Dropped Files | ZeroBOX

Name	b04361c08b778856_d6a4079ed6c5c8a41c8e Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\D6A4079ED6C5C8A41C8E
Size	212.0B
Processes	2312 (Proliv12345.exe)
Type	ASCII text, with CRLF line terminators
MD5	`434491565c49a1107e3c015a4dd624b1`
SHA1	`ca1c4152d8d2bab5038f0f45c4bbf30f158aad48`
SHA256	`b04361c08b7788567f0de3bbdeafc9f4744bb68a7870637c6d2b58e2f0254fd2`
CRC32	`CDC0B32A`
ssdeep	`6:dhwrpoEDxA3tr2kWQthwrpoENJct04WfA:fw9ock2cvw9oLt0zfA`
Yara	None matched
VirusTotal	Search for analysis

Name	3b744cf6f4b8f4aa_netfilterservice.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\netFilterService ver9.90\netFilterService.exe
Size	128.0MB
Processes	2312 (Proliv12345.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5858f303363b3572a3537746380c803f`
SHA1	`511ac81c0dffb7908f7120a2bc46f77f0b4ae953`
SHA256	`f6869e35eacf0b2766c6f464e3e3e707dee99a2cd4221b839cbfaa0bdd6c0cef`
CRC32	`0A27EA51`
ssdeep	`1572864:4KMrKa81Ip9rUQ3e2HIpFAVQiKSNSBf/o78mFrH7BylIMLIGeevFZPxd78c0nDpS:rMuZSPBe2DQiKoK3PIgImrx5dCVrHKsM`
Yara	PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) NPKI_Zero - File included NPKI Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis