Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	833a04f36e8fde07_8dsuuhnt.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8dsuuhnt.0.cs
Size	249.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`cf1ade32b0ac6cb48fc9b17d90cb3379`
SHA1	`f5d60cebe6323c1b870b11f9b8a9bdf85c216fca`
SHA256	`833a04f36e8fde07ff6ed69710dc1e8b2f636264c9f0018c5459fd401950f047`
CRC32	`E17D0D5E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlyMG4SRT1JAnR1jvy:V/DTLDfuBphILmNTDUR1zy`
Yara	None matched
VirusTotal	Search for analysis

Name	31a5a8582081cf8b_RESF7FD.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESF7FD.tmp
Size	1.2KB
Processes	3056 (cvtres.exe) 3012 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`e9ea7f270052828dccc63c68f9c89b6c`
SHA1	`c3ff431b2bba467057922b3f889b0812f4266caf`
SHA256	`31a5a8582081cf8b6d2e98cb851fde4023eabdd86a924c2efdc5573d85d0d110`
CRC32	`A7D3871B`
ssdeep	`24:HZpMJ9YernVDKmHAUnhKLI+ycuZhNgakSsPNnqjtd:53ernEmrnhKL1ulga38qjH`
Yara	None matched
VirusTotal	Search for analysis

Name	d4f87e53fe61313f_zucfn5_i.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.dll
Size	3.5KB
Processes	2912 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a7e175759e514a7cf915dfbda4ebee48`
SHA1	`77262576614f87a6389e0e32033018bf0ecdd3ff`
SHA256	`d4f87e53fe61313f9c9a2e83907c1742922f28de74a5fe03b941772fccbd8568`
CRC32	`F5A90CD9`
ssdeep	`24:etGSX+da2SEPs7Rch/hnhrDs8JhALmfbdPtkZfbsAPBzP5mI+ycuZhNs0akSNZPE:6XN5io2pnxXhAyuJbP5zE1uls0a3Nbq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2fd3cecdbb695eeb_x_sns7up.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x_sns7up.0.cs
Size	260.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`ab433c5b349bbdb7b39a8ecbf2d4d177`
SHA1	`62bb79ef48853999a685b6552a75fa036677a374`
SHA256	`2fd3cecdbb695eebeb546d2a81c101c45cf18b6186b2650587b51e9c78947d16`
CRC32	`B571EFD2`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlpMG4SR7xRlXMNdFQy:V/DTLDfuBphILmi7xRNny`
Yara	None matched
VirusTotal	Search for analysis

Name	53d5aecb149a00bc_l9fffhn5.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\l9fffhn5.0.cs
Size	272.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`4de985ae7f625fc7a2ff3ace5a46e3c6`
SHA1	`935986466ba0b620860f36bf08f08721827771cb`
SHA256	`53d5aecb149a00bc9c4fac5feb8e5feddf5c83986c12d5fef1c3ddd104b09004`
CRC32	`6DDBA2C0`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlfMG4SRcBeN1jVQO1OaFFQy:V/DTLDfuBphILm4cBeN1fOaIy`
Yara	None matched
VirusTotal	Search for analysis

Name	36ee98dcbd25344b_hhisrn0v.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hhisrn0v.pdb
Size	7.5KB
Processes	2260 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`a2e11e8102dfa26545bc9a9999e64fe8`
SHA1	`798e66411e382f7e86e22891e5739ea522e83255`
SHA256	`36ee98dcbd25344ba5484a843a626e289d9f08acb34310a840417e0d5be67bb4`
CRC32	`CFD0E474`
ssdeep	`6:zz/BamfXllNS/llEvW1mllxrS/77715KZYXxGQu+e0KpYXMlEvuoGggksl/cEDf:zz/H1W/uCSXS/pw2q+uRD`
Yara	None matched
VirusTotal	Search for analysis

Name	14cf08baf57bd36d_RESF647.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESF647.tmp
Size	1.2KB
Processes	2968 (cvtres.exe) 2912 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`6ba6241d2f052aa71d623e171a143f8d`
SHA1	`e1a52a709fe3f2e1f64d2a884776cbbb309a8d9e`
SHA256	`14cf08baf57bd36d69351070387263f23c0ef3982b59c42afb46d5da352051e5`
CRC32	`4243B291`
ssdeep	`24:HZpMJ9Yerno8ytmHvzoUnhKLI+ycuZhNs0akSNZPNnqjtd:53erno3tm3nhKL1uls0a3NbqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	dbfe38d759ace14c_CSCFEB3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFEB3.tmp
Size	652.0B
Processes	2516 (csc.exe)
Type	MSVC .res
MD5	`4fc5ee6e5c11341bce66c2156e0fb844`
SHA1	`ac8cd65a7e4c2e8c700c0830ce35b1a9c9c3c20c`
SHA256	`dbfe38d759ace14c5a2c224a8e4b9233344fe8142b334b9701ccd6873dff41f2`
CRC32	`71769954`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWsGak7YnqqrsXPN5Dlq5J:+RI+ycuZhNTGakSQXPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	56c69a29a6e3050c_rktisogl.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rktisogl.dll
Size	3.5KB
Processes	2648 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c8dd9e68784c088a90942d179557bd61`
SHA1	`58b980b2ac60e23c4cc3058ac25701a98074b149`
SHA256	`56c69a29a6e3050cf2125a198f0aeb894cff8fb874eef7d81bfe7f2b9772bbcc`
CRC32	`7FC382F9`
ssdeep	`24:etGSUNiGTnylqsanvqh94ALmzCrbdPtkZfnJxEUkemQOmI+ycuZhNKSakSDzPNnq:6HdqnS4AwKuJnUemU1ulJa3Fq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f5cd416965d390b0_l9fffhn5.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\l9fffhn5.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`32995e5aeba62f730cf79c9eb7276d38`
SHA1	`3677b1eaace626e9828efe11bf87c93a9189ce8d`
SHA256	`f5cd416965d390b0a4c3438fe71ef5a300eff824bf4ee14df7b4433aaba1fa85`
CRC32	`6E67C71B`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23foutQmGsSAE2NmQpcLJ23foudBH:p37LvXOLMqnPAE2xOLMdBH`
Yara	None matched
VirusTotal	Search for analysis

Name	84854c15f5fe9bbb_x_sns7up.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x_sns7up.dll
Size	3.5KB
Processes	1356 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0240cf2edd5a60d3d5df3ae6700f7a50`
SHA1	`1a4c432656e3d262bec3f7f2bd9e65348bf7bbba`
SHA256	`84854c15f5fe9bbb8a9703e31c0f97b5ffb90841dd1d7929fc80a5100b85a7c0`
CRC32	`D9286E61`
ssdeep	`24:etGS8cN+GSOD/nfEp6J5y3fYg+ALm3pbdPtkZfjp5QA77kkIukmI+ycuZhNZakS8:68DnaW62QzAOjuJjp55ARuX1ulZa31q`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	60735d1e37abe486_RESFEC3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFEC3.tmp
Size	1.2KB
Processes	2544 (cvtres.exe) 2516 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`d1ba764c2a1c6669e3c1381471b409f3`
SHA1	`038f90acf1532ef3d901bfc23bb4b485e6960451`
SHA256	`60735d1e37abe486494c1ffa19c4f2d42b4cba3edb0fb5a06898ea87eba363eb`
CRC32	`DB6BC37F`
ssdeep	`24:HNMJ9YernJRbmHCUnhKLI+ycuZhNTGakSQXPNnqjtd:t9ernjm9nhKL1ulqa3eqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	be7c191e5db7fa5a_hhisrn0v.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hhisrn0v.dll
Size	3.5KB
Processes	2260 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1dac4dbae5738c99a80604a460eea4c6`
SHA1	`40c328865f299b8d560635b8c35863721562d34d`
SHA256	`be7c191e5db7fa5a805350548dba691f369666ef188c31a16967f88dda22aff7`
CRC32	`10AEEC22`
ssdeep	`24:etGSUNiGTalq/UopP/Wsw4ALmgbdPtkZfwcZ+3OmMmI+ycuZhNoakSUPNnq:6HlopWwAHuJwMPm/1uloa30q`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	0845e11dfe1d79ef_rktisogl.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rktisogl.pdb
Size	7.5KB
Processes	2648 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`5f87c90b4a0acff7ac695e12bfafc5ab`
SHA1	`928e28b55685e720f23da04ff81be730b3a3884a`
SHA256	`0845e11dfe1d79effe4b9534338beca36cee978b0729e6de8b73c0ca71769d5b`
CRC32	`60D866E4`
ssdeep	`6:zz/BamfXllNS/llZ/Rf1mllxrS/77715KZYXxGQu+e0KpYXMlZ/RHqMoGggksl/b:zz/H1W/9RdSXS/pw2qtRH3RD`
Yara	None matched
VirusTotal	Search for analysis

Name	fcf646c0e4401926_zucfn5_i.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.pdb
Size	7.5KB
Processes	2912 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`e5656592d32e681841b5343362f0b789`
SHA1	`1b4437dfd979f3a49e440c6e32bd9b0865d36f1b`
SHA256	`fcf646c0e44019261a5f078e291e4e12be41ecd34c62e94164d3b529bda80766`
CRC32	`F21D081C`
ssdeep	`6:zz/BamfXllNS/Hln8IrF1mllxrS/77715KZYXxGQu+e0KpYXOln8IrNfoGggkslT:zz/H1W/GIrPSXS/pw2q2IrNfRD`
Yara	None matched
VirusTotal	Search for analysis

Name	2db562d58ccdcc14_RESFB68.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFB68.tmp
Size	1.2KB
Processes	320 (cvtres.exe) 1356 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`d57a18b6ac12348b331f0c649a5bd5dd`
SHA1	`debf1f040f90deb7cab059dad4cdccfd30320887`
SHA256	`2db562d58ccdcc14af4f189d7f325ad788a09b7fc7297683a5064ab682a7615f`
CRC32	`9122203B`
ssdeep	`24:HWgJ9Yern8y+mHwwUnhKLI+ycuZhNZakSnPNnqjtd:2xernomSnhKL1ulZa31qjH`
Yara	None matched
VirusTotal	Search for analysis

Name	bb1b04b0ad6a7c69_l9fffhn5.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\l9fffhn5.pdb
Size	7.5KB
Processes	3012 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`771712d5e95a417946d5010626597682`
SHA1	`5ce157b9c813003ac4bc6cb0fece57179415a59b`
SHA256	`bb1b04b0ad6a7c69d21fde348f1e59015d2562be03a588d7e8efe5c678ab793e`
CRC32	`1D21FE41`
ssdeep	`6:zz/BamfXllNS/HlRrZn1mllxrS/77715KZYXxGQu+e0KpYXOlRr74pMoGggksl/b:zz/H1W/bSXS/pw2qb4pMRD`
Yara	None matched
VirusTotal	Search for analysis

Name	dcb2b6339a77ca71_8dsuuhnt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8dsuuhnt.dll
Size	3.5KB
Processes	1152 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b6c40e14727d38332a683cc7920c3bdf`
SHA1	`44a2531b6fec2becf88994694c888677aeb79a50`
SHA256	`dcb2b6339a77ca713e4a86b6a5c33959335edba5d3b5b9f659347345258bf7f7`
CRC32	`B98C4701`
ssdeep	`24:etGS8cN6G7nLsKpHq7sEzWmALmpbdPtkZfZFoGWesBAUimI+ycuZhNHakSJPNnq:683iHq7s7mAuuJZFoEsBAUR1ulHa3rq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f3d20a59b6e0562b_l9fffhn5.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\l9fffhn5.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`24413a5d47b95aaa0be55ca95a45d93d`
SHA1	`46d936480449c3d8d446f320b842a9de849d3d87`
SHA256	`f3d20a59b6e0562b8658d311ba1dc2bde5109d24e93792000e367e3a9d62b1cc`
CRC32	`BBD87D33`
ssdeep	`12:K4OLM9nzR37LvXOLMqnPAE2xOLMdBOKai31bIKIMBj6I5BFR5y:K+9nzd3BqnIE2ndBOKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	35a3168a8b64dbc1_8dsuuhnt.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8dsuuhnt.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`192baf96dce4c39651278947b436fb51`
SHA1	`390cb967fba39ae2eed624ef92e5cf8b4c720305`
SHA256	`35a3168a8b64dbc1e0a0942dafced0153848fa8d936e61e0d1ffd9ceaae79cc7`
CRC32	`BB492F73`
ssdeep	`12:K4OLM9nzR37LvXOLMUmnPAE2xOLMUaKai31bIKIMBj6I5BFR5y:K+9nzd3BUmnIE2nUaKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	11652b812f027530_CSCFD0D.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFD0D.tmp
Size	652.0B
Processes	2260 (csc.exe)
Type	MSVC .res
MD5	`30543b4b24f1c8d8db10cc54b8665921`
SHA1	`f7a3d84c3a83d9ce60559571d75a60b77ca6949d`
SHA256	`11652b812f027530fba99827036a50e897dd8b98917220d248b6a2cf24ec357c`
CRC32	`0D7D2002`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry2ak7YnqqUPN5Dlq5J:+RI+ycuZhNoakSUPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	8b8df8f66723409a_CSC87.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC87.tmp
Size	652.0B
Processes	2648 (csc.exe)
Type	MSVC .res
MD5	`8b27e4094baa87eb44a5c821b658f6ec`
SHA1	`7574a1fd8eaa800bdf2ab29386f6c54a0b969280`
SHA256	`8b8df8f66723409a1fa7f7370f008ef8feb17c2e2d3de4263d67ee1d1258ea0d`
CRC32	`6A256130`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryAvqak7YnqqDvbPN5Dlq5J:+RI+ycuZhNKSakSDzPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	07d94c7b7bb0e526_CSCF7FC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCF7FC.tmp
Size	652.0B
Processes	3012 (csc.exe)
Type	MSVC .res
MD5	`da2a132fc53aa0b4ad38db642c7c6800`
SHA1	`bfd57df3612275d3ba2d3a870235a1004039935a`
SHA256	`07d94c7b7bb0e526f83b0f98c86f0c190c13d236f03a35faf0171a3a67e4eea8`
CRC32	`2590A8B8`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryK1ak7YnqqB6PN5Dlq5J:+RI+ycuZhNgakSsPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	ce5ced206d995282_RESFD0E.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFD0E.tmp
Size	1.2KB
Processes	2372 (cvtres.exe) 2260 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`6a61a7a97572a5aa2e1ae4f4aefb5308`
SHA1	`54149afa0b6a4ff24dc5caa12b409a19126bbed8`
SHA256	`ce5ced206d99528263606145567dbce69b9b4aba06b175c5f168519e8e161d41`
CRC32	`C45FA335`
ssdeep	`24:HNMJ9YernymTasmHQUnhKLI+ycuZhNoakSUPNnqjtd:t9ernyKNmbnhKL1uloa30qjH`
Yara	None matched
VirusTotal	Search for analysis

Name	930a7918e323c156_x_sns7up.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x_sns7up.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`874d6f4aa05592ef88b176b23460f8ae`
SHA1	`b23591d3a599a0f8deaae337e60a26e9764e2f67`
SHA256	`930a7918e323c15650222153dd5c548868fb385fed66e57aa3b6d505f760cb7e`
CRC32	`FD6E80A2`
ssdeep	`12:K4OLM9nzR37LvXOLMugnPAE2xOLMuEKai31bIKIMBj6I5BFR5y:K+9nzd3BugnIE2nuEKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	8af1dc517801b16b_RES98.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES98.tmp
Size	1.2KB
Processes	2756 (cvtres.exe) 2648 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`b4560cede0e734a2e5686a6673117490`
SHA1	`97e8939ffb7b4ae52a14ea329e9c0d1011000855`
SHA256	`8af1dc517801b16b28cd7e6c399f8b0bcea09779c8c0861426d4cd5aceb3e5da`
CRC32	`21614832`
ssdeep	`24:HrJ9YeZOeHMUnhKLI+ycuZhNKSakSDzPNnqjtd:keZnHnhKL1ulJa3FqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	3c5a6aa0174a2cc3_8dsuuhnt.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8dsuuhnt.pdb
Size	7.5KB
Processes	1152 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`71dc416e95f44dcc18d74b6c2182c098`
SHA1	`57c3571af065f52e48d3b722a940e448691c3718`
SHA256	`3c5a6aa0174a2cc39a3adf8b711ea08cad64ad5a64643e36901589e29c71ac0f`
CRC32	`1EE79F85`
ssdeep	`6:zz/BamfXllNS/0/lWnMF1mllxrS/77715KZYXxGQu+e0KpYXV/lWnMNfoGggkslT:zz/H1W/UEncSXS/pw2qkEnCfRD`
Yara	None matched
VirusTotal	Search for analysis

Name	8c83b4ecb6c3f9fa_rktisogl.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rktisogl.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`382ea1405ec96bf76e3f1fec66a5606c`
SHA1	`4a8b4bd133f9a4bbe1e5ccb04a3c020f2c6ef8d8`
SHA256	`8c83b4ecb6c3f9fa7f62d07e40fc7d2e80d75c2dd884803bb9341149ee89b7f0`
CRC32	`637A0CC1`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fmlwmGsSAE2NmQpcLJ23fmtx:p37LvXOLM/nPAE2xOLMg`
Yara	None matched
VirusTotal	Search for analysis

Name	e0b59d61a08c7d9f_zucfn5_i.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.0.cs
Size	266.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`6878d161052363f2602899887b045962`
SHA1	`f4b297e71671846e5d2bf7ff74b6bac1651487ad`
SHA256	`e0b59d61a08c7d9f70cc4b59f362a562983482aa3f34508964acd5f8ede2c978`
CRC32	`115C577F`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatl2F/PMG4SRNhPKrQKzy:V/DTLDfuBphILmj/PvKjy`
Yara	None matched
VirusTotal	Search for analysis

Name	26dbc8a6d2e3cef8_ztglqo2w.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ztglqo2w.dll
Size	3.5KB
Processes	2516 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`125a9dbb3e8482fed4bd7a88c9730167`
SHA1	`5485856b99b4bd26b7f090bdeb52a18f7c955cbe`
SHA256	`26dbc8a6d2e3cef8f271db5d5084f8f6f6070aeb5f76424460967240c7842c96`
CRC32	`5DCD7BA0`
ssdeep	`24:etGSUtunmaOnfgh/hLhXOedTblqw8ZALmn7bdPtkZfwRCU021VfbEmI+ycuZhNTP:6jjpL/xBQAyuJwRCUrz1ulqa3eq`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	20da097cc07ef8a6_ztglqo2w.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ztglqo2w.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`adac5b4dad4027911286e6ee62becafa`
SHA1	`d4eccf1fb59a69f3288397669a2d3c21cc0db984`
SHA256	`20da097cc07ef8a6b38e10625d931a790a3bc98bf17e7471be65dbc1a91218d6`
CRC32	`BC4598E5`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fjQmGsSAE2NmQpcLJ23ftn:p37LvXOLMEnPAE2xOLM1n`
Yara	None matched
VirusTotal	Search for analysis

Name	dc05aae232483e26_hhisrn0v.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hhisrn0v.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`560986a64f85eeedfccd83f36f569e92`
SHA1	`c7b547057854488907bfe7053a6056bf6ca8520a`
SHA256	`dc05aae232483e26314c1d7c5104858f117605190d00b616e4379027d74af0d4`
CRC32	`D38CC435`
ssdeep	`12:K4OLM9nzR37LvXOLMBqnPAE2xOLMB2Kai31bIKIMBj6I5BFR5y:K+9nzd3B8nIE2noKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	4b310014ca77b4d4_CSCF637.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCF637.tmp
Size	652.0B
Processes	2912 (csc.exe)
Type	MSVC .res
MD5	`0cee74a7487e378dcb89c6b0a2c16912`
SHA1	`992ed650bcb3be205340cfacf9aa9f62a5b4793c`
SHA256	`4b310014ca77b4d44eb9581d286b2e242ad3770ef2f4b1cf41931b72363ade2e`
CRC32	`C0A46564`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWlSak7YnqqNlzPN5Dlq5J:+RI+ycuZhNs0akSNZPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	f382ea2f6e928e89_zucfn5_i.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`d8415bf921806db760d731fabc54c6a6`
SHA1	`075f92c4a2d6ea8e08d4a6d27c7b438fc7092701`
SHA256	`f382ea2f6e928e89e80f5368cdef618db05bfede18ab0921e09ee16c9f70b4d7`
CRC32	`5B8F8182`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f3DgtQmGsSAE2NmQpcLJ23f3Dg/Hn:p37LvXOLMP0QnPAE2xOLMPgn`
Yara	None matched
VirusTotal	Search for analysis

Name	28c086d027448924_ztglqo2w.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ztglqo2w.pdb
Size	7.5KB
Processes	2516 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`85dcb820d9656bffd56cd0ef03c286c4`
SHA1	`aa783d6998f8891a44a975084e417d255556852b`
SHA256	`28c086d027448924324d299cd09a32394702eb1a849674c02281c6c522d7fe79`
CRC32	`33686E6C`
ssdeep	`6:zz/BamfXllNS/llCVt/31mllxrS/77715KZYXxGQu+e0KpYXMlCVFldoGggksl/b:zz/H1W/6V1lSXS/pw2qKVlRD`
Yara	None matched
VirusTotal	Search for analysis

Name	1054a3b026882710_CSCFB57.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFB57.tmp
Size	652.0B
Processes	1356 (csc.exe)
Type	MSVC .res
MD5	`06abdbdee58919d67217cbf9cfa933bc`
SHA1	`3ad21d7bf655d2187e496f97688d4a62fab1d5ec`
SHA256	`1054a3b026882710088abee24699dd172816e2c551c3ef28b6db908ab63ba97b`
CRC32	`519FFF6D`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryLak7YnqqnPN5Dlq5J:+RI+ycuZhNZakSnPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	92c2542a6428de92_hhisrn0v.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hhisrn0v.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`3e1bda06bf2a2cc277fea62563ca87ad`
SHA1	`075ca67ce0e92c77b75340c41c9d29b28692aeca`
SHA256	`92c2542a6428de9273e846b4d611c13ca5a4914ba829bdeb190f4a05779868fc`
CRC32	`780EB8DA`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fpLmmGsSAE2NmQpcLJ23fpLb:p37LvXOLMBqnPAE2xOLMBP`
Yara	None matched
VirusTotal	Search for analysis

Name	e61b19bbfdf7799b_zucfn5_i.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`a1765ae7477065bbb20ad899f001ce8d`
SHA1	`0578f301a503b76b3424f93c5efcce32b09f77ed`
SHA256	`e61b19bbfdf7799b5a5c05617955cc0671cdc09a06b58fa7d18682f23bd21a63`
CRC32	`BC92AB30`
ssdeep	`12:K4OLM9nzR37LvXOLMP0QnPAE2xOLMPguKai31bIKIMBj6I5BFR5y:K+9nzd3BP/nIE2nPVKai31bIKIMl6I5G`
Yara	None matched
VirusTotal	Search for analysis

Name	7bae11fa83f5e3b1_x_sns7up.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x_sns7up.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`2949bd869ef26c56e7eb41c18578675f`
SHA1	`0e5d7607c5e0f429d8344caf3c71d0703b13c83d`
SHA256	`7bae11fa83f5e3b12e31f6555676ee093a53cb6ee3d79ef575f3e91a9b551543`
CRC32	`4548796F`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fnWgmGsSAE2NmQpcLJ23fnWXxn:p37LvXOLMugnPAE2xOLMuh`
Yara	None matched
VirusTotal	Search for analysis

Name	b6c0d3e24ae84618_RESF9C2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESF9C2.tmp
Size	1.2KB
Processes	800 (cvtres.exe) 1152 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`bbfd337b138be885807554e83cbf96dc`
SHA1	`110c719fa7c261e4409f4c77693f0d9150a9dfaa`
SHA256	`b6c0d3e24ae846186e41502ecc4ab0405e473fb3acc39cec2b10c11cfaede9ed`
CRC32	`57D8D9ED`
ssdeep	`24:HWgJ9YernNplsmHjjUnhKLI+ycuZhNHakSJPNnqjtd:2xernbamDQnhKL1ulHa3rqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	e55c55f15f9e5b9c_hhisrn0v.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\hhisrn0v.0.cs
Size	259.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`624d38f949255fad5fd21fae98c85e9a`
SHA1	`c2e47a872b087739aef41f31687739f7bbb23b44`
SHA256	`e55c55f15f9e5b9c981b414091500e29c800cad8fddaf14714d5e78a8af4e7bd`
CRC32	`2D4769E6`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatl+OmM7mSR1RxXi3FKy:V/DTLDfuBphILmQ3ddS3Iy`
Yara	None matched
VirusTotal	Search for analysis

Name	d7b0c5da554d2070_rktisogl.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rktisogl.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`2154271e96b9e90665acac6254bf2a8a`
SHA1	`48697e83d823f96a3510d2fa83858941523509a4`
SHA256	`d7b0c5da554d2070c48c537385da108a9be552492b428943fe7180b94ecc8d43`
CRC32	`13323E79`
ssdeep	`12:K4OLM9nzR37LvXOLM/nPAE2xOLMVKai31bIKIMBj6I5BFR5y:K+9nzd3B/nIE2nVKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2808 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_zucfn5_i.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\zucfn5_i.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	e5231270257f1727_rktisogl.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rktisogl.0.cs
Size	259.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`560e1b883a997afcfa3b73d8a5cddbc1`
SHA1	`2905f3f296ac3c7d6a020fb61f0819dbea2f1569`
SHA256	`e5231270257f1727ca127b669a7c21d46ced81cd5b46e89c48dd8304c1185bea`
CRC32	`7A3E756E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlJOmMG4SRNLGeUy:V/DTLDfuBphILmIFGeUy`
Yara	None matched
VirusTotal	Search for analysis

Name	8f49cf656aba1184_ztglqo2w.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ztglqo2w.out
Size	607.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`ae5141d227fb46aa9d658b58fcebdbe9`
SHA1	`423e8c10ab969f4a196344f79638299af1b44c7c`
SHA256	`8f49cf656aba1184e8295d7c7cbaf93aadd2cf70ec7fff6fd33fbd32ba2e9deb`
CRC32	`C97282EA`
ssdeep	`12:K4OLM9nzR37LvXOLMEnPAE2xOLM1uKai31bIKIMBj6I5BFR5y:K+9nzd3BEnIE2n1uKai31bIKIMl6I5Da`
Yara	None matched
VirusTotal	Search for analysis

Name	15ce7e694c78f6a3_l9fffhn5.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\l9fffhn5.dll
Size	3.5KB
Processes	3012 (csc.exe) 2808 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c41b577eef03786e9d90001d691c469c`
SHA1	`2fa41438c9439627bb773c1722872651986adbea`
SHA256	`15ce7e694c78f6a3ba10afab99c7d02f09598f7e570526f95eecaf4591ea70c9`
CRC32	`65DD3151`
ssdeep	`24:etGSX+t6hmSlTA0VIluJ9/eBALmpbdPtkZfywfHb/CmI+ycuZhNgakSsPNnq:6XhH5HJ0AsuJyw/x1ulga38q`
Yara	Is_DotNET_DLL - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2c247e93f6ae42b3_CSCF9B1.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCF9B1.tmp
Size	652.0B
Processes	1152 (csc.exe)
Type	MSVC .res
MD5	`0340a24f3d2a8e7624d4f5b892270bb1`
SHA1	`843fbc8290dd3d9b28c4ba09e8a1a4c973d03489`
SHA256	`2c247e93f6ae42b361787480c690263d6b9f9ed3b4d5fe4cca5f8425861d9fbf`
CRC32	`4FD0BC56`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryogak7YnqqbFPN5Dlq5J:+RI+ycuZhNHakSJPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	be67e0d64fb9be30_8dsuuhnt.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\8dsuuhnt.cmdline
Size	311.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`401ebae0fd182a87a5f4c970d7fd30e9`
SHA1	`ef69fc835a541774a57f805ef8715ce56e482ee3`
SHA256	`be67e0d64fb9be30ea4ccf4f8c8d2d2a7ed8158c2141ab654b3a607e14752542`
CRC32	`AFC2564F`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fWtBQmGsSAE2NmQpcLJ23fWtb:p37LvXOLMUmnPAE2xOLMUb`
Yara	None matched
VirusTotal	Search for analysis

Name	2c410b7162b8b82d_x_sns7up.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\x_sns7up.pdb
Size	7.5KB
Processes	1356 (csc.exe) 2808 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`67c6eca46d75c5e8c361232ec43afb29`
SHA1	`2ec52f909e21af6b1341731f6e7f47e842277736`
SHA256	`2c410b7162b8b82d162c7eeec1504a0259beed4b464e503cf13a057c6d60460f`
CRC32	`7C2EBFBE`
ssdeep	`6:zz/BamfXllNS/0/lzVdei31mllxrS/77715KZYXxGQu+e0KpYXV/lzVdegtfoGgU:zz/H1W/UdVJlSXS/pw2qkdVbtfRD`
Yara	None matched
VirusTotal	Search for analysis

Name	856bded4416dd159_ztglqo2w.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ztglqo2w.0.cs
Size	286.0B
Processes	2808 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`b23df8158ffd79f95b9bddd18738270b`
SHA1	`79e81bb74bc53671aeabecae224f0f9fe0e3ed7f`
SHA256	`856bded4416dd1595613354334ad1d3e5c4922a86102786429bcdb0e7f798882`
CRC32	`0B290FEB`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatln9MG4SRBHALRZNu8K0wHQy:V/DTLDfuBphILmyxtcZNuwy`
Yara	None matched
VirusTotal	Search for analysis