Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.04 10:05
mediacje.png
05.04 10:05
Portal orzeczeń - Sąd ...
05.04 04:05
2708.bson
05.04 04:05
289e4f9df20d686b_{4fc7...
05.04 04:05
2616.bson

Latest News
05.05 07:05
2025 Security Trends: ...
05.05 06:05
Boutique Advisory Tida...
05.05 05:05
All-Band Radio Records...
05.05 03:05
Windows 95 Setup: Wenn...
05.05 03:05
Google-KI: Wenn ausged...
05.05 03:05
ChatGPT erschreckt Nut...
05.05 02:05
PCB Renewal Aims To Ma...
05.05 01:05
IT Sicherheitsnews tae...
05.05 12:05
북한 해킹조직 코니(Konni) 위장문서...
05.04 11:05
美 의원들, '중국 군부 연루' 기업 2...

Dropped Files | ZeroBOX

Name	cdc0cd130d6fe0e2_hwmonitorpro_eula.pdf Submit file
Filepath	C:\Users\test22\AppData\Local\Ecphorize\Gonocoele\Niddingens\Julenissen\Pollbook\launchable\HWMonitorPro_eula.pdf
Size	20.1KB
Processes	2804 (jettyhead.exe)
Type	PDF document, version 1.4
MD5	`49b632c71ecd1a24094b039db99208cb`
SHA1	`16f4034a3612a90fd414fa2a97a95e3912710acc`
SHA256	`cdc0cd130d6fe0e22eb00ea9c6bb0465178d5218bf25e2f3476bc2857442579f`
CRC32	`179CF454`
ssdeep	`384:6egn5L3HMyHymHhFa6CZtYhlrs8L9LpL1LeLg7T9S8ayqe9XwNzxy187+MYVgWgC:6R57HVg5ZtYvBxdBik7T9VjwRxy10+MO`
Yara	PDF_Format_Z - PDF Format
VirusTotal	Search for analysis

Name	3994b4c866008d0e_txt.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\txt.ico
Size	45.7KB
Processes	2704 (None)
Type	MS Windows icon resource - 8 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 64x64, 32 bits/pixel
MD5	`5710dff9cf9bd12ac1cca4f53bafce1a`
SHA1	`98bb93847ece0b8b9c4c196a8892aa0ad365d48b`
SHA256	`3994b4c866008d0e7b5ca3490572f32b275280d2397fa92d43a58608c5822af0`
CRC32	`0B39FDCE`
ssdeep	`384:1V38dDnaxg679Boww4glQhgLU07kRI0VxdahYMMmncdDXP2WZtS3MT:Ds9naW+9kL8`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	47e8d268f6235eb0_jsgirplhspm-kqp‮txt.scr Submit file
Size	1.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f1fbe17316d116ddf3d3b7db7d5f00e7`
SHA1	`8e1797b8503f5417986ccd87caf00ee449a51237`
SHA256	`47e8d268f6235eb0c70f43a8a2b3f8da52d510d2b4e98591b8af4ab1813b8215`
CRC32	`E1F750CF`
ssdeep	`49152:d5eVQpcTjYpdEx3rO3lToqwKrtGfBLEdOKCaP3Nh+:3kCcDQxoepGGvNo`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	7ae09d8ccfd24cba_soothsaying.for Submit file
Filepath	C:\Users\test22\AppData\Local\Ecphorize\Gonocoele\Ansamlende\Diaphysis\Esmakkere\Soothsaying.For
Size	29.7KB
Processes	2804 (jettyhead.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`364bfcdf5c3cf6d161bbf12e161e53fe`
SHA1	`f36efa0da96602bd406aa38a802504b8bb10f417`
SHA256	`7ae09d8ccfd24cbaccb7b1e17c8a003a204773afc930dd94c6051efd2689dc4f`
CRC32	`6160269C`
ssdeep	`384:gj96y6bnGCgYNU+LjtrqaWhfQY/k19LW0pq/Yn+O+76Jo/Qq0mP69FwuAAa4X71u:g/6bN9NL31q1fxk/Jq/Yn42Sn69WQa4I`
Yara	None matched
VirusTotal	Search for analysis

