Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 06:04
8937.e9c8f83d94118188....
04.27 06:04
7914.753c477fc6135f24....
04.27 06:04
gtm.js.pobrane
04.27 06:04
7d0bf13e-79a638a0b87a8...
04.27 06:04
webpack-6751726d88b2d8...
04.27 06:04
6814.91bf0d11abffee40....
04.27 06:04
main-292e27553c8f5cb8....
04.27 06:04
framework-ca706bf673a1...
04.27 06:04
ee8b1517-cc4d7300db272...
04.27 06:04
75fc9c18-02b28d24f737c...

Latest News
04.27 07:04
IronHusky updates the ...
04.27 07:04
Linux goes PDF: Wie ei...
04.27 07:04
Digitale Überwachung f...
04.27 06:04
PIF’s Sanabil Backs Mi...
04.27 05:04
Deep Dive on Panel Making
04.27 02:04
Storm-1977 Hits Educat...
04.27 02:04
Creating An Electronic...
04.27 11:04
Another Coil Winder Pr...
04.27 10:04
IT Sicherheitsnews tae...
04.27 10:04
IT Sicherheitsnews tae...

Dropped Files | ZeroBOX

Name	d30a37489c64ada4_antiword.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\antiword.exe
Size	277.8KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`ef6b844dc543365bd6825d37dbbc04da`
SHA1	`1d27ae641ee1d075861161a3e65b3dc43021b1ff`
SHA256	`d30a37489c64ada474d8d5aa5abb0778a6955d3ce6cdbb7c8c659e37b89d3da9`
CRC32	`AE955F31`
ssdeep	`6144:K3PMeZQbOHty8dWvQiquJHPT+Z97aPswTP8/:CDE4dtu5r+nWkwTP8/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	d7be17d190bb74e9_celloidin.a3x Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\celloidin.a3x
Size	1.0MB
Processes	2776 (yoda.tmp)
Type	data
MD5	`1d65c9c904886e50c31fbcb33105b29b`
SHA1	`ebd619c3f2b2d701c83e476b0f81d2ef8c6df628`
SHA256	`d7be17d190bb74e981c06fab244a0bd901dccd1dd872c524db48693e33d36bd6`
CRC32	`09E0CE1E`
ssdeep	`24576:p5iqQxOwPfKlTRZ+yPmGSEn8JXOUJMhEUjM9zP5F0qV0SUXbqtaV/lRz:ROOwwRpoG8wiMmUI9zPU09UOtaFfz`
Yara	None matched
VirusTotal	Search for analysis

Name	38b2907ac2525868_git-askpass.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\git-askpass.exe
Size	45.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`84dd31c94e4a2d69b952646f0aa0c681`
SHA1	`f5c2726c64e49063ac690e887966c9ba4c5c7960`
SHA256	`38b2907ac252586868e2b70a98b7fcbab65ba029be0f0125d7b009c8f7498856`
CRC32	`2E79EE1C`
ssdeep	`768:vUr2ofPRkh5QJxHRe/7dR6UPQpaurLnFMOBmwzMU3DrwJin50WzPaFgm:cDfPRkh5gRe/7/6UPQ8urLnrQoyWziFF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b8d584deef1e17a9_microsoft.visualc.projectstore.implementation.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.visualc.projectstore.implementation.dll
Size	1.1MB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`4ee2f7bf87f129f0cdc25962cd10db98`
SHA1	`cb180413d4c1b69e3b7a52b7e2ba519eb0e4fd23`
SHA256	`b8d584deef1e17a9e54e7059dde7e0f9be6189fd9fb4eb3bbc4d80195439cbeb`
CRC32	`BE88A898`
ssdeep	`12288:13JRxfDgi0z/SYOxDBbSfHagnvC7GlOMZhwQljTKeu09BtfPJhyykGm:13DxfDgi0z6+aMUM/wyaenXJhZm`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	65077d9942193aa8_aceexcl.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\aceexcl.dll
Size	877.4KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`84784ef516d810edd01e7ec2775246e1`
SHA1	`7b6a9b90031270bd4868af5ab5e7175ab30d5efa`
SHA256	`65077d9942193aa89e119b86ed6e26cbed159acb13faaae6e6503aea0564e780`
CRC32	`A19D4E5A`
ssdeep	`24576:A3J0CDIaR9lz/h9WKx+LBomqFZ5sG8K9mTdggOH0lG48CXa:A3J0CDII/HFZ5sG8K9ms`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c8b9ba1cd9cb779a_microsoft.office.businessdata.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.office.businessdata.dll
Size	933.9KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
MD5	`5f20cc1396134d409fb641cc6f78623c`
SHA1	`bd7643e4b22859524bc5efcb61df5e5c52daea6e`
SHA256	`c8b9ba1cd9cb779ab9553fde17ae145e3d90b283fb2fdd1c01cef7091970c514`
CRC32	`D9AB7495`
ssdeep	`12288:grR1lOE1j/FC1dwZVQu6mpqbm545I2H/OpYZtknXWSjaWt:gPFcwZ/6W5z2fOpYZtknXWSjp`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c440ffab84306e33_edit_test_dll.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\edit_test_dll.exe
Size	45.3KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`bbf754d1365814b8ec9d13a687f7b4bb`
SHA1	`be8569a27671cd6a56dbf1bc488f434715365f59`
SHA256	`c440ffab84306e33922fe3034a9076b64f33ed331ab059fc8d2f5111d92fecca`
CRC32	`E7D23F11`
ssdeep	`768:ufjU29k/dgYuNmjGGw3joApa+rbKPtmw2V8WaTPWyvkkMW5MFbe:YJ9k1gYtSGwToAc+rbKPliWyFC`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	acf669f5d665c1b4_libhogweed-6.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\libhogweed-6.dll
Size	273.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`4dcb8ab70f71fabb672186f5acb1ebe3`
SHA1	`84f9890d70c3002b15adeec18ec52e1ba72cfee1`
SHA256	`acf669f5d665c1b42c8073069311de08a872d1b4121e0bf92eafb68e4424c057`
CRC32	`74687A13`
ssdeep	`6144:DsTDTvdZ/jdi1ToZUslKjfwDnp+p5ggYHurSDYXans/:ODTdZ/j01DslCfApu5FYI/Xans/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	04743e4e01ef9667_blocked-file-util.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\blocked-file-util.exe
Size	47.3KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`3b39e7d454b522240ce14daae58b78d4`
SHA1	`83b9df7998e1b074d2ad5f98b85523f9d26d38b2`
SHA256	`04743e4e01ef9667b5910403003be730f3b85477a72ab0a76608f1b569206da3`
CRC32	`FA01EAFE`
ssdeep	`768:2lc4KiBkJKwIONmjhG4cDg/UkJrGfdOqrsmwQlAnrz3W9wvl8ZWXG9FKm4:fiBkcwINlG4Kg/zJrGfdOcEnG+cWXOFM`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c924dcf0b11acf90_tclsh.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\tclsh.exe
Size	77.7KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`b94ce9a4c4630bd89bc1755216eb3e9e`
SHA1	`e957f674ac78d27304a493ba9795dd2fa4056e32`
SHA256	`c924dcf0b11acf90f268ce5baf415dc25f07a680ce7691afe07a0a2f996a8dc3`
CRC32	`BCB3A3A3`
ssdeep	`384:ipkiKQkgJ9NGxRYKrnk5TwWlHOOV+2HI8frqOtEeSXkEgmuqqhlZ3CRqbk:ipUdR1zk5TNZVo6tEeSXU4I/Cqbk`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3bbe607c0d90f425_system.identitymodel.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\system.identitymodel.dll
Size	396.0KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f5f3659cfe3d325e48355d448a25d731`
SHA1	`d6cec7dd4666ef9a1dfc829c4d102df66179dd26`
SHA256	`3bbe607c0d90f42521899ef24d0d2bd2aa518bee6713f6e406613b678b07b08e`
CRC32	`F6079D98`
ssdeep	`6144:LlfFHTfxYYzfEjl+n4wiADmWQ4JQQWwGlkC3lmwaL1C2mXbKd+Gi:FFHTfxYYz+l+R7KBgB+Gi`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	a85e6a39274ad808_gitlab.ui.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\gitlab.ui.exe
Size	35.9KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c647366eef0dbf13980cd384f8e75363`
SHA1	`9d3269e05ce8bc9d8feeacdd70dbbaa4d9ad65dd`
SHA256	`a85e6a39274ad80848b5c3e2f9cdbc1cc1e333ab17178ff4fb8fcfee25e63399`
CRC32	`6A7BCFB1`
ssdeep	`768:6tNAN3yrDX9sNY28gP+UIpIzeIHF8Pw4J/+t65zaKhsG7Yl9z:lN3yrDtsK287IzecFBKHZaKM3z`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	a9e676cb483c6aa4_fputlsat.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\fputlsat.dll
Size	967.9KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`5f3c2683da9ee8ef7d6464cce1463f81`
SHA1	`19df76f2f2d6ba9fc099479e209e81f08b83c9c6`
SHA256	`a9e676cb483c6aa45485ddcb3f01dcec52cd12906b71d6c97ae7a3bde931fbe4`
CRC32	`E255A5DD`
ssdeep	`3072:XUPIVlyvaBU/GHjxRPFfSSWrY6FNY/52QuIafSPqAZDwHrmW8etCmzE2dtFE48I+:XOsw+VtSvrY6FNY/0iVMuse`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2ffabb0018d33526_yoda.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-IEI53.tmp\yoda.tmp
Size	1.1MB
Processes	2540 (yoda.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b1f9d665e52c29972b50d7145d88dce1`
SHA1	`df2c67a5c32a19bb110ec8372134522c0dab9ac2`
SHA256	`2ffabb0018d335267d2d0101a41cac7ac7d1aa80956fae91825e46aaa85c0787`
CRC32	`7EF412CC`
ssdeep	`24576:nKbqslNoiGO+h84C6f8HSCNFfoJMbNOED5TOzuRdTxyt:KwY6fUVNvN1j`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check mzp_file_format - MZP(Delphi) file format UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0d2d0ab2940589ee_microsoft.visualstudio.shell.framework.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.visualstudio.shell.framework.dll
Size	344.0KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6e34dc8152c7ef22eeec636260e85d4f`
SHA1	`79c4b597eff147c377103ae1a57d900209cf50ba`
SHA256	`0d2d0ab2940589ee413cc67206bcbc358b2938f7d7375e6b268c7094f394b4c3`
CRC32	`80FEB8AD`
ssdeep	`6144:4JuHojUhmaFwGRBe4JgCtB2xco8c9oy7LmNJBubxxMpXmd0A29DyadsyL:6TIyfu2x/oyWm09AY`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	f8e52330576aa237_gettext.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\gettext.exe
Size	120.5KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`6abfda33a745638ef71f233176e1be74`
SHA1	`29f3e4dd05f6d69d964270b2823429719b621fb5`
SHA256	`f8e52330576aa237ac9b9eacc74e800686803967500b732b6dc2a5fa962bc3b4`
CRC32	`64E67F78`
ssdeep	`3072:hnVQHE48y3YFkskOZn4Eq0btJxQGWbVJZqrF5QuqaxtFUDo:hVQ98y3YFb4N0/Orbd2F5/jxtFUDo`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	eeae37ec39a65b44_diagnosticshub.standardcollector.bridge.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\diagnosticshub.standardcollector.bridge.dll
Size	290.9KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ae1ee814db6be02481a5bb7d031760c0`
SHA1	`996ee493ddda8114d2957a1f6d0299e8e2be6ab6`
SHA256	`eeae37ec39a65b44309c973703a31bbf85ff13aa0b38e1668ded3455c5b55b1d`
CRC32	`C251A9BC`
ssdeep	`3072:Jp3LtUvXyDPlEUJbE2SJe2nL+uEFGiQE0ZMtR89d+yfQgnC0ccCM54avQHpBlnzf:n72gdEiE2lnRQE0ZMz8b+03vEpXD`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	aac9b0827cebb37e_cpfecl.clang.windows.arm64.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\cpfecl.clang.windows.arm64.dll
Size	432.4KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`8cea62007f23ec06224ced33fc635494`
SHA1	`17839da287796e36b4d2de0e3cd82e9e8cdda997`
SHA256	`aac9b0827cebb37e9068e6087c9f1aa3bd5d94ee46d9cf63cae2e94784f61c32`
CRC32	`13631B00`
ssdeep	`6144:+x9cqri69M1ph0lhSMXlBXBWnhdyohFISgs9EN2HK:M4gmph0lhSMXlihdyoLK`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2a741e3434b93484_git-askyesno.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\git-askyesno.exe
Size	18.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`21cd770cbf0de68f5c7090130d8c6507`
SHA1	`3ae74827295c3b4b176887ed72b99cf71a752eaa`
SHA256	`2a741e3434b93484cf58bf88d904b6e2f3fa30c229573a811e2d6b0e982dde65`
CRC32	`28E79858`
ssdeep	`384:0ImUJXZwap235SfiXkxdwMqWjZQCWkTaP:0u5e56kkxdwMqWBWkTaP`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	99bcbc6dd04b0add_mozwer.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\mozwer.dll
Size	322.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ed88025353ef136babc0b1030eddc0a4`
SHA1	`dd433e935562034d61dbd06eda9b8e2193085e79`
SHA256	`99bcbc6dd04b0add980a1b272e5ffa4cf0b017e65a65a3653e727be36594257e`
CRC32	`DCC56F9D`
ssdeep	`6144:WIsMVcLwWxNIH5itp0ZIJFnzSRiyou/88z3P95YF:Wf4GIZitpZHzSRiyN8w3V6`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	20508054642d0d50_cppdebug.resources.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\cppdebug.resources.dll
Size	385.4KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f31b31d462d008b2f319cf9fa5b3744e`
SHA1	`0b5e96edbf7a4afe7cd52b0ee7e0a29ba72b4939`
SHA256	`20508054642d0d5030760095b6210fa88ca10288764a77683ac2bcb9d0d4cd43`
CRC32	`4FCE117D`
ssdeep	`3072:RiP3BrMsacneIjQlD2DRW84Vy/reTswgBejI/evF3+ZqyGkESI5QG7WLMn/1AE+K:K3B4DW+QwgUjITZqyGkEaw`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	1da298cab4d537b0_autoit3.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\autoit3.exe
Size	921.7KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3f58a517f1f4796225137e7659ad2adb`
SHA1	`e264ba0e9987b0ad0812e5dd4dd3075531cfe269`
SHA256	`1da298cab4d537b0b7b5dabf09bff6a212b9e45731e0cc772f99026005fb9e48`
CRC32	`33B72B23`
ssdeep	`24576:MghN1a6pzWZ12+f+Qa7N4nEIRQ1hOOLkF6av8uh:vhN1aQzJD4BuTxavfh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e490095821af6657_gss-client.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\gss-client.exe
Size	29.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b825a9b70fceff833bc4f01e89c1c94f`
SHA1	`9e94e9dee309321ca0b3af341ee1d6a6f7e640a4`
SHA256	`e490095821af665779fab2da80feaa0465f8062b83f5dcdca2ed6389a3fd0a23`
CRC32	`7FCD2EBE`
ssdeep	`384:I3ln1mBIasfLx50+qYA9RBYQsZzgB70fQ6UQZTnABnYPLN0bCFk1M6jcD:IN1mBiLx1+bz2zgB7iBavbCFgMmcD`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	25c2922fc0b58712_wxmsw32u_xrc_gcc_custom.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\wxmsw32u_xrc_gcc_custom.dll
Size	780.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`8ae16a0854d5e64c0801ef00d0063ce9`
SHA1	`aa953fb2327fea923cf616fd209c37c234ab19f2`
SHA256	`25c2922fc0b587122ce623f5d527523aa842f0cd4ff1957e3b6590412890b601`
CRC32	`8C1DB15D`
ssdeep	`24576:OxnIe0KCSkKlgGpxC9i3G1vZ5vH4NG1rmGvO4vo:OxnHtC7KlMI3G1vZ5vH4NG1rmGvO4w`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e30abd7d20980e6e_microsoft.visualstudio.graphics.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.visualstudio.graphics.dll
Size	664.9KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3722b171bcaaa0dd245b45de546ea6a6`
SHA1	`12de412117c3aef922b0c91bc8a147079ab45b8b`
SHA256	`e30abd7d20980e6e5201a4ce5fb94f0492e0f31fc866627c7340c08b12ef2317`
CRC32	`4990A365`
ssdeep	`12288:SHMxjKstp6vYRhmNvBoYu15Xu6bqpoYV15XqQ:SOBtG0wNvBoVooKh`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	fb63d2ea793babc1_microsoft.codeanalysis.visualbasic.codestyle.fixes.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.codeanalysis.visualbasic.codestyle.fixes.dll
Size	216.8KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ebe72cf87ea6cdc8f2ad4ffb9dcec178`
SHA1	`4c721340878eb8c33622eccf47eb449c46b55f48`
SHA256	`fb63d2ea793babc1b30f4cf35d323ec17e493b60c138814ca8193d6ba0b188e3`
CRC32	`360FE254`
ssdeep	`3072:qSt7evOsljyCyp50NECdyTDFNrNNq7f98X+pAeIZYj0si:qStDslmC/iCgnFNRg72oAeQCu`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	4e35ad89f6c6b9ae_mit2ms.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\mit2ms.exe
Size	17.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`18fd72301b28863b76951bcafc5d15c3`
SHA1	`bfe08c9bd02324c76f7271c393049f780169d337`
SHA256	`4e35ad89f6c6b9ae0360ba35b784c545fa6e891ec1ed4154de30fbd27f297c17`
CRC32	`1100D1ED`
ssdeep	`192:W95ZY+cZFdMopGPHI1PQN1G1xLYUsuhmwWhugnYe+PjPeiC+ebCfNWQpkqs1I5Z3:+Y+oFbrn/sU9huhugnYPLN0bCFk1M6je`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	1e2ce91d2892fd17_xz.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\xz.exe
Size	85.5KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`fa5fb932217fc2e1a5829fe58a0e8695`
SHA1	`6cb315dd459ad9881ef1b85d65a73ad387ae60ea`
SHA256	`1e2ce91d2892fd17b6ad16065b1e391922cf4c34f645348b64f789dc0c9d269c`
CRC32	`3FC55277`
ssdeep	`1536:0trk1wVbt8VWAPGJnHrfLgyFk9ElI1WVXlW//vvWXf555u:YQwVYIJHbW9ElI1WHa/vOv555u`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3f7a220d9d988fbb_graphics-hook64.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\graphics-hook64.dll
Size	1.1MB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`2c48f538acb4f796ac57c9ee48b77b75`
SHA1	`f3dbdc1a09ebf384eca18489b89d3536cc85d7d5`
SHA256	`3f7a220d9d988fbbf161c8979950ab58895550d411bb8e4a9ca83ead125abf25`
CRC32	`CA9180D1`
ssdeep	`24576:4sbWcqR8TH1AzqezMRz3vtffES0EhJInYh9hHe:JbwaHWzZzMRz3vtd0EEnule`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-QQ6O5.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2592 (yoda.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	c2a84abdf647e4a3_msenvico.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\msenvico.dll
Size	683.4KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c346dca20fb65853c5d5e0026390091a`
SHA1	`cc985c0edfd450a0c0b85f0521de46eb61b21adb`
SHA256	`c2a84abdf647e4a3f1671b33806f0283257627fe91c717bcd0eac14cced0b00d`
CRC32	`D607D940`
ssdeep	`3072:2Zx55LPHCaJp9mrGAj3w9QsdkQQMKZonA8YaQhNosoMeuiVehE:qZPHCa79/CA9QMQMKZj8LQhNosoxuiIE`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	7f556b6547a9f00d_lzmadec.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\lzmadec.exe
Size	52.7KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`434e108da7a940b5e991dc827944f7a6`
SHA1	`30bdd7ff10260a076f4a15d9f68d25edf52e8d45`
SHA256	`7f556b6547a9f00d824f0adfa637a0fce79754a0da92ddbd8d81d84f85871c73`
CRC32	`31EB74A4`
ssdeep	`768:AKnq1BXfkgtCg7ooLNmTRGP6nbVZRbrEVnFXmwahB1v0SSI402BBWaWFaZg:h8BXfklQooAlGPIbVnbrEVFayBWtFZ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	164844e7e460fa93_microsoftinstrumentationengine_x86.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoftinstrumentationengine_x86.dll
Size	1.2MB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`3c3f7793c563b205807e6a64f3d09c56`
SHA1	`c30fefcdc4a2f251b139154519bfcc649ed762c2`
SHA256	`164844e7e460fa93bb5a1ded8dfcd66644a017d426bfab5214389e2591000842`
CRC32	`45E45FEC`
ssdeep	`24576:NZukcDVRYMCIfbWYv4UafBlo0esOx1+pu/9:j5O2CfbWYv4F89`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) DllRegisterServer_Zero - execute regsvr32.exe IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2fae26a74243aee9_klist.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\klist.exe
Size	30.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`67f1877ee5e0cf2aca0d29a04691315c`
SHA1	`572b30f193a178a11b8a58b2b2305fddc48defdf`
SHA256	`2fae26a74243aee9faa6566bf3be1fbea356329810e13a9e73cbae859827857f`
CRC32	`7761F3D0`
ssdeep	`768:0QsNbEozw0g7Z8i9xoRK56tChPn8UlTwvbCFgMmZ:NYg7Z8oJ56tCaWTsCSDZ`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	eba1024441cd2801_microsoft.azure.management.monitor.fluent.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.azure.management.monitor.fluent.dll
Size	763.9KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1e2cbea517a43333ff2a9543b87784fc`
SHA1	`38a3b0eafc3ba9a14e980a370a9035dacb6729b8`
SHA256	`eba1024441cd2801652b02e9bf60813cff30b7fac68e31f055e056ac75135d6e`
CRC32	`66AB68E1`
ssdeep	`12288:wek1O6OGu8VUhqz1LbSSFo6nyqLXEI6aMJIIplk/U8bpTxPZUZJb:YU6epE99KJb`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	fc199ee77bc8ab13_wish86.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\wish86.exe
Size	65.1KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`04e5e2f8ad46008a4691874bfc4a7a5d`
SHA1	`94a08eee1b13612cc11b77ebf44ece901362df31`
SHA256	`fc199ee77bc8ab131cf21ba332fafcc8a7132e7006d69a6e4195d48962c87fa0`
CRC32	`B2BCA317`
ssdeep	`768:Mdxh9v8kTSnTUT0KV/+wawI+JbQiO8kApYLwjjCHd:uL8kWnTUTr25kJQixgwjjC9`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6ca4484323892598_aspnetcorev2_inprocess.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\aspnetcorev2_inprocess.dll
Size	371.0KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`0c64f7c44299d6c60dddd35f3b3a8dcb`
SHA1	`1342926985f9d2405949ddf1e64fb36efc3182c0`
SHA256	`6ca448432389259852d5f5a5a134ffc593d9e1b3c5d8b37afeeb22979cf6fc6c`
CRC32	`54BC541B`
ssdeep	`6144:7Ai0eSvqEb9YifgTyoZuD3kY1Zjvj0wOplCHXnX:MdvqEb9PfgTyR3kip0wsC3X`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d5f90ab53623307d_git-upload-archive.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\git-upload-archive.exe
Size	3.6MB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`78befd2ee60a3efd6b822147f75766bf`
SHA1	`ef9e1d1b229d910d5b3ed36454407bdf3e170707`
SHA256	`d5f90ab53623307d3db6c294647bf106d9f5189432cec88fe73968be44a4c506`
CRC32	`82758ACE`
ssdeep	`49152:K3spuwzNX19ZI3jeP9LcX8fIhiPD1m4SbLjRSpWgNWyL77tTnNqX15PAjudp1nys:WWNXtIzedcXK0igBL9SpDND73ql/n`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0c80df2fdc238ddc_ldrtburn64.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\ldrtburn64.dll
Size	226.1KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`4b815e44d94d38438b90c3198797c0a5`
SHA1	`d29d9ca4f66e13c66eeb3e53332670f777252597`
SHA256	`0c80df2fdc238ddc66b5ae493a9dea395f03b828fdde4d6d90ffd76154d6ea03`
CRC32	`B0CE1D9A`
ssdeep	`3072:r1sEJ7ZQbAcUFxdfJs721x2gxreCkpfnsgfBa48fSGICORJ31x490mAxzKHxRTgu:RLhFCmleCR0o69gpAabv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) DllRegisterServer_Zero - execute regsvr32.exe Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2f6294f9aa09f59a__iscrypt.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-QQ6O5.tmp\_isetup\_iscrypt.dll
Size	2.5KB
Processes	2592 (yoda.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`a69559718ab506675e907fe49deb71e9`
SHA1	`bc8f404ffdb1960b50c12ff9413c893b56f2e36f`
SHA256	`2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc`
CRC32	`FB05FA3A`
ssdeep	`24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	f078a78be891c08e_bunzip2.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\bunzip2.exe
Size	66.7KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`5466b1d249b1e6ee167bad7621fb0369`
SHA1	`c8a37affc07467ed90f143301ea676ab1ef06604`
SHA256	`f078a78be891c08ef2a678308a1e574f0f0fedb697399c7ef9795cd5e662f6b2`
CRC32	`F8D01FA5`
ssdeep	`1536:ryDc1TjZo2uM55JA9ldrsz6LckIH5rwGuEou8SWnFb:OPMRO6WLEH1uEWnFb`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	08ca1580b408a668_kinit.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\lib\kinit.exe
Size	31.1KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b310e83e7fb0eb42d84abac94cd368c4`
SHA1	`250c0c657f7bbd5b0bccd0fb508f6e8f2fcf7e6e`
SHA256	`08ca1580b408a668533866fba8959a277dab0461810b167578af96e14550b3d2`
CRC32	`99E1ADF4`
ssdeep	`768:IaDdueuS4Px1IknhvuiqbCrByQzPp6pgzvbCFgMmxL:I64euSufIknhZfyQzPp6aPCSDxL`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8fef7e7377539884_msvcp100d.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\msvcp100d.dll
Size	990.3KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`cdc9a614e6ecaa0e238b9e6c2ed5ae4d`
SHA1	`289914c1237fbbe3e985a4cb9db791d3b1479712`
SHA256	`8fef7e737753988494524014bf4e1d06a2f4487e6412d8cd1be0a08110ff0c83`
CRC32	`EE894F61`
ssdeep	`24576:bPxlVJRULtt9JB6FclQexvsvEKZm+aWodEEbBoeeY:bPxlVJRULttB6F5G1`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2c78c8db4e7ad93e_winfw.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\winfw.dll
Size	488.2KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b8c1f863a84cd08b5f87fcafade8bc7c`
SHA1	`78f626004d82db5e5ad8c9a1dedad3dbc33fb272`
SHA256	`2c78c8db4e7ad93e1f0cc1826e658375fc5e0e32ab670e9f088f4673cb88aab6`
CRC32	`4E515DF2`
ssdeep	`6144:EuE3pyIpW4J3Rrrpzqe5g2jic3bRC9IqBAcbE4/24AOLq24PVohFTovkANHrd:8Vzqe5gPcrRC95Bvd1AOLqxVo3LEx`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	11ee3dfa2c651b72_system.formats.tar.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\system.formats.tar.dll
Size	266.2KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
MD5	`2cecb333830b0a119f048f01044f134e`
SHA1	`255a2b9d810d85cd65fe335d28abbaf89e8520db`
SHA256	`11ee3dfa2c651b72794ed016c17b9c7754087e576e00f99f5bc921688db438b8`
CRC32	`B2598F66`
ssdeep	`3072:J4dK4ret3i5GYMndnWuWflBkHqXWYyrBWZ5MZTLEqrVYE2Wd77PYFFbd3IuqMz4v:qKm2UME/p3KEECRazCP/VUX`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description)
VirusTotal	Search for analysis

Name	b51eb89d1dfb7940_kvno.exe Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\bin\kvno.exe
Size	22.1KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b7e5d9a2dc7e37d13dcfa24e7c81c0f8`
SHA1	`f87bdda9ff570ff3d53cdfa3393b7a2d826b8dda`
SHA256	`b51eb89d1dfb794095e98fbf1b87373006a1bc6dda6fcebfc86402804c32f7c6`
CRC32	`9B8B98C7`
ssdeep	`384:J51BxrARWXSHqsWcznN8ZOPZypEmGBnYPLN0bCFk1M6jxc:J51BxrA7Hqs5SZOPZypiBvbCFgMmxc`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fcdadfb4aaf985df_mp3lame.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\mp3lame.dll
Size	566.5KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`99128d32f7b0e4296d73fb424faf9106`
SHA1	`81dbeb05db64d5f0fc2abf62b7a763e0cff65fa6`
SHA256	`fcdadfb4aaf985df247cbbbe3761072e303832db9b1fcdd2379552c0d0fb8971`
CRC32	`B08C0EAC`
ssdeep	`12288:0wG+GmyXFcHWQm7XCoWoBjFaRgXe1oF1g:0ZFcHWQmVWijfXe1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8ed926351e3c5acf_7za.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\7za.dll
Size	385.8KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`cb99bbdea56a7e08c8b475bcecd5df41`
SHA1	`5c9eb462054c8242b2a9f69b3e5d27c6a1daa0f6`
SHA256	`8ed926351e3c5acfffd5d3890b17d5d96990b7ccbdfc4e549df46ef963d52f88`
CRC32	`E63392BC`
ssdeep	`6144:pnjWnHuPir9TyRyTa0EQKiq67fh+vCfd0in/zSl9cxxUTAuEF+wIso:pKOPtmD7KiqghpT/zSlkUTwMso`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fa903f2ff8a566c7_gpuprofilinganalyzer.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\gpuprofilinganalyzer.dll
Size	334.9KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`7804edfa6e74df21c23efa1fbb52116b`
SHA1	`51eea741f5e1bcda5ac96dd46e3a2e9ce9f5309b`
SHA256	`fa903f2ff8a566c7728c8f2ac42409607cb1ef1519b9f9d3591a4656f095f8df`
CRC32	`6BEAEBAA`
ssdeep	`6144:7ALq7uTCTvJ6bDtseJGP6K9sDwi2c580T6oh2rgAQ18vSG:7aqCTCTvEbJvJdZT6oCS`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-QQ6O5.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2592 (yoda.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	857e48b908a5f6c3_celloidin.pptx Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\celloidin.pptx
Size	5.0MB
Processes	2776 (yoda.tmp)
Type	data
MD5	`d0a65c478eec14c640565ef4f7195aa7`
SHA1	`50d01a9425692f4d2240183e2f61ab1b25e72527`
SHA256	`857e48b908a5f6c3e511b6597479e072a238810e901c2530c9b856bfc36318de`
CRC32	`D70E86DF`
ssdeep	`98304:nkG6Cx7UdU6Rx+nGtZanm39mpzI+nEkeRTVxx3XcoNaygmwxELu+6SifD3zv:nn6CxQdtRd6nvIFk2x3Xcsaygmegu3lf`
Yara	None matched
VirusTotal	Search for analysis

Name	3c2a22cf3c712491_sqlcese35.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\sqlcese35.dll
Size	629.6KB
Processes	2776 (yoda.tmp)
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`9329ea78784a291fff3df9ee815b76aa`
SHA1	`54d71341e7255d8e885e9b038f67d14a3b0d916d`
SHA256	`3c2a22cf3c712491afdd83afe5db6c0ec79eb2102bf6949389d784e084d84d96`
CRC32	`3768B05A`
ssdeep	`12288:V6FvoKQ60dS5EZ0vTQc+mtG24e9rbH8sYRR8IYfmC82ghaA:ioV60MEWvTQWG279rIROTmCDA`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	1e9cf8c5fdabbbff_microsoft.visualstudio.javascript.projectsystem.resources.dll Submit file
Filepath	c:\users\test22\appdata\roaming\{a225b959-a37a-4a90-a8cc-60f084f9dba4}\microsoft.visualstudio.javascript.projectsystem.resources.dll
Size	425.9KB
Processes	2776 (yoda.tmp)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4284df6b52b471072e4ac3bc5c91e9d6`
SHA1	`a41b9b1c6d5e3db10182929740b5b82ff8747e3e`
SHA256	`1e9cf8c5fdabbbffaa5cfe428cf356cab98afdc3466d7337b0bb0c595178de9f`
CRC32	`528EE8B5`
ssdeep	`12288:1aZ/P88nJEkW78WnJEkMAP8Wz5XCV88c/5XCJtnpVTVz8+:W7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis