Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...
07.06 06:07
The Problem With Bug B...

Dropped Files | ZeroBOX

Name	afd5c0ee6e8f47a4_CSCDE5.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCDE5.tmp
Size	652.0B
Processes	2876 (csc.exe)
Type	MSVC .res
MD5	`0ad6f248a54dd1fa9b66be37260bfd71`
SHA1	`3e60fbe5d4534e8ea44b5e7609ce6b112e942e3f`
SHA256	`afd5c0ee6e8f47a4035689ff8afd5a8dae1bd964549efe7ee7f1379bbc7560ca`
CRC32	`B1A13407`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryflak7YnqqSKPN5Dlq5J:+RI+ycuZhNfakSxPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	338c933b52bea189_temp.folder.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\Office\Recent\Temp.folder.lnk
Size	823.0B
Processes	2956 (Hwp.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Wed Jan 31 20:32:29 2018, mtime=Fri Oct 27 01:23:01 2023, atime=Fri Oct 27 01:23:01 2023, length=65536, window=hide
MD5	`92d06b6474688a8895aa4101920f530d`
SHA1	`2fccf4eb528a5991a91e30898f304a2ad2e81bdf`
SHA256	`338c933b52bea18990976a939aa8c8207e11b2116d58f27d3cde0cd236cf5cdc`
CRC32	`D7CCAA76`
ssdeep	`12:8pwsh64cZCrR8EvSWMlR+/GPW8izCCOLMa1Swua4t2YLEPKzlX8yZ:8pRsERdglRLPczNRak6Pyd`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	f72f1b328e8c6094_RES9A1.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RES9A1.tmp
Size	1.2KB
Processes	2496 (cvtres.exe) 2436 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`d51a4ba46597486ac82ae707bdd3b650`
SHA1	`f7be8c9f22683a5bba558b02491367d71600b3af`
SHA256	`f72f1b328e8c6094ca5166bc15d6a4ec832c2c8938b4303dbbf83817d93b030e`
CRC32	`D5228F79`
ssdeep	`24:HbJ9YeAz/X4HKUnhKbI+ycuZhNl+akSSfPNnqjtd:0eAz/IVnhKb1ulga3cqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	aecee40664d2d4c7_vl9yckxz.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.cmdline
Size	311.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`88cf4190f10605af0b0854a6bdc75899`
SHA1	`9d6b180fcf0032f69c166abcb32153c2ea235199`
SHA256	`aecee40664d2d4c7a576ea64e2812223828c24a9d20d44d999214baa6fb4a537`
CRC32	`A423568C`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23f5PQmGsSAE2NmQpcLJ23f5J:p37LvXOLMOnPAE2xOLMD`
Yara	None matched
VirusTotal	Search for analysis

Name	315728c3ea5e769a_북한최고인민회의 결과.lnk Submit file
Size	50.7MB
Type	MS Windows shortcut, Has Description string, Has command line arguments, Icon number=1, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hidenormalshowminimized
MD5	`cc96ba45dd2b6a6d7aa300d77e49c095`
SHA1	`01fae9fbec9d5e9d03f69b2750f16ae740d6de47`
SHA256	`315728c3ea5e769a4cc84cbaf611ee8790fe39b94a6e94ee257c63992d1487c9`
CRC32	`CC444315`
ssdeep	`1536:vJAzG8UqVmtD/xE8gANk+BPXXzvEL0hg3R9b:vsG8UqVmtLxEUk+DvNgR9b`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Microsoft_Office_File_Zero - Microsoft Office File Antivirus - Contains references to security software Lnk_Format_Zero - LNK Format HWP_file_format - HWP Document File Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5ac1da5505970109_se0jed8v.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\se0jed8v.cmdline
Size	311.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`0145e8685fcfe8c06131aa19540b2fde`
SHA1	`a11480945c7cc0157be7403999582be2140bc24d`
SHA256	`5ac1da5505970109f1b9db71fcd0c1a802a90df4eb63b867a2e9978d005b95f7`
CRC32	`FE0062AC`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fZVmGsSAE2NmQpcLJ23fZA9:p37LvXOLMjnPAE2xOLMk`
Yara	None matched
VirusTotal	Search for analysis

Name	fe0d2361c9f1dd51_RESBE3.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESBE3.tmp
Size	1.2KB
Processes	2820 (cvtres.exe) 2656 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`6873a11927092980490e1da148790406`
SHA1	`aeb04c465909397239340d671948b96b6c98d8e0`
SHA256	`fe0d2361c9f1dd516ec6a8b556e564fa639df251638d198e312fc9bc531bbc34`
CRC32	`9BE8C8CD`
ssdeep	`24:HbJ9YeAcYX4HfUnhKbI+ycuZhNcakSIPNnqjtd:0eAcYI8nhKb1ulca3wqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	7240559b48507fc6_rv5o9q0r.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rv5o9q0r.pdb
Size	7.5KB
Processes	2656 (csc.exe) 1356 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`3d5726c368362e87be010ad669d0d33a`
SHA1	`a957c3fb36580bf2f241763dd77bc43e3804a88d`
SHA256	`7240559b48507fc68b9886ac9f349f879511ca39850550a3fbc34748444e5515`
CRC32	`276A16F1`
ssdeep	`6:zz/BamfXllNS/u/8RHtP1mllxrS/77715KZYXxGQu+e0KpYXD/8RHYioGggksl/b:zz/H1W/uAttSXS/pw2qeAYiRD`
Yara	None matched
VirusTotal	Search for analysis

Name	53d5aecb149a00bc_rv5o9q0r.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rv5o9q0r.0.cs
Size	272.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`4de985ae7f625fc7a2ff3ace5a46e3c6`
SHA1	`935986466ba0b620860f36bf08f08721827771cb`
SHA256	`53d5aecb149a00bc9c4fac5feb8e5feddf5c83986c12d5fef1c3ddd104b09004`
CRC32	`6DDBA2C0`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlfMG4SRcBeN1jVQO1OaFFQy:V/DTLDfuBphILm4cBeN1fOaIy`
Yara	None matched
VirusTotal	Search for analysis

Name	3b1e42ebb76e31d7_ynlhqo4l.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ynlhqo4l.out
Size	607.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`8c892a1e2b74bc06678138e2541f0140`
SHA1	`bce3aba7225fe945e69b75a602bc038721aec8ef`
SHA256	`3b1e42ebb76e31d79128bb838111b384e6070f8a66db053ad02806390cbddb8f`
CRC32	`94B6B81D`
ssdeep	`12:K4OLM9nzR37LvXOLMCLqnPAE2xOLMCL2Kai31bIKIMBj6I5BFR5y:K+9nzd3BCLqnIE2nCL2Kai31bIKIMl6v`
Yara	None matched
VirusTotal	Search for analysis

Name	856bded4416dd159_ynlhqo4l.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ynlhqo4l.0.cs
Size	286.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`b23df8158ffd79f95b9bddd18738270b`
SHA1	`79e81bb74bc53671aeabecae224f0f9fe0e3ed7f`
SHA256	`856bded4416dd1595613354334ad1d3e5c4922a86102786429bcdb0e7f798882`
CRC32	`0B290FEB`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatln9MG4SRBHALRZNu8K0wHQy:V/DTLDfuBphILmyxtcZNuwy`
Yara	None matched
VirusTotal	Search for analysis

Name	43c937bb7a7dd1c0_vl9yckxz.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.pdb
Size	7.5KB
Processes	2436 (csc.exe) 1356 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`4af4b7e4bf970e2af4436deda3d99181`
SHA1	`ef493915646f9e7a4a22c7596a0d7e3d5504c22f`
SHA256	`43c937bb7a7dd1c07340dc10980612027550e18ae2eb8d7f5f8f15a089f3bfd7`
CRC32	`2AEE68FB`
ssdeep	`6:zz/BamfXllNS/u/q+c91mllxrS/77715KZYXxGQu+e0KpYXD/q+iqMoGggksl/cI:zz/H1W/ulc3SXS/pw2qelXMRD`
Yara	None matched
VirusTotal	Search for analysis

Name	18480c7776c10433_rv5o9q0r.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rv5o9q0r.dll
Size	3.5KB
Processes	2656 (csc.exe) 1356 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d622a1c66bab6b87fb8a0d6afb987a64`
SHA1	`94d1ef2eb3426b3ce783ee354099d10a59386856`
SHA256	`18480c7776c1043313e03ce99d8f87760a37c26b4629098b30f76db03e966918`
CRC32	`710470CF`
ssdeep	`24:etGSRt6hmSlTA0VIluJ9/exALmpbdPtkZf6wfNS66/vymI+ycuZhNcakSIPNnq:66H5HJ8AsuJ6//Z1ulca3wq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1c2b2428bf9d633e_ynlhqo4l.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ynlhqo4l.pdb
Size	7.5KB
Processes	2876 (csc.exe) 1356 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`2ac5d9a916b0ba0a842a315a2ea3dc85`
SHA1	`a16910e3b18563954b69b73d46d54be86e443e7b`
SHA256	`1c2b2428bf9d633e479d164ad4d9763982394f91b560739a587aca5eec20c42d`
CRC32	`736567E2`
ssdeep	`6:zz/BamfXllNS/gMHt31mllxrS/77715KZYXxGQu+e0KpYXLMftfoGggksl/cEDf:zz/H1W/tXSXS/pw2qdVfRD`
Yara	None matched
VirusTotal	Search for analysis

Name	0a913fd594ad2da3_vl9yckxz.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.0.cs
Size	249.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`69ecfeb3e9a8fb7890d114ec056ffd6d`
SHA1	`cba5334d2ffe24c60ef793a3f6a7f08067a913db`
SHA256	`0a913fd594ad2da3159400fc3d7d2cc50b34f8f31675ec5ac5a41d7e79e9fd58`
CRC32	`C84571C8`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatloFMG4SRT1JAnR1jvy:V/DTLDfuBphILmL5TDUR1zy`
Yara	None matched
VirusTotal	Search for analysis

Name	2f20084042159f2c_RESDF6.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESDF6.tmp
Size	1.2KB
Processes	2952 (cvtres.exe) 2876 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`2eb4a5a302e12c48df1528d76271faaf`
SHA1	`8c433dc347c8c81768be845ebbe095bc66f66938`
SHA256	`2f20084042159f2c1f8adaa2532cb0768c4731619c9c4d479f653327465f4a51`
CRC32	`43705242`
ssdeep	`24:HqJ9YeAVX4HBUnhKbI+ycuZhNfakSxPNnqjtd:PeAVIOnhKb1ulfa3DqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	3e5e98dc32a5cc0b_se0jed8v.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\se0jed8v.pdb
Size	7.5KB
Processes	3020 (csc.exe) 1356 (powershell.exe)
Type	MSVC program database ver 7.00, 512*15 bytes
MD5	`273eaba3df4971a39c1cd7e174c6a382`
SHA1	`5b8e66529e4083c5aea013e38e197ce86ff59587`
SHA256	`3e5e98dc32a5cc0b30c8e07dce9321b8a26ddb5691693d1f50967048ecb1d557`
CRC32	`063AB84A`
ssdeep	`6:zz/BamfXllNS/gMx31mllxrS/77715KZYXxGQu+e0KpYXLMDl3oGggksl/cEDf:zz/H1W/txlSXS/pw2qd53RD`
Yara	None matched
VirusTotal	Search for analysis

