| Name | b326f5301b87efea_5.ini |
|---|---|
| Filepath | C:\Windows\Fonts\5.ini |
| Size | 109.0B |
| Processes | 2596 (vers.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 923f7589f2838741f687a1587317bc34 |
| SHA1 | dca76032352d602fe4cd1c95790ce895239a957a |
| SHA256 | b326f5301b87efea0b030346985f508789ec3fb262af1b02cd9fed454ed7d999 |
| CRC32 | 059548DE |
| ssdeep | 3:aCdgLxqrZfyM1KD/nHAlYIEDFwbFQqQGLWYURK54:mLxiH12/HeYIEDFwbpIV |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b2a3172a1d676f00_trfo-2.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\trfo-2.dll |
| Size | 29.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 3e89c56056e5525bf4d9e52b28fbbca7 |
| SHA1 | 08f93ab25190a44c4e29bee5e8aacecc90dab80c |
| SHA256 | b2a3172a1d676f00a62df376d8da805714553bb3221a8426f9823a8a5887daaa |
| CRC32 | 4011D99D |
| ssdeep | 768:NluruFqeE4KRu8B/4VHNaEoPw6HtFhCC48qkfg:Nlu0EDRTl4VHkw6NLA8 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 41641cf88f475839_28915125.dll |
|---|---|
| Filepath | C:\Windows\SysWOW64\28915125.dll |
| Size | 37.0KB |
| Processes | 2244 (ctfmona.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | 5215e190a673dd7ea632f030930405d2 |
| SHA1 | 0d7d1798d81ae91499feac21bdad31f4abebc755 |
| SHA256 | 41641cf88f4758390efbff30938c0a8de317f9339a8e8aff38793d40c45b066a |
| CRC32 | 7E4A2D4C |
| ssdeep | 768:ZesiLUI0PPZrmzsXAUWjNCHmhzoVBvxamBT8TiuKmLHdrqA7PZ:QRUdrm4fWjNxKBhx7ulL7 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b3d510ef04275ca8_cloud.log |
|---|---|
| Filepath | C:\Windows\Fonts\cloud.log |
| Size | 2.0B |
| Processes | 3340 (None) |
| Type | Little-endian UTF-16 Unicode text, with no line terminators |
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| CRC32 | 88F83096 |
| ssdeep | 3:Qn:Qn |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 09891e333317fadc_6.ini |
|---|---|
| Filepath | C:\Windows\Fonts\6.ini |
| Size | 110.0B |
| Processes | 2596 (vers.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | b98d573d5431161b24b86b383d80e784 |
| SHA1 | 379b73c18babcc10a528a3ad0363213dcb69f917 |
| SHA256 | 09891e333317fadc371767ca4a51ab67bf3806b5563cb49c6eab872dc220b9e7 |
| CRC32 | A3AA7A4E |
| ssdeep | 3:aCdgLxqrZfyM1KD/nHAlYIEDFwbFQqQGLWYURK/c4:mLxiH12/HeYIEDFwbpIk |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 506c234275d09780_nanshou.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\NansHou.dll |
| Size | 56.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 1ba9879329940513a79513ed27f96cf8 |
| SHA1 | 0910944b6ae59b66985bebf2a596a11c13934573 |
| SHA256 | 506c234275d09780af379c2d2e617da83484ba9927ebe014c732e9877514c096 |
| CRC32 | 44514C94 |
| ssdeep | 768:y5uXbfK3lKtqRj8AR9W/2FXO+JYq5br+5zGPycsp5wtS:BLklhcCYq5P+5CP7qetS |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 15292172a83f2e7f_exma-1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\exma-1.dll |
| Size | 10.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | ba629216db6cf7c0c720054b0c9a13f3 |
| SHA1 | 37bb800b2bb812d4430e2510f14b5b717099abaa |
| SHA256 | 15292172a83f2e7f07114693ab92753ed32311dfba7d54fe36cc7229136874d9 |
| CRC32 | 332D0060 |
| ssdeep | 192:+ouDzncwrjGQmzZbO8sEk3jMkx6VuxLj4l5JVIb/A:+xDz1azZa8Bkz5xDxH4xmk |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0527b2802ca5a2d9_sp123.exe |
|---|---|
| Filepath | C:\Windows\inf\sp123.exe |
| Size | 233.7KB |
| Processes | 800 (c64.exe) 2632 (cmd.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 97f7062f5e3e483236f456899b2ccb4e |
| SHA1 | 931882704cb00cd49fbb04239024dcb58f6816b3 |
| SHA256 | 0527b2802ca5a2d934f114ba56febde8e749530a1591e8010e4e0c7c127e78f1 |
| CRC32 | FDBFB987 |
| ssdeep | 6144:H2ynQQ4rk/OmGU+pq/Q5pimdzMpbOJKoSc:WycyGU+pfikuq0oSc |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 7fc922f3879f928f_sss.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Sss.bat |
| Size | 332.0B |
| Processes | 2596 (vers.exe) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 37421261bc6c43ff550d43965fb576ad |
| SHA1 | 0c9694f502b800bebba85f19b77fcee379ddd0ef |
| SHA256 | 7fc922f3879f928fea6583c022399bd77da81f05b14b275b9209d39b8b16a53e |
| CRC32 | EAD3F746 |
| ssdeep | 6:hFuRqFDAWGFHG5qF2qFyJyqFZfxiH12/HeYIEDFwbpIW3QQvabGF5CJ+n:IbFH61Ry4MV2/+le+ZSbH+n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0c400688f8170410_ctfmona.exe |
|---|---|
| Filepath | C:\Windows\inf\ctfmona.exe |
| Size | 32.5KB |
| Processes | 800 (c64.exe) 2404 (cmd.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | ff8a7fe058166ccb1d7822fa873cdca5 |
| SHA1 | be89a0aaa2244c490c10f61c4168c427a9ae6733 |
| SHA256 | 0c400688f817041082024cae97ebf96ed9048a9403a3330623d4ecdc57abcbbd |
| CRC32 | D91A60EF |
| ssdeep | 768:Mw/iOWTK3JWhOM/qZh7UJGcZ/q3X7ffYlo8nbcuyD7U7s9:zQK52fqZSIACjfYlo8nouy87s9 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 58361275c9ce4b07_xsfxdel~.exe |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\xsfxdel~.exe |
| Size | 37.5KB |
| Processes | 2596 (vers.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a48b642733b4ed0b2f63c726bea5710f |
| SHA1 | f383f6eb661b6aea3da2f4f2b21b2cbc40ced2a2 |
| SHA256 | 58361275c9ce4b07a6ee13ddc83f80e88571ea9d4e1aedc476f7d613938b47a6 |
| CRC32 | 31F0EE6C |
| ssdeep | 768:Op8N/wZaRSHS8m/3Ud6f04mw94y+CwY69IsXm648tcUb8x:OQFP3/EdC4y9QPtIx |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6b891a659b3a17c2_same.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\same.bat |
| Size | 11.1KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 07986ecd5f759e85db37302bd0493ea4 |
| SHA1 | aec5bfe87cf052ca8dd4c909e5a35ff670c08edb |
| SHA256 | 6b891a659b3a17c238918533f704c9d47f6e2f958f94a23cace19c6922cb4829 |
| CRC32 | DBBF3061 |
| ssdeep | 192:fsOv/czgWii2OR9c5aEHMLnuZhjJ8prN8wirO5EGUsdHHkx:f5v0zgWiirR25aEDsN8rrO5EGUsdHHkx |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b6bf46ab3fa37c1f_nei.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\nei.bat |
| Size | 2.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 4c42cb692e83bb6fac57054686ba2b88 |
| SHA1 | c42fb60083291d93b552917b11dcdc2f57289736 |
| SHA256 | b6bf46ab3fa37c1f15b236cc34331c0f0cfa4ebf3cd47dd7e2aff4c01d24233d |
| CRC32 | 75BA1AE4 |
| ssdeep | 48:pwcycI/pXX4AXpX5uILJ2JIwIUOXpX8cSLaQy8u+AiCMy+:tNIVh5uILJ2JIwIl8cSLX3u+AiCM3 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | aa8adf96fc5a7e24_zlib1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\zlib1.dll |
| Size | 59.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | e4ad4df4e41240587b4fe8bbcb32db15 |
| SHA1 | e8c98dbcd20d45bbbbf4994cc4c95dfcf504c690 |
| SHA256 | aa8adf96fc5a7e249a6a487faaf0ed3e00c40259fdae11d4caf47a24a9d3aaed |
| CRC32 | CE7AC798 |
| ssdeep | 1536:B/Dm7yqxVqWk9XZDGu8I+rnToIfnIOwIOkyk:B/DmWaq/9XZDwLTBfJmkyk |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 96a8ce8ca7506e8a_sql.bat |
|---|---|
| Filepath | C:\Windows\Fonts\sql.bat |
| Size | 903.0B |
| Processes | 2596 (vers.exe) |
| Type | Little-endian UTF-16 Unicode text, with very long lines, with no line terminators |
| MD5 | 77666261727aabaea06a7cc0746c4f4e |
| SHA1 | 7822f2f8e740ba389d78a613b62278dcea2ce344 |
| SHA256 | 96a8ce8ca7506e8a5d2a812635a049c2b4efd28a23d0c348e7fefa05ca9e4901 |
| CRC32 | 2415B5ED |
| ssdeep | 24:Q0e0cs/sHdp4dhws6x34df9xpsxqL8P19xpslTp8LAE:3Yml+YI |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 85b936960fbe5100_eter.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\Eter.exe |
| Size | 126.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 8c80dd97c37525927c1e549cb59bcbf3 |
| SHA1 | 4e80fa7d98c8e87facecdef0fc7de0d957d809e1 |
| SHA256 | 85b936960fbe5100c170b777e1647ce9f0f01e3ab9742dfc23f37cb0825b30b5 |
| CRC32 | 25128092 |
| ssdeep | 1536:YEI4kX/3TWbMPqc+4GJky+IBgXDfsggZK4WBc+FtDc+AX4VHKpdhxm/wl6uv/+Ws:ITiMPqiruJB+rrAX4edbmruvmkI79 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 756f44f1d667132b_eter.xml |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\Eter.xml |
| Size | 7.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | XML 1.0 document text |
| MD5 | 497080fed2000e8b49ee2e97e54036b1 |
| SHA1 | 4af3fae881a80355dd09df6e736203c30c4faac5 |
| SHA256 | 756f44f1d667132b043bfd3da16b91c9f6681e5d778c5f07bb031d62ff00d380 |
| CRC32 | 40102854 |
| ssdeep | 192:N59/klempFDP/OoNO+nGINyXtgr12Il6Vet4f:N5KlZpF6IM |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ce9395de35523883_vers.exe |
|---|---|
| Filepath | C:\Windows\inf\vers.exe |
| Size | 326.3KB |
| Processes | 800 (c64.exe) 1800 (xsfxdel~.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 48d9d977fec87a473d3bb9d83a1a5e57 |
| SHA1 | c54e206936f8de7d0c1fe2718c965c6a1c42b2d0 |
| SHA256 | ce9395de355238836c69d06bde29ec02d42469c5609c7d65f9858634adc572b9 |
| CRC32 | 9A954F1D |
| ssdeep | 6144:2sVXQRbbCKrjv1dufr1dsBVwuyNLXEVa8sSWdkW6/YaChLErh1LDni:TQRP3rTgxEVaNXdkiYh1LDni |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 4eca108f8660f022_file.txt |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\file.txt |
| Size | 906.6KB |
| Type | ASCII text, with CRLF line terminators |
| MD5 | b118ec8bd274190f2860d6b2c133e6a1 |
| SHA1 | f604923c979f03d9093a3dbcf12aedbe845a979f |
| SHA256 | 4eca108f8660f02271a4706b0f4f1dc660e2338056e66dae5418cdb631b89d0e |
| CRC32 | 5874063F |
| ssdeep | 1536:78Z5eJbBOvy2YqRMMTvRKnfSZMauDr0pQ1EApx76U6CSm6KmW6aEMigSUsUKmGak:7acl+JFKn4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 181ce9db0dea2a3a_ctfmon.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\ctfmon.exe |
| Size | 2.2MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 762ed51daa67d2a6a4ea641ec5a5b6f3 |
| SHA1 | 9d6f2b7db9b2ee86206fc209824bd4fc23f594cd |
| SHA256 | 181ce9db0dea2a3a2e08860620c3015e61995a93729cb07e0b157d0e75c73343 |
| CRC32 | 80156EAA |
| ssdeep | 49152:jyWhIEPXY6Ya8tX/sXoOTHFBFbh5uAdOS9UoEoEEuCWXzI82mN:jyWOAhMfOTHn9C/S9UsEEqXF |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 3f626b9c29cec969_poab.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\poab.bat |
| Size | 2.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | ab234159a8bc206d06203086944b72c4 |
| SHA1 | da7b649967978b5d3a9a8dc617f619972c50a3c2 |
| SHA256 | 3f626b9c29cec96974678b900d9ea540ee4a930f813558b19cb8585f0186ac33 |
| CRC32 | 5C371509 |
| ssdeep | 48:RhhmU1A9PaeejMQ5dSeWIMQW0SEEeejMQ5SSeWIMQp:PhTu9ie8pDNgxe8WDNP |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5546a5fef67827c4_p.txt |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\p.txt |
| Size | 27.0B |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 892905673d30c16a4fdba572a8265bfd |
| SHA1 | f70ed918b4a6ad7f31eec015ec33a966a1c0ecd7 |
| SHA256 | 5546a5fef67827c46c4ba25de8b88213f627b8ff1c1d4860dcb7bdf1ca8367ea |
| CRC32 | 8EEF2F11 |
| ssdeep | 3:FwhctWJAIF:OhctAhF |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf25bdc6711a7271_tucl-1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\tucl-1.dll |
| Size | 9.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 83076104ae977d850d1e015704e5730a |
| SHA1 | 776e7079734bc4817e3af0049f42524404a55310 |
| SHA256 | cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12 |
| CRC32 | 0B4CC53D |
| ssdeep | 192:EXTHmlw2IjGFKL6rBbnbO8slVnZp7snHQNv8uU4l5XLIb/p2:yHm218DrB768mFZxsKv8v4/cF2 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 0439628816cabe11_coli-0.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\coli-0.dll |
| Size | 15.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 3c2fe2dbdf09cfa869344fdb53307cb2 |
| SHA1 | b67a8475e6076a24066b7cb6b36d307244bb741f |
| SHA256 | 0439628816cabe113315751e7113a9e9f720d7e499ffdd78acbac1ed8ba35887 |
| CRC32 | 9E451F17 |
| ssdeep | 192:c1VDVzDJuoJ/a8yRIB4Al4rKoRbFjGgGz3bG8sEwdCs8Ej2uHR0EhBkM2NFU+z4o:c1VxsoNKI++u1qz3K8BwxCO103z4VL2 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | aceb27720115a63b_libxml2.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\libxml2.dll |
| Size | 807.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 9a5cec05e9c158cbc51cdc972693363d |
| SHA1 | ca4d1bb44c64a85871944f3913ca6ccddfa2dc04 |
| SHA256 | aceb27720115a63b9d47e737fd878a61c52435ea4ec86ba8e58ee744bc85c4f3 |
| CRC32 | ED0E3D30 |
| ssdeep | 12288:OhdWYPkG1r0VtrTMhsGCQcdGfGwKaNAu5uld+tirrmrx+448+:4lPpr0PsBCfYfGg6t3rm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 241328fd46d6ddea_cmd.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\cmd.bat |
| Size | 25.3KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 66b66dc0eb2437b233a8256b9a02902f |
| SHA1 | 0f8664e738f52053e5b4f07812b76647bde52c9a |
| SHA256 | 241328fd46d6ddea11cb6ed2514a950a083e623fbdd9a02602a5696e8b6b6a0e |
| CRC32 | 9997EA8D |
| ssdeep | 384:aNX/rtJ/rC9r0J/rd9riJ/rd9rU/rW/rAJ/r7:cF |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 682d1b8ce834d9fe_sqlser.exe |
|---|---|
| Filepath | C:\Windows\Fonts\sqlser.exe |
| Size | 262.4KB |
| Processes | 2596 (vers.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c68638e7b04ad2057f17436b5f42428c |
| SHA1 | 60b3a1c6b1aea5d6b9a5b38f0573e5326703655e |
| SHA256 | 682d1b8ce834d9fe4203bca5b8dcfdbf7229dd96e9e4ee929bcac536922abded |
| CRC32 | 448BE886 |
| ssdeep | 6144:nTsPOXEAi4gxte5S2qvgzJNTkvX+tJsCxHq9TUG:n/XEXxg5SJgzgX+tjRq9TUG |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2b7943b95848b8bb_free.bat |
|---|---|
| Filepath | C:\Windows\inf\free.bat |
| Size | 4.1KB |
| Processes | 800 (c64.exe) 1792 (cmd.exe) |
| Type | DOS batch file, ASCII text, with CRLF line terminators |
| MD5 | 51afe818313482489cb53ecf97cef985 |
| SHA1 | cbc57a7d69d4d8224e6be3ea0ffa1e597aec1a3d |
| SHA256 | 2b7943b95848b8bb71495197a65d5af3ac4f649dfd665c08ae083ffd63cecaba |
| CRC32 | 1F366031 |
| ssdeep | 48:p1waenEaWaoa9ayapFYpD2cycIwpIaKwCzLHzQzQzoedF5Kev+5ga7o7Arl:LwgZ76l19NIwpIaKwCvKK3F5KAq0i |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b38edaf5f733693c_sqlser.reg |
|---|---|
| Filepath | C:\Windows\Fonts\sqlser.reg |
| Size | 192.0B |
| Processes | 2596 (vers.exe) |
| Type | Windows Registry text (Win2K or above) |
| MD5 | cdad5acba01a162d073ae0bbea8dae52 |
| SHA1 | 9a31f618ec45dbde0995f736689271b4942d1c48 |
| SHA256 | b38edaf5f733693cc9366a8f72ba809d891f20b1ed4eceb75a397c42807d2a58 |
| CRC32 | C63E50EB |
| ssdeep | 3:jBJ0nMWXZ6RKZFNKo1gLxqrZfyM1KD/nHAlYIEDFwbFQqQGLWYURKGyH2wBAAK8F:jBJ0nMhRKLNKomLxiH12/HeYIEDFwbph |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c5a346bd16c246db_svchost.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\svchost.exe |
| Size | 256.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 7afcf45907f225e3e3cfeece3bbcd410 |
| SHA1 | 9747e4c11bcf0393e1d1a2ac4b7c43af590da0bc |
| SHA256 | c5a346bd16c246db669605c70a547204313c0fa2325332a3d8427a4449e5b40e |
| CRC32 | 12BEF120 |
| ssdeep | 6144:tBULviqYnI3QA7JTXRnZSHL2GZbkG/TZgLgstxfNB:ZqBlG/TZgUszfNB |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | d5ed8898b797a8e2_Eternalblue.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\Eternalblue.dll |
| Size | 69.5KB |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | ce42bd13109a5cff3bb7df171669d43e |
| SHA1 | ab2507722c69777374a9a2af3ed63645e42471c0 |
| SHA256 | d5ed8898b797a8e2c6d9480d34ef70d910145bde21dc3aaaca4d2c4de9a48b03 |
| CRC32 | 417F24DA |
| ssdeep | 768:a8O6iuBiWMeSTM7lhtFS5oLIpTlG+8+aYHdRP9tshsG98U4hHNEDQ4F4iNx5i:a16iuzMeSTQF3nKaY9RsJ8UaBs5i |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 2d6bdfb341be3a62_hosts |
|---|---|
| Filepath | C:\Windows\System32\drivers\etc\hosts |
| Size | 824.0B |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 3688374325b992def12793500307566d |
| SHA1 | 4bed0823746a2a8577ab08ac8711b79770e48274 |
| SHA256 | 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085 |
| CRC32 | 259FD3A9 |
| ssdeep | 24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt8:vDZhyoZWM9rU5fFcp |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0259d41720f70847_trch-1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\trch-1.dll |
| Size | 58.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 838ceb02081ac27de43da56bec20fc76 |
| SHA1 | 972ab587cdb63c8263eb977f10977fd7d27ecf7b |
| SHA256 | 0259d41720f7084716a3b2bbe34ac6d3021224420f81a4e839b0b3401e5ef29f |
| CRC32 | 72B6454C |
| ssdeep | 768:9fo4XJn+xrNRFydS3allJVAI5az6oL5BsterNpGEi1Yt4KH8va:9DurNRFoS38lJD+B4te5pGjY+da |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 546574708d1cd1a7_wai.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\wai.bat |
| Size | 2.3KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | cd6fd2959b8ec762511f6c36adfb35bb |
| SHA1 | b7ac5fd3c469c9b08646f45ee67c5b21d7db68e1 |
| SHA256 | 546574708d1cd1a75f51e331851839de587a6e1273d936a73853dc542c0813c6 |
| CRC32 | 48A75E87 |
| ssdeep | 48:Q7FcycqcI/pXX4AXpX5uIReJ2JIwpOXpX8BhLbQIN8Ily3fn:cCN1IVh5uIReJ2JIwC8BhL8IWIW |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 06fff73739e01b99_tem.vbs |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\tem.vbs |
| Size | 216.0B |
| Processes | 800 (c64.exe) 2504 (wscript.exe) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 458cb1e6802d733754dd47c397fabc11 |
| SHA1 | 843a0c1264a09ba8cd39de7acf3c0b4faa490eec |
| SHA256 | 06fff73739e01b997a33a9efeef6b7faa23f089bd3988d32f4528e0bcf743e27 |
| CRC32 | 47B0742B |
| ssdeep | 6:aBjw+7y8UpAM1mQpcLJ23f+h/xAM1mQpcLJ23f/THp:+dnUpAYOLMoJAYOLMjJ |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8d31ee8648ca9c77_loab.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\loab.bat |
| Size | 2.7KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 01b103a1531d23c0f0a431b07fa2bb8b |
| SHA1 | 2c139652131b7fd56aa14fccac7886ea0aa2c943 |
| SHA256 | 8d31ee8648ca9c777eced80d409b578b3ab94109ab2bd9b983585dad22c52ef0 |
| CRC32 | 21A9A493 |
| ssdeep | 48:RhhmU1A9PaemjMQ5dyeWIMQW0SEEemjMQ5SyeWIMQC1A9PYemeWIMQ5VyjMQp:PhTu9iekpjNgxekWjNou9we3NRoP |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4abffb9ff80aa71d_1b9376a.dll |
|---|---|
| Filepath | C:\Windows\SysWOW64\1b9376a.dll |
| Size | 616.7KB |
| Processes | 2440 (sp123.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 0568d81c0207030ba3945b819148f96b |
| SHA1 | 9a781eb8b115dc36dfc4fc75ab34542602a7356f |
| SHA256 | 4abffb9ff80aa71df05d9f85e5568cc5c637b1d7de1523023c5d0639cfda62b4 |
| CRC32 | AAEFF156 |
| ssdeep | 12288:AseEqVdCuir+TMIY3UmYn0YaAsm3PGpTpM5rSTr958cQ2i3:AQqVdCuir+TMIY3UmYn0YaAs4GpTpM5r |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1328bd220d9b4baa_taskhost.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\taskhost.exe |
| Size | 14.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | c097fd043d3cbabcada0878505c7afa5 |
| SHA1 | 966a60028a3a24268c049ffadbe1a07b83de24ce |
| SHA256 | 1328bd220d9b4baa8a92b8d3f42f0d123762972d1dfc4b1fd4b4728d67b01dfc |
| CRC32 | 3B5BCB81 |
| ssdeep | 384:FbvAEV1n+LNA8tmWsejswNlqL9Yql+FgB6BjiMxFV:V3Se+F |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | b556b5c077e38dcb_crli-0.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\crli-0.dll |
| Size | 17.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | f82fa69bfe0522163eb0cf8365497da2 |
| SHA1 | 75be54839f3d01dc4755ddc319f23f287b1f9a7b |
| SHA256 | b556b5c077e38dcb65d21a707c19618d02e0a65ff3f9887323728ec078660cc3 |
| CRC32 | 2A3E0024 |
| ssdeep | 384://8GSU0q4AG2FuEe4k9k+kGP599OdcxwX6Sn+P47kAkluNO8Nofi/4Rtz://8GSU0qnhEEe4QTHP79OdcxwX6S+PQA |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 6c55b736646135c0_mance.xml |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\mance.xml |
| Size | 20.9KB |
| Processes | 1972 (ctfmon.exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 90d179a2f46c02bcdf9cf625ea5aa752 |
| SHA1 | 3eb0da5a71456c7c2459fa44611ff53cd1b36a15 |
| SHA256 | 6c55b736646135c0acbad702fde64574a0a55a77be3f39287774c7e518de3da9 |
| CRC32 | C5C17B7F |
| ssdeep | 96:i06QxDq/1yDOP0HX0NW07N0jcfU9PLD0Qg0+d0U0PHKbSP0B0btIaTiP0zTM0h8T:i0BYGUuukfew8UEhTZdNtug6aDShseVy |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b7d8fcc3fb533e5e_xdvl-0.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\xdvl-0.dll |
| Size | 31.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 5b72ccfa122e403919a613785779af49 |
| SHA1 | f560ea0a109772be2b62c539b0bb67c46279abd1 |
| SHA256 | b7d8fcc3fb533e5e0069e00bc5a68551479e54a990bb1b658e1bd092c0507d68 |
| CRC32 | 52F35E55 |
| ssdeep | 768:ah/VicQqYL6tqi5CzTbvNJKMEKRW2FN4fn9n:ah/P5YJi5CzvvNJKMEX2FN4f9 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | dbe688ef4eb3d6c5_Doublepulsar.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\Doublepulsar.dll |
| Size | 84.5KB |
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| MD5 | 5e8f5cc14555509f6431e1ed534262fa |
| SHA1 | b0bcb3848dfbb7b817ec959163c508d7729349ca |
| SHA256 | dbe688ef4eb3d6c565e1cb5853fcf8c320e7c91de93143c02509b84d6834b3b2 |
| CRC32 | 3BFD6341 |
| ssdeep | 1536:p35TVVxT5sSdSvhjGWXuIUPVx/dZz0xE:p35TVVxlX0jGWXuIUPVx/zz0x |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | be8eb97d8171b8c9_ssleay32.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\ssleay32.dll |
| Size | 180.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | 5e8ecdc3e70e2ecb0893cbda2c18906f |
| SHA1 | 43f92d0e47b1371c0442c6cc8af3685c2119f82c |
| SHA256 | be8eb97d8171b8c91c6bc420346f7a6d2d2f76809a667ade03c990feffadaad5 |
| CRC32 | BAE836DA |
| ssdeep | 3072:mLTO9u7hG/sRtbvSRvkFKSmxuMy2n+WztW56X3AdGa1XW3VL7uGLnPhanJE+hX:eyg7hztbvSRvkWxuMlndzouWnmPLcnJ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 9cfd660e5be49839_poad.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\poad.bat |
| Size | 2.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 36a90b771d5eb1fc06d29377816f643e |
| SHA1 | 9fa210a193da7d2bf4f865938bbc76247152ca44 |
| SHA256 | 9cfd660e5be4983976e1fdfd44b2c6b95a08eab7a985689d83a687dce9a8f8cc |
| CRC32 | 50168AD2 |
| ssdeep | 48:jIMmY4A9PBteWIMQR8XejMQnrScrteWIMQRVXejMQi:H39mN48MNR84 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b99c3cc1acbb085c_mance.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\mance.exe |
| Size | 43.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | 4420f8917dc320a78d2ef14136032f69 |
| SHA1 | 06cd886586835b2bf0d25fba4c898b69e362ba6d |
| SHA256 | b99c3cc1acbb085c9a895a8c3510f6daaf31f0d2d9ccb8477c7fb7119376f57b |
| CRC32 | 3BE9B288 |
| ssdeep | 384:JoviO9v8ev1gHVXNuxqmwA6vAbCm2qu09mEwj7Bh+GQKOtGvMuSeU2dl4el4xP:QiO9y0xqm6vAGmXHTnKOMBbl8P |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | cde45f7ff05f52b7_posh-0.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\posh-0.dll |
| Size | 11.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 2f0a52ce4f445c6e656ecebbcaceade5 |
| SHA1 | 35493e06b0b2cdab2211c0fc02286f45d5e2606d |
| SHA256 | cde45f7ff05f52b7215e4b0ea1f2f42ad9b42031e16a3be9772aa09e014bacdb |
| CRC32 | 6FE82322 |
| ssdeep | 192:BNn+r+YB4cdCjWXGyby8Eaw5Xs+dNjnGy6W4l5t1Ib/X:BdW+k4z3yu8rwy+dNjnGlW40 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | ca63dbb99d9da431_tibe-2.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\tibe-2.dll |
| Size | 232.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | f0881d5a7f75389deba3eff3f4df09ac |
| SHA1 | 8404f2776fa8f7f8eaffb7a1859c19b0817b147a |
| SHA256 | ca63dbb99d9da431bf23aca80dc787df67bb01104fb9358a7813ed2fce479362 |
| CRC32 | E1F2941F |
| ssdeep | 3072:GQng3MAngh6CNXfdUrYSaocn484kQL93ZnV6Bbf5+1qo3/mlch9VQ816oPYQ3:GwkQf4q481Qx3hV6Bbf5+1qbch9V91J |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 5f30aa2fe338191b_libeay32.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\libeay32.dll |
| Size | 882.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| MD5 | f01f09fe90d0f810c44dce4e94785227 |
| SHA1 | 036f327417b7e1c6e0b91831440992972bc7802e |
| SHA256 | 5f30aa2fe338191b972705412b8043b0a134cdb287d754771fc225f2309e82ee |
| CRC32 | 100254CA |
| ssdeep | 12288:G8Vbf1xLg6nelYgv1GZzd6qNvFBMhLG/SV2qvteuhNJspc4z84mbKeV4gbU:bo1v1GZFNvDya/SVQuhN2p9z84m3e+U |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | db97e6704f6992a8_load.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\load.bat |
| Size | 2.7KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 338f6ff5e687d1eec9b539057d6ab5a7 |
| SHA1 | 380289161026fabfe377d81a7889003d5b23e35a |
| SHA256 | db97e6704f6992a8f3d5d45279223e901860b6c1f45b230a403ca64f0a331c35 |
| CRC32 | F4B72A6C |
| ssdeep | 48:jIMm84A9PBDeWIMQR8XmjMQnrScrDeWIMQRVXmjMQF4A9PWKXmeWIMQ51EDjMQ6:HL9AN4k+NRkf9eq3Nw4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f1786c9da7299cea_aaa.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Aaa.bat |
| Size | 332.0B |
| Processes | 2596 (vers.exe) |
| Type | ASCII text, with CRLF line terminators |
| MD5 | 81a7a3c481ff59e656ceca320c89099b |
| SHA1 | 237c50b15ca1f9d626f9c2b0a8c98ec547ad277d |
| SHA256 | f1786c9da7299cea7f662c557d2c7863486953125db91a1d654fe6fd86b2c8c3 |
| CRC32 | 71D63DA1 |
| ssdeep | 6:hFuRqFDAWGFHG5qF2qFyJyqFZfxiH12/HeYIEDFwbpIdQQvabGF5CJ+n:IbFH61Ry4MV2/+ledZSbH+n |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | db0831e19a4e3a73_cnli-1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\cnli-1.dll |
| Size | 98.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | a539d27f33ef16e52430d3d2e92e9d5c |
| SHA1 | f6d4f160705dc5a8a028baca75b2601574925ac5 |
| SHA256 | db0831e19a4e3a736ea7498dadc2d6702342f75fd8f7fbae1894ee2e9738c2b4 |
| CRC32 | 54788145 |
| ssdeep | 3072:LrZL1wTcqmJ3QthbjsKXhoF3P3aTCLEA7HHxJPt:LN47aF3CTC37H |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | f0df80978b3a5630_ucl.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\ucl.dll |
| Size | 57.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 6b7276e4aa7a1e50735d2f6923b40de4 |
| SHA1 | db8603ac6cac7eb3690f67af7b8d081aa9ce3075 |
| SHA256 | f0df80978b3a563077def7ba919e2f49e5883d24176e6b3371a8eef1efe2b06a |
| CRC32 | 3A82CB6B |
| ssdeep | 1536:ncZeBwroDJXSoY9/8qqG9aCapIu2GfUFd0:ZWrSJCoyUlG9sg0 |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 1baaa595c6e5c48d_c64.exe |
|---|---|
| Filepath | C:\Users\test22\AppData\Local\Temp\c64.exe |
| Size | 3.2MB |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | b1e73ee6b76cdb99e5fcde09936de056 |
| SHA1 | 8f49af3880dd96646694b09ac08bf10c2ed474b6 |
| SHA256 | 1baaa595c6e5c48d0f8de547986623a725caf520d37112ed165497e1286e5c60 |
| CRC32 | F5B86AA7 |
| ssdeep | 98304:AH71JKBJv0G10TH8BACxv46LxeDFuKarviQrHc:Y71ABJv0GaTHix46LED4brviQ |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | a48ad33695a44de8_wget.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\wget.exe |
| Size | 392.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows, UPX compressed |
| MD5 | bd126a7b59d5d1f97ba89a3e71425731 |
| SHA1 | 457b1cd985ed07baffd8c66ff40e9c1b6da93753 |
| SHA256 | a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599 |
| CRC32 | 43F4C4C7 |
| ssdeep | 6144:eoxkuaVJiysgokd+8L2LZ9aUedgk+TGk57rrpmNDEpO/YIPOWCiwYFnY:JxkJLiynXvqjggpl57rrpmNQp2YIGRY |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 75775ea29ac61a02_tich-1.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\tich-1.dll |
| Size | 92.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
| MD5 | 1eeccf5961584ecda2bb7a3a662f51c1 |
| SHA1 | 56e40b2340a71629ec6e35838d5b20d9a14d7f0c |
| SHA256 | 75775ea29ac61a02a9a50dae7bb35299a400d432ff38ff4d8a1bfffbd0a768ed |
| CRC32 | 5CAE1E13 |
| ssdeep | 1536:NztdpTkAYTbHwF3XwfaxMU48/YtZ2jhvqWze4X7Zx8MV12w1sW4dKUgnM:dt3TkHT7wFwCxMUSYjhv1/rV12w6qnM |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 15ffbb8d382cd2ff_puls.exe |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\puls.exe |
| Size | 44.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (console) Intel 80386, for MS Windows |
| MD5 | c24315b0585b852110977dacafe6c8c1 |
| SHA1 | be855cd1bfc1e1446a3390c693f29e2a3007c04e |
| SHA256 | 15ffbb8d382cd2ff7b0bd4c87a7c0bffd1541c2fe86865af445123bc0b770d13 |
| CRC32 | B80C9BB2 |
| ssdeep | 768:Zfsz7cLr4VwePeXUTQq+BNV1WzV64aHo2Ej4rrIrL/SBfjyC:ZyJwFmB+jVTEkrmL/eT |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | c5228b9d7baf9579_bat.bat |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\bat.bat |
| Size | 4.6KB |
| Processes | 1972 (ctfmon.exe) |
| Type | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | 10b1afc216476e4600cbaa07a265159c |
| SHA1 | 4499d7e46be9b27d658505710b905c440f63cce8 |
| SHA256 | c5228b9d7baf9579fda050687ecef4b300e8e6675e2407475fdb8356bf713ac0 |
| CRC32 | 4C37C8B7 |
| ssdeep | 96:Bt/rH/rEDpTJydp2fMXII/r1/rlN2faXII/r1/rGxpNIRuIS:z/rH/rGTJy//r1/r5/r1/r4 |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf33a92a05ba3c80_puls.xml |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\puls.xml |
| Size | 5.2KB |
| Processes | 1972 (ctfmon.exe) |
| Type | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 09d45ae26830115fd8d9cdc2aa640ca5 |
| SHA1 | 41a6ad8d88b6999ac8a3ff00dd9641a37ee20933 |
| SHA256 | cf33a92a05ba3c807447a5f6b7e45577ed53174699241da360876d4f4a2eb2de |
| CRC32 | 42B0E8C9 |
| ssdeep | 96:yJhKJ6yPl/rGH4rAH+6UlbscJsZPF97yr+HKSB+x+M+rEH:k4JFIXepb9ga |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 50f329e034db96ba_dmgd-4.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\dmgd-4.dll |
| Size | 468.5KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | a05c7011ab464e6c353a057973f5a06e |
| SHA1 | e819a4f985657b58d06b4f8ad483d8e9733e0c37 |
| SHA256 | 50f329e034db96ba254328cd1e0f588af6126c341ed92ddf4aeb96bc76835937 |
| CRC32 | 5CBAE214 |
| ssdeep | 3072:VgSjV199+51p9xrQmd1xHQmh1t38lzwpzKVJV2E5Jp2rxrI1+uhHIZ+gHTTnIv+g:Vg1gm |
| Yara |
|
| VirusTotal | Search for analysis |
| Name | 25cef2e9ea661bcf_tufo-2.dll |
|---|---|
| Filepath | C:\Windows\Fonts\Mysql\tufo-2.dll |
| Size | 78.0KB |
| Processes | 1972 (ctfmon.exe) |
| Type | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | 9cb3057e116941401d0dec6571dc272a |
| SHA1 | d80272abb08fea01cb2a323cf48b24e202216b57 |
| SHA256 | 25cef2e9ea661bcf0f6a874501d2bd9e3c91d05d753dcf7541e91f2699b89f1a |
| CRC32 | 7C5FBB06 |
| ssdeep | 1536:xHOSFFlykET+BETuYSDj3pLc8mVPsWjcdV6BtYpz:NtFy+BETn4Jctwz |
| Yara |
|
| VirusTotal | Search for analysis |