Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
01.18 04:01
svc.exe
01.18 04:01
RemittanceForms.exe
01.18 04:01
Aristois-Free.jar
01.18 10:01
setup641.msi
01.18 10:01
Needle_Setup.exe
01.18 10:01
8734_5737.exe
01.18 10:01
CondoGenerator.exe
01.18 10:01
QGFQTHIU.exe
01.18 10:01
4909_7122.exe
01.18 10:01
Updater.exe

Latest News
01.18 06:01
A PDA From An ESP32
01.18 06:01
Whatsapp: Diese 4 neue...
01.18 06:01
KI-Nostalgie: Llama 2 ...
01.18 06:01
Paxton: Vertriebsleite...
01.18 05:01
Anzeige: IT-Sicherheit...
01.18 04:01
New tool: immutable.py...
01.18 03:01
U.S. Sanctions Chinese...
01.18 03:01
A Field Expedient Weld...
01.18 12:01
No Crystal Earpiece? N...
01.18 11:01
TikTok Says to ‘Go Dar...

Dropped Files | ZeroBOX

Name	41e3f69ecc09290e_httperrorpagesscripts[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\httpErrorPagesScripts[1]
Size	5.4KB
Processes	552 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dea81ac0a7951fb7c6cae182e5b19524`
SHA1	`8022d0b818a0aea1af61346d86e6c374737bc95a`
SHA256	`41e3f69ecc09290ebc49be16d2415036ddb2f7a4b868eef4091d0b5a301762fe`
CRC32	`5E7F4A18`
ssdeep	`96:JCc1g1V1riA1CiOcitXred1cILqcpOnZ1g1V1OWnvvqt:xmjriGCiOciwd1BPOPmjOWnvC`
Yara	None matched
VirusTotal	Search for analysis

Name	cb6c640fbc6289b2_test32.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000027001\TEST32.exe
Size	1.1MB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`993c85b5b1c94bfa3b7f45117f567d09`
SHA1	`cb704e8d65621437f15a21be41c1169987b913de`
SHA256	`cb6c640fbc6289b261bca0ee881bfcc8c4df2e89baaab7a4fed4e0e3b0dc9d37`
CRC32	`DFD326B1`
ssdeep	`12288:1SCFweWT8xCrC9ihr40AZWUBmEYvWe0kRUj8apA331/ZLGpn2OZ4H3ro:1lFweWT8x/9Ir40O8FvWeEJy3JZY63r`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d81707d16583953f_login[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\login[1].css
Size	17.6KB
Processes	552 (iexplore.exe)
Type	assembler source, ASCII text, with CRLF, LF line terminators
MD5	`d07d6d87df1eb67495c1dd5468ddd40d`
SHA1	`82a7b8a839d305435589561b4745fe971d8a140d`
SHA256	`d81707d16583953f9b6c2449bc28b079b1263aa6563b35bb2dc26bc537f3e8e2`
CRC32	`A539FD0C`
ssdeep	`384:g9nNYoc4rNORhyWKEntY8XiYXUS2qk2VfVQEOHY46Z8I7Z0wTmEqNXMQJOU:gBGoc4ehyJEnSpYXUS2qk2VfmEOX6Z87`
Yara	None matched
VirusTotal	Search for analysis

Name	dfea4ae0ac13c182_qw3hzqngedjao2m6tqiqx5e-avs5_rsejo46_pctrspj0oosolrbejl3hmxfxqaslul2m_danvawbpsf[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF[1].woff
Size	18.0KB
Processes	948 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 18416, version 1.1
MD5	`56ac38d6dfc95dde661ed52cd5c52c3c`
SHA1	`09c803f8071d080959b5fb1c420124caba062735`
SHA256	`dfea4ae0ac13c18265a27114fb3bc7fded31754fb144409225606cce746450f2`
CRC32	`1EACEB9B`
ssdeep	`384:ERsN+8B+/q8EGq+DorALC6KCHWDDLQEaEUM3t85X8RT:ERsNrB6qNmmALJUDDLtaEyY`
Yara	None matched
VirusTotal	Search for analysis

Name	1a9251dc3b3c064c_dinosaur[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dinosaur[1].png
Size	57.7KB
Processes	948 (iexplore.exe)
Type	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
MD5	`bdda3ffd41c3527ad053e4afb8cd9e1e`
SHA1	`0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b`
SHA256	`1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399`
CRC32	`136A1553`
ssdeep	`768:C7Fv/DCdkYu6D+4+T9Z3PYLwkz5Z1sVvxjhL1y4ViUnMQCIR7N0gZ9fkJeZvPxG/:avJx6Dr+7PYRzz1yho4LCQL3kJEvJy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	045b433f94502cfa_motivasans-medium[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-Medium[1].ttf
Size	121.1KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansMedium4.015;Plau;MotivaS
MD5	`2d64caa5ecbf5e42cbb766ca4d85e90e`
SHA1	`147420abceb4a7fd7e486dddcfe68cda7ebb3a18`
SHA256	`045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f`
CRC32	`42F403DE`
ssdeep	`1536:v4Kkq/szjKJRIDCnR96guXgECINo28BZZDhpkemOXaxq4jKea8GyFLaE0Af0ffL9:vf/fxn7ElXxE0wS0fj9`
Yara	None matched
VirusTotal	Search for analysis

Name	fcb4db628bb6b3df_{eb4ead3c-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB4EAD3C-7A28-11EE-948E-94DE278C3274}.dat
Size	3.5KB
Processes	3544 (iexplore.exe) 1772 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fc68ded2efe0843e91478fca53e1bc72`
SHA1	`084fb1c3fe1604b5bfc224ca68812e056e9faed5`
SHA256	`fcb4db628bb6b3df1143c034c34874998b0ee841225d70ebc4fb993e78391ce8`
CRC32	`C2D76E2C`
ssdeep	`12:rl0oXGFJAWxrEgmfx06FqpxrEgmfx0qTNlI8lbaxxtLHW:rwBxGGrGBNlJQtLHW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	e9955f64d2e3579d_trafico.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000009001\trafico.exe
Size	499.4KB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`ed1e95debacead7bec24779f6549744a`
SHA1	`d1becd6ca86765f9e82c40d8f698c07854b32a45`
SHA256	`e9955f64d2e3579dc9d2edf2b75a4c272738f3d78d05b16ebfa7632cc1d89651`
CRC32	`C0F62E5F`
ssdeep	`6144:ScWvDfSifI/iR1LxHy2V5IKAT+fUN2OUxIxkWQNZrGq1cpF2lxO3mDNh:1WvDpI/Go2AH+BQENFGq1i2lx/L`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	97c39175b9c8c46a_motivasans-regularitalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-RegularItalic[1].ttf
Size	132.3KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 23 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular Italic4.015;Plau
MD5	`7bc1837717cdc49c511ebdd0e75122a2`
SHA1	`d31e0df252328b946984c6bde94f7b2f7c72d964`
SHA256	`97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b`
CRC32	`05F7F9EF`
ssdeep	`3072:Jgo+yzfgnWNIIwF3vMTMgTO2QTb7W8YNfj9:sJWNIIK3vMaAfh`
Yara	None matched
VirusTotal	Search for analysis

Name	d32345aca9a28821_{f24789a6-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F24789A6-7A28-11EE-948E-94DE278C3274}.dat
Size	9.5KB
Processes	3544 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`1395b7c15e74243e7db3aac2535e3c90`
SHA1	`a96b8b12b832a93647992c794e5fa7d7556c74c1`
SHA256	`d32345aca9a28821a6f993d1d9786d3264a82f70bf180fd4bd64849d8d76d6c2`
CRC32	`3F3796A5`
ssdeep	`96:GQ6nHns0utQ6nedQ6nHnZnsqQ6nHnsAQ6nHnsKQ6nHnsyVw7PKxf4Q6nHnsi:G3Het3ed3HJ73Hl3Hz3HACxf43HD`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	478aa272d465eaa4_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\465dbc52837d81\cred64.dll
Size	1.1MB
Processes	1080 (Utsysc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`1c27631e70908879e1a5a8f3686e0d46`
SHA1	`31da82b122b08bb2b1e6d0c904993d6d599dc93a`
SHA256	`478aa272d465eaa49c2f12fc141af2c0581f569ccf67f628747d90cc03a1e6a9`
CRC32	`487753B1`
ssdeep	`24576:OGKcuUK9Jyi+Uj+TGHWTZNyMuB/J/TO/pYmea+Xo45qG:o9Jyi+UjyGGZNyMur/TO/qb4Uq`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file infoStealer_browser_b_Zero - browser info stealer PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	20fad8097502c4e4_css[2].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\css[2].css
Size	354.0B
Processes	948 (iexplore.exe)
Type	ASCII text
MD5	`1bb2a157e6de2f7e7078a5aaef8516a0`
SHA1	`877ce405de56783d9351b524cfcd0c7da02627a9`
SHA256	`20fad8097502c4e4256f6acaa5a88a4f71e48bef44a3412d7cbaa54af6d1aa94`
CRC32	`D99E72F0`
ssdeep	`6:0IFFli+56ZRWHTizlpdAxI6sVuNijFFli+56ZXizlpdAxI2JNin:jF/iO6ZRoT6pix3sEqF/iO6ZX6pixRJY`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_EDD5.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\EDD5.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	ad3a75f2dc07deac_main.10a25667.chunk[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\main.10a25667.chunk[1].js
Size	619.4KB
Processes	1772 (iexplore.exe) 552 (iexplore.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`61dcc305464ea7b73041d1d0a46f52ff`
SHA1	`76c69a7da86eb40d8850123c6b125dc9bc46c5fe`
SHA256	`ad3a75f2dc07deacfae300508b6fbe57ee0b7d678187224743454b1a2695bf09`
CRC32	`83E68EA2`
ssdeep	`6144:+S/3hBqcsm0ciVXAiBRYtJGdDZFBaNFkiz7HVG9xVXOds3jYwpA5D/Yl8w3gshk9:+e30FOyiVzs3jYwpAliQD`
Yara	None matched
VirusTotal	Search for analysis

Name	70f316a5492848bb_down[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\down[1]
Size	3.3KB
Processes	552 (iexplore.exe)
Type	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	`555e83ce7f5d280d7454af334571fb25`
SHA1	`47f78f68d72e3d9041acc9107a6b0d665f408385`
SHA256	`70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880`
CRC32	`9EA3279D`
ssdeep	`96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1a662ea94138f009_globalv2[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\globalv2[1].css
Size	38.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`44bee1a454453c4e009c10b25eb647ab`
SHA1	`d881e3587c5b2b8a341ef59cef5dc928d9a893c1`
SHA256	`1a662ea94138f009b213092a76f2c83d692b72f05aed21dbbb2385a22c00d3ab`
CRC32	`31BF72A0`
ssdeep	`768:imOhyrYzdKV7qyaFVwoz5Xvt45KqTUzvSQNxKJb4Ud4xh5VgITnw:jYkFero4Ud4xa`
Yara	None matched
VirusTotal	Search for analysis

Name	9ce7f3ac47b91743_kfolcnqeu92fr1mmeu9fbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
Size	20.1KB
Processes	948 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20544, version 1.1
MD5	`40bcb2b8cc5ed94c4c21d06128e0e532`
SHA1	`02edc7784ea80afc258224f3cb8c86dd233aaf19`
SHA256	`9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1`
CRC32	`2CDC4561`
ssdeep	`384:yIaxgESUyNlegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyn:yIw8UElewHxRmqd8PdwLLeR/ZLGwZLbX`
Yara	None matched
VirusTotal	Search for analysis

Name	aa54ee846a6fbdfa_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	23.7KB
Processes	2680 (Utsysc.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`ebf46619df895baeeaf02aaa9b18f30e`
SHA1	`a33b25609a0ffab6caa57c2fb0d100c10f8cc9c3`
SHA256	`aa54ee846a6fbdfa75389175ffbfffc2ba7a5a816fbc6e082939c9175f218e12`
CRC32	`C8CB4105`
ssdeep	`192:WfJaLyOeTVezoJqNdIheZH18isdgVM/cBhjeEKm3RDNLhMbmdWCJP3:0JaiPk7vZAq6UhjRpSbcR`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	4643d18bb8be79c2_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\aca439ae61e801\cred64.dll
Size	1.2MB
Processes	2680 (Utsysc.exe)
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`0111e5a2a49918b9c34cbfbf6380f3f3`
SHA1	`81fc519232c0286f5319b35078ac3bb381311bd4`
SHA256	`4643d18bb8be79c2e3178bc3978d201c596ab70a347e8cf1e8fdbe3028d69d7c`
CRC32	`3012B62C`
ssdeep	`24576:RAwtSMdHL4+3MQL+RoZk9LZ/zedfjMTUmXbc5Pf8Vd3rsx:Nc+3MQLQoZyZ/zEfc6P0D`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	d5692b785e183408_motivasans-bold[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-Bold[1].ttf
Size	121.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBold4.015;Plau;MotivaSan
MD5	`6168553bef8c73ba623d6fe16b25e3e9`
SHA1	`4a31273b6f37f1f39b855edd0b764ec1b7b051e0`
SHA256	`d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66`
CRC32	`070A3CB4`
ssdeep	`1536:M+s43BGZsrolB21EJ4q+GIbdSW7VvCtQXjPM3mz1yxvjWRVIoFMe1V13836GKCnY:T1GZXlB2SUbxVv/zM3mZyxLUZGrSDfj9`
Yara	None matched
VirusTotal	Search for analysis

Name	6fb31acdaf443a97_edgium[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\edgium[1].png
Size	7.0KB
Processes	948 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`01010c21bdf1fc1d7f859071c4227529`
SHA1	`cd297bf459f24e417a7bf07800d6cf0e41dd36bc`
SHA256	`6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e`
CRC32	`C5C47D22`
ssdeep	`192:vRb1blB+w3GiZiTUH3Fxkiss/qophQc+PvzFDdSqqF:vXPLgo1xkteqkOvh5SqqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	41464efd9a32a596_motivasans-lightitalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-LightItalic[1].ttf
Size	130.5KB
Processes	552 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansLight Italic4.015;Plau;M
MD5	`07247cbd12d4e4160efd413823d0def8`
SHA1	`517a80968aa295d0a700a338c22ba41e3a8b78a7`
SHA256	`41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829`
CRC32	`BFC31050`
ssdeep	`3072:D0000yU00000p4hvCgblYq4AYpbVvQ8U/VMxLseW8Yafj9:D0000GWCClpnYpxvRamfh`
Yara	None matched
VirusTotal	Search for analysis

Name	91222f96f34735eb_jquery-1.11.1.min[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery-1.11.1.min[1].js
Size	93.5KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`4dc834d16a0d219d5c2b8a5b814569e4`
SHA1	`4fbe0563917d6f6289e4e1b4a0a8758e4e43bda9`
SHA256	`91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef`
CRC32	`4C59FA2C`
ssdeep	`1536:EPEkjP+iADIOr/NEe876nmBu3HvF38sEeL8FoqqhJ7SerN5wVI+xcBpPv7E+nzmN:bNMzqhJvN32cBd7M6Whca98Hr4`
Yara	None matched
VirusTotal	Search for analysis

Name	003d30e7d128c677_errorpagestrings[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\errorPageStrings[2]
Size	2.5KB
Processes	552 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`07d7197d980e82c3ce6b22c0342711ae`
SHA1	`e3e675f4507d3d2f4f56f06c76abdc40d09dd1a2`
SHA256	`003d30e7d128c6771b36ab2b0f02d36670e42488d86ba7db00ad862528266060`
CRC32	`3485002F`
ssdeep	`48:zTW8quJiyUlyHWKShUpeHRitRflRynLRX4Y1WW90W2olr8tcUV/9z8/pWMI9EMIN:zTW8qIiyUcAhUpIRSRflRynLRX4LMlrT`
Yara	None matched
VirusTotal	Search for analysis

Name	9e6e4772050998a5_readme.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\_Files_\readme.txt
Size	10.0B
Type	ASCII text, with no line terminators
MD5	`eb6b6c90251ab33cee784713c451e6d8`
SHA1	`451685e9efac4a6dc1fee73ec53ffb6b2c4c38b5`
SHA256	`9e6e4772050998a5c0dc3c61acf3dab0a7e594566171fa5746d6b62f9598efb6`
CRC32	`22598B08`
ssdeep	`3:IS:7`
Yara	None matched
VirusTotal	Search for analysis

Name	44083be323ff08f7_amers.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000081001\amers.exe
Size	5.5MB
Processes	1080 (Utsysc.exe)
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`211c3aecddbb97738943a1d9471ba7c2`
SHA1	`739cde98ae0761fb6e88fa548af75ea512631655`
SHA256	`44083be323ff08f7d4291a4b13a983ba680e3a793db7bd123179378e39d2a31b`
CRC32	`786993D3`
ssdeep	`98304:ThM4FP72iUsD1nMx7tHcCWQzWXMw5qOzV3Mr7jt4SNnVYm9GkAQ+qvkAKLpLjH9j:tJ1Yu1Mx7tHcdQzMljx3C6SDY/kAQ+rH`
Yara	PE_Header_Zero - PE File Signature hide_executable_file - Hide executable file IsPE64 - (no description)
VirusTotal	Search for analysis

Name	e753a6b743187c7d_motiva_sans[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\motiva_sans[1].css
Size	2.7KB
Processes	552 (iexplore.exe)
Type	ASCII text, with CRLF line terminators
MD5	`19f4a36c629c358690fc93dbd234d105`
SHA1	`6bbc819e64172d57a4abdaa20c8e2b8a32dd662c`
SHA256	`e753a6b743187c7d592e6e2d3580336751e6211cd228ad7410e02db29ec91ad8`
CRC32	`FD7AE715`
ssdeep	`48:y3/p1p6iBbbjR3Yk5kSR3YkywR3YktStR3YkFXR3YkRCR3Yk50woR3Yke+oR3Yks:ip1p6e8NOkXNwf+WAow`
Yara	None matched
VirusTotal	Search for analysis

Name	6b7a3177485c193a_motivasans-light[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-Light[1].ttf
Size	119.8KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansLight4.015;Plau;MotivaSa
MD5	`d45f521dba72b19a4096691a165b1990`
SHA1	`2a08728fbb9229acccbf907efdf4091f9b9a232f`
SHA256	`6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc`
CRC32	`EBD12149`
ssdeep	`3072:XnN/O/ceJkGwg/MOAibD2hPfX4HYhDhudcvObkSafj9:9/O/ceJkGwg/MOAib6nX44NhIWOb8fh`
Yara	None matched
VirusTotal	Search for analysis

Name	da708635da162ea4__combined[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\_combined[1].js
Size	119.3KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`39e34882ba4417cb4b1b84916dabb770`
SHA1	`0d0ca081fb60c8aad337091bafcbe84f966c38b0`
SHA256	`da708635da162ea493874627775c3520a42145b79c73bf787b5113bf87c0b27c`
CRC32	`CDBD990F`
ssdeep	`1536:LlFY4P+xmlvr+k3mCQHNl9EvOxzXQApcGBPVCGUb6WFA66WqiLOrVQXWc1Uw4zv6:71XZEl9EvOxzLcGBkQ1WBV4MH`
Yara	None matched
VirusTotal	Search for analysis

Name	e2d4e0e1d3e162fd_tooltip[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\tooltip[1].js
Size	15.7KB
Processes	552 (iexplore.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`72938851e7c2ef7b63299eba0c6752cb`
SHA1	`b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e`
SHA256	`e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661`
CRC32	`113C331B`
ssdeep	`192:x32Mu4vUDjHbnZsXGWIS75sTY8M7ebb6qgrrY20jhN3MScuhJ05zb5jzCF+MlF+8:x32L4kzt3gtGb5LQqha31iUTSiq5N`
Yara	None matched
VirusTotal	Search for analysis

Name	9da10d7b75c589f0_utsysc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
Size	307.0KB
Processes	2752 (abd.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b6d627dcf04d04889b1f01a14ec12405`
SHA1	`f7292c3d6f2003947cc5455b41df5f8fbd14df14`
SHA256	`9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf`
CRC32	`20C054AF`
ssdeep	`6144:G77rhGafhHSBwHRqGJbdbZI44SGe4s8Lu67rvAOveiZavLb:G7rRSSHRnJfIrscu67TZhavL`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4afb3e37bfdd549c_shared_responsive[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\shared_responsive[1].css
Size	18.5KB
Processes	1772 (iexplore.exe) 552 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`2ab2918d06c27cd874de4857d3558626`
SHA1	`363be3b96ec2d4430f6d578168c68286cb54b465`
SHA256	`4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453`
CRC32	`CBFE49FD`
ssdeep	`384:QwtVMAjYb2JalUNlpczHK77iHiEiN/mm+pqOw6GNNZhweP8/F:QmS6FJJNzczHK7uHix/T+pqOwlNzi`
Yara	None matched
VirusTotal	Search for analysis

Name	6cb869df089146c1_header_logo[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\header_logo[1].png
Size	10.6KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced
MD5	`a4e79c73ee13cb25b60fc4b0ba1f690c`
SHA1	`b690c31b2eb1b0eb085e91aaae7e79f03debe7c1`
SHA256	`6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8`
CRC32	`145A78A3`
ssdeep	`192:5ARjfa23tAJsqmbZEyI3ImwTHVeVUzp7C+22Z6XikPFffq0BV0FIZLKePlOoYWn4:5AfaItAJsfElI3jVwUzpC+JqNfC0wFIM`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	84fe36fa18724445_home[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\home[1].css
Size	14.6KB
Processes	552 (iexplore.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`fbaa908b7ad972519f01b8018ed98f2e`
SHA1	`625d6da35037b70fb9c4daa4622185ca44d0f4f2`
SHA256	`84fe36fa18724445ef05858506ade2e9bdafd2cee2d55555dc94ac94ae58fc6b`
CRC32	`5839D13A`
ssdeep	`384:MzzyxRPy8tJ2aAX2MZs2MD+OHU6KiG0Bh9Ar:KzyxRPy8tJ2aAmMZs2MD5HU6Ki3y`
Yara	None matched
VirusTotal	Search for analysis

Name	02f95fbdb68f232b_opera[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\opera[1].png
Size	2.3KB
Processes	948 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`5cb98952519cb0dd822d622dbecaef70`
SHA1	`2849670ba8c4e2130d906a94875b3f99c57d78e1`
SHA256	`02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7`
CRC32	`AD4AD45A`
ssdeep	`48:T/9xo755n07P4gcVK+VJOuCORmJtLnzvzNkYzGQqvz3EP3/pFqcU:no755nQPeVKMbNYJtLzvxkMheEP3/3s`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e6bd7a442e04eba4_build2.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000024001\build2.exe
Size	95.5KB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`1199c88022b133b321ed8e9c5f4e6739`
SHA1	`8e5668edc9b4e1f15c936e68b59c84e165c9cb07`
SHA256	`e6bd7a442e04eba451aa1f63819533b086c5a60fd9fa7506fa838515184e1836`
CRC32	`CBD4B9EB`
ssdeep	`1536:Fqskaq+A/lbG6jejoigIP43Ywzi0Zb78ivombfexv0ujXyyed2kteulgS6pQl:D7ZeYP+zi0ZbYe1g0ujyzd0Q`
Yara	detect_Redline_Stealer_V2 - (no description) UPX_Zero - UPX packed file MALWARE_Win_VT_RedLine - Detects RedLine infostealer PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult RedLine_Stealer_b_Zero - RedLine stealer OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	afce792469d28568_errorpagetemplate[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ErrorPageTemplate[1]
Size	2.2KB
Processes	552 (iexplore.exe)
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`cd78307e5749eb8aa467b025dc66bcd3`
SHA1	`7f85f932532719bc0ca23a21a24e146cdcd40668`
SHA256	`afce792469d28568da605230d27a6d5354f9451c60b5a3ce998edeaf098c8327`
CRC32	`12B03B3E`
ssdeep	`24:5Lj5x55k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+BieyuSQK:5f5H5k5pvFehWrrarrZIrHd35IQfOS6`
Yara	None matched
VirusTotal	Search for analysis

Name	3a335caead0fbb3d_3.520a7eda.chunk[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\3.520a7eda.chunk[1].js
Size	2.3MB
Processes	1772 (iexplore.exe) 552 (iexplore.exe)
Type	ASCII text, with very long lines
MD5	`13bcc7887b059b2d3d80f0e0b7abd615`
SHA1	`b7e52adc57faa4fb1786c2e453b82c7b75c1cf1d`
SHA256	`3a335caead0fbb3d197e87e0f256b6fc1966788dc34ddf7bd696d35c1f35e5d6`
CRC32	`63AD4D9E`
ssdeep	`49152:G9qMKZssR5RpJYCQKVqGDa89Oqh5mDYCQKVoq7cu6MQZC43hN+ge22vm:tsaMS+gem`
Yara	Javascript_Blob - use blob(Binary Large Objec) javascript
VirusTotal	Search for analysis

Name	ebd518bec6383218_header[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\header[1].css
Size	12.5KB
Processes	552 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`be1e0131e0dc3620948b14da818b1a4d`
SHA1	`810b4aff56a0e76cf870cc67e3092447b46dcd92`
SHA256	`ebd518bec6383218452cc4597aeff5debc82b1f76cbea1950c5ecbfd59c5e3e5`
CRC32	`B55B6CC4`
ssdeep	`384:CDWFvVcXIeIHug0g1RfzpJc8dIG4oLqE8js18mU2V5o4LYLysuSd:CDWFvVcXIeIHug0qRfPc8dIG4oLqRjsI`
Yara	None matched
VirusTotal	Search for analysis

Name	d29b73ac841cd9a3_scvrw28r.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\SCVRW28R.txt
Size	276.0B
Processes	948 (iexplore.exe)
Type	ASCII text
MD5	`46ecb324d1d4cbf3e0281beec6122924`
SHA1	`3f08797fd1e92d0f552a9c5f1f5234d02486d5fb`
SHA256	`d29b73ac841cd9a318697540822f6f90ad234a1f50e06dab5cc00b66144a9be5`
CRC32	`D843633A`
ssdeep	`6:2UdGkxGRXbH7ZkHukc/MGRXbkvWQVkHyH0oMNGRXbkvWQVkH/:2ctGRXbHVfV0GRXbhQv0oMNGRXbhQg`
Yara	None matched
VirusTotal	Search for analysis

Name	469fdfcaca047a13_dnserror[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dnserror[1]
Size	6.1KB
Processes	552 (iexplore.exe)
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`8c98552955cbb31ebed64742bf23349a`
SHA1	`e1d12cf6c84e4dca1c69421209e12237633f8e75`
SHA256	`469fdfcaca047a13a75283d5fd4bb96b56a28666d9df02195fdc2a4b78250539`
CRC32	`1A5BE0FF`
ssdeep	`96:uATpCAEQIgGN2P8bWF2oxrjSaFXQsgUkn:ukp4QSN2aWFFjSGXQVUkn`
Yara	None matched
VirusTotal	Search for analysis

Name	6976c426e3ac66d6_noconnect[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\noConnect[1]
Size	8.0KB
Processes	552 (iexplore.exe)
Type	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5	`3cb8faccd5de434d415ab75c17e8fd86`
SHA1	`098b04b7237860874db38b22830387937aeb5073`
SHA256	`6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7`
CRC32	`F9D26F41`
ssdeep	`192:SSDS0tKg9E05TKPzo6BmMSpEJH8x07oLKsiF+2MxNdcNyVE:tJXE05g/uEJH8m7oLKLo2MxncUVE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f2abf7fbabe298e5_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	948 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20344, version 1.1
MD5	`d3907d0ccd03b1134c24d3bcaf05b698`
SHA1	`d9cfe6b477b49d47b6241b4281f4858d98eaca65`
SHA256	`f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f`
CRC32	`B5ADEB16`
ssdeep	`384:pVO/VZJNNePVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkA4Y:pVQemOSu1guh+fZhLSxkAN`
Yara	None matched
VirusTotal	Search for analysis

Name	25478a3fe24cb3dc_css[5].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css[5].css
Size	311.0B
Processes	948 (iexplore.exe)
Type	ASCII text
MD5	`e7669f543033f358d60afffc934d85df`
SHA1	`0e874200fccb522f3be5865c9e35e48bf0424fa0`
SHA256	`25478a3fe24cb3dc0f4a05ecc3ac485d5dc3aac2bf5ad341adcba43851091b56`
CRC32	`B93B37ED`
ssdeep	`6:U+4OUr940FFTf21C5+56ZXizlpdaQH+MueiyAZ4wcM4Nin:UJO6940FRt5O6ZX6pt+M+5crY`
Yara	None matched
VirusTotal	Search for analysis

Name	0adf4d5edbc82d28_motivasans-thin[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-Thin[1].ttf
Size	116.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansThin4.015;Plau;MotivaSan
MD5	`ce6bda6643b662a41b9fb570bdf72f83`
SHA1	`87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8`
SHA256	`0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6`
CRC32	`35DFAE7F`
ssdeep	`1536:GAAAAAAAgsAAAYgIAAAAsAuErzzzz6mfzzVCA9zzzzzzdp/koLAGXImE98YfgNi9:kErZDE9BfgNiX9k3SDHewStfNwS0fj9`
Yara	None matched
VirusTotal	Search for analysis

Name	a43f3cf974c02ae7_utsysc.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\e8b5234212\Utsysc.exe
Size	306.5KB
Processes	2560 (Amadey.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5d0310efbb0ea7ead8624b0335b21b7b`
SHA1	`88f26343350d7b156e462d6d5c50697ed9d3911c`
SHA256	`a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a`
CRC32	`0E9B07EA`
ssdeep	`6144:Rb6w2ysktItqrvJ8oGJJWfZRXIjqGlG4u67+lAOHziULb:RNtmqjJ8xJmRGltu67sfL`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	482fed1a79de8171_accounts_google_com[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\accounts_google_com[1].htm
Size	329.0B
Processes	948 (iexplore.exe)
Type	gzip compressed data, last modified: Fri Jan 19 20:33:04 1996, from TOPS/20
MD5	`272c0292045b051231365e28d2396370`
SHA1	`6dbbd562f5f8e07c67bb4187c92d8d9bfa263723`
SHA256	`482fed1a79de8171720acef0bf4aace88d8d9903a6fce879f05eb5ee8b32fff2`
CRC32	`F69CAC56`
ssdeep	`6:XtZTC/VGTGTGTGUlU8SXCtnx2vPjUe+VZ/tif5YcADh/EpMyztr:XDG2UXCtnKPozTixnANEpMo`
Yara	None matched
VirusTotal	Search for analysis

Name	6f93f21bc1ecc2d1_motivasans-bolditalic[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\MotivaSans-BoldItalic[1].ttf
Size	131.3KB
Processes	552 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBold Italic4.015;Plau;Mo
MD5	`e77ef961fe37dd8e6de30d4f7fa9a4de`
SHA1	`567327935ae2bb3de45e7f612f2d05273a999584`
SHA256	`6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64`
CRC32	`67EE023D`
ssdeep	`3072:w+hQ7lZMhScOZZI1pwldKK087VnIpTcIH1hW8Y1fj9:wQh1mZekMb8YEfh`
Yara	None matched
VirusTotal	Search for analysis

Name	658c6d0550777f3b_{eb4ead3b-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB4EAD3B-7A28-11EE-948E-94DE278C3274}.dat
Size	5.5KB
Processes	3544 (iexplore.exe) 1772 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`d9ccab7a3aba1bfacb9920a634ad5dcf`
SHA1	`68ae58bb997e849e96bdc36dd7d053e1d58634b5`
SHA256	`658c6d0550777f3b230bb1517510aa3fa09a734876189061592a8742ad60c716`
CRC32	`A0A73DEE`
ssdeep	`48:rUYG95bXwiZZl9huiZZlFniZZlriZZlViZZlHAH5zYwiZZlxuiZZla7Ml:IfVYqgA5zYfTaC`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	19b8db163bcc5173_motivasans-regular[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\MotivaSans-Regular[1].ttf
Size	119.8KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 22 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansRegular4.015;Plau;Motiva
MD5	`57613e143ff3dae10f282e84a066de28`
SHA1	`88756cc8c6db645b5f20aa17b14feefb4411c25f`
SHA256	`19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14`
CRC32	`CD0E286C`
ssdeep	`3072:lpsQ7l3T64Z1lKcDqttEPBWVNwZ+e222pKKSxfj9:Yg3T64Z19DqtkWbu/222kZfh`
Yara	None matched
VirusTotal	Search for analysis

Name	b581d3ca109eec3f_manifest[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\manifest[1].js
Size	14.7KB
Processes	552 (iexplore.exe) 1452 (explorer.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`17d3ae832bbe0b21b7658124f280c1c6`
SHA1	`f182e40148cd9f760ff632eda5fd85ebc2d962a8`
SHA256	`b581d3ca109eec3f1d733cf2729403774d2289a25ca66620bebe543e58d0b97e`
CRC32	`093613B2`
ssdeep	`384:+1d1B6fcx9Jp9hl3FFsjJgh7oYGVhkc373Ml+m4ksN:gachRFEgGYG7dL3Ml+m4ksN`
Yara	None matched
VirusTotal	Search for analysis

Name	0977b41c8a28b8e9_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	23.5KB
Processes	1080 (Utsysc.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`916be4d86f63c60250ace7f443aebf1a`
SHA1	`c148bd85cbe1d8ef13dad6f93c9c75f8c3eb5cc2`
SHA256	`0977b41c8a28b8e9cd8faabf1d3959390ae48519ffcd03387e8acb9b15eba175`
CRC32	`837C12C6`
ssdeep	`384:0JaiPMgnbQA5s9D6wdhBEmz1+tisuWmwr:0Abus9D6wdDEmp+t3Tmw`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	0d5567d1e9ebff99_recoverystore.{eb4ead37-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB4EAD37-7A28-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	3544 (iexplore.exe) 552 (iexplore.exe) 1772 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`fefcef61f110af33d98f2ac50a02a483`
SHA1	`cc09762ea510d941db81741e9cb9add3dc0bd612`
SHA256	`0d5567d1e9ebff990b3f676cd882eeab1b9bb07b1a4fa5945707c3b11d9e6c36`
CRC32	`38F3A04B`
ssdeep	`12:rlfF2aQrEg5+IaCrI0F7eF2osrEg5+IaCrI0F7OgdNlTqbax0HHIK6NlTqbax00s:rqaQ5/Vos5/XdNlWvnF6NlWv0NCF`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	ff8ba58ff6696981_{eb4ead39-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB4EAD39-7A28-11EE-948E-94DE278C3274}.dat
Size	3.5KB
Processes	3544 (iexplore.exe) 552 (iexplore.exe) 1772 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`9cfdbafa35bf9eb9bbfb212002f3cb19`
SHA1	`9aca37c42dbd339b9da915b15441c218dc2170cf`
SHA256	`ff8ba58ff669698191968435891fa3a5fd1656108d195696550dfb1490bbe22a`
CRC32	`7349E27C`
ssdeep	`12:rl0oXGFH/4WxrEgmf106FRrEgmf10qTNlnZbaxtGm:rw5xGBGVNlZ83`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	a9f764ade5243846_832866432405 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\832866432405
Size	23.5KB
Processes	1080 (Utsysc.exe)
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1024x768, frames 3
MD5	`76b83645dc0b097bee822311a886c392`
SHA1	`bf86e91821854a5fcc8bbe866c88e5d856bc4242`
SHA256	`a9f764ade5243846a693886f9de39fb4a0aa9d73136881832785fe62fa555ac3`
CRC32	`E4838D77`
ssdeep	`384:0JaiPMgnbQA5s9D6wdhBEmz1+tisuWfwr:0Abus9D6wdDEmp+t3Tfw`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	fc6f5d8f32f13d58_yt_logo_rgb_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\yt_logo_rgb_light[1].png
Size	9.0KB
Processes	948 (iexplore.exe)
Type	PNG image data, 1588 x 356, 8-bit colormap, non-interlaced
MD5	`d654f892f287a28026cd4d4df56c29c8`
SHA1	`98779a55fe32a66ebec8338c838395d265e45013`
SHA256	`fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8`
CRC32	`ADDC0391`
ssdeep	`192:xTgkM9IY3KfGF7OhNzYlIgLUZt6oBhRLpiUQgkM4ICB6CvE9:NNM9IY3DF60lA6kLpbQgkdze`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ae9f6c61e25d1588_footerlogo_valve[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\footerLogo_valve[1].png
Size	3.6KB
Processes	552 (iexplore.exe)
Type	PNG image data, 96 x 26, 8-bit/color RGBA, non-interlaced
MD5	`1626f52addb7c56fe3679d82108c62e9`
SHA1	`2b414092d66ecff528950093a655f755c3c7f3b5`
SHA256	`ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1`
CRC32	`BAF78720`
ssdeep	`96:OSDZ/I09Da01l+gmkyTt6Hk8nTqviwYZP2H51:OSDS0tKg9E05Tqviw6451`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f41d104623d72170_{eb4ead38-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB4EAD38-7A28-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	3544 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`8b07b47ee39540a99c719804d77d1586`
SHA1	`259d1f8cbed36f626c5c624efa75de0acf74a948`
SHA256	`f41d104623d7217059a88b8ef7bde48d702294f878c81ef6f1b84eddc173ad1a`
CRC32	`620E8940`
ssdeep	`12:rl0ZGFV4rEgmft06FWp/EDrEgmfh0qgNNlTVbaxLNlP9bax1DV1u:rB4Gep/QGmNNlp+Nl1iDV`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	9f34abcc66c858bd_login[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\login[1].js
Size	59.3KB
Processes	552 (iexplore.exe) 3544 (iexplore.exe) 1772 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`818b5b6802ade9bc10c979666ee5e2c4`
SHA1	`459e0bc8b8b1f4b1af3dcb6583b8bc3f7a624f9e`
SHA256	`9f34abcc66c858bda5652c104a4471a0ee98994cd9718cdfae6623bc52c403ec`
CRC32	`8E6330C7`
ssdeep	`1536:AErpvhgB0KEApMyw+l/oOJz9WwymlgaUYCOlb+OeaLJIt:AEd5gbEhZSyuLJIt`
Yara	None matched
VirusTotal	Search for analysis

Name	0be99fd30134de50_buttons[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\buttons[1].css
Size	32.8KB
Processes	552 (iexplore.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`b91ff88510ff1d496714c07ea3f1ea20`
SHA1	`9c4b0ad541328d67a8cde137df3875d824891e41`
SHA256	`0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085`
CRC32	`E7210F30`
ssdeep	`768:1rv31+3R8zIF/3doix2R1pW81qWZRhcJMJsJx:FpP1vZRE`
Yara	None matched
VirusTotal	Search for analysis

Name	d8bdea7fff893dbd_prototype-1.7[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\prototype-1.7[1].js
Size	165.4KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`6a39e0b509fecb928d47b8a2643fed2a`
SHA1	`f67fa6cb1d09963d10ba117d6553c8e7d5bc7863`
SHA256	`d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96`
CRC32	`C752A414`
ssdeep	`1536:CZXcWblD1ySId1u6p3JuZolKvI28mGY7NIj4WT0PjXsW0NKWzcEjpPrmcGKJ/jfT:ocWblASIdIv8tXYPjkrmgD8d3dI`
Yara	None matched
VirusTotal	Search for analysis

Name	6f42b906118e3b3a_shared_global[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\shared_global[1].css
Size	84.6KB
Processes	552 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF, LF line terminators
MD5	`15dd9a8ffcda0554150891ba63d20d76`
SHA1	`bdb7de4df9a42a684fa2671516c10a5995668f85`
SHA256	`6f42b906118e3b3aebcc1a31c162520c95e3b649146a02efd3a0fd8fcddebb21`
CRC32	`213FE985`
ssdeep	`768:DTLiHVcJv7oA7eQW6tNcEIqgvRnKQWQMJqiJ30QkUHrKxfsN/WCcZxb98cJbY/c4:nr0Q1rU5C0HP+iSgu873pO9E+UnweoQC`
Yara	None matched
VirusTotal	Search for analysis

Name	fa2be0dc016756a3_{eb4ead3d-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB4EAD3D-7A28-11EE-948E-94DE278C3274}.dat
Size	3.5KB
Processes	3544 (iexplore.exe) 552 (iexplore.exe) 1772 (iexplore.exe) 1452 (explorer.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b282b80965a47abad4af3e26102caf69`
SHA1	`a3902d4b2c3450eedbd1153d5387e04084f4a955`
SHA256	`fa2be0dc016756a37b4634c20f468f0637befc8a840c0d02ef433984c07c05c0`
CRC32	`83EA327C`
ssdeep	`12:rl0oXGFZ0xrEgmf906FnrEgmf90qTNlk8RbaxkDDWmqL:rq0xGfGNNlkwXDLk`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	ec8b65e82fd6dcdc_lom30.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000029001\lom30.exe
Size	1.5MB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`1b29ca3c8042e7e2f132f66356707ac9`
SHA1	`03fbbd93636052b702056ec87edfe25745b9ac21`
SHA256	`ec8b65e82fd6dcdc60cd7be23c4a6d2cf0c460624fec5d15c031700247bcb547`
CRC32	`3DC55202`
ssdeep	`24576:tynXVwXXs6NZHVBxVQsH21GyQzRKytdX8sFH+oVNeXzGqkYCl8:InXVspBxlW1GFgyUsRLKz8B`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) CAB_file_format - CAB archive file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	a971f671f007486b_libraries~b28b7af69[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\libraries~b28b7af69[1].js
Size	875.7KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe) 3544 (iexplore.exe)
Type	data
MD5	`b529efada82cabb4e7215e35279a0d6e`
SHA1	`515bd39cb98778a1a24fa3e8e3b165890b4eebbe`
SHA256	`a971f671f007486b8a5325a010380d4563746be2eba2515030545342a13a7ff2`
CRC32	`95DB5D32`
ssdeep	`6144:D+8r22Z/EfzmMMNmGTbr/HCthO/2qB70i3URF8IlCyjo94sphXb9vjrgxf5yBemk:FNMMrTbrPCthOivoHphXb8w6NEj/w`
Yara	Malicious_Library_Zero - Malicious_Library Javascript_Blob - use blob(Binary Large Objec) javascript
VirusTotal	Search for analysis

Name	fc9e6260a2706ae1_header_menu_hamburger[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\header_menu_hamburger[1].png
Size	3.7KB
Processes	552 (iexplore.exe)
Type	PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced
MD5	`eabc76eb57feae44add7faead028521e`
SHA1	`4e3e53938fad15661d2d046a868338841a95db19`
SHA256	`fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa`
CRC32	`26C6AF93`
ssdeep	`96:W5Zsk8bb6l5qnCoghGfkm37QP00rqGDXrg/sG3vUx+Iocg2fkjGfkjky:W5H8o5qe0Mu7600WiXE/v3ve+Is2MjGm`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8b97ba0dac22fe67_logo_valve_footer[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\logo_valve_footer[1].png
Size	1.8KB
Processes	1772 (iexplore.exe) 552 (iexplore.exe)
Type	PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced
MD5	`574c350c7b23ae794d5276f8580e0838`
SHA1	`235c7b35c3468f8915eca01f7abdb43d34079609`
SHA256	`8b97ba0dac22fe6704c1f6d95fe79613f33017804f256abb9006df0442491787`
CRC32	`9670C3AB`
ssdeep	`24:o/51he91Wwh82lYSg767V+6gT3qxyJbRW6vRW6nGPAQ4PKsSnflj0Sybz4+43Ore:o/qQvnb6706gVJbVvVnX/8NAzb/4OFjg`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	39f9942adc112194_firefox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\firefox[1].png
Size	9.1KB
Processes	948 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7f980569ce347d0d4b8c669944946846`
SHA1	`80a8187549645547b407f81e468d4db0b6635266`
SHA256	`39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7`
CRC32	`AD988195`
ssdeep	`192:swtZ0EaLRTVeaA8vS4ooLD76IujS/izb8dSEG07bjHG/T7emn3CtmVU:lgbNJeahv3BLKjS/inwBG0PjcemnKZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7da27df04c56cf1a_EDF7.bat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\EDD5.tmp\EDF6.tmp\EDF7.bat
Size	429.0B
Processes	3432 (7wT5Ey89.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0769624c4307afb42ff4d8602d7815ec`
SHA1	`786853c829f4967a61858c2cdf4891b669ac4df9`
SHA256	`7da27df04c56cf1aa11d427d9a3dff48b0d0df8c11f7090eb849abee6bfe421f`
CRC32	`7BDA223B`
ssdeep	`12:Nu+Duz+bu/+Duz+bukMuWc4T/u24DukDOudYBDu0B6CDuLGWuz+K:5DEgw2EgtMujy/MtDOW2RMCtWER`
Yara	None matched
VirusTotal	Search for analysis

Name	846a9b551e74f824_chrome[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\chrome[1].png
Size	6.1KB
Processes	948 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ac10b50494982bc75d03bd2d94e382f6`
SHA1	`6c10df97f511816243ba82265c1e345fe40b95e6`
SHA256	`846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd`
CRC32	`601FBBE8`
ssdeep	`96:JSI2DA4yfvxQfGx7VW/Jagwy8dwMwjU9KgmgJLdcJLHZp5r8wdDMhlJGD/nmw8v6:8dDA/gidaUswM5bwSoaew8v6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	07d07a467e4988d3_favcenter[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\favcenter[1]
Size	3.3KB
Processes	552 (iexplore.exe)
Type	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	`25d76ee5fb5b890f2cc022d94a42fe19`
SHA1	`62c180ec01ff2c30396fb1601004123f56b10d2f`
SHA256	`07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b`
CRC32	`7FE3FBCC`
ssdeep	`96:RZ/I09Da01l+gmkyTt6Hk8nT1ny5y3iw+BT:RS0tKg9E05T1yIyw6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c3a7c646a1305017_logo_steam[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\logo_steam[1].svg
Size	3.6KB
Processes	552 (iexplore.exe)
Type	SVG Scalable Vector Graphics image
MD5	`b7a7e43284e2ffe806ac1bc27c1f6a87`
SHA1	`e8196489e2ae99ec6eb33995b5a3e108d6e44de0`
SHA256	`c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb`
CRC32	`E44E71C6`
ssdeep	`96:CXQSfzclE2Bc4N/waCVAh+m8CE2n1HNBRjVO2PGPLYOgzypH6YB:WQAzSE2BB9/c1CEEtoFUOgzs6YB`
Yara	None matched
VirusTotal	Search for analysis

Name	1471693be91e53c2_background_gradient[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\background_gradient[1]
Size	453.0B
Processes	552 (iexplore.exe)
Type	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5	`20f0110ed5e4e0d5384a496e4880139b`
SHA1	`51f5fc61d8bf19100df0f8aadaa57fcd9c086255`
SHA256	`1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b`
CRC32	`C2D0CE77`
ssdeep	`6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	da0bf5520986c2fb_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\465dbc52837d81\clip64.dll
Size	102.0KB
Processes	1080 (Utsysc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ceffd8c6661b875b67ca5e4540950d8b`
SHA1	`91b53b79c98f22d0b8e204e11671d78efca48682`
SHA256	`da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2`
CRC32	`CDB79102`
ssdeep	`3072:bHEjxEfCk+EeY22JosmvWuQRRIQrT7xUD0YNS60Z:DsqqdLsOWuQRbaHNS60Z`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	95d9d5b89db68830_haloup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000080001\haloup.exe
Size	455.0KB
Processes	1080 (Utsysc.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3e6ed1ceb52c1d4e9ef09cd3aebe7741`
SHA1	`581b21ba4ec0a72d88323e3cab7879b1a93b9a31`
SHA256	`95d9d5b89db68830e63fd9a10a2f308a396f9ed6c15dcf9f7c5aec09521bffa3`
CRC32	`CFD556C5`
ssdeep	`3072:L1M+yKVKnVo54uZVgUIf+WO86K20A6jfxMhjhHzlCzw7EoP06yt5RME0KtA/qyVG:8CqOVgUIfE86K2UjpuH0FKzqyVRztNA`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	57cfaf9b92c98541_shared_responsive_adapter[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\shared_responsive_adapter[1].js
Size	24.1KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`a52bc800ab6e9df5a05a5153eea29ffb`
SHA1	`8661643fcbc7498dd7317d100ec62d1c1c6886ff`
SHA256	`57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e`
CRC32	`810976D9`
ssdeep	`384:aUXvnJo2dacv5Wc4gOV+n0Xmz85JX1c/jc0NL+lMF2KDnXhOMucpqWqGil/wSwf3:aU/nq2dd4gmLWqGil/wS20m`
Yara	None matched
VirusTotal	Search for analysis

Name	2cb376e2cf2f33f3_main[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\main[1].css
Size	123.1KB
Processes	552 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5	`798258ba1bf7d882e7b8d4cac5f47a0e`
SHA1	`0387998de2596e01a2f3e52b6b1405fe391dd51e`
SHA256	`2cb376e2cf2f33f3dccd97221ee7321ae04ee8c4d7ace10929fd36ca8dddebe8`
CRC32	`0B75BC9B`
ssdeep	`1536:9zPeWhyN5aaaqYvR3VDKkwZBYjhQYkyqYlte5oHsvLNb5g:QYmZOQOFsv1a`
Yara	None matched
VirusTotal	Search for analysis

Name	7631736851bd8c45_shared_global[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\shared_global[1].js
Size	150.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`dcf6f57f660ba7bf3c0de14c2f66174d`
SHA1	`ce084fcb16eec54ad5c4869a5d0d0c2afb4ba355`
SHA256	`7631736851bd8c45de3fc558156213fca631f221507ca5b48893dbe89ed3448e`
CRC32	`7ED9F5F9`
ssdeep	`1536:D1lFAT60MhmjGFhxx25lnl9asPdVcTziMayN3qxViIomeFANNfsfM6kQuOEmTMqe:v08xx25/9a6dVc39qVij4rUEoe`
Yara	None matched
VirusTotal	Search for analysis

Name	23341256db7f44b1_btn_header_installsteam_download[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\btn_header_installsteam_download[1].png
Size	291.0B
Processes	552 (iexplore.exe)
Type	PNG image data, 15 x 13, 8-bit/color RGBA, non-interlaced
MD5	`a2796187c58c7e948159e37d6990ecc2`
SHA1	`4209cd85add507247f9ce5a87a8c9095b54ee417`
SHA256	`23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082`
CRC32	`0E86C9EA`
ssdeep	`6:6v/lhPU8WnDspP8GYUQiOTmUDJcyYWm5kvrCBVreLbp:6v/78OaGYfLDBYCrCneL1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	32d4c8dc451e11db_motivasans-black[1].ttf Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\MotivaSans-Black[1].ttf
Size	118.0KB
Processes	552 (iexplore.exe)
Type	TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 24 names, Macintosh, Copyright \251 2012, 2017, 2020 by Plau. All rights reserved.Motiva SansBlack4.015;Plau;MotivaSa
MD5	`4f7c668ae0988bf759b831769bfd0335`
SHA1	`280a11e29d10bb78d6a5b4a1f512bf3c05836e34`
SHA256	`32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1`
CRC32	`437372E0`
ssdeep	`3072:IrEEEEEueapd0oej1yAHjU/gXG7mGSCfj9:IDpd0oejdQ/gXgfh`
Yara	None matched
VirusTotal	Search for analysis

Name	d5482b48563a2f17_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\aca439ae61e801\clip64.dll
Size	102.0KB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8da053f9830880089891b615436ae761`
SHA1	`47d5ed85d9522a08d5df606a8d3c45cb7ddd01f4`
SHA256	`d5482b48563a2f1774b473862fbd2a1e5033b4c262eee107ef64588e47e1c374`
CRC32	`CCD3D704`
ssdeep	`3072:/HEjxEfCk+EeY22JosmvWuQRRIQrT7xUcdYNS60Z:PsqqdLsOWuQRbZeNS60Z`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	294a60b31d75b260_1.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000006001\1.exe
Size	378.3KB
Processes	2680 (Utsysc.exe)
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`1eaba90935d3a7527d556866647b55e1`
SHA1	`56a5ca57b3eac1f9859fb117f7de341da8bc3638`
SHA256	`294a60b31d75b260b6f2f8a14291173fd652578e7037d7b02bb42d884ff55314`
CRC32	`EB7635EB`
ssdeep	`6144:ScYDr2oWewK8aSTqaVIkuh7PjTH5hRpNHWOsNh:1YDrw+HxbLsL`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e92894d7737a75c3_global[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\global[1].js
Size	101.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`13bf13082e84bb87750380c0b44d2334`
SHA1	`a2797fe38076a91a2db5c5eea7677925878576a0`
SHA256	`e92894d7737a75c34530235d483315ef69fce7b5c0689788817473c89849e9cd`
CRC32	`E6E14C68`
ssdeep	`1536:a9QF0iWEy9m5+sr7yYsgwFV1Dl/1DlZVLoWAW3TJ0zMzkSTgjN+1emFrO5dXg71D:aWyZ2U/1opFFsnD7`
Yara	None matched
VirusTotal	Search for analysis

Name	af01e700442f7436_main[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\main[1].js
Size	500.0KB
Processes	552 (iexplore.exe) 1772 (iexplore.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators, with escape sequences
MD5	`f0194520ac1d655dfbf9cc22e0ff768c`
SHA1	`51145a61f8f31f3b8ae01d1d388d9ac42b15dfd7`
SHA256	`af01e700442f74364998980013bd2c44a46be79eb5b06f58dbbb49d326dd6adf`
CRC32	`5F82FFA6`
ssdeep	`6144:osVd0LjZNamlT7CQOj6aRoVhs7aLd29Yax3/:occjtlT2pXSNdIYc3/`
Yara	None matched
VirusTotal	Search for analysis

Name	e17152f400f504c4_17q2wr3j.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\17Q2WR3J.txt
Size	129.0B
Processes	948 (iexplore.exe)
Type	ASCII text
MD5	`d35784e590bdbd867e41134a0cc5e6d4`
SHA1	`f4b344279ce927e3d798d5d2be7c3d414786579f`
SHA256	`e17152f400f504c453e2cc45796b9215801b9e11e59858f6200bb22a12ad9601`
CRC32	`E127DEC8`
ssdeep	`3:LDM8vUVsINh0WyTQgJjDs53dVJ3uJcSMKC+EmoQ8AYSHXvn:Lg+3Cvykgtw59+SVwSQ8A/H/`
Yara	None matched
VirusTotal	Search for analysis

Name	bed28bda796e4d48_{f24789a4-7a28-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F24789A4-7A28-11EE-948E-94DE278C3274}.dat
Size	4.0KB
Processes	3544 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`dafedccdcea91ed1cc50c8338fd4a5bc`
SHA1	`196137c78456290902ae4ce6eb9967dab978a4f0`
SHA256	`bed28bda796e4d48f98ff9cefe8e3ec1a43c273f852815685f56a31f76717442`
CRC32	`2F35DD48`
ssdeep	`12:rl0YmGF7XYrEgmfQB0KFJrEgmfF0qwltNlx/U9baxk7b9QWll69:rpXYGGGaltNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis