popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 45c22d5bb23eac08_45edf9c5cf364c329bd412f991d2e6a7
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\45edf9c5cf364c329bd412f991d2e6a7
Size 858.9KB
Processes 1016 (vm.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 803eb2b67d2684ba3567d0e194460a45
SHA1 178de76fa59e5a4780a77fb45470971a3e09884f
SHA256 45c22d5bb23eac08443ea32aa3a92c05bc826cc133ae2e100d01b1427ac630cc
CRC32 3D053F9C
ssdeep 1536:7btxIDyYobr6EIedU07oLUDMfx1/Jb+tnlcYfWKOtaM7A/5tmabJ1MXFbLL:98rh8fWKOtaM7A/5tm4J1mpL
Yara None matched
VirusTotal Search for analysis
Name cf11d6b3c18d4c02_d93f411851d7c929.customDestinations-ms~RFad4e45.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFad4e45.TMP
Size 7.8KB
Processes 2256 (powershell.exe) 604 (powershell.exe)
Type data
MD5 f2f5505600e2895c007b3ff3cfe3d4aa
SHA1 f0235a3c8056872d55eeef803d1bc33bac37a753
SHA256 cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c
CRC32 9AF5ED3C
ssdeep 96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 409186d21c7ed0ea_.vyJzjk.tmp
Submit file
Filepath C:\Users\test22\AppData\Roaming\.vyJzjk.tmp
Size 173.9KB
Type ASCII text, with very long lines, with no line terminators
MD5 28a533942aab6fb3d66f76caa867618e
SHA1 f98da69b7345fcbaaaa1fc0c62fa7cf7493a0cf6
SHA256 409186d21c7ed0ea21b6f598ba3f9f3ba2a8f078c94ce03b14cf5ab77a769ef1
CRC32 DE8D906C
ssdeep 3072:kG4h+sTIVZfS/7BmpH+753klu9kOblyiq6heT67fAA7pdcM:HOliZfrp+SYemrA0
Yara
  • NPKI_Zero - File included NPKI
VirusTotal Search for analysis
Name 523e9d37c4b8d38e_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 604 (powershell.exe)
Type data
MD5 f78c28f247952fcbb5c95cf17c1bef71
SHA1 a3fe8c7161e767ff96dc1aac184c90b860e6d206
SHA256 523e9d37c4b8d38eae5dec5b4d213b0e48236ebd30aac76bd5ec19cf4a1de298
CRC32 5AADBB6A
ssdeep 96:ktuCojGCPDXBqvsqvJCwohtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:ktu6Xohtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 6ec867dc1caa77ec_qDr.b.I.tmp
Submit file
Filepath C:\Users\test22\AppData\Roaming\qDr.b.I.tmp
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f3a100cba30b2a07a7af8886e439024e
SHA1 a454cca0db028b4d0fb29fa932c9056519efe2cf
SHA256 6ec867dc1caa77ecfd8e457d464b6bebc3be8694b4c88734fa83d197c0b214cc
CRC32 72CF6AF8
ssdeep 24:LLI10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6KaW:oz+JH3yJUheCVE9V8MX0PFlNU1faW
Yara None matched
VirusTotal Search for analysis
Name 40c848730c14baf3_180debafa23643f0bb1781ccc9ec691a
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\180debafa23643f0bb1781ccc9ec691a
Size 366.9KB
Processes 1016 (vm.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 12a7e2a5c4594ff7e949ed912474358b
SHA1 d3a099eb2a3bc414ca1c4a4b13fb073b0af1c765
SHA256 40c848730c14baf3216a715209405cd16f7978b23a18f0e92602aa3620cc6012
CRC32 F39CCB2D
ssdeep 6144:KqZ9Npfsx//4D6N5Yv/FrT2Oam1onGsnRBce0yLwJym6nv/RrnyivopM4XlI4UkP:KqZ9Npfsx//4eNnnGwbce0y0Jym6v/Rk
Yara None matched
VirusTotal Search for analysis