popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 07e76454d0747c28_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3500 (powershell.exe)
Type data
MD5 e7783384d03a5b11b46600de141ccdbb
SHA1 8245435eb5ae787fce08a239ccce96c6053af4c4
SHA256 07e76454d0747c28635b034a4d02ddda68be0f372cf19c8abec2f4be1aa53f39
CRC32 F868A53D
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCwor87Hwx2lUVul:wt7XoNt7bHnor3xI
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 4effca5116acfebd_8e5sce3f.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.dll
Size 3.5KB
Processes 6116 (csc.exe) 3500 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 dbf2723af869d5556ef8dbca7e8791ba
SHA1 243d73c8c0dfaeb4c86ec6508bc23076c8bd52bf
SHA256 4effca5116acfebd700a12ff69a9fa7fbf1695f03d2881c2a61a8714511f6c15
CRC32 035BC474
ssdeep 24:etGSktedatX26AMLeiwRLWGCoi7wXIgCS4b1tkZfAjmYw8EmI+ycuZhNByakSGT8:6kt3pboLyGTi70Ij4JAU831ulQa3sq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • Is_DotNET_DLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2e342c9a1901ae80_RES91D.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RES91D.tmp
Size 1.2KB
Processes 8620 (cvtres.exe) 6116 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 79d333ae4c1d0466baf25ad3c2c030dd
SHA1 d3cc46c4b9975f1e16919c56ebbf472a4955cdf6
SHA256 2e342c9a1901ae80559b7bcbad6ca2805305eaa006b64d20ff955d700e519ed4
CRC32 00563B67
ssdeep 24:HOngJ9YeAHoOX4HXUnhKbI+ycuZhNByakSGTPNnqjtd:unxeAIOIEnhKb1ulQa3sqjH
Yara None matched
VirusTotal Search for analysis
Name b1aeaaf8ce1f5b87_8e5sce3f.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.cmdline
Size 311.0B
Processes 3500 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 8211b75bdd4825cfe23468c03753d9b3
SHA1 151328754493639c5d7b510fdf0b28fe7f6c1b0b
SHA256 b1aeaaf8ce1f5b87add05877ddd7d4396fcd5e312652ae2b0c774a69cb94adbe
CRC32 DF160D25
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fBvqmGsSAE2NmQpcLJ23fBvPn:p37LvXOLMZSnPAE2xOLMZX
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_8e5sce3f.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name d9dabecffb69b497_8e5sce3f.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.out
Size 607.0B
Processes 3500 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 5b2b6899232e3983b37d65b14c69710a
SHA1 1f6c670b6db398c53ded2542bd368144f5ef62a1
SHA256 d9dabecffb69b497a02720df019a5be953bb4140a198db777ed9c03cac011db5
CRC32 3F3B2345
ssdeep 12:K4OLM9nzR37LvXOLMZSnPAE2xOLMZeKai31bIKIMBj6I5BFR5y:K+9nzd3B4nIE2ncKai31bIKIMl6I5Dvy
Yara None matched
VirusTotal Search for analysis
Name f825dd89181e7435_d93f411851d7c929.customDestinations-ms~RF2234d8e.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2234d8e.TMP
Size 7.8KB
Processes 900 (powershell.exe) 3500 (powershell.exe)
Type data
MD5 61d3b003e73f968491bb9de05318fcbd
SHA1 abb40732bf72a072c5b176449fdb8f1c56383e03
SHA256 f825dd89181e743525684aff8d99cc6d78046e461147c33b6f7a182b98c58ea9
CRC32 76116DE9
ssdeep 96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7XoNt7bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 530c7292814fa916_8e5sce3f.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.0.cs
Size 354.0B
Processes 3500 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 5cc66596055771b708c426b09785ed18
SHA1 fe11be68b5f5f01304e2c6b62458ba70ccc9a575
SHA256 530c7292814fa916aa2846672d0bd17cb4ba54cb8f4f61b9d84e01a51b857c08
CRC32 044A1452
ssdeep 6:V/DsDrDCSvSKgF+SAUF3SR9QbKHDHtLDMWfDoFSRFQgLluLiA:V/DGrOEgFw9IihVkEFQwu1
Yara None matched
VirusTotal Search for analysis
Name b255517ab3686cdc_8e5sce3f.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\8e5sce3f.pdb
Size 7.5KB
Processes 6116 (csc.exe) 3500 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 295d0c51c1b259193bd10b2c64215093
SHA1 7c2f75c0e340c6f54cfae7ccbaa6fc1dcff015c1
SHA256 b255517ab3686cdc61d8e5f5143a811a0c93e9e92f0f3fb3e4f607e1d0b97bb2
CRC32 425BFC06
ssdeep 6:zz/BamfXllNS/NFs6L11mllxrS/77715KZYXxGQu+e0KpYXMFs6bQpMoGggksl/b:zz/H1W/NFswSXS/pw2qdFsbMRD
Yara None matched
VirusTotal Search for analysis
Name 22ecd100f9ebdeb0_CSC90C.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSC90C.tmp
Size 652.0B
Processes 6116 (csc.exe)
Type MSVC .res
MD5 27ceef43e98f7b6e06be94221b79301a
SHA1 416d0dc0870eb5828e1864fcffd8fcd5539ddbb2
SHA256 22ecd100f9ebdeb02aae9e00b61f53b33c1baefa994f9694d87e583f0f35ba33
CRC32 E4B28302
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGoAiyak7YnqqLoAiTPN5Dlq5J:+RI+ycuZhNByakSGTPNnqX
Yara None matched
VirusTotal Search for analysis