Name	34a4ddf91b64af23_NkgkmsLBiC.txt Submit file
Filepath	C:\Users\test22\Documents\NkgkmsLBiC.txt
Size	288.1KB
Type	data
MD5	`ba2215ffbd7b5e09ce66598f8a1334e8`
SHA1	`a3ea913873a1941d426c01f72d4b65ea62558a32`
SHA256	`34a4ddf91b64af23896ec9c0893e7b47730d2b484896aae2ee6432508eff48bf`
CRC32	`B6F42925`
ssdeep	`6144:ab73Kin9hv6diK5gtAmSYlBoa5Xqwn4UnLFmljch:aX3ln2d0PSYF97n4Kg9ch`
Yara	None matched
VirusTotal	Search for analysis

Name	8f87d4bde3cdddd2_mITOpbdqvUil.txt Submit file
Filepath	C:\Users\test22\Documents\mITOpbdqvUil.txt
Size	44.3KB
Type	data
MD5	`4653fc308d150cbd9d07a0e197b50980`
SHA1	`1b0828e0920e43a7f31a58796d1f4ceb00d367a3`
SHA256	`8f87d4bde3cdddd2984a1b9abf8943249b3cf19676def9f69a0c5f12ecdd72a7`
CRC32	`8CCB8EE2`
ssdeep	`768:rhoj7CFv6KtltArdvvs9kkZn6c6BXaf4peH8WpIDLU6I/wLMDbBLsDFNE/J4MkZL:nFvf3tArdv+dB6cWXafgecbLU6IUcBL2`
Yara	None matched
VirusTotal	Search for analysis

Name	7f5efad8828d3ddf_aoqkmvvi.e Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\aoqkmvvi.e
Size	1.4MB
Processes	2552 (bnb.exe)
Type	data
MD5	`fa45666760414589656a9b1b065e33da`
SHA1	`976b2a7771377ba5bcf4a6cce24c5774cbb26a06`
SHA256	`7f5efad8828d3ddfb613e7ac2b35ca86f1ba91ab4a2bae6022b69cc6ae5d33fe`
CRC32	`ABE0F789`
ssdeep	`24576:qkjYdDubOUTcgMSOGSyr40QRfy4yRFIe0yAN1EOg+7Gv86XU3zoIMHK:qrR4nTQSOGSygRuRFF05N1tgcC8SdK`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\Desktop\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	54976a776a08ddd4_jettyhead.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jettyhead.exe
Size	508.1KB
Processes	2704 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`f87672ca39c11764995388966e69d8fb`
SHA1	`773f9ac04d5a978871cf3cfa40b0bcef0c5bec5e`
SHA256	`54976a776a08ddd4ab7cf1fb6b00c4a23f931f1a7d1d937922169ef3be7c9cae`
CRC32	`AD807C4D`
ssdeep	`6144:aYa6PouWkZpekVOWWyIGKlU04xFcg5+AGymDvAMv0IEFmtc:aYBouWkZplVOmSUTzcAKxdEAi`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	be16504ca508c73b_hhBeHlkVxZms.pptx Submit file
Filepath	C:\Users\test22\Documents\hhBeHlkVxZms.pptx
Size	963.9KB
Type	data
MD5	`ea83ef35ceedf6a89068d5d7fa5cb885`
SHA1	`2d0c27fe4fe6e03011dbd9a78b26eef0d60f9eff`
SHA256	`be16504ca508c73b8c299d2621ebbbd7f13a482a32e2fd57302bdb085f922a05`
CRC32	`503CE5BC`
ssdeep	`24576:TTN8zb/7lxVgAoeDvm/v/z8URy6vdJaq3jH:TB8/7lxVYei30gdH`
Yara	None matched
VirusTotal	Search for analysis

Name	11fb3238a5cb3017_nkgkmslbic-xei‮txt.scr Submit file
Size	1.8MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c5f4df921945c80610754ad053b38774`
SHA1	`dff9916ea16fb52cdea9cd0bd1dfec6b11d28b18`
SHA256	`11fb3238a5cb301742211956ae22d2e4e1eab2361660d72bb95467721e07a436`
CRC32	`C91F87FC`
ssdeep	`24576:quZ43QtYYlaXTcbaUTwri+w0yXXBE8K1BmgkEfSG9kQRSSFugdlnnRAxw02M:n43QtvoE020bVSyRfHlnRAxU`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4729b82fdac43386_libpangoft2-1.0-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Ecphorize\Gonocoele\Politistationer\Aflastnings\Opslugendes\libpangoft2-1.0-0.dll
Size	95.3KB
Processes	2804 (jettyhead.exe)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`2c1c2c1a656e612fe8edb2addd089bf9`
SHA1	`f27d3289ea8353d20e98b1d9688a10160aebd89b`
SHA256	`4729b82fdac43386e6ef57187e3058f4bcf9a21e6f80afa11d6a46d1382d8e1e`
CRC32	`8FF75007`
ssdeep	`1536:3nwKEqr7KsPUBO6BT2IiXSM0SdK0Vn+0L7RJDcB4i3T9j+wvrHuqjOA9:tEqr7VUBT2IiXSM0SdJ+eDcB4i3T9j+2`
Yara	IsDLL - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsfF05B.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsfF05B.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	0f845d4118009db5_semiskilled.slv Submit file
Filepath	C:\Users\test22\AppData\Local\Ecphorize\Gonocoele\Semiskilled.Slv
Size	167.1KB
Processes	2804 (jettyhead.exe)
Type	data
MD5	`365f577bf2e0229c9ccd6a5eed841eb9`
SHA1	`54ddcbe7007926ce67214299713898167764289b`
SHA256	`0f845d4118009db56685de2871b2435631d914fc8a723f32ecf96071c3e81170`
CRC32	`316AF605`
ssdeep	`3072:Qi4+CpwE/W+E+5JjXU1KdxXHgHIbHerj5D:QkCpwE/WS5J/XKZ`
Yara	None matched
VirusTotal	Search for analysis

Name	7ea91dcacb625576_nmsibqicnh-suu‮txt.scr Submit file
Size	1.9MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e48a94d9d2694c28d76351e8570918a9`
SHA1	`d3772d3997feae7999cf8329b4f133c087308e59`
SHA256	`7ea91dcacb625576260e048d7bae0720063558ffda8af7c959a32ec9119f4175`
CRC32	`B5FE19D5`
ssdeep	`49152:O+n9RMjJhcj1wBoQr38znftoytlz+87B4g7j:OychceBT8bto8tN`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	88e65aa69858b179_CJgZNzWBCXYHnBkZq.txt Submit file
Filepath	C:\Users\test22\Documents\CJgZNzWBCXYHnBkZq.txt
Size	31.3KB
Type	data
MD5	`78af5f2f35746bdaa5499e29daca737d`
SHA1	`7ac488b31b66b81fcd7711453acc6efede1aaf32`
SHA256	`88e65aa69858b179558b77e4542670d29399e83fb04dd4f207cbe9ca8ddf3d13`
CRC32	`71A2CC37`
ssdeep	`768:2zA1C82+UYugHPAH/Ug2+I7TcJTvfFAzl6vj+vFepKb:2MCaUYhIUgus9vdAzl6vjOb`
Yara	None matched
VirusTotal	Search for analysis

Name	ea6ad37a791c0b2e_pptx.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pptx.ico
Size	9.4KB
Processes	2704 (None)
Type	MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
MD5	`6e3322660aafb357da9aa92edad9934f`
SHA1	`48f15ac46d8e42c13aeb7772d77575a27fb6bdf6`
SHA256	`ea6ad37a791c0b2e64e084157e29cca3955bfa2a1368141621b48c581cf3a99d`
CRC32	`248753EA`
ssdeep	`96:99z3zzzzzzzzzzzzzzzzz37EWtoxM7gPbiIE+puKEjO5:7ZtISgPbi3KEjO5`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	2ce72d217455e1a6_jmkjqidylorl.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\hioimpojp\jmkjqidylorl.exe
Size	98.5KB
Processes	2652 (pffbaqn.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`34874f0ef7002cef887310fac6bd1984`
SHA1	`c65f876c2d7304e70dd2eb610f39d2d981718fbd`
SHA256	`2ce72d217455e1a6eabdb456961178534f0f6432b25a701872b19a30e4a002f9`
CRC32	`79F48A8F`
ssdeep	`3072:kn8PEADZc+vqfa/o4qe5K17C6N5RQl/lTa9G+uqK:k8flpqJjegN0`
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f16ed6f7ff049e79_ONyeiyAHXnG.docx Submit file
Filepath	C:\Users\test22\Documents\ONyeiyAHXnG.docx
Size	898.8KB
Type	data
MD5	`1c3a0afd5428ea2b1e11aeea596d2dbc`
SHA1	`e41928731b20b7420e6f1cceaaec451e400cac43`
SHA256	`f16ed6f7ff049e79be0a98206dfad09ccf349ae89161d16b17de023e43db177f`
CRC32	`CA3EE9A8`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	37eaa1731de21273_mitopbdqvuil-pua‮txt.scr Submit file
Size	1.5MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0922642b6482128b147e73a559141fb8`
SHA1	`992a2d7e48a83665cb6fc90ceec881b9ecf99f91`
SHA256	`37eaa1731de2127359ab2610d7d98d45d1573349da97f7cd75cad28f20bb2e63`
CRC32	`8A655BB3`
ssdeep	`24576:UI2jNK70B/YAUZp9f1gNnogSl6Hv3H2gAYVSI+v1u6cGvC6sTmG:3wB/YAUZrf1+nVSl0v3WUVS/QiKTm`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	5046b90b19fc006a_cjgznzwbcxyhnbkzq-wck‮txt.scr Submit file
Size	1.5MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2c78407933090b311abdbc9aee839117`
SHA1	`d38d7033e880bf8a962cf158bab4cba0ec40db96`
SHA256	`5046b90b19fc006ab02969aee5cad768c3a886b36ca0a5127184cee758da91b8`
CRC32	`D301049E`
ssdeep	`24576:klcfytXmf8zkWMkxIKS/L+puJFWYTYHLyMWeunVI++k4ABYSGfDQV1:klcqt2fSxI9LmZHLyMWrVI+X4kPGb`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	98a4dd5f428e55ee_hhbehlkvxzms-fzq‮xtpp.scr Submit file
Size	2.4MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1c3e3f239ea70103329b0a8c7b065118`
SHA1	`9fa847668cdb42c90ac636173840a2017a0341ce`
SHA256	`98a4dd5f428e55ee463ff9bc4a8300bda44852aa96d1fa8d816ae32989a26b57`
CRC32	`D45C645D`
ssdeep	`49152:3Z3zOJg09ivWLeXidNzTGnorAxniwH/iZHn8J2yp98m4:FOJg09iEeXE9SHqZH8Mo8m`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d7690ddb5d351097_airplane_5.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Ecphorize\Gonocoele\Ansamlende\Diaphysis\Esmakkere\Airplane_5.bmp
Size	6.2KB
Processes	2804 (jettyhead.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
MD5	`e8a3d98f895184eb509c3daa5582e7ee`
SHA1	`e19b07a617f406d0277400196f70cd280259c082`
SHA256	`d7690ddb5d351097412d22cefcb26246d37763d9b4966912daf325d4b8acbc85`
CRC32	`81528471`
ssdeep	`192:oXRlldOqQIzHtbsY2w9ubFvBR81CwncSH:KRpOatsY2w9ArEJ`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	720e78e06f41c368_readme-oza‮txt.scr Submit file
Size	1.5MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fc4e6542707b0f08aa2fc3f00c39a3f2`
SHA1	`01a5ceff4f27df4fa685f69e694a6cbe03d3634b`
SHA256	`720e78e06f41c36830721330d593e71adb2c9628eed1a85c13abc351a742f676`
CRC32	`554D53EE`
ssdeep	`24576:cpH4hj8tEzCrlb6/qIZc1svE6URH3gtxZ/bBuFkyMimVqMCs:4ccEWrlb6lv5YXUxZ/kKY`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1310471aa638e4d9_onyeiyahxng-fqj‮xcod.scr Submit file
Size	2.3MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2c86b5ba4bf24437f16620749bd22154`
SHA1	`859806fd5176714dd24f6217838d89f01ca929ef`
SHA256	`1310471aa638e4d9203aeb1cd7785f00924278457e43b09aa8a18f6103de2dd0`
CRC32	`49B8E244`
ssdeep	`24576:xHDEfHlLI2V1IHW9Eb63gOuoiL92MjnfezaZvRZs4sEeOOK60VxrzzEF:ZgfFU2zIsk63g6zMjnfeMFr6oxrzI`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a19d0ae6e024ccb6_jrRNInQJEzypfU.txt Submit file
Filepath	C:\Users\test22\Documents\jrRNInQJEzypfU.txt
Size	147.5KB
Type	data
MD5	`52dd1fea29bab63480ef4c017684a9d9`
SHA1	`2a13549ef6aa297bf2e060c7678fa0437803aa71`
SHA256	`a19d0ae6e024ccb6a62b710a4c1ee53872b3704c02e7fa015d415733728ae140`
CRC32	`1ACEBA29`
ssdeep	`3072:OeIcCXH9dYkxy+3Ov5OajA+uN5v9kYlYfW1wvE2szuu0o6BXHT:OdcCYkxpevpqNlYfOWszH0oST`
Yara	None matched
VirusTotal	Search for analysis

Name	e540108233f90243_ypddnkzjcwt.k Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ypddnkzjcwt.k
Size	7.7KB
Processes	2552 (bnb.exe)
Type	data
MD5	`569849c1b5ba28add986b085baa24778`
SHA1	`a47d644beeb2540f9c6cdf390b61ad8b7a48a3bf`
SHA256	`e540108233f9024379ee136edd60cf7ebd2adbdcd3c63a10ee2193c4e8e6c3b5`
CRC32	`E3CF38AC`
ssdeep	`96:DMVfJwCoIUzh/N4L90XnxVkFZtHJH1+hAFXUPqsdynt2FRGm7e7FFP4BQ3yqvJec:CF2N4LonxV6ZYhA/h2F0P4KBvJeupzX`
Yara	None matched
VirusTotal	Search for analysis

Name	1613dfca627df925_jsGIrPlHsPM.txt Submit file
Filepath	C:\Users\test22\Documents\jsGIrPlHsPM.txt
Size	152.3KB
Type	data
MD5	`678f200bbdcbd766738c556fc32a58d8`
SHA1	`d04d2b7feb4ae5217b2e506b7029d2932a1b897d`
SHA256	`1613dfca627df92567ddad65992d171f58ce44f6606f6ce6a72b0d0d17641912`
CRC32	`D85EC086`
ssdeep	`3072:TUzncZdDUeK0wBA1fwBwwLjbI3czjlpIpLdxgQ5SGP8RSn5DD+ZhTCn69ABgd:gwT8IRQlipLzSFcnFDiFSA`
Yara	None matched
VirusTotal	Search for analysis

Name	7f779396270dba38_docx.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\docx.ico
Size	2.6KB
Processes	2704 (None)
Type	MS Windows icon resource - 1 icon, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
MD5	`3ebf9beb4bf7b857504b7ef89594ef9b`
SHA1	`2808a69b682412f6897884361da964ecd1cedcfa`
SHA256	`7f779396270dba3883143c913b41e1058099cc69b64b99bc2a38da877a56d0e2`
CRC32	`CA75D48D`
ssdeep	`48:y2GfzT3ttpsknOF9KFWYz6ZagHVZpkszKNfSJPRrUqTwefbjyco175ru4zlurheN:vSt4kG386wgHFngqHrwefbORlrFurheN`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	ed839ebaf6d7f516_jrrninqjezypfu-ebi‮txt.scr Submit file
Size	1.6MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d9932ed2cad33c4b1f443a470440105a`
SHA1	`10b04721602fa3f23f79b67a876884487b1a5b43`
SHA256	`ed839ebaf6d7f51641c3b6a7018522da0ac62f349fdd8f0843a028049a265eda`
CRC32	`4A65E40B`
ssdeep	`24576:98wAK9321qFY9JHzoOtlnW5Wn0IZ6NzwpnYx2OtFnhWajwRGqhDz638EGHT08fTl:T938hneAfINz8+zWz63uT0UTwCN/48`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	41d6a6098f479657_tmp1a2b.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tmp1A2B.tmp
Size	6.5KB
Processes	2704 (None)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`866c6b089cc2d65f63e55883f2cdbe41`
SHA1	`436dbc9b91c7e40dfb09a45193f1aefd912c8ddc`
SHA256	`41d6a6098f47965744ef7360058c8fb6a8eba472aec9ad5c6b711fed3c47f52e`
CRC32	`F59468E0`
ssdeep	`96:7EIxANiSfpejbT/b4e3hJOGJ+zVGVHMJwGRmr8S0Vld8zNt:7JxAAQYjv/bd3hQ2GIEBCqdG`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b7c225ef3cc3e875_d93f411851d7c929.customDestinations-ms~RFa5d4c2.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RFa5d4c2.TMP
Size	7.8KB
Processes	2880 (powershell.exe) 3008 (powershell.exe)
Type	data
MD5	`81ca4510272caf505e8091e9a28cb716`
SHA1	`71414aeec9f1e4a6f5a461b01700cc9cc992cd9e`
SHA256	`b7c225ef3cc3e87506150eb140e7b9cc127a3469c50a808854acac71a53d98bf`
CRC32	`FC31E90F`
ssdeep	`96:EtuCcBGCPDXBqvsqvJCwoRtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:EtCgXoRtCgbHnorLxY`
Yara	Generic_Malware_Zero - Generic Malware Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	57f20bdc704238b6_readme-utf‮txt.scr Submit file
Size	1.5MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`188e5057591ab009fce709e22e95cb3f`
SHA1	`82ed1a6fa25a4468e85ec4cbcd09eb44b9299129`
SHA256	`57f20bdc704238b657578191503be9a42cdbce833f053327edb632ab6e2f48d6`
CRC32	`2BFE1FFF`
ssdeep	`24576:xN4XIc6Gn5PblYWm58MVWEaiFQxkN9FjtfxBci9QXWZdZHCuHsa5dT+7za4et:xN47X5PblzmSZiFxxtJBciBZdZJHsavB`
Yara	IsPE32 - (no description) Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e0b4b6a3626d2ecf_NMsibqicnH.txt Submit file
Filepath	C:\Users\test22\Documents\NMsibqicnH.txt
Size	469.9KB
Type	data
MD5	`2e9ebb787d740a134a34c7cd5708abc6`
SHA1	`72ec066eebab350d23cdf2e04f90a15c3e90ea57`
SHA256	`e0b4b6a3626d2ecfa87410c667b2ca64f957c90763ea8d330355c2c6ed16dfea`
CRC32	`1DB6A153`
ssdeep	`12288:UI8HyKnmiYSj4LLz2C7QNrmJofZKx7Vv52iA1iU9a:UIInx/OLz2JNrQofM7c1Zg`
Yara	None matched
VirusTotal	Search for analysis

Name	d2a5fb8eb9ad3db7_readme.exe Submit file
Filepath	C:\Users\test22\Desktop\readme.exe
Size	1.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`37da979d87ef402b50cb00266bc00808`
SHA1	`ae0134c76c9871bfede27d5f9d7c628f660bacd2`
SHA256	`d2a5fb8eb9ad3db722be4d6a4bfe3acff288dc1cde64644a7b9900d2563b14d8`
CRC32	`7071B931`
ssdeep	`24576:gTZL7vcwpCFbT1J11cBfIVnXg78FiClztx7vxNRWjKD8+e8+7C3URV6Wc:2L7xpQbTgBAmWJlLbbRWjKje8FyVm`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis