popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name d6431d5645fffd05_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 516 (powershell.exe)
Type data
MD5 260d23ce04a8f8555a73b7d2dc15e911
SHA1 ebad746fb7de847c50f7502a44f6e35534733efd
SHA256 d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588
CRC32 11D6B213
ssdeep 96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name 414a302889d0909f_h9sgxbz3.0.cs
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.0.cs
Size 433.0B
Processes 516 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 37f91c2e34b7139eb3fba18b5d19e667
SHA1 dca362e9e6cd5030a95ed1daf2b5ce60d4f4b352
SHA256 414a302889d0909f5e2b54aa66ee4a433d9237335da73688f34cd749409cdfde
CRC32 3338E525
ssdeep 6:V/DsDrSxh/eM92SRadPc8hAfzM92SRFo1cLDMezM92SRcBuhmwORX4tXROLtl5AO:V/DGrc+PP+kLucB4mwo4twekN
Yara None matched
VirusTotal Search for analysis
Name 746d7f28778f1dd9_h9sgxbz3.dll
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.dll
Size 3.5KB
Processes 2112 (csc.exe) 516 (powershell.exe)
Type PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6194704631c8d2b4174a63e2e31e48be
SHA1 fec723c515e3c2072fcf5281e3227d59b13fa9b8
SHA256 746d7f28778f1dd96008c44c419f78e4301008c927dd62e1463a63c967973b7d
CRC32 C16B4D68
ssdeep 24:etGScdBjEeK6D8lsckyTCMZkbdPtkZfujOz2UzRS21CfmI+ycuZhNMVakS/aPNnq:6M9lD8lsNyOzuJuIo2191ul6a3eq
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE32 - (no description)
  • Is_DotNET_DLL - (no description)
VirusTotal Search for analysis
Name 033c4957aede27f4_h9sgxbz3.out
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.out
Size 607.0B
Processes 516 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5 3dd911e1e079df41194daa89807859b9
SHA1 c851033aaf90a6fb0d8ee25ed1a0b387c0718425
SHA256 033c4957aede27f482394281d29b18d3b9635b507b66b8daaf51b8392e4686ee
CRC32 4EB25115
ssdeep 12:K4OLM9nzR37LvXOLMCZnPAE2xOLMCfKai31bIKIMBj6I5BFR5y:K+9nzd3BCZnIE2nCfKai31bIKIMl6I5G
Yara None matched
VirusTotal Search for analysis
Name 5c0534e666293ded_RESC8CA.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\RESC8CA.tmp
Size 1.2KB
Processes 2188 (cvtres.exe) 2112 (csc.exe)
Type Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5 ba3af587c19f1e12de8c214fc7b076e5
SHA1 6a843579d81a13e151d862e7fd63dc913190c897
SHA256 5c0534e666293dede4673ff95159ca4abff6400dd798bb020db54c81cf81cd23
CRC32 245A473B
ssdeep 24:HaJ9YernWV4mHiUnhKLI+ycuZhNMVakS/aPNnqjtd:fernWKmdnhKL1ul6a3eqjH
Yara None matched
VirusTotal Search for analysis
Name a9220271c0eb79e5_d93f411851d7c929.customDestinations-ms~RF1ddd2e0.TMP
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF1ddd2e0.TMP
Size 7.8KB
Type data
MD5 b0c9ff441742f3847ea27da9dee7f2cd
SHA1 c42a1eb32ba953a0ce5d8635caabf71b5b281495
SHA256 a9220271c0eb79e5750e0d0e62058ecac560e09cdf9e82ef61aeeabada5d48a4
CRC32 0BBCAB1A
ssdeep 96:RutuCOGCPDXBqvsqvJCwo+utuCOGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:UtvXoxtvbHnorrxQ
Yara
  • Antivirus - Contains references to security software
  • Generic_Malware_Zero - Generic Malware
VirusTotal Search for analysis
Name c1931718a9c21fe6_h9sgxbz3.cmdline
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.cmdline
Size 311.0B
Processes 516 (powershell.exe)
Type UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5 9810f847f2543b742a72e46b0d982470
SHA1 813f6592d730fa2f8cb7b51a9e8bba44412f6388
SHA256 c1931718a9c21fe693e2c5a34358a9bc5c3e63c6819d1f7f4ca35d9f7cdc66e7
CRC32 F3F401CE
ssdeep 6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23faEemGsSAE2NmQpcLJ23fa+:p37LvXOLMCZnPAE2xOLMC+
Yara None matched
VirusTotal Search for analysis
Name a28e7fd95c33428e_CSCC8AA.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\CSCC8AA.tmp
Size 652.0B
Processes 2112 (csc.exe)
Type MSVC .res
MD5 b56be9a8e97b5c0d6db59dda99fb8fb3
SHA1 16f0cbccd857f703831bb9f825aeba3391af9458
SHA256 a28e7fd95c33428ebde382e69753108ee5b9a696e06cfebd3e9918132ec10851
CRC32 90451ADF
ssdeep 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryqhjak7Ynqq/hsPN5Dlq5J:+RI+ycuZhNMVakS/aPNnqX
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14_h9sgxbz3.err
Empty file or file not found
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.err
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 8a367e4e3cba6ac9_h9sgxbz3.pdb
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\h9sgxbz3.pdb
Size 7.5KB
Processes 2112 (csc.exe) 516 (powershell.exe)
Type MSVC program database ver 7.00, 512*15 bytes
MD5 8fe4848bd02a20ac755a5839aa4c9337
SHA1 9aa447efcb2726831acc8fe515a1c00306a8689e
SHA256 8a367e4e3cba6ac9f984281b59370d05bb5ff214b0e0c085eac9e86c531fae47
CRC32 FB0E3C00
ssdeep 6:zz/BamfXllNS/lGS1mllxrS/77715KZYXxGQu+e0KpYXwGKoGggksl/cEDf:zz/H1W/lSXS/pw2qvRD
Yara None matched
VirusTotal Search for analysis