Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.27 06:04
8937.e9c8f83d94118188....
04.27 06:04
7914.753c477fc6135f24....
04.27 06:04
gtm.js.pobrane
04.27 06:04
7d0bf13e-79a638a0b87a8...
04.27 06:04
webpack-6751726d88b2d8...
04.27 06:04
6814.91bf0d11abffee40....
04.27 06:04
main-292e27553c8f5cb8....
04.27 06:04
framework-ca706bf673a1...
04.27 06:04
ee8b1517-cc4d7300db272...
04.27 06:04
75fc9c18-02b28d24f737c...

Latest News
04.27 08:04
YKK’s Self-Propelled Z...
04.27 07:04
Vorsicht beim KI-Chat:...
04.27 07:04
Gen Z und KI: Warum 44...
04.27 05:04
Remembering Heathkit
04.27 02:04
Quantum Random Number ...
04.27 01:04
SKT 통신사 해킹 파일 관련 dbus-...
04.27 01:04
Unsichtbare Zeichen in...
04.27 01:04
KI im Klassenzimmer: L...
04.27 01:04
Heimliches LLM-Groomin...
04.27 01:04
Datenschutz-Albtraum: ...

Dropped Files | ZeroBOX

Name	31d46cb03d38b7b0_aida_icons2k.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_icons2k.dll
Size	380.2KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6beac00db723c5fd0a870896014dd665`
SHA1	`4da27719b1bb5069a9fa8525905d29efda6fd33d`
SHA256	`31d46cb03d38b7b0c6514aa8ca5ad8a3a2a3f23874e0ea19de10f4694c8ef01d`
CRC32	`79CF02E7`
ssdeep	`6144:8XolNHvLMMZMMMvjZM34gYs1W3DPxi5X2p:8XojMMZMMM7pgYs1GPw5XM`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	995c04beffd587cb_lang_hu.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_hu.txt
Size	146.6KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`1833ba173fec4874b209a6d58e11ab82`
SHA1	`4c9ac1cee2a0ce877ca3d65efd6b626ef07d9d15`
SHA256	`995c04beffd587cbbd99aaf28ec1df47fe646e8fb27c9d7964b6370cf0ec3b1a`
CRC32	`C1A55228`
ssdeep	`3072:PpCSRUFRmIIF4LtEYBjUvPr3GFWntr0WT4AmLIMl0b1NXGc2N:MiymIIFEBjUvPr3jntr0WMAmyb6XN`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	e95a1649e0862b69_lang_es.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_es.txt
Size	157.4KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`5c02b62cd3c18ecfd1bdaa6ba3be6468`
SHA1	`7fe870f1ac089db3d373deb44d987332ee3da93c`
SHA256	`e95a1649e0862b691ba0102b7c1cc111c5aa898e417619b7c9419aabef2b50c9`
CRC32	`92071B27`
ssdeep	`3072:BsR6b0UjUFeV8YQo+eSGVhvcqU8tlNHnAjiLL13+pj:uFUjUO8G+CVhNzlNzJuN`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	1ca683a8d184d2e0_lang_pl.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_pl.txt
Size	156.6KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`59c530444c510775ebf727ffce6e40a0`
SHA1	`3c4de2b5bcb620d2562218cb098e1ff64c2f5b1e`
SHA256	`1ca683a8d184d2e0d2b67629b9d0dd5a85610389fc9c92aeccab82f99f0b0be0`
CRC32	`083A5D4D`
ssdeep	`3072:TWl/ImE+hCBm9P2ltCGNi7ed7c8bU8DUoj8G4xHEeNMfDqeTGKOAI9:iJE+hX9P2ltCGNi7ed7zXt8G4xHAfm`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	4db81bc2ab9e76e8_rogaiosdk.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\rogaiosdk.dll
Size	334.2KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`194394805460d7bee9d3448785b4f451`
SHA1	`664c7937d6bb41462a7d6d22d078650f10a7f928`
SHA256	`4db81bc2ab9e76e8b16c54e7ca849257b104b4e063598ada8aae9551300d37a2`
CRC32	`DA34E02D`
ssdeep	`6144:3Zgms9qEGCF1/sEbpPhAEt9LzTFjGDAr9kK2ifS3i/Ah:3S9qEGc/AErPTgm9J2i6iAh`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5786ba18f436d4ed_aida_arc.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_arc.dll
Size	223.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f076b7bd5eb29c30e0ba32798b8a041a`
SHA1	`22713f58c3195efd948281943368d84e64c7c732`
SHA256	`5786ba18f436d4ed5e75007dbbb26aee9319881e15d51a223d7918b8451b9a85`
CRC32	`7D44E8B1`
ssdeep	`3072:AkfN+lpPdydN+oen0r+Flx14QMOjIIILJtgdRx7Ej4O4vkkIm:HNUpVyrynU+FRjIcD7EP4vZ`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b852abaa0ebc1968_lang_lv.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_lv.txt
Size	145.9KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`06b7f5f7c165d4065c9e11056d15f1f7`
SHA1	`d14abfce7654acc65f7f2d68ffb69edee2abca41`
SHA256	`b852abaa0ebc19681c1fe616c5085532d86e6d266d78d4d5b21d03c0cad652f4`
CRC32	`F185874C`
ssdeep	`3072:KQHpYUFivTcg9q75xTqXj2Y+bGkMylKjfYzKyZf:tJbFivTc37DTqCY+bpMylKWh`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	0026cf0528b413de_aida64.dat Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.dat
Size	1.9MB
Processes	2720 (aida64engineer660.tmp)
Type	zlib compressed data
MD5	`26b9993750a44882c1123fcae5f468d9`
SHA1	`00d55a6b0b610f662262e7f04381a788c0524c58`
SHA256	`0026cf0528b413debc1172c4788514230bfe7a201b17e49fc8b341977f8e0af9`
CRC32	`B7AF83CB`
ssdeep	`49152:BhBj4O9Z4cWCSCPTMa0R8OUOd0NeE8Ykrvt3trb+i+tvdAR:XaUZ4YgamGOZE8Yytd4+R`
Yara	None matched
VirusTotal	Search for analysis

Name	60664adad05a2b4e_lang_cn.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_cn.txt
Size	119.2KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with CRLF line terminators
MD5	`f4cb108a256bbac495b272771f55c297`
SHA1	`d68cab318edc8e86e8e56fbe8a9a2a9f1e461503`
SHA256	`60664adad05a2b4e9a904df6fefeb88b0c719fa9a84b675a8468b1bd33bba27d`
CRC32	`96807C30`
ssdeep	`3072:kHDqgKxNn2Ri9E7NpghY6hxX2zHfd+nkMaU2V2U2i2pa2sOg:kH2gKxNn2Ria7NpghLXwHfMaUobpBh`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	2cc24e82726b732e_lang_ro.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_ro.txt
Size	149.0KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`d6ef978047e37b5d1e1812d7655d2744`
SHA1	`740110d6429b9578778717f7b0510dd75204683d`
SHA256	`2cc24e82726b732e9604436beafbc1f3327efdcd846248be3ddbecc38cecdc9f`
CRC32	`5E21E0F9`
ssdeep	`3072:Qvk1tM6qNxd0NxLC9JoE5LD+YF1vY9K9R7eUu3WS/6XWg4:PIXNxdOLCnoEVD+YbScR7eUHSSGr`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	d9e61b300001e05b_lang_it.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_it.txt
Size	155.2KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`c9a8cb04cc173b9f862db3861e329bcd`
SHA1	`4137444c5f75968d17667941b15e5b4175b20899`
SHA256	`d9e61b300001e05b95c743ddac2ded5110c7b94a2f7e655f4314195a3ad05baa`
CRC32	`7356B364`
ssdeep	`3072:mTsxpmSj3Lrpbry1nW7IrC0zSaYp/WUS77sksTqSr5YIiZBMMkWl+wlirR0w:mTsx4C3PpbryBW7IrRYp/VSnsksuG5Y+`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	116962d16a93dde2_lang_de.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_de.txt
Size	147.8KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`bb5b217b3d79fb881a9fc516fe6be79c`
SHA1	`93e19e4065abf55e44c5ff9f646f7257bd44370c`
SHA256	`116962d16a93dde2fd2b1f5cc373823c86d49eedcf83addaf78f6380ca7ef240`
CRC32	`24A05E9D`
ssdeep	`3072:tbnl+SaGjuro5lDTg+z2zclNgXI3UIljBXra2xv+/Nx+/Fmr:tzgSaGjuro5pTg+z2zCNgXIV7xvu+/F2`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	684e5831db11c46d_aida64.chm Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.chm
Size	2.6MB
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows HtmlHelp Data
MD5	`5c4267d3f8422e562255c644795714c7`
SHA1	`6943b95a47529dd7ac8a3dd57f5580ec1865023c`
SHA256	`684e5831db11c46d2392b78a4b96543cca3d70bf18cef93ce39800347b476135`
CRC32	`E93BD341`
ssdeep	`49152:qIsd0jAPkjya/b3j3CWBnL1nCuvQ12Kzn+XoZpMc38OAK4WdHX9xgG3FJnKygQ:UbPU/7jSWRZ1vQ0uuozM5RqNWG3FpRgQ`
Yara	chm_file_format - chm file format
VirusTotal	Search for analysis

Name	2bfcac74ef578929_lang_ee.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_ee.txt
Size	142.0KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`71a46453cea0743f5f07668819809a87`
SHA1	`a4d69b83e7f20396f7a4cdc4f2549eabe4b7d87d`
SHA256	`2bfcac74ef5789298124a1ce8639904082610b10741edee05e30243a4912ff9f`
CRC32	`9F991019`
ssdeep	`3072:NmY+X64/0NzA+rdkqaS69aP0BqJym6pVOHRfg+q7Oc14:NLK64/0NMadkqa/9aPZJym6pVIzD/`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	98a98d0a4c0b9f6d_lang_br.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_br.txt
Size	154.3KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`b3d8eabd26c7cfd48c30a72c1f05f60c`
SHA1	`3d2f8673789e1f09df3e05e83f6987f5f2d0a6d8`
SHA256	`98a98d0a4c0b9f6de75af31a699d00e6f02adf9b023a705c94e55f618f6638b9`
CRC32	`AE1AB2B3`
ssdeep	`3072:5eXg+nmkVdrr4u0YccoGUSyg9K9wxsK/Cbmzu1HGUYSEo:8JnmkVlr70YccoGQ6sK/CbEG`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	340388c7ab5812c2_sfos1_100.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\sfos1_100.bmp
Size	20.1KB
Processes	2720 (aida64engineer660.tmp)
Type	PC bitmap, Windows 3.x format, 152 x 45 x 24
MD5	`61fd6d4939897c4cef4afc948eee1449`
SHA1	`5bc78c30d09d763305fa019d9bff5c1b08d00044`
SHA256	`340388c7ab5812c29134e60fc0778f5833735a7e99cf571cdccfdb6141d699cd`
CRC32	`F30017BE`
ssdeep	`96:nGJhvROJGS06t5PVGIo3ac3Sw/RohAiWzUo9LqntjZlEIy6Enig/N8L:GJhvROJB06tnGz3ww/RtJwo9L+7k6eiL`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	42699667950015fc_lang_si.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_si.txt
Size	146.5KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`6859badf7ef886305f3109680df810d6`
SHA1	`b9b67ac4bc5762d72664314651fc69b60c31fa02`
SHA256	`42699667950015fc1d1638092acf6d45d3ee3ce13e9f875e758a6c09e093b3b5`
CRC32	`54B72047`
ssdeep	`3072:b4LrRQqsM0vg/ZAGYlasTSTo9uyOJRE4qaFZGW3dZHRT2CHbv61yy71Hsklo6+eE:sHRQqsM0vg/ZJYlasTSTo9rOJRE4qaFh`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	2c00fa3ed051dabd_storelibir.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\storelibir.dll
Size	259.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6a5d41dd8fad6d2ba7437062c4562a64`
SHA1	`636e35dcc42f51ff1226d255866c4160a461bce3`
SHA256	`2c00fa3ed051dabde797f31bfcd833d5fd0223f866b0a621339ef5851dfd1173`
CRC32	`C1F72328`
ssdeep	`3072:yQzal/XXPLA4AEjJkqNPdYReIBzDY2mASmnNwN7B755CoSsMB91UoxhK9Fz:yQmQ4NPNIBzDYGSmn+NxZMB5e`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	08548310f95cb32f_aida_vsb.vsb Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_vsb.vsb
Size	21.5KB
Processes	2720 (aida64engineer660.tmp)
Type	Zip archive data, at least v1.0 to extract
MD5	`c4edf8551cb6b782d7bf7337c67456a3`
SHA1	`65a223518181d2dd8eeeed464a0de27f82a0815d`
SHA256	`08548310f95cb32f168a8d6d2ba9d0dc968fce764b5edb452598a11a916cf2be`
CRC32	`5538F187`
ssdeep	`384:M1wKLlv77PAOlfjgOeJIt1A86R+cuEZL7K/GjL9s4mavJVpoZOFCYvUna5l:2IOlb1QIHA86IpEZL7C8C6vPFCYvU0l`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	322f5f80702585f3_libeay32.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\libeay32.dll
Size	679.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`24967eeb873a365fa557bff331bf4e5b`
SHA1	`278503e70c4da8d4f5077bbc3640eb40a42dbb15`
SHA256	`322f5f80702585f3801aa901f77b76f657ad92ab65b067c24909551ff1714d7a`
CRC32	`88AAF58D`
ssdeep	`6144:2qrjPneNWKeJanfd63dZ9AFrEV/Wa0CsgesAFEL8iD0LaT7HNaOVql+9rUpz6tu7:2kjPeNWK1E9AFE0sJn2GTVtmMeyY`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	28fee14bc15ef390_wp_100.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\wp_100.bmp
Size	16.6KB
Processes	2720 (aida64engineer660.tmp)
Type	PC bitmap, Windows 3.x format, 125 x 45 x 24
MD5	`eee6e79c8adfe1f63db6c43bd64bdf42`
SHA1	`2246a030410488908fb1c509447336f28814877c`
SHA256	`28fee14bc15ef390f1c9d6e6f9476d66d0e5feb762b172c10895a881780fd787`
CRC32	`012B8576`
ssdeep	`96:T333333zscfprNHNZwOwMv7ckgdD6FsYDuQ8swuuuuuCBj3u3u3M3R3cT353R4YL:/scld2VQu7uuo9crVj4o`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	12ab4c91da446906_lang_src.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_src.txt
Size	145.8KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`f1d669d4fda7a4a395982c79973b9d7c`
SHA1	`04e228f4db833830c6e0abe60161733639e26ccc`
SHA256	`12ab4c91da446906e62cb6b92979945b95ec7030bdc3e91bd727b3fb0a304071`
CRC32	`E8085125`
ssdeep	`3072:LIPc/ZZUeN0IgUFo1zdYzX9VzMlWby2cCcDn8SckFmr12A2cxeFYYgvCyofr:wUZZUQ0IsdYj/zMlWby2cVDnEr12AbyF`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	dbd8c0a144975db4_lang_tr.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_tr.txt
Size	143.5KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`491ae5570542ab8ad03e651e929ec277`
SHA1	`4ce84cd6c58d85bddad08db81f8b6d39a04a7b9d`
SHA256	`dbd8c0a144975db4bf89a668d9a463df77ef676f22d20fac86d876e0b048e399`
CRC32	`80FAFF5D`
ssdeep	`3072:IB30nfEVHpBI0koeItzwlH4ybvHZe8MgCRET8fzJBSTzVJtuNYFZINQqqPhl3Asf:IBEfZoeItzwlH4ybvHZe8MgCeT87JUTB`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	5c6f142623217132_aida_uires.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_uires.dll
Size	3.1MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`814407df6249f0117de0c18c1ec5b94e`
SHA1	`c1d79e40577224249bc8a2e35993def2138fa18e`
SHA256	`5c6f142623217132b2915d30ccb7b14a0e047bfc018df8408663593bd2983c07`
CRC32	`BC8BED91`
ssdeep	`98304:zecZHwyjxGZVsKmY40A0GoeHObFeDYbjNI1Sx:zecljxg+KmQA0+HObFeDYbjNIUx`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	53ced4ab93813b47_lang_id.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_id.txt
Size	142.7KB
Processes	2720 (aida64engineer660.tmp)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`9fdbdff4c3750050131e0067573365b1`
SHA1	`7bb96eba5f42deee6bcfe90f30a60e60d4970903`
SHA256	`53ced4ab93813b475699bad0d536bba871982371f7019b3c3804d9d16be94ec3`
CRC32	`38178D79`
ssdeep	`3072:lt6u93zYB9Km38lSkPFxHNEyRvKDSrn7UKBzc31MYIRK:lki3zYBkm3wSkPFxHNESKDSrRB03`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	25b416ce77841064_lang_jp.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_jp.txt
Size	145.8KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF, NEL line terminators
MD5	`9df6f237f6eda4f2db551af213b7c9cd`
SHA1	`bdfbf8d8ce7682786261945ae9818216f8827aa0`
SHA256	`25b416ce778410644b762450157c220157cd24fc353d865de94b4759d6be0877`
CRC32	`DC2E5A99`
ssdeep	`3072:EjVurJZZUjMExrwl/uzstStgdTltLG1aZrXESw9OUYxnvdDfh:jFZZUAExmugtStgdBJG1aZESuYvZ`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	5d76fc0668eb3aa3_cuesdk_2015.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\cuesdk_2015.dll
Size	246.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bffaba3104bc8fae8db22ba8def256cc`
SHA1	`1c243d37b89c90e90cdf91feed5cf742ca5ff385`
SHA256	`5d76fc0668eb3aa356ee7b17e797947dbf0a1d18a172a33e701327c92fa26035`
CRC32	`660C9DBC`
ssdeep	`3072:3REDYnx4YYYQCzYYYYzY6YLVYYYYYNTYporp3W3YYY4QYYYY1tbwYYYYnriq9ne7:3RUCXYWWNItmR9n4Ny8t7M4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	527b9fe90011bd86_lang_nl.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_nl.txt
Size	146.9KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`0903e109a33d461dda1dd116550f69aa`
SHA1	`616c4159f8a2e13ec4356baab8adf8f6790938fe`
SHA256	`527b9fe90011bd86e170aec31604173a5f92806e4f4ff518597c96f81a94ca6a`
CRC32	`E04CC4EF`
ssdeep	`3072:a0dn6zIp5tDvuBZWuEn3+oYN2Po+abNBZw9tZoSj81MZmEXgXPJvYagAOYrnQ:a0dNpviZWuE3+oYsPo+CNBG9D81MZjQ8`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	96d9aa28d16aae66_lang_pt.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_pt.txt
Size	155.8KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`e23300a7f319fab810f810a712329b8f`
SHA1	`125793419bd5332dbe4d7c7611218f50cc8a89b7`
SHA256	`96d9aa28d16aae661dc47cc7a915fcbb12cb125d79997142d8d91ffe8a359e04`
CRC32	`1E29DB7A`
ssdeep	`3072:RH7pl45l5mbloQpeXUIyJFScYtSRDxo0rP0CvrdWIPIPC:FFl45lsljekIyJIcvZxow2C`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	2dc0c085dad2d05e_lang_se.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_se.txt
Size	143.3KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`fe0ca992f2b89a8cd615bf5783a8b3d3`
SHA1	`ae341f0c9f0413952d5b40305c98e1ade97a62a8`
SHA256	`2dc0c085dad2d05e1b178c265caffd304bea68c0d41fc5b80542f711368a7f37`
CRC32	`8F94EEF0`
ssdeep	`3072:s5v+ty35sNuD9cT+Y6hQZQmnB/yb/6CEb8X3AlsDU+iB7QD0/FYstX:Omty35sNuD93Y6hQZQmFyOCEb8XQyU+K`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	a7385d4c3145e048_unins000.dat Submit file
Filepath	C:\Program Files (x86)\FinalWire\AIDA64 Engineer\unins000.dat
Size	24.2KB
Processes	2720 (aida64engineer660.tmp)
Type	data
MD5	`ece81c01dd441b44abaaab26b2b52cd9`
SHA1	`200b9b4286f12ff23087c91510486fb7c3f96eb4`
SHA256	`a7385d4c3145e04805a9c7b36140992b566b20360c87d54a2c82b89585c60b94`
CRC32	`EBF2D3EA`
ssdeep	`384:yqJu55H2EbMm6I6n0M20a0MEan6VObWWD9LyFfFup0jFS/Fk5a:vuiEbMm6I60R01OsObWG1yFfFuKjg`
Yara	None matched
VirusTotal	Search for analysis

Name	b20a8d88c5509811__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`526426126ae5d326d0a24706c77d8c5c`
SHA1	`68baec323767c122f74a269d3aa6d49eb26903db`
SHA256	`b20a8d88c550981137ed831f2015f5f11517aeb649c29642d9d61dea5ebc37d1`
CRC32	`21A57303`
ssdeep	`48:SvrzfWvPcXegCPUo1vlZQrAxoONfHFZONfH3d1xCWMBFNL2piSS4k+bkg6j0KHc:+fkcXegaJ/ZAYNzcld1xaX12pTSKvkc`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2dd8f54d115f9805_lang_srl.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_srl.txt
Size	146.3KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`b4f4d470201361409d16577d79ef302e`
SHA1	`aabb5cb534cba4f924eebab3d032e418fd932086`
SHA256	`2dd8f54d115f9805f89ae40818fc019d957859cce967d74d4837a4e098acda48`
CRC32	`8271EBB7`
ssdeep	`3072:DZW8DZZUC05dD29uiyShG+A2dMPmtH4A1IoZ71j42+lHBDlwvA1fI0:sOZZUP5dIuKG+AqMPOYA1IoZ7wHvBQ0`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	743d5063cdbbcdc8_aida64.url Submit file
Filepath	C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.url
Size	47.0B
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows 95 Internet shortcut text (URL=<http://www.aida64.com>), ASCII text, with CRLF line terminators
MD5	`7e839447c5c0b76116524d16d3824375`
SHA1	`a4df8a6d081199332eb739b5ee479c83c5fe6630`
SHA256	`743d5063cdbbcdc82168e2260f17e2480debc9d172655c1f342bcfd62eca846b`
CRC32	`13774B9E`
ssdeep	`3:HRAbABGQYm/0S4WLKov:HRYFVm/r4WPv`
Yara	url_file_format - Microsoft Windows Internet Shortcut File Format
VirusTotal	Search for analysis

Name	77938a0d7d9c3382_lang_no.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_no.txt
Size	142.6KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`d38dc926e4e1214e1b845f708327ea32`
SHA1	`a64b3fbd575b7de6bf2dd9d39fb468e1727eda40`
SHA256	`77938a0d7d9c338259beb92a1bcb00fc08a80a62135d124a6cd8b077bbed334e`
CRC32	`6966F8AD`
ssdeep	`3072:aghWJ3v8LeVV3JONlqOFXFm75bwLMKNQqp97mQpMqqBRPypKQRN8Lxm6tFO0mBv2:9av3qp97m7RPypKQRGLQ6a0mBteaTG04`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	535fd8a73ee602dd_lang_dk.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_dk.txt
Size	142.1KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`918e2b317bf45361744c2eee9e8022d5`
SHA1	`b2a5884b165640f77b743ce31c51fe7b41076223`
SHA256	`535fd8a73ee602dd018f5390afb363502c5558724b440859ab8717bfd10ff2bd`
CRC32	`7FA6E3D9`
ssdeep	`3072:DKSrU8qgWJh/d/Kc57B5AmUEJ6BHIbI7x9Omst:uB8qgWXdic57rAmUEJKHIbI7k`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	c8abfc11a1aac9d2_lang_aa.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_aa.txt
Size	137.1KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`7e9d90c45134ea0b8877170966054545`
SHA1	`9b9284510c5ad85cf3e52222a6b4e01653eb636b`
SHA256	`c8abfc11a1aac9d227e0f40dd09e3f3dd5bdff493e6fddc94006c60336210172`
CRC32	`269CA9F4`
ssdeep	`3072:q97wqBUhzpDTlQAIxo6BUoizcjKdLGzBmV4MYF8WPTwvH5dYa:eEqihzpDZQNxoDoizguCzBW4MoTwN`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	4c1a126fa16d7a55_droid_100.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\droid_100.bmp
Size	19.5KB
Processes	2720 (aida64engineer660.tmp)
Type	PC bitmap, Windows 3.x format, 150 x 44 x 24
MD5	`d015e4a681f1be9baa076ac815ea1785`
SHA1	`066298a217f3b5c25711754b5053addf5cc5c783`
SHA256	`4c1a126fa16d7a5545d57420b811f185373e1f5dbd880c97d3f6647ae34f8085`
CRC32	`5B3B7560`
ssdeep	`96:8ffpE4kOXUypvwPYdpqW45aHDFitDZR+Zzv8SgY:wfp54PYCW+knZzUi`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	ba52a063b7059bda_lang_by.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_by.txt
Size	146.9KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`2462a193d440c04f9d44f32dbd093b3a`
SHA1	`ba01bf91fb8162e8566dc4936d2a6d9a1f90ef84`
SHA256	`ba52a063b7059bda7f759de75815cfd9808ec8f5afeb660f552318c0b021f1cc`
CRC32	`ABCDFA4C`
ssdeep	`3072:p8sL5ZZU2EhK+DHTdRnFARgerG61+/qOv3JRlP81WUES1DpGvA0aaFdHYhv/UHfq:qsdZZU1hK+TTdzARgRf/1v3HV81WUESh`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	f7c1b6c67ac5d4e0_aida64.mem Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.mem
Size	2.4KB
Processes	2720 (aida64engineer660.tmp)
Type	MS-DOS executable
MD5	`76b985db605d1cbc7e72cf2153af8323`
SHA1	`1e5aa6e6dfc2b3809aff8c54357bd750ef563a6d`
SHA256	`f7c1b6c67ac5d4e07c529f9190e102eec33fcc67ff6d8835636722ab60bbcbdf`
CRC32	`1D61CF1C`
ssdeep	`48:Ux/vEPytWB8/QhOOmKgmJb6R/7yJ38XlsV8fAtwty6xZjz9Fy1t56S8dptt:mEPyErhI0OR/7yJ381sV8fAtwtywZtU0`
Yara	PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	e35b97bef310eb05_aida_mondiag.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_mondiag.dll
Size	2.3MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1f6298ff27905a79333d158afa60661a`
SHA1	`3b411ab1bcd701ed881b30a76034768a5f045a72`
SHA256	`e35b97bef310eb05c6693f20146ae3d2ebb574350ce1929706bf1ad875c3b209`
CRC32	`2B834EC4`
ssdeep	`49152:UWU51KYq95c+7C2QrJ75F08qKGtEqDrr7:UWU51Il7CFrJ75F08qntdD`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fac3d68af40dc287_storelib.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\storelib.dll
Size	159.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`db1c461bcd178a21aa8daf59653a7a0f`
SHA1	`259f1eaf8d6183caf9810d12da73b2d317612b0a`
SHA256	`fac3d68af40dc28749f7e1d8de3d5e64293874d2cb92f64ae04256f905f85659`
CRC32	`0CCB910A`
ssdeep	`3072:Rwpq71+8xl3WyCdJROjSeIt4+/e792t2K5zo9dRt:Rv0wh2dYSeIt4+c9X`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	937e69ab76b4153e_kerneld.ia64 Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\kerneld.ia64
Size	105.2KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (native) Intel Itanium, for MS Windows
MD5	`4a7e44fbc1ad1a68b14ff7e6e0aa1fe9`
SHA1	`bd2df7879b6a61c6a84b4fbe6967d232ff52e5b0`
SHA256	`937e69ab76b4153e554269f8258bbef3b81ed6d16b9ae7f49caa6d31bb1a0746`
CRC32	`0A80D63E`
ssdeep	`1536:Pi9wQlJsBjwzz93dk5By2qUKfXsEilad+nsx6sfWZE7Kb1q1lJcYqkqU6i+s8Bux:PqlqjwzZ3Gm2bK06DKaPhyu65H1U7GK`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	85db65c9b816c21e_lang_fi.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_fi.txt
Size	138.5KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`130f95da7287fd26e7d81e0923c88802`
SHA1	`3b8ea56ffc9298439afb9c716da87bc8560d8632`
SHA256	`85db65c9b816c21ed09a3f9473abdf9cad94aa8baeb09f6700aea8dc64820249`
CRC32	`D1101CCC`
ssdeep	`3072:OrmDAfGQewY/OcThfaQ68kHK75k1XLlgCmjH0agi8T:8mDJQez/OcThfaQd0K78XLlB8hgR`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	cfdd6e0f698180c7_aida_bench32.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_bench32.dll
Size	4.2MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`74dc6c67792b4315e2f6f88dc5ce57d3`
SHA1	`700169810b631f70349e950a43727d7563276803`
SHA256	`cfdd6e0f698180c7cc8318fd3c558fb50c3ee7d4062b97693ade7e512bbfdfb1`
CRC32	`1B7524F6`
ssdeep	`49152:cMICf+h0nTBchaB9HySG2Gm1JtLsAgwQ7qz1+/+9Cg/VUfTipppppL9tTK:cMICf+h0nT0q1RpppppL9tu`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7f11aa6bdfd0d0a4_aida64engineer660.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-6RDTQ.tmp\aida64engineer660.tmp
Size	699.2KB
Processes	2668 (aida64engineer660.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`961722bcfeb8ae8905c980243cf2ef3d`
SHA1	`1a3e36422a6328cbbb1adbcf519daac8d814dfa7`
SHA256	`7f11aa6bdfd0d0a4f9d6e55681dcd497e6b7abdbe63bf1172a361e0ef37b4520`
CRC32	`02444FC9`
ssdeep	`12288:rQszP8NRMXpc/rPx37/zHBA66pE+4p1YR71CERdH6rN9by7HaOMeamxyEN:rQQP8YXpc/rPx37/zHBA6plp+51CErzH`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet mzp_file_format - MZP(Delphi) file format Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	63afb71f47e825a7_afaapi.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\afaapi.dll
Size	859.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`aadbec83e1d77097771930fc1a1608dc`
SHA1	`ac15ad71412ca7f7646ccb74acbef38d454209c4`
SHA256	`63afb71f47e825a7a422d3a6ec57dc801da2d73d379c0ed72f903d0446b902cc`
CRC32	`8DE10D68`
ssdeep	`12288:AIAETyZizswDZr2rnVed82NFCKh6RaG7EeDATbURJTVDzlaL:AI3AwDj82Nlh6IG7EeYU7TVzlaL`
Yara	PhysicalDrive_20181001 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e433f81f76de8616_lang_bg.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_bg.txt
Size	152.7KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`c94ea5316f6f434a8e1f9a3472735829`
SHA1	`3cb0a036b969dece77e5c5f99196230a01593b16`
SHA256	`e433f81f76de861649a313e144f3760b0518579208432197d0dee882552d335a`
CRC32	`33808D6E`
ssdeep	`3072:iyqeZZUm3k+bmtvZBYWRC2nzwqn9e11MgESnzqjQyxcFf6yvRlfE:jLZZU2k+bmzBYWRC2nzwd11MgES+Eflc`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	ac8259630af4c40a_aida_cpl.cpl Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_cpl.cpl
Size	354.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`3d538f7e18911faf9e08e59a3cee8818`
SHA1	`ac40ef2563a8d671a5faaf275dd9ea4105976502`
SHA256	`ac8259630af4c40a2fdd83ea04b0dc4e506f900dd208025260830235d3c8fb1b`
CRC32	`2BE67A8B`
ssdeep	`3072:2jSqlsO8zcQ0bsNIk9r4YpSl4lJZJQ1fSbNFvhr8OuelAzk77FyZf6FW7UbaqdRi:2uqll8zV0ba5keZWdNMaLc99mn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	45c51026031dd2e1_aida_helper64.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_helper64.dll
Size	83.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`1198945aab85b088309d20eb6319d4be`
SHA1	`4cef1cf2020cdae1b2444ee34f2389cdaffe39be`
SHA256	`45c51026031dd2e1c7ca96b189b62b11046fd779f41118379a5bd8efbba52148`
CRC32	`EF2999E5`
ssdeep	`1536:/nc2hs9GwTcbZqrhHS9+4CcBzyRj0o0LWqH22Bf78x:f9G9GwTcbcVy9+4zBzcjD0LWqHpfo`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	cba55ba6234c3d6d_license.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\license.txt
Size	15.3KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`eadcb59d6cebbb92ff934944800567d6`
SHA1	`1be20fccc4cb4bfc81f06bec4af8e58212454f1e`
SHA256	`cba55ba6234c3d6dd0a64f2c5acc27d7393d331a21f0998a1a13296f3e7b6cc2`
CRC32	`BE9CB436`
ssdeep	`384:8m/Qgaaa03VzfwcOwrsXrsyilHo5rsMrsxdsdyCJ:8mI5uFzXnSZGHo5zWsdyCJ`
Yara	None matched
VirusTotal	Search for analysis

Name	8d2a70609e47559e_aida64.exe Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.exe
Size	11.0MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`b8d8fccd88acd42c4617acefa666b4b0`
SHA1	`daa8fea3eec8e8ada3b4d2fe80cfabe43a11d8e4`
SHA256	`8d2a70609e47559e13c5dc7d0d1376515d77c3a74c78a8a56e0eed4da21d9410`
CRC32	`63769221`
ssdeep	`196608:u6WMfQxPoN4w0cPrskHUL9VKUZMtVDrVybnHp9Z0wJ78O:u6LfiAJfrPHU542MtVDrVybnJ9Z0wBj`
Yara	PE_Header_Zero - PE File Signature mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	faeb5ceb9e6a6be4_lang_kr.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_kr.txt
Size	128.1KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`0a3aa31118eb09f2e593d2e03cb55d66`
SHA1	`c57c80c696a24e6e8bf5599556f1d49041886eab`
SHA256	`faeb5ceb9e6a6be43e1ba6ad68dc8675a044890e6cbb3acbe7699d25bcccf2e2`
CRC32	`9394A66F`
ssdeep	`3072:kgQp2RTm97r+dMjZiaOS2abpkQo3MGwyQRYmuTY8kQhB:kERTmtrV1iaZ2abyQo3MG+uTX`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	00eac8ab8eb27475_aida64 engineer.lnk Submit file
Filepath	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Engineer\AIDA64 Engineer.lnk
Size	1.2KB
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Feb 28 08:17:01 2025, mtime=Fri Feb 28 08:17:01 2025, atime=Mon Dec 13 03:01:52 2021, length=11570848, window=hide
MD5	`70c42d7e5d0967c886be8a32960f6878`
SHA1	`d5726908910ba1ff9f7d30ecf639341766416885`
SHA256	`00eac8ab8eb27475bc4c6f6cd10e661e15c516e8c0c338842a9f427256fa42e5`
CRC32	`4D38AAAE`
ssdeep	`24:8mDNHdOE8k9bi0//0AmMDYd9Cd9mUPPytdN:8mxHdO0i0DmaYdod9nyp`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	27375351b4a72346_kerneld.v64 Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\kerneld.v64
Size	33.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`e906554453d39a3352051589021054bf`
SHA1	`be3dfbffc574604b65d38b5e93406550847a99b1`
SHA256	`27375351b4a723465f937866f0ffc86e8e612b093673ee25ccf0b7ea803f888f`
CRC32	`4AB3CDDF`
ssdeep	`768:3L0ViSUM7F9hcn5UPSzxFy9VcYCOKaj0qUymWB:3L086On5jF090JariWB`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	1cea5f212804a6af_ios_100.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\ios_100.bmp
Size	19.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PC bitmap, Windows 3.x format, 149 x 45 x 24
MD5	`44dfcc45fb934da6782168f6c03f00a4`
SHA1	`e984e90bb7d4318507597b1502866cc9b257f811`
SHA256	`1cea5f212804a6af116773b6fa70e03271951bc5cee76b4367c0e58b9f021b5e`
CRC32	`80EDCE2E`
ssdeep	`96:D0gxfrYXpA/lUQ6/+wmofnYvQrX7aMk3BOyyTjE9PjeYR0+FargwSmpUumuFZu:DNgSKGDHkiBORMeeTOSPummu`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	8da20c0c23845d65_aida_uireshd.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_uireshd.dll
Size	20.9MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`187b5e9979133816ab288d85b2675f2e`
SHA1	`a4aca8b77f272633e87b445c09a76154aecb7449`
SHA256	`8da20c0c23845d65089f242489028256112217ccfc5c72ed51b34d4b855d7a3f`
CRC32	`0BEACFAA`
ssdeep	`393216:fuoCucPBfhVdCGNlTPf9pi8UYbq6Dxb+eaQGDqaf9nSOFeT8vhnc+u5t6LY6X:WoCukmKTNgiDjGDqi9B48iPeYW`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	eba3233869c74427_kerneld.x64 Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\kerneld.x64
Size	66.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (native) x86-64, for MS Windows
MD5	`ee01251e1105aa37a3ba8889248d3340`
SHA1	`06a7869bebd1fc8320586d7f4ff542e18abe161a`
SHA256	`eba3233869c744271d5c22e4c1011ce866987d444a00bb78e4089637b7ed794b`
CRC32	`22939947`
ssdeep	`768:oaDf16m332JXt44CBwpBkfKQtwpEZnBRyage84+BRjdtlg1XtPv5zFoNKyzdMNS0:FYA4CPo22/II0os8vAtBt`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	520b1a8352cb8dcb_aida64 engineer documentation.lnk Submit file
Filepath	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Engineer\AIDA64 Engineer Documentation.lnk
Size	1.2KB
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Feb 28 08:17:01 2025, mtime=Fri Feb 28 08:17:01 2025, atime=Mon Dec 13 03:01:52 2021, length=2775046, window=hide
MD5	`fb888023477ae2fc1ef9e43460ed8ec6`
SHA1	`47fa7fb066fc1b462389a32b8b5c772ff94f630c`
SHA256	`520b1a8352cb8dcb11786bfe9b7909058e03d4ccb2f89c815b54396f9358d18c`
CRC32	`2B197618`
ssdeep	`12:8mv/hA+cGdp8DCDyzhufW1jybozheliuDCfdjAm+5jRDsbdpYbyf1ybdpYbyfSB7:8mvrHdOE8k9bi0r4AmMpYd9Md9mUPPyd`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	aaef5fd59a172a33_lang_mk.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_mk.txt
Size	153.2KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`1ebd25212f0f8d19b3d9d3bc0dd6affa`
SHA1	`deb66333ddca2507cabe85eb24048e4137f5d8b3`
SHA256	`aaef5fd59a172a332ac734de1c433c79cc7758c0b1b2dc2fb66030abb1ba3729`
CRC32	`12565863`
ssdeep	`3072:egK9cgZZUQjF3IXZXMPpfYMDoRzOZFd2Oczkvlfh1FRESTWgbgttv8Bft:sGgZZUZXMPpgMDoRzOZFd2OCkJh1FREk`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	d979285b3905e7e3_lang_ua.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_ua.txt
Size	145.6KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`f150da75307ead038ebb1092e3e47f09`
SHA1	`1bfb5e041b7070020b8e51e4663f7e4d7472324a`
SHA256	`d979285b3905e7e36ff0c9f26e25b7f7d2c77dbfd43665641664843d52ac2966`
CRC32	`9DE63582`
ssdeep	`3072:mZJ+eOtzVTliX474qZAY+iZ2SPnwPEi4D4nLe2NMnAj2Zce+hpe3e9:M0eOtzVTlio74EAY+iZ2sn+Ei4knLGnw`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	644a8096f794edb0_lang_lt.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_lt.txt
Size	153.5KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`9d2f01cff1f1f1fab939f955147a0222`
SHA1	`a84efaac0424e66e6b721a946fc363e4bd69bb2b`
SHA256	`644a8096f794edb0a8fc280ce65cf4ef04bd2497facefe2147dc1f7d492e18e4`
CRC32	`25E80CBB`
ssdeep	`3072:ReYUZZUcgB3OJ3neomvphK2D0xCRi4YnoTQKi1ZWEStX3MeFyvcnf9:IfZZU13Okomvp4K0xCRrYnoMKi1ZWESl`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	34a7a5f3839bbcc6_lang_sk.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_sk.txt
Size	146.6KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`05c72784556d77ad2d5dc8da6b65880a`
SHA1	`9d7e199d511a056600ee71476f611c308c3b533b`
SHA256	`34a7a5f3839bbcc617c32d36be2a5e285de2dcf5402a3684f1b90d37908a96ea`
CRC32	`1C2327A7`
ssdeep	`3072:m7B4JSSygySHBZZUZXqo6zdeosGffPJh1n92CvdneF21uYESmVQB1XaSJ7uiSaqC:u4JSSygySHBZZUUo8deosGffP1n92Gd1`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	afa070f4aee942fe_aida_icons10.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_icons10.dll
Size	8.7MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`88b599dd84aaf6691cb75a22fdf3e48f`
SHA1	`c101c98f341a9696ab731c2999e98427ed24fcc3`
SHA256	`afa070f4aee942fe4ab35ebb12be8fb913976d52d95a377c3367c4e8af20b318`
CRC32	`410C4906`
ssdeep	`196608:oSoll3nYiB4VSWzRZ66z24VZbdt44QoTXGU:vknY7VSWzHTX9`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) mzp_file_format - MZP(Delphi) file format IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6480efa60297cc4d_aida64 engineer on the web.lnk Submit file
Filepath	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire\AIDA64 Engineer\AIDA64 Engineer on the Web.lnk
Size	984.0B
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`fc94d661fd2961f60e875f07d04b3716`
SHA1	`48cb9cdc5b4dcdaa28178e62f149bd1b6d532cfe`
SHA256	`6480efa60297cc4df3c9c144a1dcdc9b44e980fb8dede1d7c0c53829403d3c39`
CRC32	`D5086109`
ssdeep	`12:8wl0J2lqqdp8KYjwybieMOicRsbdpYbyf+0bdpYbyfScKNUGa4t2YLEPKzlX8:8xqdO9bLMOiOYd9Ggd9wUG2Py`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	92518f8132e4a45d_lang_fr.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_fr.txt
Size	157.0KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`062d3998a2526def6dd6edce7ac8c817`
SHA1	`1b0d7bb249f613936ac9be4223f7406148422800`
SHA256	`92518f8132e4a45d15a4beb42ba012aa9f0e3080b116c850d4a4362d746f7821`
CRC32	`23BB139C`
ssdeep	`3072:qBqRxPWNDnDvtlXbNXMLo/GQvcm4qnfEgTHb6se1PBv80sWcb7fQzYFtt8VasT4i:BRgNXvUo/GKczqnfEgToFcbFFtt8V3Tl`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	6acf00f85c591cd2_storelibir-2.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\storelibir-2.dll
Size	275.8KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`7df370a9da483b43d47d3d3177a2b30b`
SHA1	`9d3fd6a67293053d67eecf2cbdb34cdef41b768d`
SHA256	`6acf00f85c591cd2a6cc08e6ed423e94f52e7bc585bb6222a929faf23abc2f30`
CRC32	`5AB7D6AD`
ssdeep	`6144:oaAGE61xLaj7jShlyq/b9S9hQWEIyDWvLWT:0b61xLaDTqbeQWEPbT`
Yara	PE_Header_Zero - PE File Signature HermeticWiper_Zero - HermeticWiper Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	221d3befb04828cc_unins000.msg Submit file
Filepath	C:\Program Files (x86)\FinalWire\AIDA64 Engineer\unins000.msg
Size	11.1KB
Processes	2720 (aida64engineer660.tmp)
Type	data
MD5	`b0610572f47dd7165ef515858c48c164`
SHA1	`07f192c9ab4166647f5fbb8108f6d3d803ef20b1`
SHA256	`221d3befb04828cc2ba4d167dd2cc87b2680a58c5e7069210a17d0c37ec182bb`
CRC32	`F02E3D8E`
ssdeep	`192:4yuyHdp7pdoksdrKUURqCZYcI71gWb/I+XIWCMVtQs:vFz7p85KaCZYcI71Tb/rIWCMVtN`
Yara	None matched
VirusTotal	Search for analysis

Name	5f7778bba57b2b78_aida64 engineer.lnk Submit file
Filepath	C:\Users\test22\Desktop\AIDA64 Engineer.lnk
Size	1.2KB
Processes	2720 (aida64engineer660.tmp)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Feb 28 08:17:01 2025, mtime=Fri Feb 28 08:17:01 2025, atime=Mon Dec 13 03:01:52 2021, length=11570848, window=hide
MD5	`7c736b2dc01cd3567791320e725e947a`
SHA1	`fcdf6c71ad02eda5bc8d14c2e4dfd5fa843ac2ff`
SHA256	`5f7778bba57b2b78964332e0ee49f9f8e313cc59b82c048e2a06400e2944f973`
CRC32	`443D08EF`
ssdeep	`24:8mDNHdOE8k9bi0//0AmM4d9Cd9mUPPytdN:8mxHdO0i0DmPdod9nyp`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	187a0e8805aef333_lang_ca.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_ca.txt
Size	157.4KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`50e4d317d3eac5d51282daa5f6d104a8`
SHA1	`ea26c292956f7659b54346415729d3b9c553e7ff`
SHA256	`187a0e8805aef3336b622ad3663fa3609468d552ebf49f0f9b6bccd1c6249b99`
CRC32	`A3E4DAA4`
ssdeep	`3072:jy/1Hsw9hc05Rrl6caurDyV42AJDRKr+Ow/q/XpX1kUbme9lieVD7jdR3y4UnRP:jyC2drl6cHDEAPKSP/C5XGUhf1U5`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	a7eaa3e78674b6b9_lang_hr.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_hr.txt
Size	145.8KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`2042bb305c743aa2c3ecd140791f3f1c`
SHA1	`8ce3ed4a67c3a2d42201e205467a381bdf13303f`
SHA256	`a7eaa3e78674b6b9989677ee93a6a73983c3e9b340fa9eafa01abd7beb74cdb3`
CRC32	`32978D46`
ssdeep	`3072:FeCFlg6Pfud0zdEwHvngahw0TRTzq3sA+1QecA3F52YQ:gkg6PGdTwHvgahlNzq3sA+s8PQ`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	95946b0aac5dd837_sfos2_100.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-DRUVL.tmp\sfos2_100.bmp
Size	16.6KB
Processes	2720 (aida64engineer660.tmp)
Type	PC bitmap, Windows 3.x format, 125 x 45 x 24
MD5	`005340b18ae50b50dcd14c65c8fe6384`
SHA1	`426fbe0b48d8b74f13d951734bd9d7d0b07a80ed`
SHA256	`95946b0aac5dd8376e6c7600e9d6c5ba279e1a65593b1b6e4752d925b076f017`
CRC32	`3F70A486`
ssdeep	`96:T3333CWg2YeZhkRpEU64lyFkj3YFIdEz7auGOVD+ZIl3o6d2efHC/I/3RDd0rh4w:lYeZ8zYmksZYd2eqc1dCrl`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	22b12cc2160c9c0a_lang_tw.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_tw.txt
Size	119.9KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with CRLF line terminators
MD5	`2d92d1319cd8761a558e2e13b33532e7`
SHA1	`4c3d7dadaf812d1d87a536e53b8e8a326edf11aa`
SHA256	`22b12cc2160c9c0aa41dee45175de09581cc9216fb8413a747ecd8def313f60f`
CRC32	`64E64F8B`
ssdeep	`3072:XHu4RvS1bQfW9yU4uvBvkfZAgg8rC+LUfBAngPWLVnEy7op:pS1bQfW91qfZAgg8egUfBAnE`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	e06e7891142eb712_kerneld.x32 Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\kerneld.x32
Size	58.3KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (native) Intel 80386, for MS Windows
MD5	`4c36f6d1430d206fd0b3fbc959840122`
SHA1	`6b87bb115624e00f6706027d2cd62311e068dd3e`
SHA256	`e06e7891142eb7126893763af2ad72844ac16c7ca5ad50cdfe915f6f8ae9f494`
CRC32	`C89363C5`
ssdeep	`768:KSIAwKX1OkggAfRufZ2F32iFm7K5bpWfOnPAYhjboAdt3q4Prc:KeFOfR5IMQSpWfOT1t64PQ`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	68116e13c6f27126_aida64.ini Submit file
Filepath	C:\Program Files (x86)\FinalWire\AIDA64 Engineer\aida64.ini
Size	24.0B
Processes	2720 (aida64engineer660.tmp)
Type	ASCII text, with CRLF line terminators
MD5	`8c09e8f9095560e4de01b72bebe0959b`
SHA1	`ebb1dc545601bd8fddcb82c1bede6ee47ee185cb`
SHA256	`68116e13c6f27126c7e019f7d7e29328b5e8b60f00464bfb6559b9399a9c8205`
CRC32	`35BE6AE7`
ssdeep	`3:1Mw/REnvn:1Kvn`
Yara	None matched
VirusTotal	Search for analysis

Name	ffde68b8301ba73d_lang_al.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_al.txt
Size	151.5KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`2947d40b1b4567a4289ce82560830d8b`
SHA1	`e0439a5a1b4fa197efc1ef5f76e07e19634c7933`
SHA256	`ffde68b8301ba73d19b64b3672bb47ab54ef6e7a7a4e732e7c2b3b6857e87ac5`
CRC32	`CFDB44F2`
ssdeep	`3072:0zppHqhc/tZUO85a2K9XkRGMGPJABUOYPyl87Mg7O1B1PGGkR:+Lqh2tZUOd2K9XkRGMeYnYPG87MPB1u`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	f048c8e13ad64ea0_storarc.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\storarc.dll
Size	1.2MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`5d5af82719de419332a6e4793880d49f`
SHA1	`8fbdcd78d17e6cbb5361037786c9632af37c8e9f`
SHA256	`f048c8e13ad64ea078ec3ea172816a7ed3ec25ffe7c2378a5c1df252cbef2f8c`
CRC32	`823FD656`
ssdeep	`12288:/F8L0FS67v0nzW+noOuHiuL4+axNx3TV7VkSIpYvk4JfIgtCjIdQIvtRz7yu9n:/pS67uzW+nGeBVrbfIgcjIdQasuZ`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	224ab530f2ed125f_aida64.web Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.web
Size	5.7KB
Processes	2720 (aida64engineer660.tmp)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`2efaf342297e996b79699ae1d9f589c5`
SHA1	`3598b5f21b84b2f1c2209e2e5d8f860103f73ce1`
SHA256	`224ab530f2ed125f775a69ffeb2c690d479344e3de374286fa6e1a38f3b2281f`
CRC32	`12102CF6`
ssdeep	`48:MY8z15nEgUSEvKDVFE4ZWZzGIX3MqF9MLyQibobxt0VN1rL/Sxv0QCk2TpZlu5Ce:MHBtEgUSsEELc+XMGQibobxOv3RjPE5T`
Yara	None matched
VirusTotal	Search for analysis

Name	038e52124f14613d_lang_bs.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_bs.txt
Size	147.2KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`d67e7cf191310585568cd2b60dfb76a1`
SHA1	`f0a84129db944798fbf8a003dcb76763c35b71f4`
SHA256	`038e52124f14613d77ef8661399b43345db90ec8d13c364d4eef3ec454638fff`
CRC32	`FE1DD6AD`
ssdeep	`3072:cTQuOUNqzKdBzdiSV+vELY/u6m9Sq3gyL+ZtfcXjE:MKUNqWdvV+vELYdmYq3gD24`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	f46056d850b35807_aida64.exe.manifest Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida64.exe.manifest
Size	1.9KB
Processes	2720 (aida64engineer660.tmp)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`6ad07fc33d5e849f5a920a61f53b527e`
SHA1	`52ed64f653716becb2b4968f10f98acff824f2ba`
SHA256	`f46056d850b35807c6f30179ad9995aa9f36b520d73561f9379de374cb9ecb81`
CRC32	`B3D2262A`
ssdeep	`24:2dt4p09gAKN5DpPFN4k+b0PgA3H3xMPQVm1WaX4+XAcBL3TM84+AJ14+rHecpf:cSu9gn5tP4k+bkguhMrXXtTtS3F`
Yara	None matched
VirusTotal	Search for analysis

Name	203960e917c48f42_lang_ru.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_ru.txt
Size	144.4KB
Processes	2720 (aida64engineer660.tmp)
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`6ef67b741e35eba141691cb813f6c67e`
SHA1	`aad6659c9c7a19d342483458b07352786dbcdecc`
SHA256	`203960e917c48f42820301f32d3b03b610bb67ca5cc2e0260cecf3d607b9327c`
CRC32	`4E4B019F`
ssdeep	`3072:4SkezU4FtQ1bvAYD4kixmY2LhB32C9CZ1XjRpF+H0S:zzU4FtQ1bp4kXY2LhF79Cg`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	da29cab50ca97188_ssleay32.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\ssleay32.dll
Size	159.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`1ba13ad3a2f20bfe2570af0a531b72a7`
SHA1	`4c21634123b0ec1cec25d4002cb12c7badf67604`
SHA256	`da29cab50ca971885fc92ebe9402e07a02a77cd15d2c7b10f30a730b4f085fc3`
CRC32	`2B585B42`
ssdeep	`3072:klz3GKJMgi8Mz6ag/Z+hs4vKSY7uZ7asCpGvQR:klKKigi8Mfhs0Krs6ya`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	7170801599791771_aida_update.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_update.dll
Size	51.7KB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1cb12a4011ad7beef470790d69a73d88`
SHA1	`d552fb0b5aaa98b1137fee914a29ddd2c1f0dd8b`
SHA256	`7170801599791771c72b72eae3ccf71baa1902901a97e33fac3d31b10f2c6eec`
CRC32	`D8A93222`
ssdeep	`768:QkcGCKuI0oi0iKC0lKdwiHnC1kERp68YEmEtP8heYi8M7pz:7cJ1BaC0SwN1kEe8tr78Az`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	669cbf73f15fc916_lang_cz.txt Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\language\lang_cz.txt
Size	144.5KB
Processes	2720 (aida64engineer660.tmp)
Type	Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
MD5	`d69c886dc8af2b0596e6442e6c3838de`
SHA1	`6d88466e080b5b891801266def1ce16819728d08`
SHA256	`669cbf73f15fc916b61c3a2fb5422b1b668c01264ef95deb5a515f4934c05727`
CRC32	`33537B29`
ssdeep	`3072:Vxp8936ywSsRMv5C+CfC6aCTcn8vaMELYJwmor4nEnIDDMdN7:jk3RwSsRMv5C+CfhaHn8vaMsi44y`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	710712b1ec048cd4_kerneld.w9x Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\kerneld.w9x
Size	22.6KB
Processes	2720 (aida64engineer660.tmp)
Type	MS-DOS executable, LE executable for MS Windows (VxD)
MD5	`1efbac6bf8e9da30c2bca2284abed1d3`
SHA1	`8c637b813f3c0dd347b8f67ab87b813849bd4ff7`
SHA256	`710712b1ec048cd4c94135630c6b4ceaae4f2cf36c700e0c17d2002986b1ab87`
CRC32	`EC090C2F`
ssdeep	`192:IxeDcf2T8Sdt09OVU8foHmZZNRkNhj7cHrrTH4R8Eg9ZvjjLwe8:sdOVH092VgGZDGhjaPH4R5g9hjje`
Yara	PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	a97f2c926f08bf0a_aida_diskbench.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_diskbench.dll
Size	1.7MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6e92b24fc17db1c424b07754b7c765c4`
SHA1	`d6ae6e7fddef6b3ad0c7205c71749fea8b44f85f`
SHA256	`a97f2c926f08bf0a2b9c88659f62620989da028f72b1f4e82e314df7decc0ab6`
CRC32	`F3D2E7F7`
ssdeep	`12288:FyZipwu3n5ntnQJEGqEay5pPTsY8t3u2IZj7mdajgW3HnlL9xnRFAgN7JwgGyic:Fl+6tQR5plMhIuxW3HlL9xbAVvy5`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals ftp_command - ftp command mzp_file_format - MZP(Delphi) file format anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	46f449b5dff9af27_aida_bench64.dll Submit file
Filepath	c:\program files (x86)\finalwire\aida64 engineer\aida_bench64.dll
Size	11.2MB
Processes	2720 (aida64engineer660.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`161cf9d4d7891a849f2eb64fe98d8cab`
SHA1	`3b8442554b4c1262152ed0d6f6804a117f39e40e`
SHA256	`46f449b5dff9af278799507f6c9d657c245fd6c73a000fcfcffd119bfa5ca4e9`
CRC32	`F12B2D99`
ssdeep	`49152:UK+sHBMtxmiQVfNCjQ6pxCRK6DOFuaTRFFq/gCMjdlejNlfdTVfppppppwpUQM:6Mfppppppwp9M`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis