Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	dae22f6062a6f3f5_8ax4pzbz.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8ax4pzbz.pdb
Size	7.5KB
Processes	2476 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`244fa486de66dbe48e0fdfa04398e34f`
SHA1	`e21ffb3a20827ba553d178b438a7f41f75ec73be`
SHA256	`dae22f6062a6f3f5865d94363d798019356640927467b01d52039aca84ce6bb8`
CRC32	`B27FAFF4`
ssdeep	`6:zz/BamfXllNS/FXJR1mllxrS/77715KZYXxGQu+e0KpYXUXJRfoGggksl/cEDf:zz/H1W/rSXS/pw2qZRD`
Yara	None matched
VirusTotal	Search for analysis

Name	c838b31ff2bb5439_hawz4wth.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hawz4wth.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`715eba6c1c91c7b1b8bdb13b1d82d1ae`
SHA1	`b708afc6d5c3f9df875a1d309817a6b036d9fe7a`
SHA256	`c838b31ff2bb5439dd574111cdcf3a9c94acde2ef1a189b11b63a928145776e2`
CRC32	`323BBE81`
ssdeep	`12:K4OLM9nzR37LvXOLMBLnPAE2xOLMB5Kai31bIKIMBj6I5BFR5y:K+9nzd3BpnIE2nPKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	e0b59d61a08c7d9f_v-jjopqs.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.0.cs
Size	266.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`6878d161052363f2602899887b045962`
SHA1	`f4b297e71671846e5d2bf7ff74b6bac1651487ad`
SHA256	`e0b59d61a08c7d9f70cc4b59f362a562983482aa3f34508964acd5f8ede2c978`
CRC32	`115C577F`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatl2F/PMG4SRNhPKrQKzy:V/DTLDfuBphILmj/PvKjy`
Yara	None matched
VirusTotal	Search for analysis

Name	1cd64fff00d7c14f_mimxjfes.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mimxjfes.dll
Size	3.5KB
Processes	552 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9b0e67a981c8f8235128f4ffff390ee2`
SHA1	`8590a3b75164790306e0c1625ae3c2fdf9ba7a2b`
SHA256	`1cd64fff00d7c14f65a916595d2ed485fcb048007e8e832a81d63c24b0247486`
CRC32	`14C38D25`
ssdeep	`48:6wnaW62wAOjuJVKXLM9I1ulslk5a3llkSq:taW6DTpamC5KlC`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4e5dab4f8cd2c02a_sophia.json Submit file
Filepath	C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json
Size	138.0B
Processes	2656 (AcroRd32.exe)
Type	ASCII text, with no line terminators
MD5	`48707064b83f43ba0abe464881f41fa1`
SHA1	`87b75b4aacda3444d659fc557861317eecc042a5`
SHA256	`4e5dab4f8cd2c02a3958eb48175cebacba3a2a16c442fb582ee06c6e069773f5`
CRC32	`947B8836`
ssdeep	`3:YEH5chxs2H7GxvBxs2HOx9xJvDTHWeiXx6KtETfn/GzNLV6n:YEcZqxvHZOvGeIOTfn/2Nsn`
Yara	None matched
VirusTotal	Search for analysis

Name	3d0cd0e38b412919_pfywdxbj.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pfywdxbj.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`672215148c8adc08c70cf6c050edd1f4`
SHA1	`42d66d626baa37360019db720b981e107404006f`
SHA256	`3d0cd0e38b4129198fdd4896e6f0755005347adeedeb71fbdc0378b8a9a2c93b`
CRC32	`81B49C2A`
ssdeep	`12:K4OLM9nzR37LvXOLMBLmnPAE2xOLMBLaKai31bIKIMBj6I5BFR5y:K+9nzd3BBLmnIE2nBLaKai31bIKIMl6v`
Yara	None matched
VirusTotal	Search for analysis

Name	d40865563a55558a_ojtnpej4.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ojtnpej4.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5a3083367e65a6310dbbe8a49fd070c2`
SHA1	`bad4f55e492a70e7fe321ad1df37ddae1763ec0b`
SHA256	`d40865563a55558a9e85ecdf3f35a06de7611fbc036b14fa1a386d5c55e85984`
CRC32	`3EE31E15`
ssdeep	`12:K4OLM9nzR37LvXOLMtenPAE2xOLMQKai31bIKIMBj6I5BFR5y:K+9nzd3BtenIE2nQKai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_v-jjopqs.err Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.err
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	546f68e521b7da72_ojtnpej4.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ojtnpej4.dll
Size	3.5KB
Processes	2220 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b34a25aa8325c8f9eb825269d9d536e9`
SHA1	`3103e7641a4640ac80dd5dbf52dfd78bc4336253`
SHA256	`546f68e521b7da72dfd63432b13925f366f215015fb00609b00e976b740e38aa`
CRC32	`DF5E6FB9`
ssdeep	`24:etGSYNiGTnylqsanvqh9vbALmzCrbdPtkZfUiIQUmI+ycuZhN0akSQPNnq:6rdqnSTAwKuJUi3n1ul0a3Iq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a56ef879ef71d371_RES643F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES643F.tmp
Size	1.2KB
Processes	544 (cvtres.exe) 2376 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`0a7b6c7cce812b24b0d90a95a6558f88`
SHA1	`10c47e3a291bc27c06eb10802e553b03d6539748`
SHA256	`a56ef879ef71d37114e6b249d1ef357e8378dcaa1babd9360b988f46ffa75326`
CRC32	`045220D4`
ssdeep	`24:H/FJ9YernQPmHWUnhKLI+ycuZhNoakSkPNnqjtd:CernumhnhKL1uloa3kqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	e5231270257f1727_ojtnpej4.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ojtnpej4.0.cs
Size	259.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`560e1b883a997afcfa3b73d8a5cddbc1`
SHA1	`2905f3f296ac3c7d6a020fb61f0819dbea2f1569`
SHA256	`e5231270257f1727ca127b669a7c21d46ced81cd5b46e89c48dd8304c1185bea`
CRC32	`7A3E756E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlJOmMG4SRNLGeUy:V/DTLDfuBphILmIFGeUy`
Yara	None matched
VirusTotal	Search for analysis

Name	99205811b6946909_td2iyjiy.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\td2iyjiy.dll
Size	3.5KB
Processes	2376 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5f483b46146ac99f7299093f5a006614`
SHA1	`0c8b3260d909519fb841fabf5ba634eb8ba0ccda`
SHA256	`99205811b6946909e29b2866f9092f0cbbedb00e43752cf42d2d77b89bed5000`
CRC32	`1FAB5956`
ssdeep	`24:etGS1VN6G7nLsKpHq7sEz2jALmpbdPtkZfTmj6u0XGmI+ycuZhNoakSkPNnq:60iHq7sVjAuuJTmmPt1uloa3kq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2fd3cecdbb695eeb_mimxjfes.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mimxjfes.0.cs
Size	260.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`ab433c5b349bbdb7b39a8ecbf2d4d177`
SHA1	`62bb79ef48853999a685b6552a75fa036677a374`
SHA256	`2fd3cecdbb695eebeb546d2a81c101c45cf18b6186b2650587b51e9c78947d16`
CRC32	`B571EFD2`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlpMG4SR7xRlXMNdFQy:V/DTLDfuBphILmi7xRNny`
Yara	None matched
VirusTotal	Search for analysis

Name	31596ed5692ca5cf_RES65F4.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES65F4.tmp
Size	1.2KB
Processes	756 (cvtres.exe) 552 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`ba66e55c7bea6e72f3e2294a293591cd`
SHA1	`5fe6a4cf4ba4c9b8ee17deab8bb95598b215eaee`
SHA256	`31596ed5692ca5cf1c2040baafcd3effc33ecc3e0d9015f8b06028952b726820`
CRC32	`3B503099`
ssdeep	`24:H/FJ9Yernd57hS3mHuUnhKLI+ycuZhNslk5akSllkOPNnqjtd:Cernd9YmJnhKL1ulslk5a3llkSqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	399592b4148ecab5_pfywdxbj.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pfywdxbj.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`bf6dbb42f29a874a5b32e05eec3fad3f`
SHA1	`5a89417cdab9496e9fa5a6e49306fc7de3844288`
SHA256	`399592b4148ecab58d13cfbd9b96f3c1cdf80e7ef9548b3514d68d6887e1dd34`
CRC32	`257C6A9E`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fz1LmmGsSAE2NmQpcLJ23fz1Lb:p37LvXOLMBLmnPAE2xOLMBLb`
Yara	None matched
VirusTotal	Search for analysis

Name	41f24f3963e0d6a8_ojtnpej4.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ojtnpej4.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`06c4cbf5d183ab4ebbdbde6abcc81f82`
SHA1	`f9fd85e3ade155ed808dddf9419ac8e9db2d77a3`
SHA256	`41f24f3963e0d6a832572d0c9c6b389d45b9f1e423d6609a18710b17327094f5`
CRC32	`73165BC9`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23flemGsSAE2NmQpcLJ23f9n:p37LvXOLMtenPAE2xOLM1`
Yara	None matched
VirusTotal	Search for analysis

Name	cb20bebe0b2a6c87_CSC6920.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC6920.tmp
Size	652.0B
Processes	2908 (csc.exe)
Type	MSVC .res
MD5	`fa94a06191b45889089db95537d17b98`
SHA1	`7a56738bf9e2cb6926e52094f4951e937d9bf5a0`
SHA256	`cb20bebe0b2a6c87365b90a1e164251dfa72e287f20e6ff8af047b33ecb3601c`
CRC32	`BD4549D5`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry6ak7YnqqYPN5Dlq5J:+RI+ycuZhN8akSYPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	43156261b5fced70_8ax4pzbz.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8ax4pzbz.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`f4754c62a09232b72b977cca745d4bb3`
SHA1	`3d0dc557f544f1f6638923c44304721f8a53e210`
SHA256	`43156261b5fced70ec9be875934d1ced7a35fe2c455ad863321e21cd32886f03`
CRC32	`4885D7F9`
ssdeep	`12:K4OLM9nzR37LvXOLM2inPAE2xOLM2OKai31bIKIMBj6I5BFR5y:K+9nzd3B2inIE2n2OKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	0e21f3e2dd1a342a_v-jjopqs.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.pdb
Size	7.5KB
Processes	260 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`1038d6059d899d09d8eaf1e11566ff1f`
SHA1	`0388842c9a6dcceb1c27f1a94cc480135b254dbf`
SHA256	`0e21f3e2dd1a342aa62675d79eeb2c75b045d44f491e0145480b63c71909a849`
CRC32	`5D076C9E`
ssdeep	`6:zz/BamfXllNS/8OYT01mllxrS/77715KZYXxGQu+e0KpYX9OYTy3oGggksl/cEDf:zz/H1W/OcSXS/pw2q+MRD`
Yara	None matched
VirusTotal	Search for analysis

Name	b228a66a0f8e47fd_8ax4pzbz.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8ax4pzbz.dll
Size	3.5KB
Processes	2476 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e0eb244d0aaa66b4521ef55d260ea21f`
SHA1	`ca2b5d30e06b458ae2f48bb3624c1c85dfd1a9b7`
SHA256	`b228a66a0f8e47fd55dca73ab301281151a7b366def8dd2303948f4e24b334ad`
CRC32	`BE5FEBAD`
ssdeep	`24:etGSit6hmSlTA0VIluJ9/e87ALmpbdPtkZffDwfNZ92qmI+ycuZhNkD+akSXDfPE:6NH5HJR7AsuJfDM92Z1ulkCa3Xpq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	81ff65efc4487853_testing Submit file
Filepath	C:\Users\test22\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING
Size	4.0B
Processes	2656 (AcroRd32.exe)
Type	data
MD5	`dc84b0d741e5beae8070013addcc8c28`
SHA1	`802f4a6a20cbf157aaf6c4e07e4301578d5936a2`
SHA256	`81ff65efc4487853bdb4625559e69ab44f19e0f5efbd6d5b2af5e3ab267c8e06`
CRC32	`FF41D9ED`
ssdeep	`3:e:e`
Yara	None matched
VirusTotal	Search for analysis

Name	a2039c65f42960c7_v-jjopqs.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.dll
Size	3.5KB
Processes	260 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6fa7ffaa1fa41c35e684bf9f061c6ee1`
SHA1	`56e829a596f610d42616ee38c7c4ca074f6281ff`
SHA256	`a2039c65f42960c78ecc3e1efb519062b4b9444e86fa9eb34f7b28d3c323afe9`
CRC32	`36627BCA`
ssdeep	`24:etGSida2SEPs7Rch/hnhrDs8QALmfbdPtkZfC1u74AomI+ycuZhNSakSaPNnq:6h5io2pnxCAyuJUc4AT1ulSa3Wq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6ad87170880f4573_mimxjfes.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mimxjfes.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`547c0a6312616945c5421ad544ea97ad`
SHA1	`bfba6b81c7b7001f7829b9ceed4e8b4bad47056b`
SHA256	`6ad87170880f4573fe737043df0d7ae10b0f1a9eaace12992a09493de846252b`
CRC32	`BECE2944`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23flCmmGsSAE2NmQpcLJ23flCV9:p37LvXOLM9/nPAE2xOLM9W9`
Yara	None matched
VirusTotal	Search for analysis

Name	4c13b7c8f6de7ad7_hawz4wth.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hawz4wth.dll
Size	3.5KB
Processes	1104 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3603d47c683d6551663612c9b70870a0`
SHA1	`167f603901e4580bd5fcd1de6eafd20d01f24380`
SHA256	`4c13b7c8f6de7ad7c5e1194f80a77be5dfbe682d5429a9950d9229a596fb6a0b`
CRC32	`CF963AD3`
ssdeep	`24:etGSYNiGTalq/UopP/WswNALmgbdPtkZfzhc6+Q+O3NXmI+ycuZhNU2akSHnPNnq:6rlopWVAHuJzhv+m21ulU2a3H1q`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	53d5aecb149a00bc_8ax4pzbz.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8ax4pzbz.0.cs
Size	272.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`4de985ae7f625fc7a2ff3ace5a46e3c6`
SHA1	`935986466ba0b620860f36bf08f08721827771cb`
SHA256	`53d5aecb149a00bc9c4fac5feb8e5feddf5c83986c12d5fef1c3ddd104b09004`
CRC32	`6DDBA2C0`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlfMG4SRcBeN1jVQO1OaFFQy:V/DTLDfuBphILm4cBeN1fOaIy`
Yara	None matched
VirusTotal	Search for analysis

Name	a1c2f2b868132943_td2iyjiy.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\td2iyjiy.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`0be3671b55bc4af24de9381b424a0b18`
SHA1	`998572b1d7fed8fa7fb6a3abab03ea73fdf09abe`
SHA256	`a1c2f2b868132943cbf8e5f50bc83483ef34414a5f9a3506358bc7492794f6a1`
CRC32	`6BD1DDA3`
ssdeep	`12:K4OLM9nzR37LvXOLMtQnPAE2xOLM2Kai31bIKIMBj6I5BFR5y:K+9nzd3BtQnIE2n2Kai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	fbb9228f8b977ba0_정책연구브리핑 22-15 미ㆍ중 갈등시대 중국의 통상전략 변화와 시사점.pdf Submit file
Size	1.2MB
Type	PDF document, version 1.4
MD5	`e5cbf56599f4649163a6f5d5db8deb88`
SHA1	`3d5b11ab3d3249db853a96c87ec14188bdade40e`
SHA256	`fbb9228f8b977ba00314ffd0f4644deeaab4f37eb2a49137435193d7fadfdc0b`
CRC32	`FB51F41A`
ssdeep	`24576:rKRluuFLcJLfnhWnLS98aLfKwNUXleXR9zYkh5kx94vyD223l9xY:uRdqG+iwgMYkMcyNg`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	53512f9eba206491_v-jjopqs.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`9ce91ab162a56c8d8925f03f47743e47`
SHA1	`4f1ba42109a04231ed8f7fc8dfd4e2efb3c1c8f4`
SHA256	`53512f9eba2064915977d71d5d621edbc6407d91ce184d0a359550610bd7dd96`
CRC32	`47AEAB92`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23ffwmGsSAE2NmQpcLJ23f/x:p37LvXOLMQnPAE2xOLMnx`
Yara	None matched
VirusTotal	Search for analysis

Name	e55c55f15f9e5b9c_hawz4wth.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hawz4wth.0.cs
Size	259.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`624d38f949255fad5fd21fae98c85e9a`
SHA1	`c2e47a872b087739aef41f31687739f7bbb23b44`
SHA256	`e55c55f15f9e5b9c981b414091500e29c800cad8fddaf14714d5e78a8af4e7bd`
CRC32	`2D4769E6`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatl+OmM7mSR1RxXi3FKy:V/DTLDfuBphILmQ3ddS3Iy`
Yara	None matched
VirusTotal	Search for analysis

Name	7dd84cc7d8271a88_pmtrd.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\PMTRD.bat
Size	4.7KB
Processes	2260 (powershell.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`5f9e0afb3503d909984b3b30d038bdc5`
SHA1	`8baf977afc5d5d87eefc3178c76e0a281a15f772`
SHA256	`7dd84cc7d8271a88063ce1ff1f1abe74c8e5b33301cb957b951161e6fe1b73fc`
CRC32	`ABE23913`
ssdeep	`96:r3UaZFF5khGbjiju0cCVyIQBbnuREIeNdT:rkguPjR7VyxBbnuREIaN`
Yara	None matched
VirusTotal	Search for analysis

Name	7303b244cbac5ef6_CSC6298.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC6298.tmp
Size	652.0B
Processes	2476 (csc.exe)
Type	MSVC .res
MD5	`fb443f840a7e59b5e6bc5b2d58e3ce15`
SHA1	`76ebd934752b5a604db0e385fcd3901866c01aba`
SHA256	`7303b244cbac5ef652d10a42e0f231bebca3185df9564e9215aafd2920ae0738`
CRC32	`A7A94A82`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grySD+ak7YnqqXDfPN5Dlq5J:+RI+ycuZhNkD+akSXDfPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	38f8106f1774ffa6_RES62A9.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES62A9.tmp
Size	1.2KB
Processes	2352 (cvtres.exe) 2476 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`f1dec57e34b323c56df885b67dcd7385`
SHA1	`fdcaa5f120d6f31f710774bf6e1f3f709a3cc8e7`
SHA256	`38f8106f1774ffa6a22e200d07c5081001f19942e2ba403e9e6f6d561e4cb548`
CRC32	`886D0872`
ssdeep	`24:HUJ9YernyxZQsmHhUnhKLI+ycuZhNkD+akSXDfPNnqjtd:VernsQsmunhKL1ulkCa3XpqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	83521bd6ee743ff1_mimxjfes.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mimxjfes.pdb
Size	7.5KB
Processes	552 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`a7ef16811e653ddd78ce140851dfcdbd`
SHA1	`0cd234f36ccf846b9604a92f013adb7221c6e8e1`
SHA256	`83521bd6ee743ff15620b2be13763113e3fc1937e1a9328e89d6c061031a40ca`
CRC32	`EA55B5FE`
ssdeep	`6:zz/BamfXllNS/zjdel/31mllxrS/77715KZYXxGQu+e0KpYXajdI8MoGggksl/cI:zz/H1W/1el/lSXS/pw2qFIdRD`
Yara	None matched
VirusTotal	Search for analysis

Name	4c31617cafdfef54_CSC642E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC642E.tmp
Size	652.0B
Processes	2376 (csc.exe)
Type	MSVC .res
MD5	`5804f7921527bdc02bd9e5cc07fef173`
SHA1	`85f4ccccb5e49e4f80d22272ec17c0cb2a09b534`
SHA256	`4c31617cafdfef54660f7aae83b4b24560804aeb4eb3b0443a8fa7c5a89c1a54`
CRC32	`B6598F2E`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grymak7YnqqkPN5Dlq5J:+RI+ycuZhNoakSkPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	a357961721299779_td2iyjiy.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\td2iyjiy.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`cb439a2331af45ece100fec0f17877bc`
SHA1	`e815df44050996ecc4e2050bb5d2bd8b2474a5ff`
SHA256	`a3579617212997790fc22e3c03be64ca85b9397a7e6ed773c1383a388a5d5f4d`
CRC32	`869BE105`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f42JHQmGsSAE2NmQpcLJ23f46H:p37LvXOLMtQnPAE2xOLMP`
Yara	None matched
VirusTotal	Search for analysis

Name	907821975b034039_hawz4wth.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hawz4wth.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3b73f2742642e62727348dffa057ccc0`
SHA1	`d3ef6d24c52809f16dda547a825328bc8481983a`
SHA256	`907821975b034039ac37cbe62e8fc20d0fab1aa2a61931b888676570543b9c04`
CRC32	`3B31B609`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fpemmGsSAE2NmQpcLJ23fpeQA:p37LvXOLMBLnPAE2xOLMBM`
Yara	None matched
VirusTotal	Search for analysis

Name	a9b1dc8eaa5fcd00_d93f411851d7c929.customDestinations-ms~RF2155dfe.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF2155dfe.TMP
Size	7.8KB
Processes	2260 (powershell.exe) 1916 (powershell.exe)
Type	data
MD5	`c1d8708bab1e838a2deda26d58bb8d42`
SHA1	`95d39e75a804752961c139bb6c0b67f84f685035`
SHA256	`a9b1dc8eaa5fcd0034694cf9742ae915a5932142a1477c3ab6fada45d98750b2`
CRC32	`E71AF2A2`
ssdeep	`96:QtuC6GCPDXBqvsqvJCwoFtuC6GCPDXBqvsEHyqvJCworFS7HwxWlUVul:QtbXoFtbbHnor/xo`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	856bded4416dd159_pfywdxbj.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pfywdxbj.0.cs
Size	286.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`b23df8158ffd79f95b9bddd18738270b`
SHA1	`79e81bb74bc53671aeabecae224f0f9fe0e3ed7f`
SHA256	`856bded4416dd1595613354334ad1d3e5c4922a86102786429bcdb0e7f798882`
CRC32	`0B290FEB`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatln9MG4SRBHALRZNu8K0wHQy:V/DTLDfuBphILmyxtcZNuwy`
Yara	None matched
VirusTotal	Search for analysis

Name	5ca1419befd613aa_hawz4wth.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hawz4wth.pdb
Size	7.5KB
Processes	1104 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`4b85345686039b86a092cf4122b3ee11`
SHA1	`0aae3417ebf6c40d88a276657cc37526ed4f071a`
SHA256	`5ca1419befd613aa539b54b9ee1082209b77302222c6cbf6ca0a777f2122c842`
CRC32	`9FD7BAF6`
ssdeep	`6:zz/BamfXllNS/X5H91mllxrS/77715KZYXxGQu+e0KpYXy5fkMoGggksl/cEDf:zz/H1W/XlSXS/pw2qHVFRD`
Yara	None matched
VirusTotal	Search for analysis

Name	fb8e65bc91d5484d_RES6AC7.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES6AC7.tmp
Size	1.2KB
Processes	1300 (cvtres.exe) 2220 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`c9cfa5eeaed080d6db42f35b2940a856`
SHA1	`9827fff835f5707252f26b98d298bbaf880c220c`
SHA256	`fb8e65bc91d5484dbe1349fca7da7c167b8933a033e34d9b7840caba08ca59bd`
CRC32	`56B3C58E`
ssdeep	`24:HnJ9YernulsmHyUnhKLI+ycuZhN0akSQPNnqjtd:wern1mNnhKL1ul0a3IqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	833a04f36e8fde07_td2iyjiy.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\td2iyjiy.0.cs
Size	249.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`cf1ade32b0ac6cb48fc9b17d90cb3379`
SHA1	`f5d60cebe6323c1b870b11f9b8a9bdf85c216fca`
SHA256	`833a04f36e8fde07ff6ed69710dc1e8b2f636264c9f0018c5459fd401950f047`
CRC32	`E17D0D5E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlyMG4SRT1JAnR1jvy:V/DTLDfuBphILmNTDUR1zy`
Yara	None matched
VirusTotal	Search for analysis

Name	6546ec5620cd53fc_CSC677A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC677A.tmp
Size	652.0B
Processes	1104 (csc.exe)
Type	MSVC .res
MD5	`e5aed5e13f57ed9a2372fd9c0ab611b1`
SHA1	`bd451d4c69349d9a9833f9b41675f342cfe80884`
SHA256	`6546ec5620cd53fcc74380488595f3d9793dcd5b9465b6fad667b0a56d4dc5a7`
CRC32	`FC3C6C31`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryCh8ak7YnqqHhRPN5Dlq5J:+RI+ycuZhNU2akSHnPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	4232f9df004ca3b4_CSC60F2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC60F2.tmp
Size	652.0B
Processes	260 (csc.exe)
Type	MSVC .res
MD5	`823d49d1c7553f7286aaee73807b8327`
SHA1	`5e52574acd5481ecbc6fa746638cafdcdcf4fe72`
SHA256	`4232f9df004ca3b44283aea9a9aaf860bf272a34b2b55033081f4e95c1334f0c`
CRC32	`3C8C5039`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryUak7YnqqaPN5Dlq5J:+RI+ycuZhNSakSaPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	33a9c6f1c57a9b54_ojtnpej4.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ojtnpej4.pdb
Size	7.5KB
Processes	2220 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`8c97e2d3653b79f600727f4568989968`
SHA1	`51ac9abf992ace1f0848373ff835aa7003b91f4f`
SHA256	`33a9c6f1c57a9b5429aa5721aa1b3cef862ce935af684bfa18c390fc47273b1d`
CRC32	`B5C387EC`
ssdeep	`6:zz/BamfXllNS/dH3UTl11mllxrS/77715KZYXxGQu+e0KpYXYH3UhdoGggksl/cI:zz/H1W/93UTlfSXS/pw2qN3UhdRD`
Yara	None matched
VirusTotal	Search for analysis

Name	d0f0d3607ce4cb40_CSC6AB6.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC6AB6.tmp
Size	652.0B
Processes	2220 (csc.exe)
Type	MSVC .res
MD5	`cdc9be2f51532e2f1751e750e41f6051`
SHA1	`0f963489a063537b630cebc24528547ff9a29c29`
SHA256	`d0f0d3607ce4cb401681f0893d6ea9a342e1f7d9bdc9729d208d9ced524a9b18`
CRC32	`557EF528`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryCak7YnqqQPN5Dlq5J:+RI+ycuZhN0akSQPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	3a63516c760f3580_CSC65F3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC65F3.tmp
Size	652.0B
Processes	552 (csc.exe)
Type	MSVC .res
MD5	`4e5379f6f2202db53cdd0c179c208e97`
SHA1	`2e5265bcc0b4d848e106ce6b0619fe148149c0c4`
SHA256	`3a63516c760f358024396c9876deaf8989403a10521e2c6749ef58dd9b7cc1a9`
CRC32	`7A9864C0`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry2lk5ak7YnqqllkOPN5Dlq5J:+RI+ycuZhNslk5akSllkOPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	dfa7d1489a122288_mimxjfes.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mimxjfes.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1bff031b7bd65adec2b889e39f9b1ec1`
SHA1	`ff17a981ebf04824b003c2b19f0405e72100ffef`
SHA256	`dfa7d1489a122288292945de28cbc410e719384f3c411cd2ac2ff5cbda0406c3`
CRC32	`AAAFA388`
ssdeep	`12:K4OLM9nzR37LvXOLM9/nPAE2xOLM9W4Kai31bIKIMBj6I5BFR5y:K+9nzd3B9/nIE2n9VKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	25ad34f2bd8c1536_pfywdxbj.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pfywdxbj.dll
Size	3.5KB
Processes	2908 (csc.exe) 1916 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b0748c3d82de64a96d2750cb27ef7aa4`
SHA1	`c0505d8f56e89d9f01489c039545cd91347b281d`
SHA256	`25ad34f2bd8c1536f2c154b8da2cbd98986ee454b0cde65f086d5c075f926f56`
CRC32	`E2E93A04`
ssdeep	`48:6vjpL/xBkL9AyuJe7FHY9BLF1ul8a3gq:+pLsZtRSCKK`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ce64c93970b7be14_RES678B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES678B.tmp
Size	1.2KB
Processes	2992 (cvtres.exe) 1104 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`ffac0d597afee53199f2034ee7c6b6dc`
SHA1	`ecd5139961762038b49a55645ddd5017dbc06d55`
SHA256	`ce64c93970b7be144f3a3b663a186e0f4bb28268b6c4fbb6b88bde499c2c35d1`
CRC32	`7442662D`
ssdeep	`24:HeJ9YerngROsmH0UnhKLI+ycuZhNU2akSHnPNnqjtd:TerncmfnhKL1ulU2a3H1qjH`
Yara	None matched
VirusTotal	Search for analysis

Name	6f2fed3c55646058_pfywdxbj.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pfywdxbj.pdb
Size	7.5KB
Processes	2908 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`612b8f6ad78478b2b774663130eccee4`
SHA1	`04801c1c74cd6dea0b011eed76f8ebdd3f576d0c`
SHA256	`6f2fed3c55646058b79b9fcf9ffc72320d9bba0c7fafdd016008add00d9747ba`
CRC32	`908B875F`
ssdeep	`6:zz/BamfXllNS/8Awol11mllxrS/77715KZYXxGQu+e0KpYXRAw+ldoGggksl/cEb:zz/H1W/8AlSXS/pw2qsAP3RD`
Yara	None matched
VirusTotal	Search for analysis

Name	ab35ee4fa2eb2be6_td2iyjiy.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\td2iyjiy.pdb
Size	7.5KB
Processes	2376 (csc.exe) 1916 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`00b3c1f16ce8495f21229ed5cc6e8c1f`
SHA1	`6966ceed50873c8032ba0f9429a841c8007f3b08`
SHA256	`ab35ee4fa2eb2be66f4708bf9c3fdd385f70a4fb11b3bd739185ebcb420a038f`
CRC32	`63AB5822`
ssdeep	`6:zz/BamfXllNS/OLbu41mllxrS/77715KZYXxGQu+e0KpYX1LbuAoGggksl/cEDf:zz/H1W/OLbuoSXS/pw2q+LbuARD`
Yara	None matched
VirusTotal	Search for analysis

Name	17d3ec6cd3231a44_RES6931.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES6931.tmp
Size	1.2KB
Processes	292 (cvtres.exe) 2908 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`1ac97f1f97b3254047fe21c1599be71e`
SHA1	`9c767376c322771ec45f1de3cfe7eb70b450d6b3`
SHA256	`17d3ec6cd3231a44902de451caf20c567f8292618d4dcd05c4d5f9a0da9d95dd`
CRC32	`8524C57E`
ssdeep	`24:HeJ9Yernk/EH3mH2tUnhKLI+ycuZhN8akSYPNnqjtd:TernkMmTnhKL1ul8a3gqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	b4b4a0d93d0e5acc_RES6103.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES6103.tmp
Size	1.2KB
Processes	2988 (cvtres.exe) 260 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`8b7ea2c4b5a4cd55a9669ab11bd4c464`
SHA1	`52e5483b420f569a4e56f1096f84bd0bb9cda311`
SHA256	`b4b4a0d93d0e5accff7f6b5958d3c52798c23e588d5adc7b823a8ea2e48a58ff`
CRC32	`9520BE1F`
ssdeep	`24:HUJ9YernUOgcmHCiUnhKLI+ycuZhNSakSaPNnqjtd:VernVmknhKL1ulSa3WqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	769b5271078d607c_v-jjopqs.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v-jjopqs.out
Size	607.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`492aa408e0d44e540a36595aea20a749`
SHA1	`71a1c2dd749a431733b08b0e4f49ee56346f0c92`
SHA256	`769b5271078d607c5834b81c12994f3c43e292bbf3e24d31d8369b9000e0ee35`
CRC32	`C578D85F`
ssdeep	`12:K4OLM9nzR37LvXOLMQnPAE2xOLMnUKai31bIKIMBj6I5BFR5y:K+9nzd3BQnIE2nUKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	e2e9bf6d95ac1305_8ax4pzbz.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8ax4pzbz.cmdline
Size	311.0B
Processes	1916 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fd1795c68e6e88dcf92a2d2a2a7bd4fe`
SHA1	`fd9435030b2a165e244165a3deb9c68d4c07504a`
SHA256	`e2e9bf6d95ac1305633b205e4ad554b9d058d4c6d97e7fee7e668a04b7535aa8`
CRC32	`42B18FE4`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23feimGsSAE2NmQpcLJ23feH:p37LvXOLM2inPAE2xOLM2H`
Yara	None matched
VirusTotal	Search for analysis