Dropped Files | ZeroBOX

Name	c323e0c4e3ec4fdf_tmpE596.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmpE596.tmp
Size	1.6KB
Processes	1016 (UUuYyduOHD0ru0s.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`d893839b06619e9ff955ae91e0155634`
SHA1	`c318f462a1820840f9b37c2328c530ccbe24e0bc`
SHA256	`c323e0c4e3ec4fdfd9ac490d2907f1713e32701050e15930e7e4640a686bce0e`
CRC32	`2FE0F037`
ssdeep	`24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBRtn:cbhf7IlNQQ/rydbz9I3YODOLNdq39`
Yara	None matched
VirusTotal	Search for analysis

Name	b1ddfa65f196c6c4_chhrojmtn.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\CHHrOJmtN.exe
Size	420.0KB
Processes	1016 (UUuYyduOHD0ru0s.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6f0557c816b9b28c1d1ad3958d14bda3`
SHA1	`2a686445b64dbc623097d84dbf77b4074d789727`
SHA256	`b1ddfa65f196c6c474ef37fb472521b7f46c205f76ae10cd16f35b05939178ca`
CRC32	`BFE6FB7A`
ssdeep	`12288:HCozo2o7XBzVEEKyi0D2A/HXZOq15PCj54yZ1GxbialW:TTWXBZEJyx/HX2`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)
VirusTotal	Search for analysis