Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.20 09:11
mainbas.bat
11.20 09:11
dll007.dll
11.20 09:11
exe004.exe
11.20 09:11
exe010.exe
11.20 09:11
blecher.exe
11.20 09:11
GetAdapterInfo.exe
11.20 09:11
dll004.dll
11.20 09:11
dll008.dll
11.20 09:11
bestthingsalwaysgetbes...
11.20 09:11
DKM-9067291.pdf.lnk

Latest News
11.20 12:11
Batteries Not Included...
11.20 12:11
AI 딥테크 스타트업 폴리머라이즈, ‘폴...
11.20 11:11
62만 유튜버 연츄, 인천 노인주간보호센...
11.20 11:11
Unveiling LIMINAL PAND...
11.20 11:11
이천청솔기숙학원, 2025 입시 준비 조...
11.20 11:11
모즈 탄소매트, 전자파 없는 원적외선 매...
11.20 11:11
유어네스트 ‘이터널 라이트’ 아틀리에 투...
11.20 11:11
누미에르, THE F&C와 파트너...
11.20 11:11
China’s SpaceSail to C...
11.20 11:11
AI innovations for a m...

Dropped Files | ZeroBOX

Name	17296ef169776f90_lixygaevymi.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ab-479ac-814-bb8a8-11130f0847f23\Lixygaevymi.exe
Size	358.5KB
Processes	2560 (DYbALA.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fffd2903ec20ac275330f9d1d36f991d`
SHA1	`0cfbfbe366191bc201830f7fb7fc6bffa9dea279`
SHA256	`17296ef169776f90a8b6984a2e929fe661bb0083e281956b313726c2af102b8a`
CRC32	`1FBBC602`
ssdeep	`6144:I3BSFdS3gTU6kdwWJz+RLW+onAJQxYhLUiXAwPhQF7+MrH/RbKXIsI4oF6cuz:IQfkL4SnaQx3iXAwPhQF7+MrH/RbKvy6`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	debd9657375240b8_hyvacaerufe.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4a-841a7-6ec-3f1a8-c322fd916228f\Hyvacaerufe.exe
Size	545.0KB
Processes	2560 (DYbALA.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`66569d09ee7a064449b6890633d0a6aa`
SHA1	`a5830d8d92c9d014a88056cc84d7f457a8441002`
SHA256	`debd9657375240b8e8b6b6744d0dee9d247f1c57a0f7d3a96d0e60b3e19db4d1`
CRC32	`69EF5A7E`
ssdeep	`12288:xzXZreLxLfm7veoxK/OJZN3IRyrBQmYpR9lAFCMKxmjQwj+7z:xzpreLxLfm7A`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsw5F9A.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsw5F9A.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	1fd1e4dac636a9e9_xibijozhana.exe Submit file
Filepath	C:\Program Files (x86)\Microsoft Analysis Services\Xibijozhana.exe
Size	221.5KB
Processes	2560 (DYbALA.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b5bd8dfef7366e06844f2b8595dd9910`
SHA1	`4331ffdf420d9858435bfae964c7be792b50b47b`
SHA256	`1fd1e4dac636a9e9bf400b197dd19633797be8d3cbc9cffbf29ee38496def001`
CRC32	`FB95F7AA`
ssdeep	`6144:3k0YQ9zUQcRbYqfGL0lwu3okf3iZY3PhHnD:3k0Z3cRbYqfGL0lwu3oC3im/hHD`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	29b84936eb8a8b85_DYbALA.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-BI6MO.tmp\DYbALA.exe
Size	642.5KB
Processes	2416 (kak.tmp)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`41afb6916c0587f605747a7391a8793c`
SHA1	`33772618d5a7e6e9b87cb9ccfd970a6b2cf18c27`
SHA256	`29b84936eb8a8b85a0f6ef98c3de406eb6d12f07b19b606bc5076a6800b58113`
CRC32	`5F3D971B`
ssdeep	`12288:SyCmB88uAVhHDb1Xu6AFihlK0O89oFjvsKnmvY5CIau4QKq:nKTABXM`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	ef2a03f03f9748ef_PowerControl_Svc.exe Submit file
Filepath	C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe
Size	389.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`19b0bf2bb132231de9dd08f8761c5998`
SHA1	`a08a73f6fa211061d6defc14bc8fec6ada2166c4`
SHA256	`ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332e`
CRC32	`081E583F`
ssdeep	`12288:F+bMtwrleoUUcdl5gs7wSYbHkZPu/KjGHH711P5b:FDtUlCdl5v7GkQ71JJ`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d3137fb16cc88e0c_T9aZunTSaNJLBVfIkgF5mtQo.dll Submit file
Filepath	C:\Users\test22\Documents\T9aZunTSaNJLBVfIkgF5mtQo.dll
Size	1.3MB
Processes	2552 (BumperWW.exe) 2436 (ww15_testLL_0310_single.exe)
Type	data
MD5	`6542ff843d091ef9901e839405497fa2`
SHA1	`efc52027b56a7e8e15362bc58ebc714761547efc`
SHA256	`d3137fb16cc88e0c2164c883aa6f317a3b3e79130ad8ceeadf4ea10f7908d216`
CRC32	`9DFEE32B`
ssdeep	`12288:rdEQx8PubTY2ViF+vAZcXhVhPZF2fhPZPgu4WKbIgFfghPghPZPgu+KeisGBosb4:rRmATHZeiar+ernMUeviP`
Yara	None matched
VirusTotal	Search for analysis

Name	21d03f19c4b1c12d_red_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\red_shield[1]
Size	3.4KB
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`87de5d9a3403e1d7635885cbaa52389d`
SHA1	`50b32c5966331e3e27bef987fd1da0129423d348`
SHA256	`21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d`
CRC32	`15814E36`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d0ba19f5e334e60f_invalidcert[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\invalidcert[1]
Size	2.1KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`66f441cef8801549c2f0ff12cbe752a5`
SHA1	`de506bfb63225b3cc084ae292d4bf98a21ae6250`
SHA256	`d0ba19f5e334e60fb5056bc2e05b97de09aee4db49e5e11abde482bab9c4e8fb`
CRC32	`13C10CC2`
ssdeep	`48:mPntofz4/i5DjktylVDJlObUBsBXcysTqysg2Bp5Bi8OwaBynLysTqys4Bwy/Ae:SE4a5HlVDJMbUB2XcylyNkpfi8OwgynN`
Yara	None matched
VirusTotal	Search for analysis

Name	fbc23311fb5eb53c_background_gradient_red[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\background_gradient_red[1]
Size	868.0B
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3
MD5	`337038e78cf3c521402fc7352bdd5ea6`
SHA1	`017eaf48983c31ae36b5de5de4db36bf953b3136`
SHA256	`fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61`
CRC32	`C08DA614`
ssdeep	`24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	39e7de847c9f731e_down[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\down[2]
Size	748.0B
Type	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
MD5	`c4f558c4c8b56858f15c09037cd6625a`
SHA1	`ee497cc061d6a7a59bb66defea65f9a8145ba240`
SHA256	`39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781`
CRC32	`B475DDD7`
ssdeep	`12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1ba122f4b39a3333_green_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\green_shield[1]
Size	810.0B
Processes	2672 (iexplore.exe)
Type	PNG image data, 14 x 16, 8-bit colormap, non-interlaced
MD5	`c6452b941907e0f0865ca7cf9e59b97d`
SHA1	`f9a2c03d1be04b53f2301d3d984d73bf27985081`
SHA256	`1ba122f4b39a33339fa9935bf656bb0b4b45cdded78afb16aafd73717d647439`
CRC32	`B4CE0ACE`
ssdeep	`12:6v/7uYS13ahSxS0U+uSaXyPtcAM9ikFQoYIWYX08jIVNLSY/c7nYxOEYgiWI0oC1:vD13x0p7y1cAoQW/kEIVNLVBx670oDp+`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	a32e0a83001d2c5d_2.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\2.tmp
Size	36.0B
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	Microsoft Cabinet archive data, 36 bytes
MD5	`8708699d2c73bed30a0a08d80f96d6d7`
SHA1	`684cb9d317146553e8c5269c8afb1539565f4f78`
SHA256	`a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f`
CRC32	`EAB67334`
ssdeep	`3:wDl:wDl`
Yara	None matched
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2672 (iexplore.exe) 2832 (Hyvacaerufe.exe) 3452 (any.exe) 2436 (ww15_testLL_0310_single.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	61b3ed7e0c34462a_invalidcert[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\invalidcert[2]
Size	4.7KB
Processes	2672 (iexplore.exe)
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`f200b6453c3681a59928507b6c7bf9c8`
SHA1	`cd0cd684a0c1404f612dca4e0ee6afff98ec7175`
SHA256	`61b3ed7e0c34462a25ef97bee5736c0424098ad1b9403896805ab6fb0620fd1d`
CRC32	`08E28AD1`
ssdeep	`96:UUHUD0Ws5PFkiGjUpEajPCMCz27BSIb8i:3UIWsnkdjoFDd57BSIb8i`
Yara	None matched
VirusTotal	Search for analysis

Name	2699731ede4aa7a5_gntt31fbu2rkxesfslvmlv95.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\gnTt31FBU2RkXESFsLvMLV95.exe
Size	3.3MB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a3a3d3ee2e111da1891ae6f8537edc00`
SHA1	`1b68ff4c89f3b68b811dae4888e9b9c130235767`
SHA256	`2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173`
CRC32	`51A0ED74`
ssdeep	`49152:iJZK6jf9NJvpySYjvm9bDrkMLOB717mjJ8RSd2H5mnHijb0V+QAWYYOu4W:WI6xR5GvSDNLY717+GI25mnHCkj`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	4f94a53f9cd57491_fb7m5lwjggqzjfsi1ni5it0s.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\Fb7m5lwjGGqZjFSI1NI5IT0S.exe
Size	174.0KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1ae401ea824cd98be6f7247e3ba2e1dd`
SHA1	`17445e1a39548d78b8ef462b127792cc5251268f`
SHA256	`4f94a53f9cd5749153eaabdce5be92c377c2b325a606ad63a4a73768f8b4bd58`
CRC32	`567B23D7`
ssdeep	`3072:IDKW1LgppLRHMY0TBfJvjcTp5XOTURWXggZcTAEXvDkPu:IDKW1Lgbdl0TBBvjc/pRWO8EfAPu`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file UltraVNC_Zero - UltraVNC
VirusTotal	Search for analysis

Name	4401cc5459665a04_pagdyspdvndek1mpujfhavf9.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\PagDyspdvNDek1mPUjFhavf9.exe
Size	602.0KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`21bb6f6da4d85a40fea01d98c2132b50`
SHA1	`eebad8256656b3113eba7321bcce467a61a98322`
SHA256	`4401cc5459665a04cab4be3e7930ab187e86908b056ad321e19b3b0e8fc255ac`
CRC32	`D8F3451D`
ssdeep	`12288:USTcoRIeqM9Dc+lzfKAJPrIvKgMevlNhiRI1AT0SJu:UToRvlNrKcrCKgMeY21AoSJu`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	28859fa0e72a262e_pidhtsigei8dramayu9k8ghn89.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pidHTSIGEi8DrAmaYu9K8ghN89.dll
Size	167.5KB
Processes	3528 (Yy1UpurwsHhgAxyvFO1fsEJc.exe) 3568 (Yy1UpurwsHhgAxyvFO1fsEJc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`f07ac9ecb112c1dd62ac600b76426bd3`
SHA1	`8ee61d9296b28f20ad8e2dca8332ee60735f3398`
SHA256	`28859fa0e72a262e2479b3023e17ee46e914001d7f97c0673280a1473b07a8c0`
CRC32	`B757082A`
ssdeep	`3072:tw96uifZtOVSgpyt2RGe2SOrC4WOcfV+UmLosIwW:GE2Sgct82tCOcfX`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9c0d294c05fc1d88_kenessey.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4a-841a7-6ec-3f1a8-c322fd916228f\Kenessey.txt
Size	9.0B
Processes	2560 (DYbALA.exe)
Type	ASCII text, with no line terminators
MD5	`97384261b8bbf966df16e5ad509922db`
SHA1	`2fc42d37fee2c81d767e09fb298b70c748940f86`
SHA256	`9c0d294c05fc1d88d698034609bb81c0c69196327594e4c69d2915c80fd9850c`
CRC32	`AC75BF49`
ssdeep	`3:KWigXn:KWigXn`
Yara	None matched
VirusTotal	Search for analysis

Name	f1f90b6ffab44282_kak.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-0EQ3T.tmp\kak.tmp
Size	1.0MB
Processes	2336 (kak.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`89b035e6a5fd0db09a26338bb5af5ff1`
SHA1	`9a784d145a596c69578625fd1793d65592d740de`
SHA256	`f1f90b6ffab442821650618d48117fe861d19a783a862d86941e6477a5b26173`
CRC32	`5060C8FF`
ssdeep	`24576:nQYh1yLmSKrPD37zzH2A6QD/IpqggE2CfNafoXyx9DQ:Z02rPD37zzH2A6SBIfNafoKi`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	7d825cf1ad058e35_temp_0.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\$inst\temp_0.tmp
Size	2.6MB
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	Microsoft Cabinet archive data, 2686466 bytes, 3 files
MD5	`692affc85e116f88322014f16d2d0b07`
SHA1	`5b304c9eab8b6714e1ab4ee17b0745a0b20d6a72`
SHA256	`7d825cf1ad058e35f8180c7bfc841a9d38729b85b5ebc8aa177a0db66ec56580`
CRC32	`2A919001`
ssdeep	`49152:3buLTSGm8+AAI6VMusnEdSMZFd9uAy3+iUkbjzQCNT9Lb6JGskay+jRbwS:3SLTSgr0MusnEdSMZduV35UUzVtu1vt5`
Yara	None matched
VirusTotal	Search for analysis

Name	5e2cd0990d6d3b0b_red_shield_48[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\red_shield_48[1]
Size	4.0KB
Processes	2672 (iexplore.exe)
Type	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	`7c588d6bb88d85c7040c6ffef8d753ec`
SHA1	`7fdd217323d2dcc4a25b024eafd09ae34da3bfef`
SHA256	`5e2cd0990d6d3b0b2345c75b890493b12763227a8104de59c5142369a826e3e0`
CRC32	`FB79B148`
ssdeep	`96:d+IXaQsYpHlXqSHpGjk2p1949uFgq2IzybQOmxtqdE9Z0elca:d+maspzHMjkm49uWq9ffME3lf`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c52d209955b96219_2eeba_j1cdykvsx9ogwtty98.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\2EEBa_J1cdykvsX9ogWTty98.exe
Size	4.3MB
Processes	2436 (ww15_testLL_0310_single.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6d5ed6ccf4d81551ae547731176ab88d`
SHA1	`d02d2173ba360c23909e457734337725d4949fe8`
SHA256	`c52d209955b96219eba8558720cbd2ce0a7af6c10529b7aade5dd5fda9f7f95f`
CRC32	`4681636C`
ssdeep	`98304:vo/fj5ef3oKpnWXw4eou5jQf/0T4AXABr3cBYDAsWiepoBiELS04G:wHj58oKpngw4FuWK2r3tDPWXpvEm04G`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	113cb7330c1ac8b3_recoverystore.{3d4013bb-3dcc-11ec-98e1-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3D4013BB-3DCC-11EC-98E1-94DE278C3274}.dat
Size	4.5KB
Processes	2548 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`3a4d6df8e86ac9fd41106c2969f79815`
SHA1	`58e0578e98b243d346e2273e8e30d329d671bc62`
SHA256	`113cb7330c1ac8b3be69fdd74533ed5c42b22f3e09636641ee124cf308071821`
CRC32	`24982D5A`
ssdeep	`12:rlfF23rEg5+IaCrI0F7+F2ZUrEg5+IaCrI0F7ugQNlTqbaxbPDbtS66NlTqbaxb1:rq35/1ZU5/3QNlWqPD5B6NlWqPD5Ttl`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	2d290ab63b8133f5_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2672 (iexplore.exe) 2832 (Hyvacaerufe.exe) 3452 (any.exe) 2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	data
MD5	`8c6f0cf96ea9b660a85e2bed35db9dab`
SHA1	`e4afe2168aeb2d712b5cf2259cd5bea612bc1f90`
SHA256	`2d290ab63b8133f5579c524ddd2ee4e51714d18db1998a9baed15bd98e3a9d74`
CRC32	`3E77C874`
ssdeep	`3:kkFkld0yklfllXlE/0PhxldllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1yDHLD:kKgklhj5liBAIdQZV7QMTan1`
Yara	None matched
VirusTotal	Search for analysis

Name	abd4971420c4c5bf_an8explsirzje_jkciy0weal.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\An8eXpLsiRZjE_jKCIY0weAL.exe
Size	69.9KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ebd1626da1b04b6096858615672cb230`
SHA1	`de77dfe4d053770f2413e8921ac43391ed369fa7`
SHA256	`abd4971420c4c5bf07a43cacb2cd0638e6139368c7b898cdaaf700f6f39f3b10`
CRC32	`5C244E87`
ssdeep	`1536:KjDSVfZWEuoaONa9VcLDh5rCl1uTK9aA7RS6seriGT6KIt9:/2cLd5rCl1u+gAd/suibN`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
VirusTotal	Search for analysis

Name	32967e652530e7ac_cutm3.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\cutm3.exe
Size	1.3MB
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`07e143efd03815a3b8c8b90e7e5776f0`
SHA1	`077314efef70cef8f43eeba7f1b8ba0e5e5dedc9`
SHA256	`32967e652530e7ac72841886cb07badcced11e1e725e2e85e1ee8046c4fe2149`
CRC32	`00787421`
ssdeep	`24576:HAFnWzNUe3a9nvOvk+/QBNFjmDWTe2c6Ek:yWzmeK9n2FQbFBTq4`
Yara	ASPack_Zero - ASPack packed file IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	39412aacdcddc4b2_decoder.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\decoder.dll
Size	202.0KB
Processes	4168 (installer.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`2ca6d4ed5dd15fb7934c87e857f5ebfc`
SHA1	`383a55cc0ab890f41b71ca67e070ac7c903adeb6`
SHA256	`39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc`
CRC32	`2ED293FA`
ssdeep	`3072:KAks1YEbj/RY1chmT86lO2XkzjCN4d0N1crZ9RAZQH5lsuabXXikM9:nj2rAGKvdkcrZ3xsuabn5M9`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b1dd835c2d5caae4_jg1_1faf.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\jg1_1faf.exe
Size	2.0MB
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5	`77294635b863561ecd6267711c5222a2`
SHA1	`70895878eefac9540bb885c29d125b88f56fa745`
SHA256	`b1dd835c2d5caae422469d55c05823f95f649829db8ed2dddc3a4f3e5a228b28`
CRC32	`3DBD2442`
ssdeep	`49152:ASXSNLA7IvAVurnKd1MZLGSUs0f/i+94vR0NN:ASD0YVurnKd1MZrUHfK+UR`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e5e540171fdb508b_xqppsq1bqnk9eqt6i4rvb9h7.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\xQPPSQ1BqNk9eqt6i4rvB9H7.exe
Size	381.0KB
Processes	2436 (ww15_testLL_0310_single.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`49252ec4ef4b0dbf252e84686ca1f134`
SHA1	`26428e6dac64addc42848042f6bb600d98d821e9`
SHA256	`e5e540171fdb508b9c6a3ab4fa62fa5b8c2645fadd036b7c8d9932e990575092`
CRC32	`41661A9B`
ssdeep	`6144:V7Kk/GwTbx08au8+9GajJadN9VeLea7rozNK/9kW4BFGkDksVZu4:9J/HbIVHaLLenzNK/9ktFGkwY`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	aec1554210a7bf57_srjwwlbhrcg3hgooq2d7fgcu.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\sRJwwLbHRcg3hgOoQ2d7FGcu.exe
Size	3.4MB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9c1cbd792859b7d84eb085b020c331ca`
SHA1	`41942630a936f69045c5eab971a7dfe9a15a7227`
SHA256	`aec1554210a7bf57873d331327542530c843ee94b8e97bdb41bcd74cbaf031f8`
CRC32	`CE41CE6E`
ssdeep	`98304:H4G1ZL1lKFKy31I828DbYS9bZ+Ai/xk2VS7Dw/ZtKe4Nh:HZ7laK4I8LDbR9bZxBwnih`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	23d43ab9db13b64f_foldershare.exe Submit file
Filepath	C:\Program Files\Windows Defender\EOUZNQTEXE\foldershare.exe
Size	754.0KB
Processes	2560 (DYbALA.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`cab181c59fd045c2d4c87f600bea3f6f`
SHA1	`c2914263d07b673ede585ce5230d163d03fed964`
SHA256	`23d43ab9db13b64f8e3c99a71d43b8df0efe9e3821a9a7980518c5be1a27c68d`
CRC32	`B8DA8318`
ssdeep	`768:GH/cs/nybQSZOgEp51LohTjatig+ssluc3PmTyLZu3YEp51LohThJtig+ps+FYce:s+87LGHaYgV0n/mTgyp7LGdJYg0NBQF`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	91c05be1cf3e422e_z7cnf_kncwqg5qs37fhaootp.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\Z7cnF_KncwQG5qs37FHAoOtp.exe
Size	3.4MB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9511ad30bd2d96ed5fd7e0f90f09c856`
SHA1	`b2261c950c019219041519b220910b3b7d7567dd`
SHA256	`91c05be1cf3e422e68c89e102843a0e1603c891209b6b9178f45053aa262768c`
CRC32	`543B2F48`
ssdeep	`49152:1QwhLqw7fFFxatGTQYUVi3YrcSlhg2HkzUSkzrzu4ciGzSRmDWAK2/K+QAWYYOuk:WwhatGvmkIla2X7fz3ZGzSD32y8`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Lazarus_Zero - Lazarus Generic Malware anti_vm_detect - Possibly employs anti-virtualization techniques Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	9884e9d1b4f8a873__shfoldr.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-BI6MO.tmp\_isetup\_shfoldr.dll
Size	22.8KB
Processes	2416 (kak.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`92dc6ef532fbb4a5c3201469a5b5eb63`
SHA1	`3e89ff837147c16b4e41c30d6c796374e0b8e62c`
SHA256	`9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87`
CRC32	`AE2C3EC2`
ssdeep	`384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) IsDLL - (no description)
VirusTotal	Search for analysis

Name	8a94163256a722ef_hyvacaerufe.exe.config Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4a-841a7-6ec-3f1a8-c322fd916228f\Hyvacaerufe.exe.config
Size	1.2KB
Processes	2560 (DYbALA.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`98d2687aec923f98c37f7cda8de0eb19`
SHA1	`f6dcfcdcfe570340ecdbbd9e2a61f3cb4f281ba7`
SHA256	`8a94163256a722ef8cc140bcd115a5b8f8725c04fe158b129d47be81cb693465`
CRC32	`2328D28C`
ssdeep	`24:2dZmht+SDfy4GOy4TO4q5X4tndGubyB8GRyF:ccdfy4G74TO4qN4hRN`
Yara	None matched
VirusTotal	Search for analysis

Name	f2afc04a24c9d89d_red_shield_48[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\red_shield_48[1]
Size	6.8KB
Type	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	`f413dd8a75b81a154a1fd5e4c4a0a782`
SHA1	`667f7e3da51ca3417a1feb66d238466423c9487d`
SHA256	`f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb`
CRC32	`D96BDACF`
ssdeep	`192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	203d7b61eac96de8_idp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-BI6MO.tmp\idp.dll
Size	216.0KB
Processes	2416 (kak.tmp)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8f995688085bced38ba7795f60a5e1d3`
SHA1	`5b1ad67a149c05c50d6e388527af5c8a0af4343a`
SHA256	`203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006`
CRC32	`90D9CA64`
ssdeep	`3072:6XHWOJd5D0ocxYF0+CT4zNHNpwZNjlhBKL/kg/0r4YLuztNJaFlCx:6G6tae7wZNOpiWP`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	5125260e781ddad8_zcttys2x6mixpu1iab3qcqke.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\zCTtYs2X6MIXPu1iAb3QcQKE.exe
Size	579.5KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b3a423edd36f3d3f32c64769f71647fa`
SHA1	`f05dbff9c0f0a27ebfbbfe6ddd45ff2e61ba2dc1`
SHA256	`5125260e781ddad8dcb5cb23e31d4ad9819d557faa2ee0c462dcbf01f828ebbf`
CRC32	`9464BC6D`
ssdeep	`12288:tKLeOwQ9Cy+Lze0z+YDEWNKfN7mxqfEGNegvP6fzH:PO9W4MEPt4qfEGIgCzH`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	265c2ddc8a21e6fa_yy1upurwshhgaxyvfo1fsejc.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\Yy1UpurwsHhgAxyvFO1fsEJc.exe
Size	318.5KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3f22bd82ee1b38f439e6354c60126d6d`
SHA1	`63b57d818f86ea64ebc8566faeb0c977839defde`
SHA256	`265c2ddc8a21e6fa8dfaa38ef0e77df8a2e98273a1abfb575aef93c0cc8ee96a`
CRC32	`BE70020F`
ssdeep	`6144:ej4R3H20xSWLE2Sgct82tCOcfX+A5yF17s:ejcG72Et8Vf81`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	02beadecf04d3e04_v86hr6bop_cjn_kghlj96iwj.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\v86hR6bOp_cjN_kGHlJ96iWJ.exe
Size	517.0B
Processes	2552 (BumperWW.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`9d5e0e5cc1a63273e3c4ecd3b383c05e`
SHA1	`46a9a06dae58ab24873a4396ef85f0e7d6614f15`
SHA256	`02beadecf04d3e0416ad83736708a81414bd7c3f1cb7634cbc04bea1112ea673`
CRC32	`69B323EA`
ssdeep	`12:hnMEwuiuX4w4vy4Whk7pCHWRPT4qdIPGv:hMNmMvy4WopCHWRP8qdF`
Yara	None matched
VirusTotal	Search for analysis

Name	4bd9f96d6971c7d3_red_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\red_shield[1]
Size	810.0B
Processes	2672 (iexplore.exe)
Type	PNG image data, 14 x 16, 8-bit colormap, non-interlaced
MD5	`006def2acbd0d2487dffc287b27654d6`
SHA1	`c95647a113afc5241bdb313f911bf338b9aeffdc`
SHA256	`4bd9f96d6971c7d37d03d7dea4af922420bb7c6dd46446f05b8e917c33cf9e4e`
CRC32	`FF24F41E`
ssdeep	`24:VX9dkhKJykEcGrfr9GiuY6ouyrItaMUZ9jL1:FrfZEckG4IsD31`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c6e318d3262b7817_underdress.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\Underdress.exe
Size	3.5MB
Processes	3900 (11E7MDGSktAZAwVCAJlPDyeF.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
MD5	`98f60434f7be5433b37cd47ec5029537`
SHA1	`1bb8e44edde75b6f346d8997106efe57eba9e3ef`
SHA256	`c6e318d3262b78179f3f17c4cbf60405dc95634e6100199439fa21bba6216766`
CRC32	`D541770F`
ssdeep	`49152:JFPPkTf1sZEmTKuELkD/GQ7yvXC1K6W9xyf0oCp3ip2i/8ThATx+ZrIWBgPfeRow:JFPEf1/d4GpOssTCo2im/ZrIWBI2SwB5`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	40f28371585c8ea6_1ai7qh_csrfptbdt02aao5mm.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\1AI7Qh_cSRFpTbDT02aao5Mm.exe
Size	343.0KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`950056b7611b8c02a35d151c64e50170`
SHA1	`7aa20bdfffe8bf67197260baf1ff3a74696aea4e`
SHA256	`40f28371585c8ea6fc24f53b7a9c1e29fb38f921ab5865b76523dcee79b84067`
CRC32	`224D21E1`
ssdeep	`6144:oowbaD63g+R+kDMrI4+8a8+pkYWroE3Rqlx06xBlCYM4BYkKP:oH2mw+RerX+KYWroE3Rqlx0g44B9KP`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c686babc034f53a2_green_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\green_shield[1]
Size	3.4KB
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`254d388ce19d84a54fd44571e049e6a6`
SHA1	`51ca725642f679978f5880278e5cac5ca4f70fae`
SHA256	`c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227`
CRC32	`265B0B9C`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	161e2aae23216fc8_zl1mb9yk6lvkb6lkpr0u1iaw.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\zl1mb9Yk6lVkb6lKpr0u1iAW.exe
Size	2.7MB
Processes	2552 (BumperWW.exe) 2436 (ww15_testLL_0310_single.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8af36ff6b1f239d0fc0f82dd3d7456f1`
SHA1	`852321e0be37a2783fc50a3416e998f1cb881363`
SHA256	`161e2aae23216fc856a7fd15649351c1dd30c95f0cf454eb7199169b08c526e7`
CRC32	`242023BA`
ssdeep	`49152:pAI+tbuLTSGm8+AAI6VMusnEdSMZFd9uAy3+iUkbjzQCNT9Lb6JGskay+jRbwo:pAI+tSLTSgr0MusnEdSMZduV35UUzVtS`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	3a11b5efea6daf80_tqfipzfubzh_ujfiayslnmpt.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\tqfipZFUbzH_ujfiAYSlnmpT.exe
Size	451.5KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`afc1422ec637301a1fc42746347b43a9`
SHA1	`da1b7bba9a50156d96fbb8c6571e7686a62464da`
SHA256	`3a11b5efea6daf8036557af764cba14508cb8c56f69db874049a98890f1c7da3`
CRC32	`1B0C3111`
ssdeep	`12288:Pb7PJ+qskR+PPgFSDvPpORQ8SdHOMmFS4k:D7PJxsECgkk+PuMp4`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	808301cf65c00ebd_ii72a58i44lvrxjwb4buzxn2.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\Ii72a58i44lVrXJwb4bUZxN2.exe
Size	342.5KB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7016e034758d420432dd23abda78074e`
SHA1	`0e0bbeb8a9b8ee5c593fc78ae4794d4a8bc73a00`
SHA256	`808301cf65c00ebd7ee7c1d19aaa33525d2168814b835be34533f2f270227d0e`
CRC32	`11A11732`
ssdeep	`6144:KGwG1A5ir4TRLpklFGodlz0PSa3MDUk4BTJVC:KhiA/TRLKlFGodlz0PSaq4B9`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	6f515aac05311f41_windows manager - postback y.msi Submit file
Filepath	C:\Users\test22\AppData\Roaming\AW Manager\Windows Manager 1.0.0\install\97FDF62\Windows Manager - Postback Y.msi
Size	3.3MB
Processes	4168 (installer.exe)
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {F2B4FBB6-4254-452B-871C-B7BFEE52957F}, Number of Words: 0, Subject: Windows Manager, Author: AW Manager, Name of Creating Application: Advanced Installer 18.2 build de2bf547, Template: ;1033, Comments: This installer database contains the logic and data required to install Windows Manager., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
MD5	`98e537669f4ce0062f230a14bcfcaf35`
SHA1	`a19344f6a5e59c71f51e86119f5fa52030a92810`
SHA256	`6f515aac05311f411968ee6e48d287a1eb452e404ffeff75ee0530dcf3243735`
CRC32	`0CC170E7`
ssdeep	`98304:VYYAexGtulbxKO1fT6sjDT9YnkPOYyGUB9keVJK4jz:TLxfT6sjDpYnkgGUBN`
Yara	Malicious_Packer_Zero - Malicious Packer Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	41e3f69ecc09290e_httpErrorPagesScripts[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\httpErrorPagesScripts[1]
Size	5.4KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dea81ac0a7951fb7c6cae182e5b19524`
SHA1	`8022d0b818a0aea1af61346d86e6c374737bc95a`
SHA256	`41e3f69ecc09290ebc49be16d2415036ddb2f7a4b868eef4091d0b5a301762fe`
CRC32	`5E7F4A18`
ssdeep	`96:JCc1g1V1riA1CiOcitXred1cILqcpOnZ1g1V1OWnvvqt:xmjriGCiOciwd1BPOPmjOWnvC`
Yara	None matched
VirusTotal	Search for analysis

Name	29562a1c10c305d7_uninstall.ini Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini
Size	2.4KB
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`19a0033cd3d14dfb7db03dc222c9d9bc`
SHA1	`93bed455da6bee04923807cc3bf705c8a16d9422`
SHA256	`29562a1c10c305d7768ff1afe55861bc17e7092160a2557861f5a3a5b0e6f269`
CRC32	`B5E6D27E`
ssdeep	`48:RLvYSj9z39zH9394989zC9r9x9399L9f9/9u9G9G17eHdGVydsJWM0qK1PYlNh:bxBNW6AxzN9RFloBxNVJJWqwPG`
Yara	None matched
VirusTotal	Search for analysis

Name	b3a3c03a2b140d4f_uninstall.exe Submit file
Filepath	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe
Size	97.6KB
Processes	1028 (zl1mb9Yk6lVkb6lKpr0u1iAW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`56b3225c7b1d6f05b4ba4ba7b4ce2202`
SHA1	`27c0ed1a6d25a68a48950a7ede29d87e1f2b1461`
SHA256	`b3a3c03a2b140d4fbe9bac4416866210d014da4c64355b395715f2d4c2506c46`
CRC32	`6DE3DA1A`
ssdeep	`1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o75M:kzgjO/Zd1RePDmZ8tf05iW4u1M`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8ccfffcc8c553867_{3d4013bc-3dcc-11ec-98e1-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D4013BC-3DCC-11EC-98E1-94DE278C3274}.dat
Size	6.0KB
Processes	2548 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`808c09a2cde2af48209320303d102c76`
SHA1	`7876d96d0c9896f8137800fe72925922ea45a35b`
SHA256	`8ccfffcc8c553867a10b60e70c53c3002372f620c7c56b282edb404a89dd6692`
CRC32	`8FB5F636`
ssdeep	`48:rlGZxJ7K1MzzOPcsgMzzmBLeaMzzuMzz2//b1MzzcgMzh:26kOUmmByTn23bky`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	dccdfc1c0e6a10d9_proliv041.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\proliv041.exe
Size	3.3MB
Processes	3900 (11E7MDGSktAZAwVCAJlPDyeF.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`95c9346936c5c633e7921950127049d6`
SHA1	`73f85b8663892657610d581e9529bd6e9342c0a8`
SHA256	`dccdfc1c0e6a10d9a3dd9ef2d07097f754dd4781d942ddebd9abed9559f8677d`
CRC32	`762C2D26`
ssdeep	`98304:gEZ6yuYf2xfbCTON0bDwtozs0O+ElMUVLYPPG7:g+6yuYsfbCTON0QegDlMiYPPG7`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file themida_packer - themida packer
VirusTotal	Search for analysis

Name	13fedbb86566c031_vfzocgl35xxvzh8qqcjb1_ox.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\vFZoCgl35XxVzh8qqcJB1_ox.exe
Size	1.4MB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c55a782fb3152c45d4d4944539b5f4ea`
SHA1	`6013dbd7b11390ace1283a402e77e9ef751c4c10`
SHA256	`13fedbb86566c03188cd4038d76837752e17af71055ccc91ff625ff35f532d68`
CRC32	`8A4C7CC3`
ssdeep	`24576:YcnpgcBAihZ1ziovvnNhio1d19f2Ubfmw6ESydB5NSfScZB:vpZt97Zea9SydBXSfScT`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library Credential_User_Data_Check_Zero - Credential User Data Check SQLite_cookies_Check_Zero - SQLite Cookie Check... select UPX_Zero - UPX packed file Trojan_PWS_Stealer_1_Zero - Trojan.PWS.Stealer Zero
VirusTotal	Search for analysis

Name	18ae9d76727c45a5_errorPageStrings[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\errorPageStrings[1]
Size	2.0KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`867666e4f73a755e0c135ce4e90de230`
SHA1	`a7b1d23f1d2ef9de6b149925147d44076e17fcb3`
SHA256	`18ae9d76727c45a577073bfc8d8914fedccfcf43b5afeeaf26737448712334e3`
CRC32	`D8C63FA6`
ssdeep	`48:z9UUiqu6xl8W22751dwvRHERyRyntQRXP6KtU5SwVze/6e/+Ng7FU50U5ZF0:z9UUiqRxqH211CvRHERyRyntQRXP6C8o`
Yara	None matched
VirusTotal	Search for analysis

Name	388a796580234efc__setup64.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\is-BI6MO.tmp\_isetup\_setup64.tmp
Size	6.0KB
Processes	2416 (kak.tmp)
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e4211d6d009757c078a9fac7ff4f03d4`
SHA1	`019cd56ba687d39d12d4b13991c9a42ea6ba03da`
SHA256	`388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95`
CRC32	`2CDCC338`
ssdeep	`96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fd28fe74a42e62f9_60k7gdpwg8mtunq7pxg9pdlx.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\60K7gDPwg8mtUnq7PXG9pdlx.exe
Size	5.2MB
Processes	2436 (ww15_testLL_0310_single.exe) 2552 (BumperWW.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`f1db9c9b4dae2cc59d2b5fb98a923534`
SHA1	`758bf515a543ee5feeea96a2c9ff203a070396e8`
SHA256	`fd28fe74a42e62f9ca6e2ab9ad51af829f9e522f00006d1e4de0f989a65dcaf6`
CRC32	`65AF5DB1`
ssdeep	`98304:GLfbLCkb1Px6jAf1oY0qe+7/7p/0zq3BMkpf9AKdb7jbDKjaqHOZR+681jJeC5UT:GLfCkb1PbmW7ymBVf9AKmaOOio4fKn4W`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature
VirusTotal	Search for analysis

Name	ac6f90ff2e5bddd2_11e7mdgsktazawvcajlpdyef.exe Submit file
Filepath	C:\Users\test22\Pictures\Adobe Films\11E7MDGSktAZAwVCAJlPDyeF.exe
Size	6.4MB
Processes	2552 (BumperWW.exe) 2436 (ww15_testLL_0310_single.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`1008944bf8de596e9d032ab66a46caa7`
SHA1	`cc411e0c3b2a7ef3e02618bdab39d9a023f0569d`
SHA256	`ac6f90ff2e5bddd26a0e1abdf9d35b5533d0d09727a0fd1c28da4bfec2bda950`
CRC32	`D7315F27`
ssdeep	`196608:JxjfY48dybo97ISBCtQkZ+SWtVwiKd4W8eY:LHYygDCa4AC+D`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	8d018639281b33da_ErrorPageTemplate[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\ErrorPageTemplate[1]
Size	2.1KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`f4fe1cb77e758e1ba56b8a8ec20417c5`
SHA1	`f4eda06901edb98633a686b11d02f4925f827bf0`
SHA256	`8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f`
CRC32	`E6FF242A`
ssdeep	`24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6`
Yara	None matched
VirusTotal	Search for analysis