Name	e5231270257f1727_se0jed8v.0.cs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\se0jed8v.0.cs
Size	259.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text
MD5	`560e1b883a997afcfa3b73d8a5cddbc1`
SHA1	`2905f3f296ac3c7d6a020fb61f0819dbea2f1569`
SHA256	`e5231270257f1727ca127b669a7c21d46ced81cd5b46e89c48dd8304c1185bea`
CRC32	`7A3E756E`
ssdeep	`6:V/DsYLDS81zuBph+HjLmatlJOmMG4SRNLGeUy:V/DTLDfuBphILmIFGeUy`
Yara	None matched
VirusTotal	Search for analysis

Name	b52eaa1a491ace7e_vl9yckxz.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.out
Size	607.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`d2b8a75b02642eaf25a55c11fcfdf0b7`
SHA1	`1ee5ff989d412d3df8a570ae3bd0d80a96240e78`
SHA256	`b52eaa1a491ace7e67e74291df578cb99f1135066661d874ee77dc037318acf5`
CRC32	`B2F23869`
ssdeep	`12:K4OLM9nzR37LvXOLMOnPAE2xOLMiKai31bIKIMBj6I5BFR5y:K+9nzd3BOnIE2niKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	0c068c358e0e78fd_북한최고인민회의 결과.hwp Submit file
Size	69.0KB
Type	Hangul (Korean) Word Processor File 5.x
MD5	`518aaa60b6f19a27025a08fbbe09963f`
SHA1	`e2fdd2db2d7662646e5dd40500dbfb4d9fbb1069`
SHA256	`0c068c358e0e78fdab9979f374ca6943fe5ace553c9c42af3367181bc010c329`
CRC32	`3EDAF43D`
ssdeep	`1536:oAzG8UqVmtD/xE8gANk+BPXXzvEL0hg3:FG8UqVmtLxEUk+DvNg`
Yara	Microsoft_Office_File_Zero - Microsoft Office File HWP_file_format - HWP Document File Win32_HWP_PostScript_Zero - Detect a HWP with embedded Post Script code
VirusTotal	Search for analysis

Name	d7c16bfe76c1e3f2_rv5o9q0r.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rv5o9q0r.cmdline
Size	311.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`728d3b06efdaf0c0223a2081bf719760`
SHA1	`9ffd577486f210660b5992b8deded7afa208494e`
SHA256	`d7c16bfe76c1e3f209dc46fd4976cdcfe6886d03e824f18dc16dd096d1a3cd1b`
CRC32	`9624D8E2`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fdRemGsSAE2NmQpcLJ23fd7yAn:p37LvXOLMrenPAE2xOLMp9`
Yara	None matched
VirusTotal	Search for analysis

Name	ac8077e64a8cd818_031023.bat Submit file
Filepath	C:\Users\Public\031023.bat
Size	3.3KB
Processes	2864 (powershell.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`8741a228fba24165aac6aac400aada40`
SHA1	`bb3637e332a079c849d28a4de7a795d54123abee`
SHA256	`ac8077e64a8cd818f17039dd74c733618c178298b3ecfba41d15c0cd2be864b0`
CRC32	`9DB2136D`
ssdeep	`48:tbozNgvaKdUn1hBQFNiaEyw1unvWB4OTP9ujc8aTWgBRTWgBuTWEXtQDWUcaTCo2:RoUa0WqEZiCH8aygBRygBuymQiUXpoN`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	4444868d833fccb4_vl9yckxz.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.dll
Size	3.5KB
Processes	2436 (csc.exe) 1356 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f4bfe0e78bceb491fa4404fcd25bfd86`
SHA1	`3d82e88284ee5f075e26339507f545c8342226fc`
SHA256	`4444868d833fccb49e9c07851ebde95afe2faab3f715b362aa489553b427b042`
CRC32	`5C158EBF`
ssdeep	`24:etGSRN6G7nLsKpHq7sEzgALmpbdPtkZfSfsi8aamI+ycuZhNl+akSSfPNnq:6uiHq7stAuuJSfsGp1ulga3cq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	50ebc31cd5b4595b_se0jed8v.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\se0jed8v.dll
Size	3.5KB
Processes	3020 (csc.exe) 1356 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9b34960af08ffd9b3d76a0351d323238`
SHA1	`92a05b39eb14bb229203ecd9c6c97a3d3a351867`
SHA256	`50ebc31cd5b4595b411a7a11c1ddccb604589db22d87e31d0875d7df7ef95dae`
CRC32	`54E0775D`
ssdeep	`24:etGSTENiGTnylqsanvqh9sALmzCrbdPtkZf7hsnv7VmI+ycuZhN5akS3PNnq:6jdqnSsAwKuJ7hsw1ul5a3lq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	442dc898a5aaa3e5_rv5o9q0r.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rv5o9q0r.out
Size	607.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`aec760af0489599cd36d6cf319a176fd`
SHA1	`13822e739c87b397502787ae1322ae727be03030`
SHA256	`442dc898a5aaa3e5e8cddbbcf5fed86a7b1a20bc299080131643c32e50d8993c`
CRC32	`27995A71`
ssdeep	`12:K4OLM9nzR37LvXOLMrenPAE2xOLMp4Kai31bIKIMBj6I5BFR5y:K+9nzd3BinIE2nOKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	22763e01840ca4c8_북한최고인민회의 결과.hwp.lnk Submit file
Size	1.1KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 27 01:22:58 2023, mtime=Fri Oct 27 01:22:58 2023, atime=Fri Oct 27 01:22:58 2023, length=70656, window=hide
MD5	`395725e400fd5e7d37b6cea561e1d477`
SHA1	`5df35598cea8fcbd806507f4d4742ea1c1673e6b`
SHA256	`22763e01840ca4c824e0f96c509e8168d8ce73b32dd975903db96015478a5703`
CRC32	`71C40FB8`
ssdeep	`12:8kuEi4cZCrR8EvSWMlR+/GPWE1JbLvvNNCOLM1aD4Q1lw1lAwua4t2YLEPKzlX8Q:8kuisERdglRLPnJbLv+RQDNAQ6Pyx`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_vl9yckxz.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\vl9yckxz.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	3067dc84da74a89a_CSCBC2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCBC2.tmp
Size	652.0B
Processes	2656 (csc.exe)
Type	MSVC .res
MD5	`25d013a992d1b592e1cbbc80754add64`
SHA1	`757c8e015fad917f150563984c82190f37e60eb2`
SHA256	`3067dc84da74a89a4abc24730aebe21b4286bcc2cc2ba0a8325e10a0cfbb14f5`
CRC32	`ACA370DA`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryYrak7Ynqq7EPN5Dlq5J:+RI+ycuZhNcakSIPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	76296ca80ceb9d2d_sharefont.ini Submit file
Filepath	C:\Users\test22\AppData\Roaming\HNC\User\Common\80\Fonts\ShareFont.ini
Size	183.0B
Processes	2956 (Hwp.exe)
Type	ASCII text, with CRLF line terminators
MD5	`34766d17d04c24aaa62124eae6b5bac4`
SHA1	`984e092e32fe8f7bd340a7799541c2600d96a4fb`
SHA256	`76296ca80ceb9d2db0b4ed08ba1b060c92a75805d71978c30dd33b87bd698b6e`
CRC32	`E0E924A3`
ssdeep	`3:5xxovKdVo6LR5nE9Aj4I5tLGoW+QRX7AMWRUrNmWxpcL4EaKC5YoH1KLDTjEcKl0:5RVogR5nEk55GoW+QWMWRKNmQpcLJaZg`
Yara	None matched
VirusTotal	Search for analysis

Name	9693afcfa402d538_RESFAB.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RESFAB.tmp
Size	1.2KB
Processes	2996 (cvtres.exe) 3020 (csc.exe)
Type	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x406, 9 symbols
MD5	`f0359a92faf0dad309f70fabfe945f52`
SHA1	`5e8060b0a6577c3c86feadfa53d046f8c0c69a3e`
SHA256	`9693afcfa402d53833ffdcae3f433e4c9d22a96fafba1fc0de6ee563dc6a43dc`
CRC32	`E34F1309`
ssdeep	`24:HqJ9YeACQCLcX4HGUnhKbI+ycuZhN5akS3PNnqjtd:PeATfIxnhKb1ul5a3lqjH`
Yara	None matched
VirusTotal	Search for analysis

Name	a0771896b15e1e5d_ynlhqo4l.cmdline Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ynlhqo4l.cmdline
Size	311.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
MD5	`502f39cd96862d54efddcd2f9baf9211`
SHA1	`4f691078e742acb4aab3b8d704c2cd6f6231088e`
SHA256	`a0771896b15e1e5d6b224f3543a472b357b09d925f17af88ea99d03da2d08e4f`
CRC32	`FFA673F6`
ssdeep	`6:pAu+H2LvFJDdq++bDdqBnmQpcLJ23fWNLqmGsSAE2NmQpcLJ23fWNLdGA:p37LvXOLMCLqnPAE2xOLMCLP`
Yara	None matched
VirusTotal	Search for analysis

Name	0db2108f6f7f8f48_CSC990.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSC990.tmp
Size	652.0B
Processes	2436 (csc.exe)
Type	MSVC .res
MD5	`925d3f25b74e99363178072b4c32895f`
SHA1	`9a429f8c0af7af8b59e255f248cd6867415fc2fb`
SHA256	`0db2108f6f7f8f4834a419907b8862e1acd4764a5863c2c587ab78503e76b722`
CRC32	`BBB2DFD0`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry3+ak7YnqqSfPN5Dlq5J:+RI+ycuZhNl+akSSfPNnqX`
Yara	None matched
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RF15ceb9b.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF15ceb9b.TMP
Size	7.8KB
Processes	2864 (powershell.exe) 1356 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d0b87451c2763069_se0jed8v.out Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\se0jed8v.out
Size	607.0B
Processes	1356 (powershell.exe)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`aa16e8365dabb79391be236bb4a25698`
SHA1	`5b87c1ca18124942fc11cf69047cf9a94302bd65`
SHA256	`d0b87451c2763069f31cbf126b79c6641a48287ddff70b044a4818d0193d6ff3`
CRC32	`44B15379`
ssdeep	`12:K4OLM9nzR37LvXOLMjnPAE2xOLMxKai31bIKIMBj6I5BFR5y:K+9nzd3BjnIE2nxKai31bIKIMl6I5Dvy`
Yara	None matched
VirusTotal	Search for analysis

Name	a18b343487579ece_ynlhqo4l.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ynlhqo4l.dll
Size	3.5KB
Processes	2876 (csc.exe) 1356 (powershell.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2f0a4839fd11f01f089907c0116ed4f9`
SHA1	`20427d9e7f53794a6f46588d74328f47997916c4`
SHA256	`a18b343487579ece80499a0d5f3d3aaa6063898234125ed6f6cca7ac3be8b5a2`
CRC32	`E49708E6`
ssdeep	`24:etGSTEtunmaOnfgh/hLhXOedTblqw80ZALmn7bdPtkZfR7CZM0nvqgCL6mI+ycuJ:6HjpL/xB5AyuJ1/gW1ulfa3Dq`
Yara	Is_DotNET_DLL - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d7be95fa7a61f0b1_CSCF9B.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\CSCF9B.tmp
Size	652.0B
Processes	3020 (csc.exe)
Type	MSVC .res
MD5	`c57172367523e4a05dd69a0be4130d1d`
SHA1	`21ddf084bfe2b9236b574884b0e0c19ca95b6763`
SHA256	`d7be95fa7a61f0b1a1b5c3b1f2f9499d717146d8ba477065a9ce57d188d39636`
CRC32	`DF132715`
ssdeep	`12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryOiak7YnqqrjPN5Dlq5J:+RI+ycuZhN5akS3PNnqX`
Yara	None matched
VirusTotal	Search for analysis