Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	e3b0c44298fc1c14_AMD.ps1 Empty file or file not found
Filepath	C:\Users\Public\AMD.ps1
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	49c4a85bce2fb8cb_d93f411851d7c929.customDestinations-ms~RF1adc7fc.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1adc7fc.TMP
Size	7.8KB
Processes	1800 (powershell.exe) 2272 (powershell.exe)
Type	data
MD5	`4eba3b6a4f05a26106a2d772c79da044`
SHA1	`45ae375ea2f305e4409aabc22803cd1471f0983e`
SHA256	`49c4a85bce2fb8cb6db4279591d0966cbd2fb84bc43f252ee5ad14d3d615b2b5`
CRC32	`2DF7F691`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:YtzXo9tzbHnornxo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7414994fd0120eab_windowsstaterepositorycore.vbs Submit file
Filepath	C:\ProgramData\WindowsHost\WindowsStateRepositoryCore.vbs
Size	146.0B
Processes	1800 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c9c7d22f444060f773f7666e76cd7e00`
SHA1	`ca6da5aed1101431c38c222aef2bc90a5e0a0769`
SHA256	`7414994fd0120eabfc3469af5e3bc2653623aa3e737f2d137e0fb7f75f6bd9ce`
CRC32	`7CB145B9`
ssdeep	`3:Y/Nm7VRpEm+5PHsoHWZXQCaHF5yKcS/WMRMaXAMnFrjrlovnRkNmTrv:KNERpEmKPMoiBaHsS/lMcPnjNKrv`
Yara	None matched
VirusTotal	Search for analysis

Name	7b7f08a0ce390f51_windowsstaterepositorycore.bat Submit file
Filepath	C:\Users\Public\WindowsStateRepositoryCore.bat
Size	70.0B
Processes	1800 (powershell.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d7f1eb31327c84153a157d95696feacb`
SHA1	`00680d8bc496cf42b1d4bd5ea96f4798b49979ff`
SHA256	`7b7f08a0ce390f51db256ea9aa7f886d96bd1f884fc07a4302c6863096ef8500`
CRC32	`105F73FA`
ssdeep	`3:VSJJLNytGQqPJH0cVER2PaHF5k8L8udN:snytGQO0ctPaHjN`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	00820fac5765be48_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2272 (powershell.exe)
Type	data
MD5	`a52a539822c91b0d7a95551ada30e323`
SHA1	`15863fd5416950634713a46901f7a3a321f5273a`
SHA256	`00820fac5765be484e5bb99596e55c863b6485a9891525a54919565e4ce9edeb`
CRC32	`08CE0AC7`
ssdeep	`96:gtuCaGCPDXBqvsqvJCwoNtuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:gtzXoNtzbHnornxo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis