Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	88656f29e627bc26_sqkn.icm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\sqkn.icm
Size	550.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`f48bfa7b03789c722ef1c8ccf78b90cb`
SHA1	`cb88c9eae5c5b1d7b1f05d18a6cc7ebe71f53760`
SHA256	`88656f29e627bc26d1fd6045f2da0e32e0a946455a794f18b518c60d158d4c99`
CRC32	`05AF8D1B`
ssdeep	`12:oVUFkQzlkZ/kXyP69Ip+RWbP3zkZGLFe0Pj7RKB:as7zCZ/g99au6sGLFew8`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	d1084ba46861c57c_amjmp.msc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\amjmp.msc
Size	509.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`77dbf81c0922845cc8984c29501e1945`
SHA1	`5f51875d920f401c3b1817e852e185f063c8ebef`
SHA256	`d1084ba46861c57ca9f3d599dbe1d49ae6031ad98c0747eb9b5c487ec5ae0e79`
CRC32	`6E756BDB`
ssdeep	`12:0mRc6XjHAtECJ/GlaTRW5lFvv4jmtwn2AHfT:hc6XjHAtBJ/Gldwmm2A/T`
Yara	None matched
VirusTotal	Search for analysis

Name	8f08f76f718433cc_update.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Update.vbs
Size	77.0B
Processes	1192 (sbkgsc.icm)
Type	ASCII text, with no line terminators
MD5	`ce39e4e4599effa312dcdcc9d660d39a`
SHA1	`49ab0f4b6a340b8509b0d0b7f7e1e30f462c09d8`
SHA256	`8f08f76f718433cc4ba88def6e97f82c0bab3c83d18f7b77a9ec13c0f1cc880e`
CRC32	`7DEADFE0`
ssdeep	`3:FER/n0eFHEqN5AO3fqO5cH2La:FER/lFH16gfT7a`
Yara	None matched
VirusTotal	Search for analysis

Name	46cc529683933a21_uaajqsbbqj.icm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\uaajqsbbqj.icm
Size	95.2MB
Processes	3036 (003079999209.pdf.scr)
Type	data
MD5	`dc78eab453bdbc976ecbb28d451396cd`
SHA1	`794440bb7d17a88ecffb71f652790d3d218d5f20`
SHA256	`46cc529683933a21cc882f24926b31cfd5cfa918d55b14a76ea7072c0be8fdf8`
CRC32	`BADC9B69`
ssdeep	`49152:+8THF5cvm0/hPioETR2dHuqAUDsRi8oAlntEwE3gPFuWYehycmNCmX7IRWnj5jfh:Q`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	a0ec34f1c9f32fd0_blfmmts.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\blfmmts.ini
Size	612.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`3bba6d21195e95bea238f4550fcb2750`
SHA1	`68595ad472a79c3ed51c7f09782f893b8b52928d`
SHA256	`a0ec34f1c9f32fd088fb6e97a4aa87b23e92494de96ca1cb2d17db368c33b042`
CRC32	`02616909`
ssdeep	`12:DuQnc9YVaE5z8b5nRNEVRXQBPVnJk7xQlcqfWC4Y2Ww:DumUYVT8PNEVi7JQGbWC4YRw`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	a094f383234af797_deecshd.xl Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\deecshd.xl
Size	573.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`d8a42b474c0e7d7068b469b2b0a4773a`
SHA1	`5684f6825e0154bb8c7f64ce71ceb67705e0817e`
SHA256	`a094f383234af797d9cfad50a20065112c83297eb1271f0a12b12172be76315a`
CRC32	`2781B6D3`
ssdeep	`12:BYk3GnXWRQ88UY1B8sf9iWdAob3sQwoKbNC9rzjo5hmORc:B9sLEQUC1zjVgc`
Yara	None matched
VirusTotal	Search for analysis

Name	fa8a2af5930f1a6f_gfxglvhllj.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\gfxglvhllj.jpg
Size	33.6KB
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`cba5b72e53e518e8c15fdd3ea16e9cbc`
SHA1	`cd4ae731348b20359015233e57231dff454c4abb`
SHA256	`fa8a2af5930f1a6f78c2675ddb97ab938e040c004ce01f93124230a362b5ff4a`
CRC32	`F9AF3DA2`
ssdeep	`768:NUJjohN+UE3DhXmc33w9nakPtmVCZIB/WNPDwqA5/ug+NKACng:tT+UE3Nmc33CnBPMsZIBeNLvOj9Fng`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	15ae7b778978a9dc_kwbxu.icm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\kwbxu.icm
Size	538.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`2d7102fa207ec6df178bc62c42857922`
SHA1	`72f9734d0c453723719b9000d44833a76a071682`
SHA256	`15ae7b778978a9dc949fa0c1d1bc46fd1b88bed701d5de93adcc070daebcb622`
CRC32	`8C8C0097`
ssdeep	`12:cBdwWgP4T0nTwhKsWXmKqsxBqY9OEED8MZQ6tVlJ:cTjeW0TkKsfK9n2EEDfZbtJ`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	875a33e1d2806026_fgxvowklv.msc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\fgxvowklv.msc
Size	538.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`026f088e88afde3005bf53cbbf689efc`
SHA1	`ae81536a986c7860cfc4bd0bbeffe5217a0eef88`
SHA256	`875a33e1d2806026c9072c8083c90a6896ec45ec9b94deec90bb5a0c05a0f3cc`
CRC32	`29504DF6`
ssdeep	`6:VLu5XjcptegaX+GTXJnX0NMuHwgyfmU33zUokY8TydojNjnGXAm1Fi03oubawl3Z:ZpE+GzfPzVkSMns8goubawlbMzBXI9v`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	fadc9ec235d276fe_hvfcjfmt.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\hvfcjfmt.docx
Size	518.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`838f6912bd4d3d84c4bde557cda340e2`
SHA1	`794629f345ce3d3af7bf60d29edaa1d9bf1c447b`
SHA256	`fadc9ec235d276fe4cf90083d63f2f1f8aa8bef8813da2d81548574a5b59b30c`
CRC32	`5D1B8724`
ssdeep	`6:F4XUVeVy1wYTdDiUkOQfWXRuv7GFfkPhwjLWwmTzRaadf/K/oTQy1pBpO8musARD:neVAbdDiUHQuICFfkWIzAWfiACusX2`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_25274843 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_25274843
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	39c869da478c661d_uawqlglifq.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\uawqlglifq.docx
Size	520.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`3bad196064b9a473a88d1be7715e1806`
SHA1	`a336605b741a9723563c68495408a4d6f8bcd454`
SHA256	`39c869da478c661dca41634bd5d1437157c4478073b9b214f1ef006a7d23b818`
CRC32	`29D3CA1B`
ssdeep	`12:AkRwggF1I4/FLmj2CkkKVy1HpjELQckD3Q0P7:5Rc/Q2CRHLjELQcmAW`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	7e2ac276aed67e7b_hujrofphcw.mp3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\hujrofphcw.mp3
Size	587.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`54417fe410514a344eff6d9b59b53cc0`
SHA1	`ab8d9fd63edaa8e1249fd7de474e7b1b9b463f34`
SHA256	`7e2ac276aed67e7ba2f8f5f692d0a59259162348d97d04e97f3a5c45ec89d4fb`
CRC32	`278A3686`
ssdeep	`12:UQ7C2yj1VPlzhZPBGhL+8R/KmBcYPixzGd0tU8Z:U9ZJzNWhL+8VKm+YqxCd0m6`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	bb9181b3935b8681_tmp5AFD.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp5AFD.tmp
Size	1.3KB
Processes	2444 (RegSvcs.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`be81f72fa4dbc827132836ee2af92c96`
SHA1	`fe5ded04ab4932dea6cf414e9e4428f43da70d03`
SHA256	`bb9181b3935b8681a71b578f8166883e61380de6181df82d05f14829323fbf0f`
CRC32	`7AA438E3`
ssdeep	`24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rb5xtn:cbk4oL600QydbQxIYODOLedq3Sb5j`
Yara	None matched
VirusTotal	Search for analysis

Name	c74419f15fc80e65_ixbmsvfb.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\ixbmsvfb.exe
Size	502.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`a5b265b8175ab3d6ab1e80853043be73`
SHA1	`c6cdada89894bb88435b0077599aad89a591e141`
SHA256	`c74419f15fc80e651dd0923c195c956789a53c3c13a310c89a2541c7445e28a4`
CRC32	`90EEE994`
ssdeep	`12:290idUyRjCCgnppVxvjPGfnuzGSv/TH63LgDGIC:W+4CCgbifzSv/G7D`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	7381953c61b932d9_rpfjsw.pdf Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\rpfjsw.pdf
Size	530.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`f93429c21ea78905fa3cbba0aca8dd96`
SHA1	`7f6d136f5d2a0295447f1a30095b30fdbe3efc3a`
SHA256	`7381953c61b932d9787f5ea2f5f962026646000d7ede887a73f36439e4fb2d59`
CRC32	`0A1A1840`
ssdeep	`12:L+H1jGJNZWwoKU2NXEKvU4dRVD4+XrzgfHWGAGNv:6VeNZTU2KKJFEoS2GAGNv`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	8f247def56f10988_hilejmt.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\hilejmt.ini
Size	541.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`aac3a919fe9e835114f803f41bc368fa`
SHA1	`92bd63b24d2058dfee5a75a1e889d72f02bb5f2e`
SHA256	`8f247def56f10988a339e13d8f172860a7ed21d5d43a39401e79ec96e7c42dd9`
CRC32	`1BD35BB3`
ssdeep	`12:YUFPV5EpdP9RJzzDBnP0VK2jYSYIEjkZLkZQWAj5U:R2pDVmxj3Y34ZYn`
Yara	None matched
VirusTotal	Search for analysis

Name	0c837834eaa09467_task.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\task.dat
Size	46.0B
Processes	2444 (RegSvcs.exe)
Type	ASCII text, with no line terminators
MD5	`32a51aad37a21f794b1d7c67c9cec0df`
SHA1	`48d0280ad94917b551b04c27955487bef3b61989`
SHA256	`0c837834eaa09467f659d6287a2062f9d3bce39790319a99432ff4941d594873`
CRC32	`F378DCF5`
ssdeep	`3:oNmWxpcL4E2J5xAIwGMNn:oNmQpcLJ23fA`
Yara	None matched
VirusTotal	Search for analysis

Name	0aad01ec6ca718f7_update-tv.p.vbe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Update-tv.p.vbe
Size	37.6KB
Processes	3036 (003079999209.pdf.scr)
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`5290d28edd31502cd7d6f0efecf4f611`
SHA1	`1398e1d07a7772338fd3d56af5c59b593863403c`
SHA256	`0aad01ec6ca718f76b11c2db62b4542494bd8927ede872d804809a2f87000be8`
CRC32	`C6A9679B`
ssdeep	`768:YCKp0HCKp0sCKp0aCKp0jpCKp0HCKp0wCKp0jfCKp0k:YCKUCKvCKZCKEpCKUCKzCKEfCKJ`
Yara	None matched
VirusTotal	Search for analysis

Name	e410561b1e4dcf68_oqltd.xls Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\oqltd.xls
Size	571.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`09d8e0f7ef07890b19b4404d07059375`
SHA1	`68abfaa4dfc9e4e70db0236b75f1173e22e141bf`
SHA256	`e410561b1e4dcf68becc27bdba69543dc84d372bbed3a73006e57f8ac634bc16`
CRC32	`5E53C639`
ssdeep	`12:EQstebYo5KDoUZZam4aQZaGWcuIl7XTPeVdfvas8:EQfbT5+N4aQZ1Wcll7XTPeVdT8`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	78718301ebb7d0f8_qqumqs.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\qqumqs.jpg
Size	633.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`83ee343f3d8d729f68a7f968e9af03a0`
SHA1	`6a558605c2dd8e92a09a1d9379ce9129bd4d2a09`
SHA256	`78718301ebb7d0f8f6aed94f43917e33de6b81be3a33ce37bc33f14953ac9d5e`
CRC32	`D6ABF2A2`
ssdeep	`12:cKRq/W1TvU9+lNYmv/U6gi3yPyjw77ENhMRgp6tE9F7wC:LqCT89+zBU68HnQhMRgp6Q7wC`
Yara	None matched
VirusTotal	Search for analysis

Name	b5068abc64476d3d_dhfgc.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\dhfgc.xml
Size	571.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`6d12badcc37c1ad43043bf2eecff4f00`
SHA1	`b9dd28ef9d9f01e3d58ac57f17503bf1aec0b488`
SHA256	`b5068abc64476d3dc813bd1992bcf62c64ca718b6868c43c9c7ab5fb459ec152`
CRC32	`E3F54952`
ssdeep	`12:noye3y6AhZxooVt9MEz8czfyVHRreXd7IxdOMTy2SIaElfRk7zjTJ:YzAfxo6QHSt76nSIjXafJ`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	3ff5b01f26b6ffcc_eiwnoa.msc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\eiwnoa.msc
Size	640.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`06848be7e1c817fda64f5546718b6d83`
SHA1	`2f25b797870d4f7b1ecd99e6d7d46943a66aad46`
SHA256	`3ff5b01f26b6ffcc3f03cbdafeee724e8e3c42834c406d2ba3b35fc7db2dd595`
CRC32	`DF6E6479`
ssdeep	`12:lf/7jb80RVV0tFBYyEWmuWM10jrijdd1yTdAzgt4CKmjxGN8GviyP7:lf/7UgVV0tFBzE/M1armbYtdGNJx`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	9dc2d8881d7d0766_ghooc.ppt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\ghooc.ppt
Size	508.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`a9b5562f07f5bfdd0f4a97eac9721e40`
SHA1	`ca0024d42714b0e7d74f487c5e1e006b68d09bcf`
SHA256	`9dc2d8881d7d0766e1b43bba9591c854c4133a85b310a3b3e45fbd7a169874f6`
CRC32	`1107BD6B`
ssdeep	`6:VcVA3NsxdhISBySbjLW7W2/TptI4iP1cQ3mOcW2c1Su+XaHKMc1BLWXe1Upvmywk:c2NsTySb4WAt0W4DR5yKD3Fm8JJ`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	e79d012c1aed1e52_run.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\017BD04F-B3BF-45B6-8167-9E8F41FF87BF\run.dat
Size	8.0B
Processes	2444 (RegSvcs.exe)
Type	data
MD5	`e997234529631dc22b4a07e10b529436`
SHA1	`c1a0de6356f7d4ef6483f3d01f3f0bdd61a067ca`
SHA256	`e79d012c1aed1e5291e4db5ae7cc9ba8784fa924625a27064f36326c02a1539c`
CRC32	`CEFB8EEC`
ssdeep	`3:09+tn:0ct`
Yara	None matched
VirusTotal	Search for analysis

Name	dbd7aa72ae28a238_aldrn.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\aldrn.dll
Size	549.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`6c84590fd861e185d5e7a61b037a2797`
SHA1	`88d8ef4003945644bfe3b9991f5ae676c8fe47ae`
SHA256	`dbd7aa72ae28a238b760e76199f1bc199a4fbc1f19b5f5a930c66b444cad7784`
CRC32	`9C05D852`
ssdeep	`12:1nGKku09x93f5mUqPvocy/L6k8BdWTWAi:1GPx9v5HNL6pBUTZi`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	cfc03a739220bef4_sbkgsc.icm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\sbkgsc.icm
Size	888.6KB
Processes	3036 (003079999209.pdf.scr)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d70543055e19b63641c7d5cb908eaec7`
SHA1	`c4ce358b96accf34b885b56e49f242b847fbdc6b`
SHA256	`cfc03a739220bef4f9bde940b1ceea4e3041dd7c1129c72f0eacc25cd76d0106`
CRC32	`E6308B59`
ssdeep	`24576:sYgAon+KfqNbXD2XJ2PH1ddATgs/u2kaJml:s37+KSbq5e1diEnHaJo`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f5f83a1ea0280d69_amsp.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\amsp.jpg
Size	563.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`5b1a8b3f58ebec65dbcef508175ee501`
SHA1	`66266655546bf95fa7e63b32276d7cfc80ef7851`
SHA256	`f5f83a1ea0280d69d8c4a6edf567625b7bb09ab7f56e57ac9ca594a44d38809c`
CRC32	`E7403D10`
ssdeep	`12:EmlBPsY/WRryQPbfHhYaennidP7bk1BqJGUA2Rc:EmluY/IPPbfBuni9aUvc`
Yara	None matched
VirusTotal	Search for analysis

Name	c36ab00ab10d8fa4_rvmbjhe.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\rvmbjhe.dll
Size	525.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`f100ec645c781a378bfa314ff113ef67`
SHA1	`fa1043be834f2af0650bd47ad2737fd769cf4444`
SHA256	`c36ab00ab10d8fa4201eea9fb42171581bc68d863d0095e13f6c7bdb0e3aa8f3`
CRC32	`A02BB186`
ssdeep	`12:RZGJFDQRFx7vouYCr56YuYBPlswrPWtLBBsAWI:RZ4QdTouYK5sYgw7WVBBgI`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	adbc6260451c70bb_uxoaapjcqq.icm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\uxoaapjcqq.icm
Size	567.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`ffb79801abf241304a2eb6e0b043f1c4`
SHA1	`9299aefd143b8be687eaf76a8d25c27109111cdd`
SHA256	`adbc6260451c70bb95ce8d7d33ede7966ed731839282d327eede959a71113390`
CRC32	`1B9DC37A`
ssdeep	`12:pm7MSmlh4h9ORG0iPr3zLS++UdzwbGX8i7CoXzqSHi2U:pmgV69gG0iTB55C+3z5i2U`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	b15408923545610d_halcnt.msc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\halcnt.msc
Size	575.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`cb2567b0c125699f42b06b71b49419f6`
SHA1	`5b673e6688ed5990bc18b09e4c8d814b2f77b560`
SHA256	`b15408923545610d6e1cf144b9f1ceb6552e9c367bedb562f02fae1752080d6a`
CRC32	`14A61C1E`
ssdeep	`12:rSIsPv3HCNSWG2Fa/VKCZjX7bEKhxUALMDPOW5mw0aH+tE:rSIU3HgSWG2FkjZjvvUALyO3pu`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	9881c6f2ffd7e797_bjhqdmlqli.msc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\bjhqdmlqli.msc
Size	565.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`5ff6d9394c8fa56e9f14076b5477feeb`
SHA1	`86da5eea34b0c2031cdd3f6b362aeff8d1289c20`
SHA256	`9881c6f2ffd7e79780a924814efab1977059ea6d886ec0fee79767a6bbd600c7`
CRC32	`24240676`
ssdeep	`12:t9Ri6V2ceadmovRzBP1py0dIApg1dRbqAbGokT9J:wbce7YzdDu9qjv9J`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	8245a77bc68a9b14_clrji.qws Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\clrji.qws
Size	398.0KB
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with very long lines, with no line terminators
MD5	`c652d22b20629dcd29146b09ff90c5b7`
SHA1	`fc05a29d60e34ed153bf5c5b257460b85967bd0f`
SHA256	`8245a77bc68a9b141b318066c6bd305825aa175823d7bf6a6d1b79db198a328f`
CRC32	`46428FE5`
ssdeep	`6144:h5VGMBJRvgr09nZi6P9EzE9vxnFlIOrMM:hWAZ9J1EwXIU`
Yara	None matched
VirusTotal	Search for analysis

Name	a7f89c6e572be6ae_uwtapxslt.mp3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\uwtapxslt.mp3
Size	552.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`bdc3edc6d93e18d659f4bcb59f5c330a`
SHA1	`ad8e28db8974ee656b7648b046fccc34b7f5ec53`
SHA256	`a7f89c6e572be6ae696455d0660aea775ac9ffaaa9cc125fc03ce916fb46bb6b`
CRC32	`9D64B31E`
ssdeep	`12:0wT2mxS9RotBRNw16QYUUkC2LIp5pAS2d24aRc:m3ofRNLQYUUSIp5pV20c`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	b42692c47bcb7893_tmp59C3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp59C3.tmp
Size	1.3KB
Processes	2444 (RegSvcs.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`3a2a7814190803f46909c469f396ccac`
SHA1	`7dc30866b97ddcf22dbb675fc339647e5f109031`
SHA256	`b42692c47bcb7893e87e64140c6bad32c4c42622423d6f499733760b7999721d`
CRC32	`997FB062`
ssdeep	`24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Zkxtn:cbk4oL600QydbQxIYODOLedq3Ykj`
Yara	None matched
VirusTotal	Search for analysis

Name	1db824aaaa4af14d_gfxglvhllj.jpg Submit file
Filepath	C:\Users\test22\temp\gfxglvhllj.jpg
Size	68.0B
Processes	1192 (sbkgsc.icm)
Type	ASCII text, with CRLF line terminators
MD5	`d1b04f0846a038467686c8af04e4d806`
SHA1	`1b2f6b3c5953a637774d5e3c8427e2532047f450`
SHA256	`1db824aaaa4af14d75400e435c1afba1f5f61468b9ade13c39d94b7b5906b6fc`
CRC32	`587FA135`
ssdeep	`3:YRRvufmAvu5JXRGdY2zi1OCufy:AvIHri1O3fy`
Yara	None matched
VirusTotal	Search for analysis

Name	dab1a9ad6ba571e8_mkivd.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\mkivd.docx
Size	522.0B
Processes	3036 (003079999209.pdf.scr)
Type	ASCII text, with CRLF line terminators
MD5	`6578a27127c186d2d09dafaa9634d623`
SHA1	`5a1cea6a3d30ee7f7d6e0759712656e942a35fb1`
SHA256	`dab1a9ad6ba571e8c0f195e99131f1128f0a614eea882c1db75adc5025bd2de5`
CRC32	`951EF2A6`
ssdeep	`12:5tIL0h7VyTPrBPsAGNaIxHLoEcmszGdP0nZb0:LIgBEvWAs/xk1msqdP0nl0`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis