Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.20 07:04
.csrss.exe
04.20 07:04
.csrss.exe
04.20 06:04
cookies-alert-script.j...
04.20 06:04
mdb.min.css
04.20 06:04
font-awesome.min.css
04.20 06:04
bootstrap.min.css
04.20 06:04
style.css
04.20 06:04
popper.min.js.pobrane
04.20 06:04
jquery-3.2.1.min.js.po...
04.20 06:04
mdb.min.js.pobrane

Latest News
04.20 02:04
[K-CTI 2025] 엔키화이트햇 천호...
04.20 01:04
[K-CTI 2025] 안랩 김승관 부장...
04.20 12:04
[K-CTI 2025] 케이토네트웍스 "...
04.20 12:04
[K-CTI 2025] 전덕조 씨큐비스타...
04.20 11:04
Frankenflair 58: Manua...
04.20 10:04
IT Sicherheitsnews tae...
04.20 08:04
China’s TMSR-LF1 Molte...
04.20 07:04
Tiktok testet Fußnoten...
04.20 07:04
KI-Bots im Undercover-...
04.20 07:04
Entkomme der Zahlenfal...

Dropped Files | ZeroBOX

Name	19b644434cfa9f5d_yahoo[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\yahoo[1].png
Size	3.0KB
Type	PNG image data, 180 x 74, 8-bit colormap, non-interlaced
MD5	`6919fd582e1387e697f8e772008530db`
SHA1	`e00b871dfd52f1bb0e95ef27578a59eb8d0da055`
SHA256	`19b644434cfa9f5d12e1e90a3c2d062aacf27da9ecbe8393df77383ab3c00208`
CRC32	`DFCC2341`
ssdeep	`48:3DpCW12xSs/sWwE2+mLL00ZWjvvW9yEsm3doigvLYN4H8Jp48b+lW9:dCoEPb0s7W9yEsX7tOp4XQ9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	46b389bbe3094872_PYTHON.EXE-C663CFDC.pf Submit file
Filepath	C:\Windows\Prefetch\PYTHON.EXE-C663CFDC.pf
Size	57.2KB
Type	data
MD5	`89007037c32953c97264a71995faa83a`
SHA1	`8a64f3862374d4316d7c5db391b218784a39d621`
SHA256	`46b389bbe309487282dd144af0fe7dd5a1b602612c51f4fe589631859bf2c7f1`
CRC32	`EAA8ABEC`
ssdeep	`768:r1rYD8iIjc51yPRTd1UosERgQS5xX7svqQ4dzjRQ:r1cQiIjcYTdyzgYxPQ4dz1Q`
Yara	None matched
VirusTotal	Search for analysis

Name	b0871566c6200e60_MpSigStub.log Submit file
Filepath	c:\Windows\Temp\MpSigStub.log
Size	44.2KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`dc750c47828b3c522e08dba30a0da568`
SHA1	`c4bd1a10cb114f99abc4156a7898e4e69e8c4158`
SHA256	`b0871566c6200e601f4d8051d3ca9672c520e3687236c8a21db5b5f2373b3d04`
CRC32	`6D8DEC39`
ssdeep	`768:2JOCh9kSv8dU2LdZpV0bdZNXY/StdZ0lK:obvn`
Yara	None matched
VirusTotal	Search for analysis

Name	3535565743114fe8_GOOGLEUPDATESETUP.EXE-305B5E54.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-305B5E54.pf
Size	44.8KB
Type	data
MD5	`f710aa47c771f726ba335aae4a26c933`
SHA1	`005eb481cfafd926b3d57f3d0d3665ddeeb2889b`
SHA256	`3535565743114fe8054e4f2644c73e159318964aca8d50913ad130b73b14f26f`
CRC32	`BC78B81C`
ssdeep	`768:VgNPewOpAe2g+NpRRSeUdZLUFftW5TNH35mRGmPFJ:V2PlOp4zpXaLURtWxt8FJ`
Yara	None matched
VirusTotal	Search for analysis

Name	1dec8551d1689767_AUDIODG.EXE-BDFD3029.pf Submit file
Filepath	C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
Size	26.0KB
Type	data
MD5	`0847d627ff42561878e97110dfe3085a`
SHA1	`9314e4041e0ba37d17c295a0676bf0e842ad92f9`
SHA256	`1dec8551d1689767e6c8d16f93c5f3e7251342d48e2d992cb35f496e4652397c`
CRC32	`2B9603F1`
ssdeep	`384:ji0CSK/HViReJg0Skdd/HsJt2KfHnGkEOwoFe30YfPj2s5DLu:jPPK/V1dL/M2KfHnGnTEcL2s5D`
Yara	None matched
VirusTotal	Search for analysis

Name	77294cb3d09d9742_SandboxieInstall.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
Size	5.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2219aef85b43c674813d641d7f0897df`
SHA1	`a3376224dc5c5aa991d5f6c7855b5ce968939f33`
SHA256	`77294cb3d09d9742f3078715db1c76ee6e82069287bd04725794c83fb8babbb2`
CRC32	`7A68E7BB`
ssdeep	`98304:4HeGJpqv8HtbaY7hvfw/Qji5mdqWxZHFTMCdoPRr4x95nS:4HeGJMv8P7hnw/Qj8mY2FT52P+D5S`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4c38ecdd5c823bde_THUNDERBIRD.EXE-A0DA674F.pf Submit file
Filepath	C:\Windows\Prefetch\THUNDERBIRD.EXE-A0DA674F.pf
Size	222.0KB
Type	data
MD5	`224aaf345cafc4b1da0d81f053554620`
SHA1	`13c776584534aea7e5907ae5553e5cbff1acedd3`
SHA256	`4c38ecdd5c823bde1cedc17d905c0e15ec39f7a3d0f14ed971366245747e04d5`
CRC32	`406C3356`
ssdeep	`3072:nVqtmXUdzUBTf57xVD/mrhV8kdwmWz91E56hJAUfVtoXE0G:nYtbYl67d9P59UfVtoJG`
Yara	None matched
VirusTotal	Search for analysis

Name	8a265f137f9bd4c9_ivylace.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\IvyLace.png
Size	86.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 193 x 322, 8-bit/color RGBA, non-interlaced
MD5	`df9960bd75494be3c8aa6953bc4b869c`
SHA1	`1b8e3720d85a3583443eca58e2827f0ba5e75b0c`
SHA256	`8a265f137f9bd4c9ba7bca815de1088e1f95c093a25901350b7cd0b4b14fde78`
CRC32	`FFF4B9BF`
ssdeep	`1536:tEYNBJ0JbTvglRPMu2FUqo5pnf6fAXk+C35bv7ty64zIW8X3j0R8zIoAJ:tTNBqPIliu2+rfAr+C35bvZypbY3YSB0`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	b39f51a64048fe26_mickeymouse.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MickeyMouse.ini
Size	680.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a32b0a69a50aaaf0199500937b815ea7`
SHA1	`f6e6d47d60107184deeab69a0b3ba0a7352063ab`
SHA256	`b39f51a64048fe26b41831d4dbb612965b967d9aa0f01d579038f67728508b8b`
CRC32	`20532646`
ssdeep	`12:a4EqmYLrrcR5pjpJrtOp0KPvE0BHy5W2iWO92GbblTYQJbwcz:BEQrm5b7Ou0v/ONifpVJci`
Yara	None matched
VirusTotal	Search for analysis

Name	ddd2fc135c6d98a4_DLLHOST.EXE-4F28A26F.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
Size	70.6KB
Type	data
MD5	`e497061d0e5171ef97f323f8973d2770`
SHA1	`58d6354e8fbbefcdcbe6681eaa1420e5316623d3`
SHA256	`ddd2fc135c6d98a4408762ee92151312e8b5edf0d4ff9e9662b1059f451e3e04`
CRC32	`7009A8DE`
ssdeep	`1536:h/qogbmdyAURIe2qvp4+r8jpuYE5gecPEhSL9:CjaGA`
Yara	None matched
VirusTotal	Search for analysis

Name	2a625efd9daa18ff_MpSigStub.log Submit file
Filepath	c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpSigStub.log
Size	20.0KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`9270e09ba1dc25097f5b1013d6378fc2`
SHA1	`4a081e689ddda71c75de8202d8145ea7b19cbcfe`
SHA256	`2a625efd9daa18ff908c73bdd64398d60864c7df4b3734cf8771a132167a806c`
CRC32	`48D64BD8`
ssdeep	`384:wIGb9naQdjvPt+l1WpSB/+wTp9n26djvxazC6zpYWtT:fGbwQdjTadpXdj4DVYM`
Yara	None matched
VirusTotal	Search for analysis

Name	0b8f5cda202ca55a_fwtsqmfile01.sqm Submit file
Filepath	c:\Windows\Temp\fwtsqmfile01.sqm
Size	140.0B
Type	data
MD5	`c3e2c38aced653d6848e6f45973675b8`
SHA1	`2526902cebaf6450f471255398c363c08234eb7c`
SHA256	`0b8f5cda202ca55a277bd86b36020436549b76b2cbb1d4f5d711c7b303ba3ed3`
CRC32	`DF5AC7B4`
ssdeep	`3:Hl1li9Qll+llltXnZo8YdqZrHVgLAEp2iQdl5llll:F2Qm/HnvYdqVHVgLAA2B5//`
Yara	None matched
VirusTotal	Search for analysis

Name	ba92995d1296b989_invalidcert[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\invalidcert[1]
Size	4.9KB
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`57868b56f2ae430d15693e82a827ddb5`
SHA1	`c72b54f285f93e0ada5d1991dd2e8d1a14aa6a0c`
SHA256	`ba92995d1296b989dc78b21e8c7eaadc799e91db819f3f83bfba817b28df6e4b`
CRC32	`6CA10D5C`
ssdeep	`96:UqUHCkAs5PFkiGjUpG9gHdk0iSAu5hfeGNBz1t9hS:9ULAsnkdjo2gnNBz39hS`
Yara	None matched
VirusTotal	Search for analysis

Name	264f1f3ca50008d5_casio.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Casio.png
Size	46.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 190 x 210, 8-bit/color RGBA, non-interlaced
MD5	`771989ca35f956e5af4e43df7f9e27d5`
SHA1	`e38b023d8c57225f7450b2fe0845877de8c85f05`
SHA256	`264f1f3ca50008d5a28b30e08741663264bd30cd53005a804179ba8f6fb396fa`
CRC32	`58718CAF`
ssdeep	`768:MgH34monBdcO89MlOEUp9/hXoIuFAMlalsAERfgNJJivcYIt:H0jkm0EUp9/2bFAMklIpQ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	dad57975be6833c5_uninst.exe Submit file
Filepath	C:\Program Files (x86)\ClocX\uninst.exe
Size	52.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`3387961372fe91c2cc69b53180cbfee4`
SHA1	`ede6fb0d2319536efca218d461425d2addffd88e`
SHA256	`dad57975be6833c50d32ee77212addf11a80195d82365ade6042234e492bd845`
CRC32	`F711B2F0`
ssdeep	`768:EGn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPc+92TUXr6fJkdn:D4hwgonu0fJytuPwbdNc+9aUXr6fJon`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	efd1b8137654b561_SVCHOST.EXE-7AC6742A.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
Size	19.0KB
Type	data
MD5	`3af02b2035a61961257672b3a94378ab`
SHA1	`dad14edfb5a3f1b2baf490dd3f30f621e83bb2cf`
SHA256	`efd1b8137654b561d627ad8ae521d3f06346f60eced2f63b5554914fc4222c37`
CRC32	`AC00C609`
ssdeep	`384:mb/meD6gvZYCLQpK1RMzO2xwyWH38PkS3Yt62VMoks/7Ru:mTmCdRHLQ+RMK2Gd30F3s62Vrks/7`
Yara	None matched
VirusTotal	Search for analysis

Name	57ef974da4569775_SetupExe(20180405152043A34).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152043A34).log
Size	4.1KB
Type	ASCII text, with CRLF line terminators
MD5	`f9864ff550294bfbe83fa9abf4aa9eb6`
SHA1	`e52e28313989a4e5cfaf94f067114c986ccff7ff`
SHA256	`57ef974da45697754817d029387fdd0fbabd078689e543d5ba10e01795842d1b`
CRC32	`9D9A00E4`
ssdeep	`96:DH7Id2ji+rItN0V9wupbplp8pB1pVprpwpTpBopVpHpupWpKpvp7pWprp5hW:DH7wFoDxn6D139ORDoPpsUo190N8`
Yara	None matched
VirusTotal	Search for analysis

Name	9e17cb15dd75bbbd_554576[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\554576[1].htm
Size	162.0B
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`4f8e702cc244ec5d4de32740c0ecbd97`
SHA1	`3adb1f02d5b6054de0046e367c1d687b6cdf7aff`
SHA256	`9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a`
CRC32	`00F1136A`
ssdeep	`3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	d251bd807302295f_chrome_installer.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrome_installer.log
Size	18.8KB
Type	ASCII text, with very long lines
MD5	`7670714e3d95215d28be1a6cbc2141dc`
SHA1	`441273b8f76506200eb89a5dd1044797c3d1a356`
SHA256	`d251bd807302295ff209a6df3704137aa51958bb163000a3d58c9dfca11a82c7`
CRC32	`5E9D9FB9`
ssdeep	`384:1XN1uNQhijFuDSEfimHgr8KqSsynAg5oDfDhDR9ff9MwbboGADIfShnKEMHnu9:vKFjFwSEfiGgr8KqSsynA+8L9R9ff9MX`
Yara	None matched
VirusTotal	Search for analysis

Name	3cfdec31e4d6c069_GOOGLEUPDATE.EXE-D0E66F4A.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-D0E66F4A.pf
Size	26.4KB
Type	data
MD5	`021b92baf24c38a0c26841a1345cf331`
SHA1	`9956ea91ec1259db702b0ad22807354835f09fb4`
SHA256	`3cfdec31e4d6c069f1f93d58ad8d34f9019b29ad87000d78a3d6af13a3221e03`
CRC32	`A7BF4151`
ssdeep	`384:n60mUBPUxCnYTg436jXMoFBSXZd5Z9By1nL7GmD9nQ:6gUVe8oFY7f9+fGmD9nQ`
Yara	None matched
VirusTotal	Search for analysis

Name	112fec798b78aa02_RE1Mu3b[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\RE1Mu3b[1].png
Size	4.0KB
Type	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
MD5	`9f14c20150a003d7ce4de57c298f0fba`
SHA1	`daa53cf17cc45878a1b153f3c3bf47dc9669d78f`
SHA256	`112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960`
CRC32	`973E9ABB`
ssdeep	`48:zICvnyRHJ3BRZPcSPQ72N2xoiR4fTJX/rj4sFNMkk5/p1k2lPUmbm39o4aL7V9XH:10nvE724xoiRQJPrjpLKSFl9oX31Z1d`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	08f9b95562e2d517_marblehour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\greenmarble\marblehour.png
Size	3.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 114 x 19, 8-bit/color RGBA, interlaced
MD5	`bd2ecafe288b72ee504ac1a40130f02a`
SHA1	`58586107f3a6cd4885c0a7801921122370e60372`
SHA256	`08f9b95562e2d5179e821797cb9158234436eced344c6257ea60fa1dddfa4654`
CRC32	`1A07D54B`
ssdeep	`96:WBxILSDd4G24IscGnu+Pk3Tt6Z3Xw0A9dqXWO:WzkSDd6GnuHTEZ3g0soD`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	251f142590d0e0e0_86.0.4240.111_CHROME_INSTALLE-AF26656A.pf Submit file
Filepath	C:\Windows\Prefetch\86.0.4240.111_CHROME_INSTALLE-AF26656A.pf
Size	10.1KB
Type	data
MD5	`66d535c9edbda57533cff3484035c305`
SHA1	`9139c42716dae5dccb70c31557d0ba20054d654f`
SHA256	`251f142590d0e0e0e19a9cf86a5bcfbd50b734dc337f9f8dd808713831bd0da7`
CRC32	`9D492404`
ssdeep	`192:zyyWpkAnr0hSnu07TXTcJS5wCyH6UwBOJmbASeSHsJmLA9eJ/cpMwEpexKwei9or:2ND7ZwN4gcWsh`
Yara	None matched
VirusTotal	Search for analysis

Name	80bec3c31d049c14_CSC.EXE-BE9AC2DF.pf Submit file
Filepath	C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
Size	47.3KB
Type	data
MD5	`fc59e72252fc8dcfde3889508b21ec70`
SHA1	`09f3abdff8b1987e5a8e160f285eff73a33005a9`
SHA256	`80bec3c31d049c14e86ddf6068c3dde7d78db5d4559a787f1471f608df59fedb`
CRC32	`A91B67A5`
ssdeep	`768:2g69lG1sPiCB8grdEWsFcLo73f5v3eYGZxHMz28VpIF5bS0UFTL8Bab4SMT8sei8:2SaPV8HWsFHv5GYGXMaapIF520UHb4hF`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	1caddbb14a56b49d_override[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\override[1].css
Size	420.0B
Type	ASCII text, with CRLF line terminators
MD5	`158afac1feea498df747b3d74f47423c`
SHA1	`1d6de95f95a5d42f7e4430e4141433411a0ac37b`
SHA256	`1caddbb14a56b49d3aa8111b0c21445d6e1d93b3ec904e79504c8f154f1ea34b`
CRC32	`E6F86E25`
ssdeep	`6:ifA93ns9oXehw9yqns9VqaVMPFaHO38QniEm6eh++EBni+EjqGeh+:SABsZis8s37SPFaH7S3OpEx3EjA4`
Yara	None matched
VirusTotal	Search for analysis

Name	e5dfed205f682653_fwtsqmfile00.sqm Submit file
Filepath	c:\Windows\Temp\fwtsqmfile00.sqm
Size	140.0B
Type	data
MD5	`bba6f37cdf351673f26ff19656843c85`
SHA1	`003ca617533df8f6bf3e6603bf05e092a3f96adc`
SHA256	`e5dfed205f68265379fb1a391ff31efebea3b259369411803b85b1b362fb0901`
CRC32	`D55CE871`
ssdeep	`3:Hl1li9Qll+lllt/fJU5qZrHVgLAEp2iQdl5llll:F2Qm/He5qVHVgLAA2B5//`
Yara	None matched
VirusTotal	Search for analysis

Name	c87b2d1dc48893c2_RDC195.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RDC195.tmp
Size	24.0B
Type	ASCII text, with CRLF line terminators
MD5	`e540573823a70d013fb06327842a1b31`
SHA1	`ff14cd795eac5e37a395a71c2d5bcc6a54cc61f3`
SHA256	`c87b2d1dc48893c272285f8d59b5ef0fe69072839ec9c48d1d3488914b37e92e`
CRC32	`20178441`
ssdeep	`3:+QP3WjHFWeev:+c3Wju`
Yara	None matched
VirusTotal	Search for analysis

Name	4e2375353e49f18d_Rby1.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Rby1.exe
Size	799.2KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`e0bc2140d5a10035fb6d3b4e1b46cdfe`
SHA1	`0db593cebd066ce9abac5ad2c6b9468d31db5d3c`
SHA256	`4e2375353e49f18d6679c5372a688fc5c9a2ae3994830e6fe19e1cd20bc5ea6d`
CRC32	`54AAE385`
ssdeep	`24576:aAlTCq3CQGpn2B5ziaj5n9798/dvDwP81d:tT5T6q5jjX798/dvDwP81d`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	97f34420d005e515_base-vflQGhUQE[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\base-vflQGhUQE[1].css
Size	22.9KB
Type	ASCII text, with very long lines
MD5	`dbce5adb83e61a7c840476a8fe685f84`
SHA1	`72a98930bcdbc781c5cf82da71c603d2b35d638f`
SHA256	`97f34420d005e515a48b5bd7a320b30c54be66e71600059b37455fc925ed3775`
CRC32	`A840AC8C`
ssdeep	`384:MmbObK+AeOUSZYuYbSi2eib7voUpUsU5Ue1cXeMCKW3j91fhwGQsvNNPbBFp:Lbt+AuSZYuYbSi2eibcSXeMZWh1fhwGx`
Yara	None matched
VirusTotal	Search for analysis

Name	c5f46170e8b42ebc_TASKHOST.EXE-7238F31D.pf Submit file
Filepath	C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
Size	47.2KB
Type	data
MD5	`4a3ddf2d20e68fae1c3435c7f5d16699`
SHA1	`1c00545977023315e926d773bac89a151f92e670`
SHA256	`c5f46170e8b42ebca51bbd4a4a2562e5b6402f7bcb4424d36492cdee18740948`
CRC32	`B8CB54A6`
ssdeep	`768:MTGTmgtyitNgY1jnVbQoUPOGAFsxnqibVsugPQwSD5S:MTGTmgtyitNgY1TaoUPfAqZq6gPy5S`
Yara	None matched
VirusTotal	Search for analysis

Name	8285c04903a1f1aa_espanol.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Espanol.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`ea82ee5d70868307fb93ca810cae4613`
SHA1	`5f41c9092e8d9fc09ac8143c1dd2994903800d86`
SHA256	`8285c04903a1f1aa4451f0ab81401b88a9ffaf720952b703c708b7363f420eaf`
CRC32	`EF8180D4`
ssdeep	`48:+SPTJ2eRlB17zb6X3vbc+Texw1Kr/CaA8HvrSdU2VGgcQwha4a6/3V8vcv:+4l2eXT7PY3zc+xMyEvP2shQwUsVl`
Yara	None matched
VirusTotal	Search for analysis

Name	9183c086885e68cd_lwk3fl3zoxwtqg3xqcvkhjdh.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LWK3Fl3zoxwTQG3xqCVkHJDh.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`87cbda2e61a5b6a5e4e461643a0b6a2a`
SHA1	`195f45121422c644ed168774d733f3b520b3cec3`
SHA256	`9183c086885e68cd55b751ddffa126ff02ecf4af9f380d035dd291dec81100f0`
CRC32	`4B23446B`
ssdeep	`3:Ljn9m1mWxpcL4E2J5ukOUcTNl:fE1mQpcLJ23uPpz`
Yara	None matched
VirusTotal	Search for analysis

Name	6efa274e645cce14_blackclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlackClock.bmp
Size	7.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 117 x 119 x 8
MD5	`99997471274b4a052f0bbdf11ef4d52b`
SHA1	`c66163666a712aded3981fc62f6545ee26b37ff8`
SHA256	`6efa274e645cce1483c678fd22df195413037a95681788dd758c5bb99aa92418`
CRC32	`56D1BD68`
ssdeep	`192:xSaertTTPSCkul+KvKPq+guw3NVvY5WlHBHnaXO1Kuk5hVR:xeF6CLlraRw3Na56p5rk5hv`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	2c7a993c52da910c_modal-vflS6pGZb[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\modal-vflS6pGZb[1].css
Size	11.9KB
Type	ASCII text, with very long lines
MD5	`c1aa8bdb57713ed8aa3c10c143074374`
SHA1	`21bb3c3b8927fd4563eeac94b3bfd75f05a9faf0`
SHA256	`2c7a993c52da910cb419f0c10a12a4a35eef31203137e965f9ec85e5aeff205a`
CRC32	`485D397F`
ssdeep	`192:hTJAMwpRJIPRtmsD7Pg7tPRM7RmbIVBlQpqZvh1rRF8Usw77hgA/cc:h1AJfJIPRssD7Pg7tPRM7RmbIVBlQpqZ`
Yara	None matched
VirusTotal	Search for analysis

Name	a7722823c9284887_ProcessList.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ProcessList.txt
Size	60.0B
Type	ASCII text, with CRLF line terminators
MD5	`614b5ac420b6c26f8e8443d955111839`
SHA1	`0d4997264d90713e2a219fa4aa62372f82380e77`
SHA256	`a7722823c92848876871670e1a383108dc9ac7fe9e1a1c578322fa091969a3ff`
CRC32	`7F405616`
ssdeep	`3:/mXowQn:/mXoZn`
Yara	None matched
VirusTotal	Search for analysis

Name	ff3025f9cf19323c_BroomSetup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
Size	5.3MB
Processes	2828 (tOtcmAUyZOxR462do2YSqCR9.exe) 2924 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`00e93456aa5bcf9f60f84b0c0760a212`
SHA1	`6096890893116e75bd46fea0b8c3921ceb33f57d`
SHA256	`ff3025f9cf19323c5972d14f00f01296d6d7a71547eca7e4016bfd0e1f27b504`
CRC32	`9F039262`
ssdeep	`98304:X4zVE2GO5za356R7mgdqMhW8hQjqb0It:gl7mg1WO`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	27fa4804433b33f1_css[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css[1].css
Size	55.7KB
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`0405dd1c9494354ce199ab7346ade3a0`
SHA1	`a448532d77cd0da9e05770b6667dae4a3352d3f9`
SHA256	`27fa4804433b33f1f91eec83dc9039b2df1f61bcfd32a738952531921b76d646`
CRC32	`86BA53B8`
ssdeep	`768:pbpPBUtdVoW4j7m1LiUEVwTLyzj9NGEe3BdP:pHVeyzjn03BV`
Yara	None matched
VirusTotal	Search for analysis

Name	c9e19a3f4fd75337_SOFTWARE_REPORTER_TOOL.EXE-EB18F4FF.pf Submit file
Filepath	C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-EB18F4FF.pf
Size	23.9KB
Type	data
MD5	`db1ac360714fd2ad69ef43c96a535627`
SHA1	`70fb16b939b1c57dc0e44d4b6200fc6888cc6a18`
SHA256	`c9e19a3f4fd75337e6a6e24fa212edaf5ffca032cfe82984de1e780dfd703a79`
CRC32	`C9F7C9D3`
ssdeep	`384:JcW4fPbYk9/LidcfxfrUQ2y0mxN/B5dgeC5j486LhzIxyBdmsGY4+YHucUuY:OvfTY8oRy0mxNdrC5jkLqwSs1cI`
Yara	None matched
VirusTotal	Search for analysis

Name	6165135988469cf8_itoolsclock2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iToolsClock2.png
Size	24.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`a0fab9d64776d909d03745ca21568dd7`
SHA1	`75a12dfcc4bb1f1160b534409d9f723ad569ab7f`
SHA256	`6165135988469cf85a4352f5d4fce2643b8f4c42b367c1d7025ca3b02fce2fcc`
CRC32	`E1733054`
ssdeep	`768:xKNFVXxc1+jwftQAyOZ1piMTk07EHwvaa8aktocco:UN7DcJTtTk0g6aa8aVY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e6bfdfbb9a0649ea_views[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\views[1]
Size	3.3KB
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`a726593a8261930e4786375106fc6bfe`
SHA1	`13916b1e1825549e9c36c64e35baca204a83ef95`
SHA256	`e6bfdfbb9a0649ea9d38de4255c355c581097e6a1035a54943260b22ad45f172`
CRC32	`73505439`
ssdeep	`48:4pPowKI58aHF/Au4Azk2qKz7+DomFh9I5G6XNl1wv6s6v7T2M4dl4qbR/s1:pkmaHF/ESzCn2vE6seCP4aR/s1`
Yara	None matched
VirusTotal	Search for analysis

Name	01ef0594d6b5e5e5_ballclockaqua.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockAqua.png
Size	18.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`31adc20e79c6f0b4b4bd624c4960a24e`
SHA1	`0dd73a3a8b5e8fea8aaf86df4ef8ef608eac411d`
SHA256	`01ef0594d6b5e5e5c3c02475e1096cb9a307c40e167dd26d11bfe352c458bc08`
CRC32	`F8C09DD2`
ssdeep	`384:5DR08eJq+7lRlGCjOa1tplFiea2xb5xa3y7q28T:QXqCj/1tplkyxdxUyW3T`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	28fd079455d8b533_holzuhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Holzuhr.png
Size	74.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 160 x 153, 8-bit/color RGBA, non-interlaced
MD5	`3a3667d7b67b89c0ea9061711b3c6c6c`
SHA1	`d4ef1011e817d469c6079c066104fa12cd03d669`
SHA256	`28fd079455d8b533c4b3b4b217da82e9097f199edb3435d9d787b5e42ca342fc`
CRC32	`5D726E19`
ssdeep	`1536:a0YzZWfFT+/3XsqBkWMkizXqi1J4Py2huSyPYLY4l6ov4L9RI251yP:aLWt+/3XsY/yzaKJ4Mx4lhS9RDK`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	dbe467c95b421c4e_groennekugler.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\GroenneKugler.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`6299257e666ff7e94c35e5c06cf2c369`
SHA1	`283c54f59495a84734889776ed6f47ed5ab6a98e`
SHA256	`dbe467c95b421c4e0b99bf65a99feda9dd8c86687ff10889d3c1dfa6dbef3e3b`
CRC32	`4BC0D359`
ssdeep	`24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc`
Yara	None matched
VirusTotal	Search for analysis

Name	a613e004ba3a8616_weemsplath.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\weemsplath.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1ba352511dc3d718d12f1fc7f9cb4290`
SHA1	`52bae52e80ac073bea2f0431b956775b8a01d95e`
SHA256	`a613e004ba3a8616eab72f42ef36b7425b40365a61af112ce1cf0d79e871075b`
CRC32	`4A533FA7`
ssdeep	`24:BEZrGXE5lrABRhB0aKEszm1ETOs010Bi1ckpUdGIo8OiruPgibQ0Wd9iBxLuQI:BkqylUhB0fwL5n6dGJSuPXQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	aa66b05cff837c26_~DF8C0F100C7231519A.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DF8C0F100C7231519A.TMP
Size	16.0KB
Type	data
MD5	`76acbc1831894efc30bb60066c50146c`
SHA1	`7d324b303c640c93d5940f20e0461aa65c2b874b`
SHA256	`aa66b05cff837c2696e9731229ad96950095f6ab1f1995f354ae82ac432cbc76`
CRC32	`7FD7C859`
ssdeep	`3:Hqa/lGAUolllnolclllv/nt+lybltll1lRsl/hlEl6l/1pm/i6a/l:1/ll4UFAlpaotao`
Yara	None matched
VirusTotal	Search for analysis

Name	67d6ff243ae343fc_IEXPLORE.EXE-908C99F8.pf Submit file
Filepath	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
Size	201.5KB
Type	data
MD5	`77e7383f3bad6fe8bcff796628774021`
SHA1	`7f58c4ad02a7ac6ccf396d8e78be4691d4e62824`
SHA256	`67d6ff243ae343fc880ec1de14bd5532350348dd504f6e03967ca8ee301ab49c`
CRC32	`384019D9`
ssdeep	`1536:TdRbOeCnQfTFj96Oxku6o7SwQeOd+SEBDpj1kYwUdtV7WBI8hg0cWujXorAJSs3q:R1RNBkeqhgO2hjsa/Uhm`
Yara	None matched
VirusTotal	Search for analysis

Name	6b612912b7a557d8_newdefault.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\NewDefault.bmp
Size	42.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 119 x 120 x 24
MD5	`816fd13d82b4dd490414e053349fa722`
SHA1	`ea89ded1a0df180277660e50abee02405609c830`
SHA256	`6b612912b7a557d81789c0d3edb1fbb00b9acd1d9f7b4bd1e689e163aa2e8182`
CRC32	`DFC9C93B`
ssdeep	`384:kZSPu+ghYOPL1gvlqKQJ1YTWsUtpN4GbVkAl7y07L+T9s8:cSPpgevGrC8DbCYyzZt`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	635a6022b186ac42_kyu3wtlqhy8tynqswdq6ejoo.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KYU3wTLqhy8tYNqsWDQ6eJoO.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`728e0711f345ba4ec689d4a1c14e9404`
SHA1	`5fd58a2cbca3d373fc837b1205dc71b7a6bb18e4`
SHA256	`635a6022b186ac423fdf525a54630ee07d6c1f7e6f2fabb0150e9cd6be740029`
CRC32	`19B3BB17`
ssdeep	`3:Ljn9m1mWxpcL4E2J5IgoKVt:fE1mQpcLJ23Ig3t`
Yara	None matched
VirusTotal	Search for analysis

Name	a90665be0056a098_AdobeARM.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AdobeARM.log
Size	509.0B
Type	ASCII text, with CRLF, CR line terminators
MD5	`3126ec2b49f0bdd76e891817904afb16`
SHA1	`61e792e8ff42101fca2de173e67a9e63e6383ba0`
SHA256	`a90665be0056a09870d458157e8a7b7d18988ebc06ebda994ca38c847ae70baf`
CRC32	`D958EF7F`
ssdeep	`12:oPBRxj3Pn0dBR5BxI6EBR5BjtRvA6BBBR5BknBR5BMPBROOKZBRSsBRaECy:oPBRFcdBRH4BRHjDAaBRHknBRHEBROOy`
Yara	None matched
VirusTotal	Search for analysis

Name	4a2671a846532523_UserInfoSetup(2018040515215734C).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\UserInfoSetup(2018040515215734C).log
Size	653.0B
Type	ASCII text, with CRLF line terminators
MD5	`6a91440bc63345e619c3c2a7042b4f2b`
SHA1	`17df234b24c71d5dd473b1c8d64f30e7b16b2b43`
SHA256	`4a2671a846532523e646de9d1d1f4066f22f9a0fea67ee2778fbb23c88e5141f`
CRC32	`3C85DCEA`
ssdeep	`12:vQ2OLMW8LGqgHop6CDVtsrvQPa3mVwWM8rKfNHf2WM8wRwgWNv:vQYWcGXHoMOsrIPOmOWM8rKpeWM8Z`
Yara	None matched
VirusTotal	Search for analysis

Name	be88e238cd1428c2_aqua.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Aqua.bmp
Size	39.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 116 x 117 x 24
MD5	`f80744c019a522af5a4bdb6b9d99229d`
SHA1	`fd7067ab7257fb030b05dfdece58c7cf532160b6`
SHA256	`be88e238cd1428c247d1d9e8504746d07a564c75d0f82173a4bbc38bf64c5e14`
CRC32	`83ED897D`
ssdeep	`96:TWMaS6iyEE7D4blhUraVHX/6bLtqUtC8D5zd8R2YuIHwD555D51vyRI/Bke9HAmx:TWuVy+mVWIZWYKmJ`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	cda8f9357983bb80_uhr.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Uhr.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`4d1c32bdbcfe4874ae33dedbbc870574`
SHA1	`a84adda368ce3649402ef9afde820cb28c549016`
SHA256	`cda8f9357983bb8070a26e8f8e4163be6ee41ee516f670a6f60fcd593efb3a6a`
CRC32	`09C29E3F`
ssdeep	`24:BEur7X5lruueRJoR1gTzIU1sRDkLKWoL/GL4wIdKgQi0VAP10mViWd9iiOMEKG:B97JleJoEFYjGteVPGCTiiOR`
Yara	None matched
VirusTotal	Search for analysis

Name	7aa8f3decb9e9b66_holzwanduhr.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Holzwanduhr.bmp
Size	48.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 128 x 130 x 24
MD5	`e119cd24c7fd2c54b082e7b27f5e11e4`
SHA1	`a78344b1a624cf58b2b6051f9864c966c78375bb`
SHA256	`7aa8f3decb9e9b660682cac31a0a77f92f9f47fa55de60fc259132fd4246135f`
CRC32	`23DF5FEB`
ssdeep	`768:ab87dRTe9524Xb8CR1ShryVMZAFoNYoEnT2Z2++7ClagdgXfgc7InbO:aIcEyVMZAedS2ZJqClwfgc0bO`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	eb308efa319ea51e_woodmin.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\woodone\woodmin.png
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 60 x 9, 8-bit/color RGBA, interlaced
MD5	`71e6cf4fce7a3c0088267f1a71ed8630`
SHA1	`94b3755bf1077f8c52ffa7450df6094f1c72e939`
SHA256	`eb308efa319ea51e367092aae0bd118081c0340b6acad03c1d55e431e33469d9`
CRC32	`EB611CD2`
ssdeep	`48:3Od6w3EFNTi5xexqAPIzGS/S1eRl65PlgmpXnoBjuuSTq:3OdrUr+DqcieqempXnOvSTq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e83fed97b849f25c_office를-정품-인증할-때-제품-키가-올바르지-않습니다-오류-4f89be39-26eb-404f-b485-8e2014bd3790[1].htm Submit file
Size	82.8KB
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5	`dbea2b6f681b7d54c36b60b848324d5a`
SHA1	`26e2c0d9734a0ac531f5ccd37f4c4872fc7fcc70`
SHA256	`e83fed97b849f25cdea93f6f5621851abb8cbd2b41e8abbb5c094b1d3192c48d`
CRC32	`64CBC97B`
ssdeep	`1536:9PHY/NJs8ypLNfV4fwxRP9OXTszZPvXw/1loROv2EOK:9QNJs8KLNfV4fwxRP9zJvA/QC`
Yara	None matched
VirusTotal	Search for analysis

Name	67b31cf35186fffb_bubbleclock.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BubbleClock.ini
Size	949.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`801b92a1950ed3e5a8cb847fa3af0f23`
SHA1	`50a53b61711eeb3cc200e1b11ff8408db37ecf2a`
SHA256	`67b31cf35186fffb4cd13ae825eaf0c71599ddaf2eed5eec8d791701b7118b73`
CRC32	`A2F9E103`
ssdeep	`24:BEsrm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:BH0XCFK9MdGmQ71P3`
Yara	None matched
VirusTotal	Search for analysis

Name	9118daa9289a3520_dd_dotnet4.5_decompression_log.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_dotnet4.5_decompression_log.txt
Size	1.1KB
Type	ASCII text, with CRLF line terminators
MD5	`2521d5461257d645d60557e828f872cc`
SHA1	`81b9cf51368b847b19a8fa310fb0e123393a6d6f`
SHA256	`9118daa9289a3520f6dea5202441d7ca7bcb082da64cc817924f6240351acca6`
CRC32	`5924746C`
ssdeep	`24:OtK9oF7KB02kjwOjTifvdbLK4FqnBjHIWtzjH69D181IXqh:OtK9oF7wSwO3mv84CVIW5WD6cqh`
Yara	None matched
VirusTotal	Search for analysis

Name	c9dfaf5275768f33_DLLHOST.EXE-5E46FA0D.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
Size	32.4KB
Type	data
MD5	`e402a551ab2f05e3c1b8851496caee46`
SHA1	`644d2c452ec69f155937ded2139f6be2d6e38533`
SHA256	`c9dfaf5275768f33d28b3684834cfece98b5e775fe9619914347bfed851c8d7f`
CRC32	`50136CC6`
ssdeep	`768:PPvSO4OrZBKicou1NktwJvrT6y1qIs3kdadV:PdXBKicou1qtwJf6ykbkEdV`
Yara	None matched
VirusTotal	Search for analysis

Name	8720b9487cee7dae_gocterjbtnubc5al5bdykyry.exe Submit file
Filepath	C:\Users\test22\AppData\Local\gocTeRJBTnUbC5AL5bDyKyry.exe
Size	212.0B
Processes	2400 (CasPol.exe)
Type	data
MD5	`963da09532e9758adedf9745c76ec700`
SHA1	`bc976476358cffdbc3f22b6e491f94ccbf15308d`
SHA256	`8720b9487cee7dae6db3f8f73273bcbbc56377400b830ca0f089473ebc9603f2`
CRC32	`1A1D4E51`
ssdeep	`6:wYe2qkKlKhGcH0sv/lhPfkCDtmywFghK9hm9Wlln+Yp:wYe2qkKcH0sv/7EaU1Fgh0lf`
Yara	None matched
VirusTotal	Search for analysis

Name	15dd5fa2e9718dc6_blueballroman.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.png
Size	26.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
MD5	`ad4c8ef01b22b7220bb0691e9c392705`
SHA1	`b0a6835473db5b3aaf5699450631bff5a4204272`
SHA256	`15dd5fa2e9718dc6386e4b4620c1c1f173ce375604fd2d3d9c961f418051bb84`
CRC32	`B18C98F7`
ssdeep	`384:+lAnQBTH+Yw2dXkWG+Tmd3mEw1p02I4Hl8bgFvJqdxtej9NgSBlhN7Qdl/2KnGgt:hQBr+YbFDG+TCvWrDFkdxto3HYiDaK+`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	11f4a5755d5abfc2_clockbell.mp3 Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\clockbell.mp3
Size	12.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
MD5	`f29be0977bef501f9cc2eb3473a7ec03`
SHA1	`fa32d1ae499b0726e98266eef416f288c5e43c8d`
SHA256	`11f4a5755d5abfc2e6470c1df2cb67983cccad1f5af8c16e8a0b47321a862fcd`
CRC32	`4AC5AB31`
ssdeep	`192:iUmkPm5hJwn66NNF7I/b+aMcErEsgneaOaGZHReTKNlEvLkzu6462qvpS34Ocgt+:iHGmfCxqi/cErInATx5mLYu6AOOcfr`
Yara	None matched
VirusTotal	Search for analysis

Name	fb39e188154a042d_itoolsclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iToolsClock.bmp
Size	36.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 109 x 114 x 24
MD5	`2331bdba9c0f6fa92572223e3cb1d2b7`
SHA1	`9d855a8d1c1ecfe40d00b27ad40dfbed6ad253d1`
SHA256	`fb39e188154a042d73d47ceada791c364f3ceca5c6787aaab05096836cabf7b6`
CRC32	`23380641`
ssdeep	`768:ZeYZtcSt3USJzxy5s8aGBYSrJS33M2NKd7iiARW/nhRn3cBz:X5vFas8naSrmc2NaPWW/v+`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	21d03f19c4b1c12d_red_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\red_shield[1]
Size	3.4KB
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`87de5d9a3403e1d7635885cbaa52389d`
SHA1	`50b32c5966331e3e27bef987fd1da0129423d348`
SHA256	`21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d`
CRC32	`15814E36`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9a2ac1e2cd9ee08f_rd[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\rd[1]
Size	756.0B
Type	ASCII text, with very long lines, with no line terminators
MD5	`6a116d416d4368c2c174af1df17fbd8c`
SHA1	`1edd0f9a9e97b4af9f9a59b70ec59e47923f6933`
SHA256	`9a2ac1e2cd9ee08f0939d51ee6857afd412ea4986be450a7452047ac8df3822e`
CRC32	`1E26AB03`
ssdeep	`12:g3/w8KsZ+lmkGhrmrJoj552mzQs0KE5xzmCZE2KwY52m2AWsK8bJ5u:Y48+mhOojL2mzatmCKL2m2mbK`
Yara	None matched
VirusTotal	Search for analysis

Name	1c23acabec35b0a7_SLUI.EXE-724E99D9.pf Submit file
Filepath	C:\Windows\Prefetch\SLUI.EXE-724E99D9.pf
Size	44.3KB
Type	data
MD5	`7bb77bcead84d61fd2a6b5f7d414c94e`
SHA1	`83a081c939e4d9cb823e932fb2a9ecf06d7ec18a`
SHA256	`1c23acabec35b0a770082bdb8303554cc6980816c48f793696d17de2d05d00da`
CRC32	`4D6A32B3`
ssdeep	`768:IFQajZ05QUaqTQtsvubztrVeu4tIcHiaYxvsYbzrGs:IrjZ0zTQts2Ptrd4t9C3XXrGs`
Yara	None matched
VirusTotal	Search for analysis

Name	191a3fcd80972fdc_wall clock medium.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`757ba281994bd6e525ea724a8b9e30df`
SHA1	`b3fedab89b7dc05765af004177ec25e784715cf6`
SHA256	`191a3fcd80972fdcbe2d2c69c9fa0e3a414b25ca38f9239588f6923f25269b7e`
CRC32	`87567D54`
ssdeep	`24:BEQrGXz5lrx7Bxi3aKSmgTONMI10XDkpfoIG/w8b4ia33NPeibQ0Wd9iBxLJCb:BzqFlyfWI9KIGoQOtPBQJTiBxLG`
Yara	None matched
VirusTotal	Search for analysis

Name	73ddebf290683ce5_baiweather.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BaiWeather.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d4f3c4b3ee12cddff6a83e9aaa565b3d`
SHA1	`696f89c01b34e6ddda7035ed179a8cbb4d7043d9`
SHA256	`73ddebf290683ce599e79003f95a804e17498ed4403d10cdc8b2092b4308a4c9`
CRC32	`32980759`
ssdeep	`24:BEZrGXE5lr9BxjTJaKhVY/hTOLX01rfXkpFdGIo85bifKzo+ibQ0Wd9iBxLuQI:BkqyllTJfgt+vdGJszohQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	68bdb3ca3e8435f5_CleanGradient.thmx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\TCDD822.tmp\CleanGradient.thmx
Size	57.7KB
Type	Microsoft OOXML
MD5	`d8d2e1d73521966c0ac469d61d584800`
SHA1	`f0b91240822a4f2b8663f69e253c44371c6a2634`
SHA256	`68bdb3ca3e8435f56942b6b1e760541727478d8c0a52502e193f354e93c7bdcd`
CRC32	`45E4566B`
ssdeep	`768:suZoaw55s/BGDhF0WYlm2fhid5C6T/EHSANcMoxqEWlIdpktiwX9nSVxTr:sCt8Kmsho/0VIdpkF9nWlr`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	d0ba19f5e334e60f_invalidcert[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\invalidcert[1]
Size	2.1KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`66f441cef8801549c2f0ff12cbe752a5`
SHA1	`de506bfb63225b3cc084ae292d4bf98a21ae6250`
SHA256	`d0ba19f5e334e60fb5056bc2e05b97de09aee4db49e5e11abde482bab9c4e8fb`
CRC32	`13C10CC2`
ssdeep	`48:mPntofz4/i5DjktylVDJlObUBsBXcysTqysg2Bp5Bi8OwaBynLysTqys4Bwy/Ae:SE4a5HlVDJMbUB2XcylyNkpfi8OwgynN`
Yara	None matched
VirusTotal	Search for analysis

Name	29b49a701ac81741_universalaccessclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\UniversalAccessClock.bmp
Size	41.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 117 x 119 x 24
MD5	`bc84d78607167f8c38b8b4cf7c33a54a`
SHA1	`11d9589accbd208a0385eba8104b4045727a7b1a`
SHA256	`29b49a701ac81741abf8e42f569ac57ff587e91c55d4e361e97d49ee3e5afa43`
CRC32	`9F2DB4E2`
ssdeep	`768:7qhT45p/v7mUzQgC3oi76ieOCycgyC20TgDsu+Xy9Ct3PaxFf6Hc:m1o/v7mSQgC3l6ieOCycgyD0TgDQWFS8`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	fbc23311fb5eb53c_background_gradient_red[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\background_gradient_red[1]
Size	868.0B
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3
MD5	`337038e78cf3c521402fc7352bdd5ea6`
SHA1	`017eaf48983c31ae36b5de5de4db36bf953b3136`
SHA256	`fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61`
CRC32	`C08DA614`
ssdeep	`24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	0b0692e09562b1c6_roman2minute.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\roman2\roman2minute.png
Size	3.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 100 x 18, 8-bit/color RGBA, interlaced
MD5	`feaaea47ffcdd97bbab8cb95594ef1c8`
SHA1	`0e82a0462942c551f465cee6adcc5a50bad64337`
SHA256	`0b0692e09562b1c694938126d1e9ea74fa90a57c0d9471c2e0a23cfe7ce5a48e`
CRC32	`B0A3B797`
ssdeep	`48:7Sn/kwui7s9kX+QG5XH9Ek8bRs7aQqGPUEButE468UBLeYLpTHfvijH7j1:7S8s7s9klG5NKCaLqbAtEP8sLTLprvO`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1e42eba0d59b57c4_SetupExe(20200504224110B04).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20200504224110B04).log
Size	29.1KB
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`358f43e0360d9c8e227ddce5ee9d2eec`
SHA1	`0a4b0aeb214f6ddbf8d327e89218648e2d3c9c33`
SHA256	`1e42eba0d59b57c44886e4c2623bc11f9cc22fcb6de99b0e29a4db044847aea9`
CRC32	`17F7108F`
ssdeep	`192:17wCfQxn6D139ORDoPpsUo190NYIooBPYLJdKdvnsTMUCEgIuvRsLkoLgPeHIwnq:3yIROgvnsTMUC3hXocW2`
Yara	None matched
VirusTotal	Search for analysis

Name	32be5cecd399ee80_SetupExe(20180201151839F60).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20180201151839F60).log
Size	181.9KB
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`bc2076842e19343d345e1f1e9bd36d10`
SHA1	`c58cb5f7e4d96a2d0e95e611a4b3dfa1102b1398`
SHA256	`32be5cecd399ee804fab266bd88da4c88b50d1b35d52e6c74d99d509ce58fd10`
CRC32	`C46483FA`
ssdeep	`1536:mgG5a3VqAozPxrgNgBAggNgFpdgNgppegNgGYqgNgNgaUQgNgNgq+wgNgNgGU0gS:P3kAoF3GaZzMYRTg4`
Yara	None matched
VirusTotal	Search for analysis

Name	667a8f4c9f37badf_mclkminhand.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MClkminHand.hpng
Size	4.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 99 x 29, 8-bit/color RGB, interlaced
MD5	`7293d9082295616a46631e18065e8723`
SHA1	`b67481a1d09e19d91fc4bad975a2490545660570`
SHA256	`667a8f4c9f37badffbdd7708919bd6133a4f0c9b4599b3382a0b8478b17203ae`
CRC32	`DCCD514A`
ssdeep	`96:6fLdlazsuvgUltX4xgm/HZe0lPHtSPwZLoc:6fHarvgUSgmA0N847`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	5cfd95f49197ba7e_carpediem.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\CarpeDiem.png
Size	12.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
MD5	`1a5946136a4dab0c22fd35dccfaf5d12`
SHA1	`1c7641a17efee9f3fc5c907ed081bc0763d4cf0b`
SHA256	`5cfd95f49197ba7eba4bfb2b56b904b6c619eabde6b2b5adcefac264130f1347`
CRC32	`788F6D76`
ssdeep	`384:yznpBXF4w8UxPB6ce72dVBp8qKmTHbdZUH:qXaV7EVhFCH`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	193d37e8d5b4d89e_RUNDLL32.EXE-1304AE86.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
Size	27.2KB
Type	data
MD5	`7a447d1ed0004d8501ceb40ef265d5ef`
SHA1	`05f3c945521ecc6dc7390b30dd328835f3a069e5`
SHA256	`193d37e8d5b4d89e80484bd870244df50a1c38b46ed3bdbde38ef7c9ad4f197e`
CRC32	`C87CF9A8`
ssdeep	`384:o8p7zZGC4z5uGwNct/zr1VQox77XmbFohW+BMs6ynCISK2MSs:o8dECbGwNc97DW+is6ynCISK2MSs`
Yara	None matched
VirusTotal	Search for analysis

Name	9b5cda4bcf5f1de6_jagua3rclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Jagua3rClock.bmp
Size	37.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 113 x 113 x 24
MD5	`0511d5edd48e385fe14e0e0a5ad3843c`
SHA1	`c742845ec023e86fe7b1ce77733fd5111c286027`
SHA256	`9b5cda4bcf5f1de67d41e96fde3da74a7355b31c8c30a9867079e5b515774c05`
CRC32	`3347652D`
ssdeep	`768:y4ktG2kfqzqNul4stj9IkOA/z7kOBSi3TyA+mjg/lhqt4mI6p:ex9xSO44`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	1f9a866c41731c7e_PING.EXE-7E94E73E.pf Submit file
Filepath	C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
Size	13.0KB
Type	data
MD5	`86a5457fb8bd8abd255b48033f180367`
SHA1	`ea2935b2280a94a651b87dcb95bc9ee3f796b3a1`
SHA256	`1f9a866c41731c7e455356df0bc64b63402c02880b7606918c4636f9b5fec957`
CRC32	`B855F504`
ssdeep	`192:+cSkoQD/6myAJgxa2lr8t4rX9BbK4XprBB1r8A9lgHVMo0Us9sgd1/urz:ZSjQeLAixaclbK4Xpt8kgHHHsz/urz`
Yara	None matched
VirusTotal	Search for analysis

Name	b42601106db4ff90_klokje.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\klokje.png
Size	47.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 142 x 158, 8-bit/color RGB, non-interlaced
MD5	`8e926836d4b639e64589c7a01cb2dbb8`
SHA1	`e38f0941462d65192223f15c80096155be1c97bc`
SHA256	`b42601106db4ff9063c0c294a8b1f2a6a2748529d4a9c2815dee331cb94f0437`
CRC32	`E237890D`
ssdeep	`768:pY9E5Eg1OKxlfjEfgzYBLUkFhtzNKgHrOtGHUzNUGIKkV0QnA75GONU836Y:oyEgX21/tKgHpH4NUGGVA8OLqY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7f10e7820353e742_blueappleclock.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.ini
Size	949.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c01ed0b8cf60fb8904628b963d903fcd`
SHA1	`80e751986df1bd6272f172e7ec84cf7a6bd00dd9`
SHA256	`7f10e7820353e7422fa95f9523fc4a43dacee60806b025f37fd733a7dc6598fb`
CRC32	`9FC58089`
ssdeep	`24:BE/Drm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:B2H0XCFK9MdGmQ71P3`
Yara	None matched
VirusTotal	Search for analysis

Name	39e7de847c9f731e_down[2] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\down[2]
Size	748.0B
Type	PNG image data, 15 x 15, 8-bit colormap, non-interlaced
MD5	`c4f558c4c8b56858f15c09037cd6625a`
SHA1	`ee497cc061d6a7a59bb66defea65f9a8145ba240`
SHA256	`39e7de847c9f731eaa72338ad9053217b957859de27b50b6474ec42971530781`
CRC32	`B475DDD7`
ssdeep	`12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	772039456ff22019_6nks82jqpzqdscmh6ej5qiov.exe Submit file
Filepath	C:\Users\test22\AppData\Local\6nkS82JQPZQDsCMh6Ej5QIOV.exe
Size	2.2MB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`40aac0c5cf412479687e717b8c180ef8`
SHA1	`47ef78cceee7382019e382f585b2b1be2ce7ae29`
SHA256	`772039456ff22019e827028fcc18661a350c032687d8625427380c941690fcac`
CRC32	`68EFAC92`
ssdeep	`49152:IoruB2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsa:IoruXzX71oDCRAZUviAHImDqia7hsa`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e6062d7671d14f55_responsive_classes-vflX9R-EH[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\responsive_classes-vflX9R-EH[1].css
Size	346.0B
Type	ASCII text, with very long lines
MD5	`5fd47e10751a507be7ecb53519221481`
SHA1	`2aa1da976b3d2a04f65d16ec2e06b8416ae76223`
SHA256	`e6062d7671d14f55543b88b68065c3ed76d8c8845f6e1889d3be89c79ffd10b8`
CRC32	`EBF350EB`
ssdeep	`6:S8yOUa77ARMs12OUhafByOoaHmWV9gqi0faHmWV9R7ARMs1Ai0e6AOC:dUe7ARMuUMrlv5favZ7ARMLeBOC`
Yara	None matched
VirusTotal	Search for analysis

Name	f1d03a083400dd8f_GOOGLEUPDATE.EXE-C3A1B497.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
Size	25.5KB
Type	data
MD5	`57fc5fdcc67407f0435cb5987223e98c`
SHA1	`6b0da2766ae07e1b744038ed0a3ef3465667097c`
SHA256	`f1d03a083400dd8fd48f64e709a9f2cda73b76910ce631576e2314cf81f13d69`
CRC32	`C2242355`
ssdeep	`384:q0mUBPUxCnYTg43MmjYuNujOCb9mJCQaQGy7SGmIk8V:qgUVljbSO6mwQaOSGmIk8V`
Yara	None matched
VirusTotal	Search for analysis

Name	e0121a4b984a9dd5_IEXPLORE.EXE-4B6C9213.pf Submit file
Filepath	C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
Size	155.1KB
Type	data
MD5	`dae5032808dc9b86f5680aff91296e5a`
SHA1	`d0a4074303f91412b1b6a8eae17c54cc98fd4b16`
SHA256	`e0121a4b984a9dd5482cbc1e865e7167aefee5d2b754a388b9070b75a0d62fdd`
CRC32	`AF27F73D`
ssdeep	`1536:1t3AYjqFkdIuOvTPY2xKXXT8Aqjx+zARc13pFryN3FkhMEViUEMWrs8aHyPkhbk7:g8Xm+3cy540S4bkIf`
Yara	None matched
VirusTotal	Search for analysis

Name	4664041204ac6d66_hallow.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\hallow.ini
Size	925.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`91e71226494df487e040fad190d8d199`
SHA1	`b5647c7914884589f55e759a2a140b75cb6bf53f`
SHA256	`4664041204ac6d66df612c225c7457cce4cc16619d38acaa24fb770564b99d07`
CRC32	`F833BDFF`
ssdeep	`24:BEurZuC/Tzbr1nPkLKhaLgGLXoIZKgVi0uzUrn:B9pqnkGUnNU7`
Yara	None matched
VirusTotal	Search for analysis

