popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 9e64f0aca3cb577f_passwords.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\passwords.txt
Size 4.8KB
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type UTF-8 Unicode text, with CRLF, LF line terminators
MD5 d2a3146478b270d48107b3db96c4864e
SHA1 41fa166d431562c7bc1893e96cba4189f089af32
SHA256 9e64f0aca3cb577f1e20227d1f3892557bcc0655d64dc84957c650be14a1d7f4
CRC32 1AC8F34A
ssdeep 48:ZMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMME:S
Yara None matched
VirusTotal Search for analysis
Name 30914c396afd519c_NUrS2P4ky5DkRw2Vffuqqbt81cwUCGbw.zip
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\NUrS2P4ky5DkRw2Vffuqqbt81cwUCGbw.zip
Size 1.4MB
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type Zip archive data, at least v2.0 to extract
MD5 374309dced5d74f8187ec6591ecfe74e
SHA1 f2eebf93bb28aee4c13fd83ee0fef28390faccc9
SHA256 30914c396afd519c25c7e415cc35fbbc63caa5584db16abc31820c1666f1f297
CRC32 BF7441C8
ssdeep 24576:4KdCXAf/9eztZYsQQeuFQp48jEdmK3ND7ip7WZ+3vhsFviims/sh0AT9F9U8:4KUXANaIsQQeuyCmE5N8H3Zk6JZT9F9L
Yara
  • zip_file_format - ZIP file format
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name c119a54b6bef3a48_EcFzRtECXnsBWeb Data
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\EcFzRtECXnsBWeb Data
Size 80.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 255929949dea51a2f43a1f40e63764ec
SHA1 8f32ab419264fdad05f4f3828db3c1cd38d919fd
SHA256 c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6
CRC32 F7A79605
ssdeep 96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/
Yara None matched
VirusTotal Search for analysis
Name b217b0203a10a8d6_information.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\information.txt
Size 2.7KB
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type UTF-8 Unicode text, with CRLF, LF line terminators
MD5 48973de03d9f543b3a80b900debfaadd
SHA1 577313c47d18fa7d288ad6d21a8138b9248d1377
SHA256 b217b0203a10a8d6f00f301e7ff190d6bbdc452038273695fc2249106fd6c905
CRC32 DA06DD82
ssdeep 48:t/ataFLnTGRc3F/S6ZfZOkUXwrphi0Mwxv+mLAhH1eZ07uxqU8rf2dIv2OvhiU2c:tyeCc3FPRwMrphi0Nxv+mLqVeZ07uYUa
Yara None matched
VirusTotal Search for analysis
Name 5f622a2bfeb83b59_thunderbird_g8t0pe67.default-release.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\Cookies\Thunderbird_g8t0pe67.default-release.txt
Size 361.0B
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type ASCII text, with CRLF line terminators
MD5 95dff27b67a96f98827e72f9330eb164
SHA1 2d86a3aca1d9a7c16127a333fe642cae08cea0c8
SHA256 5f622a2bfeb83b597d9556ffc8bc107e219eb6ab2ef3cff2d4428e5048ebddad
CRC32 4C9B7FD3
ssdeep 6:JiKjaphXX7aQ2vSI95Bj9GfBHthf+CthfMl0kq/H+LkiKjaphXXrSdrNBPPi1H:J/EhXraQ2v795BxGfBHff+CffMOkqP0J
Yara None matched
VirusTotal Search for analysis
Name b4570f5cc139cb06_screenshot.png
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\screenshot.png
Size 1.4MB
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
MD5 2fd2c0785b7dbf4cab8decaac0149123
SHA1 d42993d08af5ff08fe38d867b4dcd01b81f0919c
SHA256 b4570f5cc139cb06c5157c5193c94d4e31d2cf7128d7faa350ce1c22edbad487
CRC32 47AE8FDD
ssdeep 24576:IqUc08ir/YMak6iHtbli2uBWB6JYARoMMB7a/YG9cKMPFIF7qSdFVQmpQkDyCIsi:s/DYMakvblinBYGoMeYsU+SdFVQ+DqF
Yara
  • PNG_Format_Zero - PNG Format
VirusTotal Search for analysis
Name 8916fb1d76be83e4_cZwB5yHbLI5iformhistory.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\cZwB5yHbLI5iformhistory.sqlite
Size 192.0KB
Type SQLite 3.x database, user version 4, last written using SQLite version 3031001
MD5 6b9c2ac2b5025e180231d8d38ece698c
SHA1 36f5cfe6ac59aaa7d7173555edeef5caa9bf61c6
SHA256 8916fb1d76be83e42cd2f7b41ee06706fe0adb936259ed7a7daa4dbcb4c51fcb
CRC32 95ACFD74
ssdeep 12:DBl/lkf12Of5LZWfY0xpMujuHWMu6N2OHjWOzMbdym/eRgBoQFmgW2FOmO6Mz6LX:DLlI1x7WxHaiSlMxosJF/Ezo
Yara None matched
VirusTotal Search for analysis
Name 88f9dc0b9a633e43_7ty2wBVNyWvtcookies.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\7ty2wBVNyWvtcookies.sqlite
Size 512.0KB
Type SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5 dd47ebe6866ad2ab59d0caa1de28d09e
SHA1 afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663
SHA256 88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3
CRC32 8DEE9EEA
ssdeep 24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm
Yara None matched
VirusTotal Search for analysis
Name edb006e05cfa8501_wJDNoZ3FEHQsCookies
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\wJDNoZ3FEHQsCookies
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 3f5ca3e29b1b60e298aeca0a32164c03
SHA1 f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66
SHA256 edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488
CRC32 E1ACA097
ssdeep 24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5
Yara None matched
VirusTotal Search for analysis
Name f2fbca0382f09e3d_firefox_1pfa5s83.default-release.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\History\Firefox_1pfa5s83.default-release.txt
Size 112.0B
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type ASCII text, with CRLF line terminators
MD5 7d57e8ff52a0c1b84ee6bf4b69866205
SHA1 b36da5af6958763cc09ae34f5bff8726710b8631
SHA256 f2fbca0382f09e3db0f60af6034d9bd1826e20e5b09a8019398ec5b83b5381ba
CRC32 FD46669E
ssdeep 3:N8DSLvIJiMgTE2WdkfRbyD6DSLvIJiMhKVX3L2WdkfRbyn:2OLciodY1yD6OLciA8dY1yn
Yara None matched
VirusTotal Search for analysis
Name 0c7cd52abdb6eb3e_sqlite3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\sqlite3.dll
Size 791.5KB
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0fe0a178f711b623a8897e4b0bb040d1
SHA1 01ea412aeab3d331f825d93d7ee1f5fa6d3c46e6
SHA256 0c7cd52abdb6eb3e556d81caac398a127495e4a251ef600e6505a81385a1982d
CRC32 C173DE02
ssdeep 24576:2/ZHet+kwxRLvxx/ccPA7leR+g/oU6xGmdRA7G4fRjqTr:eZ+t+v/nMleR+g/oUI/dmi4cT
Yara
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check
VirusTotal Search for analysis
Name b3dfa692f7da19ee_6RJWMKNvx0Ykplaces.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite
Size 5.0MB
Type SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5 c395620f9a8337341636a78a98f5b3d9
SHA1 97700ec4db7362e02a56df5e70dd828ad9823d24
SHA256 b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624
CRC32 476CDB88
ssdeep 192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z
Yara None matched
VirusTotal Search for analysis
Name 0b8607fdf72f3e65_HduiEdOVtb9vcookies.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\HduiEdOVtb9vcookies.sqlite
