Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	ca16a22ff81cc7a7_screen.jpeg Submit file
Filepath	C:\Users\test22\AppData\LocalLow\screen.jpeg
Size	19.0KB
Processes	2532 (zxcvb.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`2bb6d8c8255cd66f8cbb6bfaf908a5bb`
SHA1	`d14f1904aabc765818ae44076109b40afac31cb7`
SHA256	`ca16a22ff81cc7a7577d1b1ee9fe6b2992738b9473506c437135e44ed969b892`
CRC32	`E459BE83`
ssdeep	`384:d6TOImRDxwiISHFcWWWWWWWWWWWWWWWWbqIg2oPn:dMOImXRHdp2Un`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	5dd4ccd63e6ed07c_api-ms-win-core-synch-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-1-0.dll
Size	19.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`71af7ed2a72267aaad8564524903cff6`
SHA1	`8a8437123de5a22ab843adc24a01ac06f48db0d3`
SHA256	`5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f`
CRC32	`24352D97`
ssdeep	`384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7353b3020292dfd7_um3GbZ8mk6d.zip Submit file
Filepath	C:\Users\test22\AppData\LocalLow\um3GbZ8mk6d.zip
Size	13.2KB
Processes	2532 (zxcvb.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`17d99977b9925417cd64bf975fabcc03`
SHA1	`383a2fdf4df18f546bd1a0fb0006d1bbbad28dcb`
SHA256	`7353b3020292dfd7d586da67900a5fa5abe7f0879e9544d61f1fa315c62e8ca5`
CRC32	`CC3BB23C`
ssdeep	`192:VTSWpgopcMQrZnXm1Ge5OchsMn5P/oHzb+feXVGeMZlHB+0bANoAveAccLQZz4EM:FSWZOcbsEezPcpbAWgeAfgoINjAx`
Yara	None matched
VirusTotal	Search for analysis

Name	fd8f3f0514dee01d_qhbcytidvconsoleapp6aa.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Qhbcytidvconsoleapp6aa.exe
Size	633.0KB
Processes	2444 (zxcvb.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7e0d88b77d672d1d3dce0173c8f909f0`
SHA1	`f6a71febc67be0a40182fee8ab15e9090577ffe7`
SHA256	`fd8f3f0514dee01db78ff0bbb322a9f12dd8f54945ed8edba93257af201e2481`
CRC32	`51C8EFF6`
ssdeep	`12288:wvyt+8Cc9EZY0V2OzqyKdZFqFBecHCMkjvJZu5QBEApk684Xp:wvybyrV2OzqyKdAkcHCM67Eqk684`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	c85dc081b1964b77_api-ms-win-core-file-l2-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l2-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e479444bdd4ae4577fd32314a68f5d28`
SHA1	`77edf9509a252e886d4da388bf9c9294d95498eb`
SHA256	`c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719`
CRC32	`F4699D05`
ssdeep	`192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	565a2eec5449eeee_api-ms-win-crt-locale-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-locale-l1-1-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2f2258c32e3ba9abf9e9e38ef7da8c9`
SHA1	`116846ca871114b7c54148ab2d968f364da6142f`
SHA256	`565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33`
CRC32	`3C5AE513`
ssdeep	`192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a770ecba3b08bbab_freebl3.dll Submit file
Filepath	C:\ProgramData\freebl3.dll
Size	326.5KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ef2834ac4ee7d6724f255beaf527e635`
SHA1	`5be8c1e73a21b49f353c2ecfa4108e43a883cb7b`
SHA256	`a770ecba3b08bbabd0a567fc978e50615f8b346709f8eb3cfacf3faab24090ba`
CRC32	`B698D0CA`
ssdeep	`6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	87ed943d2f06d9ca_breakpadinjector.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\breakpadinjector.dll
Size	115.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a436472b0a7b2eb2c4f53fdf512d0cf8`
SHA1	`963fe8ae9ec8819ef2a674dbf7c6a92dbb6b46a9`
SHA256	`87ed943d2f06d9ca8824789405b412e770fe84454950ec7e96105f756d858e52`
CRC32	`77044748`
ssdeep	`3072:9b9ffsTV5n8cSQQtys6FXCVnx+IMD6eN07e:P25V/QQs6WTMex7e`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	46b005817868f91c_prldap60.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\prldap60.dll
Size	23.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6099c438f37e949c4c541e61e88098b7`
SHA1	`0ad03a6f626385554a885bd742dfe5b59bc944f5`
SHA256	`46b005817868f91cf60baa052ee96436fc6194ce9a61e93260df5037cdfa37a5`
CRC32	`54D601D1`
ssdeep	`384:TQJMOeAdiNcNUO3qgpw6MnTmJk0llEEHAnDl3vDG8A3OPLondJJs2z:KMaNqb6MTmVllEK2p/DG8MlsQ`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2d6f82f4ead20251_eL4nZ5eH2n Submit file
Filepath	C:\Users\test22\AppData\LocalLow\eL4nZ5eH2n
Size	806.0B
Processes	2532 (zxcvb.exe)
Type	ASCII text, with CRLF, CR line terminators
MD5	`6843dd27700df9a3b64bdddb17aef9ca`
SHA1	`77a5bb2ea4402592fb754c7ca24354397183e8c8`
SHA256	`2d6f82f4ead20251fbfd408703872b5c5f2ad6d1da125824d8ad5f3115b80365`
CRC32	`7D60D23D`
ssdeep	`24:nOx3+0QdCd4f+IBx0BmyQa7uc4Cl0ysv6:nOp+0QdRcBmLc4ClVsy`
Yara	None matched
VirusTotal	Search for analysis

Name	65ded8d2ce159b2f_api-ms-win-crt-private-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-private-l1-1-0.dll
Size	71.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`9910a1bfdc41c5b39f6af37f0a22aacd`
SHA1	`47fa76778556f34a5e7910c816c78835109e4050`
SHA256	`65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9`
CRC32	`C78C7F40`
ssdeep	`1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	1989526553fd1e1e_nss3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nss3.dll
Size	1.2MB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`02cc7b8ee30056d5912de54f1bdfc219`
SHA1	`a6923da95705fb81e368ae48f93d28522ef552fb`
SHA256	`1989526553fd1e1e49b0fea8036822ca062d3d39c4cab4a37846173d0f1753d5`
CRC32	`282C0A35`
ssdeep	`24576:ido5Js2a56/+VwJebKj5KYFsRjzx5ZxKV6D1Z4Go/LCiytoxq2Zwn5hCM4MSRdY8:Q2aY4w6aozx5ZWMM7yew8MSRK1y`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c4f60f911068ab6d_api-ms-win-core-namedpipe-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-namedpipe-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6f6796d1278670cce6e2d85199623e27`
SHA1	`8aa2155c3d3d5aa23f56cd0bc507255fc953ccc3`
SHA256	`c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507`
CRC32	`37258A28`
ssdeep	`192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a0c6630d4012ae03_mozglue.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozglue.dll
Size	134.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`eae9273f8cdcf9321c6c37c244773139`
SHA1	`8378e2a2f3635574c106eea8419b5eb00b8489b0`
SHA256	`a0c6630d4012ae0311ff40f4f06911bcf1a23f7a4762ce219b8dffa012d188cc`
CRC32	`2ECD4981`
ssdeep	`3072:Z6s2DIGLXlNJJcPoN0j/kVqhp1qt/TXTv7q1D2JJJvPhrSeXZ5dR:MszGLXlNrE/kVqhp12/TXTjSD2JJJvPt`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bb25ccf8694d1fcf_api-ms-win-core-libraryloader-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-libraryloader-l1-1-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d0873e21721d04e20b6ffb038accf2f1`
SHA1	`9e39e505d80d67b347b19a349a1532746c1f7f88`
SHA256	`bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce`
CRC32	`B08A064C`
ssdeep	`384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4ed9f54db7a6d2da_open1.png.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open1.png.lnk
Size	869.0B
Processes	2532 (zxcvb.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 6 18:51:46 2020, mtime=Thu Aug 6 18:51:46 2020, atime=Thu Aug 6 18:51:46 2020, length=378, window=hide
MD5	`af580564d6b9323926ae9dcbc9881f31`
SHA1	`343984f4eb917082bb4e314782e8959bc939197f`
SHA256	`4ed9f54db7a6d2da0f93c4660237f7146765ff9c53d94cf62e7411fe8b6dccca`
CRC32	`0754EE78`
ssdeep	`12:8GyQ6dRm/avI4otUoKHDVuUOIvcjACvUfiEgO2R:8GyQ9DptUnjsUT4AiUfiEt2R`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	25a4dae37120426a_softokn3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\softokn3.dll
Size	141.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4e8df049f3459fa94ab6ad387f3561ac`
SHA1	`06ed392bc29ad9d5fc05ee254c2625fd65925114`
SHA256	`25a4dae37120426ab060ebb39b7030b3e7c1093cc34b0877f223b6843b651871`
CRC32	`C20F6E98`
ssdeep	`3072:8Af6suip+I7FEk/oJz69sFaXeu9CoT2nIVFetBW3D2xkEMk:B6POsF4CoT2OeYMzMk`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c40bb03199a2054d_vcruntime140.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\vcruntime140.dll
Size	81.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`7587bf9cb4147022cd5681b015183046`
SHA1	`f2106306a8f6f0da5afb7fc765cfa0757ad5a628`
SHA256	`c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d`
CRC32	`9BB5124B`
ssdeep	`1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	4208e4f41baca9ab_skcczlqwcscgqo.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Skcczlqwcscgqo.vbs
Size	111.0B
Processes	2444 (zxcvb.exe)
Type	ASCII text, with no line terminators
MD5	`4ce2d97d5121a4aa49484a5d52eb45d8`
SHA1	`39c446a57db572a7a212cd9e83d040c23754536a`
SHA256	`4208e4f41baca9ab621cacc90631d17f3d3edd39d5ba5ef7918ad27df5b6d122`
CRC32	`E42D56AA`
ssdeep	`3:FER/n0eFHHomWxpcL4E2J5xAIA2lj5kOMFjM:FER/lFHImQpcLJ23fJ1mZM`
Yara	None matched
VirusTotal	Search for analysis

Name	c0d75d1887c32a1b_api-ms-win-crt-environment-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-environment-l1-1-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ac290dad7cb4ca2d93516580452eda1c`
SHA1	`fa949453557d0049d723f9615e4f390010520eda`
SHA256	`c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382`
CRC32	`EDEBA32F`
ssdeep	`192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bcfb0e397df40aba_MapiProxy.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\MapiProxy.dll
Size	19.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7cd244c3fc13c90487127b8d82f0b264`
SHA1	`09e1ad17f1bb3d20bd8c1f62a10569f19e838834`
SHA256	`bcfb0e397df40aba8c8c5dd23c13c414345decdd3d4b2df946226be97defbf30`
CRC32	`C277DA03`
ssdeep	`384:Y0GKgKt7QXmFJNauBT5+BjdvDG8A3OPLon6nt:aKgWc2FnnTOVDG8MSt`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	621f38bd19f62c9c_IA2Marshal.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\IA2Marshal.dll
Size	69.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5243f66ef4595d9d8902069eed8777e2`
SHA1	`1fb7f82cd5f1376c5378cd88f853727ab1cc439e`
SHA256	`621f38bd19f62c9ce6826d492ecdf710c00bbdcf1fb4e4815883f29f1431dfda`
CRC32	`B684A227`
ssdeep	`768:3n8PHF564hn4wva3AVqH5PmE0SjA6QM0avrDG8MR43:38th4wvaQVE5PRl0xs`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f5cf623ba14b017a_api-ms-win-crt-heap-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-heap-l1-1-0.dll
Size	18.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`93d3da06bf894f4fa21007bee06b5e7d`
SHA1	`1e47230a7ebcfaf643087a1929a385e0d554ad15`
SHA256	`f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d`
CRC32	`A016C333`
ssdeep	`192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_Google Chrome_Default.txt Empty file or file not found
Filepath	C:\ProgramData\330118707341584\autofill\Google Chrome_Default.txt
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	69885fd581641b4a_api-ms-win-crt-time-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-time-l1-1-0.dll
Size	20.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`849f2c3ebf1fcba33d16153692d5810f`
SHA1	`1f8eda52d31512ebfdd546be60990b95c8e28bfb`
SHA256	`69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d`
CRC32	`FFFCEB82`
ssdeep	`384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	43536adef2ddcc81_softokn3.dll Submit file
Filepath	C:\ProgramData\softokn3.dll
Size	141.5KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a2ee53de9167bf0d6c019303b7ca84e5`
SHA1	`2a3c737fa1157e8483815e98b666408a18c0db42`
SHA256	`43536adef2ddcc811c28d35fa6ce3031029a2424ad393989db36169ff2995083`
CRC32	`760685C5`
ssdeep	`3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bece7bab83a5d0ec_api-ms-win-crt-math-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-math-l1-1-0.dll
Size	28.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8b0ba750e7b15300482ce6c961a932f0`
SHA1	`71a2f5d76d23e48cef8f258eaad63e586cfc0e19`
SHA256	`bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed`
CRC32	`524A7773`
ssdeep	`384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7670fdede524a485_api-ms-win-core-string-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-string-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`12cc7d8017023ef04ebdd28ef9558305`
SHA1	`f859a66009d1caae88bf36b569b63e1fbdae9493`
SHA256	`7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311`
CRC32	`E2869B8E`
ssdeep	`384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bb33a9e906a58630_api-ms-win-core-memory-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-memory-l1-1-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d500d9e24f33933956df0e26f087fd91`
SHA1	`6c537678ab6cfd6f3ea0dc0f5abefd1c4924f0c0`
SHA256	`bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca`
CRC32	`BFB6A831`
ssdeep	`384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4b704b36e1672ae0_api-ms-win-core-sysinfo-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-sysinfo-l1-1-0.dll
Size	18.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`19a40af040bd7add901aa967600259d9`
SHA1	`05b6322979b0b67526ae5cd6e820596cbe7393e4`
SHA256	`4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92`
CRC32	`BFABEDF6`
ssdeep	`384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f7d450a0f59151bc_api-ms-win-core-util-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-util-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`0f079489abd2b16751ceb7447512a70d`
SHA1	`679dd712ed1c46fbd9bc8615598da585d94d5d87`
SHA256	`f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86`
CRC32	`82651198`
ssdeep	`192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3fe6b1c54b8cf28f_mozglue.dll Submit file
Filepath	C:\ProgramData\mozglue.dll
Size	134.0KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8f73c08a9660691143661bf7332c3c27`
SHA1	`37fa65dd737c50fda710fdbde89e51374d0c204a`
SHA256	`3fe6b1c54b8cf28f571e0c5d6636b4069a8ab00b4f11dd842cfec00691d0c9cd`
CRC32	`E28A5E21`
ssdeep	`3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	03ad57c24ff2cf89_api-ms-win-core-localization-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-localization-l1-2-0.dll
Size	20.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`eff11130bfe0d9c90c0026bf2fb219ae`
SHA1	`cf4c89a6e46090d3d8feeb9eb697aea8a26e4088`
SHA256	`03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97`
CRC32	`991B148C`
ssdeep	`384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	16574f51785b0e2f_sqlite3.dll Submit file
Filepath	C:\ProgramData\sqlite3.dll
Size	630.5KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e477a96c8f2b18d6b5c27bde49c990bf`
SHA1	`e980c9bf41330d1e5bd04556db4646a0210f7409`
SHA256	`16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660`
CRC32	`9F30A75E`
ssdeep	`12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9dab884071b1f7d7_api-ms-win-core-processthreads-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-0.dll
Size	18.9KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2d7d7711f9c0e3e065b2929ff342666`
SHA1	`a17b1f36e73b82ef9bfb831058f187535a550eb8`
SHA256	`9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d`
CRC32	`0FF50B6E`
ssdeep	`384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7633774effe7c0ad_api-ms-win-crt-filesystem-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-filesystem-l1-1-0.dll
Size	19.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`aec2268601470050e62cb8066dd41a59`
SHA1	`363ed259905442c4e3b89901bfd8a43b96bf25e4`
SHA256	`7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2`
CRC32	`68ADCB9C`
ssdeep	`384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	334e69ac9367f708_msvcp140.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\msvcp140.dll
Size	429.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`109f0f02fd37c84bfc7508d4227d7ed5`
SHA1	`ef7420141bb15ac334d3964082361a460bfdb975`
SHA256	`334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4`
CRC32	`97BCF588`
ssdeep	`12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	b1e702b840aebe2e_api-ms-win-crt-stdio-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-stdio-l1-1-0.dll
Size	23.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fefb98394cb9ef4368da798deab00e21`
SHA1	`316d86926b558c9f3f6133739c1a8477b9e60740`
SHA256	`b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7`
CRC32	`F47691BA`
ssdeep	`384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a1a2bb03a7cfcea8_AccessibleHandler.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleHandler.dll
Size	120.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f92586e9cc1f12223b7eeb1a8cd4323c`
SHA1	`f5eb4ab2508f27613f4d85d798fa793bb0bd04b0`
SHA256	`a1a2bb03a7cfcea8944845a8fc12974482f44b44fd20be73298ffd630f65d8d0`
CRC32	`1E606A2D`
ssdeep	`1536:DkO/6RZFrpiS7ewflNGa35iOrjmwWTYP1KxBxZJByEJMBrsuLeLsWxcdaocACs0K:biRZFdBiussQ1MBjq2aocts03/7FE`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d5916ca06cc8612d_evpctmxstsshc.vbs Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Evpctmxstsshc.vbs
Size	124.0B
Processes	2412 (Qhbcytidvconsoleapp6aa.exe)
Type	ASCII text, with no line terminators
MD5	`8f50ba41853fea73032533848791364f`
SHA1	`13091ee848c675b75f1f4b23e62251fdf7b3908a`
SHA256	`d5916ca06cc8612d5d495568d74153ebaa36a98f30d6be8b974c981e9cebed6e`
CRC32	`5D27B57E`
ssdeep	`3:FER/n0eFHHomWxpcL4E2J5xAIsNiWk5cSJwLAdinMFjM:FER/lFHImQpcLJ23fda5kiMZM`
Yara	None matched
VirusTotal	Search for analysis

Name	6ec867dc1caa77ec_frAQBc8Wsa Submit file
Filepath	C:\Users\test22\AppData\LocalLow\frAQBc8Wsa
Size	18.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`f3a100cba30b2a07a7af8886e439024e`
SHA1	`a454cca0db028b4d0fb29fa932c9056519efe2cf`
SHA256	`6ec867dc1caa77ecfd8e457d464b6bebc3be8694b4c88734fa83d197c0b214cc`
CRC32	`72CF6AF8`
ssdeep	`24:LLI10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6KaW:oz+JH3yJUheCVE9V8MX0PFlNU1faW`
Yara	None matched
VirusTotal	Search for analysis

Name	38c389720b75365f_1xVPfvJcrg Submit file
Filepath	C:\Users\test22\AppData\LocalLow\1xVPfvJcrg
Size	72.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`c480140ee3c5758b968b69749145128d`
SHA1	`035a0656bc0d1d376dfc92f75fa664bdf71b3e4d`
SHA256	`38c389720b75365fcb080b40f7fdc5dc4587f4c264ec4e12a22030d15709e4a9`
CRC32	`954A724F`
ssdeep	`96:f0CWo3dOEctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:fXtd69TYndTJMb3j0`
Yara	None matched
VirusTotal	Search for analysis

Name	7a589024cf0eeb59_qipcap.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\qipcap.dll
Size	16.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f3a355d0b1ab3cc8effcc90c8a7b7538`
SHA1	`1191f64692a89a04d060279c25e4779c05d8c375`
SHA256	`7a589024cf0eeb59f020f91be4fe7ee0c90694c92918a467d5277574ac25a5a2`
CRC32	`E4C988D8`
ssdeep	`192:aPgr1ZCb2vGJ7b20qKvFej7x0KDWpH3vUA397Ae+PjPonZwC7Qm:aYpZPGJP209F4vDG8A3OPLonZwC7X`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a1d1d6b0cb0a8421_api-ms-win-crt-utility-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-utility-l1-1-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`b52a0ca52c9c207874639b62b6082242`
SHA1	`6fb845d6a82102ff74bd35f42a2844d8c450413b`
SHA256	`a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0`
CRC32	`DD940147`
ssdeep	`192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4cfada7eb51a6c0c_eJ7xG7cQ_5q.zip Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\eJ7xG7cQ_5q.zip
Size	2.7MB
Processes	2532 (zxcvb.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`1117cd347d09c43c1f2079439056ada3`
SHA1	`93c2ce5fc4924314318554e131cfbcd119f01ab6`
SHA256	`4cfada7eb51a6c0cb26283f9c86784b2b2587c59c46a5d3dc0f06cad2c55ee97`
CRC32	`0846BD7E`
ssdeep	`49152:tiGLaX5/cgbRETlc0EqgSVAx07XZiEi4qiefeEJGt5ygL0+6/qax:t9OX9alwJSVP1fnefekGt5CP`
Yara	None matched
VirusTotal	Search for analysis

Name	91eeb842973495de_api-ms-win-core-processthreads-l1-1-1.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processthreads-l1-1-1.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d0289835d97d103bad0dd7b9637538a1`
SHA1	`8ceebe1e9abb0044808122557de8aab28ad14575`
SHA256	`91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a`
CRC32	`793969BD`
ssdeep	`384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	44f6df4280c8ecc9_api-ms-win-core-heap-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-heap-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`2ea3901d7b50bf6071ec8732371b821c`
SHA1	`e7be926f0f7d842271f7edc7a4989544f4477da7`
SHA256	`44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a`
CRC32	`71E21909`
ssdeep	`192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	83bc57dcf282264f_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\sqlite3.dll
Size	895.2KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`f964811b68f9f1487c2b41e1aef576ce`
SHA1	`b423959793f14b1416bc3b7051bed58a1034025f`
SHA256	`83bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7`
CRC32	`27237862`
ssdeep	`24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9876c53134dbbec4_freebl3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\freebl3.dll
Size	326.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`60acd24430204ad2dc7f148b8cfe9bdc`
SHA1	`989f377b9117d7cb21cbe92a4117f88f9c7693d9`
SHA256	`9876c53134dbbec4dcca67581f53638eba3fea3a15491aa3cf2526b71032da97`
CRC32	`956C0AF8`
ssdeep	`6144:6cYBCU/bEPU6Rc5xUqc+z75nv4F0GHrIraqqDL6XPSed:67WRCB7zl4F0I4qn6R`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7045ebc8901b2843_zxcvb.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\zxcvb.exe
Size	1.2MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2cae1b3be4c37e8f0ca5dac99dbbac17`
SHA1	`fea201d9f1b3d81c67abead708afee8f619785d7`
SHA256	`7045ebc8901b28437b116f9ff37d6e16caf2b47e3b7986cc233add8410f1ec9f`
CRC32	`DEC516BD`
ssdeep	`24576:kiKH63AanJL5WRxc493rVedPdiHxO0KQJ2dJd0+Tf7Lsg77R:vZA0L5WRq493heB2ydJ/LsS7R`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	0bb8c77de80acf9c_ucrtbase.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ucrtbase.dll
Size	1.1MB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d6326267ae77655f312d2287903db4d3`
SHA1	`1268bef8e2ca6ebc5fb974fdfaff13be5ba7574f`
SHA256	`0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9`
CRC32	`4ED86FD4`
ssdeep	`24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	c4299c07f4242754__3301187073.zip Submit file
Filepath	C:\ProgramData\330118707341584\_3301187073.zip
Size	10.9KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`3a8de1f9e2ba5e264635a2a185fd478a`
SHA1	`0ec0c9af6f0e3b45a48cce925482a263c48a53ac`
SHA256	`c4299c07f42427545a927ddc9348718def620ce60640fd861c3cd7686f6663ba`
CRC32	`EA79ED5C`
ssdeep	`96:01VXV5NU5tF4Sblr0X29ObCM58XRQBuuDAgNY8a+Z8qb+p4dbIM7T2/H4KsnSZ2y:0bG5s2l9OboXWBuu7Z8Q5i/QStpH5PP`
Yara	None matched
VirusTotal	Search for analysis

Name	3b046d30dc2e6021_rQF69AzBla Submit file
Filepath	C:\Users\test22\AppData\LocalLow\rQF69AzBla
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`e185515780e9dcb21c3262899c206308`
SHA1	`230714474693919d93949ab5a291f7ec02fd286f`
SHA256	`3b046d30dc2e6021be55d1bd47c2a92970856526c021df5de6e4ea3c4144659b`
CRC32	`25EF2A64`
ssdeep	`24:TLNg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fBvlllYu:TC/ecVTgPOpEveoJZFrU1cQBvlllY`
Yara	None matched
VirusTotal	Search for analysis

Name	685dd7708676209d_system.txt Submit file
Filepath	C:\ProgramData\330118707341584\system.txt
Size	2.1KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7918f6ca0746a27c82c6043cd23fd6b6`
SHA1	`8e2e90843128963d73a47b39172755312d9f06dd`
SHA256	`685dd7708676209de53b11f4d6559e9e96fb35aec9642babe477e3cdca5d34b6`
CRC32	`9B1C0821`
ssdeep	`48:nRU1taFFGrSzNczl6SwHLM+YZ0352Bf5774mRNMPpX:nRe2QewVwHLMX2352Bf5774mRixX`
Yara	None matched
VirusTotal	Search for analysis

Name	7b9fc6be34f43d39_libEGL.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\libEGL.dll
Size	22.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`96b879b611b2bbee85df18884039c2b8`
SHA1	`00794796acac3899c1fb9abbf123fef3cc641624`
SHA256	`7b9fc6be34f43d39471c2add872d5b4350853db11cc66a323ef9e0c231542fb9`
CRC32	`A86103C2`
ssdeep	`384:INZ9mLVDAffJJKAtn0mLAb8X3FbvDG8A3OPLonzvGb:4mx+fXvn4YFrDG8MKb`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	791d226d80ef9d06_screenshot.jpg Submit file
Filepath	C:\ProgramData\330118707341584\screenshot.jpg
Size	21.9KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`2043f4a949912e2a3e3b496f6d24da91`
SHA1	`68b447142b8dc26bd9a0a73ae90c4336c007f38f`
SHA256	`791d226d80ef9d0684a8269f2ef82ab1f36e283374d2e15cdda344f76961cfa6`
CRC32	`26C707E7`
ssdeep	`192:pCzay86LL5XH6Hc6OEuLL0tq7AeaWaE0RRRJASVb8Z7cTFJs4:4586LL5XaHceuLkNIO8ZgTFJX`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	e2935b5b28550d47_nss3.dll Submit file
Filepath	C:\ProgramData\nss3.dll
Size	1.2MB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bfac4e3c5908856ba17d41edcd455a51`
SHA1	`8eec7e888767aa9e4cca8ff246eb2aacb9170428`
SHA256	`e2935b5b28550d47dc971f456d6961f20d1633b4892998750140e0eaa9ae9d78`
CRC32	`9F24F4E3`
ssdeep	`24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis

Name	96898930ffb338da_api-ms-win-core-processenvironment-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-processenvironment-l1-1-0.dll
Size	18.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`5f73a814936c8e7e4a2dfd68876143c8`
SHA1	`d960016c4f553e461afb5b06b039a15d2e76135e`
SHA256	`96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e`
CRC32	`F1C25621`
ssdeep	`192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	945cc64ee04b1964_api-ms-win-core-handle-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-handle-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6db54065b33861967b491dd1c8fd8595`
SHA1	`ed0938bbc0e2a863859aad64606b8fc4c69b810a`
SHA256	`945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5`
CRC32	`11700B42`
ssdeep	`384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2481da1c459a2429_nssckbi.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssckbi.dll
Size	328.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bdaf9852f588c86b055c846b53d4c144`
SHA1	`03b739430cf9eade21c977b5b416c4dd94528c3b`
SHA256	`2481da1c459a2429a933d19ad6ae514bd2ae59818246ddb67b0ef44146ced3d8`
CRC32	`2FEEE271`
ssdeep	`6144:8bndzEL04gF85K9autIMyEhZ/V3psPyHa9tBe1:8bndzEL04pnutIMyAp2z9tBe1`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	24c9aa0b70e557a4_api-ms-win-core-timezone-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-timezone-l1-1-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`babf80608fd68a09656871ec8597296c`
SHA1	`33952578924b0376ca4ae6a10b8d4ed749d10688`
SHA256	`24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca`
CRC32	`2A90DCC5`
ssdeep	`384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	be3987a6cd970ff5_nssdbm3.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\nssdbm3.dll
Size	90.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`94919dea9c745fbb01653f3fdae59c23`
SHA1	`99181610d8c9255947d7b2134cdb4825bd5a25ff`
SHA256	`be3987a6cd970ff570a916774eb3d4e1edce675e70edac1baf5e2104685610b0`
CRC32	`7BF8093C`
ssdeep	`1536:YvNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41Pc:+NGVOiBZbcGmxXMcBqmzoCUZoZebHPAT`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7f93b70257d966ea_lgpllibs.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\lgpllibs.dll
Size	54.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`56e982d4c380c9cd24852564a8c02c3e`
SHA1	`f9031327208176059cd03f53c8c5934c1050897f`
SHA256	`7f93b70257d966ea1c1a6038892b19e8360aadd8e8ae58e75ebb0697b9ea8786`
CRC32	`5A47D31A`
ssdeep	`1536:LxsBS3Q6j+37mWT7DT/GszGrn7iBCmjFCOu:LxTBcmWT7X/Gszen7icmjFtu`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	30d99ce1d732f6c9_api-ms-win-core-synch-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-synch-l1-2-0.dll
Size	18.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`0d1aa99ed8069ba73cfd74b0fddc7b3a`
SHA1	`ba1f5384072df8af5743f81fd02c98773b5ed147`
SHA256	`30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1`
CRC32	`9E779F84`
ssdeep	`384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9ca21763c528584b_api-ms-win-crt-conio-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-conio-l1-1-0.dll
Size	18.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6ea692f862bdeb446e649e4b2893e36f`
SHA1	`84fceae03d28ff1907048acee7eae7e45baaf2bd`
SHA256	`9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2`
CRC32	`F5C804B7`
ssdeep	`384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c8c499b012d0d63b_api-ms-win-core-file-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-file-l1-2-0.dll
Size	17.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e2f648ae40d234a3892e1455b4dbbe05`
SHA1	`d9d750e828b629cfb7b402a3442947545d8d781b`
SHA256	`c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03`
CRC32	`7888788D`
ssdeep	`192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2b128b3702f8509f_ldap60.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ldap60.dll
Size	129.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5a49ebf1da3d5971b62a4fd295a71ecf`
SHA1	`40917474ef7914126d62ba7cdbf6cf54d227aa20`
SHA256	`2b128b3702f8509f35cad0d657c9a00f0487b93d70336df229f8588fba6ba926`
CRC32	`DB27373D`
ssdeep	`3072:qgXCFTvwqiiynFa6zqeqQZ06DdEH4sq9gHNaIkIQhEwe:qdvwqMFbOePIP/zkIQ2h`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	deccd75fc3fc2bb3_api-ms-win-core-interlocked-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-interlocked-l1-1-0.dll
Size	17.4KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d97a1cb141c6806f0101a5ed2673a63d`
SHA1	`d31a84c1499a9128a8f0efea4230fcfa6c9579be`
SHA256	`deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c`
CRC32	`2315F4FA`
ssdeep	`192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	6f878c485ee7d776_x3CF3EDNhm Submit file
Filepath	C:\Users\test22\AppData\LocalLow\x3CF3EDNhm
Size	120.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`7cd1f915719aa3f01dcb5d1d04018ba0`
SHA1	`6e50a73815aae25bd6295d7240d517f0758b94be`
SHA256	`6f878c485ee7d776face2b6f0f72d6b2b383041ce5abd23ee5948d987afa9c64`
CRC32	`AA763EF2`
ssdeep	`48:T1HW6tdfxNPp+suktLReRK+NaUvdWSZ00LTL0drQHHp7C5fVcS2+VANUXq6uw5Nb:DJQpWSZ00LTL0QCbc0VANPjwQU+`
Yara	None matched
VirusTotal	Search for analysis

Name	8eb5270fa9906970_api-ms-win-core-profile-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-profile-l1-1-0.dll
Size	17.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fee0926aa1bf00f2bec9da5db7b2de56`
SHA1	`f5a4eb3d8ac8fb68af716857629a43cd6be63473`
SHA256	`8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c`
CRC32	`F4A6ED8B`
ssdeep	`192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	66abf3a1147751c9_api-ms-win-crt-multibyte-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-multibyte-l1-1-0.dll
Size	25.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`35fc66bd813d0f126883e695664e7b83`
SHA1	`2fd63c18cc5dc4defc7ea82f421050e668f68548`
SHA256	`66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735`
CRC32	`7DAE2C38`
ssdeep	`384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	2257fea1e71f7058_api-ms-win-core-rtlsupport-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-core-rtlsupport-l1-1-0.dll
Size	17.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fdba0db0a1652d86cd471eaa509e56ea`
SHA1	`3197cb45787d47bac80223e3e98851e48a122efa`
SHA256	`2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57`
CRC32	`D22BBC25`
ssdeep	`384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	d368eb240106f871_AccessibleMarshal.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\AccessibleMarshal.dll
Size	25.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a7fabf3dce008915cee4ffc338fa1ce6`
SHA1	`f411fb41181c79fba0516d5674d07444e98e7c92`
SHA256	`d368eb240106f87188c4f2ae30db793a2d250d9344f0e0267d4f6a58e68152ad`
CRC32	`6B77C025`
ssdeep	`384:KuAjyb0Xc6JzVuLoW2XDOc3TXg1hjsvDG8A3OPLon07zS:BEygs6RV6oW2Xd38njiDG8Mj`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	73cc56f20268bfb3_api-ms-win-crt-string-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-string-l1-1-0.dll
Size	22.9KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`404604cd100a1e60dfdaf6ecf5ba14c0`
SHA1	`58469835ab4b916927b3cabf54aee4f380ff6748`
SHA256	`73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c`
CRC32	`C04CB509`
ssdeep	`384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3cc1377d495260c3_api-ms-win-crt-convert-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-convert-l1-1-0.dll
Size	21.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`72e28c902cd947f9a3425b19ac5a64bd`
SHA1	`9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7`
SHA256	`3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1`
CRC32	`29B4635D`
ssdeep	`384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8b69700ab825eddc_Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe
Size	361.0KB
Processes	2412 (Qhbcytidvconsoleapp6aa.exe) 844 (cmd.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4579cdc9f5e07f4a8b5467cfb943e897`
SHA1	`8771c6ef92bd5982e25513308d9aab289c7c4085`
SHA256	`8b69700ab825eddceb30d7d2bbd519437d51858dc61607213b2e170938060cef`
CRC32	`23A8D262`
ssdeep	`6144:sPdeKzMbhpNRKisVDvo5CHLwSery1PWEbEKYn7B1zZtz9EqEV:sEKQ1zRKiijo4HLwS8y1eKEKYn7LzsV`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	3aabbe0aa86ce8a9_ldif60.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\ldif60.dll
Size	20.0KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`4fe544dfc7cdaa026da6eda09cad66c4`
SHA1	`85d21e5f5f72a4808f02f4ea14aa65154e52ce99`
SHA256	`3aabbe0aa86ce8a91e5c49b7de577af73b9889d7f03af919f17f3f315a879b0f`
CRC32	`A197FD66`
ssdeep	`384:YxfML3ALxK0AZEuzOJKRsIFYvDG8A3OPLonw4S:0fMmxFyO4RpGDG8MjS`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c9bbc07a033bab6a_api-ms-win-crt-runtime-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-runtime-l1-1-0.dll
Size	22.3KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`41a348f9bedc8681fb30fa78e45edb24`
SHA1	`66e76c0574a549f293323dd6f863a8a5b54f3f9b`
SHA256	`c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b`
CRC32	`1E462B97`
ssdeep	`384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b454a56c2ceb4943_open.png.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\open.PNG.lnk
Size	864.0B
Processes	2532 (zxcvb.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 6 18:50:59 2020, mtime=Thu Aug 6 18:50:59 2020, atime=Thu Aug 6 18:50:59 2020, length=470, window=hide
MD5	`a4f65c360b73e1e96e1399a5832aa186`
SHA1	`7784838ff4d846599ae592ace81f3fe5326c6dd8`
SHA256	`b454a56c2ceb4943b731282b54c45ddf5779c61c0196e25fbd05dfc1a5d150d4`
CRC32	`1BA57EF2`
ssdeep	`12:8GzVZ3nJm/avI4otUoKHDDh5N2iEjAH7liEgobYAbYR:8GnMDptUnjDYhAbliELbYAbYR`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	abbbed3542a917a4__3301187073.zip Submit file
Filepath	C:\ProgramData\330118707341584\_3301187073.zip
Size	10.5KB
Processes	2480 (Ehjayxmtvzhapkaunfnnsaconsoleapp19o.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`017507fc45ac66195061511dbf05ce4d`
SHA1	`150e4a7798fb3b253cdbb5c31fe356500ba9fc7c`
SHA256	`abbbed3542a917a4b6c7eabc2e41003690753c5c2b495cf1bd05e87ec01bd9e5`
CRC32	`5DABD8B4`
ssdeep	`96:01VXV5NU5tF4Sblr0X29ObCM58XRQBuuDAgNY8a+Z8qb+p4dbIM7T2/H4KsnSZ2H:0bG5s2l9OboXWBuu7Z8Q5i/QStpH5P2`
Yara	None matched
VirusTotal	Search for analysis

Name	c03124ba691b1879_api-ms-win-crt-process-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\api-ms-win-crt-process-l1-1-0.dll
Size	18.8KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8d02dd4c29bd490e672d271700511371`
SHA1	`f3035a756e2e963764912c6b432e74615ae07011`
SHA256	`c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b`
CRC32	`9C376D11`
ssdeep	`192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	06ef2010b738fbe9_mozMapi32.dll Submit file
Filepath	C:\Users\test22\AppData\LocalLow\aD1rF3aM8r\mozMapi32.dll
Size	81.5KB
Processes	2532 (zxcvb.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`385a92719cc3a215007b83947922b9b5`
SHA1	`38de6ca70cee1bad84bed29ce7620a15e6abcd10`
SHA256	`06ef2010b738fbe99bcdebbf162473a4ee090678bb6862eeb0d4c7a8c3f225bb`
CRC32	`13DC4D47`
ssdeep	`1536:CNr03+TtFKytqB0EeCsu1sW+cdQOTki9jHiU:CNrDKHBBjXQSki9OU`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)
VirusTotal	Search for analysis