Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	bfbb639b1fb747b0_add.jpeg Submit file
Filepath	C:\Users\test22\AppData\Roaming\Forligsmandens\Genlsende\Tilvejebringelserne\Notified113\Zincographer\add.jpeg
Size	1.3KB
Processes	300 (EYG.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 40x42, frames 3
MD5	`017f36f4fbc613d41266413f264cc9b8`
SHA1	`d173bc11e69b61bc18bfb7baa95d7ba396993305`
SHA256	`bfbb639b1fb747b05e175ba544319c69c59ce31b38637f20837403909ea1223b`
CRC32	`CCBFB7D9`
ssdeep	`24:qhpK1Go0XxDuLHeOWXG4OZ7DAJuLHenX3uhqtZhgmP0vD9B+Iu0xAOQl3OuzyU6e:VuERAYhI16hBOtOuzyU6gjsu`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	8d14a0e98df7a05e_reoils.bog Submit file
Filepath	C:\Users\test22\AppData\Roaming\Forligsmandens\Genlsende\Tilvejebringelserne\Ssurs\Energimngden\Reoils.Bog
Size	269.1KB
Processes	300 (EYG.exe)
Type	data
MD5	`1bde05a6d1455789fef7fedac1e71875`
SHA1	`f7efbcccf059fbd080384ce50a4a86a448faf11b`
SHA256	`8d14a0e98df7a05eb892e1179395e8fb52f0ac7ba99a346bfe8b4b0a25e26d32`
CRC32	`78CD08CB`
ssdeep	`3072:JDJDgEUuvoh+tjWcS+FGMZzwKLZZlEtEJzHx8Kvxmxq1fPE15FEhqiZpGIL8G6oY:tJDUuwgdSOH1PggfPEsqiZpGK8G6O9O`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customDestinations-ms~RF194a22e.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF194a22e.TMP
Size	7.8KB
Processes	2140 (powershell.exe) 2260 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1949bd5.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1949bd5.TMP
Size	7.8KB
Type	data
MD5	`b0c9ff441742f3847ea27da9dee7f2cd`
SHA1	`c42a1eb32ba953a0ce5d8635caabf71b5b281495`
SHA256	`a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4`
CRC32	`0BBCAB1A`
ssdeep	`96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsxC0BB.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsxC0BB.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	e5340e0ee54340cc_bermudasejlene.cat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Forligsmandens\Genlsende\Tilvejebringelserne\Ssurs\Energimngden\Bermudasejlene.Cat
Size	20.4KB
Processes	300 (EYG.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`e727ba4d4a318d8eb861a79cfb7aaa2c`
SHA1	`c83f5e89edef632c6abff88bb8bc264728b6abdf`
SHA256	`e5340e0ee54340cc563afa35e5dc1ceb00a144183bba35e62c729e238330aa29`
CRC32	`A9390BDB`
ssdeep	`384:hf5a3/ozjiDGU+jKsYtqPTHxAKIHbVXe5fc0SelgSZDaawh4VV1FpckhSHJ:U/ozuDGUzZtOWzHZm5SelgS1a14Lc9J`
Yara	None matched
VirusTotal	Search for analysis