Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 09:01
FBI Warned Agents It B...
01.18 09:01
JTAG & SWD Debuggi...
01.18 09:01
US Names One of the Ha...
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...

Dropped Files | ZeroBOX

Name	2c52239855fca831_trjxqvcv.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\trjxqvcv.out
Size	607.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`4a1057df255c510b36ac925711ba20d7`
SHA1	`78e816a064fcdd708416df7bd18e95a66bfe45eb`
SHA256	`2c52239855fca831b2e021510c32b32f0492ec65b7f49c5e6045352446cd2f27`
CRC32	`227B4241`
ssdeep	`12:K4OLM9nzR37LvXOLMcTywnPAE2xOLMcT1Kai31bIKIMBj6I5BFR5y:K+9nzd3BknIE2nwKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	856bded4416dd159_9vq_ag34.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9vq_ag34.0.cs
Size	286.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`b23df8158ffd79f95b9bddd18738270b`
SHA1	`79e81bb74bc53671aeabecae224f0f9fe0e3ed7f`
SHA256	`856bded4416dd1595613354334ad1d3e5c4922a86102786429bcdb0e7f798882`
CRC32	`0B290FEB`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatln9MG4SRBHALRZNu8K0wHQy:V/DTLDfuBphILmyxtcZNuwy`
Yara	None matched
VirusTotal	Search for analysis

Name	c67f855a5ecd8597_RESFCA0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFCA0.tmp
Size	1.2KB
Processes	3036 (cvtres.exe) 2988 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`41c93f2d8c7e8d5c868fbf8e87cd07fb`
SHA1	`d7660bdb7730ecd236ea55ed4e1d3f3f1cc5d0d3`
SHA256	`c67f855a5ecd8597c53ec38e42f7fd345091b7cfd1be25a2b76629c623df33fc`
CRC32	`FD2A3071`
ssdeep	`24:HpJ9Yern3/5mH1UnhKLI+ycuZhNZakSHPNnqjtd:Oern3BmynhKL1ulZa3VqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	53d5aecb149a00bc_trjxqvcv.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\trjxqvcv.0.cs
Size	272.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`4de985ae7f625fc7a2ff3ace5a46e3c6`
SHA1	`935986466ba0b620860f36bf08f08721827771cb`
SHA256	`53d5aecb149a00bc9c4fac5feb8e5feddf5c83986c12d5fef1c3ddd104b09004`
CRC32	`6DDBA2C0`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlfMG4SRcBeN1jVQO1OaFFQy:V/DTLDfuBphILm4cBeN1fOaIy`
Yara	None matched
VirusTotal	Search for analysis

Name	8d410cae0cc954c2_9vq_ag34.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9vq_ag34.dll
Size	3.5KB
Processes	2108 (csc.exe) 2896 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3ff84e919b26b70ca6f656b4da84ce18`
SHA1	`eb43f908b1a88f825773efe5a2ffa9a710138376`
SHA256	`8d410cae0cc954c2d861c4ff76d54543ed511cc47c8fb2a92c2edf9a814e2dba`
CRC32	`93803031`
ssdeep	`24:etGSntunmaOnfgh/hLhXOedTblqw8PALmn7bdPtkZfjm5jm0rDwkmamI+ycuZhNL:6cjpL/xBaAyuJjmxskmp1ulQa3cq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	098d6c955acfaa8f_9vq_ag34.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9vq_ag34.pdb
Size	7.5KB
Processes	2108 (csc.exe) 2896 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`45fe856cd5c8ad03dd402c1a6d965227`
SHA1	`beb6d1af9dba717002d3055ae8466aef2f18846a`
SHA256	`098d6c955acfaa8fd50db30a4bc897dc9c31f5dac7257797a9205bbf16d93b03`
CRC32	`6500F005`
ssdeep	`6:zz/BamfXllNS/jBQrF1mllxrS/77715KZYXxGQu+e0KpYXIBQrloGggksl/cEDf:zz/H1W/jBwPSXS/pw2qTBwlRD`
Yara	None matched
VirusTotal	Search for analysis

Name	3c00cd625191a264_RESFE75.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFE75.tmp
Size	1.2KB
Processes	2084 (cvtres.exe) 1120 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`ce27196d5f35daabe82fc4793cc7f780`
SHA1	`bb5c772b14314be0e54b89892e2fe464e4ad3510`
SHA256	`3c00cd625191a264d7583f9dd5dd1c3f0a54113b9f685abcde620e7a3fcd989c`
CRC32	`45B88743`
ssdeep	`24:HpJ9Yern5S3smH7oUnhKLI+ycuZhNKvakSNIPNnqjtd:OernA3smHnhKL1ulia3WqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	c6f38ccf942e94da_RES4A.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES4A.tmp
Size	1.2KB
Processes	148 (cvtres.exe) 2108 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`e97d8937dd05cc6075b16de359695050`
SHA1	`7e5482c04648c62762edc0734d0dbf6732a77dbb`
SHA256	`c6f38ccf942e94daf3f6e8c5c838d5ee18177928a5589ceecd3b374e19200aa4`
CRC32	`FE2109B8`
ssdeep	`24:HIiJ9YeZ8BHOUnhKLI+ycuZhN0JakSF+PNnqjtd:o3eZYpnhKL1ulQa3cqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	749d3594bb5a57a2_trjxqvcv.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\trjxqvcv.dll
Size	3.5KB
Processes	1120 (csc.exe) 2896 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d02ea8e3c7701d928687738768fefb5b`
SHA1	`10fd529f2661b30f894e56141e42a802daff9217`
SHA256	`749d3594bb5a57a2eecd6241d9676b50b096edd870b8fb5e5abc6cc4a544c039`
CRC32	`19DD948E`
ssdeep	`24:etGSbt6hmSlTA0VIluJ9/ejALmpbdPtkZfkwfJ/OdjgmI+ycuZhNKvakSNIPNnq:6gH5HJuAsuJkFjL1ulia3Wq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	de8a0b9925952631_9vq_ag34.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9vq_ag34.out
Size	607.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`06bd3cb2843f41ed07745ba9285a7119`
SHA1	`a8dbe6b7b4760cd0a8f6890a0c7543101813467c`
SHA256	`de8a0b9925952631c3e98f1b161e7cce1cfbf10cfa6b8f8cf7398388e89826ff`
CRC32	`C59C10CA`
ssdeep	`12:K4OLM9nzR37LvXOLMKnPAE2xOLMWKai31bIKIMBj6I5BFR5y:K+9nzd3BKnIE2nWKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	00fc7c29404d216d_CSCFC90.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFC90.tmp
Size	652.0B
Processes	2988 (csc.exe)
Type	MSVC .res
MD5	`43cdff0fde3f8735c10eb4ccffc897c0`
SHA1	`5534a68aadc361ca00be09fc5e11195dfc272a29`
SHA256	`00fc7c29404d216d5081b17f4147aeec369b6686a1eb718ccbe90766756f6c4d`
CRC32	`5F0D0308`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryrak7YnqqHPN5Dlq5J:+RI+ycuZhNZakSHPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	2496aac1ac1d472f_tsvsjaeg.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.pdb
Size	7.5KB
Processes	2988 (csc.exe) 2896 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`e7b157896ff027f1409e6f45648d65d5`
SHA1	`34e1e7007ce709be4bb0753669149cf7bd63853b`
SHA256	`2496aac1ac1d472f0931b45201b65f3fcb5c53bf32f986ed902e33ddb600cb27`
CRC32	`13F2D185`
ssdeep	`6:zz/BamfXllNS/8lAqelP1mllxrS/77715KZYXxGQu+e0KpYXHlAqI/doGggksl/b:zz/H1W/0fe3SXS/pw2qkfIFRD`
Yara	None matched
VirusTotal	Search for analysis

Name	42ba7ee7f7d03844_trjxqvcv.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\trjxqvcv.cmdline
Size	311.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`272e631643785aaba823ea7953785bc2`
SHA1	`0bbd0969b05d78affe1344be5d015f817a314d80`
SHA256	`42ba7ee7f7d03844b3a50403fa8db68fa8fb6c84664f4cd0910df94dfc9205d6`
CRC32	`3AF48DD7`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23flWTywmGsSAE2NmQpcLJ23flWTA:p37LvXOLMcTywnPAE2xOLMcTA`
Yara	None matched
VirusTotal	Search for analysis

Name	40e3af23ddc2107b_trjxqvcv.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\trjxqvcv.pdb
Size	7.5KB
Processes	1120 (csc.exe) 2896 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`fddd4d5b21d584c10b198f3546f33acc`
SHA1	`cb7b8e5d520bbb2b8a18f1b1179e27352efa2c4d`
SHA256	`40e3af23ddc2107b0914a4701685fd5a86d2cd700c0a1dbec8a288436f6ea848`
CRC32	`1BF10C94`
ssdeep	`6:zz/BamfXllNS/8lJiep1mllxrS/77715KZYXxGQu+e0KpYXHlJieZfoGggksl/cI:zz/H1W/0Jie7SXS/pw2qkJieZRD`
Yara	None matched
VirusTotal	Search for analysis

Name	7ac6445e80e542f2_s2qxx88e.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\s2qxx88e.pdb
Size	7.5KB
Processes	2244 (csc.exe) 2896 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`d2764d31637cc1a4095f99279c8e67fb`
SHA1	`06fd6ccc312fd7b6b26f3ddc4f51650e6f662ce6`
SHA256	`7ac6445e80e542f21972c1184ae844b7123297e97405727e5ff5f396f61ad35c`
CRC32	`5644D5EB`
ssdeep	`6:zz/BamfXllNS/Qhb1mllxrS/77715KZYXxGQu+e0KpYXrhhQioGggksl/cEDf:zz/H1W/QhRSXS/pw2qghmiRD`
Yara	None matched
VirusTotal	Search for analysis

Name	404ea4c1bd9038d9_s2qxx88e.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\s2qxx88e.dll
Size	3.5KB
Processes	2244 (csc.exe) 2896 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`817fa769c7247d2da06b27f5e6b0c56b`
SHA1	`eed3e80a1e6a9282d8ba4054f6e1b938c7d6f341`
SHA256	`404ea4c1bd9038d9ef52b8961c773e2a9f78e62c7cc906b2daa344c48d23ff58`
CRC32	`02212755`
ssdeep	`24:etGSnNiGTnylqsanvqh9OBALmzCrbdPtkZfpazuLmI+ycuZhNPakShPNnq:64dqnSOBAwKuJpQuy1ulPa3Tq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	40676493d47230f8_tsvsjaeg.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.out
Size	607.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`af04bf53a6186aa675845a71ad86d81f`
SHA1	`951fd92b35f19d8103637cec2a11861a1cefa096`
SHA256	`40676493d47230f8afc1612ba854603670ed37e1696899870e22819bb50cddaa`
CRC32	`3B279934`
ssdeep	`12:K4OLM9nzR37LvXOLMOLmnPAE2xOLMOLaKai31bIKIMBj6I5BFR5y:K+9nzd3BOLmnIE2nOLaKai31bIKIMl6v`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_tsvsjaeg.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	b06ddc3939f19ab1_CSC1FE.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC1FE.tmp
Size	652.0B
Processes	2244 (csc.exe)
Type	MSVC .res
MD5	`f67e40b7b89cb0fa7626b735babffd46`
SHA1	`23b050d8e9ebdb21348e38f5b956b843bd37a4ba`
SHA256	`b06ddc3939f19ab177f92c8e354270f350248f651e85f2cdbf9c095e372b6e9c`
CRC32	`C243C2C3`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grydak7YnqqhPN5Dlq5J:+RI+ycuZhNPakShPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2896 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7d8e6ade9cb352bc_s2qxx88e.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\s2qxx88e.cmdline
Size	311.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`1443ed8b2318b1e3dae0a989e8b293b8`
SHA1	`6efd37a6b5519649cd2fd95974c2d8fee0d13dcc`
SHA256	`7d8e6ade9cb352bc7aa29de62829dfe29eb6ee73bb39700ebb753e4fcb401104`
CRC32	`C8223376`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f1mGsSAE2NmQpcLJ23fK:p37LvXOLMNnPAE2xOLMi`
Yara	None matched
VirusTotal	Search for analysis

Name	372cbd1262ce618e_tsvsjaeg.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.dll
Size	3.5KB
Processes	2988 (csc.exe) 2896 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3e0f9a89c2bbec5f86492f38ec777d36`
SHA1	`8b19a541bd522b735e7e6587df94943ab4807d35`
SHA256	`372cbd1262ce618e1e78a1f403b9e601f83e8b5822b25af36b4e2545c37705a3`
CRC32	`8D141AA0`
ssdeep	`24:etGSbN6G7nLsKpHq7sEz7C+ALmpbdPtkZf9DAN6OLimI+ycuZhNZakSHPNnq:6EiHq7sIC+AuuJ9O6OLR1ulZa3Vq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	135bf28408a1d91f_RES20F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES20F.tmp
Size	1.2KB
Processes	2260 (cvtres.exe) 2244 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`9304dd84033dfe45a4409f48912e24e3`
SHA1	`f51b48d2b2cd5f6fe1ffd7b7c33a01bb6d0b5913`
SHA256	`135bf28408a1d91f1ebd746a23b068e4555cb0d87c5e2364febc523e65e110cc`
CRC32	`D73152CB`
ssdeep	`24:HIiJ9YeA14X4HBUnhKbI+ycuZhNPakShPNnqjtd:o3eA14IOnhKb1ulPa3TqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	99e8927059493986_CSCFE65.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCFE65.tmp
Size	652.0B
Processes	1120 (csc.exe)
Type	MSVC .res
MD5	`b19abf992fdd08244a3a412a583d42bd`
SHA1	`b271ff27bc2e78a38d4a3a750375e36bc4c6dfa0`
SHA256	`99e892705949398605a6a63f274d485a134ac69f03321cdca02261f98423428c`
CRC32	`13DC62C9`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grycGrYak7YnqqNGrNPN5Dlq5J:+RI+ycuZhNKvakSNIPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	59a6c44df4ff2ad6_CSC39.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC39.tmp
Size	652.0B
Processes	2108 (csc.exe)
Type	MSVC .res
MD5	`924257b91754aae54e63e4619a73244f`
SHA1	`9d6abaf5032dd3b057c5a68ee5ea9d26b848d091`
SHA256	`59a6c44df4ff2ad60a01614fc9d964823002592b9006ae2c290c77e8a95b8405`
CRC32	`AB75F0FB`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryeLlak7YnqqFLKPN5Dlq5J:+RI+ycuZhN0JakSF+PNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	5f54f8a54bf0424d_tsvsjaeg.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.cmdline
Size	311.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`fab91f4ff01d754718e8af4e1497f099`
SHA1	`3c27ee9ec5c8a00e9683130001920a0f6c1a52c1`
SHA256	`5f54f8a54bf0424d03e612d44a0ab0f281689e2a1cd636885461863dd59b6d20`
CRC32	`1870C03D`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fN8LmmGsSAE2NmQpcLJ23fN8LV9:p37LvXOLMOLmnPAE2xOLMOLb`
Yara	None matched
VirusTotal	Search for analysis

Name	e5231270257f1727_s2qxx88e.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\s2qxx88e.0.cs
Size	259.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`560e1b883a997afcfa3b73d8a5cddbc1`
SHA1	`2905f3f296ac3c7d6a020fb61f0819dbea2f1569`
SHA256	`e5231270257f1727ca127b669a7c21d46ced81cd5b46e89c48dd8304c1185bea`
CRC32	`7A3E756E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlJOmMG4SRNLGeUy:V/DTLDfuBphILmIFGeUy`
Yara	None matched
VirusTotal	Search for analysis

Name	9e86772d4ad87528_9vq_ag34.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\9vq_ag34.cmdline
Size	311.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`14d7a084502c28468bdf54756e6c91a0`
SHA1	`dc025c409daaee6094461aa9848ec0c79ff38777`
SHA256	`9e86772d4ad875280cc7854dd431aeb1845b58d61f9b41149e7f9dc106862cf7`
CRC32	`BCE97848`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fSmGsSAE2NmQpcLJ23f1xn:p37LvXOLMKnPAE2xOLMv`
Yara	None matched
VirusTotal	Search for analysis

Name	b320ad4a024ef510_s2qxx88e.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\s2qxx88e.out
Size	607.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`c6d0ae80ecead24bd772c99cd1c80d97`
SHA1	`417466aca2c25327645db881b425561fef5d3a37`
SHA256	`b320ad4a024ef510a3b80cc268d7ca8510ecc411d50b0cb2f9e5db4aebe96264`
CRC32	`933BC3E1`
ssdeep	`12:K4OLM9nzR37LvXOLMNnPAE2xOLMbKai31bIKIMBj6I5BFR5y:K+9nzd3BNnIE2nbKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	0a913fd594ad2da3_tsvsjaeg.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tsvsjaeg.0.cs
Size	249.0B
Processes	2896 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`69ecfeb3e9a8fb7890d114ec056ffd6d`
SHA1	`cba5334d2ffe24c60ef793a3f6a7f08067a913db`
SHA256	`0a913fd594ad2da3159400fc3d7d2cc50b34f8f31675ec5ac5a41d7e79e9fd58`
CRC32	`C84571C8`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatloFMG4SRT1JAnR1jvy:V/DTLDfuBphILmL5TDUR1zy`
Yara	None matched
VirusTotal	Search for analysis