Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.05 12:05
Synaptics.exe
05.04 10:05
mediacje.png
05.04 10:05
Portal orzeczeń - Sąd ...
05.04 04:05
2708.bson
05.04 04:05
289e4f9df20d686b_{4fc7...
05.04 04:05
2616.bson

Latest News
05.05 06:05
A list of topics we co...
05.05 05:05
A list of topics we co...
05.05 05:05
Parsing yara rules to ...
05.05 05:05
Git-Konfigurationsdate...
05.05 05:05
The Convoluted Way Int...
05.05 05:05
Odd Lots: Henry Blodge...
05.05 05:05
Henry Blodget on AI, D...
05.05 05:05
IPhone Maker Hon Hai’s...
05.05 05:05
Eutelsat Replaces CEO ...
05.05 05:05
Jetzt Daten sichern: M...

Dropped Files | ZeroBOX

Name	9acc4827829644d1_api-ms-win-core-debug-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-debug-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`e543e46dcbca072ea8d25f69f2ff5c57`
SHA1	`c5b369e86e45c0980bfa272268b0d50bc6b8e883`
SHA256	`9acc4827829644d1e92c55b145c7824de1aef6a1fc4377cc7cc1f38cab28782e`
CRC32	`9AF4C2D3`
ssdeep	`384:dW2hWNaZSf+VIYi+vC8AM+o/8E9VF0Ny4q:L+/Yi+1AMxkEd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	82692ce341519910_api-ms-win-core-processenvironment-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-processenvironment-l1-1-0.dll
Size	15.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`3c9e870f83c3a0434e376f16132473e7`
SHA1	`9593aba92212c3da2956a8e7888a9e347ca8c35e`
SHA256	`82692ce341519910459fd57a6e87a47c9dad47408a5d84505036e7857eac5891`
CRC32	`7DE32836`
ssdeep	`384:hHW2hW7ZSf+VIYi+vDVAM+o/8E9VF0Ny8jIJ9:zb/Yi+rVAMxkEqIJ9`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	4c0ba89e487ec989_api-ms-win-core-processthreads-l1-1-1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-processthreads-l1-1-1.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`5fbb3fc0ca37ed94744d6af8638b7c9a`
SHA1	`09415405267ee64c92e0fd43ead7dbfe2f028647`
SHA256	`4c0ba89e487ec98966cc0b68bdeb07bbeb958f3a4ad866382a4185baf31f9041`
CRC32	`DDB8E8F9`
ssdeep	`384:nDfIeWW2hWvZSf+VIYi+vOo9WAM+o/8E9VF0NyTfu:Me+H/Yi+T8AMxkEVu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8b20aeb935ceabbd_api-ms-win-core-namedpipe-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-namedpipe-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`fdbff00082b5a682221584e1e8500e6e`
SHA1	`3f0803b0aca95f9a4c0dbd007d0ab1d4cfbaa3c4`
SHA256	`8b20aeb935ceabbdc2fb1cfa72f4617a50b1a4e19476987637043b2a6dffd25c`
CRC32	`8AAEDD0E`
ssdeep	`384:7pW2hWLSZSf+VIYi+v5oRAM+o/8E9VF0Ny2lP+:7HIZ/Yi+4AMxkEk+`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	ea76f832cc3261b5_api-ms-win-crt-time-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-time-l1-1-0.dll
Size	17.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`6f1bc6ef8fe550cf6c052673c738f79e`
SHA1	`adae680e3e78654e573269a7c2201a3c8478cefc`
SHA256	`ea76f832cc3261b5e08f45e0c0a490d759cac34bd978c3f98dd10b5fdb1e20fc`
CRC32	`943150FD`
ssdeep	`384:sPEzgW2hWJZSf+VIYi+v4AM+o/8E9VF0NyHTSMW:S0Ed/Yi+wAMxkEG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	46a8a9d9c639503a_4434.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000003001\4434.exe
Size	413.0KB
Processes	2540 (axplong.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`607c413d4698582cc147d0f0d8ce5ef1`
SHA1	`c422ff50804e4d4e55d372b266b2b9aa02d3cfdd`
SHA256	`46a8a9d9c639503a3c8c9654c18917a9cedbed9c93babd14ef14c1e25282c0d5`
CRC32	`4080297B`
ssdeep	`6144:FmliDzugxTgexyJ4hgIR3oHu5VamKRUuCjdwZOeBSGJfaoZ0HmNKP7gnF/1p0IX:m8bxcextX5UmKRUuyQOeBtJpZ8Cd`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	909f4badb60ff195_api-ms-win-core-string-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-string-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`55dd5d552a9c827c7292aa17f3a14c5d`
SHA1	`369d81577e811ef8c0a61b47ef32ffc02aa2185c`
SHA256	`909f4badb60ff1951243f334cb7410318c4772833d3a996dbda07968cd7e36f4`
CRC32	`2E9A1B2C`
ssdeep	`384:uyMvQW2hWXZSf+VIYi+vnCAM+o/8E9VF0Ny2r1x:uyMv07/Yi+PCAMxkEav`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	794d039ffdf277c0_cacert.pem Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\certifi\cacert.pem
Size	275.0KB
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`78d9dd608305a97773574d1c0fb10b61`
SHA1	`9e177f31a3622ad71c3d403422c9a980e563fe32`
SHA256	`794d039ffdf277c047e26f2c7d58f81a5865d8a0eb7024a0fac1164fea4d27cf`
CRC32	`116F12C7`
ssdeep	`6144:QW1H/M8fRR1mNplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5f:QWN/TR8NLWURrI55MWavdF0f`
Yara	None matched
VirusTotal	Search for analysis

Name	c140866b8e579c10__pytransform.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_pytransform.dll
Size	1.1MB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4a9d54d85df402bb7fea9f1c278ff5a4`
SHA1	`414ce62f8fef39a08cd9214296e3a4985ea2f5e6`
SHA256	`c140866b8e579c106fbcd10263282b35075ed542e10b8fd208847490afde23a9`
CRC32	`C726797A`
ssdeep	`24576:8RgySc2phTzucZzdcZ7fUoPTS4ObanoIen42fw5I:BySc2ptScvkoDfcI`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_2.exe Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\1000005001\2.exe
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	b973d8e77f8ab14b_axplong.job Submit file
Filepath	C:\Windows\Tasks\axplong.job
Size	272.0B
Processes	2188 (22fc86ad3a.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`f30efd9640c4fa3094cd3976733ce7e3`
SHA1	`2523596592cce3438e5a89e4e716b5e0f80fe3c8`
SHA256	`b973d8e77f8ab14b6cedcbf09f712ce9ad3516f396ef1a53011fbe1fbaaa98b8`
CRC32	`D35A00C6`
ssdeep	`6:kiZuEzVXE///UEZ+lX1lOJUPelkDdtI4y0l1uRlEt0:kiZFRk//Q1lOmeeDw4V1OEt0`
Yara	None matched
VirusTotal	Search for analysis

Name	f4723261c0497454_ucrtbase.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\ucrtbase.dll
Size	964.7KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`cd7a487bb5ca20005a81402eee883569`
SHA1	`f427aaf18b53311a671e60b94bd897a904699d19`
SHA256	`f4723261c04974542a2c618fe58f4995f2dcaf6996656bb027d65adeeca6caf7`
CRC32	`BE734D74`
ssdeep	`24576:2VlncbBScMaURxDDMz2UyJaoOn8ynGo5ImxvSZX0ypnikO:UlcURaUsz2U7LGjiR`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2d2f6d19745b6dd8_2020.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000012001\2020.exe
Size	11.2MB
Processes	2540 (axplong.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`75cb885b478ab63f02ddae52af38c850`
SHA1	`a60b24e18a54a3dfdaf945371af041f231c640af`
SHA256	`0feb263658de343eede03f313fb019ce2f68fa52740a4b45d21dc20b8d6e9081`
CRC32	`C08E649E`
ssdeep	`196608:zRGD9huRUACt5fveJWvoCn0erxLkCN8N8F1W903eV4QR64KF5ikWMWKACy5+Z1P0:kzuRUAwf7vLF4NkW+eGQR6n/ikWMWfom`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5d78cd1365ea9ae4_python3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\python3.dll
Size	63.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`07bd9f1e651ad2409fd0b7d706be6071`
SHA1	`dfeb2221527474a681d6d8b16a5c378847c59d33`
SHA256	`5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5`
CRC32	`FC291BD3`
ssdeep	`768:kD8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqL:kDwewnvtjnsfwaVISQ0a7SydEnn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2c7a31dec06df4ee__rust.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography\hazmat\bindings\_rust.pyd
Size	6.9MB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f918173fbdc6e75c93f64784f2c17050`
SHA1	`163ef51d4338b01c3bc03d6729f8e90ae39d8f04`
SHA256	`2c7a31dec06df4eec6b068a0b4b009c8f52ef34ace785c8b584408cb29ce28fd`
CRC32	`D9A368A3`
ssdeep	`49152:L7vWIDI8B92Fbq5Vv1Q3rBIU6ikGtlqQVwASOGRw8beAOmnDvghmCoADPDMBMXLq:pi2++POmnDIrPDMyGnTLQmD/`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d605c2e842705b6c_api-ms-win-core-file-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-file-l1-1-0.dll
Size	18.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`8ac7f3836302b4f36c1b68c846509163`
SHA1	`f1cb7864f1e405100c4aea82cb3bdedc32ce5062`
SHA256	`d605c2e842705b6cd5b8acad292712e6573d03a092a71261e9d02a5167506c75`
CRC32	`C1A13F3A`
ssdeep	`384:xBPvVXgW2hWlGqZSf+VIYi+viNPAM+o/8E9VF0NyAy3:/PvVXEmGx/Yi+6AMxkEn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	91776f8b8b3019d7_api-ms-win-core-rtlsupport-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-rtlsupport-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`8d6509c183c2991f4630b927cdb08d9c`
SHA1	`1eb5213d623a7ced3fba80bea661dec685b32c71`
SHA256	`91776f8b8b3019d7056b034c9024864fb51bea814ad2695982a5258ae560eb21`
CRC32	`3BBAD4FC`
ssdeep	`384:cGeV5W2hWfZSf+VIYi+v9KoAM+o/8E9VF0NyOdjn:cGeVXD/Yi+koAMxkEa7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	bc477a1263d3d0d7_api-ms-win-core-datetime-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-datetime-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`f85768c91d7ebf5189962c98f432cdc1`
SHA1	`191e0547f7d19f81b017b47b81ec40c87f8c45ae`
SHA256	`bc477a1263d3d0d720a1fc8b68a8f61f32c8fe0987426a139d3c48d96a13a69c`
CRC32	`DB2804F1`
ssdeep	`384:FUW2hWTZSf+VIYi+vpqAM+o/8E9VF0Ny8E:CX/Yi+RqAMxkE/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	5703046dbfc442cb_api-ms-win-crt-conio-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-conio-l1-1-0.dll
Size	15.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`e87662932bc0eb99119942e4feaa08be`
SHA1	`7a3a650b2c24c78cb5f0da4dce0bb45c2b8cd87c`
SHA256	`5703046dbfc442cb51c57aef87ca7aaa369fdc00330eff4adb38487b852fd942`
CRC32	`BD04AC64`
ssdeep	`384:ILW2hWyZSf+VIYi+vQAM+o/8E9VF0Ny2G3:Kg/Yi+oAMxkEr`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	791e7195d7df47a2__brotli.cp310-win_amd64.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_brotli.cp310-win_amd64.pyd
Size	801.5KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ee3d454883556a68920caaedefbc1f83`
SHA1	`45b4d62a6e7db022e52c6159eef17e9d58bec858`
SHA256	`791e7195d7df47a21466868f3d7386cff13f16c51fcd0350bf4028e96278dff1`
CRC32	`DAAEC9C6`
ssdeep	`12288:tY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfRFo:tp0NA1tAmZfR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ceebae7b8927a322_INSTALLER Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\INSTALLER
Size	4.0B
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`365c9bfeb7d89244f2ce01c1de44cb85`
SHA1	`d7a03141d5d6b1e88b6b59ef08b6681df212c599`
SHA256	`ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508`
CRC32	`C2971FC7`
ssdeep	`3:Mn:M`
Yara	None matched
VirusTotal	Search for analysis

Name	46b06d9564880295_api-ms-win-core-synch-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-synch-l1-1-0.dll
Size	16.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`48ecbb112f1f1a8e74a18ea760478ceb`
SHA1	`b39bf955a5988abc26b04f5987b642caab781bff`
SHA256	`46b06d95648802953ab4cf26aea89ea52bf2085c2d4f44381cf36d053fef44ca`
CRC32	`8A04BCAD`
ssdeep	`384:Idv3V0dfpkXc0vVaOW2hWlZZSf+VIYi+veAM+o/8E9VF0NygM:Idv3VqpkXc0vVam2o/Yi+mAMxkEd`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	aac73b3148f6d1d7_LICENSE.APACHE Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\LICENSE.APACHE
Size	11.1KB
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`4e168cce331e5c827d4c2b68a6200e1b`
SHA1	`de33ead2bee64352544ce0aa9e410c0c44fdf7d9`
SHA256	`aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe`
CRC32	`A82B48BD`
ssdeep	`192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt`
Yara	None matched
VirusTotal	Search for analysis

Name	1cb7ee7705397e89_api-ms-win-core-profile-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-profile-l1-1-0.dll
Size	14.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`f137f40b11c106c5f1677d7db244d850`
SHA1	`3e8558c1563031f16a75b74c7fbcbb2adc14bd64`
SHA256	`1cb7ee7705397e8908406be93061e81201d850146c3897a2856ab9a7baaf1cfd`
CRC32	`2CFCEEB6`
ssdeep	`384:bSeW2hWwZSf+VIYi+vN1XAM+o/8E9VF0Ny8dVj:la/Yi+l1XAMxkEuj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	27955c80c620c31d_25072023.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000009001\25072023.exe
Size	304.0KB
Processes	2540 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a9a37926c6d3ab63e00b12760fae1e73`
SHA1	`944d6044e111bbad742d06852c3ed2945dc9e051`
SHA256	`27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b`
CRC32	`8D1CFC69`
ssdeep	`3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description) RedLine_Stealer_b_Zero - RedLine stealer Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file detect_Redline_Stealer_V2 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f178e29921c04fb6__bz2.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_bz2.pyd
Size	81.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`a4b636201605067b676cc43784ae5570`
SHA1	`e9f49d0fc75f25743d04ce23c496eb5f89e72a9a`
SHA256	`f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c`
CRC32	`F01BECFD`
ssdeep	`1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	04fe672bf2aa70ff_METADATA Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\METADATA
Size	5.3KB
Processes	1304 (pered.exe)
Type	ASCII text, with CRLF line terminators
MD5	`07e3eea441a0e6f99247d353bd664ea1`
SHA1	`99c8f9c2dd2d02be18d50551ed4488325906c769`
SHA256	`04fe672bf2aa70ff8e6b959defe7d676dcdfd34ee9062030ba352a40db5e2d37`
CRC32	`F6D9A597`
ssdeep	`96:Dx2pqZink/QIHQIyzQIZQILuQIR8vtklGovuxNx6rIWwCvCCcT+vIrrr9B+M6VwP:4JnkoBs/stL18cT+vIrrxsM6VwDjyeyM`
Yara	None matched
VirusTotal	Search for analysis

Name	1959db009643bcc6_api-ms-win-core-handle-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-handle-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`ebc4decaac0aeda4155d4e0d711de820`
SHA1	`8c1ce1929e25fb6fcc0d8f5eeca1d59fe1805651`
SHA256	`1959db009643bcc6212540e2143a76bbf0b1e10e903c62d54cc863a11bd157bb`
CRC32	`05B1D980`
ssdeep	`384:BW2hWnkZSf+VIYi+vFAM+o/8E9VF0NyMwKT:PK/Yi+tAMxkE8`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	ee7120f4d73d9b33_2020.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000012001\2020.exe
Size	11.1MB
Processes	2540 (axplong.exe) 1304 (pered.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`71aab7738fd699d7586425ecaa43b05d`
SHA1	`a83375107bae7bcb4bd6ef19017acfedca3b2405`
SHA256	`ee7120f4d73d9b3366b55aa24240d217b543ec12b877d60ce69bdb88779b9f00`
CRC32	`DAC74578`
ssdeep	`196608:zRGD9huRUACt5fveJWvoCn0erxLkCN8N8F1W903eV4QR64KF5ikWMWKACy5+Z1PL:kzuRUAwf7vLF4NkW+eGQR6n/ikWMWfo5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	92d7954d9099762d__ctypes.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_ctypes.pyd
Size	119.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`87596db63925dbfe4d5f0f36394d7ab0`
SHA1	`ad1dd48bbc078fe0a2354c28cb33f92a7e64907e`
SHA256	`92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4`
CRC32	`73107E08`
ssdeep	`3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3e7c8af570ab4fd9_api-ms-win-core-memory-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-memory-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`df31fbf01dad9ecf7036bd5cbee68d6f`
SHA1	`f7b617e506f8ee0bebe72468b731ca2586e6c9b6`
SHA256	`3e7c8af570ab4fd9c7a1766ca9847e3b8a7d481e7430d4b5264403d257035b76`
CRC32	`C0901DB0`
ssdeep	`384:GUW2hW8ZSf+VIYi+vtAM+o/8E9VF0Ny8V4:RO/Yi+VAMxkEZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	1011889e66c56fd1_pered.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000010001\pered.exe
Size	10.9MB
Processes	2540 (axplong.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`faf1270013c6935ae2edaf8e2c2b2c08`
SHA1	`d9a44759cd449608589b8f127619d422ccb40afa`
SHA256	`1011889e66c56fd137bf85b832c4afc1fd054222b2fcbaae6608836d27e8f840`
CRC32	`A6CD54C5`
ssdeep	`196608:I3pwZJjbyU3b01Kpn3V+uq+VvpqL2Vmd6+Dfc/f/+SveM0EVRuvEKn:uSZL01+l+uq+VvIL2Vmd6mfc/e03RMZ`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	78c67de9f6246e1e_api-ms-win-core-libraryloader-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-libraryloader-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`a74326d577561db7de8fbf4f1d756319`
SHA1	`7c8016264afc0766e9b404e149ac110559e85ec0`
SHA256	`78c67de9f6246e1eea7200b7a6abeed8269a4b6bd3ab673c1c92d87b183648fd`
CRC32	`80EF297C`
ssdeep	`384:EvuBL3BaW2hWvZSf+VIYi+vhOAM+o/8E9VF0NytIx:HBL3Biz/Yi+JOAMxkE6`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	2093e7e4f5359b38__cffi_backend.cp310-win_amd64.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_cffi_backend.cp310-win_amd64.pyd
Size	177.0KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`6f1b90884343f717c5dc14f94ef5acea`
SHA1	`cca1a4dcf7a32bf698e75d58c5f130fb3572e423`
SHA256	`2093e7e4f5359b38f0819bdef8314fda332a1427f22e09afc416e1edd5910fe1`
CRC32	`16EF00CB`
ssdeep	`3072:fp5LZ3sgWSqjfy8dBbm/6WnUsHozssS7piSTLkKyS7TlSyQH:fptZ8gW9jrBbQnfIzLIiSTLLymlSy`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8046bf64e463d5aa__socket.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_socket.pyd
Size	75.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`e137df498c120d6ac64ea1281bcab600`
SHA1	`b515e09868e9023d43991a05c113b2b662183cfe`
SHA256	`8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a`
CRC32	`3F9838EF`
ssdeep	`1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ebf19a3268b7a3f1_ab417aa83e.exe Submit file
Filepath	C:\Users\test22\1000029002\ab417aa83e.exe
Size	2.5MB
Processes	2816 (explorti.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9cccb9b47686e3ab460cbee74196ba25`
SHA1	`bac02a3bf2950e387491fb5b242d2cc38345635c`
SHA256	`ebf19a3268b7a3f1411517f4aeb2b0253b4ca853df1c2360e1307febba25e0b4`
CRC32	`3B476AD9`
ssdeep	`49152://hjQWL7OJTkKnLJt0rAo4dnBRsmuKA59iSufNAtSdPPgAsCY3/Oh:XhjQ0OJ3D0rAnBa1iAYdTjYW`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) EnigmaProtector_IN - EnigmaProtector
VirusTotal	Search for analysis

Name	519ee8e7e8891d77_gold.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000002001\GOLD.exe
Size	529.5KB
Processes	2540 (axplong.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d3e3cfe96ef97f2f14c7f7245d8e2cae`
SHA1	`36a7efd386eb6e4eea7395cdeb21e4653050ec0c`
SHA256	`519ee8e7e8891d779ac3238b9cb815fa2188c89ec58ccf96d8c5f14d53d2494b`
CRC32	`AF8EA7B8`
ssdeep	`12288:PkH1gqhBqVkOWGyH3b4RA/PeVdWfLzd8fYnjnsIaU+j:PkH6qOsDMaeVdW+ojnsIwj`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3e0c7c091a948b82_LICENSE Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\LICENSE
Size	197.0B
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`8c3617db4fb6fae01f1d253ab91511e4`
SHA1	`e442040c26cd76d1b946822caf29011a51f75d6d`
SHA256	`3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb`
CRC32	`E20CE982`
ssdeep	`3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1`
Yara	None matched
VirusTotal	Search for analysis

Name	854d6667b83af472_api-ms-win-core-console-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-console-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`98015bd4055b65570fc03c1e8e1dec18`
SHA1	`48c2cc31953586fdd9e628125b3db0767dd189f3`
SHA256	`854d6667b83af472ff680f481bbd90e1d0c75a623b7b474aea2aad4630abf41d`
CRC32	`D63AE7D2`
ssdeep	`384:FW2hWfZSf+VIYi+vcAM+o/8E9VF0Ny21jT:j7/Yi+UAMxkEqjT`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	58b772b53bfe8985__ssl.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_ssl.pyd
Size	155.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`35f66ad429cd636bcad858238c596828`
SHA1	`ad4534a266f77a9cdce7b97818531ce20364cb65`
SHA256	`58b772b53bfe898513c0eb264ae4fa47ed3d8f256bc8f70202356d20f9ecb6dc`
CRC32	`67B9ACBB`
ssdeep	`3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d66c3b47091ceb3f_VCRUNTIME140.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\VCRUNTIME140.dll
Size	96.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`f12681a472b9dd04a812e16096514974`
SHA1	`6fd102eb3e0b0e6eef08118d71f28702d1a9067c`
SHA256	`d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8`
CRC32	`2CEDC91E`
ssdeep	`1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1`
Yara	Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	62275f1a1f7fb1f7_api-ms-win-core-heap-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-heap-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`3610ae35045d0081397338989d009ed9`
SHA1	`cbea3c6b6f44a03ba33883b25f6d38f2f07bfb30`
SHA256	`62275f1a1f7fb1f71c2a43a644ab8423ea2fdf71923f82c4fcc0424973173e70`
CRC32	`244A46B6`
ssdeep	`384:FlrW2hWlZSf+VIYi+vTAM+o/8E9VF0Nyq7w:Nh/Yi+bAMxkE1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0ee50971d24ad3d5_api-ms-win-core-processthreads-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-processthreads-l1-1-0.dll
Size	16.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`2d4cc29add04d867529494992e8d651d`
SHA1	`2376bbb7973b9c5794554b0f90f45d030c30f4d1`
SHA256	`0ee50971d24ad3d51bebeb80d5f0f746b60b0f2fb4057b4c75e4555a41205d4c`
CRC32	`F1F72407`
ssdeep	`384:qWXk1JzNcKSIsW2hWGZSf+VIYi+vrLiIAM+o/8E9VF0Ny4Zi:qbcKS54/Yi+jHAMxkEIi`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	78a034731fbf9370_22fc86ad3a.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000030001\22fc86ad3a.exe
Size	1.8MB
Processes	2816 (explorti.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8fd2e26a68d898da0bd782d84408e19e`
SHA1	`5e68217c972177f47a8eaa5db2739b388e9e3fba`
SHA256	`78a034731fbf9370261fb96d2682a2eff1fb43d0024d9c4d3ba3432860568d0a`
CRC32	`774840BC`
ssdeep	`24576:UY5b7z+2hk96t9zIQraDUrmBk0dXhOfqcXd2DdwKil8UPKNqOVSYobTXrNoGcjPY:Z7zPI6t5XrGz8dAInKvIYknNorH3M`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a73fcc7844d724ed_api-ms-win-core-synch-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-synch-l1-2-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`ec18057e36a1ea2110fde721d0000a2e`
SHA1	`d27ea8ff2b9f5ee8ac2416cf4839d4959e21e561`
SHA256	`a73fcc7844d724ede85d24b150c491a07c7c4d2556909ea624a6ab853368312e`
CRC32	`A24430AB`
ssdeep	`384:ftZ3zW2hWCZSf+VIYi+vKHeAM+o/8E9VF0NymK:pc/Yi+CHeAMxkEf`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	ed1c8769f5096afd_libssl-1_1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\libssl-1_1.dll
Size	682.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`de72697933d7673279fb85fd48d1a4dd`
SHA1	`085fd4c6fb6d89ffcc9b2741947b74f0766fc383`
SHA256	`ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f`
CRC32	`17D22FDB`
ssdeep	`12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	058925e4bbfcb460_python310.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\python310.dll
Size	4.3MB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c80b5cb43e5fe7948c3562c1fff1254e`
SHA1	`f73cb1fb9445c96ecd56b984a1822e502e71ab9d`
SHA256	`058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20`
CRC32	`BA930F8D`
ssdeep	`49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5de7ab02d08defd0_api-ms-win-core-errorhandling-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-errorhandling-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`84f386d3b4142cda0b2d53655b7b15e3`
SHA1	`a503b3897e0e7d2c2df5c5f7712c24728ca8f769`
SHA256	`5de7ab02d08defd03c4670bdf6fa09f41295350e452b3bed89050d3b05ffca57`
CRC32	`E64A2912`
ssdeep	`384:thRW2hWKZSf+VIYi+vD74AM+o/8E9VF0NyW2Y/JwB:thf8/Yi+n4AMxkEXY/JK`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	6314c99a3efa1530__decimal.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_decimal.pyd
Size	244.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`10f7b96c666f332ec512edade873eecb`
SHA1	`4f511c030d4517552979105a8bb8cccf3a56fcea`
SHA256	`6314c99a3efa15307e7bdbe18c0b49bc841c734f42923a0b44aab42ed7d4a62d`
CRC32	`C0810F6B`
ssdeep	`6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	f60dd9f2fcbd4956_libffi-7.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\libffi-7.dll
Size	32.0KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`eef7981412be8ea459064d3090f4b3aa`
SHA1	`c60da4830ce27afc234b3c3014c583f7f0a5a925`
SHA256	`f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081`
CRC32	`15C221B3`
ssdeep	`384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	009547aced243272_api-ms-win-crt-string-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-string-l1-1-0.dll
Size	20.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`066b8ae3291b12e3715a46e99a30a903`
SHA1	`5bae72757ae641890ec5a03ef56c58a5cd578e00`
SHA256	`009547aced2432727bab7da88b9a9bb052f7f818eb447dc10c0ca97d22478562`
CRC32	`B4515749`
ssdeep	`384:q7x0C5yguNvZ5VQgx3SbwA7yMVIkFGlHW2hWoIZSf+VIYi+vynAM+o/8E9VF0Nyg:85yguNvZ5VQgx3SbwA71IkFC9v/Yi+8k`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	0d5f9a2f863ba485_api-ms-win-crt-process-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-process-l1-1-0.dll
Size	15.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`d4df2c92611140db3701e61edf704c15`
SHA1	`731d0b79f7fb3c8293508ae17a766683b2a4f0f7`
SHA256	`0d5f9a2f863ba485ccc4f0d5fa7da343587fd35813536be0cf29b577ba1bb0f4`
CRC32	`301C722E`
ssdeep	`384:xitIDW2hW/ZSf+VIYi+vXSYAM+o/8E9VF0NyY7G:ImD/Yi+PSYAMxkEn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	66afc87e30dfa4a8_explorti.job Submit file
Filepath	C:\Windows\Tasks\explorti.job
Size	274.0B
Processes	2556 (sand.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`4559e6f0379ccd8df661361110eb6029`
SHA1	`b5f4acfeeddd99be16dc6dc89b2553c4903696a2`
SHA256	`66afc87e30dfa4a8a4141b5373d96fddf34ac5766258b8f6d9047c3dfd491e9e`
CRC32	`28AAF104`
ssdeep	`6:Z9QXZFtXE/Xm/UEZ+lX1cI1l6lm6tI4y0l1uAct0:QXZFZkW/Q1cagc4V1hct0`
Yara	None matched
VirusTotal	Search for analysis

Name	c446925083f68506_api-ms-win-core-timezone-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-timezone-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`683d6579333e3973206b54af6be2c5ea`
SHA1	`e9aebf6246633ead1750acbfaae4fdd6f767bec9`
SHA256	`c446925083f68506717f84e9303d1ac9394bd32c1d98087784499f103617f1d2`
CRC32	`A563DEE6`
ssdeep	`384:+W2hWdpZSf+VIYi+vlnU+3CAM+o/8E9VF0NyqWh:W7/Yi+tz3CAMxkEr`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	1be5cfd06a782b2a__hashlib.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_hashlib.pyd
Size	60.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`49ce7a28e1c0eb65a9a583a6ba44fa3b`
SHA1	`dcfbee380e7d6c88128a807f381a831b6a752f10`
SHA256	`1be5cfd06a782b2ae8e4629d9d035cbc487074e8f63b9773c85e317be29c0430`
CRC32	`EB2C0945`
ssdeep	`768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1252803f848819ab_api-ms-win-crt-utility-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-utility-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`43d972a6a7131065b78be5f456dbdb08`
SHA1	`304c4cca6550dc025b0f34251c880764d6710bad`
SHA256	`1252803f848819abb848c8d30af162ce55d405a265cd94bcbfb974a6e866c1de`
CRC32	`0E85F79C`
ssdeep	`384:jBfKW2hWkZSf+VIYi+vuAM+o/8E9VF0NyYv5s:FfSq/Yi+2AMxkEu6`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	68b80009ab656ffe_select.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\select.pyd
Size	28.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`adc412384b7e1254d11e62e451def8e9`
SHA1	`04e6dff4a65234406b9bc9d9f2dcfe8e30481829`
SHA256	`68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1`
CRC32	`8D574795`
ssdeep	`384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	43383e0ae1f7aefc_76b53b3ec448f7ccdda2063b15d2bfc3_017bd04f-b3bf-45b6-8167-9e8f41ff87bf Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3832866432-4053218753-3017428901-1001\76b53b3ec448f7ccdda2063b15d2bfc3_017bd04f-b3bf-45b6-8167-9e8f41ff87bf
Size	2.2KB
Processes	2452 (25072023.exe)
Type	data
MD5	`ab792453c3c468037b9f354ee1a0eda4`
SHA1	`b9c634214caa503ace30ba7aa1ec96045a4d7567`
SHA256	`43383e0ae1f7aefcacffff58200e75a0b3943514fa593659812ef15f9dd3d585`
CRC32	`B4FAC6F5`
ssdeep	`48:U7SjQDUo1XcaxxOARAPxDSolw14JlhVuw+9zt3olZu:WSUDB1caxxOAq5+orhVwNmlZu`
Yara	None matched
VirusTotal	Search for analysis

Name	2cf6c5dea30bb058_unicodedata.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\unicodedata.pyd
Size	1.1MB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`102bbbb1f33ce7c007aac08fe0a1a97e`
SHA1	`9a8601bea3e7d4c2fa6394611611cda4fc76e219`
SHA256	`2cf6c5dea30bb0584991b2065c052c22d258b6e15384447dcea193fdcac5f758`
CRC32	`78CE591D`
ssdeep	`12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	28d693f929f62b8b_top_level.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\top_level.txt
Size	13.0B
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`e7274bd06ff93210298e7117d11ea631`
SHA1	`7132c9ec1fd99924d658cc672f3afe98afefab8a`
SHA256	`28d693f929f62b8bb135a11b7ba9987439f7a960cc969e32f8cb567c1ef79c97`
CRC32	`3CE4B7A0`
ssdeep	`3:cOv:Nv`
Yara	None matched
VirusTotal	Search for analysis

Name	15216a0df598e157_api-ms-win-crt-environment-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-environment-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`c358acc0123ff20d91d029ed1ea3e7da`
SHA1	`9435883c17f19f2ca6a220fc88216ebf9ca68d97`
SHA256	`15216a0df598e1576998480e652a4a2188b8c6b01e55cc32e2abc06a50ced37b`
CRC32	`67A5AC67`
ssdeep	`384:jW2hWCZSf+VIYi+vgXAM+o/8E9VF0NySmt:lE/Yi+MAMxkEj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	3d1c66bdcb4fa0b8__bcrypt.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\bcrypt\_bcrypt.pyd
Size	294.5KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`03ef5e8da65667751e1fd3fa0c182d3e`
SHA1	`4608d1efca23143006c1338deda144a2f3bb8a16`
SHA256	`3d1c66bdcb4fa0b8e917895e1b4d62ee14260eaa1bd6fe908877c47585ec6127`
CRC32	`8FBDDEA0`
ssdeep	`6144:GSL1oP995ooVABNirLq0l/IzkQ37P6BdeAb6:Gh19NO7irLq0l/IzB37Pe6`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	80a6ebe46f43ffa9__lzma.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_lzma.pyd
Size	154.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b5fbc034ad7c70a2ad1eb34d08b36cf8`
SHA1	`4efe3f21be36095673d949cceac928e11522b29c`
SHA256	`80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6`
CRC32	`747AF606`
ssdeep	`3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	977313dbcaa38a29_api-ms-win-core-util-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-util-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`ce7dd30935c79f2bbde1e8c605c281d0`
SHA1	`089b003848f210f0ed7ff558bc725fee6bf8150b`
SHA256	`977313dbcaa38a2901fb9c0ac718713f6dc66c6218a8d4bf458b71e7df4af642`
CRC32	`C3124775`
ssdeep	`384:3W2hWzZSf+VIYi+vuAM+o/8E9VF0NyIvz:Jb/Yi+2AMxkE6r`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	9c0a0a11629cced6_libcrypto-1_1.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\libcrypto-1_1.dll
Size	3.3MB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ab01c808bed8164133e5279595437d3d`
SHA1	`0f512756a8db22576ec2e20cf0cafec7786fb12b`
SHA256	`9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55`
CRC32	`387F7A94`
ssdeep	`98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	cbb046f5f515d512_api-ms-win-crt-convert-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-convert-l1-1-0.dll
Size	18.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`5e894a4343bcc09841f1662d2522facd`
SHA1	`d3b430d5ed62fa3010a3162214f7549f2201ebad`
SHA256	`cbb046f5f515d5125939d44064041cda41fc0cd50a2c40aad339b62bc9e825b7`
CRC32	`E8A29A15`
ssdeep	`384:kDynW2hW5aZSf+VIYi+vrCAM+o/8E9VF0NyExpE:x4h/Yi+TCAMxkE3`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	4ef233a2f2a43126_api-ms-win-crt-heap-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-heap-l1-1-0.dll
Size	15.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`237c7a8c968875791205980c96b58d96`
SHA1	`285ca656d01f6eac1216253ad78d77aff4fa4364`
SHA256	`4ef233a2f2a4312652a2d7ac2cb70d4a3435efd75b97e30df651c717e471fca1`
CRC32	`2449FE7C`
ssdeep	`384:TfW2hWSPZSf+VIYi+vpoEAM+o/8E9VF0Ny6JT:TBJu/Yi+hrAMxkEW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	7534225bd6548aeb_api-ms-win-crt-stdio-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-stdio-l1-1-0.dll
Size	20.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`c7d6b14be37db42014dda1b5cf8f5341`
SHA1	`4a3e111de7c253fd8b382a69a65eebf06f9e150c`
SHA256	`7534225bd6548aeb0842cd375122d8d7b8bc220aa08aaf6498d18d27f2172658`
CRC32	`5B1807F4`
ssdeep	`384:V3vAmiFVhEW2hWaQMZSf+VIYi+vGiFFMAM+o/8E9VF0Nyi+:1vYWLQr/Yi+ui/MAMxkEj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	182a504cbbc6aaa7_api-ms-win-crt-locale-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-locale-l1-1-0.dll
Size	15.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`41dec36a6db70ae243fce02cd21597a3`
SHA1	`bdb8c8267d3369e9c3cae42dfa0cb110619f9ff1`
SHA256	`182a504cbbc6aaa7638c976664003ff41cd4ffb0fa8593691318897d73b2fefa`
CRC32	`197B78F1`
ssdeep	`384:Q9kW2hW/ZSf+VIYi+vJMAM+o/8E9VF0NyMv6T:ZX/Yi+OAMxkEJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	8762076d34c827b1_api-ms-win-core-sysinfo-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-sysinfo-l1-1-0.dll
Size	15.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`e643a7b09cd971f55bed6e637dc26943`
SHA1	`fa6108adfe4db69c00667e21d8a5c41d38f4a6c1`
SHA256	`8762076d34c827b10ee7b865e0691fab2cd474b3489863ff4c3de19160df00cd`
CRC32	`D2A8FAEC`
ssdeep	`384:Ik+W2hWVZSf+VIYi+vPAM+o/8E9VF0NyT5xq:IkWV/Yi+nAMxkE8`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	67325f22d7654f05_WHEEL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\WHEEL
Size	100.0B
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`c48772ff6f9f408d7160fe9537e150e0`
SHA1	`79d4978b413f7051c3721164812885381de2fdf5`
SHA256	`67325f22d7654f051b7a1d92bd644f6ebaa00df5bf7638a48219f07d19aa1484`
CRC32	`22DC17DC`
ssdeep	`3:RtEeX7MWcSlVlbY3KgP+tkKciH/KQLn:RtBMwlVCxWKTQLn`
Yara	None matched
VirusTotal	Search for analysis

Name	5f3dc66fb6ed58b3_api-ms-win-core-localization-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-localization-l1-2-0.dll
Size	17.3KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`0f38dd38b314e7e7ada9f09506d9df32`
SHA1	`5c83750cf4aea5293d704df043f505ea4d05e239`
SHA256	`5f3dc66fb6ed58b324512c57ef781d1092c1c2ae7e0cb5d287907f9b4bb77248`
CRC32	`4C57CE7A`
ssdeep	`384:3OMw3zdp3bwjGjue9/0jCRrndb4W2hWvZSf+VIYi+vkAM+o/8E9VF0NyYP2:3OMwBprwjGjue9/0jCRrndbMz/Yi+sAE`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	f3327793e3fd1f3f_TmpFB53.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TmpFB53.tmp
Size	2.6KB
Processes	2452 (25072023.exe)
Type	data
MD5	`1420d30f964eac2c85b2ccfe968eebce`
SHA1	`bdf9a6876578a3e38079c4f8cf5d6c79687ad750`
SHA256	`f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9`
CRC32	`24D8A5AF`
ssdeep	`48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g`
Yara	None matched
VirusTotal	Search for analysis

Name	c38a3289228f0eca_api-ms-win-crt-runtime-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-runtime-l1-1-0.dll
Size	19.4KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`f57a0c18b864fae7f1e2631798ca4311`
SHA1	`7a01990c0a1c11a004543baa567b82b63500a49e`
SHA256	`c38a3289228f0eca6cd77798bd709ed26099135b3e82b5c58614eb3cb93aae2c`
CRC32	`598E8FFB`
ssdeep	`384:O42r7eW2hWyDZSf+VIYi+vsAM+o/8E9VF0NyiS:O42r72va/Yi+UAMxkEv`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	09c5faf270fd63bd__queue.pyd Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\_queue.pyd
Size	29.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`23f4becf6a1df36aee468bb0949ac2bc`
SHA1	`a0e027d79a281981f97343f2d0e7322b9fe9b441`
SHA256	`09c5faf270fd63bde6c45cc53b05160262c7ca47d4c37825ed3e15d479daee66`
CRC32	`B308D76E`
ssdeep	`768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2e75641d7330b804_api-ms-win-core-file-l2-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-file-l2-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`afb7cd2310f1c2a3a5a1cc7736697487`
SHA1	`d435168703dba9a2b6e955a1332111687a4d09d7`
SHA256	`2e75641d7330b804c3cc6ef682306d2b0f89c4358dac3e1376b5fb2ebd6e2838`
CRC32	`D309CC53`
ssdeep	`384:5V6W2hWVZSf+VIYi+vGzAM+o/8E9VF0Nywf:5VCV/Yi+iAMxkE+`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	16f460f3c87e19db_RECORD Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\RECORD
Size	15.0KB
Processes	1304 (pered.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d275613f615cb5fcf45585170a604dab`
SHA1	`4bd98a605b85ba928e80b85a01a721524b50d033`
SHA256	`16f460f3c87e19db61a114394eaf4f6c9bb5259f21678584c6a1988b5befceb6`
CRC32	`1AF2BD13`
ssdeep	`384:eUXz6cZmsyPTtbCWPoIvZ6W1HepPN+9wvnA:eUj6cZmsyPTtFZ`
Yara	None matched
VirusTotal	Search for analysis

Name	f0167568d478299c_explorti.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Size	1.8MB
Processes	2556 (sand.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`037f916ac94fcc198a7253a0daf62777`
SHA1	`882ab2d99081f1ff6106d06fdaa0f7c49853d92d`
SHA256	`f0167568d478299cd5d6b6336d6b6f27123154776c5b89edc6faa3dfa0efb81a`
CRC32	`0A8BBE93`
ssdeep	`24576:XY/JCuINmBP3ZomWFOPtl26WbqRC+fxxTVfoOrx4MSqmzjCPsvjNt/Qfqr0S+iC6:6FftlTw+JJNoZXCkvjb/Wqr0qOa6k`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ebf947f7a753533d_base_library.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\base_library.zip
Size	1.0MB
Processes	1304 (pered.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`72d4e288992c783409b299f4fc842d39`
SHA1	`ba2ed3d465949d6a5e583286161cff01eca39258`
SHA256	`ebf947f7a753533dda44368adf308808ade5b2aa6022470c38af6aca4e230085`
CRC32	`E2896092`
ssdeep	`12288:EEHYKmIpWyxC6Sacpn8A4a2Y3TdOVwx/fpE94raEuR6O98SLMNOj:EEHYoVxVLa2AYVwx/fpE941uR/9HMNOj`
Yara	zip_file_format - ZIP file format ftp_command - ftp command
VirusTotal	Search for analysis

Name	c3d0afba3b4fb239_api-ms-win-crt-filesystem-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-filesystem-l1-1-0.dll
Size	16.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`4c1a59a3effe3d39045c2536a686f96b`
SHA1	`7209e1cd70421df2015c92fc438848c71e29c116`
SHA256	`c3d0afba3b4fb2398dee617d79e07284df6fe6fd916a3fb12f99c1e81e815abd`
CRC32	`FAFBD673`
ssdeep	`384:c481nWm5C0W2hW7ZSf+VIYi+vCqAM+o/8E9VF0Nymob:rOnWm5Coj/Yi+FAMxkEbb`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	4b0f7c14614724b0_api-ms-win-core-file-l1-2-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-file-l1-2-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`fb8b3af45dca952911937032195294b8`
SHA1	`d4acbd029249c205a3c241731738a7b6ea07e685`
SHA256	`4b0f7c14614724b0a54d236efa2f346dcc0bc37d995503c54ff630a7d20c7883`
CRC32	`0A6D414B`
ssdeep	`384:KLW2hWdDZSf+VIYi+vZcAM+o/8E9VF0NyTVu:Kd5/Yi+2AMxkEvu`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	e015f535c8a9fab7_crypteda.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000004001\crypteda.exe
Size	1.4MB
Processes	2540 (axplong.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`04e90b2cf273efb3f6895cfcef1e59ba`
SHA1	`79afcc39db33426ee8b97ad7bfb48f3f2e4c3449`
SHA256	`e015f535c8a9fab72f2e06863c559108b1a25af90468cb9f80292c3ba2c33f6e`
CRC32	`276F7CF0`
ssdeep	`24576:HFTGHKQCRBkD/5vn3MdVu9VNY5oofD0f8jKchmlZ38HKlzNCPvk8IjOz4H0czmue:pGHW7E/5/kVQDooorBvmnVovHIakHVmH`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	7e03ba24c86a1de7_api-ms-win-core-interlocked-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-core-interlocked-l1-1-0.dll
Size	14.8KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`7c9a4d29ce82c1694eb57818c4bb48de`
SHA1	`9c1ef716d937b5dcb7c9a086d54cb20873e2d3e2`
SHA256	`7e03ba24c86a1de7831fbe10f18ab5ee00d7d4effb13a4fc4897a7df07d46500`
CRC32	`0DE965F8`
ssdeep	`384:gW2hWvZSf+VIYi+vAAM+o/8E9VF0NyFmQ:E7/Yi+YAMxkEJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	602c4c7482de6479_LICENSE.BSD Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\cryptography-42.0.8.dist-info\LICENSE.BSD
Size	1.5KB
Processes	1304 (pered.exe)
Type	ASCII text
MD5	`5ae30ba4123bc4f2fa49aa0b0dce887b`
SHA1	`ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8`
SHA256	`602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb`
CRC32	`692B704D`
ssdeep	`24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm`
Yara	None matched
VirusTotal	Search for analysis

Name	e27f7dc70130d78b_api-ms-win-crt-math-l1-1-0.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_MEI13042\api-ms-win-crt-math-l1-1-0.dll
Size	23.9KB
Processes	1304 (pered.exe)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`6b11cc11692e9729d1511d7c9fc64cff`
SHA1	`a6e458894200d979f66cbcd5b783fbec7456c5d1`
SHA256	`e27f7dc70130d78bd1ca5b806220f8380b7da6e1756c52f91b3842459c1ebe8c`
CRC32	`F3A31928`
ssdeep	`384:mZVacWM4Oe59Ckb1hgmLtW2hWSZSf+VIYi+vmAM+o/8E9VF0Nyjx:mZVJWMq59Bb1jbc/Yi+eAMxkET`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis