Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe
11.15 01:11
msf.exe
11.15 01:11
lum250.exe
11.15 01:11
msf443.exe
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe

Latest News
11.15 08:11
Chinese SilkSpecter Ha...
11.15 08:11
Dark Web Profile: Cade...
11.15 08:11
Trump’s Anti-Regulatio...
11.15 08:11
체크멀, ‘2024 대한민국 디지털 이노...
11.15 08:11
KKR Raises Offer for F...
11.15 08:11
Just Eat Sees Best Wee...
11.15 08:11
How AI Is Transforming...
11.15 08:11
[NEU] [mittel] VMware ...
11.15 08:11
[NEU] [UNGEPATCHT] [mi...
11.15 08:11
Scambaiting: KI-Großmu...

Dropped Files | ZeroBOX

Name	212173a405c78d70_License.XenArmor Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\License.XenArmor
Size	104.0B
Processes	1092 (E7nvVUkg.exe) 2504 (E7nvVUkg.exe)
Type	data
MD5	`4f3bde9212e17ef18226866d6ac739b6`
SHA1	`732733bec8314beb81437e60876ffa75e72ae6cd`
SHA256	`212173a405c78d70f90e8ec0699a60ed2f4a9f3a8070de62eabd666c268fb174`
CRC32	`68FF4C3C`
ssdeep	`3:5XQHvt/W9f3DuS8rdumA8imBBa0bA5n:5XK0/fuw4Xagcn`
Yara	None matched
VirusTotal	Search for analysis

Name	51fe6774a791f468_tmp_xa_br_keyfile_21258 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp_xa_br_keyfile_21258
Size	175.8KB
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`5690637b34da89f603a4bf6ab79d0883`
SHA1	`92f4a17671150e5f81f2e9e51c71889ab857530a`
SHA256	`51fe6774a791f46888bd840c3799f8f9baef435a0c2275065d76d111bc91dd94`
CRC32	`63783764`
ssdeep	`3072:uz80WJ8UKJ7FYDGwheau0JRSIEs2HHXXZ49kXmQR47rYLdkl:uzrWNKJ7FYS5v0JR7HQ9iT`
Yara	NPKI_Zero - File included NPKI
VirusTotal	Search for analysis

Name	565a2eec5449eeee_api-ms-win-crt-locale-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-locale-l1-1-0.dll
Size	18.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2f2258c32e3ba9abf9e9e38ef7da8c9`
SHA1	`116846ca871114b7c54148ab2d968f364da6142f`
SHA256	`565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33`
CRC32	`3C5AE513`
ssdeep	`192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8ae5738031c2db8b__ycpntjpyqzgdwajef.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_Ycpntjpyqzgdwajef.vbs
Size	138.0B
Processes	1768 (edi.exe)
Type	ASCII text, with no line terminators
MD5	`44938f904d2278542141816dc67c364d`
SHA1	`83c5a7ef7bfa7a0e96ca89ced428937935cf47b7`
SHA256	`8ae5738031c2db8b00764664ae0bf3fe37eb84c23c2e0b87876ea2a02fcf8420`
CRC32	`6CB7271A`
ssdeep	`3:FER/n0eFHgSSJJF2uV1HeGAFddGeWLCXknRAumWxpcL4EaKC5KAPFjZM:FER/lFHsCu/eGgdEYmRAumQpcLJaZ5pu`
Yara	None matched
VirusTotal	Search for analysis

Name	4434f4223d24fb6e_mozglue.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\mozglue.dll
Size	136.0KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`591533ca4655646981f759d95f75ae3d`
SHA1	`b4a02f18e505a1273f7090a9d246bc953a2cb792`
SHA256	`4434f4223d24fb6e2f5840dd6c1eedef2875e11abe24e4b0e9bc1507f8f6fd47`
CRC32	`467B4A9C`
ssdeep	`3072:HKxSyLQvHBdkOjm6VqETGODn/PxvMxM1soTI0bD2JJJsPcmY4ccp:qxSyLQvhaOSmqDObxvMxM1WiD2JJJsPR`
Yara	UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8e5110ce03826f68_freebl3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\freebl3.dll
Size	325.0KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`04a2ba08eb17206b7426cb941f39250b`
SHA1	`731ac2b533724d9f540759d84b3e36910278edba`
SHA256	`8e5110ce03826f680f30013985be49ebd8fc672de113fc1d9a566eced149b8c4`
CRC32	`7C1FF7A7`
ssdeep	`6144:c+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XPVjN:cu4Abg7XV72GI/qn6T`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c40bb03199a2054d_vcruntime140.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\vcruntime140.dll
Size	81.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`7587bf9cb4147022cd5681b015183046`
SHA1	`f2106306a8f6f0da5afb7fc765cfa0757ad5a628`
SHA256	`c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d`
CRC32	`9BB5124B`
ssdeep	`1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	9ca21763c528584b_api-ms-win-crt-conio-l1-1-0_not.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-conio-l1-1-0_not.dll
Size	18.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6ea692f862bdeb446e649e4b2893e36f`
SHA1	`84fceae03d28ff1907048acee7eae7e45baaf2bd`
SHA256	`9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2`
CRC32	`F5C804B7`
ssdeep	`384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c0d75d1887c32a1b_api-ms-win-crt-environment-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-environment-l1-1-0.dll
Size	18.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ac290dad7cb4ca2d93516580452eda1c`
SHA1	`fa949453557d0049d723f9615e4f390010520eda`
SHA256	`c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382`
CRC32	`EDEBA32F`
ssdeep	`192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f5cf623ba14b017a_api-ms-win-crt-heap-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-heap-l1-1-0.dll
Size	18.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`93d3da06bf894f4fa21007bee06b5e7d`
SHA1	`1e47230a7ebcfaf643087a1929a385e0d554ad15`
SHA256	`f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d`
CRC32	`A016C333`
ssdeep	`192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	69885fd581641b4a_api-ms-win-crt-time-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-time-l1-1-0.dll
Size	20.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`849f2c3ebf1fcba33d16153692d5810f`
SHA1	`1f8eda52d31512ebfdd546be60990b95c8e28bfb`
SHA256	`69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d`
CRC32	`FFFCEB82`
ssdeep	`384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bece7bab83a5d0ec_api-ms-win-crt-math-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-math-l1-1-0.dll
Size	28.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8b0ba750e7b15300482ce6c961a932f0`
SHA1	`71a2f5d76d23e48cef8f258eaad63e586cfc0e19`
SHA256	`bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed`
CRC32	`524A7773`
ssdeep	`384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7633774effe7c0ad_api-ms-win-crt-filesystem-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-filesystem-l1-1-0.dll
Size	19.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`aec2268601470050e62cb8066dd41a59`
SHA1	`363ed259905442c4e3b89901bfd8a43b96bf25e4`
SHA256	`7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2`
CRC32	`68ADCB9C`
ssdeep	`384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	49c4a85bce2fb8cb_d93f411851d7c929.customDestinations-ms~RF51e4c8.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF51e4c8.TMP
Size	7.8KB
Processes	2232 (powershell.exe) 2792 (powershell.exe)
Type	data
MD5	`4eba3b6a4f05a26106a2d772c79da044`
SHA1	`45ae375ea2f305e4409aabc22803cd1471f0983e`
SHA256	`49c4a85bce2fb8cb6db4279591d0966cbd2fb84bc43f252ee5ad14d3d615b2b5`
CRC32	`2DF7F691`
ssdeep	`96:YtuCaGCPDXBqvsqvJCwo9tuCaGCPDXBqvsEHyqvJCworM7HwxWlUVul:YtzXo9tzbHnornxo`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	334e69ac9367f708_msvcp140.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\msvcp140.dll
Size	429.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`109f0f02fd37c84bfc7508d4227d7ed5`
SHA1	`ef7420141bb15ac334d3964082361a460bfdb975`
SHA256	`334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4`
CRC32	`97BCF588`
ssdeep	`12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	824fae3331b95e2f_Login Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Login Data
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	b1e702b840aebe2e_api-ms-win-crt-stdio-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-stdio-l1-1-0.dll
Size	23.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fefb98394cb9ef4368da798deab00e21`
SHA1	`316d86926b558c9f3f6133739c1a8477b9e60740`
SHA256	`b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7`
CRC32	`F47691BA`
ssdeep	`384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a1d1d6b0cb0a8421_api-ms-win-crt-utility-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-utility-l1-1-0.dll
Size	18.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`b52a0ca52c9c207874639b62b6082242`
SHA1	`6fb845d6a82102ff74bd35f42a2844d8c450413b`
SHA256	`a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0`
CRC32	`DD940147`
ssdeep	`192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e5d5110feb21939d_License.XenArmor Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\License.XenArmor
Size	104.0B
Processes	2504 (E7nvVUkg.exe) 1092 (E7nvVUkg.exe)
Type	data
MD5	`bf5da170f7c9a8eae88d1cb1a191ff80`
SHA1	`dd1b991a1b03587a5d1edc94e919a2070e325610`
SHA256	`e5d5110feb21939d82d962981aeaaafc4643b40a9b87cbed800ace82135d57cd`
CRC32	`14CC9605`
ssdeep	`3:5XQX9l/W9f3DuS8rdumA8imBBa0bA5n:5X//fuw4Xagcn`
Yara	None matched
VirusTotal	Search for analysis

Name	63a7295e66183379_e7nvvukg.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\E7nvVUkg.exe
Size	402.0B
Processes	1648 (edi.exe)
Type	MS-DOS executable
MD5	`ca42e05f9d53c7ec9383307c1ea282bb`
SHA1	`ed0efa1b59b461dcda08121a39411bee72f6b4cb`
SHA256	`63a7295e66183379580db16d0d191bb261ccc9edb982980051291c8bdf6c4ade`
CRC32	`02167A02`
ssdeep	`6:xe/0lLP4199cud6lQsXxTo0nT0m5BM8Aiclx:cULw1Pc3lQsXxk0nT0m5BRAd/`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	568da887725ccfdc_Unknown.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Unknown.dll
Size	793.9KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`86114faba7e1ec4a667d2bcb2e23f024`
SHA1	`670df6e1ba1dc6bece046e8b2e573dd36748245e`
SHA256	`568da887725ccfdc4c5aae3ff66792fe60eca4e0818338f6a8434be66a6fe46d`
CRC32	`8BBA6A16`
ssdeep	`12288:DbmBS7IiAEbG1oINGRYTpv94oogc2RZ1X4RJobtsO8wJUAAF9/g0SQJD9tD7M:+BOI861XeYTpvyob3eRJKtAv/RJD9tDg`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	66abf3a1147751c9_api-ms-win-crt-multibyte-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-multibyte-l1-1-0.dll
Size	25.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`35fc66bd813d0f126883e695664e7b83`
SHA1	`2fd63c18cc5dc4defc7ea82f421050e668f68548`
SHA256	`66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735`
CRC32	`7DAE2C38`
ssdeep	`384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	73cc56f20268bfb3_api-ms-win-crt-string-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-string-l1-1-0.dll
Size	22.9KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`404604cd100a1e60dfdaf6ecf5ba14c0`
SHA1	`58469835ab4b916927b3cabf54aee4f380ff6748`
SHA256	`73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c`
CRC32	`C04CB509`
ssdeep	`384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	17f8c55eba797bbc_nss3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\nss3.dll
Size	1.2MB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fc57d044bfd635997415c5f655b5fffa`
SHA1	`1b5162443d985648ef64e4aab42089ad4c25f856`
SHA256	`17f8c55eba797bbc80c8c32ca1a3a7588415984386be56f4b4cdefd4176fb4c3`
CRC32	`96E4C2F2`
ssdeep	`24576:4DI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu73th8:TQ3YX5jyqgynPkbd24VwMSpu79h8`
Yara	UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3cc1377d495260c3_api-ms-win-crt-convert-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-convert-l1-1-0.dll
Size	21.8KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`72e28c902cd947f9a3425b19ac5a64bd`
SHA1	`9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7`
SHA256	`3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1`
CRC32	`29B4635D`
ssdeep	`384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8f0c9ac7134773d1_softokn3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\softokn3.dll
Size	141.0KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1b304dad157edc24e397629c0b688a3e`
SHA1	`ae151af384675125dfbdc96147094cff7179b7da`
SHA256	`8f0c9ac7134773d11d402e49daa90958fe00205e83a7389f7a58da03892d20cb`
CRC32	`7628A6B2`
ssdeep	`3072:YAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWLIBoE+MU:t6PpsF4CoT2EeT29MU`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c9bbc07a033bab6a_api-ms-win-crt-runtime-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-runtime-l1-1-0.dll
Size	22.3KB
Processes	1092 (E7nvVUkg.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`41a348f9bedc8681fb30fa78e45edb24`
SHA1	`66e76c0574a549f293323dd6f863a8a5b54f3f9b`
SHA256	`c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b`
CRC32	`1E462B97`
ssdeep	`384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	63ca5c5c3cf4be47_unk.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\unk.xml
Size	98.0B
Processes	2504 (E7nvVUkg.exe) 1092 (E7nvVUkg.exe)
Type	XML 1.0 document text
MD5	`67efe59fbf8aaf3e8de7d67dab21c2a7`
SHA1	`0869d3ea3b16639ed4a0803acea1c476e199b16c`
SHA256	`63ca5c5c3cf4be4765115926225c060d89ef54d6f6fc3ec284cb3ecb398b0cb1`
CRC32	`D94668A9`
ssdeep	`3:vFWWMNCmXyKgCC6byYy5XBiBMvZfVz5XBiBMvZMr:TM3i0bOXEWHXEWMr`
Yara	None matched
VirusTotal	Search for analysis

Name	25f66b5b18418384_c039198306863035fea360c1237d8088.enc Submit file
Filepath	C:\Users\test22\AppData\Local\9c49dd83\plg\c039198306863035fea360c1237d8088.enc
Size	3.4MB
Processes	1648 (edi.exe)
Type	data
MD5	`c039198306863035fea360c1237d8088`
SHA1	`b683f994d463f32b2ea265e9c0f7fb75f2d5349b`
SHA256	`25f66b5b184183841a193f137df2c46ddabd69e0ef5a9636affd40bd7cda1d89`
CRC32	`48FEEAB1`
ssdeep	`98304:WE0HKtx98BU3V18h7PjCF6AhNx1+Wh0r9fi:WE0qtx9H3VKh77CRNz8Ri`
Yara	None matched
VirusTotal	Search for analysis