Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.22 04:09
2.exe
09.21 02:09
random.exe
09.21 02:09
sdhsfd.exe
09.21 02:09
66edb89bc4073_crypted....
09.21 02:09
66ed33772bbe7_vdfhsjf1...
09.21 02:09
game.exe
09.21 02:09
66ebb3bf78bd6_Send.exe...
09.21 02:09
66ed33717e4c1_vfdshfda...
09.21 02:09
random.exe
09.21 02:09
66ed336eac985_vdfhssfd...

Latest News
09.22 08:09
Biden Administration t...
09.22 08:09
IT Sicherheitsnews tae...
09.22 07:09
September 22, 2024
09.22 06:09
Cards Against Humanity...
09.22 05:09
Linux, Now In Real Time
09.22 04:09
Was können Roboter wir...
09.22 04:09
Schluss mit Basis-Auth...
09.22 04:09
Deutsches Jugendherber...
09.22 02:09
Learn How to Dissect B...
09.22 02:09
Jumperless Breadboard ...

Dropped Files | ZeroBOX

Name	984575c44cab17d4_system.io.filesystem.driveinfo.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.FileSystem.DriveInfo.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2fcb2158fc41d97e2bb71953664b99b9`
SHA1	`16eb49afca84c9e6160b4e5b36f1ec5c98470c86`
SHA256	`984575c44cab17d46587af6cc8c22c409b79bec280fd771e6af93a0a0c20e5b0`
CRC32	`A9E33BDC`
ssdeep	`384:uKcuz1W1cWW+109m0GftpBjFGAaQHRN7PlBLY6fJ:6u8AVi5LvYc`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4dc8d588ec63641c_system.threading.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`11d674cfc81b7102c0bc6ffe58f6ac5e`
SHA1	`ddda49572d112944ec9ab62b31959aa93a386618`
SHA256	`4dc8d588ec63641c28422d648e8de5e2c030eb7afec2071a99dd3bd9a204557f`
CRC32	`96FB2E6D`
ssdeep	`384:E6xWA3W4aW/NWtvT1Dm0GftpBjHaQHRN7TqidlZ30F:EaBk1DViFLTquO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	63aaf632ee7f3bc8_system.reflection.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Reflection.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1a3da139180e9fab380033d8d1fe3995`
SHA1	`3ca31de7f0f0784559e5a73ebd0efb42c34d18fc`
SHA256	`63aaf632ee7f3bc852c4d71c742cf1d26f18f784f6c89113e056b2599ba8f514`
CRC32	`A6ECEE76`
ssdeep	`384:oxDHKWAMWU+109m0GftpBjyi/aszaQHRN7RldBoQAY1:QD8GVirBzLDoJY1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d0d90152136a0acf_system.net.security.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Security.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8d00682e84d1d773d2160b63c0380ba6`
SHA1	`5e4158533532a27e03d0ccc9a0af5e89fffd8637`
SHA256	`d0d90152136a0acf340fb345098f2e5c718bb13f3b5a809d7be4d9948b8574d4`
CRC32	`FBE3C343`
ssdeep	`384:KdW1w3WesWoC7Bm0GftpBjWG1aQHRN7sl78oSwDnujJ:f1wxvVi11LWawS`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	72b10a7d404778fe_system.buffers.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Buffers.dll
Size	27.6KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a65596a77e2e206a84237ece6ab21a1f`
SHA1	`bac34c8a68c12051c6f5395c5a759d7ab519a8ba`
SHA256	`72b10a7d404778fed460f3ff0204cf7e81a8a5a79c99132821928b63f6ae99cb`
CRC32	`2DCFCFE7`
ssdeep	`384:H1IwSyJfREPFp/yXOTF7ZWYYWmDNIam0GftpBjnaQHRN7uCgfl3:HFRJWPLaXuwDNViVLu`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	03fe0f0288362630_windowsformsapp3.pdb Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\WindowsFormsApp3.pdb
Size	41.5KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	MSVC program database ver 7.00, 512*83 bytes
MD5	`1c278dc2dcf58786016e2cdc9f3c1202`
SHA1	`7d18ff58832daeeb4b467d367b59d8b04b7502c4`
SHA256	`03fe0f028836263052adc88ee25e82d9800722bb098fb31e2317c85c0b376dfa`
CRC32	`25070FB9`
ssdeep	`768:M5x5T5F5R57JVBE6CU9IvGvK25m5P5d5+5j5HU9IsGvK25lt5d5+5g5j5:M5x5T5F5R597E6CU9IvGvK25m5P5d5+n`
Yara	None matched
VirusTotal	Search for analysis

Name	86f1f12e47f26098_system.io.unmanagedmemorystream.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.UnmanagedMemoryStream.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d74405753f829e75e89bba5ebc296112`
SHA1	`474944856db781a34796bfcce18ecd4580275ad1`
SHA256	`86f1f12e47f260985b08bb966598123578eb5e48bef9bb086f04e16e9d53bb32`
CRC32	`80F24596`
ssdeep	`384:sBhwI7WSQWfTwm0GftpBjGaQHRN7SRalgaGn7x:sDwIBxwVi0L3Gd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	99920ce34a01a0c0_system.net.websockets.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.WebSockets.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2e6378feaeee2f745417fc025c7850f9`
SHA1	`e0fad5ef75676b2ed7cf155af6602b867fced041`
SHA256	`99920ce34a01a0c07efd86d6e134bb401993515d001b7567a4116ad222993a63`
CRC32	`E5E8BE61`
ssdeep	`384:YGETSAWUEWB+109m0GftpBjkOaQHRN7El3uVogD5R:OT1TViCOLvV7D3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9c4ae61e0e836576_system.diagnostics.contracts.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.Contracts.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`99373ab10858746aad424f28b48277f5`
SHA1	`5042ee630a6c7c2986e8323a14d052c1d83b6f61`
SHA256	`9c4ae61e0e8365762efe3d34c5595029f2c12e0079e6070720e2cef0882c84e5`
CRC32	`7962F210`
ssdeep	`384:8RtRWjYWYvT1Dm0GftpBjaGaQHRN77TlgaGn73:+i61DViUGLHG7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	7c25a74772e13525_system.diagnostics.fileversioninfo.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.FileVersionInfo.dll
Size	20.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0d9a641105098d642567b22101a4de0b`
SHA1	`12419c25d1c2eb706a4e4e649ee353ceda7446a9`
SHA256	`7c25a74772e135257235640a0264ddc05235e14f3627896cfe735e9955155f83`
CRC32	`61FB1D47`
ssdeep	`384:m6oWJjWlC7Bm0GftpBjJeiaQHRN7t2H9lO62gHcXq:m6vpVi+iLtecg8a`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	69b48ff8e6f40b84_system.net.webheadercollection.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.WebHeaderCollection.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7da1fee108a0750f47b70f25fe2cc55a`
SHA1	`6523838ef4aab39d0d3c0df11c28ada449edd592`
SHA256	`69b48ff8e6f40b84cdddb95bcdbb34e1184a2e29cb4ccc0fc9f1a2493648ee37`
CRC32	`18826A65`
ssdeep	`384:5HPAW1bW4QBm0GftpBjzuGRaQHRN7dlxBGD:1rmViFL3M`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4d97e8481b9a2704_system.net.ping.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Ping.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2a459c2c395f54352a16de4aa0e5407f`
SHA1	`1ba9ecc598e170d779ceb290163ac88e6993935f`
SHA256	`4d97e8481b9a27042bb903245625735d82ff627c66797de619303c1e705d0d6a`
CRC32	`A19EFF98`
ssdeep	`384:AdSWSKW5R4Xm0GftpBjBaQHRN77OlGinGEwK:+Of4XViHL7asK`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c81a57d0634c462a_system.diagnostics.tracesource.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.TraceSource.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`37be4cce0ed037f8d9a7a3940bd2a2e1`
SHA1	`96314ec1a59e4bb53c5b609bf79ad4c998a7a988`
SHA256	`c81a57d0634c462a6cf49844059e9b170f650ccdf0789519ffd4ae7d28e2718d`
CRC32	`8D46F5FE`
ssdeep	`384:K8IZnWlNWM+109m0GftpBjBPaQHRN7401lTZVkAa:xUynViXPLrbZVs`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9a8ba725f8e953c9_system.net.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Primitives.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`562f67001889cdbc2531947636418ee5`
SHA1	`b219dd45550762b54dab46533d489c4755f55e0e`
SHA256	`9a8ba725f8e953c933285065228a9409036f9137d03016b127ccea8a19452466`
CRC32	`8AF21887`
ssdeep	`384:CJEYA2WkIWVvT1Dm0GftpBj/WaQHRN7glBLY6fI:CyYA8r1DViVWL8YF`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b755d0b55a465d07_system.security.cryptography.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Cryptography.Primitives.dll
Size	21.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a60084f9988c7907f7092c143c8d3818`
SHA1	`a69238054bee26063d32b85b797bc4e0c49f79d4`
SHA256	`b755d0b55a465d07c9dd3fc11822487d1e649b684aef91a4ce9b935b416a01b9`
CRC32	`6DDF5344`
ssdeep	`384:jQH/JWKpWNvT1Dm0GftpBjjaQHRN7/lO62gHcXv:jQH/jw1DVilLeg8f`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d331edf349a4cf81_microsoft.extensions.logging.abstractions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Microsoft.Extensions.Logging.Abstractions.dll
Size	42.5KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`73bf8e0f455668d5bc6dca8dbc2750d2`
SHA1	`8a8d6fd46b2b7fd4f64930077a5d7c575002b024`
SHA256	`d331edf349a4cf8173b29da9bf30101791f94c63cf68a68da0ee9328f8704b98`
CRC32	`A4E8BF39`
ssdeep	`384:9Th+ZmwJbbrvWmduB2jsXaryi67Gol4sPWW1PBMV5uCCazHjzgDtYEp8trBcriFn:9Th+8G3rK2asF67G/2Pi1E0wi7qEBvx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	566775f5502c3c1f_system.security.cryptography.csp.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Cryptography.Csp.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f554762fc38f81cb22d1dc8ab5cd40d5`
SHA1	`a67fdaceb10e828805a9e24fe0c59e1d73d19a7c`
SHA256	`566775f5502c3c1fa70acade145293df5d02c1a9f031820d429605e9b4584b44`
CRC32	`2985B62B`
ssdeep	`384:pTI2pWPzW8vT1Dm0GftpBjFQaQHRN7vlgaGn7s:pE3L1DViEL3G4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9a4595dbb128e2d8_system.io.filesystem.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.FileSystem.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bfceb4faca75681137455cd70f8038b6`
SHA1	`bfa0e27be1d56ba48918a9b7ca7090af7779a10e`
SHA256	`9a4595dbb128e2d8f373b3ac45478e7131f4d181b50ec821ec8cb88bd46bd5b8`
CRC32	`5B511852`
ssdeep	`384:9BLRWbYW+f+109m0GftpBjPIuaQHRN7RlgaGn7c:9B20zViFIuLxGQ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	f17ff442b77a6cfe_system.threading.overlapped.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.Overlapped.dll
Size	36.9KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1a890c488cf2ecd406b804e7e3c5b7f0`
SHA1	`bf2c1287f0ec04223cd17fe20ab2ecfff18579e3`
SHA256	`f17ff442b77a6cfe9c118d2f8fae1ab6c814a0d4f35c5844996be84f3fcc8592`
CRC32	`450A7EDF`
ssdeep	`768:ou5I+sqOylryry8qqIfUc7a5oUVi1vLFss:oYIVBpry8qqIfUcm5vVgDSs`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0ab1f7f87b7c2afc_system.text.encoding.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Text.Encoding.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7f65ccbf58c39f3853bb8dc4137dfd12`
SHA1	`3946dff0b68f0ca01689bd44c348559adf548258`
SHA256	`0ab1f7f87b7c2afca57d394e4f4e262c82ba3209cb0a750cd66401fb33f21eca`
CRC32	`335E1025`
ssdeep	`384:UNyW7TWpvT1Dm0GftpBj6jaQHRN7hlGinGErW:ufi1DViGLpfW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	19766a20b62b038a_system.net.websockets.client.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.WebSockets.Client.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e06bae626965fbdb0bae5437498b5155`
SHA1	`49392f58be6f5c97c5de59bfc44f9cfcbe1e5dd7`
SHA256	`19766a20b62b038abc3e863f2d6e7b55fabee4d9cbcad3eb1d7bd3ebfe8d023a`
CRC32	`DFDCF32C`
ssdeep	`384:MNoqWD7W6QBm0GftpBjig+aQHRN7Ml3uVogS/:MNofkViOLXV7S/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	daaabd07f1b94be1_system.resources.writer.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Resources.Writer.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`05d1b950c470ea8b0aa357f9a59cf264`
SHA1	`b1756dc750ed5cfd5d0bfc70cb899fd590867a0c`
SHA256	`daaabd07f1b94be19d72913360286e469f454886850afcc603506eaab03150e4`
CRC32	`20A15703`
ssdeep	`384:XLnfIWqrW0QBm0GftpBjTUFSNaQHRN7G1lBLY6f5vB:XDf4WVih8OLGNYIvB`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	80a229b2917fc3a5_system.io.pipes.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.Pipes.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`58a2e5ac0510b9223236b9317c505b58`
SHA1	`a00954217ca326c54a863d451820263a6d7ee1af`
SHA256	`80a229b2917fc3a5d941ff9745a6be0065028afdf9509300410d2721c71f1198`
CRC32	`A9A4BEE3`
ssdeep	`384:3GMWCUWm+109m0GftpBjG6VVaQHRN7Utl3uVog4a:33cVi0OVLUOV73`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	16e7efd6c19b2e3e_system.runtime.numerics.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Numerics.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6ccca0ba6a7b9caf8b8d3b0287dbed8b`
SHA1	`b81ff87b407578efbf184bdc10d0f101610379db`
SHA256	`16e7efd6c19b2e3e516ae1bc7b3175d0e22f1ad357701f229e353da348eee182`
CRC32	`77D6CB35`
ssdeep	`384:27W6RWDvT1Dm0GftpBjhvPaQHRN7VwXldBoQAYd:25K1DViXHLVyoJYd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c9e2562f1a1b86ac_system.io.filesystem.watcher.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.FileSystem.Watcher.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3772a3a7e55178ec90ecb607aba28511`
SHA1	`68c240d1a43de1678ef13107b9300c544e9d5e4e`
SHA256	`c9e2562f1a1b86acdb6957cf916aced9c4f8b71ebb16dfa0050252146205ad37`
CRC32	`FCC2D864`
ssdeep	`384:fAWzgWw+109m0GftpBjeQKaQHRN7Z0lO62gHcXC:ftCVisdLzg8S`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	557858e44a51a746_system.runtime.serialization.xml.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Serialization.Xml.dll
Size	24.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9087373eee85190daf8915e614b1e4bd`
SHA1	`f434af8ce30eaf5511e28c0230211f0d8ed4a154`
SHA256	`557858e44a51a74646ad07a85cba56af1da13ad26ac2f74ee5d8c3e8a171c221`
CRC32	`EF50F556`
ssdeep	`768:EsPMQMI8COYyi4oBNw4tB8ngViK+QLc7LGS:vPMQMxCO4xJV86+GS`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	5e61d755616cb105_system.componentmodel.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ComponentModel.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`632cc8ad69b76fd9bb5847de1e1439f7`
SHA1	`2e32d50ec33ec6635681485b754f4e58d434a5ee`
SHA256	`5e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479`
CRC32	`2BB490D4`
ssdeep	`384:HT+6ywnVvW0LWqvT1Dm0GftpBj+XaQHRN7qn0lTZVk0N:H9911DViYLqeZVdN`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	27d1a8c1417f018b_fake bitcoin sender by kali hax.exe Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Fake Bitcoin Sender by KaLi HaX.exe
Size	585.5KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`88f3a3e207cd7bd90b509cd0cd8ac993`
SHA1	`1d06e1284f74659bb1af349e493363ab6dbdfb8c`
SHA256	`27d1a8c1417f018bff9687fe79de9dae6f75237e91df8e35e2b25028e7110ceb`
CRC32	`8B1F31E0`
ssdeep	`12288:d0QEl1ay36qfme13EJc40QEl12ya6bel:alIEXfnSJcBl4zWe`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	b5d20736f84f335e_system.net.http.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Http.dll
Size	193.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`665e355cbed5fe5f7bebc3cb23e68649`
SHA1	`1c2cefafba48ba7aaab746f660debd34f2f4b14c`
SHA256	`b5d20736f84f335ef4c918a5ba41c3a0d7189397c71b166ccc6c342427a94ece`
CRC32	`841D830E`
ssdeep	`3072:HeruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgEQ4:aW60VcTvakcXcApOW4`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9dc115ac4aadd6a9_system.appcontext.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.AppContext.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8cc4c7dfeb41b6c227488ce52d1a8e74`
SHA1	`93702135db0646b893babe030bd8dc15549ff0c2`
SHA256	`9dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39`
CRC32	`D8C605D3`
ssdeep	`384:uDNxWQFW5+109m0GftpBj9yaQHRN7SAl78oSwDnu/L:uDNV+Vi+LSyaw6L`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	cae99f910874288a_system.diagnostics.stacktrace.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.StackTrace.dll
Size	23.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fa98a0f020248c2be1dd40c07092f22a`
SHA1	`ef6b3ccff90beddab5ce6f60b4cc23f75edfd009`
SHA256	`cae99f910874288afbf810968d13b79d755cd4b2006609ec036ea4934181cba5`
CRC32	`C31B96D0`
ssdeep	`384:TFCc4Y4OJWfOWqWWOWYDzDm0GftpBjnZaQHRN7IlDggA:RCcyCSVifLeLA`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	04b9235f64c9c846_system.threading.timer.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.Timer.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`824053272b268c577e9adf17ed398142`
SHA1	`5ea3f290ecde1bab983ceee2417a688b7ed9b7f5`
SHA256	`04b9235f64c9c846f8a767230714895da87c7ae2cd0105e9d14835ae46f0fed8`
CRC32	`70CDD941`
ssdeep	`384:FFz0Q6gcqRhcsMWdMWwvT1Dm0GftpBjZ/AoaQHRN7plxBGDO:FFz1c6u1DViHBLTMO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	ebd186d4afc78ee7_microsoft.extensions.logging.abstractions.xml Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Microsoft.Extensions.Logging.Abstractions.xml
Size	31.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`288aa069e46b6e888d3ca1af3ae8b319`
SHA1	`cc947b4ff8547c74e800522e8153671cd1bb3513`
SHA256	`ebd186d4afc78ee78a3a716663599e7d383dc71534620608a5d5318a3aae4037`
CRC32	`0CDE43A0`
ssdeep	`384:MOib/FfqqRrcIewpszrHL1Z9XJX6gEugUDDlXNJxfV7+8C7F:nib/IZAaRsxLUx+HF`
Yara	None matched
VirusTotal	Search for analysis

Name	967dddbfe7f1ceb9_system.security.cryptography.algorithms.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Cryptography.Algorithms.dll
Size	45.9KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e4a1681e09aec6efb00fb2a9355a1296`
SHA1	`95699d187bf150d319cc64f90064301cac57f338`
SHA256	`967dddbfe7f1ceb933b5875d65c59cdb835bb063f287a361e8b35dd814a9b14d`
CRC32	`DA819F81`
ssdeep	`768:yoBj7kS+8mjvHTeaWKs0Sd4eeVngVixLVH:hPmb9WKs0Pee6VEVH`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	3d2551d6458b8456_system.reflection.extensions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Reflection.Extensions.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`defaadd4a92d4d348b0827ab8159d2fe`
SHA1	`f3bd9b4108acd42abfb99a3a4760bffcb84f6c28`
SHA256	`3d2551d6458b84566025fddfe5dad479cab5785428efd6814860d36ad1811c9a`
CRC32	`6A35EE2E`
ssdeep	`384:rIWD4WwC7Bm0GftpBjkKgnaQHRN75lgaGn7v:r13ViYnL5GD`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14___tmp_rar_sfx_access_check_8468375 Empty file or file not found
Filepath	C:\Users\test22\Desktop\__tmp_rar_sfx_access_check_8468375
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	56bd0c02c734abf4_system.globalization.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Globalization.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ae023bb0beee5189a07c7fd4e0cf3fca`
SHA1	`846711d4161a3950facdef97037898a71f4efda1`
SHA256	`56bd0c02c734abf4d7fd1ef2e8b6a9e4bf5e4bab4e606cd1023d63b02852fa61`
CRC32	`B86695DA`
ssdeep	`384:gZ4RLWdRfRJ0RZWw+109m0GftpBjPWR+HaQHRN71RNl78oSwDnud:gZK0pJujViFc6LzrawS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	30a49d16436e3a05_system.linq.parallel.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Linq.Parallel.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8be0caa60074176fa1e7e63c0aeb6c01`
SHA1	`4d4ae0d2664025327f28400d917cc59afd69f33a`
SHA256	`30a49d16436e3a05569c99a0c2d21755c2fa323c5b925f9f21c10287cc97d9c9`
CRC32	`D4C28925`
ssdeep	`384:ISUP9W70WuvT1Dm0GftpBjluHJaQHRN7alxBGD0F:NUek1DViTupLMMc`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8957f0bcea6ab8a0_system.xml.xmldocument.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.XmlDocument.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`328d12af9613b0f3f25320b85dcccbf4`
SHA1	`09d02b85a094e925ac3c5d8b1aca096b730c160f`
SHA256	`8957f0bcea6ab8a011a53ae62466505199f11a228f87f3809931d974f87078ce`
CRC32	`0AB3128C`
ssdeep	`384:jUv7c7iWNCWxvT1Dm0GftpBjvaQHRN7KlBLY6fmV:jM7c1R1DVi5LeYpV`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c7e91bd148ed22ee_system.globalization.extensions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Globalization.Extensions.dll
Size	25.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c7c93de0627833900b8379fd181b7351`
SHA1	`2cb98f9622f57a0a9e037a378519aa6a271302f6`
SHA256	`c7e91bd148ed22ee1ff8ebd3e58b199a30af90aa37499bcf8da34409672f2ed9`
CRC32	`7C5141E4`
ssdeep	`384:MNBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9WQDzDm0GftpBjeXRsTUbaQHR/:MvMhF2SzNzwu/Nlju/ViCLLsBy`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1c7bff6f16bb6186_system.data.common.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Data.Common.dll
Size	150.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d712a5a82a446086443ce00b610d8a5d`
SHA1	`7add96baa123db819f2f3d5aa62d6f872ce8fe14`
SHA256	`1c7bff6f16bb618648e699b723aeafe511515cd6aad699c25faae2a507e22811`
CRC32	`69E9D6BB`
ssdeep	`3072:wdYO+3m9R6e1x03BZ6bDSzZ8B0uAP+Pch:i+2jv1x0ebezWiumh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	7a81d2a001b543b2_system.runtime.handles.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Handles.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`65fbba7a86b3e175200ae44727ab40e5`
SHA1	`584b8683943a8e0ae98b10f452c94f6109d1c4ea`
SHA256	`7a81d2a001b543b2a55c9affc845a5df7edab1fd308c6979bbd982b1b826b57c`
CRC32	`624F8A59`
ssdeep	`384:t88cIIWNoWRQBm0GftpBjsP9SaQHRN7f7l78oSwDnuC6:t9cUoViM9SLftaw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4f6a14e4ba2a2b26_system.xml.xdocument.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.XDocument.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`37e21b63959f243a157534133f85c5af`
SHA1	`dfad52a9990b2fafce7098cebb174927e8e0ba00`
SHA256	`4f6a14e4ba2a2b26b8b8433d5f82f75a96af5a4f036d9447373b07271493917b`
CRC32	`787B6F92`
ssdeep	`384:O16eWLDWevT1Dm0GftpBjAAYaQHRN7N9lZ3w:q6L91DViqTLXA`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2e2d28a0802d8c8c_system.net.networkinformation.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.NetworkInformation.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f39a35095cfd0019d6d4bb8461750bf0`
SHA1	`ad55af22e5479a5addf01d698138e5149270e3cf`
SHA256	`2e2d28a0802d8c8c08c0d422f48733ad8bf1dfae75f5682a4a3df8898e7e819f`
CRC32	`60593519`
ssdeep	`384:B1W1WMQW5R4Xm0GftpBjNY1aQHRN7ZKl3uVogY:O154XVij2LZVV7Y`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b33d08149a756a40_system.xml.xpath.xdocument.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.XPath.XDocument.dll
Size	22.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a5f541655a9edc24f4b5184a40e40227`
SHA1	`90e196dcd76168f770abe30098399bc5866adf1b`
SHA256	`b33d08149a756a401628d11bfddfeeaca1f03c0578395bb061dae44f8a12ce5d`
CRC32	`083CAB54`
ssdeep	`384:58G4YC2W+wW8WpwWOFm0GftpBjBdDcaQHRN78lgCovnt/:2GZ5QVipgLzH/h`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	24ff0200b8c54c54_qbitninja.client.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\QBitNinja.Client.dll
Size	73.0KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b2421578507e3320bf414a1ad66918a0`
SHA1	`628ece8023094480b1b216b2206286f5e17958e5`
SHA256	`24ff0200b8c54c54b7a214eb1539348ff7db4c17f8627886d4886f7569b90a5e`
CRC32	`13BDE9A0`
ssdeep	`768:d+pkYQyrC8AS9xGp2GzzLTbs/q+MqNLF3wA6jHVSBzvWq8KyIdvC4Iihc98Ix/2b:gpdm85GSpJNGBHVSBzvWLO3MA8gOqP`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	f600acc811720183_system.dynamic.runtime.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Dynamic.Runtime.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c5cadb1409f25b6a1c7a6dd4c2df236b`
SHA1	`a994c87352486d433a06943c01329dd721ab343f`
SHA256	`f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9`
CRC32	`DC8B8303`
ssdeep	`384:puMLcdQ5MW9MWf+109m0GftpBjMR5aQHRN7Ljl78oSwDnuB3:AOcSpxVi2Lhawi`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c98a52bd017df01a_system.text.regularexpressions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Text.RegularExpressions.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7d317d88f9860a18ecf7fb90b33995d3`
SHA1	`c2e4b19cb9a0b48e899512cd121ffe6657d41072`
SHA256	`c98a52bd017df01aea7b955e6f219537d391a62c2c2b976684da282f9cd7cacf`
CRC32	`F33AA1D8`
ssdeep	`384:i6Rb32WVzWIvT1Dm0GftpBj2gaQHRN7EBlBLY6fG:NRb3dH1DViIgLEhYj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2805a18724a24034_system.drawing.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Drawing.Primitives.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`29b0a1554e54611ebba7911049f26fd3`
SHA1	`d707745e72d2f39374f2d28af52aaab7888b93ab`
SHA256	`2805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d`
CRC32	`E106EBB0`
ssdeep	`384:R28YFlXulWY/W1+109m0GftpBjIaQHRN7T/8ldBoQAYBS:R0qMViaLTwoJYBS`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b56ffb65b842daae_system.globalization.calendars.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Globalization.Calendars.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ac2f4b435ddf0600d7a866f42f3b40d9`
SHA1	`0564ff7f7e6084bd6d02d8e6a4127d1c878b3fa6`
SHA256	`b56ffb65b842daae13f3020b0b04646db92f89801d2a2f89087d145a996d43f7`
CRC32	`1460FDBB`
ssdeep	`384:3Z7RqXWDRqlRqj0RqFWX5Twm0GftpBjGRqazmHaQHRN76RqIil3uVogC:J9qKqjqjuq0wViGqRLoqItV7C`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e5fa1ec7205ff6cc_newtonsoft.json.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Newtonsoft.Json.dll
Size	649.0KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2b8093898e84aeb87bb476fb9685e584`
SHA1	`8026efade4af8de5cba7265914ca09d9d957ba81`
SHA256	`e5fa1ec7205ff6cca95eb14560e1c70d7d39e86d3a89552448147dcb89243048`
CRC32	`12AA6CFF`
ssdeep	`12288:B/w+45/tp88eBZFbRn965G83LMBgaBwd6tG:2/tp8HFSaBwd`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	63eab38ee9f4dcd6_system.diagnostics.textwritertracelistener.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.TextWriterTraceListener.dll
Size	20.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a964808487e671bb369dbc0e4dc5a947`
SHA1	`c3848473e42e2f9b4d0a00180ea9ade654432587`
SHA256	`63eab38ee9f4dcd686c8e6a4f01e1e2a9bb91e52b20ab4dde0c28061e9261860`
CRC32	`9835EEE1`
ssdeep	`384:EAWxMW3QvT1Dm0GftpBj1ROaQHRN7gIlBLY6fc8:Evxs1DVidOLgEYA`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	5f560e1dd529bb25_system.xml.readerwriter.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.ReaderWriter.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`090ff56c4fe2eeff2e16f03099ad71e1`
SHA1	`ef317cacc230a58a3b2fcc6cc079cc763afcc7c5`
SHA256	`5f560e1dd529bb2529d7052e04008449f58d0439c2bb43437d7b5d39f84f949f`
CRC32	`71FE8FCC`
ssdeep	`384:mr97WquWk+109m0GftpBjNWVaQHRN7u90lgaGn7a:mRJcVifWVLbGW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	349c7fbe9ae2b78c_system.linq.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Linq.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5e33930fe2e0867cb1f9fabeddfbd7b1`
SHA1	`4d93c7d7e6315ca2195ed73716996ade8e17fbb2`
SHA256	`349c7fbe9ae2b78c2f90239bddfcea5b16a0faac1fe83553a816c50c3e9089b1`
CRC32	`CA307C48`
ssdeep	`384:De1WmRWk+109m0GftpBjBpcQaQHRN7MAlgaGn7hw:Dej/ViOQL/Glw`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8be4a2270f8b2bea_netstandard.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\netstandard.dll
Size	96.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0adf6f32f4d14f9b0be9aa94f7efb279`
SHA1	`68e1af02cddd57b5581708984c2b4a35074982a3`
SHA256	`8be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd`
CRC32	`35838F86`
ssdeep	`1536:Q2Ec05j4eAH64rh5fSt5T9nFcI94WiVQTjpu:nlK4eA7mDmWqQXpu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f9feb277f86241f5_system.runtime.extensions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Extensions.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b0346a4c5fa0fac135509a0e7d3c4449`
SHA1	`7d71b46bb9a28289384aa1edf5cb03d64b3bcff0`
SHA256	`f9feb277f86241f55425182a26decf50a210675d4f040ec542af3fb3dd287de6`
CRC32	`95C9FE8A`
ssdeep	`384:2BSWITW5+109m0GftpBj4+19aQHRN76hlO62gHcXAJ:26oVi6+19L64g8QJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	cc62f3b867d50083_system.collections.concurrent.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Collections.Concurrent.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`559c98eb9633c7ba1bc813f8e6e0e9a5`
SHA1	`311f52b31611e6dc5fd4c0159bfa452c22980ca7`
SHA256	`cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c`
CRC32	`E2D509C6`
ssdeep	`384:Jm2igOWnW8rWwvT1Dm0GftpBjVjaQHRN70lxBGDD:5t/1DVinjLSMD`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9d4faea9892d4ecf_system.threading.thread.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.Thread.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fdb3a743b2dae5924cba88a5c865128d`
SHA1	`c53132ec95a7211c1bb6dcd5ad21ccb150a7b923`
SHA256	`9d4faea9892d4ecfabf61986687fc6cb30f5f51a6b62819b9571ff58e04c4dd5`
CRC32	`873A5FDA`
ssdeep	`384:RzyNXd4+BW6FW9vT1Dm0GftpBjJtaQHRN73hYlO62gHcXb:szA1DViHtLxRg8L`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	efd8155cec6f3683_system.valuetuple.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ValueTuple.dll
Size	77.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c8456355b990c6347ab2f3621e2010be`
SHA1	`0b7a9ec0dff6d958c9c64b5f592993372d31c5e9`
SHA256	`efd8155cec6f3683b701fe94f555d225332d283126bb36b36d9a20ea9d7fc724`
CRC32	`B12DA540`
ssdeep	`1536:vIumja0tbe16pSc45EfL+4vD4SuJbhjXuE3FMqF1KAy4kHo05ureseh79AVP9:vIuAaGbeGq5rKASI0ICh0l`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c8cf955c563bdd25_newtonsoft.json.xml Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Newtonsoft.Json.xml
Size	668.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`002b6e4720f86bfa2b6098522cfc7e6e`
SHA1	`d139d2f0a6b656f89e40b5479b86958892d4bdf1`
SHA256	`c8cf955c563bdd25645d88130eae335bc5eea5e9d5ae71628fb46d7466204847`
CRC32	`1B43C86E`
ssdeep	`6144:Xq0RtaG0rv3jGHdN0/IcHtpgVIeR0R+CRFo9TA82m0Kj+sJjoqoyO185QyMYFLsE:t`
Yara	None matched
VirusTotal	Search for analysis

Name	18a610b8bad43cf7_system.runtime.compilerservices.visualc.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.CompilerServices.VisualC.dll
Size	21.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9f31b6954fd453f13b5f39da36f2e8eb`
SHA1	`7a6276348d85eaf00ae6958117797045929078cb`
SHA256	`18a610b8bad43cf784cde4d4902a238f2281c2a677daae790cab55f6da915979`
CRC32	`D619C601`
ssdeep	`384:vna8WK1W6QBm0GftpBjBxRaQHRN73clxBGD:vna0+VinL36M`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c2250e9e51b44d8a_system.collections.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Collections.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1d8aafeca1ea565b257384d3f64864b0`
SHA1	`4d923b100142afa2e0a8b7acdb3a6de6feb91148`
SHA256	`c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707`
CRC32	`008BE2A0`
ssdeep	`384:h6iIJq56dOuWSKeWkvT1Dm0GftpBj0RaQHRN7T7lxBGDto:viAw1DViKRLTxMi`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	02416bc542be8200_system.security.principal.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Principal.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6dcd91b6a029794728f4edeb2bf2e42d`
SHA1	`82ba1313448b431893c14d866f46d47b620514a9`
SHA256	`02416bc542be82002b8b81adbbbcdcc8d098104020d09b571dc674b5bc19a177`
CRC32	`E68C10C8`
ssdeep	`384:+SKiWIhWdC7Bm0GftpBjtQaQHRN76fl3uVogL:+SK8DVicL6wV7L`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	529943c0cdf24f57_system.collections.nongeneric.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Collections.NonGeneric.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`45ff71114047dbf934c90e17677fa994`
SHA1	`526c688e71a7d7410007ad5aa6ea8b83cace76c5`
SHA256	`529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696`
CRC32	`8D06C5A9`
ssdeep	`384:2napn1iwwPWcGWNhvT1Dm0GftpBj/aQHRN7oIBldBoQAY0GP:lDuF91DVi1LoIzoJYR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	694f4c61b6bae0ae_system.net.sockets.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Sockets.dll
Size	29.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8c9d9f45b85526e491f6555b1566a41c`
SHA1	`1420ef91f6e0f6954f373f1ac4079064398ab455`
SHA256	`694f4c61b6bae0aefac07a1e861c12c03cb6002f30091e4c8b05bb9c8ccf0d3d`
CRC32	`D64BA2BE`
ssdeep	`384:mylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW6vm0GftpBj5:myp12Bhkg3qnV/s2ViaBL0HhR`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e3036362506d96c9_system.resources.reader.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Resources.Reader.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f1cc91d25b52c7504dc5beab5d0f498c`
SHA1	`498f0fbbd2712f4f637bdb7370b2302fcc4966f3`
SHA256	`e3036362506d96c9c00ed6393a2afcacd9f2e71cd2a35c1d638a61e85d2fb040`
CRC32	`8E03F7FA`
ssdeep	`384:WLNBEW6pWgQBm0GftpBjFaQHRN7GQlGinGEIJl:WbMIVi/LRU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	575e26a455892f1f_system.runtime.serialization.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Serialization.Primitives.dll
Size	26.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3373a24450373caf0cbb756e10097fd4`
SHA1	`87c352153804ff5bd4f8aef8851546f3cf22461e`
SHA256	`575e26a455892f1fd77b730e6928f70b760e76094afe5bcb677d854daf869ac5`
CRC32	`4FB0DBE7`
ssdeep	`384:c8R71h7yzt94dHWFgQBVWeHWFyTBVW/4wm0GftpBj1AipaQHRN7E5AN/lD7DDN:d1dyAqgQBfqyTB+FVizAGLE5AXHDN`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	55a30d92d163cf18_system.diagnostics.debug.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.Debug.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8b8c402311d7ab87e588675e736414fd`
SHA1	`eb8c010a35b461402c1c33133f1b61c78be8425a`
SHA256	`55a30d92d163cf1807bea6dc13b4c13e70aebbb034dc77eaef4f4394730dcd8e`
CRC32	`2BEF16B6`
ssdeep	`384:IeWnoWMC7Bm0GftpBjVwaaQHRN7g20lgaGn771Y:InTViMaLnYGtY`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	719ac73bb261e0a1_system.linq.queryable.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Linq.Queryable.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e04cdb6229d83768285acb08d870f23a`
SHA1	`a181f5cc93e9273d9169a9954a74d73bc1852980`
SHA256	`719ac73bb261e0a13574f5a198126ccf40352264958defb555280d005134c704`
CRC32	`8F981B31`
ssdeep	`384:m8yg07W0/WGC7Bm0GftpBj8xPoaQHRN7WE1l78oSwDnuaPJL:mBH2ViyoLW4awFRL`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	222bd77c5692c296_system.net.nameresolution.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.NameResolution.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2eec710dbaacd32bedfca09eca8de52d`
SHA1	`2cb934305d3648ff29fdbc7d92485003f8458848`
SHA256	`222bd77c5692c2961e8c3638f6511d6f7cbeb9e0977e2d5c3bca6739a5311f37`
CRC32	`B7CC5A0B`
ssdeep	`384:R6ZWYLWfQBm0GftpBjf6xTaQHRN76IzlTZVkH:R6lNViBCTL6GZVU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	24daa1faee0478ba_system.xml.xpath.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.XPath.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`415e3ab72f17f10d646b3e2c7a76f612`
SHA1	`ed25e94d4e88293345a0f28a5b975159c393b050`
SHA256	`24daa1faee0478ba58febe8ee789eb88be0a14d350b57ad8b10690c55976b2e1`
CRC32	`519978CB`
ssdeep	`384:z6ziqTEkGWvRWtvT1Dm0GftpBjqK4aQHRN7FMlBLY6fMf:zYT1E1DViaLFgYnf`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	5c84dd40d67c0e59_system.io.filesystem.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.FileSystem.Primitives.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`51b07204081bde29a1f84a3b48554186`
SHA1	`fca2f72c039937357099ca6e167330e540f8335d`
SHA256	`5c84dd40d67c0e59906511d2b09da8e28c454b5979eb5fde74213f9d4bdbc564`
CRC32	`D204DBAA`
ssdeep	`384:W+SWikWL+109m0GftpBjqaQHRN7Dh6l3uVogJ:W+e1ViILDHV7J`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	f2e74a3ec2dc753c_system.net.requests.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Net.Requests.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`28141960a88365df6a60b0c6ff831b0b`
SHA1	`b56c3d2e270b1c793a2ee17cac9c98b178258e94`
SHA256	`f2e74a3ec2dc753c9a48fa9a677775f949eb1e02fc1bb8bf38c39e8d2ab147eb`
CRC32	`E962F7B0`
ssdeep	`384:OJGWe4WG80um0GftpBjTaQHRN7xAlTZVk+:ymhViRLxaZV1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	50ad612d4cf6113d_system.runtime.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.dll
Size	28.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0e35085c130d2d91e5241334be7ef0da`
SHA1	`fd622ade5cae26353a22b6fa50a83669b72b6c41`
SHA256	`50ad612d4cf6113de26b2870da099c4817f59e64a2da98f05803b4a2e2304919`
CRC32	`0BD64902`
ssdeep	`384:fbhigwLAuZtM66g/Id7WVXWbC7Bm0GftpBjyV8aQHRN7mT1lO62gHcX2:fbhzkKsrVi48Lpg8m`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	22108e32e0b6e42f_system.componentmodel.eventbasedasync.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ComponentModel.EventBasedAsync.dll
Size	21.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6067ecbab3c6dddb6bf7c49c7948caa8`
SHA1	`5f3da777af01dbc159bd8d9d97d5dc105918afc5`
SHA256	`22108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5`
CRC32	`CE9B4088`
ssdeep	`384:/nzz+MpSaLWW0+WNC7Bm0GftpBjsY1xaDaQHRN7RlTZVkRzQ:npuAViVxaDLHZV+Q`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	81b6527ac2d18782_system.io.memorymappedfiles.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.MemoryMappedFiles.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`34e21101faf71a27c6819cc051debc9d`
SHA1	`d9df77b4993418337894ff04c6b813224b9f8543`
SHA256	`81b6527ac2d18782ac24ae463c11dd1d70ab1bc89f626b7347a592229b371a1d`
CRC32	`73049BB5`
ssdeep	`384:Gvk7hWmCWXC7Bm0GftpBjyuGaaQHRN70EflO62gHcXm:Gs7/+Vi1GaLIg82`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0e80a2e256d16e48_system.io.isolatedstorage.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.IsolatedStorage.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ab8d293bcd7a13e83565b4afa8438988`
SHA1	`48f227c62b2001c441bcbc5b570911f096ddf421`
SHA256	`0e80a2e256d16e487bc847d1857ed7cd088f176254ba2a385d675338b836b0fc`
CRC32	`6ADAF176`
ssdeep	`384:2HW4/WJvT1Dm0GftpBjE3aQHRN76RlTZVkuu:2ry1DViu3L6HZVC`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b84b93be455cc7d1_system.diagnostics.tracing.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.Tracing.dll
Size	30.9KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`60f59659db517c2f4dd4c5c583d43097`
SHA1	`87ed79d195d8d93ae1155af08857f751a7eca245`
SHA256	`b84b93be455cc7d14ec0c88ce08dafac7b6aac2e549c969e7126eb48c31f8b1c`
CRC32	`C1B1E62E`
ssdeep	`384:GlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWo3szm0GftpBp:8Qq33333333kX+TBi8P8zViDdsLHH0D`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2ec7fb12e11f9831_system.buffers.xml Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Buffers.xml
Size	3.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`1c55860dd93297a6ea2fad2974834c3a`
SHA1	`7f4069341c6b62ecfc999a6c2d8a2d5fb59d44f6`
SHA256	`2ec7fb12e11f9831e40524427f6d88a3c9ffdd56ccfa81d373467b75b479a578`
CRC32	`C13D11EC`
ssdeep	`96:1Sm9iVH4cK4bSrh4st9Y9TS7AilqqZw37EeKB+ZPZk:1Sm9iecnWrue8ildZw3QD+ZPZk`
Yara	None matched
VirusTotal	Search for analysis

Name	3d9ebc81b1bd3234_system.threading.threadpool.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.ThreadPool.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`18ce4ecc42fc8d999ef091d812472cf0`
SHA1	`f874903cea9f08f1a0887949b47722e6ba81b789`
SHA256	`3d9ebc81b1bd3234666c8ce403a5f17a726867c68ffa5de4ec8ee92599335658`
CRC32	`D32DF274`
ssdeep	`384:Bvs2Q3HKJNrWWRW8KvT1Dm0GftpBjb/aQHRN765EldBoQAYY9:BuMg1DViJ/L65woJYi`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	383a1f9dac655c68_system.runtime.interopservices.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.InteropServices.dll
Size	23.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d7e74ea95786a02687ce43c356abdc95`
SHA1	`2e6a3047bd3bcee01f55d139a3c03e6d4d2db14a`
SHA256	`383a1f9dac655c6805c24d4a03bc5fbeb9abd1536de5510f5756259eefcb4871`
CRC32	`C1EFDEC1`
ssdeep	`384:N09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsX:MOAghbsDCyVnVc3p/i2fBVlAO/BRU+pJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	62dce4679e33c079_system.resources.resourcemanager.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Resources.ResourceManager.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9e71dfce86f14beeb8f3e9f00d0a472e`
SHA1	`bf83a7e98418bde907deae8c0c0f3fb0f6c9db1a`
SHA256	`62dce4679e33c079e11f41b096bc803b30b1d963a1ea79efa84187cebbc06afe`
CRC32	`B8ACCE80`
ssdeep	`384:2KkHKW/tWXC7Bm0GftpBjcR3raQHRN7T0ldBoQAYNI:7uNViydLTgoJYW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c8c8a30d1a839f78_windowsformsapp3.exe.config Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\WindowsFormsApp3.exe.config
Size	17.6KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`578fbaae79e52d537a7a467efc3afc68`
SHA1	`23d591ecc8faae16e520ece17737addafce4546c`
SHA256	`c8c8a30d1a839f7890bb952d6ef42532fa7a5ea070d1faf6274c40e8fa580e11`
CRC32	`2F2D5819`
ssdeep	`96:hrgbUGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhufSJeZedUabepSRj:hrYPUDxTHffI3`
Yara	None matched
VirusTotal	Search for analysis

Name	5eaa2e82a26b0b30_microsoft.win32.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\Microsoft.Win32.Primitives.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`76b8d417c2f6416fa81eacc45977cea2`
SHA1	`7b249c6390dfc90ef33f9a697174e363080091ef`
SHA256	`5eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695`
CRC32	`A8A5E6D4`
ssdeep	`384:/N9VWhX3WsQBm0GftpBjvmaQHRN7YlgaGn7rJd0:1GmViYL0Gff0`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	b537313413f80105_system.console.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Console.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ea9376c17ee0148f0503028ad4501a92`
SHA1	`9d5686cbf45e90df5e11d87e7b90173a1a64b1a0`
SHA256	`b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a`
CRC32	`1CE99192`
ssdeep	`384:iRbzriaXT+WlEWLC7Bm0GftpBjXUNZiTaQHRN7hldBoQAYv8:A7icYVisiTLToJYU`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	28b165cddb82a250_system.diagnostics.process.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.Process.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d86b0aca05321569d9383dc7c4e9e934`
SHA1	`2ef7d0a222c3a3e564b3c72d5b71a5be40a7adea`
SHA256	`28b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754`
CRC32	`E456A1CF`
ssdeep	`384:Gqk53/hW3fZ+zWQC7Bm0GftpBj6dlwaQHRN7q5blgaGn7i:Gqk53MpViywLGbGu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	bfcd867f71c88742_system.componentmodel.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ComponentModel.Primitives.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2f39655ccfc010e32a7240d9bf5d0852`
SHA1	`20aeaed12dfb8d71e39687350eb12bc0de372af0`
SHA256	`bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37`
CRC32	`5C78CCEB`
ssdeep	`384:fGhr+YUfyHxsW/HWiC7Bm0GftpBjoEKaQHRN7VlO62gHcXn2d:MkmyViaLEg832d`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	870ee1141cb61abf_system.objectmodel.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ObjectModel.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`55d9528d161567a19dbb71244b3ae3ce`
SHA1	`8a2fb74cf11719708774fc378d8b5bfcc541c986`
SHA256	`870ee1141cb61abfce44507e39bfdd734f2335e34d89ecfffb13838195a6b936`
CRC32	`050471F1`
ssdeep	`384:icDagtDApWSKJWsQBm0GftpBjwaQHRN7ptXl3uVog4:iPKBEVi2LAV74`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8270d1248950ee8a_system.security.claims.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Claims.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`99604779c668d9b8ef913854b9a24f9d`
SHA1	`97b62a3dbe2465b4c995e082ad6ff183f6267f59`
SHA256	`8270d1248950ee8aee5c2ac2e321df07e65c7a94004ae03c857deacd231a5542`
CRC32	`2AA5F5DF`
ssdeep	`384:2UcX6W9aW2EC7Bm0GftpBj3ZYvSaQHRN7tMlgaGn7Vy:2UchixVi9LtQGJy`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	cbe29672cd2b6a0e_system.text.encoding.extensions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Text.Encoding.Extensions.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d40515a84448b91315f956e6d1a6c64b`
SHA1	`7fe773332d0461a252e52be720a7794fcaac7bfb`
SHA256	`cbe29672cd2b6a0ea97b55f3844fbede3e591996f39c3aa1f829f2fa50551fa9`
CRC32	`97BEF084`
ssdeep	`384:rb1nWCXWBC7Bm0GftpBjEYdgaQHRN7pC7lZ3atK9N:37RVioLpCf/9N`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	59f2ce73e79dbb9d_nbitcoin.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\NBitcoin.dll
Size	1.6MB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3ccb2514dd5ae74846acedc547f2a34a`
SHA1	`684d28d2d4ef8b9fd7c1320b1933e54b05ac2dcc`
SHA256	`59f2ce73e79dbb9dee068897a5e610cfd0b5cb7773c6bd911daca88506fbeded`
CRC32	`0256BE1C`
ssdeep	`12288:5iQGAzIO2L8oBEFSKak43E4ah9dPFbX2OMYN4vih9GXPletjmRWkWfFTMwRg/Lfp:+AWBIS3UFh95l6EMofk+FAotdThvDY`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file NorthKorea_Zero - Maybe it's North Korea File Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3c8630acb43c12a6_system.security.cryptography.x509certificates.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Cryptography.X509Certificates.dll
Size	22.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`06d000552ed6785988ae188fc35d1b86`
SHA1	`b0a8868d459fe0af34d16c263cfe0202c414dc53`
SHA256	`3c8630acb43c12a6a317227ff2922056ecd991fe945464fdf7ea81f1293a479f`
CRC32	`891A73F4`
ssdeep	`384:3TjbocNsWMhWqvT1Dm0GftpBjAB8O9aQHRN7FswlO62gHcXpe:fboYyf1DViyB8O9LFAg88`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1f5c1abe1b272068_system.security.cryptography.encoding.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.Cryptography.Encoding.dll
Size	20.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7ab10b31c5ce290672b319d403751e95`
SHA1	`ed23e654968b3704a82f613b06be5829e0caad70`
SHA256	`1f5c1abe1b2720680170388569354d8cda9d558b53aff7caf175ce0f7e3733e5`
CRC32	`C0455CC6`
ssdeep	`384:d1cezoy4W04WDvT1Dm0GftpBjEUvCMuaQHRN71xlZ3VRw:PBzoy+F1DVivQLjjw`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	cb2d429afcdae7a1_read me.exe Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\READ ME.exe
Size	256.0KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3e9ad6d4b7b90295746f242d1f737d4c`
SHA1	`aeb9a78e84fa3ec565d81074d98290f64d568f77`
SHA256	`cb2d429afcdae7a1ee4d7efb587d1c1d7d10aec5d76146dfff6bfc67a827dfd4`
CRC32	`7F995670`
ssdeep	`3072:KxmoclrNx0BJBhgiuByzdzSnrsViSOQ6y5sRNmM7qUA:dZNx0Ze1ytYrQROGsRN7u`
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) RedLine_Stealer_b_Zero - RedLine stealer Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file detect_Redline_Stealer_V2 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d707bfa951674384_crack.exe Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\CRACK.exe
Size	125.0KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`eb3ac535084f7ec55893cc38a047b34e`
SHA1	`c0c46a6cc03b2f5058cb2f8103bfef0e218dc0d4`
SHA256	`d707bfa951674384256f0bcba17248a1b0c63e26493837140d66e700e1989c9e`
CRC32	`326ACBCA`
ssdeep	`1536:e3LNmoc+6cbImCS3l5JFh4mbfexvZu9UyyedQO8RqCxXsEyG6ijoigw6mQqE:exmocl0V5J/lgZuGyzdFSnaD`
Yara	Malicious_Library_Zero - Malicious_Library MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) RedLine_Stealer_b_Zero - RedLine stealer Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file detect_Redline_Stealer_V2 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	938da38561da5479_system.collections.specialized.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Collections.Specialized.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b52c339601cb264f83df72d802e98687`
SHA1	`8bbb7badaaa912c1f17775e9acdcab389704c772`
SHA256	`938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c`
CRC32	`73A8861E`
ssdeep	`384:2ZHLaEav5aaUa6arWVLWOvT1Dm0GftpBjq1xFaQHRN71mldBoQAYu:rPv5t/NOF1DViQ1xFLcoJYu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e8d531f0aaa674f7_system.runtime.serialization.json.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Serialization.Json.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e1e2239979b853157ba75310fea7e65d`
SHA1	`ee1ae416570911282abdd3745674e58f9d469c9e`
SHA256	`e8d531f0aaa674f794b7f43ec76e4e32ad93f3c136020cf4b6e3433832f9c0df`
CRC32	`DB8DF237`
ssdeep	`384:YAJpVWbfkBnWyC7Bm0GftpBjV1raQHRN7RyV0lTZVkvq:YAJpWfkBSVi31LRyAZVZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	da18d61bb6b7d35c_system.io.compression.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.Compression.dll
Size	108.3KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`33b8972fa6b00b8922210ca95e5745d1`
SHA1	`609f31b98831327677e89e08bff7d7322ba0f4a4`
SHA256	`da18d61bb6b7d35c56cb4f392fae0844cca73f72a043a08994beccb531ff3b77`
CRC32	`08887470`
ssdeep	`1536:lvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXrVDCa8:Jgk1tiLMYiDFvxqrWDWNoJXJ2p`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	260c6250ef9b57dc_system.diagnostics.tools.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Diagnostics.Tools.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`27c7d752c11c3f43f28eb31968e73e2b`
SHA1	`51e466218025126c5e524afd2086f4ab0bf3660a`
SHA256	`260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa`
CRC32	`2A5E9E78`
ssdeep	`384:UUAlcWHaWlvT1Dm0GftpBjXGIRaQHRN7/lBLY6fIi:29N1DVihGIRL/Yni`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	7720ee13405ea8a3_system.io.compression.zipfile.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.Compression.ZipFile.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`bb1a520f25bb93ace4dd0a060fba677d`
SHA1	`92bf07ccf32eb9fdf06f446a256e0271c4028bf0`
SHA256	`7720ee13405ea8a3c204703a181e67dc6d66835e9df263c09d04d8b48b41eb26`
CRC32	`D735E79C`
ssdeep	`384:OYWsmWs+109m0GftpBjncaQHRN7QlgaGn7G7:O28ViGLMGG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	76432f414458e93b_system.runtime.interopservices.runtimeinformation.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.InteropServices.RuntimeInformation.dll
Size	28.0KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`05af54a1c6450b98ad0fb0e857b6a523`
SHA1	`15349e541122743a5d355946e48380ac1811b52f`
SHA256	`76432f414458e93b54ceb02fc348e652a84744108102f3a83792d8a804040eb8`
CRC32	`5B927653`
ssdeep	`384:skUwx9rm5go1fWKmmW4oqN5dWjaWp1m0GftpBjaIrc1aQHRN7SlDggz1:brmoFmWXXXVioVL8Lz1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	18032d190d0d5998_system.security.securestring.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Security.SecureString.dll
Size	21.9KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4523f60270149bad67f6ae63375d2cdb`
SHA1	`ff6e6bcd83a11d40bf53dabd0480a67aecfdcf50`
SHA256	`18032d190d0d599823e59c8dd8b588909bef8888b8bf304723a138b61f1b911f`
CRC32	`6AE9A08A`
ssdeep	`384:n0KbZWApWmWTpWWFm0GftpBjNaTaQHRN7vnl4aRISeS:0KRybViaTLSAl`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0383dc02fdf0b5d4_system.reflection.primitives.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Reflection.Primitives.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cf318475e6a7a56789abb0f98c37abe1`
SHA1	`33d1ebd7212d747c8723cfb9e4292c99a641b964`
SHA256	`0383dc02fdf0b5d4612d8caaad13d594cac1609c8240b73dfd6ea5803f5e17ea`
CRC32	`8999B0D9`
ssdeep	`384:AMWzQWsvT1Dm0GftpBjF2i4aQHRN7Del3uVogM:A561DVijuLD5V7M`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	21493f7f615a099e_system.xml.xmlserializer.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Xml.XmlSerializer.dll
Size	21.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d9f02d9f7da653f82e75112a2ab99ce6`
SHA1	`bbbb4c2c3911ae1f5ba7faf1d632ed0f14d9b6ac`
SHA256	`21493f7f615a099e795f7fae7ecce6082414d1d427790bdf4b103623a3ab34eb`
CRC32	`6A3128EA`
ssdeep	`192:3+vxmNWnRW52bivT1CCjdks/nGfe4pBjSrl1WAaAXcrMHnhWgN7aMW2Mqnaj87Xf:GSWnRWDvT1Dm0GftpBjy7aQHRN7IlZ3U`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0110616dfe870b8b_system.threading.tasks.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.Tasks.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0ad301ee2b7282b87dcd0d862efe14dc`
SHA1	`f720109a38846e358bde7c47d9c946a79d2b6b1c`
SHA256	`0110616dfe870b8bcf25df8f6ce38ef5aac39e728ddaa3420ea199f5a7e80a16`
CRC32	`38BE3A39`
ssdeep	`384:G8MjKb47T3UCcqFMkJ59WdtWe+109m0GftpBjPRaQHRN7LKlgaGn7ce:jMjKb4vcGdOdVilRLLeG4e`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	bf97f67165231c2a_system.linq.expressions.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Linq.Expressions.dll
Size	21.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3b49bf361f3116de28176b40845bc199`
SHA1	`5627e53d15e56868dc9082edcae5a653b96b9af1`
SHA256	`bf97f67165231c2a42b95f11d80337b082e2b2be54351da44c8a10c06194b369`
CRC32	`DE1F2D20`
ssdeep	`384:j6RW6eW++109m0GftpBjeLUaQHRN7es2lGinGEx:j67aVi8ULzSN`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c191a43029edd4eb_system.io.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.IO.dll
Size	20.6KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`809fdbd7422a3e02c89244dc530a3367`
SHA1	`a6999c04b243b034f8ee7ad0d79f3ce24df9a9d0`
SHA256	`c191a43029edd4eb8eee003356f1fe79aa45071c25433a7a3589590e9089eed9`
CRC32	`A44E2B30`
ssdeep	`384:iyvPRW4lWkTwm0GftpBj8w0aQHRN7y3lBLY6f4:H39VwViGw0L0Yh`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	0dbb92ecd5dfa7fc_system.componentmodel.typeconverter.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.ComponentModel.TypeConverter.dll
Size	22.2KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d1699287934da769fc31e07f80762511`
SHA1	`bfe2384a92b385665689ad5a72f23abc8c022d82`
SHA256	`0dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb`
CRC32	`D1D2EE79`
ssdeep	`384:BRE+ruiA5vzWeNWnvT1Dm0GftpBj94aQHRN7N+ql78oSwDnuQM:BS9bW1DVib4L5awfM`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	3468e0c875db94a8_system.threading.tasks.parallel.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Threading.Tasks.Parallel.dll
Size	20.7KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9088029e38b2a393f22afd9e576ce86e`
SHA1	`05e65ee95f647f38c717c73a0399870912dd374a`
SHA256	`3468e0c875db94a8f45d56ab76bbcc677b942ca51a23649ba3c5ad1b20e391f1`
CRC32	`DBE7832B`
ssdeep	`384:Wvn4HREpWiQWBTwm0GftpBjtSaQHRN7BlGinGEb:pS7wVifSLJ/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	c343f7bf08a4c97a_system.runtime.serialization.formatters.dll Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\System.Runtime.Serialization.Formatters.dll
Size	20.8KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a42c32f4e98a9656fc2fed72d30e9380`
SHA1	`b6b8986fc1b5140817de262ae4102499e37daffd`
SHA256	`c343f7bf08a4c97a90ba607a492c721533333173fa63f65f6e5de9ceee65fc16`
CRC32	`63247654`
ssdeep	`384:uI5HeWFwTBsWbvT1Dm0GftpBjW0hZraQHRN7ZflZ3j:uI5HFwTB91DVism5LZzz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	8ebd1383d7af498c_nbitcoin.xml Submit file
Filepath	C:\Users\test22\Desktop\fake btc sender\NBitcoin.xml
Size	358.4KB
Processes	2572 (FAKE BTC SENDER zip.exe)
Type	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`355eaf81deedcf915efe79444ce2e2e8`
SHA1	`23c1884bddb136804b25150f8e41de815299130f`
SHA256	`8ebd1383d7af498c5ce183c3ea9da09e6bddf84c2154cc66f2ba3940ed4f5efb`
CRC32	`212CA239`
ssdeep	`6144:xjECBU03p5qBGXFxz3Sfau+LSRDBDyuzUMF7q4Al8U79n8w:xS0`
Yara	None matched
VirusTotal	Search for analysis