popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 25104dac7b48ae3d_590aee7bdd69b59b.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\590aee7bdd69b59b.customdestinations-ms
Size 7.8KB
Processes 2808 (powershell.exe)
Type data
MD5 5aacef75bb78c6a1c54b9338dec0c3cf
SHA1 077168476463d819e19d48feab893b56567ca024
SHA256 25104dac7b48ae3dfa23368c71795f0cdb7a83f571a8605f45e6df49624d2690
CRC32 D5436236
ssdeep 96:MtuCeGCPDXBqvsqvJCwoRtuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:MtvXoRtvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b1c7e6093886fffd_religion.bat
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\religion.bat
Size 584.0B
Processes 516 (religionprosig.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 27ff0a949f7433f970b6d49e23a4638f
SHA1 e6ed6c03d58a498b2d941b5e920d3d1483a45c3f
SHA256 b1c7e6093886fffdd1a0b431a8946a06ab86e3f1a3d8e9f59137c4d8bd4db591
CRC32 8C652A7A
ssdeep 12:/cO980qmYT04tagGHCQSa0zLS980qmhTF4tagGH8SaF8Lo:UoNYIq/GHzSvzLkNhxq/GH8Sg8Lo
Yara None matched
VirusTotal Search for analysis
Name 3a255c0024916f19_590aee7bdd69b59b.customDestinations-ms~RF215494d.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF215494d.TMP
Size 7.8KB
Processes 2208 (powershell.exe) 2808 (powershell.exe)
Type data
MD5 6fd29def73b2779e0ae71c4eecd304f7
SHA1 4ba660e4db856e04eb93a01c59ee764259ec55e7
SHA256 3a255c0024916f19c5b3f5d4aa5cde453cc5d90b0784a15f0456e57e71a764b6
CRC32 1F966CD8
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworDPtDHXyf2lUVul:ctvXo5tvbHnorxTyQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name b32706171987db00_9-04-20-748
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\IXP000.TMP\9-04-20-748
Size 4.5MB
Processes 516 (religionprosig.exe)
Type ISO Media, MP4 Base Media v1 [IS0 14496-12:2003]
MD5 4dc8e376bf3ec10bbb218d96d57f42e4
SHA1 fb242301d51c46f828d05e47001508fbee44bdcb
SHA256 b32706171987db007a7807a25c7ae3ff47be35ec67a2797e58b7678120cae514
CRC32 CD240892
ssdeep 98304:fsCZRpk1Fc7CNHUtfCcr2xF/azK9jWWX4HhawKFnBHgzI1r:fsSPkXc7cHafCAcx4Brugzy
Yara None matched
VirusTotal Search for analysis