Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...
11.13 09:11
Weekly Detection Rule ...
11.13 09:11
그라스메디 ‘자유펫’, 2025 JKC ...
11.13 09:11
November Patch Tuesday...
11.13 09:11
WAV2VGM Plays Audio Vi...
11.13 09:11
로코모션뷰, 무료 AI 뉴스레터와 함께 ...

Dropped Files | ZeroBOX

Name	d673ca531a3f7535_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	76.3MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`6e72037c30338ec8966f8ecf6db78d99`
SHA1	`66e5749b4132c572e9fa445fd216be32a0d21e8d`
SHA256	`9decf7add9b7ac354d72591d6ae725b2707b34e69e6c90ade5b29c62e0b8426e`
CRC32	`FC5A9BEF`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	726a67046152f94b_setup2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000009001\setup2.exe
Size	412.5KB
Processes	2236 (Hkbsse.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`244a4f649013d783dc87fca655d8fb38`
SHA1	`658e29b2d109d7238d4d3e890a9d59d6e68625ec`
SHA256	`726a67046152f94bf0372b95325f029d834f3bd3ce9246bdd76f03efac45195e`
CRC32	`48D7492F`
ssdeep	`6144:6umkZypyyY92DJhR56N/8Ab+9a+PsrVwffcij9UR/:6u7Zyw90sNkAb2vUrVwffciyR`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	414becb8aabd4e8c_crypted.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000002001\crypted.exe
Size	314.5KB
Processes	2260 (axplong.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6134586375c01f97f8777bae1bf5ed98`
SHA1	`4787fa996b75dbc54632cc321725ee62666868a1`
SHA256	`414becb8aabd4e8c406e84df062bee1a45cffa334ae30022078cfa71da9e330d`
CRC32	`E139F5D6`
ssdeep	`6144:d/vtLE/OOyVWU4MaqmF5N5KtkuDuPH8AVZG0QMMRhgO+sPnxl:ddo/OOyFXptkusHZLGlRhV+sPnj`
Yara	PE_Header_Zero - PE File Signature Antivirus - Contains references to security software Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	155d1ff2d0e4bd67_axplong.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\44111dbc49\axplong.exe
Size	1.8MB
Processes	1236 (explorer.exe) 724 (random.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`82f430cb027d4089280c1a2a42335131`
SHA1	`785eedcd8da3f9dd0d3989d80a99230ed158352e`
SHA256	`155d1ff2d0e4bd67cc173d67df82532971c542ffdca94fbe91b9a45fc62b0348`
CRC32	`CA66DDCB`
ssdeep	`49152:Jtd4P0tr3a1tThVBj5VEtyY6SHQF17lnXtY0Iso:Jtd4OarT9Y6SwF1pnXyd`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	ac5c92fe6c51cfa7_nss3.dll Submit file
Filepath	C:\ProgramData\nss3.dll
Size	2.0MB
Processes	2128 (stealc_default2.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1cc453cdf74f31e4d913ff9c10acdde2`
SHA1	`6e85eae544d6e965f15fa5c39700fa7202f3aafe`
SHA256	`ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5`
CRC32	`7DC07205`
ssdeep	`49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	aa8c6dfd7a53e4e4_localstate Submit file
Filepath	C:\Users\test22\localstate
Size	228.2KB
Processes	1012 (seidr_build.exe) 2600 (None) 2572 (None)
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`211b97f75eeaf7c339331e4517360d9f`
SHA1	`32b2370763a1fdcc10d1bb67d36ea7b4ad0e677e`
SHA256	`aa8c6dfd7a53e4e4588822d5ed2f2b0982fbad22f73569cd44473b607283275b`
CRC32	`6C5AED94`
ssdeep	`6144:DEenE5aINjhmAUhv+B/1q8Pi2G+D8VbnRl:DbINjhmAuvK/YoVLDOD`
Yara	None matched
VirusTotal	Search for analysis

Name	ac27214fcbe58a5c_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	5.4MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`b98d5a632d87146215fb10d03aab1a35`
SHA1	`e6734c8afa34ed2646ab488a42e24229179b2418`
SHA256	`63c0ddf5c0df0f5807488f76b6416bce94c66118947ea0216146b553c28dbdfb`
CRC32	`22D46211`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	564ba73601952653_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fac082dd4c628267_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	37.2MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`97664129961c987d91f237585ea7cf21`
SHA1	`242583fd11415d0f4f659785dea9bb48e314f109`
SHA256	`17868a2451b58df9f29019b4fc3aadb0f384867354a8d4662c8a032ff28bf04e`
CRC32	`92ABF613`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ae8010365c88616f_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	65.7MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`641303f35b3c1208c6d5a4edb740a71d`
SHA1	`2015b67492751adac2cd21a54eb6f457fe432cb3`
SHA256	`a0209c05aceb4c98b9a3a1e0a1a8709a12ed3797f835ffc0f68a0c8d722870ab`
CRC32	`D53B3FB8`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5136a49a682ac8d7_msvcp140.dll Submit file
Filepath	C:\ProgramData\msvcp140.dll
Size	439.5KB
Processes	2128 (stealc_default2.exe) 2260 (axplong.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`5ff1fca37c466d6723ec67be93b51442`
SHA1	`34cc4e158092083b13d67d6d2bc9e57b798a303b`
SHA256	`5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062`
CRC32	`FE675AE5`
ssdeep	`12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_cookies.sqlite-wal Empty file or file not found
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\cookies.sqlite-wal
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	d820603eb308a436_DHJDAKEGDBFHCAAKJJJD Submit file
Filepath	C:\ProgramData\DHJDAKEGDBFHCAAKJJJD
Size	12.0KB
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`0647d44f50372ccfa8f1e56b37e9fe76`
SHA1	`5e7fac4675932c1faa55f925c958ca1c75324a20`
SHA256	`d820603eb308a43651cc248106d188c1602f5de460de659300721f03cd863dbc`
CRC32	`A8996995`
ssdeep	`192:O6nHM58sK1zjyPySpI+JpVgxXhKQuylvICf/eEoBqIrv0bEHa+n:O6sPPZIcpmxO3BqIr0IH/n`
Yara	None matched
VirusTotal	Search for analysis

Name	d8e81d9e336ef37a_crypteda.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000004001\crypteda.exe
Size	1.1MB
Processes	2260 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8e74497aff3b9d2ddb7e7f819dfc69ba`
SHA1	`1d18154c206083ead2d30995ce2847cbeb6cdbc1`
SHA256	`d8e81d9e336ef37a37cae212e72b6f4ef915db4b0f2a8df73eb584bd25f21e66`
CRC32	`150C4A7D`
ssdeep	`24576:lxaesWtTVxFP96Hu0jjjfQNggJRhc2BIVTit:3FsWTzqjjW/BV`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	fd4c9fda9cd3f9ae_cookies.sqlite-shm Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\1pfa5s83.default-release\cookies.sqlite-shm
Size	32.0KB
Type	data
MD5	`b7c14ec6110fa820ca6b65f5aec85911`
SHA1	`608eeb7488042453c9ca40f7e1398fc1a270f3f4`
SHA256	`fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb`
CRC32	`DDC506B6`
ssdeep	`3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX`
Yara	None matched
VirusTotal	Search for analysis

Name	792065751d138020_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	42.9MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`89ba9f320c0c8986c52fa2d3e20256c0`
SHA1	`bb2f4750166a2c92df45f12b439f7930162893be`
SHA256	`102b00a9c5122c91b131f2005fe176c82b22d8ecb31da2e14f8cc079c3e54176`
CRC32	`B433B14E`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c4c861dda94e9b32_set-up.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000129001\Set-up.exe
Size	6.4MB
Processes	2260 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`06b767bf2a7deac9b9e524c5b6986bf7`
SHA1	`8a0d79d7d04b89658394d72c4071a1f4037f32b2`
SHA256	`c4c861dda94e9b3275d123e78d73bb9180b618855730eb2217a656d14e35a854`
CRC32	`5B321E7D`
ssdeep	`98304:YNMJ9r+xEJ3cLCB4Ty9Q0GhdjzK4KcNaUqE:RJ9r+x+iiyH7U4KcEPE`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2f1aff28961ba0ce_hkbsse.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
Size	416.0KB
Processes	3060 (Nework.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f5d7b79ee6b6da6b50e536030bcc3b59`
SHA1	`751b555a8eede96d55395290f60adc43b28ba5e2`
SHA256	`2f1aff28961ba0ce85ea0e35b8936bc387f84f459a4a1d63d964ce79e34b8459`
CRC32	`BBB0430D`
ssdeep	`12288:ISqMakU3v+GYLWIjD9dSbvBG5u2uQjdQco:jq53v+G4Wwub8Ljaco`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4c1a1e4109e421d3_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	4.8MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`b502ee8a42a187221c4ad98d6fb13c6c`
SHA1	`3804d253fbcbb5880fe6397fdbc2314d20e60018`
SHA256	`3f07e7c0a8699b45101017b7c1548ce4a9bf87e22b672be990dc318f7125ff9e`
CRC32	`BAA4DF58`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c98e0f6d2b8e03eb_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	67.3MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`f940ec8c5cbf3c1ea6d87e93b63601e7`
SHA1	`bfa3be5dd19448d24099503efaa580541fb34bd4`
SHA256	`7cd13abfcff9f6ad46188ba913cfec9a08e0d2ce4a81f03f1546879843e378a1`
CRC32	`AB8F2D5B`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	69a4e5ef672c793c_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	31.3MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`ceb347c8950274766b4ef85863f81d58`
SHA1	`bcedbc8d741c1f854ad8037e1afa8bc5f1977d65`
SHA256	`bc7daf723669cf98e3f9b26061138b5b4e48b8361297040c04cb117e2e26085a`
CRC32	`DE776F7B`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d742a6ae9c12e159_getsys.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000228001\GetSys.exe
Size	10.6MB
Processes	2260 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`87939a5b42854b08804a9a0ae605b260`
SHA1	`e21ec74f722d3a5bae0d183a73156a0d42d4b251`
SHA256	`d742a6ae9c12e159c3f74559899934cbf1a4ec7e1e4ae8620f372c59789d8ace`
CRC32	`E83F3220`
ssdeep	`98304:Kg2TEd+xbEHT/M7j/oEg7xl5eilKAUuSVVf6zG:OEcCJrlKA7G`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9867213acac12c5f_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	109.6MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4c54c745cd003a9427789de6383b5ab0`
SHA1	`143c1888a3081c77e120fbda855eaae2be647c68`
SHA256	`600fc9e9ebce4bc6ce984156a2e60e3c2690c025459b81d802555e03bd242504`
CRC32	`6B4A0B80`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9a17655679ff3502_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	16.9MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`9f86ec0b72e500979ea108016f353abf`
SHA1	`cf91346de2031c5711822bbba861b8f5aff4a0e4`
SHA256	`4418c7c817ab42316f5ba806141debe0db151a7f0b235683f637f974245b6183`
CRC32	`B004B0F2`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ff83b2bb6c542376_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	49.8MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`e9f3f6f072baa7119cb0b2ad8837665d`
SHA1	`4a3f32f0fd441e1c5c728b95a9a0e8ee06b3d4d8`
SHA256	`df9302f47bbc6cf7a95b3d65f812264ad792d9b768f5f4966e90251172225127`
CRC32	`A5794943`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d13aa298eab6a790_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	5.6MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`fb05ca5f723e66478154302454228162`
SHA1	`2b99a5f76f303260ea4d72f1b2ec2b6e772ce1b5`
SHA256	`1b00e559eb894710a227407410a88e8427a2c870ac193adc508020071f83c47b`
CRC32	`CEF74521`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ddcbe5ac07e6c13e_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7e6e05f5603c768c_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f75d233e42be4da5_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	101.5MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`1171ff07d0c73db091b9800edb70ecd4`
SHA1	`9b653bcd0b0d6cf68f945efaf67bb6fba1141b7f`
SHA256	`13e679fc1339df770266afa99394bdee1b1a7deda10650cc09b883c7eeb3db5f`
CRC32	`875176FC`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	db42f315080a8a0e_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	56.4MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`72bc4dcd4cbaef4923927b688367b9e2`
SHA1	`9017b440e0ec6cfe3a51d3f28a2a8e34ce09e213`
SHA256	`45a7247c0376d104bd1bcbb5a58895f55b14b3a72406388c9a02a14b9b595fa7`
CRC32	`CD64E301`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	169c04331f72fe4a_DHCGHDHIDHCBGCBGCAEBAKEHCB Submit file
Filepath	C:\ProgramData\DHCGHDHIDHCBGCBGCAEBAKEHCB
Size	5.0MB
Type	SQLite 3.x database, user version 53, last written using SQLite version 3031001
MD5	`f77930486de1b1bb4b397d5d8f3cd124`
SHA1	`e3f5727a0774c7cba17f0b10569012dcea24cb55`
SHA256	`169c04331f72fe4ae9958da09e1b28ec5910f7ea523d6105b7e4ad521b2baaee`
CRC32	`D85072F9`
ssdeep	`96:Dm8j5PnH6xY2Wi+67tH2iB4q2xfX7ZbiZzdFzb4PPwI3A7:l5/IYOTAlQzdFzaDm`
Yara	None matched
VirusTotal	Search for analysis

Name	adba0714d2bd5846_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	5.2MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`288fbdb62b0a087e2f5a764b36a09abe`
SHA1	`33db0e0d7e8e9d1f40c932a72053539c7951074e`
SHA256	`6ea7e852d09c50b21b2d1718473cf7694b7d6e82b740977a85e73ef557626a0d`
CRC32	`6BC3DB9D`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6b6851d4807f188c_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	4.2MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`9d6b828d3f96f043530f72b693b76130`
SHA1	`186c0d4c79447b401e8d4137c82d795429cdf103`
SHA256	`63a91a76ae941518a6b4324e81d799bb9d901fba03e3ce5350d73ecd8d41f7f3`
CRC32	`6E01A43B`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a2389de50f83a11d_amadeus.exe Submit file
Filepath	C:\Users\test22\1000238002\Amadeus.exe
Size	5.3MB
Processes	2260 (axplong.exe) 2600 (None) 2572 (None)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`36a627b26fae167e6009b4950ff15805`
SHA1	`f3cb255ab3a524ee05c8bab7b4c01c202906b801`
SHA256	`a2389de50f83a11d6fe99639fc5c644f6d4dcea6834ecbf90a4ead3d5f36274a`
CRC32	`CD6B9857`
ssdeep	`49152:NXJxAIQfc7wXnJu1U30/jo5UJZUntHvVkgKJswamhqp1ROjyj/2wW0j94lNI/pB+:BAIdik7/junt/2wr3/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0b68617d2bf85961_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	69f1b7499c138adb_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	95.8MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`faf68a79500795c1a2257689d9c1fa4f`
SHA1	`743a2ba18bd6bfb7987339e41414689c90128e5a`
SHA256	`e516292b2477b2d9b7f4ae4a8d992d0628c2a284938b1c8c226ab6a38c8698a3`
CRC32	`56BDEE77`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3d0fef3c79c413bd_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	12.9MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d68bc4cef3205ad72018164d34a97489`
SHA1	`c1e73525f1be5e05ab9d67bc6d93ce6dc5171359`
SHA256	`df0a0d819d154c32b9a779ef9b5f19feac2e058c1d757a3b9e7caf43803f7a54`
CRC32	`D4A517E5`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9998d38b19230905_build.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000241001\build.exe
Size	413.5KB
Processes	2260 (axplong.exe) 2572 (None) 2600 (None)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`05c1baaa01bd0aa0ccb5ec1c43a7d853`
SHA1	`e47d7f53987eb147f599321c858fe8d71ebc0d71`
SHA256	`9998d38b192309056d5109ac27a8b13f2b36fc27bac9ebdf5385452b2c1b0cdb`
CRC32	`84581AD2`
ssdeep	`6144:iEA/WL7JVwOzx3TPI/AnfFx7tbEO1jOTktBJ8WF7zu4P+fF4a6gqbDc:ih/WhVwOl3TI/mJdQYK+O2Fb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) RedLine_Stealer_b_Zero - RedLine stealer
VirusTotal	Search for analysis

Name	ba06a6ee0b15f5be_mozglue.dll Submit file
Filepath	C:\ProgramData\mozglue.dll
Size	593.8KB
Processes	2128 (stealc_default2.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c8fd9be83bc728cc04beffafc2907fe9`
SHA1	`95ab9f701e0024cedfbd312bcfe4e726744c4f2e`
SHA256	`ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a`
CRC32	`28C04754`
ssdeep	`12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9e5ba7b275b1d736_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	8.8MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`4d4b16e0b1f3ee3f601fb22b3c6d4728`
SHA1	`8ccd1057c1ed356b66c8167092102f514f4b437f`
SHA256	`d63847ee195a73583be7eec8d10def5de5c234ad334eb0ad85a10f25a7a1c193`
CRC32	`06070333`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8b7434f3e3731fa0_axplong.job Submit file
Filepath	C:\Windows\Tasks\axplong.job
Size	272.0B
Processes	724 (random.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`90a2aeb109612a1a9e0d60cc0078a488`
SHA1	`b7cc28da229cdb66ba0fc2ccbe5ce80acb43aeab`
SHA256	`8b7434f3e3731fa0e0164b4fdb59e5c3c0c8c6ecd158d79b41099ac3e7d8eb2a`
CRC32	`520BFCBC`
ssdeep	`6:EWHBXE///UEZ+lX1lOJUPelkDdtI4y0lbut0:5Hdk//Q1lOmeeDw4VSt0`
Yara	None matched
VirusTotal	Search for analysis

Name	50401235cb65256d_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	89.8MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`7add7c9d05af441501c841107d386ec6`
SHA1	`81f245eae364c4410c8f93e6d9360c5910e87656`
SHA256	`6f7097c77bf7762e7b2220cc7c54d23ba2c50bc6064b7057dda28119a7bc352d`
CRC32	`4F0058EF`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	edb006e05cfa8501_IJDHDGDAAAAKFIDGHJDGCGCFHJ Submit file
Filepath	C:\ProgramData\IJDHDGDAAAAKFIDGHJDGCGCFHJ
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`3f5ca3e29b1b60e298aeca0a32164c03`
SHA1	`f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66`
SHA256	`edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488`
CRC32	`E1ACA097`
ssdeep	`24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5`
Yara	None matched
VirusTotal	Search for analysis

Name	20465d1ef8a9e34e_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	128.0MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`0df11b5c8cbd56f3acdada1c89363bbd`
SHA1	`4a6ebb948fc8aa549bf67cd99a7ca92db482ff35`
SHA256	`b6ac27028061a06999bd906a1d4926477dbb689f97fa28e7a891507f968e7ff3`
CRC32	`C80CBD65`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOuw:H9MF96LOVgi7HfuRK`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_HCGCBFHCFCFBFIEBGHJECGHCFI Submit file
Filepath	C:\ProgramData\HCGCBFHCFCFBFIEBGHJECGHCFI
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis

Name	7b36aac9a0e2d012_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c119a54b6bef3a48_ECGDBAEH Submit file
Filepath	C:\ProgramData\ECGDBAEH
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`255929949dea51a2f43a1f40e63764ec`
SHA1	`8f32ab419264fdad05f4f3828db3c1cd38d919fd`
SHA256	`c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6`
CRC32	`F7A79605`
ssdeep	`96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/`
Yara	None matched
VirusTotal	Search for analysis

Name	94b8b7bd3238031d_hkbsse.job Submit file
Filepath	C:\Windows\Tasks\Hkbsse.job
Size	270.0B
Processes	3060 (Nework.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`c5838a81b9ba93848ed9b641fe5706e2`
SHA1	`c5478979f4db7d1d4b7e1f1a8bdb224f55467721`
SHA256	`94b8b7bd3238031d0d45f5f1b1582cc5ea2f84c5a93d88cd2c88cca1fbc287da`
CRC32	`70DCBD90`
ssdeep	`3:S1ocTt//u2sl/nEIduhOEjlpQlyEXlxlXVl5iDlT55aXUvhAttCRdk2z0nlbXu/a:S1o0XE/E/UEZ+lX1E5WEetI4y0lbut0`
Yara	None matched
VirusTotal	Search for analysis

Name	cecf59649ccf1d76_EGIIJDHCGCBKECBFIJKK Submit file
Filepath	C:\ProgramData\EGIIJDHCGCBKECBFIJKK
Size	8.8KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`07951590532d8114ea1caca9ed7e0a39`
SHA1	`7a4bebc2f20ead9546fa5749aafe739ad5f551de`
SHA256	`cecf59649ccf1d7668ad3c7119bf9b380d6d5c339d7f0faeb2f29f163fd3f3ee`
CRC32	`E3F3A320`
ssdeep	`192:ZDnijRILMMdaWaLbFlp/PuFbylfFw8AxSwSO:pmsy7wIO`
Yara	None matched
VirusTotal	Search for analysis

Name	f3327793e3fd1f3f_TmpD963.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TmpD963.tmp
Size	2.6KB
Processes	2580 (RegAsm.exe)
Type	data
MD5	`1420d30f964eac2c85b2ccfe968eebce`
SHA1	`bdf9a6876578a3e38079c4f8cf5d6c79687ad750`
SHA256	`f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9`
CRC32	`24D8A5AF`
ssdeep	`48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g`
Yara	None matched
VirusTotal	Search for analysis

Name	7339934d26985ecd_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	82.6MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`57912626000a531c5f2bab50c247afba`
SHA1	`ad2795f291fc9b1984da6ac3fc4a0c0259d9acb1`
SHA256	`a006d549b5471f3ec5cf6e8009bd22abad22a3a7d42c3571d8700003d5df3f34`
CRC32	`611CDE8C`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7d9733030e72c5ed_runtime.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000243001\runtime.exe
Size	44.0KB
Processes	2260 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9d78ab0da1948de3977123755ef0fe7c`
SHA1	`b000aa9b5df426225a02f208b78416cc2f8dab86`
SHA256	`7d9733030e72c5ed1016ff372ffde715883bb827391f50fdb9cd7f000f7a67df`
CRC32	`76CC68AC`
ssdeep	`768:BMbuPxqzgDwNIH/335cJX2om4VQRIEvmg5+FOKo5O:B1xv/H/335C2ozVQRItgMF4O`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	824fae3331b95e2f_ECAKECAEGDHIECBGHIII Submit file
Filepath	C:\ProgramData\ECAKECAEGDHIECBGHIII
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	f2132b115d33ee57_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	71.5MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`3ded76692014863fd418a75342e76417`
SHA1	`6fff9141f666e0668d7ddb056c7e9a978289ef8b`
SHA256	`b79ddc0e5b27fa95d6867944831b25c6ec54c8363ea2dead43dff8d2220b1d48`
CRC32	`22A7EA1C`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0dd25e58feea1b2c_jhcteuiupfsamdkyccgu.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JhCTEUiuPFSAmdKyCcGU.dll
Size	118.0MB
Processes	2572 (None) 2600 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`dc31657c866bca939b41554d2919682c`
SHA1	`7bb0453606d051f555b4510e644bff65423b7d43`
SHA256	`c9070624f5a97470086cff205e0510ff683e1cfe82933aa6cb8eb31f77007fb4`
CRC32	`02B1F40B`
ssdeep	`24576:H9Mrc2pAL6A3ypEm6LOVsWSpfzO3rBpiXwnUeuRbOu:H9MF96LOVgi7HfuR`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	684581450eb78359_bawuyocdgnziqevxames.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BawuYOCdGNZiqevXAMeS.dll
Size	23.4MB
Processes	2600 (None) 2572 (None)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`90c8a78b4cb41c5fe5bf57c01278e275`
SHA1	`19ca3137e2fddab99a871b2569bf21bed3f81ee4`
SHA256	`3ee56f578902093aba1dc2ab90e40ab20383afb76acb8165c842324eb87c615f`
CRC32	`11BE650C`
ssdeep	`24576:lMKca8rSxQ2Z+27ewN/CHmw1EyluGr2Xwx5otfTOF:lMKdKwN/ClduGSXz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b3dfa692f7da19ee_IJDHDGDAAAAKFIDGHJDGCGCFHJ Submit file
Filepath	C:\ProgramData\IJDHDGDAAAAKFIDGHJDGCGCFHJ
Size	5.0MB
Type	SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5	`c395620f9a8337341636a78a98f5b3d9`
SHA1	`97700ec4db7362e02a56df5e70dd828ad9823d24`
SHA256	`b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624`
CRC32	`476CDB88`
ssdeep	`192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z`
Yara	None matched
VirusTotal	Search for analysis

Name	9e5463daba34cc73_seidr_build.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000248001\seidr_build.exe
Size	3.0MB
Processes	2260 (axplong.exe) 2600 (None) 2572 (None)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`4cc6f34c5a73ac2e758fc1482c5c7cc1`
SHA1	`f1f04bfdd8a9cca6639386d8ec2e8e0720d9a057`
SHA256	`9e5463daba34cc736d316c75f16afad51da97adcbeda5f79af70b65e75ba5e59`
CRC32	`C71FE865`
ssdeep	`49152:4rPGZ6ByNSMI+/UllHLTf3cY3rxEx+Ax3pgd4AsxaWCWeevF4AB:dArsYxeLriWeQ7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ftp_command - ftp command IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8934aaeb65b6e6d2_vcruntime140.dll Submit file
Filepath	C:\ProgramData\vcruntime140.dll
Size	79.0KB
Processes	2128 (stealc_default2.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`a37ee36b536409056a86f50e67777dd7`
SHA1	`1cafa159292aa736fc595fc04e16325b27cd6750`
SHA256	`8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825`
CRC32	`A23699DD`
ssdeep	`1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	ae80527358895638_service123.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\service123.exe
Size	128.0MB
Processes	2600 (None) 2572 (None) 2260 (axplong.exe) 1012 (seidr_build.exe)
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`d107e5944be697a0716810b6cc3f22b9`
SHA1	`35618b029aa39d946768ae9840cd0d68da29ec56`
SHA256	`bb139768d967f1c131d7fb3454acb3caa3a695caabb5fcb593df503b332403bf`
CRC32	`10011051`
ssdeep	`768:DrFdPb0WnoH8x2Oib5kyMGzHGo9h9jRzU:DxlVocFiaMU`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)
VirusTotal	Search for analysis

Name	8916fb1d76be83e4_DHCGHDHIDHCBGCBGCAEBAKEHCB Submit file
Filepath	C:\ProgramData\DHCGHDHIDHCBGCBGCAEBAKEHCB
Size	192.0KB
Type	SQLite 3.x database, user version 4, last written using SQLite version 3031001
MD5	`6b9c2ac2b5025e180231d8d38ece698c`
SHA1	`36f5cfe6ac59aaa7d7173555edeef5caa9bf61c6`
SHA256	`8916fb1d76be83e42cd2f7b41ee06706fe0adb936259ed7a7daa4dbcb4c51fcb`
CRC32	`95ACFD74`
ssdeep	`12:DBl/lkf12Of5LZWfY0xpMujuHWMu6N2OHjWOzMbdym/eRgBoQFmgW2FOmO6Mz6LX:DLlI1x7WxHaiSlMxosJF/Ezo`
Yara	None matched
VirusTotal	Search for analysis

Name	e2f0e525c66dba84_joffer2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000011001\joffer2.exe
Size	6.3MB
Processes	2236 (Hkbsse.exe) 2260 (axplong.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4386df2790a9752e9cf0424dca91ad15`
SHA1	`22da8886a1bf7823fa759540cf88f3e3f1b42671`
SHA256	`e2f0e525c66dba847bedf887398405348159ce607bc6cc826bef73651fd7135d`
CRC32	`11308678`
ssdeep	`49152:B0QJDHck3aW3sg1Kptd473sgCMMqfHFIUYIIKdkiT1dEKIOLxlbid:B9JLckf31QtG3sghMqfH+V81ddLxl+d`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_GIJKKKFCFHCFIECBGDHIDHIEGI Submit file
Filepath	C:\ProgramData\GIJKKKFCFHCFIECBGDHIDHIEGI
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis