Dropped Files | ZeroBOX

Name	35b70fc462fe02d5_conhost.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\conhost.exe
Size	2.5MB
Processes	2744 (InstallUtil.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eaca64d4830fdeacaa58080f4271c333`
SHA1	`68c814b3e64a904dda1453fe374060b96d7320a3`
SHA256	`35b70fc462fe02d507a58c2b5a33ddd5e26aadc7ac8fe3beae2a82666c8b17c6`
CRC32	`30223492`
ssdeep	`49152:1A5DSK3yiF7i9NfjQYMTLVovyYYscetTuO9CvYv9dY1wH/o+IlF:1A5nCcWNfjQYMoOscqH4vaYU/oD`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2c63c61e0adaaf66_svchost.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\svchost.exe
Size	4.0MB
Processes	2744 (InstallUtil.exe)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`d076c4b5f5c42b44d583c534f78adbe7`
SHA1	`c35478e67d490145520be73277cd72cd4e837090`
SHA256	`2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8`
CRC32	`FBDD753E`
ssdeep	`49152:hGXwGFfpgG2Gv0l1YzzsYvbQaWfG85EIUFiqeb0/B1:MFaTGsgB4ENiqe`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	2b9d15b9978afac3_ntlhost.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\NTSystem\ntlhost.exe
Size	2.2MB
Processes	2164 (svchost.exe)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`afe36757d14cc15b58f2802c7747a13e`
SHA1	`f2d1672b1bdec26d2f79e8f683389169bfe14b2d`
SHA256	`2b9d15b9978afac3401c387504c240a3f5e266636a1d54a27c52b9fb9f385e7b`
CRC32	`F9560AFB`
ssdeep	`24576:hveh5wOvFfAkVzg7C2Gv0l1LgD/kMg0I2sYvbJOaWQoGq:hGXwGFfpgG2Gv0l1YzzsYvbQaWfGq`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis