Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

Dropped Files | ZeroBOX

Name	04afe789eab63d20__decimal.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_decimal.pyd
Size	244.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6b07f5c49ae2af116e4d41ce7d552451`
SHA1	`6339519c7247f08aea6a10190b5d61321dfa8714`
SHA256	`04afe789eab63d204337e9edabef1e1cd003db69d66dc2cf0fc9e9e7a47304a6`
CRC32	`747A0EEE`
ssdeep	`6144:1x8MAGUyuqHq+kVDTykdBIBm3ckL9qWMa3pLW1Ae4ZZ:jBUwHqrD/BIBFm9ZZ`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	2bfa63b823c54d6b_select.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\select.pyd
Size	28.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`fcacfa9c2694118ccc3cd6956949ce15`
SHA1	`e01aa8957f39133a4c77bbb03d1c3af5a5d9649b`
SHA256	`2bfa63b823c54d6b3c55dc17e446129fc02ca930d247abadbc7680f0f71d03a6`
CRC32	`FBE2ACC4`
ssdeep	`768:meS+FwhCBHq5mIBI17GIYiSyvL51JeES5U3:meS+ah+K5mIBI17GI7SyjjJ8G3`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	cdb8158dcf4f1051_python310.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\python310.dll
Size	4.3MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`342ba224fe440b585db4e9d2fc9f86cd`
SHA1	`bfa3d380231166f7c2603ca89a984a5cad9752ab`
SHA256	`cdb8158dcf4f10517bd73e1334fc354fd98180d4455f29e3df2b0aa699fa2432`
CRC32	`84867B0C`
ssdeep	`49152:/s2RTSieYuF0LVvfj1oeMvKDA6sKoDfU18BHPbRKQ4bLy7XmnDE5+fWqfJJ6JiTi:92FKIqZsKCfTIw26prGbrHSMfwSrzxYB`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ea081ee6fb196a5a_d93f411851d7c929.customDestinations-ms~RF382181.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF382181.TMP
Size	7.8KB
Processes	2628 (powershell.exe) 2316 (powershell.exe)
Type	data
MD5	`319a6a241aa6d0f88ea9ff522ce9373e`
SHA1	`6c82df052e8087d3279bc0fdff84de978a13782f`
SHA256	`ea081ee6fb196a5a68fa91390a9ed5bbfdd5ff88d57421f83e2e272de4e5ccfa`
CRC32	`AFAFC0D5`
ssdeep	`96:0tuCcBGCPDXBqvsqvJCwoxtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:0tCgXoxtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	661d18932dd84bb2_LICENSE.BSD Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\LICENSE.BSD
Size	1.5KB
Processes	800 (dc.exe)
Type	ASCII text, with CRLF line terminators
MD5	`07bff60d258208652df09d36f7f94844`
SHA1	`e37ec74cf1ec6b540a511ea75e04c3429db39c57`
SHA256	`661d18932dd84bb263a8ee418ab7774ed94eec33c83fd1db5b533f78eb774ca4`
CRC32	`C10537AF`
ssdeep	`48:NOWJbPrYJ0NCPiB432sVoY32s3EiP3tQHy:gWJbPrYJUNu3J3zVSS`
Yara	None matched
VirusTotal	Search for analysis

Name	10ea0c9c8b667a25_dqmfehr Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dqmfehr
Size	19.9KB
Processes	3032 (1.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`f18cdb271dadc491e7effecedcdf0f9a`
SHA1	`47cd4b64702ac4f301d1af9368139329e83fb467`
SHA256	`10ea0c9c8b667a25b6edc462ba32ca2260a805754f36a8266dd3b0c2f367a658`
CRC32	`C7180FE0`
ssdeep	`384:MvEsry+t+gAp++Q3xNuu/40iffbyfkVu4hjsvdZZ+:Mcq+INu8JrkLhjsvdZZ+`
Yara	Suspicious_Obfuscation_Script_2 - Suspicious obfuscation script (e.g. executable files)
VirusTotal	Search for analysis

Name	9e24c7b4604aa302_superfetch.exe Submit file
Filepath	C:\Windows\Tasks\Superfetch.exe
Size	1.6MB
Processes	2784 (migrate.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`362ffce5c7c480702a615f1847191f62`
SHA1	`75aceaea1dfba0735212c2ab5cafc49257927f73`
SHA256	`9e24c7b4604aa3022325b62154ac80dc76533fa96a3418d8e15d28c998fb9c53`
CRC32	`4A25A4D9`
ssdeep	`24576:kRaZROMOm8FN7TjsPnzt2heeRhQbJEOeamwdKJeSPu6bMo0E37O9ug+:ikxOm+7TjsPnztyDMmarwJJKZn`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c953db1f67bbd921__win32sysloader.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_win32sysloader.pyd
Size	14.5KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f9c9445be13026f8db777e2bbc26651d`
SHA1	`e1d58c30e94b00b32ad1e9b806465643f4afe980`
SHA256	`c953db1f67bbd92114531ff44ee4d76492fdd3cf608da57d5c04e4fe4fdd1b96`
CRC32	`D2576E1F`
ssdeep	`192:lGCm72PEO1jIUs0YqEcPbF55UgCWV4rofnbPmitE255qDLWn7ycLmrO/:8ardA0Bzx14r6nbN50W9/`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	8aa5cd82d775ea71__lzma.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_lzma.pyd
Size	154.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`fd4c7582bee16436bb3f790e1273eb22`
SHA1	`6d6850b03c5238fff6b53cb85f94eff965fa8992`
SHA256	`8aa5cd82d775ea718d3ddd270f0b28985d8711ef937447ee2168318200f0eb80`
CRC32	`354CC815`
ssdeep	`3072:T+sMZ4drcsAF5FRm1sznfI9mNoJapHVZKetI1e1Z70:T+sMAIt5hwYOJatKeG`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	583f6d20998e45ff__hashlib.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_hashlib.pyd
Size	60.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f883652e056ff4882e1bc900d382edab`
SHA1	`34f5d93eea4defe48135bf7000cce8cfa9e53eeb`
SHA256	`583f6d20998e45ff94400efaeecc4e17204449a0cc7ba68a20d1e8d13617f27b`
CRC32	`0DB85E3E`
ssdeep	`768:kSr5iGzcw1lJFWaqePkx6UZgL4dqzswE9+B1fFI15IIYiSyvFeEZQ:NxTlJFWaIx5ZbdqzOgB1fFI15II7SyNw`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c2ed0f2724aca6ce_LICENSE.PSF Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\LICENSE.PSF
Size	2.4KB
Processes	800 (dc.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`36f8d9bab4000e435033d3cdb2e85e9b`
SHA1	`003076b91d93233f389ab5db052c04386620bb76`
SHA256	`c2ed0f2724aca6cec716ce169fd22c91b79a21ff625c3725d5c71be1a7977430`
CRC32	`F87B14FE`
ssdeep	`48:xUXkp7vXkzpXFlYPXc/XFbwDt3XF2iDPGkvAuXF1f0T2sMtQVHiioTxmynXh2XFQ:KXwDXklHYPXaAt3ZSkYuyCQ4hTcynx26`
Yara	None matched
VirusTotal	Search for analysis

Name	50ac09332ff9d652_ru.bat Submit file
Filepath	C:\ProgramData\ru.bat
Size	32.0B
Processes	2668 (mig.exe)
Type	ASCII text, with no line terminators
MD5	`11e08b5abf3f1675f99c96f78c128b23`
SHA1	`40d6dd08262ef959328aec4dc5ed07532232037c`
SHA256	`50ac09332ff9d6521244b4f9cf6fd9cc489b3324ed1316e07f6a5904230397e7`
CRC32	`01E5D0EF`
ssdeep	`3:Ljn9GRVJRBJ8K:fkzjj`
Yara	None matched
VirusTotal	Search for analysis

Name	69bde73df2179d9a_d93f411851d7c929.customDestinations-ms~RF37ed81.TMP Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF37ed81.TMP
Size	7.8KB
Processes	2768 (powershell.exe) 2908 (powershell.exe)
Type	data
MD5	`131e0ad78b457f3d649f62d8f176f98a`
SHA1	`13858c965538a0b788e172e8c144717d80f1f649`
SHA256	`69bde73df2179d9a772ad35fde4b57233ecb2ec497fd6b12b4b7cea58ada93f9`
CRC32	`CBAA9754`
ssdeep	`96:ktuCcBGCPDXBqvsqvJCwoBtuCcBGCPDXBqvsEHyqvJCwor/47HwxGlUVul:ktCgXoBtCgbHnorLxY`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	ceebae7b8927a322_INSTALLER Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\INSTALLER
Size	4.0B
Processes	800 (dc.exe)
Type	ASCII text
MD5	`365c9bfeb7d89244f2ce01c1de44cb85`
SHA1	`d7a03141d5d6b1e88b6b59ef08b6681df212c599`
SHA256	`ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508`
CRC32	`C2971FC7`
ssdeep	`3:Mn:M`
Yara	None matched
VirusTotal	Search for analysis

Name	dc2df9ac0756b074_st.bat Submit file
Filepath	C:\ProgramData\st.bat
Size	4.2KB
Processes	2668 (mig.exe)
Type	DOS batch file, ASCII text, with CRLF line terminators
MD5	`dc437e9b2b38072a8c164f1eef87e20a`
SHA1	`851942f95439fe45122b652fb966769752756969`
SHA256	`dc2df9ac0756b07420e2ffd7694e97a6e07bd0332fab964661d4ebc253e00b2f`
CRC32	`309F1866`
ssdeep	`96:R3FaFWFeFzFRFzFZF1llxlflSl6lqlmllOqQYrsg8cQY7oM7o2oG:j+iaJ/J31llxlflSl6lqlUlnJHt`
Yara	Ave_Maria_Zero - Remote Access Trojan that is also called WARZONE RAT
VirusTotal	Search for analysis

Name	164f1bf42630b589__bz2.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_bz2.pyd
Size	81.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`183f1289e094220fbb2841918798598f`
SHA1	`e85072e38ab8ed17c13dd4c65dcf20ef8182672b`
SHA256	`164f1bf42630b589b50c8f0c6e55aaa8d817e439a00882be036fff3cbe8e6ded`
CRC32	`2712A0EA`
ssdeep	`1536:U4xz7q1pfcaq90kt86L9RP0Z0i8mjeVttI1tVQ7SyoV0:DxzGcLLHy0Vmj2tI1tVQGV0`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_3661953 Empty file or file not found
Filepath	c:\programdata\__tmp_rar_sfx_access_check_3661953
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	1758085a61527b42_VCRUNTIME140_1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\VCRUNTIME140_1.dll
Size	37.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`75e78e4bf561031d39f86143753400ff`
SHA1	`324c2a99e39f8992459495182677e91656a05206`
SHA256	`1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e`
CRC32	`90852C93`
ssdeep	`768:Xhh4pTUUtmUwqiu8oSRjez6SD7GkxZYj/9zLUr:xJ9x70GkxuZz2`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	de5f02716b7fa8be_cacert.pem Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\certifi\cacert.pem
Size	279.7KB
Processes	800 (dc.exe)
Type	ASCII text
MD5	`7adbcc03e8c4f261c08db67930ec6fdd`
SHA1	`edc6158964acc5999ed5413575dd9a650a6bcdb2`
SHA256	`de5f02716b7fa8be36d37d2b1a2783dd22ee7c80855f46d8b4684397f11754f2`
CRC32	`3EC495CC`
ssdeep	`6144:QW1H/M8f9R0mNplkXCRrwADwYCuMEigT/Q5MSRqNb7d8N:QWN/vRLNLWCRrBC5MWavdA`
Yara	None matched
VirusTotal	Search for analysis

Name	ac483d60a565cc9c_win32api.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\win32api.pyd
Size	130.5KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`00e5da545c6a4979a6577f8f091e85e1`
SHA1	`a31a2c85e272234584dacf36f405d102d9c43c05`
SHA256	`ac483d60a565cc9cbf91a6f37ea516b2162a45d255888d50fbbb7e5ff12086ee`
CRC32	`44457418`
ssdeep	`3072:l2J5loMoEg9enX4oD8cdf0nlRVFhLaNKP/IyymuqCyqJhe:cblovEgqXHdfqlRVlP/IyzCyy`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	6aba13f0635847a6_data.py Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\data.py
Size	577.0B
Processes	800 (dc.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3322b14644a6ef78bddb35d071eabeca`
SHA1	`3f58b4540fe053ad07a8d27dd870991933f23337`
SHA256	`6aba13f0635847a66d961b548ff80b1474aeb3e7142820b134795c4f5c367673`
CRC32	`8E69CE4E`
ssdeep	`6:g1gPkdaWgPkaDxtvlPkayxWaPkTsM5wPkbQqWPkbis0gPkNUVHvxnbPkLVwlPkde:gaOaWg/laxhYSTqWF4eKtbtlOe`
Yara	None matched
VirusTotal	Search for analysis

Name	e8de1a7393457e9c_LICENSE.APACHE Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\LICENSE.APACHE
Size	11.3KB
Processes	800 (dc.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d3dc5abbdbef739dcff4631c8026d71c`
SHA1	`dabfe012bf7944b938c95845769414c1d5fa8bb9`
SHA256	`e8de1a7393457e9c88768b78e6ba790622fbefb040ce48194c2cb0f1b6d4e9ff`
CRC32	`17CD46C8`
ssdeep	`192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SgfH2:k1u9b01DY/rGBt+dc+aclkT8Sg+`
Yara	None matched
VirusTotal	Search for analysis

Name	c8ec6429d243aef1_pywintypes310.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\pywin32_system32\pywintypes310.dll
Size	131.5KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ceb06a956b276cea73098d145fa64712`
SHA1	`6f0ba21f0325acc7cf6bf9f099d9a86470a786bf`
SHA256	`c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005`
CRC32	`44A4D90F`
ssdeep	`3072:DLVxziezwPZSMaAXpuuwNNDY/r06trfSsSYOejKVJBtGdI8hvnMu:HfziezwMMaAX2Y/rxjbOejKDBtG681n`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	2093e7e4f5359b38__cffi_backend.cp310-win_amd64.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_cffi_backend.cp310-win_amd64.pyd
Size	177.0KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6f1b90884343f717c5dc14f94ef5acea`
SHA1	`cca1a4dcf7a32bf698e75d58c5f130fb3572e423`
SHA256	`2093e7e4f5359b38f0819bdef8314fda332a1427f22e09afc416e1edd5910fe1`
CRC32	`16EF00CB`
ssdeep	`3072:fp5LZ3sgWSqjfy8dBbm/6WnUsHozssS7piSTLkKyS7TlSyQH:fptZ8gW9jrBbQnfIzLIiSTLLymlSy`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	b1b0a1f9c8903e2e_win32file.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\win32file.pyd
Size	140.0KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`d09207a5f23c943f911b5fc301bbe97a`
SHA1	`735c69217d80e1986c681b4b74629e79a3c95934`
SHA256	`b1b0a1f9c8903e2ec65b9d6a4ac746e72090db9a34f2a180b79769c9c5b15085`
CRC32	`16644508`
ssdeep	`3072:XkXeNNnoGygqaE7Byk+YXR4Ei1HPUb1+JybQhzacKG6t6BU:XkX8Nugqz7Byk+QRVi1vUbc0bCacu`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	24b6d7d89217c2e0_base_library.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\base_library.zip
Size	1.0MB
Processes	800 (dc.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`3b201d3178f7b1aedf7c6ccdafa648e6`
SHA1	`64fce313b57cff068a94e42e0af7a3e813ea5032`
SHA256	`24b6d7d89217c2e04ba7d69a6eef3d8e162a7089d3018e3c03d7e3718d8fe0ae`
CRC32	`0F178FDA`
ssdeep	`12288:mEHYKmIpWyxC6Sacpv8A4a2Y3xdaVwx/fpEtYrcLuR6O98SLMNII:mEHYoVxlLa2AiVwx/fpEtYMuR/9HMNII`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	28ef766146f78228_registry.pol Submit file
Filepath	C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Size	4.5KB
Processes	3032 (1.exe)
Type	data
MD5	`7e15fb09d71c52d26fc87aff66d1b2f4`
SHA1	`7edf3494fe4df190a4a795b1aa779c3c463b7406`
SHA256	`28ef766146f78228c0c522e2043fc41a516e8915f5747812b5bf8774b2ea315c`
CRC32	`25F07B78`
ssdeep	`96:6Qlw2wuwtPDfdP74nhvQUelh5KZVnNsNtCFfLH/Y067CcAzoioRoSJ:FlRRCDN74hvoD5KL0+fLfYT7CcAzXEPJ`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	976ce72efd0a8aee_libcrypto-1_1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\libcrypto-1_1.dll
Size	3.3MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6f4b8eb45a965372156086201207c81f`
SHA1	`8278f9539463f0a45009287f0516098cb7a15406`
SHA256	`976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541`
CRC32	`C804BB75`
ssdeep	`49152:8TKuk2CQIU6iV9OjPWgBqIVRIaEv5LY/RnQ2ETEvrPnkbsYNPsNwsML1CPwDv3u6:Vv+KRi5KsEKsY+NwsG1CPwDv3uFfJu`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d66c3b47091ceb3f_VCRUNTIME140.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\VCRUNTIME140.dll
Size	96.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`f12681a472b9dd04a812e16096514974`
SHA1	`6fd102eb3e0b0e6eef08118d71f28702d1a9067c`
SHA256	`d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8`
CRC32	`2CEDC91E`
ssdeep	`1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e06c4bd078f4690a_mfc140u.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\mfc140u.dll
Size	5.4MB
Processes	800 (dc.exe) 2784 (migrate.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`03a161718f1d5e41897236d48c91ae3c`
SHA1	`32b10eb46bafb9f81a402cb7eff4767418956bd4`
SHA256	`e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807`
CRC32	`212F84AF`
ssdeep	`49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	970c6bc0fab59117_LICENSE Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\LICENSE
Size	329.0B
Processes	800 (dc.exe)
Type	ASCII text, with CRLF line terminators
MD5	`8f65f43b29fea29d36a0e6e551cca681`
SHA1	`def52585ee54f0b8841a097b871abd5f5e94db10`
SHA256	`970c6bc0fab59117a0b65e9a6d5f787a991bebe82aff32a01c4e1a6e02f4e105`
CRC32	`77A48A73`
ssdeep	`6:h9Co8FMjkDYc5tWreLBF/fIKY2mHxXaASvUSBT5+FLkYjivW:h9aWjM/mrGz3IKZvUSBT5+Jxi+`
Yara	None matched
VirusTotal	Search for analysis

Name	f1f178feb065f7de_dc.exe Submit file
Filepath	C:\ProgramData\dc.exe
Size	12.6MB
Processes	2668 (mig.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a1dc3e2f998031a7c96685e6571f4f5f`
SHA1	`396c0dfc1af6b1084c1a6c882a3933954f7d6204`
SHA256	`f1f178feb065f7deedf19c4d29428eefb0632acdf4568e48e0067b466f77d15c`
CRC32	`63F843C0`
ssdeep	`196608:SjUOMYe3o5AeNp93S3IdQmRJ8dA6l10sKYu/PaQ8IkaqdVTLDuwY6f5nJbOnzzg:y6YPh8IdQusl7Q8IwdF5nJQXg`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	9ed7b87839e90c0d_config.json Submit file
Filepath	C:\Windows\Tasks\config.json
Size	5.8KB
Processes	2784 (migrate.exe)
Type	ASCII text
MD5	`7880d06443b31650de241ec82e0236dd`
SHA1	`05a226142ce19b6d9611c4795a479df4888ef908`
SHA256	`9ed7b87839e90c0d67ed45e8a28fe9f97dc83b78c21db4be5abd2bab22a610c3`
CRC32	`E6222991`
ssdeep	`96:CtWTGyHTrTb1DoCIjYkL6fJuUurujuQoXckoXTDkL9RqDp:LhbBoCIjYkL0JuUurujuP8TDkLQ`
Yara	None matched
VirusTotal	Search for analysis

Name	b557bcf5813fb331_wrap.exe Submit file
Filepath	C:\Windows\Tasks\Wrap.exe
Size	362.5KB
Processes	2784 (migrate.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`31c9618afea9775dfa582903a4cf9f04`
SHA1	`95cf1ef9958cc15c5cea6a13d506602bcdd22d7f`
SHA256	`b557bcf5813fb331106df4f477a1acd30421554d6960cfff9bedca9d622124d5`
CRC32	`954126CE`
ssdeep	`6144:umCYYQQf7AtHFFrZPzGa+oh8pXDtkRrCK1vHkk:uzYKMzv+oipRkh`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	4d4b972bd4b1d2be__rust.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography\hazmat\bindings\_rust.pyd
Size	1.6MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`308d199b6229643266491f9c6b928a13`
SHA1	`824f8b8091f423e2ad8e53e80686f2cc91082dd7`
SHA256	`4d4b972bd4b1d2befe59693c1bc5bcf9640e557cd040e82660ab50ff274299ce`
CRC32	`D609213B`
ssdeep	`24576:BQj3frnOpIB7QkHUSLM2+zkuwTC671h3tiiQ:BQbCpIBtHhLM2+VwRjv`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ee453723d8d98c85_migrate.exe Submit file
Filepath	C:\ProgramData\migrate.exe
Size	5.5MB
Processes	2668 (mig.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e06e6946ea0c914371ed166f1981cef2`
SHA1	`77edd32104ae8622e568d1bf401ea24365a672e4`
SHA256	`ee453723d8d98c854502d6c399e03195ba42863aea7edee132f4479413d161aa`
CRC32	`E698081D`
ssdeep	`98304:a9zs5obybdk5MKErCyUlzrvehIQPvNG5qHhPez+80n7U0VUt1:+TObIMTrCjpDetjBGz3u7lS1`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	d2035580da742297_applicationsframehost.exe Submit file
Filepath	C:\Windows\Tasks\ApplicationsFrameHost.exe
Size	5.4MB
Processes	2784 (migrate.exe) 800 (dc.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`de1ffe2d96556388fe8708bacf2459fd`
SHA1	`e08c9e77c9c93f44ebcc18b961eb47070bc1849c`
SHA256	`d2035580da7422971bf7b8f16b9fed3bf5a75ee6f91a9c3a3e3752dc5fd53821`
CRC32	`D5F8088F`
ssdeep	`98304:24L0p4ujUd/aUIHX6M3yIlq/SrbQMIRuBrOy89F4mTC/cZD6Y33V:D64uj5QMIABrCF4mWMeY3F`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature CoinMiner_IN - CoinMiner
VirusTotal	Search for analysis

Name	2aebb73530d21a22_libssl-1_1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\libssl-1_1.dll
Size	686.3KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`8769adafca3a6fc6ef26f01fd31afa84`
SHA1	`38baef74bdd2e941ccd321f91bfd49dacc6a3cb6`
SHA256	`2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071`
CRC32	`A98753BC`
ssdeep	`12288:UUnBMlBGdU/t0voUYHgqRJd7a7+JLvrfX7bOI8Fp0D6WuHU2lvzR:UN/t0vMnffOI8Fp0D6TU2lvzR`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a84f488f2ae2a742_unicodedata.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\unicodedata.pyd
Size	1.1MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1218db005c9c809ab151e3fc15f4c41e`
SHA1	`e53cd5c9a4e39ed30e871aea0aef67294cbf4130`
SHA256	`a84f488f2ae2a74268da36bd8c3fe7b6e8d2b9b89a3c99f5173a827a8ddca2f4`
CRC32	`0A7F646C`
ssdeep	`12288:ucYYMmuZ63NeQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uztg:bYYuBZV0m8wMMREtV6Vo4uYztg`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	713120bac7807f6f_intelconfigservice.exe Submit file
Filepath	C:\Windows\Tasks\IntelConfigService.exe
Size	1.8MB
Processes	2784 (migrate.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`58e4115267b276452edc1f541e3a8198`
SHA1	`ec40b6cce5c9a835563c17da81997e8010ac9cad`
SHA256	`713120bac7807f6fc0a6050135556c0614a66be2fb476cfe163877f3d03b4d08`
CRC32	`5362AA6B`
ssdeep	`49152:CkxOm+7TjsPnztyDMma7hZX228vo41ZUKZn:CJotyDIX228vo41Zt`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	f60dd9f2fcbd4956_libffi-7.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\libffi-7.dll
Size	32.0KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`eef7981412be8ea459064d3090f4b3aa`
SHA1	`c60da4830ce27afc234b3c3014c583f7f0a5a925`
SHA256	`f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081`
CRC32	`15C221B3`
ssdeep	`384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c6d4f9c54efe7536__queue.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_queue.pyd
Size	29.9KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1ac1d8599977b0731665ba01e946f481`
SHA1	`a90181902acd3262920f1e7f11d030cd086d57c7`
SHA256	`c6d4f9c54efe7536bba4f9a2a4e7da46c5af74771ea2fa881287c61db9676986`
CRC32	`27C375C0`
ssdeep	`768:9ez/DFt6r35krAIeBI17UzYiSyvIeEuhC:9eDG35krAIeBI17Uz7SyAghC`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ef97e76d44a88f7c__openssl.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography\hazmat\bindings\_openssl.pyd
Size	3.8MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c13cd7eaa142967f046b9d946c13f440`
SHA1	`c93f916166e336a22c2468ad7d4bdfad3587eb30`
SHA256	`ef97e76d44a88f7c6b3fff9bee09ef265e709694d3662730edf38670442f69e7`
CRC32	`B9A163F4`
ssdeep	`49152:SIU6ivNGtlqoVwASOneQxcSy4gmQER1k/V32MWSAypuHRoUasrCWdS49uWsWxuOd:V+QeX52MWp9eFsrFpoqjbUQJ`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	1670a91ec9d1bf2a_mstask.exe Submit file
Filepath	C:\Windows\Tasks\MSTask.exe
Size	4.1MB
Processes	2784 (migrate.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`815ac943fb14eb69d059299c89136de3`
SHA1	`c4cedd22bf42f46da0dd19f57e0859554c5898e1`
SHA256	`1670a91ec9d1bf2a75378d3c56c36a069ad628adbd6c8c6d3dd31691a1ca4c4d`
CRC32	`83BD3DF2`
ssdeep	`49152:Z5Rhgha1CvEYmAn42jPwkFdy3fLpFm5h+lFxWvJ4pjHZ3RXb0CGJa:Z7X1EjGW5h+cvJk5lUJ`
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library anti_vm_detect - Possibly employs anti-virtualization techniques Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	147b080ceb8dfd6d__ctypes.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_ctypes.pyd
Size	119.9KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9872a3aeee09cf796a1190b610cf0a54`
SHA1	`9d9eaba3946f4ea8b26e952586c01b9bd8395693`
SHA256	`147b080ceb8dfd6df865570addba3864659adef4b85a20b750f3ca6735c4bf1b`
CRC32	`A2A5253E`
ssdeep	`3072:DQxtbmWe9Ye3ehG+2Et7MqfrSB08EficBI1QPsR7Q:DQxKOhGBEtgqfrSpEfic3`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	644c9745d1d2f679_wmiic.exe Submit file
Filepath	C:\Windows\Tasks\Wmiic.exe
Size	365.0KB
Processes	2784 (migrate.exe)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`a18bfe142f059fdb5c041a310339d4fd`
SHA1	`8ab2b0ddc897603344de8f1d4cc01af118a0c543`
SHA256	`644c9745d1d2f679db73fcb717dd37e180e19d5b0fc74575e4cefe4f543f2768`
CRC32	`C79B435E`
ssdeep	`6144:OI6VyDGb+HiFr4kchE18dkuCj7jLwcYBQkMH9O1BNI/H9O1BNIgqH9O1BNIVH9Oa:OIJDGb+Hiu9hE18dkxfCMo7I/o7Igqok`
Yara	Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	28d693f929f62b8b_top_level.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\top_level.txt
Size	13.0B
Processes	800 (dc.exe)
Type	ASCII text
MD5	`e7274bd06ff93210298e7117d11ea631`
SHA1	`7132c9ec1fd99924d658cc672f3afe98afefab8a`
SHA256	`28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97`
CRC32	`3CE4B7A0`
ssdeep	`3:cOv:Nv`
Yara	None matched
VirusTotal	Search for analysis

Name	3d1c66bdcb4fa0b8__bcrypt.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\bcrypt\_bcrypt.pyd
Size	294.5KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`03ef5e8da65667751e1fd3fa0c182d3e`
SHA1	`4608d1efca23143006c1338deda144a2f3bb8a16`
SHA256	`3d1c66bdcb4fa0b8e917895e1b4d62ee14260eaa1bd6fe908877c47585ec6127`
CRC32	`8FBDDEA0`
ssdeep	`6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c5ad56e205530780_win32trace.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\win32trace.pyd
Size	23.0KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b291adab2446da62f93369a0dd662076`
SHA1	`a6b6c1054c1f511c64aefb5f6c031afe553e70f0`
SHA256	`c5ad56e205530780326bd1081e94b212c65082b58e0f69788e3dc60effbd6410`
CRC32	`EF5F65D5`
ssdeep	`384:peeH8ZmV+zknwMsADuVLw0T8DmrRl2j9BfEAZnpC9QJQ1BA:5+zi/uVDS9dl6pB`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	c3b33ba6c4f64615_pythoncom310.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\pywin32_system32\pythoncom310.dll
Size	653.5KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`65dd753f51cd492211986e7b700983ef`
SHA1	`f5b469ec29a4be76bc479b2219202f7d25a261e2`
SHA256	`c3b33ba6c4f646151aed4172562309d9f44a83858ddfd84b2d894a8b7da72b1e`
CRC32	`002E0F77`
ssdeep	`6144:zxxMpraRSS9Y68EuBPjIQN5cJzS7bUxgyPxFMH0PIXY3dVVVVAuLpdorrcK/CXjW:zxxMZMX1bQIJO7bazPEQSYNBLpdwNu`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	280e5ccacd1622f6_run.bat Submit file
Filepath	C:\Windows\Tasks\run.bat
Size	338.0B
Processes	2784 (migrate.exe)
Type	ASCII text, with CRLF line terminators
MD5	`20a377ca25c7fcdff75b3720ba83e11c`
SHA1	`ad3ceb92df33714c7d3f517a77b1086797d72c47`
SHA256	`280e5ccacd1622f61cfd675f4ae1204790bd5aea648d0e51145d01a772d792ad`
CRC32	`847BFB6F`
ssdeep	`6:/8Vc5CPOI+SL1fooTDE3Ili2Z/QG0J96yto1fooTDE3I7Gto/oNbGKvKLI8:snPOHqfoCE3ot0JUyqfoCE3tt2siNL`
Yara	None matched
VirusTotal	Search for analysis

Name	09fdf00110acfa4c__ssl.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_ssl.pyd
Size	155.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`955b117ae363945352c6ba5a18163736`
SHA1	`0b85d366b38120157e65f5a19551c42569b1a6f5`
SHA256	`09fdf00110acfa4c3239de64d7955a625195625745559432a13e97c9d0e01368`
CRC32	`4CCF5F94`
ssdeep	`3072:8OoLGtbSpE3z/J/PUETu/e5J2oEPwu3rE923+nuI5Piev9mutI1t7haV:8OoitbSpE3zhH5u/oE8nuaF9mu5`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	11bd2c9f9e2397c9_winring0x64.sys Submit file
Filepath	C:\Windows\Tasks\WinRing0x64.sys
Size	14.2KB
Processes	2784 (migrate.exe)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`0c0195c48b6b8582fa6f6373032118da`
SHA1	`d25340ae8e92a6d29f599fef426a2bc1b5217299`
SHA256	`11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5`
CRC32	`6B0323EB`
ssdeep	`192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	15b1158d806de140_curl.exe Submit file
Filepath	C:\ProgramData\curl.exe
Size	5.2MB
Processes	2668 (mig.exe)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`104023cef829fce3e34bf1514daff629`
SHA1	`b6e7b949109298ec7ff1aa64404a859b5b41ccae`
SHA256	`15b1158d806de14013fdc3f0e81dca725481d2393249994a122c0a70721ae9f5`
CRC32	`860E015C`
ssdeep	`98304:sZAOsqvbnypxMKKzxrirSL+7goHUs5YrZDv:BqvbnI2uIVo/5Yrxv`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	9ba1bb43a64a0ce5_METADATA Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\METADATA
Size	5.2KB
Processes	800 (dc.exe)
Type	ASCII text
MD5	`b26fe81afeb3ccb95f014f97d68597bf`
SHA1	`0014f95aa735a36ca9815a08341fd9393dfddf2c`
SHA256	`9ba1bb43a64a0ce5083c6a62077a7509d47c0bc5c8aba09d1cb3a98f309962ff`
CRC32	`922B4C57`
ssdeep	`96:DD5VUvQIUQIhQIKQILbQIRIaMmPktjxsx5nv1AnivAEYaCjF0ErDmpklE2jQecwc:QYcPuPfsBvunivAEYaCjF0ErDmpklE2e`
Yara	None matched
VirusTotal	Search for analysis

Name	82fc45243160de81_python3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\python3.dll
Size	63.4KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`4d9aacd447860f04a8f29472860a8362`
SHA1	`b0e8f5640c7b01c5eb3671d725c450bad9d4ca62`
SHA256	`82fc45243160de816b82c1c0412437bd677f0d1e53088416555a6e9e889734e9`
CRC32	`8DFD4093`
ssdeep	`768:1Kk8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJh:skwewnvtjnsfwcBI1Q0v7SyUi`
Yara	UPX_Zero - UPX packed file IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	5161a16217b9d8b9_1.exe Submit file
Filepath	C:\ProgramData\1.exe
Size	775.9KB
Processes	2668 (mig.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0442a8479aa5f19dd5a64ddfd677b9f8`
SHA1	`fa003104e8e8e6646049a49bd517224ba34ac4b6`
SHA256	`5161a16217b9d8b9817ad1f6e1020e2eb625bbd6ccf82fbf9423077d0c966aa0`
CRC32	`4621F21B`
ssdeep	`12288:CaWzgMg7v3qnCiPErQohh0F4uCJ8lnyFQp9QudhzYOeoNTdVmoCihEa:taHMv6CrrjSnyFQc+eoBdVmoCeR`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	be7918b4f7e7de53_win32ui.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\win32ui.pyd
Size	1.1MB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b505e88eb8995c2ec46129fb4b389e6c`
SHA1	`cbfa8650730cbf6c07f5ed37b0744d983abfe50a`
SHA256	`be7918b4f7e7de53674894a4b8cfadcacb4726cea39b7db477a6c70231c41790`
CRC32	`4B2CECA1`
ssdeep	`12288:cLokSyhffpJSf6VJtHUR2L2mVSvya6Lx15IQnpKTlYcf9WBo:cLok/pXJdUzOSMx15dcTlYiK`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE64 - (no description) Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	8a3e46233c6e36c3_aut375.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\aut375.tmp
Size	4.5KB
Processes	3032 (1.exe)
Type	data
MD5	`548eb787e90beae151893c0916dd083f`
SHA1	`2bddc7306d317e14e4716e0d90a6586618d42702`
SHA256	`8a3e46233c6e36c3a6fbc57449aae8960b9c1db34230e637aced6767395becfc`
CRC32	`193559B4`
ssdeep	`96:eaujWhGHJldyImBiLlM4WYmxwTPiCwo8wKZ2pFnypMA6tCC/:CWMHJldySBMFxw2Cw5RZ2Dnyavb/`
Yara	None matched
VirusTotal	Search for analysis

Name	9d80925b9a7cb4bc_WHEEL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\WHEEL
Size	100.0B
Processes	800 (dc.exe)
Type	ASCII text
MD5	`fd7c45a29f7b2371e832f4d0a8b2db64`
SHA1	`d2227c6f4cd8a948e4a4ca6bf2592e9700383eb1`
SHA256	`9d80925b9a7cb4bc8353ec1baa8dee4650a5b80cf0c4b9b2c912b6a55b38f808`
CRC32	`545659A7`
ssdeep	`3:RtEeX7MWcSlViZHKRRP+tkKc5vKQLn:RtBMwlViojWK/SQLn`
Yara	None matched
VirusTotal	Search for analysis

Name	8efdbacf67c223f4__socket.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\_socket.pyd
Size	75.9KB
Processes	800 (dc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f73b9863071fb3088c08605f76b8e909`
SHA1	`e74bc96f45e1e0c283a93dc1a07e497cf724ff55`
SHA256	`8efdbacf67c223f47b608e57222cf80dd12cee163945847f6cfa9ea6c26ada36`
CRC32	`24726BD4`
ssdeep	`1536:cjYndNP4/Iujm9/s+S+psE2i8k/DDzCfiBI1QwO7Sy2/A:mYnrP4wujm9/sT+psE2fk/XGfiBI1QwM`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	974661971caac466_RECORD Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI8002\cryptography-38.0.3.dist-info\RECORD
Size	15.4KB
Processes	800 (dc.exe)
Type	ASCII text, with CRLF line terminators
MD5	`61755883acb101ab0f347f01bcdcad58`
SHA1	`09074ae77861da646b4374795c23e769f6dfe308`
SHA256	`974661971caac4665d751e730e7d3ab0912a05687fa826e0bdfc398b3da07a21`
CRC32	`7FB4D855`
ssdeep	`384:bXFMbd9BxJx0sjzarMo4Oy3W1HepPNyZqBDLgQ:b6bLBV6qDh`
Yara	None matched
VirusTotal	Search for analysis