popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 76b4f98166de9374_internet explorer.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Size 2.4KB
Processes 2948 (tokengrabber.exe)
Type MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5 32c53abe6db3d003941694a148182c07
SHA1 ff644e75b5eafb310c9d41131b035514e4905389
SHA256 76b4f98166de93748fc36a7943051b70bcbb7176a13588b447a08f470a406abb
CRC32 C088FB82
ssdeep 24:8rpQQ3vry+/CWXydDEMBrvfKwOX55Z62EMtiEMsWduMrs1EMtiEM5BPy:8rpjydDvBO95ZbvsvsWduMrKvsvPy
Yara
  • Antivirus - Contains references to security software
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 8ca2b0968108ee76_Chrome.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
Size 2.2KB
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Jan 31 21:43:01 2018, mtime=Wed Jan 31 21:43:01 2018, atime=Tue Jan 23 22:48:00 2018, length=1581912, window=hide
MD5 87cc25993c1253fb0ecb90df60aece7e
SHA1 8891412b50697d314a3f30c2e98c38c88ba7c3d7
SHA256 8ca2b0968108ee7653b4d864f9a00fbea4fa89e0103318d66a58bbdf8fed3a3d
CRC32 364DFF61
ssdeep 48:8V2j3dOHjQ1P0UsRymiM/d/KR+d/Md/KRCipAKRKxyqE98I:8V24NyyOxCp
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 029f8f927cdce3c9_hosts
Submit file
Filepath C:\Windows\System32\drivers\etc\hosts
Size 874.0B
Processes 2948 (tokengrabber.exe)
Type ASCII text, with CRLF, LF line terminators
MD5 6afef3d3f9c9a9aa001d2e23b3801477
SHA1 bdcd1c07278da6dd366276639c453a13574c827d
SHA256 029f8f927cdce3c957e6ff0c456f0259184055c1c05ca11c3c7b9d240448ae72
CRC32 98D4FB60
ssdeep 24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTta:vDZhyoZWM9rU5fFcX
Yara None matched
VirusTotal Search for analysis
Name b56eea853b081f6a_windows explorer.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
Size 2.4KB
Processes 2948 (tokengrabber.exe)
Type MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5 c3bb61a450c776f17f5052681ea3b44b
SHA1 3ba23a41b7e5f4006371987935f2c3975feb2086
SHA256 b56eea853b081f6a36520556e106ee66f581f6dbddef506632b34259ac71fc5b
CRC32 CAB949BF
ssdeep 24:8rpQQ3vro+/CW5F+IMhvfKwOX55Zz2EMtGEMsWduMrqXEMtGEMRBPy:8rpvFfM495ZavisWduMrAviny
Yara
  • Antivirus - Contains references to security software
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name d78d6b8c2f826c89_Windows Explorer.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
Size 1.2KB
Type MS Windows shortcut, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Jul 13 14:56:52 2009, mtime=Mon Jul 13 14:56:52 2009, atime=Mon Jul 13 16:39:10 2009, length=2868224, window=hide
MD5 1d117abc60c164f840d47f5450f867c2
SHA1 5fe9d381ba4747932629ce1a9f04609cc543e3c2
SHA256 d78d6b8c2f826c899e72a9606f9e8c5329a395e41e1cb89b3909f4f5e4221642
CRC32 6D41E87A
ssdeep 12:8aDYY16FlDmo0LnGwGW+IMpykEPMky4ZdE5+f/:8a8Yi4o0L7+IMpykEP9y4IEf/
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name cf11d6b3c18d4c02_d93f411851d7c929.customDestinations-ms~RF8891ab.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF8891ab.TMP
Size 7.8KB
Processes 872 (powershell.exe) 2236 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name ed4437f92d322dcf_windows explorer.ico
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\icons\Windows Explorer.ico
Size 183.0KB
Processes 2948 (tokengrabber.exe)
Type MS Windows icon resource - 19 icons, 128x128, 16 colors, 4 bits/pixel, 64x64, 16 colors, 4 bits/pixel
MD5 5923e6c73067555811dc1206056295e3
SHA1 e4faf26875a6164b3203be895f5dbb449613d244
SHA256 ed4437f92d322dcf461195f4538d4aab4c207aae005c1c62edc48886657a8f73
CRC32 A08B742F
ssdeep 3072:/+ywHn7rLlpQkI0YVX/9O6SCXnSYYYYYYYYYYYRYYYYYYYYYYJWRj7hDbhb+B/:/+3vLlpQkIxZ9O6SCiYYYYYYYYYYYRYk
Yara None matched
VirusTotal Search for analysis
Name 90fccf683a7ab3af_internet explorer.ico
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\icons\Internet Explorer.ico
Size 80.2KB
Processes 2948 (tokengrabber.exe)
Type MS Windows icon resource - 13 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
MD5 02386f097742d3d44f1252704c4c75d4
SHA1 ade2d816801fbe1f2c7bd722292412a9f853e402
SHA256 90fccf683a7ab3af6fe006080b66a40f648c51a82e52199c3109d54c3af84491
CRC32 FAEE73CF
ssdeep 1536:hrWyjESIoT129ll0HN79yPUudRVbKazE7Pz0cAMSCFWRTi1:5sVlWN97u9bK6Sz0cAMSCFoTi1
Yara None matched
VirusTotal Search for analysis
Name 10d2012bd27f633c_defender.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\Defender.exe
Size 8.7MB
Processes 2948 (tokengrabber.exe)
Type PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5 738daab8f14410ad4d68d4b65c89f31e
SHA1 6ddd3f2b5f38228d8ee87e5afef0b1e567944375
SHA256 10d2012bd27f633c248587af6f7eb38302d757202a59f71b6aece282eac294df
CRC32 1EAFBA61
ssdeep 196608:zQr6SHMTHsGTAUN769pC9xWgsPxurX1Sj/w0B0b:XiMTEUl63sqorFQ/wc0b
Yara
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)
VirusTotal Search for analysis
Name eaf95f75809a4314_chrome.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
Size 2.4KB
Processes 2948 (tokengrabber.exe)
Type MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5 78c90b4ae0ba38265b770980e6b6fd49
SHA1 2f3cd2499441f45188f8b6e3b05849000588cf08
SHA256 eaf95f75809a431413e81201a746177828fcd06fd080ab8a724db60462dab348
CRC32 5CB29F4C
ssdeep 24:8rpQQ3vr08+/CWXydp+N0R/vfKwOX55ZqS2EMtJWduMrkvEMtiBPy:8rpkydAKRi95ZMvfWduMrqvky
Yara
  • Antivirus - Contains references to security software
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 8769d83317f0d42d_Internet Explorer.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Size 1.3KB
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sat Nov 20 18:25:27 2010, mtime=Sat Nov 20 18:25:27 2010, atime=Sat Nov 20 18:25:27 2010, length=673040, window=hide
MD5 30881b06a34697ac3006cfd36c157230
SHA1 3ebefc19db5316289381142da6872b2bd68a1184
SHA256 8769d83317f0d42d00115966e5b073b115097c0592d2eb9f6dd66f31bbd4e42d
CRC32 AC85FB36
ssdeep 24:8YFydOEi6yjEMGLhBNA8skcSJdDEMBCapUQ7YHtIXwRT+xmPyl:8YFydOiovGzG8zJdDvBCD6AIXY0+yl
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis