Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	1b8410f839283a94_7-zip.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\7-zip.dll
Size	48.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`23c651b2ace76d42fec3989bcba3ce7b`
SHA1	`378776d20133f20a4c42476bdcb0a408ef1dce1c`
SHA256	`1b8410f839283a9483369dacdb22290b065ece6f00c026d953024666761532e2`
CRC32	`B516DBE5`
ssdeep	`1536:31Lubc0g1XOg1owXOYZhvSAWV3lgtshWy:l6bcBZOg1owBraTV1g2hWy`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f72014a1d70b31c9_app_plugin_control_32.png Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\images\app_plugin_control_32.png
Size	1.6KB
Processes	2140 (console-play.tmp)
Type	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
MD5	`69cd4229ac3c37b6f09697bd9b39546e`
SHA1	`d7fd11fdd0cae018005a9708c4e836bec0c59acf`
SHA256	`f72014a1d70b31c972d8a9f442f51eec75fe518aa0c22184ac807fc01ba5c755`
CRC32	`988045B4`
ssdeep	`24:+zxKvG6a5cOpCnE4eItXQH1uPIvNbuplfaqqFfizxTfjpEQScUe4TeacKfpMHVkv:cNzd4edHBVbGiqbTfnSc+CNoPEaRZz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6faf5a4f8a729dbd_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\fr\searchhelp.rtf
Size	56.8KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, unknown character set
MD5	`520077fd6d03c64c735258d4d87921d8`
SHA1	`1b8d82d7da2d85527ce91e72f179fb8a418d47de`
SHA256	`6faf5a4f8a729dbdc4082a7f33ffde3e72ef34acbf0875932b3e4427bfd9b598`
CRC32	`AB5FD9FE`
ssdeep	`768:Q14fg6mFma3sG0ft6R3MJh9xsEni6itNLDs:QdamsG0ft6R3MJhYEnijTXs`
Yara	None matched
VirusTotal	Search for analysis

Name	9fb2589b26a4fc13_polish.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\polish.txt
Size	29.3KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`99c26bb117ceab99ba6a1b442127c78b`
SHA1	`978d058d37518c99f5e4ab55d2934129f4ac9ca5`
SHA256	`9fb2589b26a4fc137f5c569198a3c006e0301ef562b547947f01b9dfce6fe3f4`
CRC32	`C8A99BC6`
ssdeep	`384:/Zv6SG/yzHmDliFgPdlM+FyGPGZ4FVhWkUaCJrqPMiuBPKHHPHmJXHbWPWrRmu0P:/ZvAqzGDldPGu4wCAPMizPGh8NH4A`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	db14bd3b8c834d38_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\pl\xml_menu.xml
Size	6.7KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`ba4161cb2bf4a39be5db36a539f535cb`
SHA1	`e5d9c8422da7f133e74727bd51335ec1bf48a7fa`
SHA256	`db14bd3b8c834d38b9c5ed3652754ad6fa058811f94d027c9fc0c25705311d98`
CRC32	`A1732375`
ssdeep	`96:Ct9V4OkhZzYaDG5Piu6hHqdZGlEP2p3zsOgsi07pNMzFMkjwYZQ60UJ:CtUwhRN6hKnfedztbpNMzFfbV0+`
Yara	None matched
VirusTotal	Search for analysis

Name	060f9650ef9d5443_cosmo.css Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\themes\cosmo.css
Size	160.9KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`c36c66f79aedd2688652d7fe7542192f`
SHA1	`a9abe0ea0d345df5e2bab84b549671ec209743ec`
SHA256	`060f9650ef9d5443703fb21abbfbb2cb286e0108698f81f689caabb72e460904`
CRC32	`AA687A89`
ssdeep	`1536:42pqL+QdGwz48+sEnpy0c2J4Pyaw7Pge9VmJz600I4b:42H9VmJz600I4b`
Yara	None matched
VirusTotal	Search for analysis

Name	575a6349013f3335_font awesome 5 free-regular-400.otf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\fonts\font awesome 5 free-regular-400.otf
Size	94.8KB
Processes	2140 (console-play.tmp)
Type	OpenType font data
MD5	`d39e499b3f8d22ce8f5469b84a4d4700`
SHA1	`7d520149a1cd9781a7bf667f6fb081c8ee2b90f3`
SHA256	`575a6349013f33353de1c762ac75d3b33d5686b9f6a377f3615c2238de68394f`
CRC32	`40AAE996`
ssdeep	`1536:gV/JKdktBIHzoyNE2Y5UHJItEcLDaC54/CBU8wL7Bx+WKDJJC/:gVJcIOUydcccJwLOJJC/`
Yara	None matched
VirusTotal	Search for analysis

Name	73e9ac882a25f8c3_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\de\searchhelp.rtf
Size	50.8KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, unknown character set
MD5	`e94f6d87535ec7a59ae0a16a8ef17271`
SHA1	`2662c1d22d459a892474d16661e254eee8adc513`
SHA256	`73e9ac882a25f8c364d817ca3d93bfa9f493397ccb3a740ec3377fbeb94a13f4`
CRC32	`5722961E`
ssdeep	`384:Q14fk70qBnio+p/zWFL6mJjREADtV5eJeecki6rGshj6WAl6Q/DnMNLDM:Q14fm6mJPDtV5eJeex6itNLDM`
Yara	None matched
VirusTotal	Search for analysis

Name	460960b7a0a0f5f0_libgpg-error-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgpg-error-0.dll
Size	56.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`40f2b954259ff75979920fa7546c89f0`
SHA1	`c93f6bc6c7f68dd02dcf66c57a71fcf8ddbc35e5`
SHA256	`460960b7a0a0f5f0a40b33203a46e840ad01e260afb4540ecd4e6c779d5b041b`
CRC32	`1EC3C997`
ssdeep	`1536:Wztan7pk13bHPH/VDMzp4wpmKBVzOf1JJKDo7wvNyGUC:st29kHVoCwpZBpOf1JJKDo7wvNyJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d0d2b0874147b256_english.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\english.txt
Size	26.9KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`fbcc45520d7b5b9a61a891b74924400f`
SHA1	`678b93ecb895701fa27dbb163ad63f6e05383cfd`
SHA256	`d0d2b0874147b256db1e76ef7a64d41114137239873e97147be003453bab9f5d`
CRC32	`0408C162`
ssdeep	`768:0XbZgN50eBoAl6TyrtFMJhCRfyRabeQNq2nSkzRn:06D5oAl6+tFMJheyW5z`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	11ebfac16ccdf4fe_libegl.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libegl.dll
Size	12.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`638c42b5dd826e709b38fa3f211e5cc4`
SHA1	`4f961e02e1992e47d56991b692fb483b2211b869`
SHA256	`11ebfac16ccdf4fe973729e8ae881d4cd30b7cb3dac15dadd39da9ed385778ef`
CRC32	`74490E6F`
ssdeep	`192:vSE+/4gwQJb9fO1cJooUVESTqm8pwa7r75iVsTxeJ:/qRDZkcJxyTMD5DTkJ`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a00f220f0fd86a7f_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\it\xml_menucontext_treeview.xml
Size	493.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`8056cc56680916bcf5d06b82c4e4a116`
SHA1	`46c04fe68c11d1a2235b83d9b25deb4936efccff`
SHA256	`a00f220f0fd86a7f58128eabcbca3bd2c83045ec70eadb7ddcce68c7deb18e82`
CRC32	`2E43F544`
ssdeep	`12:MMHd4AZ3vSsk07YTedRFgXtZ/4j1EBqo2:Jd/KXHUFatoqJ2`
Yara	None matched
VirusTotal	Search for analysis

Name	1d1e59b6a67e1f4e_qclp.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\qclp.dll
Size	3.8MB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4240767ecbcecd84f3c90d0ee889460c`
SHA1	`d390f9e165408864dda6c925dfe6627c557a6b24`
SHA256	`1d1e59b6a67e1f4ecc8516c384291655d4c51f7f91168e6b593f5f8919bffdc3`
CRC32	`3E539586`
ssdeep	`98304:RIL/K673SmsAtZbKCtYU6/65Wld0XIM0r1q:Y/cAHKU5B`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	a9d3f2056f8e888e_libffi-6.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libffi-6.dll
Size	49.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`c4059a8eec8ad3abc6432238f7491a2b`
SHA1	`f1c6cf3fa216f73ba44bd481c685ef30cfd3d284`
SHA256	`a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da`
CRC32	`B5DF01E7`
ssdeep	`768:C3VbGgiVWo9zu3aApJkL4Hs8453tcCqYT+yBzWqnkce4eUIJdW5sem4mXis8toU:C3lo9MaAnkEHs9gSyhUIJY5tm4mXisnU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	74f4e663b5048d45_hebrew.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\hebrew.txt
Size	28.9KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`fa13426a32b742330ce5226ed3b4363b`
SHA1	`28c94cf9d09c910137ad979d2e55f9dc5e0aecfb`
SHA256	`74f4e663b5048d4586a6c3cf20edf38ec0ff752629dc4e066635d4f669413afc`
CRC32	`2A478B5C`
ssdeep	`768:j9BsauDi3z0EHAnWXTBpX+yThanBDkJqAXoB:RBsaue3z0EHJXdRlODkJ7oB`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	71ee238881ee7012_lithuanian.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\lithuanian.txt
Size	25.7KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`068b920a636a11433c0d861faa87c0a9`
SHA1	`d2afead773e1d4000edfd806b97b74a330dc565b`
SHA256	`71ee238881ee7012e47d5d33ed0edfcbed7501b7a3f9ef490433b985d08e2892`
CRC32	`AC2ACC51`
ssdeep	`768:NgWfADyeXKLnV0oGJUHm7gHYVkkWHB1oy:NTKRKLnV3GJu4Rp69`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	840222bad0ed9817_bouncy for .net helper.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bouncy for .NET Helper\Bouncy for .NET Helper.lnk
Size	1.0KB
Processes	2140 (console-play.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Aug 16 13:35:13 2021, mtime=Mon Aug 16 13:35:13 2021, atime=Wed Aug 11 06:03:12 2021, length=6074368, window=hide
MD5	`cda23e4d4d4cadd5c795789bc437dcc3`
SHA1	`f1bff12eab1965c8e321f181d70052d857c796a1`
SHA256	`840222bad0ed9817becaaea8de4445df94c0677c0c5ece00b8e033a134a5a5a5`
CRC32	`F6947D70`
ssdeep	`12:8mEUPQQ4cZCrR8EvSE13ngSLuSJFWRBF8RUWvhCizCCOLAHBKNAav0X/MJTqguEX:8m7YsERdrXZxJF+F6JzNrMpUm`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	4eea44b0b4ea4c24_libmms-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libmms-0.dll
Size	69.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`bc738da6535b5015e9eaba90f56f8b59`
SHA1	`ce7c7865645a09dcf59daf519bade328ddf04b67`
SHA256	`4eea44b0b4ea4c248595bb1e573334005ec538792e3bb9d2a07ee01265443327`
CRC32	`BE703FC6`
ssdeep	`1536:zJYutTAkscOGfUsditx65XjxqzH6oPA4Ol/mGdiP99bQXFCw3:zJYAJss3d3zxfoIV/bCw3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9c8346c7f288e639_phototheca eula.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\it\phototheca eula.rtf
Size	5.7KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, ANSI
MD5	`9325aee138a4d9a15d651920fb403ffc`
SHA1	`19eb57cd989571fa8cd426cbd680430c0e006408`
SHA256	`9c8346c7f288e63933ebda42cbb874f76067c48198b01adfb63bccfa11970c35`
CRC32	`895CE30F`
ssdeep	`96:5B2fkv+rD5UW2eAgb+3SGQ5p/mY2LN0WqZDwqhqTn33P3KMoCuO/MAcw7xin02:yfh5lfAg/GCWqZMqh7Mh0hwG02`
Yara	None matched
VirusTotal	Search for analysis

Name	85b8218cd0ea2152_serbian(lat).txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\serbian(lat).txt
Size	28.3KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`15973fd4501568f396b7c20bd979a666`
SHA1	`872057a8161b8baa387654faa8f6cb43eb9b10ce`
SHA256	`85b8218cd0ea215262d883b03140974b16ee0751426fd81adc69fa7315dba26a`
CRC32	`FE1F3FD2`
ssdeep	`384:VUAqQVqpnZgFUfM3O3DHULWTZQVZO5Cf9+CSq6UNAIlExJBIElM0edf0pFojqXZy:VBUppv3Pw9rtBBlA3SO5EluQ`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	38a8a229a79ce48a_exeicon.png Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\images\exeicon.png
Size	14.7KB
Processes	2140 (console-play.tmp)
Type	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
MD5	`692c054b84c6d42288fef1148de9c662`
SHA1	`12adbab728e3e008bf1c2825022b6d8cfddc5511`
SHA256	`38a8a229a79ce48a4f6fd720c6693da11a8cbe6af160092149ad50ada58d97f9`
CRC32	`B93DC2DF`
ssdeep	`384:SWnwYPAxo1jf/uYK6Qm7lhkz2p+v2pX6pJa8uhdN2Z8:ZwYneT6Qm0zP8SZ8`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ef1bf2484d612b60_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\fr\xml_menu.xml
Size	7.1KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`92b5062e658f21840e59fcad9bb84d25`
SHA1	`baba6fa64b43e27f31318c21c2685baf591026c9`
SHA256	`ef1bf2484d612b60866ddc454837acba243ae78890601d0a1ff3c2f4fdee9a7b`
CRC32	`E97E1480`
ssdeep	`96:6vVQ7AoMHYJ3+2jG80n8XEMAhDL3JJ7MOCyFNzdL/F4LXtPTrfwYEKh0Zk:6vazRDwdlhL3RCyFNzdzFaZrE6`
Yara	None matched
VirusTotal	Search for analysis

Name	00f20b87820f0ea3_icon.png Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\images\icon.png
Size	24.0KB
Processes	2140 (console-play.tmp)
Type	PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
MD5	`d4facf0d1f1e69100f7c26c47b3a046a`
SHA1	`f6edfddc4df9ee7f19b84f7560bb687f6aacf771`
SHA256	`00f20b87820f0ea3d520bef40440696b8b027dba3b61217b2cfaabc3c2ee772b`
CRC32	`FDB5FF21`
ssdeep	`384:ScnQsw4kEFuph4v4giaASsMb96TSG/TPci6xSHBiB09e+AplPHsIGHl85MBY:Jth4pxgiBU+d4iyShiBcYlPrGVS`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4b5816c518ff6baf_slovak.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\slovak.txt
Size	30.4KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`14f093e90e0520cae5258bb4e36aeb15`
SHA1	`8a600725b34b9d0c61778b16e1afd4c73c904433`
SHA256	`4b5816c518ff6baf87ccf9a8d5bfca71a13a641e862ae7bce5baf065803ad419`
CRC32	`46A217A8`
ssdeep	`768:itwnLZRqLuaDN8hNYuzdAz7d8cCedwoF/a2z/F+9njRHI:ownnbaDN8hN1y8ejKJRo`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	d67401f6ac6a411b_german.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\german.txt
Size	27.4KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`a0f7bb8cc684e3b31b2f30f42c53b767`
SHA1	`42f3b866017c6cdd68f2aabfbed1b3da3b4e209a`
SHA256	`d67401f6ac6a411b58b7fc717e685fa7612a8946e5685cb9419b1af916697b38`
CRC32	`9A1AD4F7`
ssdeep	`768:lz6C6uemWe3uREoaxvkHsWWIhlcQFCPIaTNdwHQX0Q:oC6uuRE1xEWYNCPBOQX0Q`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	a2ff4a596e5f639a_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\es\xml_menucontext_thumbview.xml
Size	3.2KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`fa6f323c2332d43c213fb2f377580c14`
SHA1	`433b6e4c85c83132f7c8b04a23cb35c8730b60aa`
SHA256	`a2ff4a596e5f639a037707efa6bf880c8adce823a9a312af7622daa569659435`
CRC32	`8A71BC35`
ssdeep	`48:3LXmYquhd8/XK7ppEQldjMUtQ/+DKBA7mAXV4Me8ZowQ3gCDMxAED7a8wr:7WYS/aNpfd+/gKAlnZowQ3gsx18wr`
Yara	None matched
VirusTotal	Search for analysis

Name	d84f7ebe5517180d_all.list Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\transponders\terfiles\all.list
Size	4.8KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`e28de9af5066f83d06a749cd70062f3e`
SHA1	`1e70274e70a54f81bcbdc14d6aa00d8b5e869300`
SHA256	`d84f7ebe5517180d9c231898c30339a07c19ca7b045b21f33eb4dbe625ec7865`
CRC32	`2131D357`
ssdeep	`96:EDeTbXZ1x0GGpyDeTbXiTbXzDCS8rznSJV7gqdYGV3qljOkPKSDDNmRI5mbVu3+u:KKZb3Gp4KWdqL0VSiI5il6z`
Yara	None matched
VirusTotal	Search for analysis

Name	b411c1e7c8115043_all.list Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\transponders\cabfiles\all.list
Size	133.6KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`c5349bec3b6306b6e96004b330488a26`
SHA1	`638b3c445e4b3c8bcd7fd7e87ffec0b86beb0581`
SHA256	`b411c1e7c81150434a4cf4144b200a45be088366051f883a3f3e3cca4930c9bb`
CRC32	`1D4F63CF`
ssdeep	`1536:JAhk816usby22mg+VIxhBhBYvU6Csoyr2Ug2rURfR0DeICuWRQnRynRDRDqNHxjI:M1+p9w99IzE`
Yara	None matched
VirusTotal	Search for analysis

Name	2d3df8da35ff210b_commonmanaged.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\commonmanaged.dll
Size	50.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8e9cdf436f1f6882e2dd2b3e03b296c2`
SHA1	`b13bb65194a7fc5b9418146d42b2982e7a9839e6`
SHA256	`2d3df8da35ff210b76ba66c9387f375d87407edfe44a063944236e0f36ffb726`
CRC32	`E683FC73`
ssdeep	`768:a5zInBstS9qZd0skYYVkkQltb6nE9bljdhtX:a+nBs4qZwlnsblB`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	7eded3cd3aab0d9d_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\en\xml_menu.xml
Size	6.3KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`4c0a4688786973dfbd57247ec8134f98`
SHA1	`34e1bd34ef7dff6def1bf049da4285010f56b8f8`
SHA256	`7eded3cd3aab0d9d2995b7372d55b004c1c1c246285a110109ca16413f826a84`
CRC32	`537305F7`
ssdeep	`96:QXShjz1SYJtkmUudq3SXLEinVPTryGmNZdJEFNXgQf0MwYeKhA7M:QXgXfoCgiVPyGmNZd+FWQf0ImQ`
Yara	None matched
VirusTotal	Search for analysis

Name	25b67c8dc01231ad_italian.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\italian.txt
Size	28.9KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`f864135d59ab2edb8ddb76b96d480d88`
SHA1	`1b891c265571a194d50640aa3ed018adb144997b`
SHA256	`25b67c8dc01231ad23f711acb990e6a97965799600c063141b8d07663fb98d18`
CRC32	`4F948404`
ssdeep	`768:sI+ggXNDu4Arz5pdOqSB1/n+yxr/vfMze0CDna7T8BG/JdL1aTz:t+tUhpdQ1/+yKvcPByd6`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	6e877b42d70b20dd_mathtree.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\mathtree.dll
Size	74.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`97e1bb42cd2e298262f3c89e00e1a676`
SHA1	`4bd34c09de674da580179acba00f051dab487b66`
SHA256	`6e877b42d70b20ddc4c73e710ceea0e1b06a357949c4698e9755568a0a44d490`
CRC32	`DDFA6157`
ssdeep	`1536:6AJhUB9RbuZfQQeZLFjGr+QY9uqOGKOo2KuC28:XE9RbuS7TOGKOoW8`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d953e18d73af16d5_libgstapp-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgstapp-1.0-0.dll
Size	70.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`613283ce438722cc027b2f0cafc910d7`
SHA1	`06d1f1b97a1041a58d55d6ee227df887511041a5`
SHA256	`d953e18d73af16d5b0e2ebc79cbb6f85871dd5cd4ebd45a5b1d54f50aabaad3e`
CRC32	`9F56E72B`
ssdeep	`768:5ONkZWr2iwGZYSK8wHieEbRuzwoQs4HwU4XJPcCqqTPtzY0Xcd6e2XGem3SObDQy:5ONkZqhGHi1uzZGHwlOSs/2fmiOQ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	98782d713d12b495_app_plugin_control_16.png Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\images\app_plugin_control_16.png
Size	626.0B
Processes	2140 (console-play.tmp)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`b56b675809d84482e2c0afbe5058eb10`
SHA1	`d2fd2e37c753eac29fb925512871a4e11b8f0bbc`
SHA256	`98782d713d12b49595b100497e24d3c8d4ab111a5f9a66c630bd3f95d9303df8`
CRC32	`49A172ED`
ssdeep	`12:6v/72rxs+Ea6c8e8x8gMppPQI3Y8nHYQLTWWi9aJCrpghJeGjSbuWDop6SztN:3q+EFN+ppPVHnjHNErpE7SbrDoHN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	58ab8c24e1ec79d5_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\es\searchhelp.rtf
Size	50.3KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, unknown character set
MD5	`afc31b9d3c7bc3d9ffcbd6ceeb3aa386`
SHA1	`692f532bfdaabc046ce73d9947312cea1d6ab62e`
SHA256	`58ab8c24e1ec79d518771e64fe3a3929ac79612e6881cf9030054f452696496f`
CRC32	`889DD4CD`
ssdeep	`384:Q14fjA1FBnio+p/zWFL6mJjFV95u50JWw3Ii6rGshj6WAl6Q/DnMNLD7:Q14fg6mJhV9050JW2S6itNLD7`
Yara	None matched
VirusTotal	Search for analysis

Name	f632bb158e0d57f1_czech.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\czech.txt
Size	30.1KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`c754ec1b76f590eb29de1dd501a15bc7`
SHA1	`5615bd24e863c0163611ce7220dbe4086569c022`
SHA256	`f632bb158e0d57f19e2aba5fb3dbd844341144f577e130f10dfc8f9b5a28fd80`
CRC32	`9CCD68B4`
ssdeep	`768:4WCGjFJzWWonHXLuGnCeQMcG4pSxwy/rHctwprJFIUT:hlvWWon3rF/vxwySEt`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	469082f964fedd60_libgstcontroller-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgstcontroller-1.0-0.dll
Size	83.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6ba630b7efb75e1a7bd1dde921269caf`
SHA1	`747a70f6aa881371987d17c777a8ac2f9acd97df`
SHA256	`469082f964fedd6014cf97de7c30f85d471e6c41248a48a8870657e330d7e36c`
CRC32	`9C30B0F2`
ssdeep	`1536:HEbGfT4u4bdi3txtGwY4HmUo5B8NC5Uw4tmfee2K0nXqJUDdsXNSSG3H00StLebU:k6fTTkdi3AwmUo78/tIeeOnXq2sX8SGq`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fde135130ad770b9_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\it\xml_menucontext_thumbview.xml
Size	3.0KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`cdeaa622b682595567d16d72d4fa0eac`
SHA1	`a8668be0778318b675cb1839fc5705eb7612d1ed`
SHA256	`fde135130ad770b98032088e1266daca2e6a1c3a6a7ee4bb0070c597b81bb380`
CRC32	`27A6CF04`
ssdeep	`48:3+hBmK5vyidTdi9zsPnU9gaXG4MG5OjGTfP3kZ0gz7BqelIhTwF:uhBxIKdMzmq/Ww54GTfP3m0XwF`
Yara	None matched
VirusTotal	Search for analysis

Name	1a11293293b03edc_list.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\transponders\atsc\list.txt
Size	1.6KB
Processes	2140 (console-play.tmp)
Type	ASCII text, with CRLF line terminators
MD5	`3e43a289a247b121e0ff2c19656df76a`
SHA1	`4f2ecb02984ef1de43eb9ee7b17d6b702df92b6f`
SHA256	`1a11293293b03edcfb86c5404b83d09ca1292df0771f053c0a639f575e9b8515`
CRC32	`1EB62E98`
ssdeep	`12:sy6uACHaQLZuBpkDAeyUxBOxQsPMHwQEW2Swe7/a2Q/WBISguQecXHCQd:sy6YBApkUNUQ3lPFSBTqeOfl3C6`
Yara	None matched
VirusTotal	Search for analysis

Name	5ba6fc26869f5929_greek.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\greek.txt
Size	28.0KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5ab8c217abdfe672d87e27a7bcfe7ea9`
SHA1	`26f26a54ab47700044dfb64f8d3468fd99541569`
SHA256	`5ba6fc26869f5929faadbc472b7e9f76693e2199b97d97f9aad8c448d96a0ffb`
CRC32	`8092C607`
ssdeep	`384:bVbQya9KyNCXgrpT7ENHvJBUYxAdd4yMqYdX8FAqQL9vzVR8MSts+5lSZTXlM+zz:xbt0Ky0XgCHPGddQsEhVR836aAzNB`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	da25db2480947905_bzip2.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\bzip2.dll
Size	67.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4143d4973e0f5a5180e114bdd868d4d2`
SHA1	`b47fd2cf9db0f37c04e4425085fb953cbce81478`
SHA256	`da25db24809479051d980be5e186926dd53233a76dfe357a455387646befca76`
CRC32	`8D2A5603`
ssdeep	`1536:S9FWW0igMY08p/41AdhEfWoh8eGf9NvvvvvvvvvvvvvvvvJQfBq:S9FxMJj3EWne290`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7633b7c0c97d19e6_default.css Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\themes\default.css
Size	152.2KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode text, with very long lines
MD5	`abe91756d18b7cd60871a2f47c1e8192`
SHA1	`7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d`
SHA256	`7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b`
CRC32	`100A242C`
ssdeep	`1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM`
Yara	None matched
VirusTotal	Search for analysis

Name	5077544d1644d173_rostelecom.m3u Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\transponders\iptv\rostelecom.m3u
Size	1.2KB
Processes	2140 (console-play.tmp)
Type	M3U playlist, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`9a9cf633adcf233d12162df92379fc98`
SHA1	`c3b87cb0328a56b583903769f28df25e3c68a928`
SHA256	`5077544d1644d1738f45b28743639e848802d1a8484ed6cd3f25d798a745cee6`
CRC32	`3314A14E`
ssdeep	`24:FJNyFagNZF94NgCNaZNspE4NaKFSNMKNIw+NqUZNJYNiJNk7MtNZwLNNGN6ow7N0:32ABaiq4QJ1AxQoGItILGMvd+RIopQat`
Yara	None matched
VirusTotal	Search for analysis

Name	572d41e8a14de71b_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\es\xml_menucontext_treeview.xml
Size	506.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`ce0d1178f7a416f7749856a7c48a3aba`
SHA1	`5cf38efe0cfa006a4568359f225e837f44047d2a`
SHA256	`572d41e8a14de71b3476e6d59ed20456f30e1197f7b77ebead554d461e22f0a5`
CRC32	`3FDB0852`
ssdeep	`12:MMHd4AZqDN4fkbNX70E42d4XcOSj1ELoj:JdifBgE9dCWhj`
Yara	None matched
VirusTotal	Search for analysis

Name	213167f577fb42e0_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\de\xml_menucontext_thumbview.xml
Size	3.2KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`bb7515d7ab4b05965a4e0ac69f97bdc5`
SHA1	`1975b3d4c0ff70d22dcf1f87c19b484346c48ab0`
SHA256	`213167f577fb42e0b2b31d3adaf00ce8217da2e30b95694e20cf0217564343d7`
CRC32	`3B5BD98D`
ssdeep	`96:10iHmpKdrfY8pgO28ZgTFuDS8xo1ADYjq:m/0drg1N8xoKsW`
Yara	None matched
VirusTotal	Search for analysis

Name	83f074dbacf3d3dc_libgstriff-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgstriff-1.0-0.dll
Size	84.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`893c149773bff81b55530820207c73f0`
SHA1	`46c6b5f00b463d31140a0b9972d4bc2b04ba0d0a`
SHA256	`83f074dbacf3d3dc4c7d5646d056359bb7cb29dcd1a2d109cd07ee21dbdb42af`
CRC32	`1C1B1A25`
ssdeep	`1536:7JXErVqLiEb/Zp/Yz6V3JNmODTYaxIHsVn9HIjUmY5e2oC2K9lZ:7JXEBqLiCHAz6V9V9GURe2oC2KTZ`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	918717374890f30c_bulgarian.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\bulgarian.txt
Size	34.4KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5e68624302c465d6e29d970f735c0b9d`
SHA1	`c0692a057da9de0353586643cecb10c25187ca6e`
SHA256	`918717374890f30c9c46b13bdf1cf71c8463f18dc14ef3a97b6cfcb4da2102d2`
CRC32	`44FB1CD2`
ssdeep	`768:W/JMArsCWw+JNQn79oIR0AVCg/Qpjq2gXa:WhMAICWw+J+7iAVCEN2gq`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	e779748dfe75e84f_license.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\fonts\license.txt
Size	1.5KB
Processes	2140 (console-play.tmp)
Type	ASCII text
MD5	`2e3494502db283e8891d4886fe445912`
SHA1	`9907c55306fffb685ce0e06c9e469475035d5fa6`
SHA256	`e779748dfe75e84f974df3c7bc07f842011a100159158b0f1f49b2f2a5a515cb`
CRC32	`F92E4BFD`
ssdeep	`24:CYMWGFuVUjxvcVMlx8HSGl37cCfLUCjY9H3TmthfMQc:93GFEWcKoyWVfLITmXMQc`
Yara	None matched
VirusTotal	Search for analysis

Name	52b77c71ff21c212_french.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\french.txt
Size	25.2KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`b38d3a41ca99121e7df38fcf586fc730`
SHA1	`a633dbeb51a32cb77a1f3bb356bbd7c7bdef0cde`
SHA256	`52b77c71ff21c212316a71feea496108a16d4aa8047f67b37775f700db422e28`
CRC32	`6911C575`
ssdeep	`768:N4vXAq6xuPxrUOOcnDLK+tzeeCdxrPhC8E2dN5+oG/dFw9n24HV8tH:N4Kupo9Qu+tqeCDZC8Xl+oM+9nd8tH`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	d0001d7e13fad28a_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\it\searchhelp.rtf
Size	58.1KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, unknown character set
MD5	`f7a53d17c2d207fe583a53ab324db20e`
SHA1	`03f958492f2d3e8df165219979cafdd325ce827f`
SHA256	`d0001d7e13fad28a05cbeb19eecaba1ab68112be65c7cb0f01320165a2a745c1`
CRC32	`B17206DE`
ssdeep	`384:2X4fTE5SBnio+p/zWFLgMqjHGE23Xc7BQui6rGshj6WAl6Q/DnMNLBV:2X4fjgMqrG9M7BF6itNLBV`
Yara	None matched
VirusTotal	Search for analysis

Name	d1111915f3e27ef6_libplist.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libplist.dll
Size	62.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`49055810fcc813a8e1bde0a64233f06f`
SHA1	`70f9b4f9668cede76b785dd3a1d54146b7f8f68a`
SHA256	`d1111915f3e27ef605141a56cc5bedea25684ed44784de1213e99f5fe9e5a41e`
CRC32	`76319308`
ssdeep	`1536:Opi4OKRmDCqQPlwXVXKXHWRi6H7hubmKvp08k:OpLmDCqQWXVamRLMbpvp08k`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	dcaadd15a5079d2d_all.list Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\transponders\all.list
Size	203.5KB
Processes	2140 (console-play.tmp)
Type	ASCII text, with CRLF line terminators
MD5	`1b724e22c141bf7a93091437198a18a6`
SHA1	`fd2399d2cf769e292a046d07d7faf9540d3ff765`
SHA256	`dcaadd15a5079d2dfe8f861d9d987f1f7169c668c00aaf02654bbbd7f0262f96`
CRC32	`B32B29B6`
ssdeep	`1536:a+m/0nZT9+cuRZRHsf5M+ZjdjDVUmdxunfn+DL9Ci0LdmL+oKAPZ+KGyg8hiFzVG:yy8MpXzUftAPsFyg8h7PPt`
Yara	None matched
VirusTotal	Search for analysis

Name	f73c231ee07f95c7_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\pl\xml_menucontext_thumbview.xml
Size	3.0KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`2e6bd27857b6cd440e75ff2a3f2845aa`
SHA1	`cdb7785622156fe727f8a94c188ce0823fbec28f`
SHA256	`f73c231ee07f95c76b467951bf0a57269d32d1f34abc7fc4f3945ddcfae9252e`
CRC32	`2D8B83B1`
ssdeep	`48:3dQb7imKyNKJB6/XJYosdW/aVXO4Mr6S64sNkWTrI7WW4:NQb2x1Pq5zaV+h6r4syPSb`
Yara	None matched
VirusTotal	Search for analysis

Name	4c6d4ccac1e8c33a_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\es\xml_menu.xml
Size	7.0KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`e6978b85642b5f09c8feaee634cdf4af`
SHA1	`cd907a90b7fccc68b5eb889c1048b04567ad9494`
SHA256	`4c6d4ccac1e8c33a78177210acda678623d604bf889b282cff7df1f81008f37f`
CRC32	`803CC2F9`
ssdeep	`96:Q689e6/v8UBmQYdOw0uGq+hMQqM0JAeEyOr/XvM+qSu4LwlpoNNdVFfFiIOO6wYk:Q6FYcV+Rua1vA7qKWNNdVFNDl6ha`
Yara	None matched
VirusTotal	Search for analysis

Name	859124fa394e6025_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\en\xml_menucontext_treeview.xml
Size	470.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`71d14cc9ecf9c7b117cf86201e8ad9a1`
SHA1	`10c7b21fea1af67aedd702d8a8d2915423cbae75`
SHA256	`859124fa394e6025f462c33099024309eb3014b341fa96f1b5702703c2c093fa`
CRC32	`71759141`
ssdeep	`12:MMHd4AZTDMykba70n04N2X9+xj1EJbogu:Jdc904q9+Rlgu`
Yara	None matched
VirusTotal	Search for analysis

Name	1171f7c5f21d48b7_croatian.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\croatian.txt
Size	28.4KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`81b83d9806d9b9f601c8c997b7bcbd04`
SHA1	`9efa4e7541234555d88b4bc42afc7cbd7cd98977`
SHA256	`1171f7c5f21d48b754662d3d217473070abe893c3a1b6c485695f1a3a48bf1a7`
CRC32	`BB1E69E9`
ssdeep	`384:VUAqQZbpn138FUfMKgNaHULOTg+rdp5JQtmCnq5GAAI3EtvN9ElM0edfmUFuxqif:VB1phPwNk6tDqtB3SUSVksKL5`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	3c12f0a9f43cf88d_liborc-test-0.4-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\liborc-test-0.4-0.dll
Size	51.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`00d68e20169f763376095705c1520c4f`
SHA1	`75ec5e1974654613c9eeeff047f1eb58694fd656`
SHA256	`3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f`
CRC32	`36D9655C`
ssdeep	`768:OsH/CHGrCasbXzxUuAEZ1rXK4bgCAosF14HYs44HZcCq+TEbbJwziIHc42+ewBmV:OsRvQras7jHYN1u+JwZmwdtmns`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6f97cdc258db1fef_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\pl\xml_menucontext_treeview.xml
Size	496.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`48c3c26e31224a83e1fb467683a48d05`
SHA1	`8b952c7e0d913ec6fad565f1df98617d7b9beb25`
SHA256	`6f97cdc258db1fef1dee20886207ef338fcd1f0e5bad561e02bf1868355d6ebb`
CRC32	`A06BEFBF`
ssdeep	`12:MMHd4AZ5m01TQHkLQy7cibFxXMrWj1EON2UBkv:JdBRCEkKhhp12gkv`
Yara	None matched
VirusTotal	Search for analysis

Name	b9d94fa54b922c1b_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\de\xml_menu.xml
Size	6.9KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`8a501ba91a337b956aab9e7c428dbfd1`
SHA1	`126d109a2c518027ed8e1d6eb6694a02340f2a4f`
SHA256	`b9d94fa54b922c1b1adbe50a0947964daf6de8745e8bf9cae9d97bd7e2fcfebb`
CRC32	`91ED32F0`
ssdeep	`192:XtjkcobqlGohThKsrlqwjNSeFweBMajkXg:X2hOlGGThKsxqmweBxjv`
Yara	None matched
VirusTotal	Search for analysis

Name	7f2ef800e1119c2e_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\de\xml_menucontext_treeview.xml
Size	524.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`254b075520bd91672a03d4938bab7ae7`
SHA1	`466cbea618ddbead509dff921703f5ebb6b19d83`
SHA256	`7f2ef800e1119c2e7ed4c3f78729016774613f15b08e56e75dcfab93418e9198`
CRC32	`98156D97`
ssdeep	`12:MMHd4AZNvwJvkxv7wzFn4Dh2F4XkWI4j1EhP2:Jd+uap2hNPYO`
Yara	None matched
VirusTotal	Search for analysis

Name	c5616071d5d2e858_libgstsdp-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgstsdp-1.0-0.dll
Size	77.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`8b89a31d5d3f3173f5e3bb9118d04a7e`
SHA1	`b9829c7df23d7190928041753e2e07069c7abfee`
SHA256	`c5616071d5d2e858bf26cea64bcda17b6c494b1507ea96a17816811c6071e4a8`
CRC32	`F8D11853`
ssdeep	`1536:1ISc1+2KuvhLeGwUNHsdvisJy2bmN0+RveV6yG:1e1+so5d6AbB+EV2`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a4e8833818879be8_devexpress.sparkline.v14.2.core.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\devexpress.sparkline.v14.2.core.dll
Size	74.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e891562a855a6e697559d0d922332bc6`
SHA1	`bf0a7c56494a693d88e043e8cb7b6539c25f3500`
SHA256	`a4e8833818879be8f847895c0d69173b8593b319076b865f2e197728451cf197`
CRC32	`3315FDC2`
ssdeep	`1536:RgBSJNAJU2aRXJ/qsiDhglwcJ/5I83dxog6qzj:RySJNASrXJ/q1UJ/5Icoghn`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	df3de6af21f13de3_qt5quickwidgets.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\qt5quickwidgets.dll
Size	58.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fbe938d603df6da86e3b1cccab37288d`
SHA1	`5ccb8276cb0e2e97518579412ba975bb8a2ef419`
SHA256	`df3de6af21f13de3490065879b39e3d7a1d6add10d802b80b9a444555b8a516d`
CRC32	`D139049E`
ssdeep	`1536:sioZheL/OWZqcGVE2KWqLqZ0qEozRXYDep2zM2rQfND1p:sioZc/OhDKLqDEozRXMep2zM2rQfND`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	aa7ed02a03d9d9bd_spanish.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\spanish.txt
Size	29.8KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`0ee2684acea15cae715062efc78d9fc6`
SHA1	`d5326023f0acc72fae6feda07460ab9967639d4c`
SHA256	`aa7ed02a03d9d9bd4af4aa5f370fe853fdc1c5c234c00939dc8b83d845bd212a`
CRC32	`1FF6E88B`
ssdeep	`768:0+cdXYgS2qGEd8BCxrjE+nVLRkTBNRI9q52xTX2:0+nNfGE5c29ifq72`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	ec0979e55fea1d0f_chinese.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\chinese.txt
Size	25.4KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`4ddd5a9820e99e8b79177a840d46d715`
SHA1	`bdd2a23141f0bc143161b37fdca6be07a890a8c8`
SHA256	`ec0979e55fea1d0f7893b254d5c4364aab80094417d410263390eaaf3d844e10`
CRC32	`BD6916B9`
ssdeep	`768:nRahYtTDSGFM7U6HFbBWG07HkQcxl+bEa/KyF:shYJSGUvHNBTx4dF`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	7597a9390624d4cb_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\fr\xml_menucontext_thumbview.xml
Size	3.3KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`fac144ad086628e1ff23707eb2de6a3a`
SHA1	`fd4b1ab8df804f652c35dd4d7e634e4627bad6b3`
SHA256	`7597a9390624d4cb060b31a99f2c04e5b4f00743769bb2a3e19287e7a26365cd`
CRC32	`51FCE984`
ssdeep	`96:wS++R8L5xZc+dEVIlsglYLTmZYE9VEz6s:l6ZndE+lELTSps`
Yara	None matched
VirusTotal	Search for analysis

Name	4c99c72663c1944d_libchromaprint.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libchromaprint.dll
Size	78.5KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`87b32e6ed0b33019ddb113db9ee52b23`
SHA1	`f6661c6150b3afa8f5603381911b87645f932b44`
SHA256	`4c99c72663c1944d031d6b4d0aa18c3356e964ef874103cbfac61589590d742b`
CRC32	`7A104A11`
ssdeep	`1536:iRc06HCdj3uTEv22Ec1eFOCvgxqHm04rgl1ammsUZNIEklJMxb+:iRc0aC13oC1eF7G0MoamzK9klJMxb`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	5eced077d984939a_portuguese.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\portuguese.txt
Size	29.6KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1eb2d98a62a7683f7bb19fee7005d7a1`
SHA1	`2d0a86c7c185a1a8945dd52208eb192950602f37`
SHA256	`5eced077d984939a684c30d5c8730afcbbc67f72272c00485cbc29188b6e88e8`
CRC32	`235DF62A`
ssdeep	`768:X+SYJZPPIGbey8Jz79cloNqxToTjiDFCZcA3ggU2/Ms2m:X+9J5Iix8JzEUAFZA3V1`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	5530e12f0e3d0049_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\pl\searchhelp.rtf
Size	54.0KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, unknown character set
MD5	`6a60791a0901d5f8baad05bcc77ccac4`
SHA1	`724a2547019d3ec3a8514a6c97dc68e9681d2a22`
SHA256	`5530e12f0e3d0049df4d5d7bea4cef171625b10fec3a671bcf5f8eca0c768d26`
CRC32	`D985191D`
ssdeep	`384:a4fMPH8ABnio+p/zWFLpmZYHZP5Rqi/5AQLpLGNBdnLt/ToQ4w8fi6rGshj6WAli:a4f+NpmZYHZPjqi/5AG4DEwa6itNLB3`
Yara	None matched
VirusTotal	Search for analysis

Name	a817a747b2cc7504_xml_menucontext_treeview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\fr\xml_menucontext_treeview.xml
Size	525.0B
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`75eee29a00a8eb22627d235987202e03`
SHA1	`4fc4f9d96ae4210c5e9883a6ce16c75ee0a33fdb`
SHA256	`a817a747b2cc75047a60e6bef1986c71d283dbc8b5f986dbde9f044427ac297f`
CRC32	`163E2053`
ssdeep	`12:MMHd4AZnA6AF8Hu6k4lr70BAjtWqNX1nj1E5ns3u:JdoeHuVPKZt14Au`
Yara	None matched
VirusTotal	Search for analysis

Name	5ac4e6d56ce6b6a8_swedish.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\swedish.txt
Size	24.8KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`c07810393930edfbbbdbca8a0f3a6b20`
SHA1	`3e75518fbe40334db4c3554ecafc944d280184c8`
SHA256	`5ac4e6d56ce6b6a82a59610aa4ae174a1b4d638d605423cd4daccb4501868ab2`
CRC32	`DF4FF786`
ssdeep	`768:mbL2E1O05KAwL2D+VF9aXsCEVRRkapKSi:Yb5//KVFPVVDkUFi`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	221643457442624e_console-play.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-HOKII.tmp\console-play.tmp
Size	3.1MB
Processes	544 (console-play.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8a24adf60923719e71306f56deb49ebc`
SHA1	`e098600fd5a98bc37d0d887e705a32a54bf4ae84`
SHA256	`221643457442624e98646e2e6f8a6ec7d8d79f9830d13cb168f69e60e69b0085`
CRC32	`FA47D173`
ssdeep	`49152:rEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTVz3338/:v92bz2Eb6pd7B6bAGx7J333U`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6228b88f2d4d0ead_xml_menu.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\it\xml_menu.xml
Size	6.7KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`30d18a363eb4ae208e0c59d15f17bf58`
SHA1	`87a57e55b7b3c82b8083575e8fc478dbf61ea9ef`
SHA256	`6228b88f2d4d0ead68e1534692becee9ccb7a7660a21b9d1647f2805fdb5945d`
CRC32	`BF120167`
ssdeep	`192:Qinb9f3x0d004DIg+vB/JDeN87ZFqJf3khvbW:Qq93Ig+vXJq5+W`
Yara	None matched
VirusTotal	Search for analysis

Name	797e6178ed8403d7_searchhelp.rtf Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\en\searchhelp.rtf
Size	2.4KB
Processes	2140 (console-play.tmp)
Type	Rich Text Format data, version 1, ANSI
MD5	`d6d456354649589f9ace65cafbdcc2ea`
SHA1	`dbacf271a8b8d5bbdf38bd4e1db5903ccb4033d5`
SHA256	`797e6178ed8403d7b4e84603b81950c99ae9ed432f98bba9d7958fb2db562c56`
CRC32	`3CD6303B`
ssdeep	`48:55u7fMxeWhb4G9wuiKRKS97vU5GYqReZxGCcYevyqKakY7jOe1MqJ2:5ofMxbNJwSSjueZ3yymPOeHJ2`
Yara	None matched
VirusTotal	Search for analysis

Name	2204684f02ae5185_libgstfft-1.0-0.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\libgstfft-1.0-0.dll
Size	66.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`29f7aab4e7367014db45f866ab052327`
SHA1	`f2bc284d7acbef09fea7136b9156ed79289059f7`
SHA256	`2204684f02ae5185deaa3704ed8355a737018cae320e68e3209311d1f2506237`
CRC32	`2011C2F1`
ssdeep	`1536:rfPpv2oNi2l7RyqgAVn21UH+KUf7jDq6LmG1h85:rfPpv2oYmGAVu5K4T7LRH8`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6680498105c2bc23_turkish.txt Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\localization\turkish.txt
Size	29.0KB
Processes	2140 (console-play.tmp)
Type	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`32befd603ce11029f858190e7679feb9`
SHA1	`cf7ad5082bb614692bca61f75848a59e1a1a5822`
SHA256	`6680498105c2bc239a468a0cfa05f3a8bf06f38323b02f9cb7e609196ff0986a`
CRC32	`07ADEF53`
ssdeep	`768:T61Cy2IxO3/dqkAHEZWMBmIdk1bCN0ym0CFlGNeONcNuo+D31Gkt0:+r2IC1qkAHcWMBmIdkm0ymbWNeONG+DY`
Yara	Malicious_Packer_Zero - Malicious Packer
VirusTotal	Search for analysis

Name	58489a55f9eb210b_cds.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\cds.xml
Size	304.4KB
Processes	2140 (console-play.tmp)
Type	data
MD5	`2b622a85fd2b0b5531c86301818ceb2f`
SHA1	`5e1d127789e78683ce3deee1fd3e38f358bc50c2`
SHA256	`58489a55f9eb210b9e472ca21621ce544e03a2e026f0fa103c1a58102d39c025`
CRC32	`4862C816`
ssdeep	`6144:2UIadE1lGlolDli4KjLpTyTyyecerH18/r+EN8PvVULh4lsy3IhUNC317t0N16Xz:EauHvrf`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	bd18f22709d63c01_utilslib.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\utilslib.dll
Size	110.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`16ff6202991253ff981a6a7fa20436aa`
SHA1	`f992669261166b099316ea9c6a3b6f16fe86fcd3`
SHA256	`bd18f22709d63c0156401aca8e63f0e04490f3348191897b7360511221adb134`
CRC32	`DCA74E06`
ssdeep	`1536:3+M7hhFAHxQCqyT0u3U+PPxFp0tYCAFJtksMRXDh5G0CjwHb9vy6p4V7SpSDvNtW:uIhQRX3F6tLcJ6dRXDh5vPu7Tfza`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description) IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	1c9d8b48689f4865_xml_menucontext_thumbview.xml Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\lang\en\xml_menucontext_thumbview.xml
Size	2.8KB
Processes	2140 (console-play.tmp)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`447fc41d865c6106bbf6ef6a904bece4`
SHA1	`61ae758686e4825f759f0ee3894aa8de22f9b29a`
SHA256	`1c9d8b48689f4865e9f04853ae55a18324c93916edd5c65016cf089de1b59f7a`
CRC32	`66B4C2DD`
ssdeep	`48:3TSV2UlKHgeYqTcA8DYxXu4M1jH3neQGf+u:DSV2UoApI8Y+r3hu`
Yara	None matched
VirusTotal	Search for analysis

Name	dee1253761af168e_bouncydotnet.exe Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\bouncydotnet.exe
Size	5.8MB
Processes	2140 (console-play.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e70951807abdec39daefa9a8df9dec15`
SHA1	`15a7b0f9c04d5f6bba477d91b502b4e24c1127f6`
SHA256	`dee1253761af168e331e8909cf6afb20b40a95a34400d9717773a77258ac62e6`
CRC32	`DEF8C65E`
ssdeep	`98304:oAmiEO6HCMKZrMTHop4DA5z37DvyZoui1onanK5trS:hmivNZr0A57R9`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-82A1I.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	1092 (console-play.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	6973bcfae9601d21_qt5serialport.dll Submit file
Filepath	c:\users\test22\appdata\roaming\bouncy for .net helper\qt5serialport.dll
Size	58.0KB
Processes	2140 (console-play.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`da7428109ec54429d52ee54294b3d3bc`
SHA1	`501ba92ae0b98e0e7057a189704045d8fe81510a`
SHA256	`6973bcfae9601d217211191992fdf9a3170857dcd98570686b7b4172150eca7f`
CRC32	`B8B104BE`
ssdeep	`768:rg5QxNAcb7iz+51dHOJgaVYen4HYEuOE9g4NW0ISSaNuqKJN88J5ka8h2psG/pwd:vacbL51dHOJ7ZZs1DqK780kVbpTYXf`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis