2de753ff20954f90dcee55d1a647
CRC32 424FC2BD
ssdeep 48:aFV2n5RPl5A9+DyhKqfCdGMfMGMoTtmZE+dlpn6sT6lQQAsjRz:s05RP72BCdjUGM4R+dHn6tV
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 63896532a7015ab5_ytc[1].js
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ytc[1].js
Size 14.6KB
Processes 3360 (iexplore.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 49db10c8315384e8dad2e92a6841ed81
SHA1 f576976a579cd50da6b717db5d48e1ea7137f744
SHA256 63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
CRC32 F875D2C9
ssdeep 384:s40C/Yfuq+MY6jLrEOLg3Fmea4T2IhNWF:VAbRrYAAmpIrg
Yara None matched
VirusTotal Search for analysis
Name 48bc71118ef8aa72_index.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020110220201103\index.dat
Size 32.0KB
Type Internet Explorer cache file version Ver 5.2
MD5 4d73fb54c11273f3b7dd12e460df9a7e
SHA1 53c458d7f25b3b2a567991efc4edcb338af93089
SHA256 48bc71118ef8aa72552c477b89cbba8a3536622afe1a06387c04020daae80fe7
CRC32 46532081
ssdeep 48:q9EoMMm1zKyvG+TKnOHrU1BhFwGlHfstlfl/k7lEVGtDh8TPbWMx03hxb:q9EovE7KB1/hwxen
Yara None matched
VirusTotal Search for analysis