Dropped Files | ZeroBOX

Name	f825dd89181e7435_d93f411851d7c929.customDestinations-ms~RF2359ea5.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2359ea5.TMP
Size	7.8KB
Processes	7144 (powershell.exe) 8992 (powershell.exe)
Type	data
MD5	`61d3b003e73f968491bb9de05318fcbd`
SHA1	`abb40732bf72a072c5b176449fdb8f1c56383e03`
SHA256	`f825dd89181e743525684aff8d99cc6d78046e461147c33b6f7a182b98c58ea9`
CRC32	`76116DE9`
ssdeep	`96:wtuCiGCPDXBqvsqvJCwoNtuCiGCPDXBqvsEHyqvJCworc7HwxGlUVul:wt7XoNt7bHnorXxY`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	b6ec96043dba7722_ibhhcdaf.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IbhhCDAF.exe
Size	32.5KB
Processes	8992 (powershell.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9ac835c38d4d0c6466e641427a2cf8f1`
SHA1	`108a8b5f1eaf9ef078a3dc0210e6aa961d6b3787`
SHA256	`b6ec96043dba7722cac4ed24b6979fc71a758bdf18ca44353c19194c172bf621`
CRC32	`4514B290`
ssdeep	`768:FrqQ7AmV3rjBkyo1bGk/8K9hWEZbcEtwTxC+YASD+3bUYlyKQ:F33k6ZEZuFCnARD+`
Yara	PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check ImportTableIsBad - ImportTable Check FASM - http://flatassembler.net
VirusTotal	Search for analysis