popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name f4d28cf0f12006f9_590aee7bdd69b59b.customDestinations-ms~RF5261a9.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5261a9.TMP
Size 7.8KB
Processes 2856 (powershell.exe) 2660 (powershell.exe)
Type data
MD5 b770148dd160455bac8fe186a882733d
SHA1 f41e6e10cf42b4aa831f43abfb27c031bf0f3d4a
SHA256 f4d28cf0f12006f93de9b6181d36369c8d85b6021f830ea407d76585cbda8b1e
CRC32 94B533F7
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCwor3tDHXyGlUVul:Etu6XoJtu6bHnordTyY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 11bd2c9f9e2397c9_wr64.sys
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\WR64.sys
Size 14.2KB
Processes 1868 (x.exe)
Type PE32+ executable (native) x86-64, for MS Windows
MD5 0c0195c48b6b8582fa6f6373032118da
SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA256 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
CRC32 6B0323EB
ssdeep 192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name de0a7f2c1bca21c2_sihost64.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Libs\sihost64.exe
Size 13.0KB
Processes 1868 (x.exe) 3016 (CMD.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 9f6fc42918d3cab8b0bc69b2f1ecff37
SHA1 04771241c7072fe43f1ca6860c57efd4912715f3
SHA256 de0a7f2c1bca21c214b71fe4e93f925a6b84c32e209ec4b9bf924d17cb136f24
CRC32 4CEC6F98
ssdeep 384:1MDhw5OWnFxVKXwvtz8efD6ikbGeQysIW:1GhwHFpvtQefDRkbTQP
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis