Dropped Files | ZeroBOX

Name	cf11d6b3c18d4c02_d93f411851d7c929.customDestinations-ms~RF21b8176.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF21b8176.TMP
Size	7.8KB
Processes	2256 (powershell.exe) 260 (powershell.exe)
Type	data
MD5	`f2f5505600e2895c007b3ff3cfe3d4aa`
SHA1	`f0235a3c8056872d55eeef803d1bc33bac37a753`
SHA256	`cf11d6b3c18d4c02466b670bcb0394ac49382e6a87ad58d2561f2660922b586c`
CRC32	`9AF5ED3C`
ssdeep	`96:EtuCojGCPDXBqvsqvJCwoJtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Etu6XoJtu6bHnorXxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	9f3e78d757c1a7fd_VHGVC-4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\VHGVC-4.exe
Size	1011.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`422280cacdf29241ea5342cbf43721d5`
SHA1	`7b008fc00caee267d23a4eb8b45af9684346eb83`
SHA256	`9f3e78d757c1a7fd4f1e00fd68f1f2058d79cb08ae16c8f4dbab6435015dc3c7`
CRC32	`48838226`
ssdeep	`12288:ocVLFvth+w7GodQpbelTclCQUeQyWd2IANlTeulPRDEIteUKt:rvv/Nv+kTBreQyWQIA7Tv/EIwUKt`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis