Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.07 12:07
USENIX Security ’23 – ...
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...

Dropped Files | ZeroBOX

Name	1b8d71fa35ff6acc_metadata Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
Size	114.0B
Processes	3468 (chrome.exe)
Type	data
MD5	`5035a657139e64956c33c0e03354aafe`
SHA1	`0b0221d7a5b1acb8ad8cd2c32b6f65ac381990b6`
SHA256	`1b8d71fa35ff6acce1e32245998855fe2cfa39c73747739e146d4296dda6d74d`
CRC32	`57449B09`
ssdeep	`3:mTll+Xl9Ri1llklUAllnlXRyTVoAK3O+bp6:mTlEbWlqLhAd+bA`
Yara	None matched
VirusTotal	Search for analysis

Name	d81707d16583953f_login[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\login[1].css
Size	17.6KB
Processes	3816 (iexplore.exe)
Type	assembler source, ASCII text, with CRLF, LF line terminators
MD5	`d07d6d87df1eb67495c1dd5468ddd40d`
SHA1	`82a7b8a839d305435589561b4745fe971d8a140d`
SHA256	`d81707d16583953f9b6c2449bc28b079b1263aa6563b35bb2dc26bc537f3e8e2`
CRC32	`A539FD0C`
ssdeep	`384:g9nNYoc4rNORhyWKEntY8XiYXUS2qk2VfVQEOHY46Z8I7Z0wTmEqNXMQJOU:gBGoc4ehyJEnSpYXUS2qk2VfmEOX6Z87`
Yara	None matched
VirusTotal	Search for analysis

Name	dfea4ae0ac13c182_qw3hzqngedjao2m6tqiqx5e-avs5_rsejo46_pctrspj0oosolrbejl3hmxfxqaslul2m_danvawbpsf[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF[1].woff
Size	18.0KB
Processes	3816 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 18416, version 1.1
MD5	`56ac38d6dfc95dde661ed52cd5c52c3c`
SHA1	`09c803f8071d080959b5fb1c420124caba062735`
SHA256	`dfea4ae0ac13c18265a27114fb3bc7fded31754fb144409225606cce746450f2`
CRC32	`1EACEB9B`
ssdeep	`384:ERsN+8B+/q8EGq+DorALC6KCHWDDLQEaEUM3t85X8RT:ERsNrB6qNmmALJUDDLtaEyY`
Yara	None matched
VirusTotal	Search for analysis

Name	d6431d5645fffd05_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2168 (powershell.exe)
Type	data
MD5	`260d23ce04a8f8555a73b7d2dc15e911`
SHA1	`ebad746fb7de847c50f7502a44f6e35534733efd`
SHA256	`d6431d5645fffd05a23166d630253bc7ce8c099cf6e9c956f8ae5e1249ee8588`
CRC32	`11D6B213`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwo5tuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXo5tvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	1a9251dc3b3c064c_dinosaur[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dinosaur[1].png
Size	57.7KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
MD5	`bdda3ffd41c3527ad053e4afb8cd9e1e`
SHA1	`0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b`
SHA256	`1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399`
CRC32	`136A1553`
ssdeep	`768:C7Fv/DCdkYu6D+4+T9Z3PYLwkz5Z1sVvxjhL1y4ViUnMQCIR7N0gZ9fkJeZvPxG/:avJx6Dr+7PYRzz1yho4LCQL3kJEvJy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	045b433f94502cfa_motivasans-medium[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\MotivaSans-Medium[1].ttf
Size	121.1KB
Processes	3816 (iexplore.exe) 1668 (1Do72qt6.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansMedium4.015;Plau;MotivaS
MD5	`2d64caa5ecbf5e42cbb766ca4d85e90e`
SHA1	`147420abceb4a7fd7e486dddcfe68cda7ebb3a18`
SHA256	`045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f`
CRC32	`42F403DE`
ssdeep	`1536:v4Kkq/szjKJRIDCnR96guXgECINo28BZZDhpkemOXaxq4jKea8GyFLaE0Af0ffL9:vf/fxn7ElXxE0wS0fj9`
Yara	None matched
VirusTotal	Search for analysis

Name	ff54aaf84f0f3283_debug.log Submit file
Filepath	C:\Program Files (x86)\Google\Chrome\Application\debug.log
Size	290.0B
Processes	3468 (chrome.exe)
Type	ASCII text
MD5	`1f14e67aa59bb8d93d7c015f6e8178d8`
SHA1	`98ad18183109d5d95f8927f236d029a896dde41f`
SHA256	`ff54aaf84f0f3283bf4fa1cedebd956b58d582608d9516e198e909f75bd1d5b4`
CRC32	`1DAD9880`
ssdeep	`6:qS448TCGGDLeX/WSZ18RU4LGGFw3V4vy01ZsRU4LGGFw3V4vF:OJOOWSv8RU4LG6w3V61ZsRU4LG6w3V6F`
Yara	None matched
VirusTotal	Search for analysis

Name	97c39175b9c8c46a_motivasans-regularitalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\MotivaSans-RegularItalic[1].ttf
Size	132.3KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 23 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular Italic4.015;Plau
MD5	`7bc1837717cdc49c511ebdd0e75122a2`
SHA1	`d31e0df252328b946984c6bde94f7b2f7c72d964`
SHA256	`97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b`
CRC32	`05F7F9EF`
ssdeep	`3072:Jgo+yzfgnWNIIwF3vMTMgTO2QTb7W8YNfj9:sJWNIIK3vMaAfh`
Yara	None matched
VirusTotal	Search for analysis

Name	1163e79c446769b7_{9cc019ab-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC019AB-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`77995d81cb41287d8060c5c15216b6f1`
SHA1	`5906e7ad1c503e0ca8a6cdcd1dee5e6020c2c41c`
SHA256	`1163e79c446769b7e2b580148dfbcbe6ea6e74e2bf423916615e3c3ba84ee1b5`
CRC32	`8C222ED9`
ssdeep	`12:rl0oXGFjsxrEgmf906FxCUrEgmf90qTNlk8RbaxkDDWmqL:rssxGZxGNNlkwXDLk`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	90ccd84f28e4dd03_hjrkfxe4wgagi18.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\HJrKFxe4WGaGi18.exe
Size	30.0KB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`35a15fad3767597b01a20d75c3c6889a`
SHA1	`eef19e2757667578f73c4b5720cf94c2ab6e60c8`
SHA256	`90ccd84f28e4dd03fb70b8739c4636acbcf8a030404b5a24264afd1acd09ecbc`
CRC32	`15C40371`
ssdeep	`384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW`
Yara	PE_Header_Zero - PE File Signature win_smokeloader_auto - Detects win.smokeloader. IsPE32 - (no description)
VirusTotal	Search for analysis

Name	419b43913c1adaaf_{ca165110-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA165110-79F5-11EE-91C7-080027C2F7B0}.dat
Size	5.5KB
Processes	3048 (iexplore.exe) 5024 (iexplore.exe) 3468 (chrome.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1d90453be662a718403eac8d63c3a540`
SHA1	`1a60dc26a92059378182c7fccd26efdb88bd149f`
SHA256	`419b43913c1adaaf6f5ae9321f88afbbb3ec581d30517f255d6439619c61520a`
CRC32	`401C2C66`
ssdeep	`48:r4QGwmwiZZlfqhuiZZlFniZZlriZZlViZZlHAH5zYwiZZlxuiZZla7Ml:EdfAYqgA5zYfTaC`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	ad3a75f2dc07deac_main.10a25667.chunk[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\main.10a25667.chunk[1].js
Size	619.4KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`61dcc305464ea7b73041d1d0a46f52ff`
SHA1	`76c69a7da86eb40d8850123c6b125dc9bc46c5fe`
SHA256	`ad3a75f2dc07deacfae300508b6fbe57ee0b7d678187224743454b1a2695bf09`
CRC32	`83E68EA2`
ssdeep	`6144:+S/3hBqcsm0ciVXAiBRYtJGdDZFBaNFkiz7HVG9xVXOds3jYwpA5D/Yl8w3gshk9:+e30FOyiVzs3jYwpAliQD`
Yara	None matched
VirusTotal	Search for analysis

Name	3dc30926bfad9a7d_ujtoidrphphqwyp.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ujtOIdrpHPHQwyp.exe
Size	1.0MB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`64236f23a49b0834909cf9079491e0f8`
SHA1	`f6d84f5d14f205bdc951cdff3c383c67c3019dab`
SHA256	`3dc30926bfad9a7dad066adeebbebf99dc69093728f4a9344cde865c81d3624d`
CRC32	`E3270547`
ssdeep	`12288:8rB57aD0FwPenT2U7vqxIdU7TYnrL9dpxf2xhguuSVKRxyuMPFg/do+:u+DowPenT2U7vqULnrLBFwCMdmd`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	acc9901c93464f7f_gc0mb5xshs_[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\gC0mb5XShS_[1].js
Size	28.5KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`75a6629a0b10ced9a77cabe47859a419`
SHA1	`b750bdf1cb16ddc7119e82497b939d03546e6522`
SHA256	`acc9901c93464f7f1baa5821c028b8d6174c9238b3968c69f787975b6d1810c4`
CRC32	`A60C08CE`
ssdeep	`768:hV+ItRBx5AJ8HyMWE352ScV17+Bv30dZ+:jYJ8SMW37+udY`
Yara	None matched
VirusTotal	Search for analysis

Name	1a662ea94138f009_globalv2[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\globalv2[1].css
Size	38.0KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`44bee1a454453c4e009c10b25eb647ab`
SHA1	`d881e3587c5b2b8a341ef59cef5dc928d9a893c1`
SHA256	`1a662ea94138f009b213092a76f2c83d692b72f05aed21dbbb2385a22c00d3ab`
CRC32	`31BF72A0`
ssdeep	`768:imOhyrYzdKV7qyaFVwoz5Xvt45KqTUzvSQNxKJb4Ud4xh5VgITnw:jYkFero4Ud4xa`
Yara	None matched
VirusTotal	Search for analysis

Name	1231be1e81e02c31_{99990dab-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99990DAB-79F5-11EE-91C7-080027C2F7B0}.dat
Size	9.0KB
Processes	3120 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`91ddf4846120cd33289529a21785c0ca`
SHA1	`19f4fe91dac48b606d6f7ddc72838dbf06b63084`
SHA256	`1231be1e81e02c31fce5bc2c0ef648e045e6065f32af486dd62874a0fe51b7c6`
CRC32	`F56A325C`
ssdeep	`192:u3HWXx93m73H1WI3HW63HWI3HWYzfE3HWM:Pg`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	c0f9968d0fa5f4de_o7nelmd9xsi[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\O7nelmd9XSI[1].png
Size	95.0B
Processes	3212 (iexplore.exe)
Type	PNG image data, 1 x 1, 1-bit colormap, non-interlaced
MD5	`39c11d656220efd52f4965400d14900a`
SHA1	`327050099cee8d1ad81e7bfbe5ca2ea057780a87`
SHA256	`c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c`
CRC32	`A884C1E1`
ssdeep	`3:yionv//thPlE+kSI+Dtmy/Y+sR3sdsXxqtQAltjp:6v/lhPfkCDtmywFWsXxWVXjp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9ce7f3ac47b91743_kfolcnqeu92fr1mmeu9fbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
Size	20.1KB
Processes	3816 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20544, version 1.1
MD5	`40bcb2b8cc5ed94c4c21d06128e0e532`
SHA1	`02edc7784ea80afc258224f3cb8c86dd233aaf19`
SHA256	`9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1`
CRC32	`2CDC4561`
ssdeep	`384:yIaxgESUyNlegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyn:yIw8UElewHxRmqd8PdwLLeR/ZLGwZLbX`
Yara	None matched
VirusTotal	Search for analysis

Name	d98116ff13cac77b_recoverystore.{9665572b-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9665572B-79F5-11EE-91C7-080027C2F7B0}.dat
Size	4.5KB
Processes	3048 (iexplore.exe) 3212 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6867faea7649527edd6de1acf6e58f78`
SHA1	`f58fcecdcbbcc3a13eea8a48060a3153790c5986`
SHA256	`d98116ff13cac77b14a87cea96aa9e082a3babc651c20796596aa5525151428f`
CRC32	`E3A4F610`
ssdeep	`24:rqP5/jGb5/Z8KplWOqKKOtpb8lWKAva5EOKyfKBKaKtNlWOqoKOtpb8lWKAva5Ey:rC585h8x2ODCJPcODCJ0`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	761823568d974314_tus.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000063051\tus.exe
Size	892.0KB
Processes	2964 (explothe.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`457cc90e17ea3e209d405634e0d4ae47`
SHA1	`34489d3af8153f1031f63f98f3fae40e5dd83f35`
SHA256	`761823568d974314b04ee99055f7a6fb3a5a8454ba1b7f7a10bc1205d510bc45`
CRC32	`60101037`
ssdeep	`12288:jrBh460mdYPenb2U7vqx0zeXFcXrPlLpxfY5hmuuSwKe16S:L30+YPenb2U7vquvXrPvFp31`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8dc4985cb146efd7_{9cc019aa-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC019AA-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`72c323996cba061d13f59b0a3820500b`
SHA1	`6bda9999666a382e3e1e4d2f90a785d3c0736db5`
SHA256	`8dc4985cb146efd7719d3caff0320209f812697de466d5f79152015a50126517`
CRC32	`CF4DE322`
ssdeep	`12:rl0oXGFYU0xrEgmfx06FkrEgmfx0qTNlI8lbaxxtLHW:rlxGAGBNlJQtLHW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	2963f8d740a2c39e_48j9fkvx.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\48J9FKVX.txt
Size	277.0B
Processes	5024 (iexplore.exe)
Type	ASCII text
MD5	`e72e3d8909de42ec9e771cebd2713fde`
SHA1	`65455390364496d4a08721b300db66fd56493f57`
SHA256	`2963f8d740a2c39efe6a0f93d0c10b623174e2215d5275d3d9c0f8f275c8d9f0`
CRC32	`76051D5F`
ssdeep	`6:2UdGkxGRXbWfawH4zDAXQXGRXbUtzxTX8zWH0oMNGRXbUtzxYn:2ctGRXbWf3GDxGRXbsjr0oMNGRXbsY`
Yara	None matched
VirusTotal	Search for analysis

Name	d5692b785e183408_motivasans-bold[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\MotivaSans-Bold[1].ttf
Size	121.0KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBold4.015;Plau;MotivaSan
MD5	`6168553bef8c73ba623d6fe16b25e3e9`
SHA1	`4a31273b6f37f1f39b855edd0b764ec1b7b051e0`
SHA256	`d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66`
CRC32	`070A3CB4`
ssdeep	`1536:M+s43BGZsrolB21EJ4q+GIbdSW7VvCtQXjPM3mz1yxvjWRVIoFMe1V13836GKCnY:T1GZXlB2SUbxVv/zM3mZyxLUZGrSDfj9`
Yara	None matched
VirusTotal	Search for analysis

Name	6fb31acdaf443a97_edgium[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\edgium[1].png
Size	7.0KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`01010c21bdf1fc1d7f859071c4227529`
SHA1	`cd297bf459f24e417a7bf07800d6cf0e41dd36bc`
SHA256	`6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e`
CRC32	`C5C47D22`
ssdeep	`192:vRb1blB+w3GiZiTUH3Fxkiss/qophQc+PvzFDdSqqF:vXPLgo1xkteqkOvh5SqqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	066ef77f473bc3a8_salo.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000065051\salo.exe
Size	1.0MB
Processes	2964 (explothe.exe) 3768 (ia7EY5bf.exe) 3048 (iexplore.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`e6cea4a876d53f69abb563b269d4e466`
SHA1	`83faffc4296167b401b3d55aa5775ee62a32c0e6`
SHA256	`066ef77f473bc3a8bd6b2d64ca6ef4ae44b6710faea7c9d9ae3f1a482c9008ed`
CRC32	`F81744AF`
ssdeep	`12288:xrB52iB0FwPenT2U7vqxIdU7TYnrL9dpxf2xhguuSVKR6KeEPjQbynCycnNtt/Xn:plBowPenT2U7vqULnrLBFwXPbYGk`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	41464efd9a32a596_motivasans-lightitalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\MotivaSans-LightItalic[1].ttf
Size	130.5KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansLight Italic4.015;Plau;M
MD5	`07247cbd12d4e4160efd413823d0def8`
SHA1	`517a80968aa295d0a700a338c22ba41e3a8b78a7`
SHA256	`41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829`
CRC32	`BFC31050`
ssdeep	`3072:D0000yU00000p4hvCgblYq4AYpbVvQ8U/VMxLseW8Yafj9:D0000GWCClpnYpxvRamfh`
Yara	None matched
VirusTotal	Search for analysis

Name	91222f96f34735eb_jquery-1.11.1.min[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-1.11.1.min[1].js
Size	93.5KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4dc834d16a0d219d5c2b8a5b814569e4`
SHA1	`4fbe0563917d6f6289e4e1b4a0a8758e4e43bda9`
SHA256	`91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef`
CRC32	`4C59FA2C`
ssdeep	`1536:EPEkjP+iADIOr/NEe876nmBu3HvF38sEeL8FoqqhJ7SerN5wVI+xcBpPv7E+nzmN:bNMzqhJvN32cBd7M6Whca98Hr4`
Yara	None matched
VirusTotal	Search for analysis

Name	08e8605dbb5cb7b5_{9665572c-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9665572C-79F5-11EE-91C7-080027C2F7B0}.dat
Size	11.0KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`83ff714da417fca3a6bbc406c07106f3`
SHA1	`55a1808e9f29adff7f02ab2a4308515a0bc58017`
SHA256	`08e8605dbb5cb7b5ef0f06fa61174daf3979f529f72a0a99654986a712069907`
CRC32	`081EDF83`
ssdeep	`96:gK46nHnxu8/GnQ6nHn/GhtQ6nHn/GNQ6nHn/GDQ6nHn/G1Q6nHn/GQSwG8eUSQ6z:gKvH013HSt3HG3Hk3HG3HGR3Hjzr`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	41e3f69ecc09290e_httperrorpagesscripts[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\httpErrorPagesScripts[2]
Size	5.4KB
Processes	5024 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dea81ac0a7951fb7c6cae182e5b19524`
SHA1	`8022d0b818a0aea1af61346d86e6c374737bc95a`
SHA256	`41e3f69ecc09290ebc49be16d2415036ddb2f7a4b868eef4091d0b5a301762fe`
CRC32	`5E7F4A18`
ssdeep	`96:JCc1g1V1riA1CiOcitXred1cILqcpOnZ1g1V1OWnvvqt:xmjriGCiOciwd1BPOPmjOWnvC`
Yara	None matched
VirusTotal	Search for analysis

Name	9d019be61580716c_{ca165112-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA165112-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3048 (iexplore.exe) 3212 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`05360c2747b816ad1943f85dde296b12`
SHA1	`24cfc42d5a5d64d5c94b28e32c0a316cb344715a`
SHA256	`9d019be61580716cf749264c106df0512d994dc1448157e9b4159565845abb32`
CRC32	`7BE4423D`
ssdeep	`12:rl0oXGFqwJsxrEgmfx06FsrEgmfx0qTNlI8lbaxxtLHW:rusxGQGBNlJQtLHW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	2a3ae09e3f17f6fd_foto1661.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000064051\foto1661.exe
Size	1.5MB
Processes	2964 (explothe.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a437e70762c2ac52269611ff074f771`
SHA1	`55ed4e90b5fe27ce84e216ad200fe71db9dbfd68`
SHA256	`2a3ae09e3f17f6fdab9eb72773353e7d01ca9b0188dded2ebb5a11344f5e6d40`
CRC32	`CB3011A7`
ssdeep	`24576:8yb9QBAT8qxULirFaXAAislj8rYXJIeCSul/RHTeJ1b2kb1SR3cYykEqf1ucq/2:rbj4qxWiwFXJIhX/541l1S120Tg`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) CAB_file_format - CAB archive file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	633002f58522bb2b_y0l6f5sxdiv[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Y0L6f5sxdIV[1].png
Size	6.6KB
Processes	3212 (iexplore.exe)
Type	PNG image data, 283 x 315, 8-bit colormap, non-interlaced
MD5	`84545f4e3dc299f20c0be6710cb09858`
SHA1	`f508422fc6bfd6a4866c1752f032bebcdc9d32b4`
SHA256	`633002f58522bb2b155769bd8c96d8ed33271f888a2402d46d8e24935cdd03a2`
CRC32	`76F4BEE9`
ssdeep	`96:ojMnL5qfFF9YIdIv8DQ+f7XzWfbuhh1F+4lW0G6rM+mZKFgE9u:eML5qW8kIfOuhoFnxZOd9u`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	453ab6d667b95006_1jo5zchbkzz[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\1jo5ZChBkzZ[1].js
Size	6.2KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`3f4dae100f671e7e456bf18bd935b743`
SHA1	`a9f8819583c31348f302b1ae2d2b6d6fdae5f585`
SHA256	`453ab6d667b9500637cf6e2d7f5ea00bfc333beae98f611eda807c8dd510a647`
CRC32	`6D3DB44C`
ssdeep	`96:7AbG7AKxAoAmAkAJkAuBeRALxAHD41Y06E7ocnWra2vsmovSDWiFkUVwqNMJjK+U:MbGMN3db5CeSLxxS5VwgWcayRoJQf1Xh`
Yara	None matched
VirusTotal	Search for analysis

Name	ca0119289029d406_{9cc019ac-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC019AC-79F5-11EE-91C7-080027C2F7B0}.dat
Size	4.0KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`dbb1c6eb694f4a7586d355eed4147d59`
SHA1	`0b59bcfbe7d730fbd4256e296d5e12b145100d7c`
SHA256	`ca0119289029d40612875f093e7a0be52c9e6951be5cc16f9bbbaa4404cc0a44`
CRC32	`CD3741A9`
ssdeep	`12:rl0YmGF5YrEgmfQB0KF6xrEgmfF0qwltNlx/U9baxk7b9QWll69:rjYGBGaltNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	e753a6b743187c7d_motiva_sans[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\motiva_sans[1].css
Size	2.7KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with CRLF line terminators
MD5	`19f4a36c629c358690fc93dbd234d105`
SHA1	`6bbc819e64172d57a4abdaa20c8e2b8a32dd662c`
SHA256	`e753a6b743187c7d592e6e2d3580336751e6211cd228ad7410e02db29ec91ad8`
CRC32	`FD7AE715`
ssdeep	`48:y3/p1p6iBbbjR3Yk5kSR3YkywR3YktStR3YkFXR3YkRCR3Yk50woR3Yke+oR3Yks:ip1p6e8NOkXNwf+WAow`
Yara	None matched
VirusTotal	Search for analysis

Name	6b7a3177485c193a_motivasans-light[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\MotivaSans-Light[1].ttf
Size	119.8KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansLight4.015;Plau;MotivaSa
MD5	`d45f521dba72b19a4096691a165b1990`
SHA1	`2a08728fbb9229acccbf907efdf4091f9b9a232f`
SHA256	`6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc`
CRC32	`EBD12149`
ssdeep	`3072:XnN/O/ceJkGwg/MOAibD2hPfX4HYhDhudcvObkSafj9:9/O/ceJkGwg/MOAib6nX44NhIWOb8fh`
Yara	None matched
VirusTotal	Search for analysis

Name	6c3c1986f231973a_noconnect[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\noConnect[1]
Size	5.3KB
Processes	5024 (iexplore.exe)
Type	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5	`7686f6957ab9b36be2ebba88772a1541`
SHA1	`27089f8c09e41fdc4c994f8a5a5b115058479def`
SHA256	`6c3c1986f231973a68ddbacfd2a40408c8766bb18851c1a80e121f08f9bcf4de`
CRC32	`CA869C92`
ssdeep	`96:x4xOKDm0AK8naEFgkQgWmwep7eyaHNdj1BQp3VaYuV5pLeOMnCi:x4xOuuK8nNFgyW3eJe9HzjfQpI5p7md`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	569231a6d7fcb66f_2.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000062041\2.ps1
Size	169.0B
Processes	2964 (explothe.exe)
Type	ASCII text, with CRLF line terminators
MD5	`396a54bc76f9cce7fb36f4184dbbdb20`
SHA1	`bb4a6e14645646b100f72d6f41171cd9ed6d84c4`
SHA256	`569231a6d7fcb66f4cacf62fd927c9c7da74d720e78ae09e07032b71a1e0a43a`
CRC32	`B1F93E6A`
ssdeep	`3:roKKFroI1MFMa7bFOKVJ3uMIu1NmMFIwpcNybFt3DKVJ3uh:cKKBV1MFMgFOw+MIimMFIsxFtzw+h`
Yara	None matched
VirusTotal	Search for analysis

Name	da708635da162ea4__combined[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\_combined[1].js
Size	119.3KB
Processes	3816 (iexplore.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`39e34882ba4417cb4b1b84916dabb770`
SHA1	`0d0ca081fb60c8aad337091bafcbe84f966c38b0`
SHA256	`da708635da162ea493874627775c3520a42145b79c73bf787b5113bf87c0b27c`
CRC32	`CDBD990F`
ssdeep	`1536:LlFY4P+xmlvr+k3mCQHNl9EvOxzXQApcGBPVCGUb6WFA66WqiLOrVQXWc1Uw4zv6:71XZEl9EvOxzLcGBkQ1WBV4MH`
Yara	None matched
VirusTotal	Search for analysis

Name	e2d4e0e1d3e162fd_tooltip[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\tooltip[1].js
Size	15.7KB
Processes	3816 (iexplore.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`72938851e7c2ef7b63299eba0c6752cb`
SHA1	`b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e`
SHA256	`e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661`
CRC32	`113C331B`
ssdeep	`192:x32Mu4vUDjHbnZsXGWIS75sTY8M7ebb6qgrrY20jhN3MScuhJ05zb5jzCF+MlF+8:x32L4kzt3gtGb5LQqha31iUTSiq5N`
Yara	None matched
VirusTotal	Search for analysis

Name	4afb3e37bfdd549c_shared_responsive[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\shared_responsive[1].css
Size	18.5KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`2ab2918d06c27cd874de4857d3558626`
SHA1	`363be3b96ec2d4430f6d578168c68286cb54b465`
SHA256	`4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453`
CRC32	`CBFE49FD`
ssdeep	`384:QwtVMAjYb2JalUNlpczHK77iHiEiN/mm+pqOw6GNNZhweP8/F:QmS6FJJNzczHK7uHix/T+pqOwlNzi`
Yara	None matched
VirusTotal	Search for analysis

Name	10fe1d7788d9a779_dnserror[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dnserror[1]
Size	5.8KB
Processes	5024 (iexplore.exe)
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`67bbf4af23868b17115e91fc0f35b5d9`
SHA1	`f43e2691fa1d733fdfc6dc7c280a659af3bc8dc2`
SHA256	`10fe1d7788d9a779bcaaeb53f879c6254425e4b64a84b24bbbc099cd7be99058`
CRC32	`099D8EAD`
ssdeep	`48:uqUPsV4VWBXvXS4nZ1a5TI7HW/Tu21kpd87KZA9f+upbthDb6Xuzut7Cih0:uOpiEQKHT272axfnRzkh0`
Yara	None matched
VirusTotal	Search for analysis

Name	6cb869df089146c1_header_logo[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\header_logo[1].png
Size	10.6KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
MD5	`a4e79c73ee13cb25b60fc4b0ba1f690c`
SHA1	`b690c31b2eb1b0eb085e91aaae7e79f03debe7c1`
SHA256	`6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8`
CRC32	`145A78A3`
ssdeep	`192:5ARjfa23tAJsqmbZEyI3ImwTHVeVUzp7C+22Z6XikPFffq0BV0FIZLKePlOoYWn4:5AfaItAJsfElI3jVwUzpC+JqNfC0wFIM`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	84fe36fa18724445_home[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\home[1].css
Size	14.6KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`fbaa908b7ad972519f01b8018ed98f2e`
SHA1	`625d6da35037b70fb9c4daa4622185ca44d0f4f2`
SHA256	`84fe36fa18724445ef05858506ade2e9bdafd2cee2d55555dc94ac94ae58fc6b`
CRC32	`5839D13A`
ssdeep	`384:MzzyxRPy8tJ2aAX2MZs2MD+OHU6KiG0Bh9Ar:KzyxRPy8tJ2aAmMZs2MD5HU6Ki3y`
Yara	None matched
VirusTotal	Search for analysis

Name	4c04f493cb7b4161_l2u4h9mu.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\L2U4H9MU.txt
Size	207.0B
Processes	3212 (iexplore.exe)
Type	ASCII text
MD5	`9a261394e18c087bd8177909c8e56085`
SHA1	`f49c3af2b75d3d4decadaf3b62b6229129402de5`
SHA256	`4c04f493cb7b416124d418911d25f374c83b252caa252e9dd9ff5cc7e2c980fc`
CRC32	`19BAD04C`
ssdeep	`3:bhxN+iYJibnDlxhSXbUiXivTVMj5ST3Br6GsS52+GTrphSXbWsSxWNwfVWhTs:TYiYgbnxzSXbUaEVaAJFSbSXbWsSjfVT`
Yara	None matched
VirusTotal	Search for analysis

Name	b7ccacfc5edfca72_zsmmzjhurfw[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\zSmMZJhuRfw[1].css
Size	3.3KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`b1aacb4653e2a7b639d7e412d4ccfb93`
SHA1	`4ebdb7b17a3f5f8c3d44e3ec703eae3603e2f368`
SHA256	`b7ccacfc5edfca721b473710d403d28a59901ab3a3db8e9dd4ead21c324071b4`
CRC32	`BB591450`
ssdeep	`48:QsAKllokcBLsfBuGgUbITkZ6JVAY8DdDiSO4gajaPrXdPkH2VFAt55wyO:6K7SQPgUb/Z6Jv6QDcaTXdPkHyF2Dw3`
Yara	None matched
VirusTotal	Search for analysis

Name	02f95fbdb68f232b_opera[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\opera[1].png
Size	2.3KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`5cb98952519cb0dd822d622dbecaef70`
SHA1	`2849670ba8c4e2130d906a94875b3f99c57d78e1`
SHA256	`02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7`
CRC32	`AD4AD45A`
ssdeep	`48:T/9xo755n07P4gcVK+VJOuCORmJtLnzvzNkYzGQqvz3EP3/pFqcU:no755nQPeVKMbNYJtLzvxkMheEP3/3s`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	badf090f0f55a7b4_eoehqm4veky[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\eoEHQM4veKY[1].css
Size	20.9KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`7a8399ac6636dff50de8e42029486125`
SHA1	`a3f88a3f0afead60e73eabd59ec331a006d055e8`
SHA256	`badf090f0f55a7b456d885bd111a03454236c310ecb1769c8c29e64d169afe4f`
CRC32	`8E6A2F6E`
ssdeep	`192:OpdjjASSX0Iwih5lVfTniqwacpQ9QFOwMQIQVQFVvuwU1dDTZ9NVtVLeE5GiXL27:O9jAScVfwk9QE0JaewgTLXqf3TGzIaid`
Yara	None matched
VirusTotal	Search for analysis

Name	dd78813fb43c593c_m8a8jlevldw[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\M8A8jLevlDW[1].css
Size	4.6KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`6f310ccb946910916e29d7eeea68c8e9`
SHA1	`4a04ee9e611aa8c48e744e1b9a2421bf5c1c3117`
SHA256	`dd78813fb43c593c2913c530b81b47c42fd42aa90399c32d8cca2ae790fbb8a9`
CRC32	`FFEAB9AA`
ssdeep	`48:QYgSHfsnsXImvUg0W4LJoIX5GVFTLV4VSsVEQaf/LzGPKD4mQcCh:QGhsgU1pCzYS0m/E24mQHh`
Yara	None matched
VirusTotal	Search for analysis

Name	3a335caead0fbb3d_3.520a7eda.chunk[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\3.520a7eda.chunk[1].js
Size	2.3MB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`13bcc7887b059b2d3d80f0e0b7abd615`
SHA1	`b7e52adc57faa4fb1786c2e453b82c7b75c1cf1d`
SHA256	`3a335caead0fbb3d197e87e0f256b6fc1966788dc34ddf7bd696d35c1f35e5d6`
CRC32	`63AD4D9E`
ssdeep	`49152:G9qMKZssR5RpJYCQKVqGDa89Oqh5mDYCQKVoq7cu6MQZC43hN+ge22vm:tsaMS+gem`
Yara	Javascript_Blob - use blob(Binary Large Objec) javascript
VirusTotal	Search for analysis

Name	ebd518bec6383218_header[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\header[1].css
Size	12.5KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`be1e0131e0dc3620948b14da818b1a4d`
SHA1	`810b4aff56a0e76cf870cc67e3092447b46dcd92`
SHA256	`ebd518bec6383218452cc4597aeff5debc82b1f76cbea1950c5ecbfd59c5e3e5`
CRC32	`B55B6CC4`
ssdeep	`384:CDWFvVcXIeIHug0g1RfzpJc8dIG4oLqE8js18mU2V5o4LYLysuSd:CDWFvVcXIeIHug0qRfPc8dIG4oLqRjsI`
Yara	None matched
VirusTotal	Search for analysis

Name	20fad8097502c4e4_css[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\css[1].css
Size	354.0B
Processes	3816 (iexplore.exe)
Type	ASCII text
MD5	`1bb2a157e6de2f7e7078a5aaef8516a0`
SHA1	`877ce405de56783d9351b524cfcd0c7da02627a9`
SHA256	`20fad8097502c4e4256f6acaa5a88a4f71e48bef44a3412d7cbaa54af6d1aa94`
CRC32	`D99E72F0`
ssdeep	`6:0IFFli+56ZRWHTizlpdAxI6sVuNijFFli+56ZXizlpdAxI2JNin:jF/iO6ZRoT6pix3sEqF/iO6ZX6pixRJY`
Yara	None matched
VirusTotal	Search for analysis

Name	18ae9d76727c45a5_errorpagestrings[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\errorPageStrings[1]
Size	2.0KB
Processes	5024 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`867666e4f73a755e0c135ce4e90de230`
SHA1	`a7b1d23f1d2ef9de6b149925147d44076e17fcb3`
SHA256	`18ae9d76727c45a577073bfc8d8914fedccfcf43b5afeeaf26737448712334e3`
CRC32	`D8C63FA6`
ssdeep	`48:z9UUiqu6xl8W22751dwvRHERyRyntQRXP6KtU5SwVze/6e/+Ng7FU50U5ZF0:z9UUiqRxqH211CvRHERyRyntQRXP6C8o`
Yara	None matched
VirusTotal	Search for analysis

Name	0f2176863f04f2b6_{c22153f2-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C22153F2-79F5-11EE-91C7-080027C2F7B0}.dat
Size	9.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e1413d94d12c454cd24238e9001cd162`
SHA1	`1418de72176b8b6da0245a5be31420ceb695acaf`
SHA256	`0f2176863f04f2b6c67ca5749cf24165795f43c75e33b7b796dde437d745bc7b`
CRC32	`13FDD92A`
ssdeep	`96:uQ6nHngGwtQ6nedQ6nHnZngYQ6nHngCQ6nHng4Q6nHng6fhw7Puf4Q6nHngY:u3Het3ed3HJ73Hl3Hz3Hc2f43HD`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	0e3dc4ccd259716b_settings.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Size	40.0B
Processes	3228 (chrome.exe)
Type	data
MD5	`62325aa04f35880232330f344df8018c`
SHA1	`58fe9532ee8d96e8d12448408cf3ccf9d0542543`
SHA256	`0e3dc4ccd259716b24376fddb4ee07a6c227f8bcb2532a7dd75bb36a4290e7cc`
CRC32	`6F0BEA7C`
ssdeep	`3:FkXJRYcTUM:+wcTb`
Yara	None matched
VirusTotal	Search for analysis

Name	e3f67c0e6e550030_{c22153f4-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C22153F4-79F5-11EE-91C7-080027C2F7B0}.dat
Size	9.5KB
Processes	3048 (iexplore.exe) 3212 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`a5588558d28b3ea936bbca7b67fb548e`
SHA1	`9a7a0b9a8cc7133efd6d68d54190dec32b6cfa5a`
SHA256	`e3f67c0e6e550030a2e094d89464976df0eb78cd179679974e7fc4ed1c8344f5`
CRC32	`36A3D0F8`
ssdeep	`96:uQ6nHnStQ6n6UQ6nHntnYQ6nHnSQ6nHnEVQ6nHnwxw7PkefYQ6nHn4:u3HSt36U3HFY3HS3H43H1cefY3H4`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	be98258700b5b5dc_e749f60b-00e8-44a3-b6b8-fcf9105c389e.dmp Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\e749f60b-00e8-44a3-b6b8-fcf9105c389e.dmp
Size	539.8KB
Processes	3468 (chrome.exe) 2548 (iexplore.exe) 3048 (iexplore.exe) 3212 (iexplore.exe) 5024 (iexplore.exe)
Type	Mini DuMP crash report, 10 streams, Fri Nov 3 03:44:47 2023, 0x0 type
MD5	`572898a581bdbc8a4d38d2d57ce8b11c`
SHA1	`dd8fc1a8ebbfc776e5774f1ed42f1b95b297a4da`
SHA256	`be98258700b5b5dcfa4cad0d4c465cfd61ab39ed8bdda038ac33997aef8449d1`
CRC32	`8CCB0D85`
ssdeep	`3072:1ahFsZg2CZiYQn9rnAz9Tkj6afiLQtPiy3/m3gEBPMFtcDMehl96ciyyDXcX:cdgKQREBPMHehl96c8Ds`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	f2abf7fbabe298e5_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	3816 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20344, version 1.1
MD5	`d3907d0ccd03b1134c24d3bcaf05b698`
SHA1	`d9cfe6b477b49d47b6241b4281f4858d98eaca65`
SHA256	`f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f`
CRC32	`B5ADEB16`
ssdeep	`384:pVO/VZJNNePVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkA4Y:pVQemOSu1guh+fZhLSxkAN`
Yara	None matched
VirusTotal	Search for analysis

Name	476165c577f1d383_ehj0qry2fbp[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\EhJ0QrY2FBP[1].js
Size	407.3KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`d67ad6f27aadf129fee265f143dbc324`
SHA1	`c7b7ae2f35e6e5ba6c7c0826440dcecd332aec0d`
SHA256	`476165c577f1d383c2f9f706ffcb626d468871c4677190d969df6844b8e4373b`
CRC32	`FED7EFA7`
ssdeep	`6144:p/Mc/E5+TMPsgnHBTEwKLPGMZuVNtW7c5gGG:p/D/6CCjOGG`
Yara	None matched
VirusTotal	Search for analysis

Name	b71e4d17274636b9_www.facebook[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\DOMStore\1XU2ZD41\www.facebook[1].xml
Size	13.0B
Processes	3212 (iexplore.exe)
Type	ASCII text, with no line terminators
MD5	`c1ddea3ef6bbef3e7060a1a9ad89e4c5`
SHA1	`35e3224fcbd3e1af306f2b6a2c6bbea9b0867966`
SHA256	`b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db`
CRC32	`34D9E2D3`
ssdeep	`3:D90aKb:JFKb`
Yara	None matched
VirusTotal	Search for analysis

Name	0adf4d5edbc82d28_motivasans-thin[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\MotivaSans-Thin[1].ttf
Size	116.0KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan
MD5	`ce6bda6643b662a41b9fb570bdf72f83`
SHA1	`87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8`
SHA256	`0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6`
CRC32	`35DFAE7F`
ssdeep	`1536:GAAAAAAAgsAAAYgIAAAAsAuErzzzz6mfzzVCA9zzzzzzdp/koLAGXImE98YfgNi9:kErZDE9BfgNiX9k3SDHewStfNwS0fj9`
Yara	None matched
VirusTotal	Search for analysis

Name	6f93f21bc1ecc2d1_motivasans-bolditalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\MotivaSans-BoldItalic[1].ttf
Size	131.3KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBold Italic4.015;Plau;Mo
MD5	`e77ef961fe37dd8e6de30d4f7fa9a4de`
SHA1	`567327935ae2bb3de45e7f612f2d05273a999584`
SHA256	`6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64`
CRC32	`67EE023D`
ssdeep	`3072:w+hQ7lZMhScOZZI1pwldKK087VnIpTcIH1hW8Y1fj9:wQh1mZekMb8YEfh`
Yara	None matched
VirusTotal	Search for analysis

Name	08e33db08288da47_kkau9cp3nnrikrc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\kKAu9cP3NNRIkrC.exe
Size	219.0KB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4bd59a6b3207f99fc3435baf3c22bc4e`
SHA1	`ae90587beed289f177f4143a8380ba27109d0a6f`
SHA256	`08e33db08288da47bbbe3a8d65a59e8536b05c464ba91dc66e08f9abd245e236`
CRC32	`8D866B65`
ssdeep	`6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	19b8db163bcc5173_motivasans-regular[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\MotivaSans-Regular[1].ttf
Size	119.8KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva
MD5	`57613e143ff3dae10f282e84a066de28`
SHA1	`88756cc8c6db645b5f20aa17b14feefb4411c25f`
SHA256	`19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14`
CRC32	`CD0E286C`
ssdeep	`3072:lpsQ7l3T64Z1lKcDqttEPBWVNwZ+e222pKKSxfj9:Yg3T64Z19DqtkWbu/222kZfh`
Yara	None matched
VirusTotal	Search for analysis

Name	b581d3ca109eec3f_manifest[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\manifest[1].js
Size	14.7KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`17d3ae832bbe0b21b7658124f280c1c6`
SHA1	`f182e40148cd9f760ff632eda5fd85ebc2d962a8`
SHA256	`b581d3ca109eec3f1d733cf2729403774d2289a25ca66620bebe543e58d0b97e`
CRC32	`093613B2`
ssdeep	`384:+1d1B6fcx9Jp9hl3FFsjJgh7oYGVhkc373Ml+m4ksN:gachRFEgGYG7dL3Ml+m4ksN`
Yara	None matched
VirusTotal	Search for analysis

Name	db2c7d43773d8001_oevbdlggytt[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\OeVbDlggYtT[1].css
Size	318.0B
Processes	3212 (iexplore.exe)
Type	ASCII text
MD5	`1f6365a8e1e072a6e5e5d6c4c396d258`
SHA1	`0f8a65cb43cf26cf2ac3d0491c9b10c22cb2d03f`
SHA256	`db2c7d43773d8001c389bfaaa0db330eebc27a750bf0aad5066ddb8af5565901`
CRC32	`6C3ECB99`
ssdeep	`6:KCxMd1hoK9x9MKKSo4LGcGUvzgIxnG3pUvuWWip/UXHCYV:KCxMSKLGn0LGcGJGnGXNip/UXT`
Yara	None matched
VirusTotal	Search for analysis

Name	ea60d261dca3e58d_{c22153f5-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C22153F5-79F5-11EE-91C7-080027C2F7B0}.dat
Size	4.0KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e23150a42b5b226911d72e3e48392579`
SHA1	`57cf27db6cf3ef2ad64eb652a42c540d3c2e9ad8`
SHA256	`ea60d261dca3e58dbb0dd0b7e179151fed3d1ed37998a770d07692f14be0d615`
CRC32	`6952E647`
ssdeep	`12:rl0YmGF1iYrEgmft7KF4SrEgmft7qgONlPBbaxcDV1uKB2NlPBbaxcDV1uKB:rPiYGAGrONlJPDV4NlJPDV`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	5d231ffb6455878a_rik3e2qqnc0puco.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Rik3e2Qqnc0PuCo.exe
Size	219.5KB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0e3c870fd174b7fa8c2d521a1b95f9bb`
SHA1	`35d2a92e0f38e4e92fc4ab3e85af986d1b37af8e`
SHA256	`5d231ffb6455878a0a9f495c3f736f16f635a08d09845fad22f87e5dde31ec04`
CRC32	`35924071`
ssdeep	`6144:hekH7t7NgckInr9gLwITq0YE18qYmEWaU:kc7NgckInrGL3TqOYmEWaU`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult RedLine_Stealer_b_Zero - RedLine stealer ConfuserEx_Zero - Confuser .NET OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	e3e8258d3477b396_v9smx8ennxw[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\V9SMX8ENNXW[1].css
Size	4.1KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`d16898a3a31de3b912f52309528e4ef1`
SHA1	`ca3109b0a169b6a347e099a5a4126e63821ba6cd`
SHA256	`e3e8258d3477b396c686ea1644f7eb37e32d44bfc95d021e1894e6684ec21ffd`
CRC32	`77589BCD`
ssdeep	`96:9mkGV1JCEMujUbXHmpYXgrLzGm7tEDJsumLf1z6NBUEESEaQw:okS7UbXHmmXgrLz97tED+umL9+Nat34`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6f5d8f32f13d58_yt_logo_rgb_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\yt_logo_rgb_light[1].png
Size	9.0KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 1588 x 356, 8-bit colormap, non-interlaced
MD5	`d654f892f287a28026cd4d4df56c29c8`
SHA1	`98779a55fe32a66ebec8338c838395d265e45013`
SHA256	`fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8`
CRC32	`ADDC0391`
ssdeep	`192:xTgkM9IY3KfGF7OhNzYlIgLUZt6oBhRLpiUQgkM4ICB6CvE9:NNM9IY3DF60lA6kLpbQgkdze`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e2f82095229d3e60_oal13j4u.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\OAL13J4U.txt
Size	129.0B
Processes	2548 (iexplore.exe)
Type	ASCII text
MD5	`b0c43ced06d4f6b7ba44229809529144`
SHA1	`d80f8abf4bfb9fb513622c7f6683b6cfe75aea70`
SHA256	`e2f82095229d3e60c81f4adef56aca8992a83878f76f14061d690b3fd30b553e`
CRC32	`6A1DCC8C`
ssdeep	`3:LDM8vUmxIu5UQPOo6zRZv6KJ3uJcSMPXg0rTECXR7VTSTs:Lg+ZCulOLR60+SVPXTpLTh`
Yara	None matched
VirusTotal	Search for analysis

Name	ae9f6c61e25d1588_footerlogo_valve[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\footerLogo_valve[1].png
Size	3.6KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 96 x 26, 8-bit/color RGBA, non-interlaced
MD5	`1626f52addb7c56fe3679d82108c62e9`
SHA1	`2b414092d66ecff528950093a655f755c3c7f3b5`
SHA256	`ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1`
CRC32	`BAF78720`
ssdeep	`96:OSDZ/I09Da01l+gmkyTt6Hk8nTqviwYZP2H51:OSDS0tKg9E05Tqviw6451`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9f34abcc66c858bd_login[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\login[1].js
Size	59.3KB
Processes	3468 (chrome.exe) 5024 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`818b5b6802ade9bc10c979666ee5e2c4`
SHA1	`459e0bc8b8b1f4b1af3dcb6583b8bc3f7a624f9e`
SHA256	`9f34abcc66c858bda5652c104a4471a0ee98994cd9718cdfae6623bc52c403ec`
CRC32	`8E6330C7`
ssdeep	`1536:AErpvhgB0KEApMyw+l/oOJz9WwymlgaUYCOlb+OeaLJIt:AEd5gbEhZSyuLJIt`
Yara	None matched
VirusTotal	Search for analysis

Name	0be99fd30134de50_buttons[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\buttons[1].css
Size	32.8KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`b91ff88510ff1d496714c07ea3f1ea20`
SHA1	`9c4b0ad541328d67a8cde137df3875d824891e41`
SHA256	`0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085`
CRC32	`E7210F30`
ssdeep	`768:1rv31+3R8zIF/3doix2R1pW81qWZRhcJMJsJx:FpP1vZRE`
Yara	None matched
VirusTotal	Search for analysis

Name	6a82d45f7e1f8e35_rvhdsigka0r[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\RvHDSigkA0R[1].css
Size	31.5KB
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`136410efa4a655f2dd023057d0af96bc`
SHA1	`a946784a5c3a85413519603d5cb9b18b1f185b53`
SHA256	`6a82d45f7e1f8e351e06d51300c8d1e73f867138ad1b07e0a929e0c6f2faf4c8`
CRC32	`B0E418FF`
ssdeep	`384:u4tIoGtUeI8IIa/sTzK0JA7kG/gyMhOHkiU:u4tIoDeILIuari7t/gycl1`
Yara	None matched
VirusTotal	Search for analysis

Name	d8bdea7fff893dbd_prototype-1.7[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\prototype-1.7[1].js
Size	165.4KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6a39e0b509fecb928d47b8a2643fed2a`
SHA1	`f67fa6cb1d09963d10ba117d6553c8e7d5bc7863`
SHA256	`d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96`
CRC32	`C752A414`
ssdeep	`1536:CZXcWblD1ySId1u6p3JuZolKvI28mGY7NIj4WT0PjXsW0NKWzcEjpPrmcGKJ/jfT:ocWblASIdIv8tXYPjkrmgD8d3dI`
Yara	None matched
VirusTotal	Search for analysis

Name	d03208e7cd89a981_{9665572d-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9665572D-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e7bd629612b31ccbf55c3069eb0558be`
SHA1	`e9e4d6de004e407708d3ca5f79a39cf4cc929ea9`
SHA256	`d03208e7cd89a981b36ff73da0de00b31f734fc6f8065b647608f995c10e8f12`
CRC32	`FA59B987`
ssdeep	`12:rl0oXGF6WxrEgmf106FYIsrEgmf10qTNlnZbaxtGm:rmxGoxGVNlZ83`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	4cf5b584cf79ac52_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	89.0KB
Processes	2964 (explothe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`e913b0d252d36f7c9b71268df4f634fb`
SHA1	`5ac70d8793712bcd8ede477071146bbb42d3f018`
SHA256	`4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da`
CRC32	`3D1216D0`
ssdeep	`1536:Ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU19aB89p:RoUCWbBNpplToUs1uNhj25LJU/aB89p`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6f42b906118e3b3a_shared_global[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\shared_global[1].css
Size	84.6KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`15dd9a8ffcda0554150891ba63d20d76`
SHA1	`bdb7de4df9a42a684fa2671516c10a5995668f85`
SHA256	`6f42b906118e3b3aebcc1a31c162520c95e3b649146a02efd3a0fd8fcddebb21`
CRC32	`213FE985`
ssdeep	`768:DTLiHVcJv7oA7eQW6tNcEIqgvRnKQWQMJqiJ30QkUHrKxfsN/WCcZxb98cJbY/c4:nr0Q1rU5C0HP+iSgu873pO9E+UnweoQC`
Yara	None matched
VirusTotal	Search for analysis

Name	39e7de847c9f731e_down[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\down[1]
Size	748.0B
Processes	5024 (iexplore.exe)
Type	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
MD5	`c4f558c4c8b56858f15c09037cd6625a`
SHA1	`ee497cc061d6a7a59bb66defea65f9a8145ba240`
SHA256	`39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781`
CRC32	`B475DDD7`
ssdeep	`12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	db928313a7aa6b28_{9cc019a8-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC019A8-79F5-11EE-91C7-080027C2F7B0}.dat
Size	5.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d7a7c351d60911528c9da198f6caf849`
SHA1	`5a27d566a5feed9265107ac51c3a4232d98f999d`
SHA256	`db928313a7aa6b283eb1a3d5a512b3f3e71646ec56287ac27fc9e640d84b4c0a`
CRC32	`36C25BA6`
ssdeep	`48:rQTYGB5bXwiZZl9huiZZlFniZZlriZZlViZZlHAH5zYwiZZlxuiZZla7Ml:efVYqgA5zYfTaC`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	a971f671f007486b_libraries~b28b7af69[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\libraries~b28b7af69[1].js
Size	875.7KB
Processes	3816 (iexplore.exe) 3348 (iexplore.exe)
Type	data
MD5	`b529efada82cabb4e7215e35279a0d6e`
SHA1	`515bd39cb98778a1a24fa3e8e3b165890b4eebbe`
SHA256	`a971f671f007486b8a5325a010380d4563746be2eba2515030545342a13a7ff2`
CRC32	`95DB5D32`
ssdeep	`6144:D+8r22Z/EfzmMMNmGTbr/HCthO/2qB70i3URF8IlCyjo94sphXb9vjrgxf5yBemk:FNMMrTbrPCthOivoHphXb8w6NEj/w`
Yara	Malicious_Library_Zero - Malicious_Library Javascript_Blob - use blob(Binary Large Objec) javascript
VirusTotal	Search for analysis

Name	8d018639281b33da_errorpagetemplate[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ErrorPageTemplate[1]
Size	2.1KB
Processes	5024 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`f4fe1cb77e758e1ba56b8a8ec20417c5`
SHA1	`f4eda06901edb98633a686b11d02f4925f827bf0`
SHA256	`8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f`
CRC32	`E6FF242A`
ssdeep	`24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6`
Yara	None matched
VirusTotal	Search for analysis

Name	fc9e6260a2706ae1_header_menu_hamburger[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\header_menu_hamburger[1].png
Size	3.7KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
MD5	`eabc76eb57feae44add7faead028521e`
SHA1	`4e3e53938fad15661d2d046a868338841a95db19`
SHA256	`fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa`
CRC32	`26C6AF93`
ssdeep	`96:W5Zsk8bb6l5qnCoghGfkm37QP00rqGDXrg/sG3vUx+Iocg2fkjGfkjky:W5H8o5qe0Mu7600WiXE/v3ve+Is2MjGm`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2e7cbb274b70aa6f_favcenter[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favcenter[2]
Size	687.0B
Processes	5024 (iexplore.exe)
Type	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
MD5	`79afa8ab0ff40639c6fb752e88e60ee1`
SHA1	`c940d08bfeb8a7012f9340c9c4821c8f59b7d38f`
SHA256	`2e7cbb274b70aa6f564088cb1b58029907b836e73119da8398687ae766b124c7`
CRC32	`55DFB61F`
ssdeep	`12:6v/7tWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW2cd//8NOR4JOzPi+oNoF2mcHhC2V:DWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWo`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c7112faac29c2db9_4eozbn8zb4sfm67.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\4eOZbn8zB4sFM67.exe
Size	892.0KB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ef49b302b84786988ebf5b6b65791e42`
SHA1	`fb7012dca788e08e10582cd1948b5108955b2299`
SHA256	`c7112faac29c2db9282626e29fc5c151c11c35f4adf3748f767862a59577d494`
CRC32	`AB950D8F`
ssdeep	`12288:orB5zajmdYPenb2U7vqx0T+vFEnrv9TpxfoxhOuuSVKNtr:yuj+YPenb2U7vqevnrvPFkut`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5f3c80056c7b1104_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	273.0B
Processes	2964 (explothe.exe)
Type	HTML document, ASCII text
MD5	`a5b509a3fb95cc3c8d89cd39fc2a30fb`
SHA1	`5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c`
SHA256	`5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529`
CRC32	`D879A09E`
ssdeep	`6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIR+knaGjEcXaoD:J0+oxBeRmR9etdzRxGezH0qa5ma+`
Yara	None matched
VirusTotal	Search for analysis

Name	0d6f8d206a6bd8b6_4lcu2zih0ca[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\4lCu2zih0ca[1].svg
Size	2.5KB
Processes	3212 (iexplore.exe)
Type	SVG Scalable Vector Graphics image
MD5	`ecd94021d2c853c3b8deb8203ba17300`
SHA1	`6f0e24baf66ae386041e8faf42363418a4c96144`
SHA256	`0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a`
CRC32	`B9452E5F`
ssdeep	`24:t4tQ6dEHu+4CE/EiFyCmxOJLGe1sxmJLOTyX3WCQ9yCmxOJLA5J2z5D6M9JMPxg0:WiE/yCmr9hj9mP0kOpFnqo7gX`
Yara	None matched
VirusTotal	Search for analysis

Name	8b97ba0dac22fe67_logo_valve_footer[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\logo_valve_footer[1].png
Size	1.8KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
MD5	`574c350c7b23ae794d5276f8580e0838`
SHA1	`235c7b35c3468f8915eca01f7abdb43d34079609`
SHA256	`8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787`
CRC32	`9670C3AB`
ssdeep	`24:o/51he91Wwh82lYSg767V+6gT3qxyJbRW6vRW6nGPAQ4PKsSnflj0Sybz4+43Ore:o/qQvnb6706gVJbVvVnX/8NAzb/4OFjg`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_D4CF.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\D4CF.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	3a119008fd025a39_espcid2h8qyyj9b.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ESPCid2h8QyYJ9b.exe
Size	11.5KB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d2ed05fd71460e6d4c505ce87495b859`
SHA1	`a970dfe775c4e3f157b5b2e26b1f77da7ae6d884`
SHA256	`3a119008fd025a394f6fb93a0c941e1dc0fa1f9c7606a674388f21d99dfe116f`
CRC32	`7B8A29BB`
ssdeep	`96:rw2AqFBGAWlNCnEprY2l3qDh7ZzEY4xNCBFfwmPI44Z+A04QjvrLOzk+gqbuikRp:0V/CnEhdIEtx8BZAHmCkLikgQp`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	c7cdbbc52a57784e_{ca165114-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA165114-79F5-11EE-91C7-080027C2F7B0}.dat
Size	4.0KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1de9b3faaf2d5ec1105ff61d7dc716e2`
SHA1	`b3fa7f71ba64b45a4be9d68d1f129fc09c3c706c`
SHA256	`c7cdbbc52a57784eac49f289f4868aaad88d0eff1b04f414ebf769403c326050`
CRC32	`90F94C70`
ssdeep	`12:rl0YmGFSvYrEgmfQB0KFU5WrEgmfF0qwltNlx/U9baxk7b9QWll69:rQvYGzWGaltNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	05d77a3d80d3783c_{c22153f3-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C22153F3-79F5-11EE-91C7-080027C2F7B0}.dat
Size	6.0KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`bbc333e1183f41f98dd6bc5e860d856a`
SHA1	`ccdb186a8fd6535a6eb6bc0ae57f23c8b97d1665`
SHA256	`05d77a3d80d3783cd32ef728e86161dd2ab46ace24289daccf92e13d32935b94`
CRC32	`AE2D3EBD`
ssdeep	`48:r3QGQxGiaOHSa+a4a+a+AdsSBrw7V6/teJWHshG7gYIia+Sacpk:zo8YBrw7V6/teoHshG7rIBk`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	39f9942adc112194_firefox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\firefox[1].png
Size	9.1KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7f980569ce347d0d4b8c669944946846`
SHA1	`80a8187549645547b407f81e468d4db0b6635266`
SHA256	`39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7`
CRC32	`AD988195`
ssdeep	`192:swtZ0EaLRTVeaA8vS4ooLD76IujS/izb8dSEG07bjHG/T7emn3CtmVU:lgbNJeahv3BLKjS/inwBG0PjcemnKZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	31d8369386d04d53_{c22153f6-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C22153F6-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3468 (chrome.exe) 3048 (iexplore.exe) 2548 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`ed79495dc34a8d142a02dde3e61fc47d`
SHA1	`e694b9104ef26edf6e9551a1c6d591148309e31d`
SHA256	`31d8369386d04d53feaa80bd3b8292344c03b33fd6fbbb1734b2904974958880`
CRC32	`0E172D12`
ssdeep	`12:rl0oXGFSisxrEgmf106FwCrEgmf10qTNlnZbaxtGm:rLisxGrGVNlZ83`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	408dfd3d4791d204_recoverystore.{99990daa-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99990DAA-79F5-11EE-91C7-080027C2F7B0}.dat
Size	4.5KB
Processes	3120 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`16bac52a781115fedb7b8c165bd6e1f8`
SHA1	`1bfe640b55a3f049d20c431cd7799bbc7ec0bbf7`
SHA256	`408dfd3d4791d20472df56352f52c9d290510f7d9daebfb72547692b3cfcf3e6`
CRC32	`F88B215B`
ssdeep	`12:rlfF2crEg5+IaCrI0F7+F2rUrEg5+IaCrI0F7ugQNlTqbaxeI24z5NlTqbaxeI2b:rqc5/145/3QNlWTI24z5NlWTI2mkz`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	846a9b551e74f824_chrome[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\chrome[1].png
Size	6.1KB
Processes	3816 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ac10b50494982bc75d03bd2d94e382f6`
SHA1	`6c10df97f511816243ba82265c1e345fe40b95e6`
SHA256	`846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd`
CRC32	`601FBBE8`
ssdeep	`96:JSI2DA4yfvxQfGx7VW/Jagwy8dwMwjU9KgmgJLdcJLHZp5r8wdDMhlJGD/nmw8v6:8dDA/gidaUswM5bwSoaew8v6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c3a7c646a1305017_logo_steam[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\logo_steam[1].svg
Size	3.6KB
Processes	3816 (iexplore.exe)
Type	SVG Scalable Vector Graphics image
MD5	`b7a7e43284e2ffe806ac1bc27c1f6a87`
SHA1	`e8196489e2ae99ec6eb33995b5a3e108d6e44de0`
SHA256	`c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb`
CRC32	`E44E71C6`
ssdeep	`96:CXQSfzclE2Bc4N/waCVAh+m8CE2n1HNBRjVO2PGPLYOgzypH6YB:WQAzSE2BB9/c1CEEtoFUOgzs6YB`
Yara	None matched
VirusTotal	Search for analysis

Name	1471693be91e53c2_background_gradient[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\background_gradient[1]
Size	453.0B
Processes	5024 (iexplore.exe)
Type	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5	`20f0110ed5e4e0d5384a496e4880139b`
SHA1	`51f5fc61d8bf19100df0f8aadaa57fcd9c086255`
SHA256	`1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b`
CRC32	`C2D0CE77`
ssdeep	`6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	7da27df04c56cf1a_D4E1.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\D4CF.tmp\D4E0.tmp\D4E1.bat
Size	429.0B
Processes	3056 (7YD3dv41.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0769624c4307afb42ff4d8602d7815ec`
SHA1	`786853c829f4967a61858c2cdf4891b669ac4df9`
SHA256	`7da27df04c56cf1aa11d427d9a3dff48b0d0df8c11f7090eb849abee6bfe421f`
CRC32	`7BDA223B`
ssdeep	`12:Nu+Duz+bu/+Duz+bukMuWc4T/u24DukDOudYBDu0B6CDuLGWuz+K:5DEgw2EgtMujy/MtDOW2RMCtWER`
Yara	None matched
VirusTotal	Search for analysis

Name	d02c01d729190647_{ca165115-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA165115-79F5-11EE-91C7-080027C2F7B0}.dat
Size	9.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`6527f609435a78632be9e24085ad2d5f`
SHA1	`b5d0df3cfc3b15a52c260529c12bd32b91b90c4e`
SHA256	`d02c01d72919064738909fd2ca71cef84aaa38f5b4413a6ee00d2b924dd9f7ce`
CRC32	`6B8E36E7`
ssdeep	`96:GQ6nHnXr5ItQ6nedQ6nHnZnXFQ6nHnXrQ6nHnXdQ6nHnXn+w7P2f4Q6nHnXF:G3H76t3ed3HJV3Hb3Ht3Hluf43HV`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	dab9b2167e0c5e3b_7o04eyj-1fg[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\7O04Eyj-1fg[1].css
Size	654.0B
Processes	3212 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`f3e457fbbeeb737715547cdcb743a3d6`
SHA1	`23bc9d76a0b2f07ddcecd81d62128d346e7d4fdc`
SHA256	`dab9b2167e0c5e3b4f45a8735305ea4a58013d242f8a106e7178d9c164dd78d9`
CRC32	`FA3224BD`
ssdeep	`12:gHqcdTf22/1QaCPanDRpNwEeqRlPcdTqIK7zxmKd9BJi5hfs:yP1uaQa+a7mSe1q3fxrc8`
Yara	None matched
VirusTotal	Search for analysis

Name	ed0547b28bdde6c1_{ca165113-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA165113-79F5-11EE-91C7-080027C2F7B0}.dat
Size	3.5KB
Processes	3048 (iexplore.exe) 5024 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`26aa970c8b86b74371ffb7e85b19f259`
SHA1	`1db0338936d1f3188a4509fbd92aadb766ff929e`
SHA256	`ed0547b28bdde6c1bfcfc46582a4b4d4eadbe4edc2fa1488be95665f8c4d63c6`
CRC32	`137B2D44`
ssdeep	`12:rl0oXGFWnsxrEgmf906FIWrEgmf90qTNlk8RbaxkDDWmqL:rZsxGXGNNlkwXDLk`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	57cfaf9b92c98541_shared_responsive_adapter[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\shared_responsive_adapter[1].js
Size	24.1KB
Processes	3816 (iexplore.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a52bc800ab6e9df5a05a5153eea29ffb`
SHA1	`8661643fcbc7498dd7317d100ec62d1c1c6886ff`
SHA256	`57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e`
CRC32	`810976D9`
ssdeep	`384:aUXvnJo2dacv5Wc4gOV+n0Xmz85JX1c/jc0NL+lMF2KDnXhOMucpqWqGil/wSwf3:aU/nq2dd4gmLWqGil/wS20m`
Yara	None matched
VirusTotal	Search for analysis

Name	25478a3fe24cb3dc_css[3].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css[3].css
Size	311.0B
Processes	5024 (iexplore.exe)
Type	ASCII text
MD5	`e7669f543033f358d60afffc934d85df`
SHA1	`0e874200fccb522f3be5865c9e35e48bf0424fa0`
SHA256	`25478a3fe24cb3dc0f4a05ecc3ac485d5dc3aac2bf5ad341adcba43851091b56`
CRC32	`B93B37ED`
ssdeep	`6:U+4OUr940FFTf21C5+56ZXizlpdaQH+MueiyAZ4wcM4Nin:UJO6940FRt5O6ZX6pt+M+5crY`
Yara	None matched
VirusTotal	Search for analysis

Name	2cb376e2cf2f33f3_main[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\main[1].css
Size	123.1KB
Processes	3816 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5	`798258ba1bf7d882e7b8d4cac5f47a0e`
SHA1	`0387998de2596e01a2f3e52b6b1405fe391dd51e`
SHA256	`2cb376e2cf2f33f3dccd97221ee7321ae04ee8c4d7ace10929fd36ca8dddebe8`
CRC32	`0B75BC9B`
ssdeep	`1536:9zPeWhyN5aaaqYvR3VDKkwZBYjhQYkyqYlte5oHsvLNb5g:QYmZOQOFsv1a`
Yara	None matched
VirusTotal	Search for analysis

Name	7631736851bd8c45_shared_global[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\shared_global[1].js
Size	150.0KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`dcf6f57f660ba7bf3c0de14c2f66174d`
SHA1	`ce084fcb16eec54ad5c4869a5d0d0c2afb4ba355`
SHA256	`7631736851bd8c45de3fc558156213fca631f221507ca5b48893dbe89ed3448e`
CRC32	`7ED9F5F9`
ssdeep	`1536:D1lFAT60MhmjGFhxx25lnl9asPdVcTziMayN3qxViIomeFANNfsfM6kQuOEmTMqe:v08xx25/9a6dVc39qVij4rUEoe`
Yara	None matched
VirusTotal	Search for analysis

Name	eb5ecfe20a6db8b7_accounts_google_com[2].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\accounts_google_com[2].htm
Size	237.0B
Processes	2548 (iexplore.exe)
Type	gzip compressed data
MD5	`6513f088e84154055863fecbe5c13a4a`
SHA1	`c29d3f894a92ff49525c0b0fff048d4e2a4d98ee`
SHA256	`eb5ecfe20a6db8b760e473f56ad0f833d4eee9584b2b04a23783cab2d5388c06`
CRC32	`A6CEBA64`
ssdeep	`6:XtXlU8SXCtnx2vPjUe+VZ/tif5YcADh/EpMyztr:XNUXCtnKPozTixnANEpMo`
Yara	None matched
VirusTotal	Search for analysis

Name	23341256db7f44b1_btn_header_installsteam_download[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\btn_header_installsteam_download[1].png
Size	291.0B
Processes	3816 (iexplore.exe)
Type	PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
MD5	`a2796187c58c7e948159e37d6990ecc2`
SHA1	`4209cd85add507247f9ce5a87a8c9095b54ee417`
SHA256	`23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082`
CRC32	`0E86C9EA`
ssdeep	`6:6v/lhPU8WnDspP8GYUQiOTmUDJcyYWm5kvrCBVreLbp:6v/78OaGYfLDBYCrCneL1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	32d4c8dc451e11db_motivasans-black[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\MotivaSans-Black[1].ttf
Size	118.0KB
Processes	3816 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBlack4.015;Plau;MotivaSa
MD5	`4f7c668ae0988bf759b831769bfd0335`
SHA1	`280a11e29d10bb78d6a5b4a1f512bf3c05836e34`
SHA256	`32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1`
CRC32	`437372E0`
ssdeep	`3072:IrEEEEEueapd0oej1yAHjU/gXG7mGSCfj9:IDpd0oejdQ/gXgfh`
Yara	None matched
VirusTotal	Search for analysis

Name	e92894d7737a75c3_global[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\global[1].js
Size	101.0KB
Processes	3816 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`13bf13082e84bb87750380c0b44d2334`
SHA1	`a2797fe38076a91a2db5c5eea7677925878576a0`
SHA256	`e92894d7737a75c34530235d483315ef69fce7b5c0689788817473c89849e9cd`
CRC32	`E6E14C68`
ssdeep	`1536:a9QF0iWEy9m5+sr7yYsgwFV1Dl/1DlZVLoWAW3TJ0zMzkSTgjN+1emFrO5dXg71D:aWyZ2U/1opFFsnD7`
Yara	None matched
VirusTotal	Search for analysis

Name	af01e700442f7436_main[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\main[1].js
Size	500.0KB
Processes	3816 (iexplore.exe) 3048 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators, with escape sequences
MD5	`f0194520ac1d655dfbf9cc22e0ff768c`
SHA1	`51145a61f8f31f3b8ae01d1d388d9ac42b15dfd7`
SHA256	`af01e700442f74364998980013bd2c44a46be79eb5b06f58dbbb49d326dd6adf`
CRC32	`5F82FFA6`
ssdeep	`6144:osVd0LjZNamlT7CQOj6aRoVhs7aLd29Yax3/:occjtlT2pXSNdIYc3/`
Yara	None matched
VirusTotal	Search for analysis

Name	a3c5cebcac3d2084_{a473d266-79f5-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A473D266-79F5-11EE-91C7-080027C2F7B0}.dat
Size	9.5KB
Processes	3048 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4ae2b3e567cc6e4055e1c21a35b97f15`
SHA1	`2ccc0472b1d0922df3fef307fc53cc752eaa9769`
SHA256	`a3c5cebcac3d2084cb2e21ad190461faaecbbacbf952260975a935fb3d72620b`
CRC32	`FD55C23B`
ssdeep	`192:+3He9td3OG3Hles3HeO3HeM3HeoPfs3He4:n9tYVJXpA`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	0ada16ad7ed34bd7_1rgro2vmheqxhjb.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1RGRO2VMheQXHJb.exe
Size	1.1MB
Processes	2552 (AppLaunch.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`725602544ee9641c72fbc622313a5191`
SHA1	`443bee9c6a00fb05aa114e6caf6cc4683a4b5b2f`
SHA256	`0ada16ad7ed34bd73aaa64abaf0bc7f1bc79a3bb20064e3e2b8bceada52ec19c`
CRC32	`2DDDD792`
ssdeep	`12288:crB5FKanfkPenJ2U7vq/wMR5Sunrv90pxf1xh9uuSVKXllF/VJcB7IK5lc:OUafkPenJ2U7vqvbnrvwF0elnJcuKr`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis