Dropped Files | ZeroBOX
Name 5dd4ccd63e6ed07c_api-ms-win-core-synch-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-synch-l1-1-0.dll
Size 19.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 71af7ed2a72267aaad8564524903cff6
SHA1 8a8437123de5a22ab843adc24a01ac06f48db0d3
SHA256 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f
CRC32 24352D97
ssdeep 384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2d5d1a4d6bc5abb1_4twodlby5p.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\4tWOdlbY5p.exe
Size 479.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 abeb86fdec0060ffb80f364cabd30b1b
SHA1 3c9c7b3ee66ff071eb32848ad5a62fab9683427c
SHA256 2d5d1a4d6bc5abb1e0ad26c3d9801a44317d0a50a370db5de488763b98fc766b
CRC32 EBC7B85E
ssdeep 12288:zgiBSdDYggiZJUiCbzHoUGuNOty2rkb2q2ZBQDf+qE:zgiB2BgiZJUzzHorqMyckb
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name 4cfada7eb51a6c0c_sY9eU8qD7hB3_m.zip
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\sY9eU8qD7hB3_m.zip
Size 2.7MB
Processes 1812 (zxcv.EXE)
Type Zip archive data, at least v2.0 to extract
MD5 1117cd347d09c43c1f2079439056ada3
SHA1 93c2ce5fc4924314318554e131cfbcd119f01ab6
SHA256 4cfada7eb51a6c0cb26283f9c86784b2b2587c59c46a5d3dc0f06cad2c55ee97
CRC32 0846BD7E
ssdeep 49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP
Yara None matched
VirusTotal Search for analysis
Name b2935d4706c07354_jYPi0HEigjR.zip
Submit file
Filepath C:\Users\test22\AppData\LocalLow\jYPi0HEigjR.zip
Size 22.0KB
Processes 1812 (zxcv.EXE)
Type Zip archive data, at least v2.0 to extract
MD5 2f40e61568122f0cd9ebc1e7abe2a916
SHA1 b6320876f61f4f8acb42f39d828bf10d2582d18b
SHA256 b2935d4706c073541ea7ed439e46ecbe809c307f2b768847fec36042c1432661
CRC32 677B04CF
ssdeep 384:/SWZOcbsEX2I0LEu4oRrQFuDBoGchvMHNQgKt1u/PCCWzU5NNPC:/zIb42I0QV2QFuDBoGUvFgt/PCcfNC
Yara None matched
VirusTotal Search for analysis
Name c85dc081b1964b77_api-ms-win-core-file-l2-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-file-l2-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 e479444bdd4ae4577fd32314a68f5d28
SHA1 77edf9509a252e886d4da388bf9c9294d95498eb
SHA256 c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719
CRC32 F4699D05
ssdeep 192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 565a2eec5449eeee_api-ms-win-crt-locale-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-locale-l1-1-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 a2f2258c32e3ba9abf9e9e38ef7da8c9
SHA1 116846ca871114b7c54148ab2d968f364da6142f
SHA256 565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33
CRC32 3C5AE513
ssdeep 192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 24222300c78180b5_Trast.bat
Submit file
Filepath C:\Users\Public\Trast.bat
Size 34.0B
Processes 1472 (j6VXXENS27.exe)
Type ASCII text, with no line terminators
MD5 4068c9f69fcd8a171c67f81d4a952a54
SHA1 4d2536a8c28cdcc17465e20d6693fb9e8e713b36
SHA256 24222300c78180b50ed1f8361ba63cb27316ec994c1c9079708a51b4a1a9d810
CRC32 7F4F9BF9
ssdeep 3:LjTnaHF5wlM:rnaHSM
Yara None matched
VirusTotal Search for analysis
Name a87b0691305bb4d7_nest
Submit file
Filepath C:\Users\Public\nest
Size 9.0B
Processes 1472 (j6VXXENS27.exe)
Type ASCII text, with CRLF line terminators
MD5 9e243030794db36674869745ccfdcf09
SHA1 33b2830590ec549dd7af922f37f661c138cbfb09
SHA256 a87b0691305bb4d72fd32f2f581edcff1f6459468ef530788c455d90982ab3c7
CRC32 1B526CA1
ssdeep 3:RCi:X
Yara None matched
VirusTotal Search for analysis
Name d40371030031fc84_jjdsdpr.exe
Submit file
Filepath C:\Users\Public\Libraries\Jjdsdpr\Jjdsdpr.exe
Size 703.0KB
Processes 1472 (j6VXXENS27.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 457e1bf09958f400b72e470e672dad6b
SHA1 15e2efa61dc81321614dfb32b45901b938f001d1
SHA256 d40371030031fc84f0cd14b20865ab1a243b4fb45c1afb4075067a97591bccee
CRC32 B84200AA
ssdeep 12288:MZ/oQGlw+x/oF6Np91m6mJ9G2fUeiDnsmJbtMSbvKWlQrfF8h:EQhw+asfm6P2fZiDn/xrPlQ7
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a770ecba3b08bbab_freebl3.dll
Submit file
Filepath C:\ProgramData\freebl3.dll
Size 326.5KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ef2834ac4ee7d6724f255beaf527e635
SHA1 5be8c1e73a21b49f353c2ecfa4108e43a883cb7b
SHA256 a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba
CRC32 B698D0CA
ssdeep 6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 87ed943d2f06d9ca_breakpadinjector.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\breakpadinjector.dll
Size 115.0KB
Processes 1812 (zxcv.EXE) 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a436472b0a7b2eb2c4f53fdf512d0cf8
SHA1 963fe8ae9ec8819ef2a674dbf7c6a92dbb6b46a9
SHA256 87ed943d2f06d9ca8824789405b412e770fe84454950ec7e96105f756d858e52
CRC32 77044748
ssdeep 3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 46b005817868f91c_prldap60.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\prldap60.dll
Size 23.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 6099c438f37e949c4c541e61e88098b7
SHA1 0ad03a6f626385554a885bd742dfe5b59bc944f5
SHA256 46b005817868f91cf60baa052ee96436fc6194ce9a61e93260df5037cdfa37a5
CRC32 54D601D1
ssdeep 384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 65ded8d2ce159b2f_api-ms-win-crt-private-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-private-l1-1-0.dll
Size 71.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 9910a1bfdc41c5b39f6af37f0a22aacd
SHA1 47fa76778556f34a5e7910c816c78835109e4050
SHA256 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9
CRC32 C78C7F40
ssdeep 1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 193d0a4dc4fd7cbd__4996422495.zip
Submit file
Filepath C:\ProgramData\499642249564258\_4996422495.zip
Size 23.2KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type Zip archive data, at least v2.0 to extract
MD5 a3e4803071f7f732907f476f2a1add9f
SHA1 5939d504a59cf924d0d60e0df635a80c81cac2ae
SHA256 193d0a4dc4fd7cbdcee71fccf1eece0d1587f60e5d641f5fd7599a00ea9982a4
CRC32 A4861E2C
ssdeep 384:Y8YrVoyGbuGTuqVwZ+7Z7TGVguTwKldZH9NZ7+KadEHxgPZfKJ8e:Y8+bqVwM1GrjH9P3aoJ8e
Yara None matched
VirusTotal Search for analysis
Name 46d1a841417efe2d_rpdsdjj.url
Submit file
Filepath C:\Users\Public\Libraries\rpdsdjJ.url
Size 96.0B
Processes 1472 (j6VXXENS27.exe)
Type MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Jjdsdpr\\Jjdsdpr.exe">), ASCII text, with CRLF line terminators
MD5 3a6916ff55c75972793b57834a701396
SHA1 850a518b1d34d41930447b9b319e256465bbf80e
SHA256 46d1a841417efe2de2376201f4f2f327bf29378ba0647f5a0bf619c5d01949de
CRC32 ADAA3AF2
ssdeep 3:HRAbABGQYmTWAX+rSF55i0XMzBG9BGudbsGKd7ovn:HRYFVmTWDyzcBG6Sbsb7yn
Yara None matched
VirusTotal Search for analysis
Name 1989526553fd1e1e_nss3.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\nss3.dll
Size 1.2MB
Processes 1812 (zxcv.EXE) 1848 (explorer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 02cc7b8ee30056d5912de54f1bdfc219
SHA1 a6923da95705fb81e368ae48f93d28522ef552fb
SHA256 1989526553fd1e1e49b0fea8036822ca062d3d39c4cab4a37846173d0f1753d5
CRC32 282C0A35
ssdeep 24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 96a588e51d739d6c_b3hfotbm.inf
Submit file
Filepath C:\Windows\Temp\b3hfotbm.inf
Size 583.0B
Processes 4024 (crS9EKo8sM.exe)
Type Windows setup INFormation, ASCII text
MD5 307d7ba09e7baa812138cd47af6375da
SHA1 f7f27be315c0b47f660fe26385dd155d95959a27
SHA256 96a588e51d739d6cc34c0a9f2ad7c67f78f89459161b6b30439fa34688bb7782
CRC32 E24A2164
ssdeep 12:Q5e0z03oqfrcFcv3Cur5C7wQ8aQBsBZVjk/jqJIONV8:QFzQf/JNWVA/uJIgV8
Yara None matched
VirusTotal Search for analysis
Name 80b57df21ba99343_DSFnbyhgfrtydfg.exe
Submit file
Filepath C:\Users\test22\AppData\Roaming\DSFnbyhgfrtydfg.exe
Size 252.0KB
Processes 2260 (zxcv.EXE) 2548 (cmd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 93fffc6736b1dd95a4f4e88734e9d540
SHA1 509a9acffd9b9123fff2a3df9a860b829210f80a
SHA256 80b57df21ba993430e49e63e47f1afd84ac2f64fe50bb0b19413b2f964c42dd0
CRC32 CD802597
ssdeep 6144:vgELakzf1pZVv7cBBn3dELFmAD9/drJnguU9:lj75VcDEpHFJNU9
Yara
  • UPX_Zero - UPX packed file
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • Generic_Malware_Zero - Generic Malware
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c4f60f911068ab6d_api-ms-win-core-namedpipe-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-namedpipe-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 6f6796d1278670cce6e2d85199623e27
SHA1 8aa2155c3d3d5aa23f56cd0bc507255fc953ccc3
SHA256 c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507
CRC32 37258A28
ssdeep 192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a0c6630d4012ae03_mozglue.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\mozglue.dll
Size 134.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 eae9273f8cdcf9321c6c37c244773139
SHA1 8378e2a2f3635574c106eea8419b5eb00b8489b0
SHA256 a0c6630d4012ae0311ff40f4f06911bcf1a23f7a4762ce219b8dffa012d188cc
CRC32 2ECD4981
ssdeep 3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name bb25ccf8694d1fcf_api-ms-win-core-libraryloader-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-libraryloader-l1-1-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 d0873e21721d04e20b6ffb038accf2f1
SHA1 9e39e505d80d67b347b19a349a1532746c1f7f88
SHA256 bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce
CRC32 B08A064C
ssdeep 384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
Yara
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4a95954acf2af59c_d93f411851d7c929.customdestinations-ms
Submit file
Filepath c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size 7.8KB
Processes 3088 (powershell.exe)
Type data
MD5 8c4ee9ef97c725b3abe3e0a2fb18bb94
SHA1 4cda5681d4acff1d1ec7d608134571e02c352372
SHA256 4a95954acf2af59cfaa229edb32f2a8ee03171953e285cf06811ffd0840a0dc3
CRC32 D51E26E5
ssdeep 96:MtuCojGCPDXBqvsqvJCwoRtuCojGCPDXBqvsEHyqvJCworc7HwxGlUVul:Mtu6XoRtu6bHnorXxY
Yara
  • Antivirus - Contains references to security software
VirusTotal Search for analysis
Name 4ed9f54db7a6d2da_open1.png.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open1.png.lnk
Size 869.0B
Processes 1812 (zxcv.EXE)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 6 18:51:46 2020, mtime=Thu Aug 6 18:51:46 2020, atime=Thu Aug 6 18:51:46 2020, length=378, window=hide
MD5 af580564d6b9323926ae9dcbc9881f31
SHA1 343984f4eb917082bb4e314782e8959bc939197f
SHA256 4ed9f54db7a6d2da0f93c4660237f7146765ff9c53d94cf62e7411fe8b6dccca
CRC32 0754EE78
ssdeep 12:8GyQ6dRm/avI4otUoKHDVuUOIvcjACvUfiEgO2R:8GyQ9DptUnjsUT4AiUfiEt2R
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name 88e7d1e5414b8fce_iyyoemss.exe
Submit file
Filepath C:\Windows\Temp\iyyoemss.exe
Size 12.0KB
Processes 4024 (crS9EKo8sM.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 f4b5c1ebf4966256f52c4c4ceae87fb1
SHA1 ca70ec96d1a65cb2a4cbf4db46042275dc75813b
SHA256 88e7d1e5414b8fceb396130e98482829eac4bdc78fbc3fe7fb3f4432137e0e03
CRC32 CF4DEAC4
ssdeep 192:HO231rrcZnFfu+ZwE9iqVKtfqAxgRC1l/GUc5tuTpqKi3hYV4:p+ZwE9/uHCRC1l/GUc5tuTpqKi3hC4
Yara
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 25a4dae37120426a_softokn3.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\softokn3.dll
Size 141.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4e8df049f3459fa94ab6ad387f3561ac
SHA1 06ed392bc29ad9d5fc05ee254c2625fd65925114
SHA256 25a4dae37120426ab060ebb39b7030b3e7c1093cc34b0877f223b6843b651871
CRC32 C20F6E98
ssdeep 3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c40bb03199a2054d_vcruntime140.dll
Submit file
Filepath C:\ProgramData\vcruntime140.dll
Size 81.8KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 7587bf9cb4147022cd5681b015183046
SHA1 f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256 c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
CRC32 9BB5124B
ssdeep 1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name 5a565853dfbc54cf_tmp671A.tmp
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\tmp671A.tmp
Size 1.6KB
Processes 2412 (4tWOdlbY5p.exe)
Type XML 1.0 document, ASCII text, with CRLF line terminators
MD5 2a16ac67f02ba60cd09ee851cb63b0f8
SHA1 e34b4ce3083db49d3578d26c6e53a7fa9c9007bc
SHA256 5a565853dfbc54cfe6ded571533c4ffef0346a7dfd1c62bdda18c1ec087aef70
CRC32 97DEC660
ssdeep 24:2dH4+SEqCH/7IlNMFQ/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBttn:cbhf7IlNQQ/rydbz9I3YODOLNdq3d
Yara None matched
VirusTotal Search for analysis
Name c0d75d1887c32a1b_api-ms-win-crt-environment-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-environment-l1-1-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 ac290dad7cb4ca2d93516580452eda1c
SHA1 fa949453557d0049d723f9615e4f390010520eda
SHA256 c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382
CRC32 EDEBA32F
ssdeep 192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c58ec23d6e9d1f54_v6qfxkl0ve.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\V6QfXKl0VE.exe
Size 455.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6439889cfd410e3b57422781c93e26cf
SHA1 12280091094281fa60fa8321006abfc7c4bd4e33
SHA256 c58ec23d6e9d1f548d0d9375009bf23ebfb9f40eb9bb14fccc4e10f385f53d5d
CRC32 CD8177AC
ssdeep 12288:pD7irNMyXB/qiYdhJvG+vDSIn+PFmAvZmcpWb8aoL8UO1vhhAAh:pD7+MyXhYdhJvGMDhnwFmmZmcYb8aLB
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name bcfb0e397df40aba_MapiProxy.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\MapiProxy.dll
Size 19.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 7cd244c3fc13c90487127b8d82f0b264
SHA1 09e1ad17f1bb3d20bd8c1f62a10569f19e838834
SHA256 bcfb0e397df40aba8c8c5dd23c13c414345decdd3d4b2df946226be97defbf30
CRC32 C277DA03
ssdeep 384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 621f38bd19f62c9c_IA2Marshal.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\IA2Marshal.dll
Size 69.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5243f66ef4595d9d8902069eed8777e2
SHA1 1fb7f82cd5f1376c5378cd88f853727ab1cc439e
SHA256 621f38bd19f62c9ce6826d492ecdf710c00bbdcf1fb4e4815883f29f1431dfda
CRC32 B684A227
ssdeep 768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name f5cf623ba14b017a_api-ms-win-crt-heap-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-heap-l1-1-0.dll
Size 18.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 93d3da06bf894f4fa21007bee06b5e7d
SHA1 1e47230a7ebcfaf643087a1929a385e0d554ad15
SHA256 f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d
CRC32 A016C333
ssdeep 192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e3b0c44298fc1c14_Google Chrome_Default.txt
Empty file or file not found
Filepath C:\ProgramData\499642249564258\autofill\Google Chrome_Default.txt
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 69885fd581641b4a_api-ms-win-crt-time-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-time-l1-1-0.dll
Size 20.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 849f2c3ebf1fcba33d16153692d5810f
SHA1 1f8eda52d31512ebfdd546be60990b95c8e28bfb
SHA256 69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d
CRC32 FFFCEB82
ssdeep 384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 43536adef2ddcc81_softokn3.dll
Submit file
Filepath C:\ProgramData\softokn3.dll
Size 141.5KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a2ee53de9167bf0d6c019303b7ca84e5
SHA1 2a3c737fa1157e8483815e98b666408a18c0db42
SHA256 43536adef2ddcc811c28d35fa6ce3031029a2424ad393989db36169ff2995083
CRC32 760685C5
ssdeep 3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name bece7bab83a5d0ec_api-ms-win-crt-math-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-math-l1-1-0.dll
Size 28.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 8b0ba750e7b15300482ce6c961a932f0
SHA1 71a2f5d76d23e48cef8f258eaad63e586cfc0e19
SHA256 bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed
CRC32 524A7773
ssdeep 384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 37c59c8398279916_KDECO.bat
Submit file
Filepath C:\Users\Public\KDECO.bat
Size 155.0B
Processes 1472 (j6VXXENS27.exe)
Type ASCII text, with no line terminators
MD5 213c60adf1c9ef88dc3c9b2d579959d2
SHA1 e4d2ad7b22b1a8b5b1f7a702b303c7364b0ee021
SHA256 37c59c8398279916cfce45f8c5e3431058248f5e3bef4d9f5c0f44a7d564f82e
CRC32 42292F53
ssdeep 3:LjT5LJJFIf9oM3KN6QNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OR:rz81R3KnMMQ75ieGgdEYlRA/R
Yara None matched
VirusTotal Search for analysis
Name 7670fdede524a485_api-ms-win-core-string-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-string-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 12cc7d8017023ef04ebdd28ef9558305
SHA1 f859a66009d1caae88bf36b569b63e1fbdae9493
SHA256 7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311
CRC32 E2869B8E
ssdeep 384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name bb33a9e906a58630_api-ms-win-core-memory-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-memory-l1-1-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 d500d9e24f33933956df0e26f087fd91
SHA1 6c537678ab6cfd6f3ea0dc0f5abefd1c4924f0c0
SHA256 bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca
CRC32 BFB6A831
ssdeep 384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 4b704b36e1672ae0_api-ms-win-core-sysinfo-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-sysinfo-l1-1-0.dll
Size 18.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 19a40af040bd7add901aa967600259d9
SHA1 05b6322979b0b67526ae5cd6e820596cbe7393e4
SHA256 4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92
CRC32 BFABEDF6
ssdeep 384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name f7d450a0f59151bc_api-ms-win-core-util-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-util-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 0f079489abd2b16751ceb7447512a70d
SHA1 679dd712ed1c46fbd9bc8615598da585d94d5d87
SHA256 f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86
CRC32 82651198
ssdeep 192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 3fe6b1c54b8cf28f_mozglue.dll
Submit file
Filepath C:\ProgramData\mozglue.dll
Size 134.0KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 8f73c08a9660691143661bf7332c3c27
SHA1 37fa65dd737c50fda710fdbde89e51374d0c204a
SHA256 3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd
CRC32 E28A5E21
ssdeep 3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name fa98235aae1687af_crs9eko8sm.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\crS9EKo8sM.exe
Size 457.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 df5e3ee9a6098d1e29b31603672d5a8f
SHA1 0af2378effff0a7451317874efe4e6682365c03e
SHA256 fa98235aae1687afb628d39a16645b6d2f4afeb97d113229c660425464e296c2
CRC32 482604B1
ssdeep 12288:QkK9h6wAtre8k9SyaqSx5lEdu54rcfQbpQfcom:QX9h671k9Ja5F54A
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Generic_Malware_Zero - Generic Malware
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal Search for analysis
Name ff5afe95d668c41f_screen.jpeg
Submit file
Filepath C:\Users\test22\AppData\LocalLow\screen.jpeg
Size 28.4KB
Processes 1812 (zxcv.EXE)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 9076a95c02db076d71dcb88b22555712
SHA1 c664f23cf1afdad734b93e3d511b9e8647e65437
SHA256 ff5afe95d668c41fd6a1c4a8ff13dab5d935241f6e45850ae629aece0cf56b6f
CRC32 A8A980EE
ssdeep 384:d6TOIWQhkO9db4xte+jjjjjjjjNHAttttttttttto/J+oAxJWIKMiQHoXN05EG+:dMOIDhF9R+jjjjjjjjNH3KK1R7XIEG+
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 03ad57c24ff2cf89_api-ms-win-core-localization-l1-2-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-localization-l1-2-0.dll
Size 20.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 eff11130bfe0d9c90c0026bf2fb219ae
SHA1 cf4c89a6e46090d3d8feeb9eb697aea8a26e4088
SHA256 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97
CRC32 991B148C
ssdeep 384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 16574f51785b0e2f_sqlite3.dll
Submit file
Filepath C:\ProgramData\sqlite3.dll
Size 630.5KB
Processes 2364 (DSFnbyhgfrtydfg.exe) 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 e477a96c8f2b18d6b5c27bde49c990bf
SHA1 e980c9bf41330d1e5bd04556db4646a0210f7409
SHA256 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660
CRC32 9F30A75E
ssdeep 12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9dab884071b1f7d7_api-ms-win-core-processthreads-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-processthreads-l1-1-0.dll
Size 18.9KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 a2d7d7711f9c0e3e065b2929ff342666
SHA1 a17b1f36e73b82ef9bfb831058f187535a550eb8
SHA256 9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d
CRC32 0FF50B6E
ssdeep 384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7633774effe7c0ad_api-ms-win-crt-filesystem-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-filesystem-l1-1-0.dll
Size 19.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 aec2268601470050e62cb8066dd41a59
SHA1 363ed259905442c4e3b89901bfd8a43b96bf25e4
SHA256 7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2
CRC32 68ADCB9C
ssdeep 384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 334e69ac9367f708_msvcp140.dll
Submit file
Filepath C:\ProgramData\msvcp140.dll
Size 429.8KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 109f0f02fd37c84bfc7508d4227d7ed5
SHA1 ef7420141bb15ac334d3964082361a460bfdb975
SHA256 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
CRC32 97BCF588
ssdeep 12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name b1e702b840aebe2e_api-ms-win-crt-stdio-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-stdio-l1-1-0.dll
Size 23.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 fefb98394cb9ef4368da798deab00e21
SHA1 316d86926b558c9f3f6133739c1a8477b9e60740
SHA256 b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7
CRC32 F47691BA
ssdeep 384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a1a2bb03a7cfcea8_AccessibleHandler.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\AccessibleHandler.dll
Size 120.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f92586e9cc1f12223b7eeb1a8cd4323c
SHA1 f5eb4ab2508f27613f4d85d798fa793bb0bd04b0
SHA256 a1a2bb03a7cfcea8944845a8fc12974482f44b44fd20be73298ffd630f65d8d0
CRC32 1E606A2D
ssdeep 1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6ec867dc1caa77ec_frAQBc8Wsa
Submit file
Filepath C:\Users\test22\AppData\LocalLow\frAQBc8Wsa
Size 18.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 f3a100cba30b2a07a7af8886e439024e
SHA1 a454cca0db028b4d0fb29fa932c9056519efe2cf
SHA256 6ec867dc1caa77ecfd8e457d464b6bebc3be8694b4c88734fa83d197c0b214cc
CRC32 72CF6AF8
ssdeep 24:LLI10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6KaW:oz+JH3yJUheCVE9V8MX0PFlNU1faW
Yara None matched
VirusTotal Search for analysis
Name 38c389720b75365f_1xVPfvJcrg
Submit file
Filepath C:\Users\test22\AppData\LocalLow\1xVPfvJcrg
Size 72.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 c480140ee3c5758b968b69749145128d
SHA1 035a0656bc0d1d376dfc92f75fa664bdf71b3e4d
SHA256 38c389720b75365fcb080b40f7fdc5dc4587f4c264ec4e12a22030d15709e4a9
CRC32 954A724F
ssdeep 96:f0CWo3dOEctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:fXtd69TYndTJMb3j0
Yara None matched
VirusTotal Search for analysis
Name 7a589024cf0eeb59_qipcap.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\qipcap.dll
Size 16.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 f3a355d0b1ab3cc8effcc90c8a7b7538
SHA1 1191f64692a89a04d060279c25e4779c05d8c375
SHA256 7a589024cf0eeb59f020f91be4fe7ee0c90694c92918a467d5277574ac25a5a2
CRC32 E4C988D8
ssdeep 192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name a1d1d6b0cb0a8421_api-ms-win-crt-utility-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-utility-l1-1-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 b52a0ca52c9c207874639b62b6082242
SHA1 6fb845d6a82102ff74bd35f42a2844d8c450413b
SHA256 a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0
CRC32 DD940147
ssdeep 192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 91eeb842973495de_api-ms-win-core-processthreads-l1-1-1.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-processthreads-l1-1-1.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 d0289835d97d103bad0dd7b9637538a1
SHA1 8ceebe1e9abb0044808122557de8aab28ad14575
SHA256 91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a
CRC32 793969BD
ssdeep 384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
Yara
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 29cf2aec62c3504b_zxcv.EXE
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\zxcv.EXE
Size 992.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7fb10b8ea68c1e0064730018fca3cb39
SHA1 41c371b7053bcf1b7867aeada51e716650afa19a
SHA256 29cf2aec62c3504b1914484feff17ae470b51229b1df06f1a30334a08b6db12a
CRC32 0240B001
ssdeep 24576:/E0lHcgqgh7/0tgIugNw6GQlGDI/NKs/Y:/Ew8gXYzVtGQVNn/Y
Yara
  • UPX_Zero - UPX packed file
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • Generic_Malware_Zero - Generic Malware
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 44f6df4280c8ecc9_api-ms-win-core-heap-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-heap-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 2ea3901d7b50bf6071ec8732371b821c
SHA1 e7be926f0f7d842271f7edc7a4989544f4477da7
SHA256 44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a
CRC32 71E21909
ssdeep 192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 37b3907e590ec082_screenshot.jpg
Submit file
Filepath C:\ProgramData\499642249564258\screenshot.jpg
Size 35.9KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5 badb5396476457245add7b4b95a60c32
SHA1 8a1cccd8c3ec48618b4066ddc431fd1a83234847
SHA256 37b3907e590ec0824dafd93bffe62f17a069197917623e1819a1edb992a6be89
CRC32 B326E609
ssdeep 768:458UhLz6ui4SdpFG4B2z7QJi7cgFm74TuSwuC:457h3nSpFFfOo74rC
Yara
  • JPEG_Format_Zero - JPEG Format
VirusTotal Search for analysis
Name 83bc57dcf282264f_sqlite3.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\sqlite3.dll
Size 895.2KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 f964811b68f9f1487c2b41e1aef576ce
SHA1 b423959793f14b1416bc3b7051bed58a1034025f
SHA256 83bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7
CRC32 27237862
ssdeep 24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e584f2965ec81aea_qT1wG2cI7tX5f
Submit file
Filepath C:\Users\test22\AppData\LocalLow\qT1wG2cI7tX5f
Size 805.0B
Processes 1812 (zxcv.EXE)
Type ASCII text, with CRLF, CR line terminators
MD5 24eacfc0d914c350dec30e333609a067
SHA1 db8128a88e135d1cccc384ab9ec2528e222dfedd
SHA256 e584f2965ec81aea5225076a32342ee76dcd5fec2e39080188b73e9a5ab58201
CRC32 6E970537
ssdeep 24:DWR+SWoQdCd4f+IBx0BmyQa7ucHCl0ysv6:JSWoQdRcBmLcHClVsy
Yara None matched
VirusTotal Search for analysis
Name 9876c53134dbbec4_freebl3.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\freebl3.dll
Size 326.5KB
Processes 1812 (zxcv.EXE) 1848 (explorer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 60acd24430204ad2dc7f148b8cfe9bdc
SHA1 989f377b9117d7cb21cbe92a4117f88f9c7693d9
SHA256 9876c53134dbbec4dcca67581f53638eba3fea3a15491aa3cf2526b71032da97
CRC32 956C0AF8
ssdeep 6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 0bb8c77de80acf9c_ucrtbase.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\ucrtbase.dll
Size 1.1MB
Processes 1812 (zxcv.EXE) 2364 (DSFnbyhgfrtydfg.exe) 1848 (explorer.exe)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 d6326267ae77655f312d2287903db4d3
SHA1 1268bef8e2ca6ebc5fb974fdfaff13be5ba7574f
SHA256 0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9
CRC32 4ED86FD4
ssdeep 24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal Search for analysis
Name f35f2658455a2e40_UKO.bat
Submit file
Filepath C:\Users\Public\UKO.bat
Size 250.0B
Processes 1472 (j6VXXENS27.exe)
Type ASCII text, with CRLF line terminators
MD5 eaf8d967454c3bbddbf2e05a421411f8
SHA1 6170880409b24de75c2dc3d56a506fbff7f6622c
SHA256 f35f2658455a2e40f151549a7d6465a836c33fa9109e67623916f889849eac56
CRC32 8C4E367F
ssdeep 6:rgnMXd1CQnMXd1COm8hnaHNHIXUnMXd1CoD9c1uOw1H1gOvOBAn:rgamIHIXUaXe1uOeVqy
Yara None matched
VirusTotal Search for analysis
Name 3b046d30dc2e6021_rQF69AzBla
Submit file
Filepath C:\Users\test22\AppData\LocalLow\rQF69AzBla
Size 36.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 e185515780e9dcb21c3262899c206308
SHA1 230714474693919d93949ab5a291f7ec02fd286f
SHA256 3b046d30dc2e6021be55d1bd47c2a92970856526c021df5de6e4ea3c4144659b
CRC32 25EF2A64
ssdeep 24:TLNg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fBvlllYu:TC/ecVTgPOpEveoJZFrU1cQBvlllY
Yara None matched
VirusTotal Search for analysis
Name 7b9fc6be34f43d39_libEGL.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\libEGL.dll
Size 22.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 96b879b611b2bbee85df18884039c2b8
SHA1 00794796acac3899c1fb9abbf123fef3cc641624
SHA256 7b9fc6be34f43d39471c2add872d5b4350853db11cc66a323ef9e0c231542fb9
CRC32 A86103C2
ssdeep 384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name e2935b5b28550d47_nss3.dll
Submit file
Filepath C:\ProgramData\nss3.dll
Size 1.2MB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 bfac4e3c5908856ba17d41edcd455a51
SHA1 8eec7e888767aa9e4cca8ff246eb2aacb9170428
SHA256 e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78
CRC32 9F24F4E3
ssdeep 24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Packer_Zero - Malicious Packer
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 36b216e3219f8203_gfdyrtucbvfdg.exe
Submit file
Filepath C:\ProgramData\GFDyrtucbvfdg.exe
Size 204.0KB
Processes 2260 (zxcv.EXE)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 701f6f95d5e205b53b3a74403d46981a
SHA1 3e614af86675b0de761adb5d2fa271bfb3142b95
SHA256 36b216e3219f82031317e03235333638e22d5f93c184e403e2383e322be1e459
CRC32 2B9CF2E0
ssdeep 3072:CPgCZP4wdF68nJi4tl3NF4ItgALPWlOoXnwHz42BqIDwmBROogsH6n9s5zr6qQgo:2gEWkvBN1tZAOQQf5DwmAD9sdr7QguPT
Yara
  • UPX_Zero - UPX packed file
  • Raccoon_Stealer_1_Zero - Raccoon Stealer
  • Generic_Malware_Zero - Generic Malware
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 96898930ffb338da_api-ms-win-core-processenvironment-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-processenvironment-l1-1-0.dll
Size 18.8KB
Processes 2364 (DSFnbyhgfrtydfg.exe) 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 5f73a814936c8e7e4a2dfd68876143c8
SHA1 d960016c4f553e461afb5b06b039a15d2e76135e
SHA256 96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e
CRC32 F1C25621
ssdeep 192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 494360c74ce84fc8__4996422495.zip
Submit file
Filepath C:\ProgramData\499642249564258\_4996422495.zip
Size 23.5KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type Zip archive data, at least v2.0 to extract
MD5 92d6b811f14cc0c366f13741082f7122
SHA1 7f8c8e7255980bfa544c86d7e4367a361775f7e4
SHA256 494360c74ce84fc89c540acd4ee1100daafedf245b051d942deca251bd8b3284
CRC32 AABD111E
ssdeep 384:Y8YrVoyGbuGTuqVwZ+7Z7TGVguTwKldZH9NZ7+KadEHxgPZfKJ81:Y8+bqVwM1GrjH9P3aoJ81
Yara None matched
VirusTotal Search for analysis
Name 45aa3957c2986526_nest.bat
Submit file
Filepath C:\Users\Public\nest.bat
Size 53.0B
Processes 1472 (j6VXXENS27.exe)
Type ASCII text, with CRLF line terminators
MD5 8ada51400b7915de2124baaf75e3414c
SHA1 1a7b9db12184ab7fd7fce1c383f9670a00adb081
SHA256 45aa3957c29865260a78f03eef18ae9aebdbf7bea751ecc88be4a799f2bb46c7
CRC32 989CB101
ssdeep 3:LjT9fnMXdemzCK0vn:rZnMXd1CV
Yara None matched
VirusTotal Search for analysis
Name 945cc64ee04b1964_api-ms-win-core-handle-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-handle-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 6db54065b33861967b491dd1c8fd8595
SHA1 ed0938bbc0e2a863859aad64606b8fc4c69b810a
SHA256 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5
CRC32 11700B42
ssdeep 384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2481da1c459a2429_nssckbi.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\nssckbi.dll
Size 328.5KB
Processes 1812 (zxcv.EXE) 1848 (explorer.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 bdaf9852f588c86b055c846b53d4c144
SHA1 03b739430cf9eade21c977b5b416c4dd94528c3b
SHA256 2481da1c459a2429a933d19ad6ae514bd2ae59818246ddb67b0ef44146ced3d8
CRC32 2FEEE271
ssdeep 6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 24c9aa0b70e557a4_api-ms-win-core-timezone-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-timezone-l1-1-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 babf80608fd68a09656871ec8597296c
SHA1 33952578924b0376ca4ae6a10b8d4ed749d10688
SHA256 24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca
CRC32 2A90DCC5
ssdeep 384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name be3987a6cd970ff5_nssdbm3.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\nssdbm3.dll
Size 90.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 94919dea9c745fbb01653f3fdae59c23
SHA1 99181610d8c9255947d7b2134cdb4825bd5a25ff
SHA256 be3987a6cd970ff570a916774eb3d4e1edce675e70edac1baf5e2104685610b0
CRC32 7BF8093C
ssdeep 1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 7f93b70257d966ea_lgpllibs.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\lgpllibs.dll
Size 54.5KB
Processes 1812 (zxcv.EXE) 2364 (DSFnbyhgfrtydfg.exe)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 56e982d4c380c9cd24852564a8c02c3e
SHA1 f9031327208176059cd03f53c8c5934c1050897f
SHA256 7f93b70257d966ea1c1a6038892b19e8360aadd8e8ae58e75ebb0697b9ea8786
CRC32 5A47D31A
ssdeep 1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 14dd1c39172d3c7e_system.txt
Submit file
Filepath C:\ProgramData\499642249564258\system.txt
Size 2.1KB
Processes 2364 (DSFnbyhgfrtydfg.exe)
Type ASCII text, with CRLF line terminators
MD5 051c6afb4b30f1e4a28d7808148f674b
SHA1 41f4cc4504897f3fde3fa17736e9eaca093299af
SHA256 14dd1c39172d3c7eab20e2b0a59b3cc0d43ab5bacbe75dd65253254cec3a731a
CRC32 80FEB21C
ssdeep 48:nRU1taFFGrSzNczl6SwHLM+YZ0352Bf5774mRNMPpX:nRe2QeWVwHLMX2352Bf5774mRixX
Yara None matched
VirusTotal Search for analysis
Name 30d99ce1d732f6c9_api-ms-win-core-synch-l1-2-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-synch-l1-2-0.dll
Size 18.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 0d1aa99ed8069ba73cfd74b0fddc7b3a
SHA1 ba1f5384072df8af5743f81fd02c98773b5ed147
SHA256 30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1
CRC32 9E779F84
ssdeep 384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 9ca21763c528584b_api-ms-win-crt-conio-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-conio-l1-1-0.dll
Size 18.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 6ea692f862bdeb446e649e4b2893e36f
SHA1 84fceae03d28ff1907048acee7eae7e45baaf2bd
SHA256 9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2
CRC32 F5C804B7
ssdeep 384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c8c499b012d0d63b_api-ms-win-core-file-l1-2-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-file-l1-2-0.dll
Size 17.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 e2f648ae40d234a3892e1455b4dbbe05
SHA1 d9d750e828b629cfb7b402a3442947545d8d781b
SHA256 c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03
CRC32 7888788D
ssdeep 192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2b128b3702f8509f_ldap60.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\ldap60.dll
Size 129.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 5a49ebf1da3d5971b62a4fd295a71ecf
SHA1 40917474ef7914126d62ba7cdbf6cf54d227aa20
SHA256 2b128b3702f8509f35cad0d657c9a00f0487b93d70336df229f8588fba6ba926
CRC32 DB27373D
ssdeep 3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name ce294b3c9e58d2d6_y9vzmbez1g.exe
Submit file
Filepath C:\Users\test22\AppData\Local\Temp\Y9vZMbEz1g.exe
Size 703.0KB
Processes 1812 (zxcv.EXE) 2488 (V6QfXKl0VE.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3694ac62d90c1e9f89145f324dc0e204
SHA1 f2953a9ba829d6fd1e0955dbc95e55abd08234e1
SHA256 ce294b3c9e58d2d6394e2aa447ad3b586e0e23cdd22bd050a362bdd57a3e3fe9
CRC32 E9B2078D
ssdeep 12288:MZ/oQGlw+x/oF6Np91m6mJ9G2fUeiDnsmJbtM+bvKAlQrfF8h:EQhw+asfm6P2fZiDn/xXZlQ7
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name deccd75fc3fc2bb3_api-ms-win-core-interlocked-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-interlocked-l1-1-0.dll
Size 17.4KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 d97a1cb141c6806f0101a5ed2673a63d
SHA1 d31a84c1499a9128a8f0efea4230fcfa6c9579be
SHA256 deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c
CRC32 2315F4FA
ssdeep 192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 6f878c485ee7d776_x3CF3EDNhm
Submit file
Filepath C:\Users\test22\AppData\LocalLow\x3CF3EDNhm
Size 120.0KB
Type SQLite 3.x database, last written using SQLite version 3021000
MD5 7cd1f915719aa3f01dcb5d1d04018ba0
SHA1 6e50a73815aae25bd6295d7240d517f0758b94be
SHA256 6f878c485ee7d776face2b6f0f72d6b2b383041ce5abd23ee5948d987afa9c64
CRC32 AA763EF2
ssdeep 48:T1HW6tdfxNPp+suktLReRK+NaUvdWSZ00LTL0drQHHp7C5fVcS2+VANUXq6uw5Nb:DJQpWSZ00LTL0QCbc0VANPjwQU+
Yara None matched
VirusTotal Search for analysis
Name 8eb5270fa9906970_api-ms-win-core-profile-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-profile-l1-1-0.dll
Size 17.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 fee0926aa1bf00f2bec9da5db7b2de56
SHA1 f5a4eb3d8ac8fb68af716857629a43cd6be63473
SHA256 8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c
CRC32 F4A6ED8B
ssdeep 192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 66abf3a1147751c9_api-ms-win-crt-multibyte-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-multibyte-l1-1-0.dll
Size 25.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 35fc66bd813d0f126883e695664e7b83
SHA1 2fd63c18cc5dc4defc7ea82f421050e668f68548
SHA256 66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735
CRC32 7DAE2C38
ssdeep 384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 2257fea1e71f7058_api-ms-win-core-rtlsupport-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-core-rtlsupport-l1-1-0.dll
Size 17.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 fdba0db0a1652d86cd471eaa509e56ea
SHA1 3197cb45787d47bac80223e3e98851e48a122efa
SHA256 2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57
CRC32 D22BBC25
ssdeep 384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name d368eb240106f871_AccessibleMarshal.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\AccessibleMarshal.dll
Size 25.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a7fabf3dce008915cee4ffc338fa1ce6
SHA1 f411fb41181c79fba0516d5674d07444e98e7c92
SHA256 d368eb240106f87188c4f2ae30db793a2d250d9344f0e0267d4f6a58e68152ad
CRC32 6B77C025
ssdeep 384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 73cc56f20268bfb3_api-ms-win-crt-string-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-string-l1-1-0.dll
Size 22.9KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 404604cd100a1e60dfdaf6ecf5ba14c0
SHA1 58469835ab4b916927b3cabf54aee4f380ff6748
SHA256 73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c
CRC32 C04CB509
ssdeep 384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 3cc1377d495260c3_api-ms-win-crt-convert-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-convert-l1-1-0.dll
Size 21.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 72e28c902cd947f9a3425b19ac5a64bd
SHA1 9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7
SHA256 3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1
CRC32 29B4635D
ssdeep 384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 3aabbe0aa86ce8a9_ldif60.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\ldif60.dll
Size 20.0KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 4fe544dfc7cdaa026da6eda09cad66c4
SHA1 85d21e5f5f72a4808f02f4ea14aa65154e52ce99
SHA256 3aabbe0aa86ce8a91e5c49b7de577af73b9889d7f03af919f17f3f315a879b0f
CRC32 A197FD66
ssdeep 384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name c9bbc07a033bab6a_api-ms-win-crt-runtime-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-runtime-l1-1-0.dll
Size 22.3KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 41a348f9bedc8681fb30fa78e45edb24
SHA1 66e76c0574a549f293323dd6f863a8a5b54f3f9b
SHA256 c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b
CRC32 1E462B97
ssdeep 384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name b454a56c2ceb4943_open.png.lnk
Submit file
Filepath C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open.PNG.lnk
Size 864.0B
Processes 1812 (zxcv.EXE)
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 6 18:50:59 2020, mtime=Thu Aug 6 18:50:59 2020, atime=Thu Aug 6 18:50:59 2020, length=470, window=hide
MD5 a4f65c360b73e1e96e1399a5832aa186
SHA1 7784838ff4d846599ae592ace81f3fe5326c6dd8
SHA256 b454a56c2ceb4943b731282b54c45ddf5779c61c0196e25fbd05dfc1a5d150d4
CRC32 1BA57EF2
ssdeep 12:8GzVZ3nJm/avI4otUoKHDDh5N2iEjAH7liEgobYAbYR:8GnMDptUnjDYhAbliELbYAbYR
Yara
  • Lnk_Format_Zero - LNK Format
VirusTotal Search for analysis
Name fcd92f11ce703291_wtyjodb.url
Submit file
Filepath C:\Users\Public\Libraries\wtyjodB.url
Size 96.0B
Processes 808 (Y9vZMbEz1g.exe)
Type MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Bdojytw\\Bdojytw.exe">), ASCII text, with CRLF line terminators
MD5 2f92f9b439e0848614b7f1e7b4b8c2c3
SHA1 65ea433f72aeecbbdaa7b0ed4c442422d2e25d57
SHA256 fcd92f11ce703291513141b5a7366db718b2b9dd3316747fcacdfb063aa5d2f6
CRC32 94760807
ssdeep 3:HRAbABGQYmTWAX+rSF55i0XMVKPMsiysGKd7ovn:HRYFVmTWDyzqUViysb7yn
Yara None matched
VirusTotal Search for analysis
Name c03124ba691b1879_api-ms-win-crt-process-l1-1-0.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\api-ms-win-crt-process-l1-1-0.dll
Size 18.8KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 8d02dd4c29bd490e672d271700511371
SHA1 f3035a756e2e963764912c6b432e74615ae07011
SHA256 c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b
CRC32 9C376D11
ssdeep 192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
Yara
  • IsDLL - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 06ef2010b738fbe9_mozMapi32.dll
Submit file
Filepath C:\Users\test22\AppData\LocalLow\wG3cB0qZ3rM5x\mozMapi32.dll
Size 81.5KB
Processes 1812 (zxcv.EXE)
Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 385a92719cc3a215007b83947922b9b5
SHA1 38de6ca70cee1bad84bed29ce7620a15e6abcd10
SHA256 06ef2010b738fbe99bcdebbf162473a4ee090678bb6862eeb0d4c7a8c3f225bb
CRC32 13DC4D47
ssdeep 1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsDLL - (no description)
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
VirusTotal Search for analysis