Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.18 02:11
DOCTOR FIRM ORDER FORM...
11.18 09:11
babababa.exe
11.18 09:11
Jagtfalkenes.vbs
11.18 09:11
windows_update.dll
11.18 09:11
nicko.exe
11.18 09:11
GHO%E9%95%9C%E5%83%8F%...
11.18 09:11
stories.exe
11.17 10:11
wwbizsrvs.exe
11.15 01:11
wwbizsrvs.exe
11.15 01:11
op.exe

Latest News
11.18 05:11
Strela: A newcomer in ...
11.18 05:11
A week in security (No...
11.18 05:11
A week in security (No...
11.18 04:11
카페 어니언과 함께하는 2025 코리아브...
11.18 04:11
Singapore Oil Tycoon O...
11.18 04:11
Exploit attempts for u...
11.18 04:11
NSO Group Exploited Wh...
11.18 03:11
대한민국 전통가마 연구소 ‘태고사’ 20...
11.18 03:11
더 청담, '2024 전통문화혁신사업 수...
11.18 03:11
동방이기제작소, '2024 전통문화혁신사...

Dropped Files | ZeroBOX

Name	261e6aad3ad0a5f6_content_resources_200_percent.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\content_resources_200_percent.pak
Size	15.0B
Processes	2508 (smcalc.tmp)
Type	data
MD5	`7c321056f805aabd5a503821fa1994cd`
SHA1	`9c690875c9189c66c93ebd4c0971739653bccd19`
SHA256	`261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a`
CRC32	`A3BB7D66`
ssdeep	`3:xll/ll:dll`
Yara	None matched
VirusTotal	Search for analysis

Name	5dd4ccd63e6ed07c_api-ms-win-core-synch-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-synch-l1-1-0.dll
Size	19.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`71af7ed2a72267aaad8564524903cff6`
SHA1	`8a8437123de5a22ab843adc24a01ac06f48db0d3`
SHA256	`5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f`
CRC32	`24352D97`
ssdeep	`384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	3a42134e970d57dd_preferences Submit file
Filepath	c:\users\test22\appdata\roaming\calculator\preferences
Size	69.0B
Processes	2968 (Calculator.exe)
Type	ASCII text, with no line terminators
MD5	`5e54046a88808b45a775349e925e6fc2`
SHA1	`fb863c0f80bfdba76cfa27d8677e276bdb5175b6`
SHA256	`3a42134e970d57dd8a27cf08fb10010d3a54c38b10f4f369878ad20e4698ec99`
CRC32	`C452488C`
ssdeep	`3:YHciAIABFWVqA9UHfTqY5A/4g1:Y8iyBFWu/mV/J1`
Yara	None matched
VirusTotal	Search for analysis

Name	7b2470b53a991d5e_gu.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\gu.pak
Size	8.1KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`747ab3b71642934e114530b1a9301951`
SHA1	`5dbca5ce815c5fac55c54aef2fe477f61e7ed14a`
SHA256	`7b2470b53a991d5eb7aeb727d51b7c4bcc7c77ca7c33e860c77c6748e9efaad1`
CRC32	`3C50ACA6`
ssdeep	`192:D5wXodz4sCRVFzxZ/qtqf0lLecs5xiX9dxtdMAM:yXodz4bRVFzj/qtqf0hecsGX9dxtdVM`
Yara	None matched
VirusTotal	Search for analysis

Name	bfca02d5093b9124_libegl.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\libegl.dll
Size	15.5KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`028fe8eb55a211372db616e1a3657c27`
SHA1	`25e68ed163887e71218fd45d2fc8064a378ea40b`
SHA256	`bfca02d5093b912425abe6e5689391ef05a1aa4a7f126e080adf0d9dded2bef9`
CRC32	`A2E2BB84`
ssdeep	`192:onKDpbwGp+gxtnZquZEKtr+kOImolTHHBqwmIEZ470HlCRctA7vfzQSjfPmNlZIU:omVzHtvEK9+kOI/dCQRcmsSiNlZQnb`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	f9d31b278e215eb0_manifest-000001 Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Local Storage\leveldb\MANIFEST-000001
Size	41.0B
Processes	2968 (Calculator.exe)
Type	PGP\011Secret Key -
MD5	`5af87dfd673ba2115e2fcf5cfdb727ab`
SHA1	`d5b5bbf396dc291274584ef71f444f420b6056f1`
SHA256	`f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4`
CRC32	`7B501CA0`
ssdeep	`3:scoBAIxQRDKIVjn:scoBY7jn`
Yara	None matched
VirusTotal	Search for analysis

Name	bb1c721fff7d6163_lv.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\lv.pak
Size	4.2KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`e79b9cf9a705ae84e8bf8478f4d3bb4d`
SHA1	`c7c8372ec9bdc806d554f4015ac72e8a560a64ba`
SHA256	`bb1c721fff7d6163b85ebf69437cef0b4bd5d5eb4ae51b94b1fbd692ee9502a8`
CRC32	`2F75F329`
ssdeep	`96:zdp4EE2qseAU0sSG265hgjXLDKBorfBgrhvnR:zfjAaG26wjXLDFfGhnR`
Yara	None matched
VirusTotal	Search for analysis

Name	298b41a365920587_ar.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ar.pak
Size	5.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`63f74f381dedb575090ffbf5c87bc675`
SHA1	`01158cf2a605c928121dd04187bbc6c87a69b2ea`
SHA256	`298b41a3659205870cfe7cb9b711cd0e0dc753def6747bb0096df17d5918e715`
CRC32	`26BBC2F9`
ssdeep	`96:Xbbp0OlcWcBbHDjve/KFjkeQBRPmqeD/pm8Jm8hrm8cm8hqCck5/sB0x5zn:XblcZHDjv2KFjkpRuT/o8I8hi8v8hqCf`
Yara	None matched
VirusTotal	Search for analysis

Name	c85dc081b1964b77_api-ms-win-core-file-l2-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-file-l2-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e479444bdd4ae4577fd32314a68f5d28`
SHA1	`77edf9509a252e886d4da388bf9c9294d95498eb`
SHA256	`c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719`
CRC32	`F4699D05`
ssdeep	`192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	565a2eec5449eeee_api-ms-win-crt-locale-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-locale-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2f2258c32e3ba9abf9e9e38ef7da8c9`
SHA1	`116846ca871114b7c54148ab2d968f364da6142f`
SHA256	`565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33`
CRC32	`3C5AE513`
ssdeep	`192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	eab47582901575d9_hu.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\hu.pak
Size	4.3KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f3426feb7d99917e82e51456f283ac39`
SHA1	`c1ad313d76d8eea8952b905c4eeac0a5c16060d5`
SHA256	`eab47582901575d9737e040e8ddc29fa654eae29da50d0d05862225617f9f149`
CRC32	`3D6B7DBE`
ssdeep	`96:tsFpwhPBdJj/JqPndEnxSnwbrNwrCtZcqRcU+EFUkozbFFJOHVOrS:tMwVvJjJqPndiqcZcqRcnEmko/FPO1OO`
Yara	None matched
VirusTotal	Search for analysis

Name	65ded8d2ce159b2f_api-ms-win-crt-private-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-private-l1-1-0.dll
Size	71.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`9910a1bfdc41c5b39f6af37f0a22aacd`
SHA1	`47fa76778556f34a5e7910c816c78835109e4050`
SHA256	`65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9`
CRC32	`C78C7F40`
ssdeep	`1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b5d2cb3d32a6cf2f_views_resources_200_percent.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\views_resources_200_percent.pak
Size	56.1KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f34a4184574296ba08c6ca4a8a627feb`
SHA1	`806342993f7d9d0959e9abf2765ae24bc8451b53`
SHA256	`b5d2cb3d32a6cf2faa99acc34b68748d06cf1e4f911fd23675dc6383298e6fe0`
CRC32	`F191DE7A`
ssdeep	`768:Xo/fBee0DWuwFDNGVgPRNoCCJfHhzuvX+wht6q3ur4CC3eszI260VwAGdU:X5vCN1NRPRNoCiBuvb6q3uMCOUv4XyU`
Yara	None matched
VirusTotal	Search for analysis

Name	eeb3789671ba21dc_pt-br.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\pt-br.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`78fc6267b8b9ee7de33e27bc41cbdf2f`
SHA1	`9568c25406136ff7c24111f5e7bfd22c58e78af0`
SHA256	`eeb3789671ba21dc3506e719bb29b35557ae22fa52662b4b005d061c8c89fa5e`
CRC32	`7AE1EE64`
ssdeep	`96:MhG/pyxFGUdOxEF4ExEV+ufljFHVMsYcWI6nUG3:/1U0aOExEV+ufljFlYu6UG3`
Yara	None matched
VirusTotal	Search for analysis

Name	c310cc91464c9431_api-ms-win-core-debug-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-debug-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`88ff191fd8648099592ed28ee6c442a5`
SHA1	`6a4f818b53606a5602c609ec343974c2103bc9cc`
SHA256	`c310cc91464c9431ab0902a561af947fa5c973925ff70482d3de017ed3f73b7d`
CRC32	`12E78F59`
ssdeep	`384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	74e994149ae3642e_ru.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ru.pak
Size	6.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`eb41fc58e2a238ad706ecc6a932141ee`
SHA1	`932029641051183ee71d6af5d7ff6b3b868bd17c`
SHA256	`74e994149ae3642e837242a4f4469ed33df9cbeaeeb5b4508aa11ed067fb1944`
CRC32	`96DC71EB`
ssdeep	`96:AMUCDfft3wrUEyvtxXoM3IVl0VTkLWDi6oMu4lk9MysvFM0mxF7biSYyF:LrDlAVyPoMYVeVTq5sQMSPF`
Yara	None matched
VirusTotal	Search for analysis

Name	90d31ad5cf1f5994_pt-pt.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\pt-pt.pak
Size	3.9KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`81225b766654c0e057d447065f0df732`
SHA1	`61e711a520765b264c3219b6423da3a8013efc51`
SHA256	`90d31ad5cf1f5994bdd3ce091b8e9cf515a400aae18c5ced0cf48e8d2c1f4d70`
CRC32	`129AF249`
ssdeep	`96:IrPcpVVZdOEr46CZUpv7m/pNignLpCkaPTUfmm0xae:wq0i41ZUR7m/PDLgk6wp0we`
Yara	None matched
VirusTotal	Search for analysis

Name	879f92a751eab849_bg.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\bg.pak
Size	6.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`865bcf89a87e852927196cbb5f97228a`
SHA1	`3dc7c7af45367eb94353db8d4fbdf997493c23ba`
SHA256	`879f92a751eab84943f643e7a2dfc520ef0e2ef6a95dcc6c6a9ef080f16e1e29`
CRC32	`A08D5AC1`
ssdeep	`96:OE6bGJerq1DRkJ06Nr5SZwIZZhZrlLBXWeOwg6lz737RC:OEerq1/6fSZLhZiePlzz70`
Yara	None matched
VirusTotal	Search for analysis

Name	b2f1a27ecbb9ceaf_fa.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\fa.pak
Size	5.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`c8ce30c91f7ccf8b1a7a58020a19dd3c`
SHA1	`a01777499bb1db9a21960b33f25c9dbd37d5d644`
SHA256	`b2f1a27ecbb9ceaf5663f760c231c9b838ef3129a34b4f2453b704a40c7d4261`
CRC32	`6BD34FFF`
ssdeep	`96:R7IzuFNmZpyZznJpkw+c9fTH9RtZEwGcXbemT2UNXMW3LS577O3/z:R7IzuFsehrks79RnEwxXbXe7Ovz`
Yara	None matched
VirusTotal	Search for analysis

Name	c4f60f911068ab6d_api-ms-win-core-namedpipe-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-namedpipe-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6f6796d1278670cce6e2d85199623e27`
SHA1	`8aa2155c3d3d5aa23f56cd0bc507255fc953ccc3`
SHA256	`c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507`
CRC32	`37258A28`
ssdeep	`192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bb25ccf8694d1fcf_api-ms-win-core-libraryloader-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-libraryloader-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d0873e21721d04e20b6ffb038accf2f1`
SHA1	`9e39e505d80d67b347b19a349a1532746c1f7f88`
SHA256	`bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce`
CRC32	`B08A064C`
ssdeep	`384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	35da2cef7204c1ea_tr.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\tr.pak
Size	3.7KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`e6520da30eb59e5b9466aedabbc06bf6`
SHA1	`1b860cd51e55ea3f595ae5766fc530e73590d0bd`
SHA256	`35da2cef7204c1ea6a18b161d3c2f5fd74f78e33f9f083f4a987bda13a87e44d`
CRC32	`D39B55EC`
ssdeep	`96:N4fH/lx3uwvh6ZGgOkVEUx0wNsnLu3w3u:Itx3uwvMOkXGwGu`
Yara	None matched
VirusTotal	Search for analysis

Name	beac1cba8cdfa4a7_cookies Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Cookies
Size	28.0KB
Processes	2968 (Calculator.exe)
Type	SQLite 3.x database, last written using SQLite version 3020000
MD5	`4877b475816ce6d88a381ea863b329cb`
SHA1	`cd6bc07fd7422f513ec053f5d88cd14a260c2d90`
SHA256	`beac1cba8cdfa4a7a7bd261edb6a7d9c0d49ddbb1fee153f0d448743ad1d2649`
CRC32	`88777717`
ssdeep	`24:TLE/g/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB:ToY/ecVTgPOpEveoJZFrU1cQB`
Yara	None matched
VirusTotal	Search for analysis

Name	01e196f49a1a6e73_blink_image_resources_200_percent.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\blink_image_resources_200_percent.pak
Size	26.1KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f32ba921fe0c82afd410540b3b02eff9`
SHA1	`7b192c1c8b9a0a2b8a4478385f107c06afd2d79e`
SHA256	`01e196f49a1a6e73940d70274ffd31dfa07228b2b55d7931a21d64a09ac4cdda`
CRC32	`5ACA4CEA`
ssdeep	`384:Fc144+Sm92lT2PJXPrJXPneEUO8Xs1IgHemMC+rNOuukqR2XVcjetMhcbvTBcZQr:8W2lTp7tsiOT8lczhchcZQV8YLF`
Yara	None matched
VirusTotal	Search for analysis

Name	dc8f15f6501abe21_et.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\et.pak
Size	3.6KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`99720592ae14314421b4b26f6d0a40fb`
SHA1	`84b3d30b2efdd19c720a3901ac2a062f5cbf8ba0`
SHA256	`dc8f15f6501abe21eb23b9718e212474efd7b44bf4a9f5b14bc6212858a6bb6b`
CRC32	`6FC85A70`
ssdeep	`96:35WTIh0+GKJ+CC2w2hXl+BhemhHvAs/FTeY4M1ATH:35nlvJ+CCCXMwMq`
Yara	None matched
VirusTotal	Search for analysis

Name	47e587395ad865a4_cs.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\cs.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`683bd52222680d9adacdf34e119c1dfb`
SHA1	`976d28a34239829f670a42a967625ed6cba00bd2`
SHA256	`47e587395ad865a41f519b43d79f3d6b28aadc59f758c778ba62c158e84c8a09`
CRC32	`9817CC2E`
ssdeep	`96:yylG0J5/gfMU+F8mf8QQgWu6/K3eVeRl2c0cLeI:yylGzMLhf8Qcu6y3WWr`
Yara	None matched
VirusTotal	Search for analysis

Name	f04a22f3d358d75c_app.asar Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\resources\app.asar
Size	4.6MB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`df85fb075d2a1b8b2718b72d93664978`
SHA1	`9697cb78cba99f8f167ff71dfb401525cbcdafc3`
SHA256	`f04a22f3d358d75c287d5688749700ac6451e8332c5398eaf75895e26db0b026`
CRC32	`EEA40798`
ssdeep	`49152:rh97gsm4QNhAejRmf4ljRmz4gKmQxI4oAUo46jy38hAgsJsiJsWSkl2+:A4QE4w4gOoAUo460`
Yara	None matched
VirusTotal	Search for analysis

Name	6823b98c3e922490_vcruntime140.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\vcruntime140.dll
Size	81.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2523ea6950e248cbdf18c9ea1a844f6`
SHA1	`549c8c2a96605f90d79a872be73efb5d40965444`
SHA256	`6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4`
CRC32	`4AF90E3D`
ssdeep	`1536:tBYGvQ2+Ub54AE6ZkJrIriwx0AKGsu0g1kq1ecbRMKlB66M5iEBiA:tB7vQ2+a54AE0sAKxQ1ecbRMKlQoE0A`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	d559d804085e6f48_it.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\it.pak
Size	4.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`77db2b84925f3e496e6fa281daa988d2`
SHA1	`4101042c1f4857e54e8eaccb6aa9be3677eaec3d`
SHA256	`d559d804085e6f4870cd311e1f32e9b20177c142ac4a99bdf77b32485aa0b3e2`
CRC32	`EAED987F`
ssdeep	`96:XVJ5za7bIWzyLmT+fQmjS9xm+emDtcQmD+pkbp0e:XnIbB3o+rOf`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_cookies-journal Empty file or file not found
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Cookies-journal
Size	0.0B
Processes	2968 (Calculator.exe)
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	2069bb56e30b1673_he.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\he.pak
Size	4.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`d9a280130429d0734d3f69eee88f257b`
SHA1	`c1e6db302849ff322c2b888547036c67c9c6f687`
SHA256	`2069bb56e30b1673a2c520dcc927fbf663c88930d9583f91fa63ac36607d94c4`
CRC32	`D6FCE92C`
ssdeep	`96:OztUjATNlzDSNBQaxIirv3/0YmQyKQJdXpCL7D3:OztEATLz0n0YmQyKQ0z3`
Yara	None matched
VirusTotal	Search for analysis

Name	88c4375fcfe4ac44_zh-tw.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\zh-tw.pak
Size	3.3KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`dbe374fbd90990e9f2171ab943303c1d`
SHA1	`1b174edd9b8852d50b6d6161ab0936d61d79d07e`
SHA256	`88c4375fcfe4ac44ea8abf1e73dbb74e0be4d97180a995b5c0b6555085fed134`
CRC32	`A30A7D14`
ssdeep	`96:O7l5nCG1EDixgIjduW9sY1rqHJYE7yS0hLND:ES0EDsAPS+pLiB`
Yara	None matched
VirusTotal	Search for analysis

Name	eb36f39cd4caf8c9_node.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\node.dll
Size	13.5MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`50a895904d6a872f3e54309fba6c3ba2`
SHA1	`6416eccd706d9e1828d2865aea0428573a919533`
SHA256	`eb36f39cd4caf8c9bca32432f821b5c97286d26e6e1f6d6d91335f40a0aab7e1`
CRC32	`24CC6E4A`
ssdeep	`393216:gYl/c+Kr4qk2ut18wuGMcaxjo4YnoAAIiZ:gO/c+Kr4qk2ujZuGMcaxjohnjAIi`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	c0d75d1887c32a1b_api-ms-win-crt-environment-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-environment-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`ac290dad7cb4ca2d93516580452eda1c`
SHA1	`fa949453557d0049d723f9615e4f390010520eda`
SHA256	`c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382`
CRC32	`EDEBA32F`
ssdeep	`192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	0c424023a608e7a6_pdf_viewer_resources.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\pdf_viewer_resources.pak
Size	160.3KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`37023976766b3bd96ac1484a9d0a4386`
SHA1	`0a682dd5b0513f4b40be56daa4946e192904401c`
SHA256	`0c424023a608e7a67255b65078341aac81ad1c967d03b7ec12942d48bf19b148`
CRC32	`21B5DD56`
ssdeep	`3072:EJuujrOztTMNstoJnOpjmBXAz1s/b8Tu4YkkanA3eSEW4H:IOp6BXAz1s/gTu4YkkanA3eSEW4H`
Yara	None matched
VirusTotal	Search for analysis

Name	e0d55ef3f3ee8630_nl.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\nl.pak
Size	3.7KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`e32d2d53fcdb0eba8a07c34009a54ee9`
SHA1	`2b8b3e4fb0148f913a032c6b1c5b041bf576bf65`
SHA256	`e0d55ef3f3ee86306a8c810c9417b4e850e72952215128b0ba5fd334d1d5dc86`
CRC32	`5DA1E0E0`
ssdeep	`96:bRmWesgZiQ//unzmVs6OToQgLZ/e8GDQml/lnH:ULs4iQnun6Vs6nQgLZ/eHDQm1Z`
Yara	None matched
VirusTotal	Search for analysis

Name	a965ecaaaf57d089_es-419.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\es-419.pak
Size	4.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`9fa025d83e9b8d854da089349cf55221`
SHA1	`ddb871fffa9b949782bc6ead5994819e89bda32f`
SHA256	`a965ecaaaf57d0899dffcdcc21bdc24c37bdb44eefde47601dfed588d4e9c9f4`
CRC32	`9D2BE82E`
ssdeep	`96:1nc9G6RBS/pEmSh1u3ABTns8lqc1+H+7tpUDoSlM9Z6b5E5f:W91D0pEmSh1a8rs8lqcEHWGoSlM9Qb52`
Yara	None matched
VirusTotal	Search for analysis

Name	5f8b46e8f0079a35_калькулятор smarttool.lnk Submit file
Size	1.1KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 26 15:45:27 2023, mtime=Wed Apr 26 15:45:27 2023, atime=Sat Feb 25 17:47:34 2023, length=49564312, window=hide
MD5	`b70cfee2e2e8b862dc0ad8e350d71eca`
SHA1	`c7f95e069c179f2201ae5e731620f3353407c4f2`
SHA256	`5f8b46e8f0079a3529819c35a3998743296a0303b7bde904661f530c1f355794`
CRC32	`2F88AAD5`
ssdeep	`12:8mDIcu24cZCrR8EvSWjWRq/ZimTezsOk4izCCOLMEGQ1eqiE+/Q1eKwua4t2YLE2:8mDhgsERdHWRqRtTnrzNRu3iYn6PyV`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	f5cf623ba14b017a_api-ms-win-crt-heap-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-heap-l1-1-0.dll
Size	18.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`93d3da06bf894f4fa21007bee06b5e7d`
SHA1	`1e47230a7ebcfaf643087a1929a385e0d554ad15`
SHA256	`f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d`
CRC32	`A016C333`
ssdeep	`192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	69885fd581641b4a_api-ms-win-crt-time-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-time-l1-1-0.dll
Size	20.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`849f2c3ebf1fcba33d16153692d5810f`
SHA1	`1f8eda52d31512ebfdd546be60990b95c8e28bfb`
SHA256	`69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d`
CRC32	`FFFCEB82`
ssdeep	`384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bece7bab83a5d0ec_api-ms-win-crt-math-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-math-l1-1-0.dll
Size	28.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8b0ba750e7b15300482ce6c961a932f0`
SHA1	`71a2f5d76d23e48cef8f258eaad63e586cfc0e19`
SHA256	`bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed`
CRC32	`524A7773`
ssdeep	`384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	7670fdede524a485_api-ms-win-core-string-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-string-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`12cc7d8017023ef04ebdd28ef9558305`
SHA1	`f859a66009d1caae88bf36b569b63e1fbdae9493`
SHA256	`7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311`
CRC32	`E2869B8E`
ssdeep	`384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	bb33a9e906a58630_api-ms-win-core-memory-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-memory-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d500d9e24f33933956df0e26f087fd91`
SHA1	`6c537678ab6cfd6f3ea0dc0f5abefd1c4924f0c0`
SHA256	`bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca`
CRC32	`BFB6A831`
ssdeep	`384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4b704b36e1672ae0_api-ms-win-core-sysinfo-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-sysinfo-l1-1-0.dll
Size	18.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`19a40af040bd7add901aa967600259d9`
SHA1	`05b6322979b0b67526ae5cd6e820596cbe7393e4`
SHA256	`4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92`
CRC32	`BFABEDF6`
ssdeep	`384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	f7d450a0f59151bc_api-ms-win-core-util-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-util-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`0f079489abd2b16751ceb7447512a70d`
SHA1	`679dd712ed1c46fbd9bc8615598da585d94d5d87`
SHA256	`f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86`
CRC32	`82651198`
ssdeep	`192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	03ad57c24ff2cf89_api-ms-win-core-localization-l1-2-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-localization-l1-2-0.dll
Size	20.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`eff11130bfe0d9c90c0026bf2fb219ae`
SHA1	`cf4c89a6e46090d3d8feeb9eb697aea8a26e4088`
SHA256	`03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97`
CRC32	`991B148C`
ssdeep	`384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	9dab884071b1f7d7_api-ms-win-core-processthreads-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-processthreads-l1-1-0.dll
Size	18.9KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a2d7d7711f9c0e3e065b2929ff342666`
SHA1	`a17b1f36e73b82ef9bfb831058f187535a550eb8`
SHA256	`9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d`
CRC32	`0FF50B6E`
ssdeep	`384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	567527e4310ed213_ms.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ms.pak
Size	3.6KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`109659cf921c25ede27590eaa31e8003`
SHA1	`68f16d576e5d3f05351b7771bfcf29c010d25a00`
SHA256	`567527e4310ed21354591c445b29bfd693928363de88aeb1b3a9cd3c22557d82`
CRC32	`D8889BD6`
ssdeep	`96:5zts5CUE/+AkN1bhGNKh7LhjEIjFku/ueM5pS9Rv:5zK5nN1lGNK5LLku/uw9`
Yara	None matched
VirusTotal	Search for analysis

Name	83ec85071b98a717_калькулятор smarttool.lnk Submit file
Size	1.1KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 26 15:45:27 2023, mtime=Wed Apr 26 15:45:27 2023, atime=Sat Feb 25 17:47:34 2023, length=49564312, window=hide
MD5	`6a296d1b97d8d5c372767a500bb4d016`
SHA1	`e49227d1e5b30520886a2f6b7dae79f88197ecd0`
SHA256	`83ec85071b98a717902eb5d6d47d3b14298f49c5cdb90d6de9387c89d9605bcb`
CRC32	`E9DC2604`
ssdeep	`12:8mDIcu24cZCrR8EvSWjWRq/ZimTezsOk4izCCOLMEO1eqiE+/Q1eKwua4t2YLEPu:8mDhgsERdHWRqRtTnrzNR33iYn6PyV`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	86e5bddbf53f074f_sv.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\sv.pak
Size	3.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`d4b1a207624563089e98d5c62b0544dd`
SHA1	`d6275b3364bb6fb04dc2b11b03ca42a6a75cdba0`
SHA256	`86e5bddbf53f074f468a3fb055236fecebbd6a7ae32e34c9388e39a0706f3cf7`
CRC32	`57A5D81D`
ssdeep	`96:RXYwfa//W4ngUXG7jWxsOek719ukQe4hdq5sAGqwn:RXYwS//W4PXG/oek719ukf4y5s3X`
Yara	None matched
VirusTotal	Search for analysis

Name	e27f6a1976ef1c5f_de.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\de.pak
Size	3.9KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`1605188235041d97a0ace06e3d752f21`
SHA1	`7f16a6cb5bc83652e93e796f7c9e09ad141fe664`
SHA256	`e27f6a1976ef1c5f68a90d04f997a83b9f4d7fec40077e8d3bf7c9b50635cfa3`
CRC32	`FA568190`
ssdeep	`96:QGlqwpJdwbHnMjBR6CEFdR8oINpQFphkSn4zFJo5dzi5zVfwFT2:QGlbpJyHM9SFd/INpQFphkSnWo5l8Q2`
Yara	None matched
VirusTotal	Search for analysis

Name	7633774effe7c0ad_api-ms-win-crt-filesystem-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-filesystem-l1-1-0.dll
Size	19.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`aec2268601470050e62cb8066dd41a59`
SHA1	`363ed259905442c4e3b89901bfd8a43b96bf25e4`
SHA256	`7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2`
CRC32	`68ADCB9C`
ssdeep	`384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	7857709ada06572b_sr.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\sr.pak
Size	6.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`c3314b46211396fc4e2804ce7bea62d0`
SHA1	`89d3582d193522fe798fdfb8b1337a4953ace954`
SHA256	`7857709ada06572b835478deab3ed9dab0ecc7ae91cf9f30b8da7115a3e93700`
CRC32	`7105D453`
ssdeep	`96:A/g8bH07rkjutcuE52Ih6rB3gnmQ/nbpjRAUFTHEDHTXRVoMM0bEwFBETg:ege07XcuE52IhiV09tNkvj5EwT9`
Yara	None matched
VirusTotal	Search for analysis

Name	a9041acb4fff6553_ta.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ta.pak
Size	10.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`fe4bebb575a51c250b41818662eff5a1`
SHA1	`b98093ad044866fe02b373344f13de7428210b6a`
SHA256	`a9041acb4fff65531da7dbebeb0ec8db9050ad8785f68bd0c313c616fdee2966`
CRC32	`CE8188F4`
ssdeep	`192:yMLn4OR3tlzp0e2z+MtNuZxKxYhJWIJyofGG41fzY/E0qSwV9Dky15x0R:yCVIb8cCR`
Yara	None matched
VirusTotal	Search for analysis

Name	59d351dfaf7a04db_smcalc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\smcalc.exe
Size	30.4MB
Processes	1648 (calcinstall.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f7ed63c67509bcbc2ccb082111f31175`
SHA1	`6c9322ba4be330ca51eae717df2e85bbfa7e662a`
SHA256	`59d351dfaf7a04db4b8fa3a77e00d08044431145f9fecb6f48ebc9b7ef6a1fa3`
CRC32	`F06F8456`
ssdeep	`786432:utPgRGwlQideZoZw4D0x5asgIJEXpIPo4qllOo0BxKo:utPgRGwlrdyoio0x5asg+E5IPo4qqzKo`
Yara	mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	b1e702b840aebe2e_api-ms-win-crt-stdio-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-stdio-l1-1-0.dll
Size	23.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fefb98394cb9ef4368da798deab00e21`
SHA1	`316d86926b558c9f3f6133739c1a8477b9e60740`
SHA256	`b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7`
CRC32	`F47691BA`
ssdeep	`384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	edccf91944d04c63_pl.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\pl.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`ba35207a92b1a416bfb590f2deda11f2`
SHA1	`a7069083a9b400a7af8a18bc181af9150bfad3d1`
SHA256	`edccf91944d04c63d1fb58ea97648b44433cb8376de0f3a188de42087b5947d4`
CRC32	`A3AC4F26`
ssdeep	`96:ef1foBBXvw0fwas6/LP2ziMq5fhZ/hpsXqF3CEfpewL5PTDrVQS2:ef1SJfG6/LP2zIfhNhO6yEfhJif`
Yara	None matched
VirusTotal	Search for analysis

Name	a97dcca76cdb12e9_api-ms-win-core-errorhandling-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-errorhandling-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6d778e83f74a4c7fe4c077dc279f6867`
SHA1	`f5d9cf848f79a57f690da9841c209b4837c2e6c3`
SHA256	`a97dcca76cdb12e985dff71040815f28508c655ab2b073512e386dd63f4da325`
CRC32	`FD133E51`
ssdeep	`192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	69fe909a4d6a7cfd_es.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\es.pak
Size	4.2KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`9e896182de369c606d7656c7201e205a`
SHA1	`79ef60dd101737fa20adf7cf721dc7a0c9f0da3c`
SHA256	`69fe909a4d6a7cfd1dd7bfc293229cd77144eff47d90549a0c510eb08ce33fc2`
CRC32	`B0432B5D`
ssdeep	`96:9bMfvngE7t+A8qXWPF70lYKhIeDH5SVWYGCrBHehj76:9IngE7I5qXYF70lYGIgH5SVWYGyN`
Yara	None matched
VirusTotal	Search for analysis

Name	a7c53cf4c29962c3_mr.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\mr.pak
Size	7.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`a8ff350ee892b9fd67b24d4481528068`
SHA1	`4228ee234693dd208f54442ab1ca86627105a8f2`
SHA256	`a7c53cf4c29962c3b156e1d72dd9663369d3565f977065dfcd9bb29c6471df34`
CRC32	`3A32DF56`
ssdeep	`96:A2SjJjNHOuG3BW3imP8vJdkPDiIopqDujtEogpjgZsJ136snMD8AXAC3gRqZjgoY:A5ph+8fD6hRqEIUnUMRvHp2kpJ6`
Yara	None matched
VirusTotal	Search for analysis

Name	977da2e58e0273cc_en-gb.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\en-gb.pak
Size	3.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`d63f19ecf5792c02b21422f306818fdf`
SHA1	`0ff7e86714bf1537eeef97ad8947acf85cb2ae69`
SHA256	`977da2e58e0273cc491729ec37dc8e6cc56b4ca3b258f577ed8930e7a05293e0`
CRC32	`76C0507F`
ssdeep	`96:lUudGy85iwPPL/nulMMlRnmggluSvu4Yg22:ZdGt5iwPz2l5fnmgglxu4fd`
Yara	None matched
VirusTotal	Search for analysis

Name	dc870eab15a1ef6b_fil.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\fil.pak
Size	4.1KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`256a8ff9779e34de35a334b706a66088`
SHA1	`4631bda7142d7b11294b73e60c7d2e18838f12c2`
SHA256	`dc870eab15a1ef6b0364f682f17f4a3e32ce0e86dac6e4798169d4da44f99238`
CRC32	`18290222`
ssdeep	`96:x/ym1fE02sRuqpsly0ULPlxS0/MYQdQBQ/fMQ2brgYv6GSnEW:xamFEVsPpsEt9E0/HoQBNQ2brgZv`
Yara	None matched
VirusTotal	Search for analysis

Name	a1d1d6b0cb0a8421_api-ms-win-crt-utility-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-utility-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`b52a0ca52c9c207874639b62b6082242`
SHA1	`6fb845d6a82102ff74bd35f42a2844d8c450413b`
SHA256	`a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0`
CRC32	`DD940147`
ssdeep	`192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	94a5df1227818edb_api-ms-win-core-console-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-console-l1-1-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`502263c56f931df8440d7fd2fa7b7c00`
SHA1	`523a3d7c3f4491e67fc710575d8e23314db2c1a2`
SHA256	`94a5df1227818edbfd0d5091c6a48f86b4117c38550343f780c604eee1cd6231`
CRC32	`C01E093D`
ssdeep	`192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6f7ff56649c6b81d_lt.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\lt.pak
Size	4.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`1ae60b48b20976397fa3e234326e5ea7`
SHA1	`e7e1ec371a05920514ef6d29f69f79f9f452acfe`
SHA256	`6f7ff56649c6b81dc7fed1ddadf0b552cd48e94a3293e5900b99f5616dfa44dc`
CRC32	`82E140F9`
ssdeep	`96:H35uCu96fJuLIBdU0r6METF5TFXqTq9Rqi8u:H8ClxuLn4qqTq3qi9`
Yara	None matched
VirusTotal	Search for analysis

Name	91eeb842973495de_api-ms-win-core-processthreads-l1-1-1.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-processthreads-l1-1-1.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d0289835d97d103bad0dd7b9637538a1`
SHA1	`8ceebe1e9abb0044808122557de8aab28ad14575`
SHA256	`91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a`
CRC32	`793969BD`
ssdeep	`384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	7d21b5d43e65d9cd_th.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\th.pak
Size	7.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`c9b501cef631dbbdbf18988371aadb2c`
SHA1	`085a7e86f25d7b2c5b1f42f1be24fe7567d66ad0`
SHA256	`7d21b5d43e65d9cd4e1462a67094fe80b5fae9768b9223e94ec4401b419797b9`
CRC32	`7C8FFFBC`
ssdeep	`192:znMz0CwvUZ9huHmClbnghXXZA950LXBuKbjgqkzfPTH2hJGhE1KVC5hJc:znMzjwv2heZlbnghHZA950zBuKbjfkzH`
Yara	None matched
VirusTotal	Search for analysis

Name	44f6df4280c8ecc9_api-ms-win-core-heap-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-heap-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`2ea3901d7b50bf6071ec8732371b821c`
SHA1	`e7be926f0f7d842271f7edc7a4989544f4477da7`
SHA256	`44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a`
CRC32	`71E21909`
ssdeep	`192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	7ea06b7050f9ea2b_api-ms-win-core-file-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-file-l1-1-0.dll
Size	21.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`94ae25c7a5497ca0be6882a00644ca64`
SHA1	`f7ac28bbc47e46485025a51eeb6c304b70cee215`
SHA256	`7ea06b7050f9ea2bcc12af34374bdf1173646d4e5ebf66ad690b37f4df5f3d4e`
CRC32	`5525C716`
ssdeep	`384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d7db99b663c2796e_ro.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ro.pak
Size	4.2KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`aa795153837c1b6ba01da7fc805aea20`
SHA1	`1beb40b4c0d46f929ecff5f1b9d866213c0a0e4e`
SHA256	`d7db99b663c2796e5f6b629ae3aa02cff6f315ba85c3b99f11eba084f523fe79`
CRC32	`CC7826B7`
ssdeep	`96:EYphq54hCSEyC+r1RxbXhsiXNiI4cCjuw/b3/ciCxi+rL64EL:EEPEyC+rvR5wTMGr`
Yara	None matched
VirusTotal	Search for analysis

Name	f7606b77628e9e51_fake-bidi.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\fake-bidi.pak
Size	5.9KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`bfc5a0f6093011a161b3a8696f1c76f1`
SHA1	`a97d1812b75b7e2224a304f76f1fe3304191343c`
SHA256	`f7606b77628e9e51d581d98c668e47365cfd3456acdb9ef856f3dd2b6383f6cd`
CRC32	`278B2D63`
ssdeep	`96:YQUxdfvXzU4DV3w5vs3Twj1hVCtviWRW1w1TuUikEB+EB5EBH1c:YQU/wFkGoBiFOSJ`
Yara	None matched
VirusTotal	Search for analysis

Name	5918cc0cb58d46fd_log Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Local Storage\leveldb\LOG
Size	70.0B
Processes	2968 (Calculator.exe)
Type	ASCII text
MD5	`c5779a1945a1a7630684ff6a5eb89354`
SHA1	`d6f2eb3a16937e9a53201b86536155b2282c20e7`
SHA256	`5918cc0cb58d46fdc2104c3dd510c9f67537a8b02d49a416fb4f1a4550804d09`
CRC32	`75C865E3`
ssdeep	`3:tWKfX2aFXpwQWKKqFOMPHIrscWIV//Uv:kc2anlyqTVIFUv`
Yara	None matched
VirusTotal	Search for analysis

Name	077a23c7fa9f6a3b_uk.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\uk.pak
Size	6.2KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`7539bab9425d20d287ad95a26bfb713b`
SHA1	`a65e215fcf9548c08a1c41748f601556008a8b72`
SHA256	`077a23c7fa9f6a3b4d66c72b44ce1b5ba257616158ca279bbe4b422f1ff09806`
CRC32	`3237AB14`
ssdeep	`96:3bYklN988t3DQjXidMiriXd4TyEr58PbqTEg8B/qvQVSg9+XzgCFnT3RfD145i1:Ms7Eht4TyE98jqTEc2DGz85i1`
Yara	None matched
VirusTotal	Search for analysis

Name	f547c82469dcf620_smcalc.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-JENHH.tmp\smcalc.tmp
Size	3.1MB
Processes	2208 (smcalc.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ec06f7158041f119d14588196fd59239`
SHA1	`b04479b3a8a7d22f083461f0b8e0f05aec2312be`
SHA256	`f547c82469dcf620193ea6a1ecbbae51947be160731f122ede4554d4b40dfd37`
CRC32	`819AC4A5`
ssdeep	`49152:7dx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjT333TYc:gHDYsqiPRhINnq95FoHVBT333TP`
Yara	mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0bb8c77de80acf9c_ucrtbase.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\ucrtbase.dll
Size	1.1MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d6326267ae77655f312d2287903db4d3`
SHA1	`1268bef8e2ca6ebc5fb974fdfaff13be5ba7574f`
SHA256	`0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9`
CRC32	`4ED86FD4`
ssdeep	`24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	92ff6d9d1b57cc39_ffmpeg.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\ffmpeg.dll
Size	1.6MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`f594c7171cf0218e87cf8ea8108e06cf`
SHA1	`434388f4183be2df60dc0240b02ef65767bc603c`
SHA256	`92ff6d9d1b57cc391fec194c65e6e0cd5d0817c0b1c1d98b34cacb7fbde99240`
CRC32	`BE7BDA30`
ssdeep	`24576:+PoI5Cyhmdh/vLstdiDBsZpBvb4cQrevpKfIvgMxREizuBNbjTjQm/g5UjQvH9:+Po3/vLstYcQavkwosiUuBJjTjBjQ/9`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	55e2d6729f587a85_fi.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\fi.pak
Size	3.7KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`c5052f991d88f7c750eb72999a689538`
SHA1	`bf4a96e13e548f1356a28df8053462fd19cc1f55`
SHA256	`55e2d6729f587a8566ee156416e2fd126ebc873be3b5f9d018cf37101effb944`
CRC32	`B7AE66D4`
ssdeep	`96:S4ERl4WI30wWUv9d6XAKLvRv2UXHOBjfxtEeM:ZERl4WI30+Uf8UXHO1xtEL`
Yara	None matched
VirusTotal	Search for analysis

Name	fd97edec88d3e791_vi.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\vi.pak
Size	4.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`dcba5537c9cad1d8f7ba7d093be062bb`
SHA1	`bf2089a6939efc191ecc7a2dd88736e12f239c2c`
SHA256	`fd97edec88d3e791c236fcd0a2c707f5d7c0c678bcc17977c9977d2784907edd`
CRC32	`61A49542`
ssdeep	`96:ro/+GDA0iwvjDfdSKd1yj2dxj/LQ6ZJDsxCes9fJSoCSWxN:U2I2ajDf/Mj2dxj/06/Dsx/s9fJYzxN`
Yara	None matched
VirusTotal	Search for analysis

Name	c4ac12cec806b02c_nb.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\nb.pak
Size	3.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`11a3795b7ac2b3be358f88ab4d98f6f4`
SHA1	`b9043237cc9b725357e51e25ccce2d593792266c`
SHA256	`c4ac12cec806b02c216d2b8f42d6cdce35b824dc95c9d78d86e32d8915e5483c`
CRC32	`DD5B94E9`
ssdeep	`96:IdcnGTmWfYJ/Iq8Am9QJgtDm4Aa3TViWL:ccmPfYyqjgti4hiWL`
Yara	None matched
VirusTotal	Search for analysis

Name	c3d1e1b73502bf39_sw.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\sw.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`e7ec4694534f66f4f9a9dcadcbabd9eb`
SHA1	`026ff665649fe238f6915b232254f9a34446382c`
SHA256	`c3d1e1b73502bf394d572f761b9da8bd6104f5326b5531d0aeed26f93f548bab`
CRC32	`31C92B3B`
ssdeep	`96:aS566me4rGZ3VrajgZMk7ZeCeausai4onk/cT/m:aSE6me4cSgVdeausai4Mk/cC`
Yara	None matched
VirusTotal	Search for analysis

Name	fa441a7ca6c25057_license Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\license
Size	1.0KB
Processes	2508 (smcalc.tmp)
Type	ASCII text
MD5	`18ae84aa915a8568a4c064a2bed03211`
SHA1	`b5ca5c2af11a235f8d6477bee87f9f5dbec496e1`
SHA256	`fa441a7ca6c25057936b32dec6083cc61078003c3907b4f32feabb5ccdb15371`
CRC32	`5BC91204`
ssdeep	`24:+DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:+DiJzfPvGt7ICQH+sfIte36AFD`
Yara	None matched
VirusTotal	Search for analysis

Name	f648c3f27e32b883_hi.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\hi.pak
Size	7.6KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`ce86d6e7322440c9c37d8fa2dfe5d4dc`
SHA1	`104af86d188b10a02b2c72bcbba105fc95cd8aa4`
SHA256	`f648c3f27e32b883f07e1e1656869afc2c501617303e04ca9d56c31b19016b2b`
CRC32	`8AD37074`
ssdeep	`192:KkU2Detrsc4EtjXQgoWf8bvPgLIjJQ9tkTjIkja4tEDIzqIrpKaF13aSglR:KeirT4EtjXdX8jPgLIjJut2IkjarDIzK`
Yara	None matched
VirusTotal	Search for analysis

Name	1dd947c17c2690b1_te.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\te.pak
Size	9.6KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`6bcc755ba237581b2597ae636bf77d4c`
SHA1	`da3331c00f5ba0bb7ac6a72924c0630e8adfca22`
SHA256	`1dd947c17c2690b1f1b4b4d2f59af82d704c70c76ac8d723472ca0dcecf7e235`
CRC32	`953B6EE0`
ssdeep	`192:u+ixKlvP3ADsbjVUsfQyKzyK7Jn4QyKayKsXEWcP/BVcqixNphX8sWk4uWSpMN2i:nTvusbjusfaJ4gXEWcP/BVcqibphX8sW`
Yara	None matched
VirusTotal	Search for analysis

Name	2c6b4b06feed53c8_libglesv2.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\libglesv2.dll
Size	2.6MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`5cc042956f5831d764346381e6411999`
SHA1	`348a5ad326eedf2ca8f93ee79f3210a38c302f25`
SHA256	`2c6b4b06feed53c89a35e4b3396cb6accff1271bda5b3e5c4bc58057698c5e97`
CRC32	`334AB93D`
ssdeep	`49152:2IGGQRqVT33njFgqSePOoTmjRpKN+8arQXliud:2BRqVT3XhOoqXKB`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	96898930ffb338da_api-ms-win-core-processenvironment-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-processenvironment-l1-1-0.dll
Size	18.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`5f73a814936c8e7e4a2dfd68876143c8`
SHA1	`d960016c4f553e461afb5b06b039a15d2e76135e`
SHA256	`96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e`
CRC32	`F1C25621`
ssdeep	`192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	2e99f88c7f0482fb_el.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\el.pak
Size	7.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`854eedb6f2cefb0946250ebed02b5bd2`
SHA1	`81a6a93495fb80f39db0c2f073238702dae1f284`
SHA256	`2e99f88c7f0482fb5d5df0ee53ea5786f9273536cc93d5c2aabbbc87d6e5bfa8`
CRC32	`030A9968`
ssdeep	`192:KQmAO76fPJwppeDpK+hM7mcOlaOOuMos4Mw+UwUkGMH1xhyihmhqYChzhqYihHp3:KxAVPJwppeDpK+hpFSxGOrSDp3`
Yara	None matched
VirusTotal	Search for analysis

Name	ca80f36d202b0983_kn.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\kn.pak
Size	9.2KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`a83a715c417f430181b2d4cbd6c1d0bf`
SHA1	`46376e1741efa8215e5e1b406a7bade855a49128`
SHA256	`ca80f36d202b0983fcc4f1b017142f8aa4d08946130d96896b4bb9cb36823b2e`
CRC32	`15F0384B`
ssdeep	`192:QoIB4Ntia/8Ch4zLaJSt5/13AwB1Eh/N8JbTV0MPO+wJZd6pQGfuo8Vk8n11CBJ2:QC//Jh4PaJgN3AcKh/N8JHV8+W3G2TyM`
Yara	None matched
VirusTotal	Search for analysis

Name	c6680234749ca928_sl.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\sl.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`bf816a5fe951a382d75c9298ca1681e0`
SHA1	`8ed96611e0c9776b7a0ff529c2bef5cfb6fe8938`
SHA256	`c6680234749ca928988fcabfb21b88037adeb348dc6dfdb2c64f9ebd08c6a24c`
CRC32	`335B2BFD`
ssdeep	`96:zuN+IkLrGHOhXUuXAjiHg3QfstEyEYAD8i6m7r:zuETvd3XAbeBySD8ir`
Yara	None matched
VirusTotal	Search for analysis

Name	f4b7a46a02645578_icudtl.dat Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\icudtl.dat
Size	9.7MB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`d1fb52ed611b2fb214482d877921bfef`
SHA1	`b0a3c6c9ab60e2eb2bd68c10de5490978fed8321`
SHA256	`f4b7a46a026455785937c2aef596f92a02136129f7615200f7efc983ac2fadb2`
CRC32	`58283E9D`
ssdeep	`196608:tkUPty2AZ2vJrmliXUxjdyRWhlEzkk7XG6:R12ZCgliXUxjdyRWhlEzkyXL`
Yara	None matched
VirusTotal	Search for analysis

Name	90fae0e7c3644a67_api-ms-win-core-datetime-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-datetime-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`cb978304b79ef53962408c611dfb20f5`
SHA1	`eca42f7754fb0017e86d50d507674981f80bc0b9`
SHA256	`90fae0e7c3644a6754833c42b0ac39b6f23859f9a7cf4b6c8624820f59b9dad3`
CRC32	`FEEF3B91`
ssdeep	`192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	3769ddca63c87739_ko.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ko.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`b6f8aba3760fe6786b3945fd6cac8fa4`
SHA1	`c30c01323428eb9eca8a0bfc068b1baac90a49e8`
SHA256	`3769ddca63c87739156e02cb1c5489af58c9768102419cd55bbccb05eb9d0e22`
CRC32	`DDEB77AE`
ssdeep	`96:ZjxHV0woH8ml6KcGNUcf6k3adqJqxdIhnzmirk:ZjRcHFlQ/kKdS1zmio`
Yara	None matched
VirusTotal	Search for analysis

Name	3c2991dbb245891b_version Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\version
Size	7.0B
Processes	2508 (smcalc.tmp)
Type	ASCII text, with no line terminators
MD5	`9f19a49c3293cc6942335d0ee77f9121`
SHA1	`9eb930496b4315ad1d15c79b71193405a00be8b1`
SHA256	`3c2991dbb245891b25509ea9e88673357e3ec10e6b09c89e5f82e28562ec1011`
CRC32	`093021CB`
ssdeep	`3:ZE:m`
Yara	None matched
VirusTotal	Search for analysis

Name	945cc64ee04b1964_api-ms-win-core-handle-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-handle-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6db54065b33861967b491dd1c8fd8595`
SHA1	`ed0938bbc0e2a863859aad64606b8fc4c69b810a`
SHA256	`945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5`
CRC32	`11700B42`
ssdeep	`384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	35824ea086e452df_hr.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\hr.pak
Size	3.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`74f25588785d876574cfb79b7238e6f6`
SHA1	`2eead5b5630298b48f7514292fa4c0f2924638ac`
SHA256	`35824ea086e452df82a284aa9f6a9a2887029d09ac10bf875e57d6a333a5a83c`
CRC32	`5FC59106`
ssdeep	`48:DcX3g/oye2mYw1cnZO6XPhgSv79g3M3Y2x1gJJC+Mo1tMoIJcAbBTpFprIU6RvQU:6ge2fw1cnA/BRjaBVI7vr`
Yara	None matched
VirusTotal	Search for analysis

Name	9c1dc36d319382e1_msvcp140.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\msvcp140.dll
Size	429.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d25c3ff7a4cbbffc7c9fff4f659051ce`
SHA1	`02fe8d84d7f74c2721ff47d72a6916028c8f2e8a`
SHA256	`9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5`
CRC32	`66EDAE4D`
ssdeep	`12288:vTLNQjAM80l7Vpm8j2NoSpmanEhUgiW6QR7t5s03Ooc8dHkC2esuDPG:vTLNQcMmYpET03Ooc8dHkC2enDO`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	24c9aa0b70e557a4_api-ms-win-core-timezone-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-timezone-l1-1-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`babf80608fd68a09656871ec8597296c`
SHA1	`33952578924b0376ca4ae6a10b8d4ed749d10688`
SHA256	`24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca`
CRC32	`2A90DCC5`
ssdeep	`384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	5a264c598011aa1e_electron.asar Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\resources\electron.asar
Size	254.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`b06d496c2d5ab31ac50c6a203c7fc321`
SHA1	`fa9e21c0974c1de0f2aacb2b9404f10da5d6dd8c`
SHA256	`5a264c598011aa1e163bbb3702cc78149f1f9bb6ddc8d37ef14dc9b835770c0f`
CRC32	`E37E4B48`
ssdeep	`6144:myPummvD85dkiSzmbUSW9Pc57uIJ1bovN/AN/q/Q1FZ:A/ibJ1b1WQ13`
Yara	None matched
VirusTotal	Search for analysis

Name	111030863ce93d8d_licenses.chromium.html Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\licenses.chromium.html
Size	1.7MB
Processes	2508 (smcalc.tmp)
Type	HTML document, UTF-8 Unicode text, with CRLF line terminators
MD5	`58db7fcc8ce5cc52e73bf8b3df3edcd3`
SHA1	`0c5de610c84a42673a24bdec222c947cb4b60b97`
SHA256	`111030863ce93d8d7e1bd8c3cf872add1501f522072c0de6a3200e1764387bc5`
CRC32	`8929F552`
ssdeep	`12288:UufV/m3m4mqm/mfmgCHzA+Sx2cXrDCRm0FtZZmS6h3BbZrS7Ui61GQqbdWHzW3Fk:DimnLiL4IwwvuXBVrorQK94clkUzWQqW`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	30d99ce1d732f6c9_api-ms-win-core-synch-l1-2-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-synch-l1-2-0.dll
Size	18.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`0d1aa99ed8069ba73cfd74b0fddc7b3a`
SHA1	`ba1f5384072df8af5743f81fd02c98773b5ed147`
SHA256	`30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1`
CRC32	`9E779F84`
ssdeep	`384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	359ba7c5c7f523f7_natives_blob.bin Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\natives_blob.bin
Size	216.8KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f340d67e7b6c4b74780677df1351f0e3`
SHA1	`bdb9130ddfd3efb1a26afcdfa869b30ac0069197`
SHA256	`359ba7c5c7f523f701d77b4cdd6bbbf23597dc8856dd2c5d7c5abf3168a974b3`
CRC32	`43D71776`
ssdeep	`3072:uUKtgrxNpyXcsR/H/UxRjh75TIrfsY/ukSSK/siH:uUKyrxNpyXcsRf/UxRjhurfh/TO`
Yara	None matched
VirusTotal	Search for analysis

Name	9ca21763c528584b_api-ms-win-crt-conio-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-conio-l1-1-0.dll
Size	18.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6ea692f862bdeb446e649e4b2893e36f`
SHA1	`84fceae03d28ff1907048acee7eae7e45baaf2bd`
SHA256	`9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2`
CRC32	`F5C804B7`
ssdeep	`384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c8c499b012d0d63b_api-ms-win-core-file-l1-2-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-file-l1-2-0.dll
Size	17.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`e2f648ae40d234a3892e1455b4dbbe05`
SHA1	`d9d750e828b629cfb7b402a3442947545d8d781b`
SHA256	`c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03`
CRC32	`7888788D`
ssdeep	`192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	0f1bad70c7bd1e0a_current Submit file
Filepath	c:\users\test22\appdata\roaming\calculator\local storage\leveldb\current
Size	16.0B
Processes	2968 (Calculator.exe)
Type	ASCII text
MD5	`46295cac801e5d4857d09837238a6394`
SHA1	`44e0fa1b517dbf802b18faf0785eeea6ac51594b`
SHA256	`0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443`
CRC32	`90EA72BE`
ssdeep	`3:1sjgWIV//Uv:1qIFUv`
Yara	None matched
VirusTotal	Search for analysis

Name	39dca240e438eff7_sk.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\sk.pak
Size	4.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`be1c6d3d10df1df999d4bd4c4ca8c982`
SHA1	`8fee42f4c88b9235afae6591cbcafb9e1e3bae0c`
SHA256	`39dca240e438eff7b61d146707a25ea22ca4424bceeb73e32b8ca6ab8b251fcb`
CRC32	`360DDE5F`
ssdeep	`96:QFeqOKEpqq8XCkZGzXbE9AIEiJGHaH665GbWb6tF6B48y5EABf:QwqOKEpqq0ZGjgu52G6H6ZbWb0iyas`
Yara	None matched
VirusTotal	Search for analysis

Name	80e87220c53e5cfd_log.log Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\log.log
Size	1.2KB
Processes	2968 (Calculator.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`8b7660544bb305e6b1931dfa303a3488`
SHA1	`b8eeb4108b63f18d21cf1adf1f3dce800ac32729`
SHA256	`80e87220c53e5cfdf822c4cbd6aab941422c78caff2b92e56915721a2886f744`
CRC32	`42CEED57`
ssdeep	`24:o0kFVsikq4tAQsteZ+S0QPX/AjfA/aVJb+9bnm7hEt82zuVlAy:o0gl4tPst2+SpPXufA/aVIsVSuR`
Yara	None matched
VirusTotal	Search for analysis

Name	8401b54448ea16f0_000003.log Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Local Storage\leveldb\000003.log
Size	4.1KB
Processes	2968 (Calculator.exe)
Type	data
MD5	`882c17d3d43bbf7dd63f21080c1d976c`
SHA1	`08c1576e70bf86138fac995c1be6d8d9013d05a8`
SHA256	`8401b54448ea16f0d63a68a425f83c997d55e03c34b73cb41996b369d2ebf342`
CRC32	`892092FF`
ssdeep	`96:tdNakJp3bnnMyrdrhufh9w6C+mNUkwAn9fHId+Hxfww1SwJLkK:jnn5Bhufh9w6CFHnVIMHxfww1SU`
Yara	None matched
VirusTotal	Search for analysis

Name	deccd75fc3fc2bb3_api-ms-win-core-interlocked-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-interlocked-l1-1-0.dll
Size	17.4KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d97a1cb141c6806f0101a5ed2673a63d`
SHA1	`d31a84c1499a9128a8f0efea4230fcfa6c9579be`
SHA256	`deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c`
CRC32	`2315F4FA`
ssdeep	`192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	efbdbbcd0d954f8f_d3dcompiler_47.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\d3dcompiler_47.dll
Size	3.3MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`c5b362bce86bb0ad3149c4540201331d`
SHA1	`91bc4989345a4e26f06c0c781a21a27d4ee9bacd`
SHA256	`efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f`
CRC32	`FC366624`
ssdeep	`49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	8eb5270fa9906970_api-ms-win-core-profile-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-profile-l1-1-0.dll
Size	17.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fee0926aa1bf00f2bec9da5db7b2de56`
SHA1	`f5a4eb3d8ac8fb68af716857629a43cd6be63473`
SHA256	`8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c`
CRC32	`F4A6ED8B`
ssdeep	`192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ada518e2ae3d0393_bn.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\bn.pak
Size	8.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f570098a2e695c0aa1f374e7c3a105d4`
SHA1	`eef6b5f49a27326077cdabc4a9b4cf6f7296709b`
SHA256	`ada518e2ae3d039333b90b073ecc5ea7ab352528b0ff6e0f7ca16333d8f1c435`
CRC32	`69331D24`
ssdeep	`96:sjWEMpiBLOuxdHzqHI29ITRASAXoAJBgm/Zy/wGqR9VqncwMH/0ozNmOL71NW9Nu:saEi4vX0ITRASAYAYwky9Vec1N72f+`
Yara	None matched
VirusTotal	Search for analysis

Name	66abf3a1147751c9_api-ms-win-crt-multibyte-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-multibyte-l1-1-0.dll
Size	25.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`35fc66bd813d0f126883e695664e7b83`
SHA1	`2fd63c18cc5dc4defc7ea82f421050e668f68548`
SHA256	`66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735`
CRC32	`7DAE2C38`
ssdeep	`384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	2257fea1e71f7058_api-ms-win-core-rtlsupport-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-core-rtlsupport-l1-1-0.dll
Size	17.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fdba0db0a1652d86cd471eaa509e56ea`
SHA1	`3197cb45787d47bac80223e3e98851e48a122efa`
SHA256	`2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57`
CRC32	`D22BBC25`
ssdeep	`384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	73cc56f20268bfb3_api-ms-win-crt-string-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-string-l1-1-0.dll
Size	22.9KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`404604cd100a1e60dfdaf6ecf5ba14c0`
SHA1	`58469835ab4b916927b3cabf54aee4f380ff6748`
SHA256	`73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c`
CRC32	`C04CB509`
ssdeep	`384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	3cc1377d495260c3_api-ms-win-crt-convert-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-convert-l1-1-0.dll
Size	21.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`72e28c902cd947f9a3425b19ac5a64bd`
SHA1	`9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7`
SHA256	`3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1`
CRC32	`29B4635D`
ssdeep	`384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1be0db9420de09f3_am.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\am.pak
Size	6.0KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`696e17ecd89918018afe3a0914c2880b`
SHA1	`a53f9e7ddf14446d8f0d66e8e17f0c1a76e36f0c`
SHA256	`1be0db9420de09f3587cd2b77bbb7c578e725678750db92ab83a1aeadf779314`
CRC32	`00749407`
ssdeep	`96:9UgXw9LH+Lx1balS/RlUgg+sBLuyZDzaHAfDOtJngOvFfkFte2Ffde4j8IT06H3q:9BwBQYyLUgU5OgfD6JngOvFfkxFfdpjC`
Yara	None matched
VirusTotal	Search for analysis

Name	2a38a531314022b0_fr.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\fr.pak
Size	4.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`0baac596dc5f596d0c22d9bfbf105f4f`
SHA1	`4b98d3993bdf866c7d2c3d0144453e4adfcedbf2`
SHA256	`2a38a531314022b022afe9e5bb360bede43403ac9efd6cb9ebfcea8a390552d4`
CRC32	`00A1971B`
ssdeep	`96:YnVnhUKdPirZhRsVkbYE8SzQP/a5QN1o7dFRUTIY:WVnhUsPirZhRykkEFGa5QXo7w`
Yara	None matched
VirusTotal	Search for analysis

Name	fa573f6af8fa12f1_en-us.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\en-us.pak
Size	3.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`79e4958717489818b667c1338da53063`
SHA1	`59d832949e80605f396c1e984ae7a2211600de96`
SHA256	`fa573f6af8fa12f19bf73004b9f130c77bb110b4a3e48aad20eca899e79b6dbb`
CRC32	`B33EA28C`
ssdeep	`96:lUudGz1HD2SPZL/AuHMlRnDggluCzuCYg21:ZdGz1jnP1hsfnDgglpuCfU`
Yara	None matched
VirusTotal	Search for analysis

Name	c184b9ce842309f1_ja.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ja.pak
Size	4.7KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`d0ab3731fa27abdc702261f0fd6bf900`
SHA1	`d1d2424a5ed0d6980f1374ead68b221cc8579b19`
SHA256	`c184b9ce842309f1cb29c788a6ffe5c919a35a791c4f289886f726c564b6416e`
CRC32	`34805FF1`
ssdeep	`96:ROr0OVXbuA3ZwWb2bdxd/EpVQ5Nf3a9acCcXc1p:ROr0OVXbu9WexNmVMiU`
Yara	None matched
VirusTotal	Search for analysis

Name	b4502caf480c598a_ml.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ml.pak
Size	10.3KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`2be454a0b0829c46cb4405c656f87379`
SHA1	`697aabf49452ee5b9668e747721cc9cd5390bc99`
SHA256	`b4502caf480c598a84454a783221c29f78661e4343f932a743ea3767b0b793ff`
CRC32	`9E98E2E4`
ssdeep	`192:VM1DAYEW4c+RypDOWmXTcxziJakbmfOkGqwj:ajYcmcm9bQu`
Yara	None matched
VirusTotal	Search for analysis

Name	c9bbc07a033bab6a_api-ms-win-crt-runtime-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-runtime-l1-1-0.dll
Size	22.3KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`41a348f9bedc8681fb30fa78e45edb24`
SHA1	`66e76c0574a549f293323dd6f863a8a5b54f3f9b`
SHA256	`c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b`
CRC32	`1E462B97`
ssdeep	`384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	51f65ce56f07dd3b_snapshot_blob.bin Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\snapshot_blob.bin
Size	1.2MB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`25cb86dd6bbdc336f3d095df4ad620d0`
SHA1	`26d9d3f31a2a6bf84c52fa70838c845366512a0d`
SHA256	`51f65ce56f07dd3b1dea54c5aba8a540303a63714f8c0ff9c5d14c08cf692cf0`
CRC32	`0B7F7538`
ssdeep	`24576:1BI0kf9UNJ33UoZAJxhhO33OFFZ6FOjjOvaWhO33O3h9G:pkiN9UoZAJxhhO33OFFZ6FOjjOvaWhOD`
Yara	None matched
VirusTotal	Search for analysis

Name	445da6e19215fcec_zh-cn.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\zh-cn.pak
Size	3.4KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`0ef4a78657318dc86050b3249526fc21`
SHA1	`69dd47ad27f30041041b8ca34d24bdf58e227abb`
SHA256	`445da6e19215fcecf6fd557b998f0fed82dd5a7393d58ecec685010b773eb140`
CRC32	`1623FBF8`
ssdeep	`96:OMFuk1edvwfLOM06kvi8mgsxZA1n3NlBQ8fzgMQ867IE:v31Hfb8uTA1nO8fzgMQ867IE`
Yara	None matched
VirusTotal	Search for analysis

Name	18b6d2f8e84ab3ea_id.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\id.pak
Size	3.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`f1b1f28349b93119b91008672ac32049`
SHA1	`2d3ac62c173d52efe1f3c33b92521d36af201628`
SHA256	`18b6d2f8e84ab3ea2f915578552606bca4b70736a105e10b4d7cf97c9301584f`
CRC32	`AFC8C452`
ssdeep	`96:Cj2hefDxJZ24yFJDAaAB8q8EbSmCZGLeXSQf3/Q3xAjxmD:CjxbxGFNAaA9VNK9SQfYuW`
Yara	None matched
VirusTotal	Search for analysis

Name	55db0dde1cda7c05_da.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\da.pak
Size	3.5KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`2d75bd768ba776101ee8cbc16e08fec2`
SHA1	`9885631965934d5b92426a934d72ccfda1b1709e`
SHA256	`55db0dde1cda7c05575d1114568d28fa9a2177ce9df516fdd05177610f05afcf`
CRC32	`B37BDC03`
ssdeep	`96:Z1P1L2Yg+rszRd/P1V9MlOL8cyScTs3DhDU/EZ87s:ZlBYv1V9MlK8cySes3tw/Ed`
Yara	None matched
VirusTotal	Search for analysis

Name	e2350b7faf8a6f5c_ca.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\locales\ca.pak
Size	3.9KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`8b622316b070a2ddefc163b5b29b1891`
SHA1	`9b159c2f4418ff54e95f904b7cf16a943aed681a`
SHA256	`e2350b7faf8a6f5c233dd24133ca0352bb96edc8ff9af32392f10112acd038e0`
CRC32	`44107015`
ssdeep	`96:AUIAvOSVQnPBl+LHy/BcZbSZ9Jz94IvXqUQEQ6TH3Hzniv7:cYOlnPP+W/CZeZ9Jz94IvXqUQEQ43HbM`
Yara	None matched
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-F0FD0.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2328 (smcalc.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c03124ba691b1879_api-ms-win-crt-process-l1-1-0.dll Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\api-ms-win-crt-process-l1-1-0.dll
Size	18.8KB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8d02dd4c29bd490e672d271700511371`
SHA1	`f3035a756e2e963764912c6b432e74615ae07011`
SHA256	`c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b`
CRC32	`9C376D11`
ssdeep	`192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU`
Yara	IsDLL - (no description) IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c9737b43ea1a95b2_calculator.exe Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\calculator.exe
Size	47.3MB
Processes	2508 (smcalc.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1951eb57f3024699e43ffa669925d2d2`
SHA1	`6a63c253a8542cde56a3d28ad0f4605cd3ae9bf4`
SHA256	`c9737b43ea1a95b20de401273834da9cc550ed004f616bee10be9234c084ab68`
CRC32	`538AAAC6`
ssdeep	`786432:5iNG6URRcmCx8TDlx0CDvs6D0vdjzkUaswiPhC7xb:5iNyRcmCx8370CD5QvdjwU34`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Obsidium_Zero - Obsidium protector file anti_vm_detect - Possibly employs anti-virtualization techniques Malicious_Packer_Zero - Malicious Packer HWP_file_format - HWP Document File Microsoft_Office_File_Zero - Microsoft Office File IsPE32 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	fa39da43c2768b24_ui_resources_200_percent.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\ui_resources_200_percent.pak
Size	75.1KB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`2b158ae51ba8fb860af7b2a00d14c5ef`
SHA1	`00a18aa978b7f466616c44f1decbb4bb94dcdece`
SHA256	`fa39da43c2768b24d65f3b7a1679444c16ee7ee621397b45f717389be594d40d`
CRC32	`EA417625`
ssdeep	`1536:GhztUorbzBYrmI5AXr194Fedg/om5v5/KwpyNsFE:GVtVbt5GYg/omVgwoqa`
Yara	None matched
VirusTotal	Search for analysis

Name	d830e987acd57464_content_shell.pak Submit file
Filepath	c:\users\test22\appdata\local\smarttool calculator\content_shell.pak
Size	8.3MB
Processes	2508 (smcalc.tmp)
Type	data
MD5	`55f9480f9f55fe6fd1ea9f431120a1bb`
SHA1	`63384fd498cc9ceae8c568c4dd90516f94fabd71`
SHA256	`d830e987acd57464bcbc3bd538103fddfb4a276f9cb823c1340e3f358189323c`
CRC32	`AA023720`
ssdeep	`49152:FLAwTW7jbvQqv8jwXOQXRFzu0G1hdAK5RwJbeuRkoS4olWhSNZ3dWjl8hvI0KOqf:FLFYz5v8j2OQh+1hzw8f43`
Yara	OS_Processor_Check_Zero - OS Processor Check Schwerer_IN - Schwerer
VirusTotal	Search for analysis

Name	07c09b206faa8934_f_000001 Submit file
Filepath	C:\Users\test22\AppData\Roaming\Calculator\Cache\f_000001
Size	20.3KB
Processes	2968 (Calculator.exe)
Type	gzip compressed data, max compression
MD5	`39307e27138b106e53f1a4af27d63094`
SHA1	`9c2fbfb3f19bf72a282a101d1c802c287dbb5fab`
SHA256	`07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464`
CRC32	`62EAD745`
ssdeep	`384:TZZGH44LHLjQ0AUfLgfysuwaVGaQnx6UG73gm+ROcDpAHKYRMPZ9noCaQo:TZAH9/jTAUfLOysuwaVlXUGgm1rrMPZu`
Yara	None matched
VirusTotal	Search for analysis