Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	41e3f69ecc09290e_httperrorpagesscripts[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\httpErrorPagesScripts[1]
Size	5.4KB
Processes	4408 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dea81ac0a7951fb7c6cae182e5b19524`
SHA1	`8022d0b818a0aea1af61346d86e6c374737bc95a`
SHA256	`41e3f69ecc09290ebc49be16d2415036ddb2f7a4b868eef4091d0b5a301762fe`
CRC32	`5E7F4A18`
ssdeep	`96:JCc1g1V1riA1CiOcitXred1cILqcpOnZ1g1V1OWnvvqt:xmjriGCiOciwd1BPOPmjOWnvC`
Yara	None matched
VirusTotal	Search for analysis

Name	ba92995d1296b989_invalidcert[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\invalidcert[1]
Size	4.9KB
Processes	4408 (iexplore.exe)
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`57868b56f2ae430d15693e82a827ddb5`
SHA1	`c72b54f285f93e0ada5d1991dd2e8d1a14aa6a0c`
SHA256	`ba92995d1296b989dc78b21e8c7eaadc799e91db819f3f83bfba817b28df6e4b`
CRC32	`6CA10D5C`
ssdeep	`96:UqUHCkAs5PFkiGjUpG9gHdk0iSAu5hfeGNBz1t9hS:9ULAsnkdjo2gnNBz39hS`
Yara	None matched
VirusTotal	Search for analysis

Name	7a4dde948b573b5a_System.Data.SQLite.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Data.SQLite.dll
Size	348.0KB
Processes	8564 (relese.exe) 1848 (explorer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`83dfd2fe35efb2154bcdd3b475f378f2`
SHA1	`43eaf586250bf5c8b32eb832cf3479a8dbf7cca2`
SHA256	`7a4dde948b573b5a92cb1f63a2201006e61ea24107d9668a36efa378e8d48f08`
CRC32	`AC827341`
ssdeep	`6144:ZGQLrNgxi5kQFoqrgwy8EroHwiM53F6Q3ncU0YbhGUTJupozw7esl0waFNFfcaFI:AQLrNgxi5loqrgwy8ErKl1Q3nv0YNMew`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsDLL - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3cadcb6b8a733514_System.Runtime.CompilerServices.Unsafe.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Runtime.CompilerServices.Unsafe.dll
Size	16.4KB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9a341540899dcc5630886f2d921be78f`
SHA1	`bab44612721c3dc91ac3d9dfca7c961a3a511508`
SHA256	`3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5`
CRC32	`23D92AA6`
ssdeep	`192:erLXx0hyLsbb3rxVj7WU2WLTYoW4GD5dHnhWgN7acWlbAkWD7DiqnajKs3WoHpZ:Ih06sbbVVPWU2WPY7dHRN77RGlGs3jJZ`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	de9d69f3183c1359_Svc_host.pdb Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Svc_host.pdb
Size	189.5KB
Processes	8564 (relese.exe)
Type	MSVC program database ver 7.00, 512*379 bytes
MD5	`400f9d72e512ca48ec549d83feff5f25`
SHA1	`0ba7783ca5c60527db0caa3af21d641cc14ddb5f`
SHA256	`de9d69f3183c135944b0dc68eac290a30d95d670af5fb59ea72dc9eb61c502ae`
CRC32	`D4960E27`
ssdeep	`1536:261jQviDqcZGmi9Xq8O3yjoBGAZTe291jKO3yjS:2a/LGmgX2YoBGA9nfdYS`
Yara	None matched
VirusTotal	Search for analysis

Name	a22e09986a09839d_System.Runtime.CompilerServices.Unsafe.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Runtime.CompilerServices.Unsafe.xml
Size	17.6KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`aa2cb9ba14481a623ee20f821cf5d180`
SHA1	`8b27d2b07845a94aa7741093e8a4d6d2e7b768df`
SHA256	`a22e09986a09839dc697f13d76aaded6008001f3632986acaebc29f8ef489b82`
CRC32	`F5E4337E`
ssdeep	`384:Y/uXudyvB0fmkcdZKyQe1EyriJriurs8rs1VwFaFDJOeOiKFIxRkj1r:Y/AEwafmkcdZbQe1EyriJriurs8rs1Vm`
Yara	None matched
VirusTotal	Search for analysis

Name	21d03f19c4b1c12d_red_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\red_shield[1]
Size	3.4KB
Processes	4408 (iexplore.exe)
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`87de5d9a3403e1d7635885cbaa52389d`
SHA1	`50b32c5966331e3e27bef987fd1da0129423d348`
SHA256	`21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d`
CRC32	`15814E36`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d0ba19f5e334e60f_invalidcert[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\invalidcert[1]
Size	2.1KB
Processes	4408 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`66f441cef8801549c2f0ff12cbe752a5`
SHA1	`de506bfb63225b3cc084ae292d4bf98a21ae6250`
SHA256	`d0ba19f5e334e60fb5056bc2e05b97de09aee4db49e5e11abde482bab9c4e8fb`
CRC32	`13C10CC2`
ssdeep	`48:mPntofz4/i5DjktylVDJlObUBsBXcysTqysg2Bp5Bi8OwaBynLysTqys4Bwy/Ae:SE4a5HlVDJMbUB2XcylyNkpfi8OwgynN`
Yara	None matched
VirusTotal	Search for analysis

Name	fbc23311fb5eb53c_background_gradient_red[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\background_gradient_red[1]
Size	868.0B
Processes	4408 (iexplore.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3
MD5	`337038e78cf3c521402fc7352bdd5ea6`
SHA1	`017eaf48983c31ae36b5de5de4db36bf953b3136`
SHA256	`fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61`
CRC32	`C08DA614`
ssdeep	`24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	70f316a5492848bb_down[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\down[1]
Size	3.3KB
Processes	4408 (iexplore.exe)
Type	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	`555e83ce7f5d280d7454af334571fb25`
SHA1	`47f78f68d72e3d9041acc9107a6b0d665f408385`
SHA256	`70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880`
CRC32	`9EA3279D`
ssdeep	`96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	af1c243044f69fbb_recoverystore.{e66a19e4-bec6-11eb-bde1-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E66A19E4-BEC6-11EB-BDE1-94DE278C3274}.dat
Size	4.5KB
Processes	3752 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`59c3f183f33b35dd019258ed841c2e95`
SHA1	`f8ab5d31015c6389df9bb060c82b291eca580763`
SHA256	`af1c243044f69fbb4a5bd96471596383e223e2dafa3de10fbd4b09bb361dca2d`
CRC32	`98613C84`
ssdeep	`12:rlfF2OXrEg5+IaCrI0F7+F2LrEg5+IaCrI0F7ugQNlTqbax3/wXZNlTqbax3/wKj:rq45/1L5/3QNlW6ONlW6`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	f551b9ec31487b25_BouncyCastle.Crypto.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\BouncyCastle.Crypto.xml
Size	1.4MB
Processes	8564 (relese.exe)
Type	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`e6b5750503e89038076b6fbc44d86782`
SHA1	`1aa3cbcbefc5616306888b67c3ad49c7667b03a3`
SHA256	`f551b9ec31487b259b6034da923587776d93f0ba35538a8dfe1d9dabf890eaec`
CRC32	`2E21B8E2`
ssdeep	`12288:Zky4oeqjABNM7fT62FYyEyp/0nNeXC2cjkRYlj:ZkHoeqUBU77FY5`
Yara	None matched
VirusTotal	Search for analysis

Name	cb3ccbb76031e5e0_3c428b1a3e5f57d887ec4b864fac5dcc Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Size	914.0B
Processes	4408 (iexplore.exe)
Type	data
MD5	`e4a68ac854ac5242460afd72481b2a44`
SHA1	`df3c24f9bfd666761b268073fe06d1cc8d4f82a4`
SHA256	`cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f`
CRC32	`5017495B`
ssdeep	`24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF`
Yara	None matched
VirusTotal	Search for analysis

Name	702ac34883c2ddd8_Svc_host.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Svc_host.exe
Size	65.0KB
Processes	8564 (relese.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d4dc663097f4608a22e5ce878ad16869`
SHA1	`7c403c214d9de22453ed69350406eecb88199aec`
SHA256	`702ac34883c2ddd855b200ece2834b7f4ac6dc58cf4b1503552eb51bb7ec8a1c`
CRC32	`273513FC`
ssdeep	`768:7WoI3tdVFDfd9bwdaM4OgyWz/jtOY5ll/ogF2umIH1zE5MM89lNc0EkbYEs1wvQ4:7W99zFDfSrgMa/7kEsnyqT5bwA5n6J`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ae2c3de9ad57d709_System.Numerics.Vectors.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Numerics.Vectors.xml
Size	179.2KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`95dd29ca17b63843ad787d3bc9c8c933`
SHA1	`1a937009a92b034edb168cfac0ec1c353be8f58e`
SHA256	`ae2c3de9ad57d7091d9f44dcdee3f88eccf2ba7cb43adc9bb24769154a532dc7`
CRC32	`127F6E20`
ssdeep	`1536:azQgQfMzpKGPqMGFY3lF8YzA2HrYJtJZJ9JaGf4AscoqrbuC4BqaiaIacasa7c1E:azafMDl4LfX3MIg+QDB`
Yara	None matched
VirusTotal	Search for analysis

Name	8e76318e8b06692a_System.Memory.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Memory.dll
Size	137.9KB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6fb95a357a3f7e88ade5c1629e2801f8`
SHA1	`19bf79600b716523b5317b9a7b68760ae5d55741`
SHA256	`8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7`
CRC32	`0881E5B7`
ssdeep	`3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	003d30e7d128c677_errorpagestrings[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\errorPageStrings[1]
Size	2.5KB
Processes	4408 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`07d7197d980e82c3ce6b22c0342711ae`
SHA1	`e3e675f4507d3d2f4f56f06c76abdc40d09dd1a2`
SHA256	`003d30e7d128c6771b36ab2b0f02d36670e42488d86ba7db00ad862528266060`
CRC32	`3485002F`
ssdeep	`48:zTW8quJiyUlyHWKShUpeHRitRflRynLRX4Y1WW90W2olr8tcUV/9z8/pWMI9EMIN:zTW8qIiyUcAhUpIRSRflRynLRX4LMlrT`
Yara	None matched
VirusTotal	Search for analysis

Name	afce792469d28568_errorpagetemplate[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\ErrorPageTemplate[1]
Size	2.2KB
Processes	4408 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`cd78307e5749eb8aa467b025dc66bcd3`
SHA1	`7f85f932532719bc0ca23a21a24e146cdcd40668`
SHA256	`afce792469d28568da605230d27a6d5354f9451c60b5a3ce998edeaf098c8327`
CRC32	`12B03B3E`
ssdeep	`24:5Lj5x55k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+BieyuSQK:5f5H5k5pvFehWrrarrZIrHd35IQfOS6`
Yara	None matched
VirusTotal	Search for analysis

Name	d5714c96607eb1a9_System.Memory.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Memory.xml
Size	13.6KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`add19745a43b2515280ce24671863114`
SHA1	`cf44e6557fde93288ff2567a002a69279965caba`
SHA256	`d5714c96607eb1a9d0f90f57ca194d8a9c3ede0656a1d1f461e78b209f054813`
CRC32	`90059A61`
ssdeep	`192:19SSrAVfjSE0wxiMiLiLiXdCjticiciAiJiziPNjNei5i9zhi+ipOUTJ:1gbXKKXppPmcPi6LmJ`
Yara	None matched
VirusTotal	Search for analysis

Name	b9c98b47e6bd8c4b_System.Data.SQLite.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Data.SQLite.xml
Size	1.1MB
Processes	8564 (relese.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`d111d791998481a37c62f2d465ecf970`
SHA1	`bb50d633eed5ac72bf6b8e65a5c61f5cbe28271f`
SHA256	`b9c98b47e6bd8c4bf59b27e7dac0c82d2dddd3c93b794de8538b4f23cd8e6464`
CRC32	`9907F7A9`
ssdeep	`6144:CBKIcdp2KTuJTfR2bTQak81FS6BXJRU1ISHVTCqmSw+Z:xu`
Yara	None matched
VirusTotal	Search for analysis

Name	e3c9cb0cbf4b3be2_Newtonsoft.Json.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Newtonsoft.Json.xml
Size	691.1KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`ad1a946cdbe4fc83907cf558fb80a37f`
SHA1	`9b6ab559cccce89e989259e356c55be6e370f1db`
SHA256	`e3c9cb0cbf4b3be20b6030f3a4872edd81e042048d2d19732eac3eeb9779dc0b`
CRC32	`325496ED`
ssdeep	`6144:XqqUmk/RikFaG0rH3jGHdl0/IBHNpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUn`
Yara	None matched
VirusTotal	Search for analysis

Name	f2afc04a24c9d89d_red_shield_48[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\red_shield_48[1]
Size	6.8KB
Processes	4408 (iexplore.exe)
Type	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	`f413dd8a75b81a154a1fd5e4c4a0a782`
SHA1	`667f7e3da51ca3417a1feb66d238466423c9487d`
SHA256	`f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb`
CRC32	`D96BDACF`
ssdeep	`192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7f912b28a07c226e_Newtonsoft.Json.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Newtonsoft.Json.dll
Size	683.9KB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6815034209687816d8cf401877ec8133`
SHA1	`1248142eb45eed3beb0d9a2d3b8bed5fe2569b10`
SHA256	`7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814`
CRC32	`3D2CD95A`
ssdeep	`12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	accccfbe45d9f08f_System.Buffers.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Buffers.dll
Size	20.4KB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ecdfe8ede869d2ccc6bf99981ea96400`
SHA1	`2f410a0396bc148ed533ad49b6415fb58dd4d641`
SHA256	`accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb`
CRC32	`959571EB`
ssdeep	`384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8a1ad57cd0a37558_{e66a19e5-bec6-11eb-bde1-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E66A19E5-BEC6-11EB-BDE1-94DE278C3274}.dat
Size	7.0KB
Processes	3752 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1223712101e06e9e2cbc4e5a487720ae`
SHA1	`12e224c73d1ad081b134065ade5f117a61d6a71f`
SHA256	`8a1ad57cd0a375584dfc56a8e390f7693e7db02fb36c8e98acd06d0094109659`
CRC32	`5B95427C`
ssdeep	`96:nWjCIp9lZ/B30o9lZ9f89lZG9lZBgl9lZG:UCSZ/t0oZ90ZGZWlZG`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	c686babc034f53a2_green_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\green_shield[1]
Size	3.4KB
Processes	4408 (iexplore.exe)
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`254d388ce19d84a54fd44571e049e6a6`
SHA1	`51ca725642f679978f5880278e5cac5ca4f70fae`
SHA256	`c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227`
CRC32	`265B0B9C`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6de598428c334097_IE9CompatViewList[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\IE9CompatViewList[1].xml
Size	141.7KB
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c236e316e1b9ac60ce15dac7bcb8b2de`
SHA1	`1e240ed5f7cbc3dc8cd2397c7151a0d7e5f173c2`
SHA256	`6de598428c334097a21eb2dd5963c190fc5f80a6289bce205ded0466393745a4`
CRC32	`8B345ADA`
ssdeep	`3072:toSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:mSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR`
Yara	None matched
VirusTotal	Search for analysis

Name	2ec7fb12e11f9831_System.Buffers.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Buffers.xml
Size	3.4KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1c55860dd93297a6ea2fad2974834c3a`
SHA1	`7f4069341c6b62ecfc999a6c2d8a2d5fb59d44f6`
SHA256	`2ec7fb12e11f9831e40524427f6d88a3c9ffdd56ccfa81d373467b75b479a578`
CRC32	`C13D11EC`
ssdeep	`96:1Sm9iVH4cK4bSrh4st9Y9TS7AilqqZw37EeKB+ZPZk:1Sm9iecnWrue8ildZw3QD+ZPZk`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_26266421 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_26266421
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	362fa63d52a57f00_Svc_host.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\Svc_host.exe.config
Size	1.0KB
Processes	8564 (relese.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c06f5086e023a7d6fb37e64e8255de3d`
SHA1	`eaac13e0bdb5faf32ad3f8919db6b9bcf7a85987`
SHA256	`362fa63d52a57f001971b68ab18beefa1c4517c3fc31b3c703a7bb8644aee0bf`
CRC32	`3D79762A`
ssdeep	`24:2dAr2tPF7NhOXrT2/BhVV+Tw2/pVQ7e2//9r:cAr2z7O7kHOJpSv/t`
Yara	None matched
VirusTotal	Search for analysis

Name	1d3ef8698281e7cf_System.Numerics.Vectors.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.Numerics.Vectors.dll
Size	113.1KB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`aaa2cbf14e06e9d3586d8a4ed455db33`
SHA1	`3d216458740ad5cb05bc5f7c3491cde44a1e5df0`
SHA256	`1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183`
CRC32	`0A801312`
ssdeep	`1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	07498b990aa84916_BouncyCastle.Crypto.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\BouncyCastle.Crypto.dll
Size	2.8MB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`87a4ade7faeaf5021ade5fcc797f4f70`
SHA1	`a48caf79e6de1eecb588c3b7c4550ca4d66f4a59`
SHA256	`07498b990aa84916ec6d84e24cdf99a0ac0e265ff3e53598a9b153285bd23594`
CRC32	`7A7F0115`
ssdeep	`49152:Wimnlkispg7IQO91SvF1mWfwhbNHIkvfqLOLGbSXY9rzDgiO:XIlkp36vF1FXbkgrzDgiO`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT NPKI_Zero - File included NPKI IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4870018813eff9a5_SQLite.Interop.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\x86\SQLite.Interop.dll
Size	1.2MB
Processes	8564 (relese.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1d5041dc5a86b787d9701b78a9e0b121`
SHA1	`88873d0af22c924869f8c10c46e9b8f765d9b998`
SHA256	`4870018813eff9a5b050044c5eb639bb3e536ec1cd3ad03da389b83216c0f4d5`
CRC32	`766DDEDA`
ssdeep	`24576:PRL4z3OFV7DeRuvUJwOB/7UA22Q0XgGtyPmJAvuC8PD/i7pi/sT5B2LOhW:t4jcJzanPXgGR+uC8sp4q2LX`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b963eb95627b5f22_System.IO.Compression.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\System.IO.Compression.dll
Size	109.4KB
Processes	8564 (relese.exe) 1848 (explorer.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9661714578a06ecb815369db1d364fe9`
SHA1	`629ce95c12b21678d877359ec4552d431c1cfbab`
SHA256	`b963eb95627b5f223e813fce8a53e6c9d72891714923de7263111473faebf3ef`
CRC32	`3D0B9067`
ssdeep	`1536:vUDglrO+lIFVkQT31aWzXCJ/tBvjZs1wJSGvNbZO0Wehg5aQKnfXmNo6/KwEBPD:Ugh3dBbi1wgGvIC1fWNo6/KwEtD`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature Is_DotNET_DLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ace1fa77a1ccf633_3c428b1a3e5f57d887ec4b864fac5dcc Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Size	252.0B
Processes	4408 (iexplore.exe)
Type	data
MD5	`ee52a1fd1258b594ed4f71254bb65683`
SHA1	`8e5ed3c57716957b7890329ebba22a68a038ffb1`
SHA256	`ace1fa77a1ccf633f73a43508cda53a46c85b6844e59bb7aaccc6a642bad23ff`
CRC32	`5C136D65`
ssdeep	`6:kKHGpLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:OpLutWOxSW0zeYrsMlU/`
Yara	None matched
VirusTotal	Search for analysis

Name	1d534617b3832302_SQLite.Interop.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RarSFX0\x64\SQLite.Interop.dll
Size	1.6MB
Processes	8564 (relese.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`7de130ce491d63ecb3920687a84df54a`
SHA1	`9784983d96036605f4f2b043191cf89be192666d`
SHA256	`1d534617b38323027a64579a581258a55c3986f5b4b15297126c8a4cef5aa105`
CRC32	`A68F7DA3`
ssdeep	`24576:Bmyw7ozZ/Tsfeb9cnFnI/ydJdex/TfpHpoqkz+Rqlhq1JUIUIya70elxspc:Bmyw1y2Ddc/bDkzmHzUIUIya`
Yara	IsPE64 - (no description) IsDLL - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
VirusTotal	Search for analysis