popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 0ed5b0823e71e0e3_590aee7bdd69b59b.customDestinations-ms~RF5db6c8.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF5db6c8.TMP
Size 7.8KB
Processes 1220 (powershell.exe) 2164 (powershell.exe)
Type data
MD5 f4a8a3e56bca0190031a365f104571cf
SHA1 7a4eac7016b8feca961f757cfe05bfeb4b76c10f
SHA256 0ed5b0823e71e0e3262a8a73ff269499135b20c9c5aa71e34b57a9f43218ed41
CRC32 E95A2C69
ssdeep 96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworQStDHXyWlUVul:QtbXoFtbbHnorFTyo
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name c26894ef00a21e78_{afbb8f80-8d88-11ee-ac50-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AFBB8F80-8D88-11EE-AC50-94DE278C3274}.dat
Size 4.5KB
Processes 2172 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 369537c5a00854f979f7afda8b7b45ee
SHA1 cbc8d797c8682b62872fe9534dee2e339a2620f5
SHA256 c26894ef00a21e7833cc2c15c1d79cd91b36e76bde7622ac3aa8e22f2d224d0a
CRC32 656AEF33
ssdeep 12:rl0ZGFE6rEgmfAB76FwSrEgmfN7qgONl08hbaxl/Q16sy4LNl/9baxwKtHaK+wLe:rjGUSGLONl0AjVNlF2lh+
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 893.0B
Processes 2164 (powershell.exe)
Type data
MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32 1C31685D
ssdeep 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
Yara None matched
VirusTotal Search for analysis
Name 4270c4f7bd137772_recoverystore.{afbb8f7f-8d88-11ee-ac50-94de278c3274}.dat
Submit file
Filepath C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AFBB8F7F-8D88-11EE-AC50-94DE278C3274}.dat
Size 4.5KB
Processes 2172 (iexplore.exe)
Type Composite Document File V2 Document, Cannot read section info
MD5 59a138319ace48b89384bed338a87ddb
SHA1 fa2b817fc46876d31da92c35550c91d4635d35ce
SHA256 4270c4f7bd13777287fc674ff0e7f4a9b60768c994974f2db643d62d9098c7f1
CRC32 747D1A43
ssdeep 12:rlfF2i/arEg5+IaCrI0F7+F2srEg5+IaCrI0F7ugQNlTqbaxAhNlTqbaxA:rqi/a5/1s5/3QNlWHNlW
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal Search for analysis
Name dc73141fc7848b4b_e0f5c59f9fa661f6f4c50b87fef3a15a
Submit file
Filepath C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size 252.0B
Processes 2164 (powershell.exe)
Type data
MD5 390fa49f44fd73b757092656d7f81b16
SHA1 a0a34b1ddcd88b01ae9104fecbcdfd87c5314005
SHA256 dc73141fc7848b4bb0310c138f65aef96fbdb74485d400e9dbb257765c882db5
CRC32 873FBAD5
ssdeep 3:kkFklWGVltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKDGlxliBAIdQZV7I7kc3
Yara None matched
VirusTotal Search for analysis