Size 96.0KB
Type SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
CRC32 842B3569
ssdeep 12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO
Yara None matched
VirusTotal Search for analysis
Name 824fae3331b95e2f_px6CdZNd054ULogin Data
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\px6CdZNd054ULogin Data
Size 40.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 41c19a9e8541fcb934c13c075bf47721
SHA1 648a7622d533d79b9a0bb31dc370134ec3a75ed7
SHA256 824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c
CRC32 560F7642
ssdeep 48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u
Yara None matched
VirusTotal Search for analysis
Name 54cfed4f859d0ec3_LMnDiCLLA2IZHistory
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\LMnDiCLLA2IZHistory
Size 116.0KB
Type SQLite 3.x database, last written using SQLite version 3033000
MD5 6f490da5428093674c9e609077dcdef2
SHA1 d77592944313656a90f359fea62921c20078ff19
SHA256 54cfed4f859d0ec37535b9f16acfe42cae6206fad4b1652c2a3d33d5acf636c7
CRC32 A046246D
ssdeep 48:T4ItVG+3C7nNfVcS2+VANULn36uw5NPM5ETQTpUPxK2PIs6kJL5R2+zaSZ00LTLU:ce/C7n/c0VANUjwQU+KraSZ00LTL0J
Yara None matched
VirusTotal Search for analysis
Name fd4c9fda9cd3f9ae_6RJWMKNvx0Ykplaces.sqlite-shm
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite-shm
Size 32.0KB
Type data
MD5 b7c14ec6110fa820ca6b65f5aec85911
SHA1 608eeb7488042453c9ca40f7e1398fc1a270f3f4
SHA256 fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
CRC32 DDC506B6
ssdeep 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_6RJWMKNvx0Ykplaces.sqlite-wal
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\6RJWMKNvx0Ykplaces.sqlite-wal
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 0fd43168b7100e78_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type data
MD5 dbe74eafe9b2f3152073a76fcecb90ad
SHA1 8f1278f4cecb1c8befc943443f3309326b97cde9
SHA256 0fd43168b7100e78a3bad797163e00724b2217b4ec477615ba9746aff59d4458
CRC32 F3A50EB7
ssdeep 3:kkFkl113lXfllXlE/zwEkhlHllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8VbAH:kKqEwrlXliBAIdQZV7IpAhx
Yara None matched
VirusTotal Search for analysis
Name 169c04331f72fe4a_cZwB5yHbLI5iplaces.sqlite
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempAVSZyXfEhoPqaXl\cZwB5yHbLI5iplaces.sqlite
Size 5.0MB
Type SQLite 3.x database, user version 53, last written using SQLite version 3031001
MD5 f77930486de1b1bb4b397d5d8f3cd124
SHA1 e3f5727a0774c7cba17f0b10569012dcea24cb55
SHA256 169c04331f72fe4ae9958da09e1b28ec5910f7ea523d6105b7e4ad521b2baaee
CRC32 D85072F9
ssdeep 96:Dm8j5PnH6xY2Wi+67tH2iB4q2xfX7ZbiZzdFzb4PPwI3A7:l5/IYOTAlQzdFzaDm
Yara None matched
VirusTotal Search for analysis
Name b68c806b865138b9_thunderbird_g8t0pe67.default-release.txt
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tempCMSZyXfEhoPqaXl\History\Thunderbird_g8t0pe67.default-release.txt
Size 243.0B
Processes 2052 (PolymodXT.exe#test_rise_sharp)
Type ASCII text, with CRLF line terminators
MD5 fbe6fb6b88fdf88b05dab4f5bb1bdf4c
SHA1 507830cf07886621b22fb3295dcdd0e321adeb0a
SHA256 b68c806b865138b919b53dd85b29f464f68224a8355e5a0fe3becfcf76f2f5dd
CRC32 783327C1
ssdeep 6:2OLciKBNHOLci+GbZyHOLciVGbZyHOLciAqGbZyM:2DHHD9DHDADHDyDM
Yara None matched
VirusTotal Search for analysis