popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 873fa0c52eae7cfb_nsdialogs.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsnEEF4.tmp\nsDialogs.dll
Size 9.5KB
Processes 2552 (winiti.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 19d3373e403a6e724cfa1563dfd1f463
SHA1 4917547b355a91e9431879209f56925097bf4fb3
SHA256 873fa0c52eae7cfbed56ea18b21fad0ca8f018ab7f305bd1db1a3ec454e353d1
CRC32 B8574EA1
ssdeep 96:oXF7lf7AR1VhrfzBik0cxM2DjDf3GEkniJnifvcx4I8qndYv0PLE:oXFl7wrLBn0REc0Jx3dO0PLE
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name ea357959967cdf14_afhandlings121.udr
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Afhandlings121.udr
Size 2.5KB
Processes 2552 (winiti.exe)
Type data
MD5 c0adfada457f48706e5a693240fc5e4a
SHA1 42e1b10dd41f127fe7fcd69b82cf4eb6b162fb01
SHA256 ea357959967cdf14e7bbaff55e6de85073e8350e326c60600e460de11630772b
CRC32 4BBA9AFA
ssdeep 48:arR+VcRA8h/S/oI2enEUwzA8RkVG70q+qJQcgY:S+ojI2eEUw/RkuSRDY
Yara None matched
VirusTotal Search for analysis
Name 6674960a8b7573fa_hovedlinie.red
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Hovedlinie.red
Size 5.9KB
Processes 2552 (winiti.exe)
Type data
MD5 143f20a74d859c425cd89d364c425948
SHA1 d1868c3017d6b499c83f7d6f16e6c8b18d906016
SHA256 6674960a8b7573facbf38043c2e675b05b612f8dc4f15f4eaecb5efdfc895db0
CRC32 8B3E3CA1
ssdeep 96:/KHhKUBlv+d2LlKTR/62QOcBERreHfGi+qV9GgdrxBnZnBAax:SBHBlXLlKTR+ERSHfGz2xBnDAax
Yara None matched
VirusTotal Search for analysis
Name c64d4dc75ca92f0a_xylate.gam43
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Xylate.Gam43
Size 70.8KB
Processes 2552 (winiti.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 b8b36d0f40b9716195c0dffc39498504
SHA1 e97071ed8ca1fc44b5f442d5a3a81005d722f0c4
SHA256 c64d4dc75ca92f0ae3eb429b60d9628240ceea41bc0f2aad683f065e658bb6ac
CRC32 960AA593
ssdeep 1536:FWZiJyg4ESTgUUxPNEK+L/tiJUv+MjRAdmDXMdvOR3eBMm:FWZREmzUZNTWz+SRAdmDXlpeBL
Yara None matched
VirusTotal Search for analysis
Name 149901a825337e3d_disciplineringerne.dmo
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\disciplineringerne.dmo
Size 4.9KB
Processes 2552 (winiti.exe)
Type data
MD5 1e59f086db796975a832f72facfa9c43
SHA1 d263b74a607c77dd388d158916b0e840f932aa4c
SHA256 149901a825337e3ddfdf75245838bd6d6ba2e0ce8213c215d56ab10fde045c59
CRC32 1F24ECF3
ssdeep 96:lFdCfbkCDUnqOGvSX8VfuJ14wHay8foH985f63jGjo7T:3dqvSXEGx8wq5iQ2T
Yara None matched
VirusTotal Search for analysis
Name 95042dbe7428461e_bgimage.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsnEEF4.tmp\BgImage.dll
Size 7.5KB
Processes 2552 (winiti.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 49998d066af103d06b56f5b4c76b1497
SHA1 b7dce166147f40dfa17f5ca950c4e324a10d04be
SHA256 95042dbe7428461ee7fd210acf37040eb921012c7b32f66cb54766f0a16bb5b6
CRC32 0C2902F6
ssdeep 96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkDnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmiLpmP
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 1161bc0d605f9b06_sgnehelligdags.sto
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Indledningsforedragenes\sgnehelligdags.sto
Size 3.2KB
Processes 2552 (winiti.exe)
Type data
MD5 0d8001a0d7d7d145b5cb7b8b8be55d0d
SHA1 2df3e5e7b0d64330d4ba8b1052c91cb61c36ac0b
SHA256 1161bc0d605f9b06ae54ce57545c4e50c701523b568aa8723f84278eb2013c17
CRC32 6D40B0AF
ssdeep 48:pkonMHYwbnjlQUB/arqSA4wllpuxb8ADgPoDdTkk9qTb4/mZGFyLuLYSKGDOPqHS:eonUDL6qSdxb8Acwkiqcbk6LzCqMIg
Yara None matched
VirusTotal Search for analysis
Name 9c78283766c1157b_astromantic211.car252
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Astromantic211.Car252
Size 346.3KB
Processes 2552 (winiti.exe)
Type data
MD5 d0b3942e2cbba868fb404de11a959a2b
SHA1 4a5747f94ff6d1b84611901e35e5aa1dd8592416
SHA256 9c78283766c1157b3dcfdcd0dc507e3feb91f58cc3a9f8250dcad3223996c1cb
CRC32 38A1F592
ssdeep 6144:hrSqpSn8mCQ3yKlQP5pPrjh1rLH896ef/155PSq7hLrdWIKS3oypfjDiiuc55Jv9:hGqp+8DQ3HEN3897/155SqtLBW7S3oGZ
Yara
  • Malicious_Library_Zero - Malicious_Library
VirusTotal Search for analysis
Name 33fa7e801769a378_funnelled.txt
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Funnelled.txt
Size 391.0B
Processes 2552 (winiti.exe)
Type ASCII text, with CRLF line terminators
MD5 a94b78eb0be8070f2eae579b0eeb86e0
SHA1 bb5c0f613d60ce8866e8cc82e0e370b08a9bbfe5
SHA256 33fa7e801769a378fadf9b88fef4494aacbf802ea8ee732965382008115df91b
CRC32 02A4C322
ssdeep 6:l/uH+JrmhWlRMdNz1tXBf4aFR3Yi/taEAcjN7Cfs4jLDfdEquXM3ETuZvDCUVBnm:PrmhW8dl2+RAcjRCk4LDl+MlZveUHQV
Yara None matched
VirusTotal Search for analysis
Name b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 2664 (powershell.exe)
Type data
MD5 81ca4510272caf505e8091e9a28cb716
SHA1 71414aeec9f1e4a6f5a461b01700cc9cc992cd9e
SHA256 b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf
CRC32 FC31E90F
ssdeep 96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name e3b0c44298fc1c14_nsxEDAB.tmp
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\nsxEDAB.tmp
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name bcb93204bd1854d0_nsexec.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\nsnEEF4.tmp\nsExec.dll
Size 6.5KB
Processes 2552 (winiti.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 6c881f00ba860b17821d8813aa34dbc6
SHA1 0e5a1e09b1ce1bc758d6977b913a8d9ccbe52a13
SHA256 bcb93204bd1854d0c34fa30883bab51f6813ab32abf7fb7d4aeed21d71f6af87
CRC32 191C2880
ssdeep 96:DOBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+ugwEX:DtZKtrAJJJbP7iEHEbN8Ved0PM
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 836eb26b0e28d9fa_premeasure.bob
Submit file
Filepath C:\Users\test22\AppData\Roaming\Watertown136\Brevskolen141\Receptiv147\Premeasure.bob
Size 7.2KB
Processes 2552 (winiti.exe)
Type data
MD5 dcfcae752d9099a0e6ecb283ef6d7202
SHA1 0232ac9127c013d03d60a1367ec793097c51c8fc
SHA256 836eb26b0e28d9fa8dab6ee31c79dd276c17ae970375ee962868b791c0f6600d
CRC32 D6FE029B
ssdeep 192:G0415MdF5vDhMelHcXyjPYfSTPMyc07obKq9nEgi0WvHE:h41q1LjtIyc07cR9E+WvHE
Yara None matched
VirusTotal Search for analysis
Name 56e6165a2b5396aa_frasiger.ini
Submit file
Filepath C:\Windows\Fonts\frasiger.ini
Size 37.0B
Processes 2552 (winiti.exe)
Type ASCII text, with CRLF line terminators
MD5 2cb260c5458355e994a5f9598bcc1f24
SHA1 7222512306bf86f49868e5bd9b51bbedd950e6e5
SHA256 56e6165a2b5396aa43e06e8ebc3bf96ceecc0186577758a20a978c51e19b4e20
CRC32 14FC9BCE
ssdeep 3:aAVvJDAyS3Nv:aAFKdv
Yara None matched
VirusTotal Search for analysis
Name 957608d4fdf7a422_astonied.ini
Submit file
Filepath C:\Program Files (x86)\astonied.ini
Size 40.0B
Processes 2552 (winiti.exe)
Type ASCII text, with CRLF line terminators
MD5 05c70eab829786b13f4250010970e93e
SHA1 1f3e904027d380cb6fce257deb4bbe28626296dd
SHA256 957608d4fdf7a422674dc07bd33d9b698b1009e664de3a54f848d40dde234244
CRC32 5B15AA97
ssdeep 3:pUiNGxLSv:6GGVSv
Yara None matched
VirusTotal Search for analysis