Name	13d52a3c7d896b2a_korean.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Korean.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`2eefdcda287c97061acbdf4409aa659b`
SHA1	`c1b8a1161d3eaf0836b991694931721da3f6e8de`
SHA256	`13d52a3c7d896b2af05774f7c6b0e43ad4d93953f0f721c490d610fb26ca22b7`
CRC32	`0B086B0D`
ssdeep	`48:cHQXRvolvFxZrTUJN2qu/4ppruwEjOz6fF+z6hEHQXwWMooOz/RlZxY7AkCTu:EQBQhFxZrwv2NwX5kO8+jQgWMooEHZlC`
Yara	None matched
VirusTotal	Search for analysis

Name	df2a006bdc8fc9fc_neon.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Neon.png
Size	42.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
MD5	`87304cfa94b7a6c97c5fad0e1d03aaeb`
SHA1	`1d42f855358b308f5ba790a3e7cb4eaf2161dd0e`
SHA256	`df2a006bdc8fc9fc01ababa6d223099540afe6c21d5a2aecbdf7c4c07f4ff133`
CRC32	`BFBEDBA6`
ssdeep	`768:DuF0MfMQQxIK70B7sJozsmZcWbgQK5d3/6cwivjm2A6SB9Cw0ZHYec5rLQoGd6dt:qSMfMQQKKIUoYG9bgQs1yc9V69rvecpR`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	17c7eb2753d43a9b_UsfGbcfTAcOZJKb87SPp-A Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrome_BITS_2572_659545391\UsfGbcfTAcOZJKb87SPp-A
Size	11.0KB
Type	Google Chrome extension, version 3
MD5	`b7803704efa963726c9841e7b6d5c83e`
SHA1	`4121e02b573217625159f6382a34c985ae09f7b6`
SHA256	`17c7eb2753d43a9b9b12ab8ed10bc38fd9a213a487eab3464935b3417e1e7400`
CRC32	`00041D02`
ssdeep	`192:Cmm7c8JadmlfD6kpn0IesBMrLGQZYxDXFQ79Jwg6U09skRdNiwycH0Zsm:18JumJis6XIq9A9suycH0Zl`
Yara	None matched
VirusTotal	Search for analysis

Name	bc58e8c58f558547_dd_vcredist_amd64_20180201144548_001_vcRuntimeAdditional_x64.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_001_vcRuntimeAdditional_x64.log
Size	190.6KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5	`b0645f4cf9265e6f5b37e88774e6cf02`
SHA1	`f3a90d38b1c88d326001a86c66df254732ff5322`
SHA256	`bc58e8c58f5585472648a75d8289ab07d33dbe2763e2c95bdb42ac7b82614776`
CRC32	`0755122F`
ssdeep	`3072:VSCjLUyEEEEEEEEEEEEEnJGDzKu3af8G2bOc/E4:1jz`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	cdcaa8879d4b2c31_blackappleclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.bmp
Size	40.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 117 x 118 x 24
MD5	`12232b20b415decc653b6bc5b9f0dddd`
SHA1	`e63540f2f7a39603de5b4aa212690dba028a2f42`
SHA256	`cdcaa8879d4b2c318f27ce0ab3048061a71e0f1050090ba53c54562d175deb30`
CRC32	`B453F3C1`
ssdeep	`384:eXNleXJJIKo5QHHHHHHHHaHHHHHHHHHHHHh/+tMHHHHHHHHHHHHHHHHHHHHHHHHd:7XJJt0ZlN1uBaCAv1hEPWU3c`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	78d9ef5a4ca6e540_WMIPRVSE.EXE-1628051C.pf Submit file
Filepath	C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
Size	42.3KB
Type	data
MD5	`0ae748b9ad1007a4b8013784862b91e4`
SHA1	`b193927f6ec046d9362f6e1bf0992d75cb902691`
SHA256	`78d9ef5a4ca6e540fa1297c5134871c83df2dbacf85f750eced1b119acedf29d`
CRC32	`3B431640`
ssdeep	`384:7Yzjmdk/3kwOzcJf58Dt53+H3ntk1p3L89nZULXM53eRq5YydGaTeRsG1lpCXgDD:7YzyCtJf58DzuXSoZUsORMWl7s+zsoh`
Yara	None matched
VirusTotal	Search for analysis

Name	64e9a5bdcf211411_DEFRAG.EXE-588F90AD.pf Submit file
Filepath	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
Size	17.2KB
Type	data
MD5	`49d428bdba6920e0b96d2da430bec283`
SHA1	`e365c54aca1eb2846cd54e5f336d535d7015611d`
SHA256	`64e9a5bdcf211411c498a107db2344811e9f4c946d01aa6d92cf3fcd2ef421d7`
CRC32	`8F5E0143`
ssdeep	`384:LNgVPIOmgk9osqUIvqQBRAtFI4ff576XkhDDaKXUysqlru:Li9IDopqQ7A3N6XkhDOKXUysql`
Yara	None matched
VirusTotal	Search for analysis

Name	808c02b5b4329b7d_CHROME.EXE-D999B1BA.pf Submit file
Filepath	C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
Size	13.7KB
Type	data
MD5	`348fd88ee75c591b18e301e5407bb322`
SHA1	`105f59578f32f9d4e2d3284230eb6ebad2b18b30`
SHA256	`808c02b5b4329b7d2a5526095d67f8fe9b2b4108f1a6307646ec47f7e5cc34f2`
CRC32	`9AF8CD8D`
ssdeep	`192:OgdmF4GYPJhGgnQrqnficCLBpNTHNHoOia5JYxknU9qd45as92kku:OgdkJngQG6cCLJTHtoTa5iS9sVku`
Yara	None matched
VirusTotal	Search for analysis

Name	9e5a84da02e5bb83_aqua-clock1.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\aqua-clock1.bmp
Size	36.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 107 x 114 x 24
MD5	`56f18fd2ec130b2714c9bfeef92ed37a`
SHA1	`0bfcbbc051ba9323d9a8b5f0d7ddf77c75a21985`
SHA256	`9e5a84da02e5bb837b575b899f4ff55f5a0095c412c4433a2cfc922208cafa66`
CRC32	`017B3E62`
ssdeep	`192:CBccMWRLppppppW111111MhOCZX0/oYkjkX/dOMQz6ruH2qraRsEtNRY0ZE7DFF8:CBvcQX0/lOvf8BNvw1lKXlJ`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	45c550427466a858_cowboy2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\cowboy2.png
Size	43.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 200 x 201, 8-bit/color RGBA, non-interlaced
MD5	`c41a10919d89b2e79d9602b5644badb3`
SHA1	`f83673308724db3238ff799d30f8478c86cdd577`
SHA256	`45c550427466a8588b8b9c7eda3aa685c38cad1e6dcb6de43860b214b3c3fc76`
CRC32	`0A2C8D49`
ssdeep	`768:/tfJ+gfGQkB4WLWrl6K/OYI4U0SyJIWu2erDzyHJaYJFJICsYjqAwInHEVnVw:egf/04QWAK9IN0Lq2eqaYJFOCOAwIHgq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ee4ba265429c9866_casio.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Casio.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`247db811dd18688d6134fb3199cf5c30`
SHA1	`d82d5276ac82eff8637b71d8eee54149d17652ec`
SHA256	`ee4ba265429c986667b2b71d21d1fa0fafead643df2568594a3214f95e0dac4b`
CRC32	`ECB9AF24`
ssdeep	`24:BEQrGXz5lr9Bx6TORXFB01PRzkpWdGIo81OiDLPEGibQ0Wd9iBxLuQI:BzqFlxFKgMdGJGBLPEpQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	1f2c01864b23f9e5_IMKRMIG.EXE-AAA206C5.pf Submit file
Filepath	C:\Windows\Prefetch\IMKRMIG.EXE-AAA206C5.pf
Size	14.9KB
Type	data
MD5	`99a11d51516e5ba0b6b03a0b454b2d72`
SHA1	`5f029b58478aae81a9eed5d99880fb53b72c765f`
SHA256	`1f2c01864b23f9e512c9208b6dab89cdd3c6c434e92fcc6d3eb4c894ab7fa2f2`
CRC32	`CFE736F2`
ssdeep	`384:2SxAHiEiLv8Nhdcqd8YYLn9AdjRt/COnLws80yuU:2u65+Efyyj1COLws80y`
Yara	None matched
VirusTotal	Search for analysis

Name	2a1bd23c7f7b2a86_UNPACK200.EXE-E4DF1A4E.pf Submit file
Filepath	C:\Windows\Prefetch\UNPACK200.EXE-E4DF1A4E.pf
Size	65.3KB
Type	data
MD5	`0491fcf8631c1c132c50e27d4e133f94`
SHA1	`d436c275fe1ecaf3e90b6706a08ba92c4227ecdd`
SHA256	`2a1bd23c7f7b2a8666f32a07676eaa370b035160638aa9fd76fdef5aed6aab4c`
CRC32	`BA90401E`
ssdeep	`768:0vy8Cssg7k2/mI7yz2VFXeevl+EgK1jl1uKyCyWFeb/OblAYChG+4iwIGA9BGm:h8CstYmPP9eevdgK1jmCyaebGZAbRdK`
Yara	None matched
VirusTotal	Search for analysis

Name	febebccff26778ba_alarme.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\alarme.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d821262416fc40d087348659dec1c6e4`
SHA1	`05e9fd31ba6667274cc8b94466446ae492d41a3c`
SHA256	`febebccff26778ba1204cb6d58a7e889d44adbed33bc0fefaa3e32cef632fe3b`
CRC32	`6B6CC70D`
ssdeep	`24:BEQrGXz5lr9BxoaKy4rTORXFB01rfDkpWdGm8diF0PfXvibQ0Wd9iBxLuQI:BzqFluf1QFKOMdGmUPfwQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	292c4cabd66c2575_SOC-Linkedin[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\SOC-Linkedin[1].png
Size	270.0B
Type	PNG image data, 24 x 32, 8-bit colormap, non-interlaced
MD5	`a7bbc240d563db6d4f2211b9bb6d0e47`
SHA1	`3fbdf9c7b2378bc706013b52b355bf13346448a8`
SHA256	`292c4cabd66c25753ce8bbfa1e8a32b47703ab1f809670b056d5b59cfcaf5fb8`
CRC32	`ABFA0146`
ssdeep	`6:6v/lhPktaIgpXpnZwaqY3Re8+Rvkc0wjm4ON0v20YnU//jp:6v/7Mta/pXpZwaj3IrXO0vTqUN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d3a118b1405248d3_DLLHOST.EXE-40DD444D.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
Size	18.8KB
Type	data
MD5	`90f92d2e0c62f479273137ad2b03ea4d`
SHA1	`54b0905e091e9f61f58b6d4596f8e2a7fa52c142`
SHA256	`d3a118b1405248d3c9c03926689b812f28d1fd33ae7f596d0e4e16d9c8decc19`
CRC32	`7E82DD78`
ssdeep	`384:WPsGjg/pjfl3BfFv0XFP1re4iEcHCMd+dRCg59fMiT2sDZ0ZuuoM:wz0z0FPpe3/CMd+rP59Z2sG1`
Yara	None matched
VirusTotal	Search for analysis

Name	dcad2d8a58cf719c_MpCmdRun.log Submit file
Filepath	c:\Windows\Temp\MpCmdRun.log
Size	32.5KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`044df6e1cac345ebf268e3a7f542dfc9`
SHA1	`61fb445eebecf005b23d93956c0a80dcb9c55c5b`
SHA256	`dcad2d8a58cf719ce8868e6e1e70679f71ce65df1ebde207142b0d2f417dce32`
CRC32	`8DEF6D01`
ssdeep	`96:8Ep/eEY2HBQevSZE82HarmrIThcZED279AioWvhQhBIIhIZE62HZAlchMZEl2HCM:1AQoKv/`
Yara	None matched
VirusTotal	Search for analysis

Name	8ed6288feaeb930e_7ZFM.EXE-22E64FB8.pf Submit file
Filepath	C:\Windows\Prefetch\7ZFM.EXE-22E64FB8.pf
Size	63.6KB
Type	data
MD5	`42a6c64b8c43c190041ff3247eb70999`
SHA1	`b43d1a2b30040b8d3eeb2bd65e3c973d0217e962`
SHA256	`8ed6288feaeb930ec2c922b3db50ed3ce923194a333a2dc38a0d9510bba01926`
CRC32	`A2198562`
ssdeep	`1536:6DfJlkfMQ9beujZcQmrNimmkzVt8FSvv7+qz:tfoJfDv1`
Yara	None matched
VirusTotal	Search for analysis

Name	9870ccd8db737bbe_GOOGLEUPDATESETUP.EXE-B0D5C571.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-B0D5C571.pf
Size	45.4KB
Type	data
MD5	`bbfb969602d7a57181f85946f3d500df`
SHA1	`c23ddb2432dbb61bf3d30b9e99694a6aa6998d80`
SHA256	`9870ccd8db737bbe9a1340fee3a0b2a83deb5f93ffd321ff6a39a673bdb89d19`
CRC32	`DEC98EE1`
ssdeep	`768:/vgYTAjHCdK4dNkspHRqG0qQNpq/aogdUUbxN+0GJHTGmgU1:XT0TCdBNN1zQNpiaogdFVHNU`
Yara	None matched
VirusTotal	Search for analysis

Name	2f8c5fd250d6f896_longhorn.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\longhorn.png
Size	10.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 126 x 108, 8-bit/color RGBA, non-interlaced
MD5	`3768c9de0ba6520395ef84d7f56c02bf`
SHA1	`31a5fb80e4f7dc3bfc2b8bf016ef722baf2cf2f7`
SHA256	`2f8c5fd250d6f896c96c44984aa11c1b924696dbfd11270d624b68b0b255d521`
CRC32	`2C6D2A67`
ssdeep	`192:BSbxSBebSHnFYdZNEJnPM6Tk2jdQ5yKappg76uyqLi318HhC2e:BSbx64+n2do1PpgqdQ5PapYBL4SCz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7a1bde3819310694_GOOGLEUPDATESETUP.EXE-34B7EAE8.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-34B7EAE8.pf
Size	45.1KB
Type	data
MD5	`e591e6d32c2d1dcb7bf616e1594cde83`
SHA1	`25847e9c8c9e7928915ccd108a3d81c5ee96b6a6`
SHA256	`7a1bde38193106941624af0caaddb9e4d47631586ca16d6fa125979c72e128ac`
CRC32	`A0D94566`
ssdeep	`768:Gxuhiqo3LqkG0wfhId5+3qc15gaEaUGmlUc:GxuYqQLFwJ4+3f7tCUc`
Yara	None matched
VirusTotal	Search for analysis

Name	e791213655f1cb3e_cowboy2.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\cowboy2.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7b78a925bcbf93ff614a1c4fe7e84673`
SHA1	`6dbd5f227e72363b4301de8c7923442466714cd3`
SHA256	`e791213655f1cb3e5b5a08b01411e48d9ebe480166742a77f120b2964be2d7ad`
CRC32	`87C97635`
ssdeep	`24:BEQrGXz5lr9Bx6TOr01Ezkp8dGIo8bCiDadKibQ0Wd9iBxLuQI:BzqFlYBSdGJQlA9QJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	a3e8fad959b121bd_4f89be39-26eb-404f-b485-8e2014bd3790[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\4f89be39-26eb-404f-b485-8e2014bd3790[1].htm
Size	485.0B
Type	HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5	`052dcfd9dc28b4121543378f57a3e11b`
SHA1	`21aaaaec835e3ff3793b3d166d02f04d7fd83bd2`
SHA256	`a3e8fad959b121bdffc59b7789649639ed69839314d8e0c704c3716ac84d767c`
CRC32	`F52A8611`
ssdeep	`12:kx/kTG+6HW7vZ/OTsl3q5AGIWzeBvQ/g5+o87e58vDlE:k5pHWzZ/6sl3q5jQBI/gUo05E`
Yara	None matched
VirusTotal	Search for analysis

Name	ba64e4a42fd5847b_itoolsclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iToolsClock.png
Size	29.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`0239c87ad1e60a548109255c1cddf634`
SHA1	`03d224d459fc666a00e8468e656698e7b6d15447`
SHA256	`ba64e4a42fd5847b80b20cd0980ed7a4508bea01e88c0c6bfa0158860c8323ad`
CRC32	`0EC2692A`
ssdeep	`768:33epqn5/atVJHkAeHzV2TGjjCIUoqZttx7tP0nmdB9T:3f5e9kAIVbohowj`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d35e132d0e260a83_SVCHOST.EXE-E1E0ACE0.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
Size	20.8KB
Type	data
MD5	`4550b31850251e5d39e3f83c1cb70d02`
SHA1	`844d43f3b8c989ac45c67bacfcf63b08bc3be6f0`
SHA256	`d35e132d0e260a83f900b030875c60162cb7ae95370c0cd91165c9340d526cac`
CRC32	`574A544F`
ssdeep	`384:QtFEMGjb9EK77ce2YkTyxtB2a2wMUorgwRUvSI+svpZu:Qtip+m/WGXxzMUCjRUj+svp`
Yara	None matched
VirusTotal	Search for analysis

Name	f247ed947b0f8337_alte standuhr.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini
Size	946.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1ed534d32d9c5aec051584fd4f4a6ac0`
SHA1	`69ffd3f42b20ea7f0d8acf48a914265a2b03ed59`
SHA256	`f247ed947b0f833783b876902185821e47283039aba7114f114edd889cf04f45`
CRC32	`178ADD39`
ssdeep	`12:a4EqmYrrrcRQBjpJrprh27XFPV+J/PnXFPVG99XFPUXFqC2kpmdoH9Gs968v2ims:BEQrmu95UTOxf01kKkp5dG/8+i4352X`
Yara	None matched
VirusTotal	Search for analysis

Name	7746b7cfdedfca55_id[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\id[1]
Size	155.0B
Type	ASCII text
MD5	`893a4f29fbc4c552b74271384628b3db`
SHA1	`368d05e49f07b691b0a969dfb977459fc49eb1b3`
SHA256	`7746b7cfdedfca557b8a2e77debcbd23dd3cf8da20da829ff827009406f4a6f7`
CRC32	`D8A84D07`
ssdeep	`3:CEPJESa/uDESa/jHIWr8XmbIjpAIggRxkhUs/m/5kcBw:CCJZaUZa0k8WbuiIJihUsmRkcy`
Yara	None matched
VirusTotal	Search for analysis

Name	e6c0f7fc7f440fdc_wonderglobe2.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\wonderglobe2.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`dd1979cddbe6614ea4fce3617d2d8fce`
SHA1	`d5235ace6190a103e02e52e1055ccde04af9c39b`
SHA256	`e6c0f7fc7f440fdcf18d90a84fc6ea75b487867e60c27da3bd0a89c44add041c`
CRC32	`E8E04673`
ssdeep	`24:BEQrGXz5lr9Bx/aKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFlpf1EY4dGmQD8tPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	455f77109da3e6d6_LOGONUI.EXE-09140401.pf Submit file
Filepath	C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
Size	66.0KB
Type	data
MD5	`d4fd51c3924b568da01feef5b2b4192f`
SHA1	`0907ee6d07a9afa1ad25ca6f44458214fb06130b`
SHA256	`455f77109da3e6d67b5d3141b03a64da66bd8188de41084cb0cbd23dc4d1f7ab`
CRC32	`D46AF322`
ssdeep	`1536:tag6Xoj9AjyIxymBmf8/r+zSw3jHDj1d+UgFTKVGf4JL:urkLHNF`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	0901474f95a0fc08_cloq.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\CloQ.ini
Size	1.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`4347579972618d2220b35d400e2497df`
SHA1	`cae1fe63be61c08c9880c21ad31c5e0f595596a2`
SHA256	`0901474f95a0fc08bf58f2e34cd2a46f3ee2a0b50742e6ab1d70b471bb084f6c`
CRC32	`56777BFE`
ssdeep	`24:BEQrGXz5lrkBJSaKy4qGTOXZZ410XiOkp5awGIo8bCiqwfQi:BzqFlCSf1qVX4jnDawGJQ8wfn`
Yara	None matched
VirusTotal	Search for analysis

Name	d632e9dbacdcd8f6_test22.bmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\test22.bmp
Size	48.1KB
Type	PC bitmap, Windows 3.x format, 128 x 128 x 24
MD5	`343fa15c150a516b20cc9f787cfd530e`
SHA1	`369e8ac39d762e531d961c58b8c5dc84d19ba989`
SHA256	`d632e9dbacdcd8f6b86ba011ed6b23f961d104869654caa764216ea57a916524`
CRC32	`3C5BAF10`
ssdeep	`768:wjof+RdBZJ2g653hvqs+Rcb+SBMdK4tztHDyecRa6Xs9X/jPlu6tKvUfsQscD:wjE+132lhisKZdltWeks9Ru6nsQscD`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	2da0e3d059c823b2_IME2010imeklmg00000002.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000002.log
Size	842.0B
Type	ASCII text, with CRLF line terminators
MD5	`7cb0d7fa230c2b67c56af0a475b2c640`
SHA1	`2f4825c8e64c1157cbc40d3f831e8f34d347fef5`
SHA256	`2da0e3d059c823b2f1822ffa0e30949b0e0c7cead4ba466e1aa9a32de5003591`
CRC32	`2385D086`
ssdeep	`12:o58MHXsfY4aRHRRHTPiTcHTJMRHRx5d8d/HXsBi85gcQ7HTaT6v:STXcYbRRHTecHToRxzYvXSRGX7HTEE`
Yara	None matched
VirusTotal	Search for analysis

Name	4b26b857f78692d2_202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`1fd2fa78c68205f6584ac7cca25b7a8f`
SHA1	`51383d4581dbea023d8acb7f82c93508a0bb50ec`
SHA256	`4b26b857f78692d2c0da7515a32e99e2b89b10ca98fb72f12f7ba9f946ee0f07`
CRC32	`CBCA3EEA`
ssdeep	`24576:76O7cglbAMTDu2h73Ufws831I7mIbgSEhtf7EOmINL4ch+aXX:fQMbDfUfo31smIg7EJINL42H`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	278c33465b3da682_romanblackmin.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackmin.png
Size	889.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 55 x 7, 8-bit gray+alpha, interlaced
MD5	`5b9b2f8241e1842b9921a1acc940e78f`
SHA1	`c8a28f4dec48c4b63fe5e59aa7d9af11fa709d85`
SHA256	`278c33465b3da6829078264b5fb59293d261a97756b3781a2da45ae93bc5a5b0`
CRC32	`B0DEF50A`
ssdeep	`24:rwlFZSCKBRDl7IBTwBrFKc+yFZZQrrDy8Bnz:rwYCcp7pr0cDFZmrr+8dz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f37f0ee1842f9cef_bubbleclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BubbleClock.png
Size	25.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`94575e1b2268ebacfb4349ef05174f80`
SHA1	`d7b7f21875c9fdae5364804e3b4da77b9d0be128`
SHA256	`f37f0ee1842f9cefcffe4b291c8c247c7a4871252e551150677a86e1575c943c`
CRC32	`D454E179`
ssdeep	`768:xYBlu8IJvxWn5wpAdeR2CsBTw2ybm4LSUJ0sl95O:xIu8IJvxWnO+g8NyfEC95O`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ffcaf7b027d1c6e0_negro2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\negro2.png
Size	9.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
MD5	`f0f3d8bca45643b990fb0e2924bd4aa9`
SHA1	`6a60789bb15d0cee548691a379c95f9bfbee7b21`
SHA256	`ffcaf7b027d1c6e00f06437f1e4864417bdc4f2428125140118a73c6a6449b28`
CRC32	`EA42D1D2`
ssdeep	`192:prca/zZV69AIpL/JUxeRyqyrujNobJMFS3ZkjOsFsBgBEEziuS0roY:pgUHUplZar3ASJkbFikMUoY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	fb73cfcc647f00cd_hungarian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Hungarian.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`897df08d2097ebae47d45632eef4344b`
SHA1	`ce7718edca84272a94a19ef831604e88ee76caf9`
SHA256	`fb73cfcc647f00cd7fb3aad3f6fa6753ae62879baf4d4576cd8116e1aa55bcec`
CRC32	`7AE7CC03`
ssdeep	`48:fzycwT+JHTioGFfNUGN+WBgJL8u/o9XwcrPFTN79ZDx5UyfdQy4wPzevGTjTu:OPiJzjGFfNRYJl/o9DBVTUyfm/aTu`
Yara	None matched
VirusTotal	Search for analysis

Name	42b31c071fc16116_xxva1wfapk5k0025co6lkkqr.exe Submit file
Filepath	C:\Users\test22\Pictures\xxVA1wFApK5K0025cO6LKkqR.exe
Size	4.2MB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bdce325d0009953a41a4aaa969ddac87`
SHA1	`bcd4177b4c155bfa0e728652540af67e6ab3d3a6`
SHA256	`42b31c071fc161162581cd2606e4a2b5922032fd7cccc53239bf12fd60982e32`
CRC32	`0DB4BE15`
ssdeep	`98304:55zfigP4O7QuAmWAQFPQF72E7kTWVaTt14mwplkyi:DqgP4O7bAm6QF79AbTt14mElo`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	cd10456d9654a0e7_b2-5c345c[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\b2-5c345c[1].css
Size	144.0KB
Type	UTF-8 Unicode text, with very long lines
MD5	`b11935eef8622f49e99c5c09541181a2`
SHA1	`b8f5f6c54483723cb408c316037d4659f0968de6`
SHA256	`cd10456d9654a0e710e3dbdac18022a0862041c6d3a7855bc8509726f24f05b2`
CRC32	`00DB3426`
ssdeep	`3072:TzCPZkTP3bDLH0tfRqQ0xtLfj4ZDSIpTt813viY8R1j35Ap7LQZLPPJH7PAbOCxc:nlZ89`
Yara	None matched
VirusTotal	Search for analysis

Name	2a4cf56fcf8001f8_neon.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Neon.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`f9da34467004f63fa227a92a987a53a5`
SHA1	`910197cec498dc6b075c50952441666d12940d5d`
SHA256	`2a4cf56fcf8001f8d6dbaa7229cc8bb52a638058746f76f8d170bae6fc3faab4`
CRC32	`12C26ECD`
ssdeep	`24:BEQrGXz5lrUNdaKy4jTORXFBA1rfLkppSPGm8eGiEw33NPeibQ0Wd9iBxLuQI:BzqFlCdf1YFuGHSPGmjtPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	6e979b113b75d02d_AgGlFgAppHistory.db Submit file
Filepath	C:\Windows\Prefetch\AgGlFgAppHistory.db
Size	2.9MB
Type	data
MD5	`adc4495589f55712e4d1c15603bdcad1`
SHA1	`b2f6353933fabf2d02e5545bf50b182fe24191df`
SHA256	`6e979b113b75d02dd60166042d48acdc30b8b12971f29669661a8d0411529c15`
CRC32	`CB7FC2DA`
ssdeep	`49152:9aB7BRldwwf1oVRR8sKJnP1u9kNMxD83Bi7h+UeImpLD/:9EHdwjVP8H9Q2D3sIUdqLD/`
Yara	None matched
VirusTotal	Search for analysis

Name	9814cbdbe2037432_guldkugler.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\GuldKugler.png
Size	17.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
MD5	`fe01d57c5dcee76563ab98cc0c8191ca`
SHA1	`61e51410fe6e6e09d8437a80746c2640a31e30b4`
SHA256	`9814cbdbe2037432e1acd08483a1d09592b7286b10abed744e7f27e9e53249d6`
CRC32	`F02B2BB8`
ssdeep	`384:dMfoGG4iyzLXP0ZCh1zDXZ8L5cevao4+JSIrJUjTTSs6O2M:MoGGTuXsZw1DXZ8LlSZsr6TRHL`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4977b08aa2605dda_JAVAW.EXE-D0AA8787.pf Submit file
Filepath	C:\Windows\Prefetch\JAVAW.EXE-D0AA8787.pf
Size	99.7KB
Type	data
MD5	`ec836c1dadcb8285925a7f7691a915ad`
SHA1	`4c25e05139ffed97cb814aac2d25a41080b1404b`
SHA256	`4977b08aa2605dda2cbdb0a94dfcf9af3e9f3a555492f2dec227f1e9fab78da3`
CRC32	`FC533853`
ssdeep	`1536:CQ9EoblJOMnjPhkvUu2Sq1zRZEPOiFvgagSoxHBFnTUtJJX4V2L85afw9OT0hyHj:1nP2cuNsRFEgRZHnn+LzQhI`
Yara	None matched
VirusTotal	Search for analysis

Name	df2f74885b2bb13c_SSVAGENT.EXE-0CD059B7.pf Submit file
Filepath	C:\Windows\Prefetch\SSVAGENT.EXE-0CD059B7.pf
Size	17.6KB
Type	data
MD5	`77a14e87cb98d758c4594d4c2ee337c5`
SHA1	`023ec1b6cf0ead5e26c1d688fbaff2ca9c7fe43e`
SHA256	`df2f74885b2bb13ce6ab5412347acdd1ed4bb272ad97a0dbe2765dc6d6d5e3ce`
CRC32	`3D748D1A`
ssdeep	`192:38P7zhCIw8dX8ZoJ6WTSYXy14LQ2k7K1CKX6asnj6khmzxnuWgx2mB1EObgl6TlB:38Z+IPF417ckJWpgnKhFIGml5`
Yara	None matched
VirusTotal	Search for analysis

Name	ca04c21ba94d6e43_baiweather.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BaiWeather.png
Size	32.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 161 x 161, 8-bit/color RGBA, non-interlaced
MD5	`796618351aeb1c80c1fef6579990fb9f`
SHA1	`896adf790d7fab3e97079c4e5cb461a45b821ad3`
SHA256	`ca04c21ba94d6e432c436a26fef81609aa40c783462624ca191db9710fc84750`
CRC32	`F984BD34`
ssdeep	`768:0+BKTCFpP9wB4YZfKoAf8qzfc9XIpV8JzO64:0CNwflfA0Afc4X8JzC`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7759c1c207eacea3_milkclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MilkClock.bmp
Size	41.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 117 x 119 x 24
MD5	`c429424dacb9e99c03e1c9aa0a43edac`
SHA1	`8b46c8cea93bb189d7bb658c2cb919c9bb5e73ec`
SHA256	`7759c1c207eacea3c0d807f973afee0431763194cf965af6d8a12b51e08269f0`
CRC32	`3506A552`
ssdeep	`384:48oCgzHI3a+orRHK546WiWERXIyX9mNobpDbWvwpOwxggScDYe9bahZ6biQP7l4d:nvarRqN9pkW2QP7+4j4tWldZU`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	fcc6715e9b73cb3c_f[2].txt Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\f[2].txt
Size	108.0B
Type	ASCII text, with no line terminators
MD5	`903c1253fbdaee06e78ae86ccf8a2d6a`
SHA1	`eaf174bdb30d48f358d71c3e9f510bbcf096d14e`
SHA256	`fcc6715e9b73cb3c1c1b8042fb590efc76697e6187fcada5c5315180252f98d8`
CRC32	`6FA00502`
ssdeep	`3:oVewGL34zzxHJzdeJjC0MIdZ+HvpHlxfYf:ogwcozzAjeqZ+nxwf`
Yara	None matched
VirusTotal	Search for analysis

Name	4d7af300b3fbbc5d_slovenian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Slovenian.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`0c0351290ad760f3cea848f6f65b4af3`
SHA1	`c2e4a8b2426463f4e80cf9d5fe74317c55a76d3e`
SHA256	`4d7af300b3fbbc5d8ce3dcac871c9c6ca4edd6785721418c90042cc5c23dec01`
CRC32	`1FB4586E`
ssdeep	`48:ZWUFVFU14/Jj/aMzpW1yOrKUaA2DY5uSs8CIFNM8oy5G5GPunusGN66phovaTu:zc4J7aMY1yOrKUP2OC8vFmhykAPuuBi3`
Yara	None matched
VirusTotal	Search for analysis

Name	4f8a7817a536eede_AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db Submit file
Filepath	C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
Size	824.4KB
Type	data
MD5	`4ec393b3dac7d363d4e29588e3ec0e30`
SHA1	`c9b143ef35e39131d5a7f35b2e82bbf48a2adc89`
SHA256	`4f8a7817a536eedef12fdde62e01a71fe7db626f8554eb7b57a574d769a3f9f5`
CRC32	`8AE8E02E`
ssdeep	`24576:g8aPjAuIUZ+yOyypzL+HUMDoyOY/pQrkU20MTAaX6+WmseC:MPjdBy9+0MPAk/0Mka9WFn`
Yara	None matched
VirusTotal	Search for analysis

Name	89a25a2c8d5a5b26_ballclockice.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockIce.png
Size	12.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7341d4b09d1030d1cecea62edbd8de93`
SHA1	`060a6a44ed3c889908824ed64b31888ee65dca7f`
SHA256	`89a25a2c8d5a5b26f1c3749282ae1fecc42b690219d985392336747fe1a550fb`
CRC32	`103C690A`
ssdeep	`192:WSOYiiwKNMtJKMvHuOoOHZofl5rndayVeTtVUEilpFe7mfWq13L3wHR4dv3O9THx:5Y6WnjHZoflxV634FKGWW73eSdveIkz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c556ffa2b91ad5e7_OSE.EXE-2B23CA4C.pf Submit file
Filepath	C:\Windows\Prefetch\OSE.EXE-2B23CA4C.pf
Size	21.4KB
Type	data
MD5	`d6f44a9626f224c427f1ed90a86ff551`
SHA1	`5737e4c55e48ce431bc7ff1f6a12af2dbaffb1b4`
SHA256	`c556ffa2b91ad5e7ef02546167466b39b3abcfd17abeefc8e46d4ef60bc0bff5`
CRC32	`9C219832`
ssdeep	`384:k6Q6Zo0iCKaIrRbf5N4L/iPGCVhr/dGmI:kB+o01Id7UiPGMhr/dGmI`
Yara	None matched
VirusTotal	Search for analysis

Name	6ad8befdca0318ed_klldr[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\klldr[1].js
Size	193.0B
Type	ASCII text, with CRLF line terminators
MD5	`a336ef65fcbd89c93de8d0d83d8bdace`
SHA1	`9f5de8eed7dfb8b461253c4695d1816082495603`
SHA256	`6ad8befdca0318edb1922354750e0b7ffe038dc062b033059948410e8e120449`
CRC32	`E193D506`
ssdeep	`6:qqDi+8mgO9lVhnFXm+ovCj1weAAc3yKLqkY9L/XLbczn:lmJuHnFXm/4AV3qkObM`
Yara	None matched
VirusTotal	Search for analysis

Name	4036a909a015179f_security-image-vflZpPNwy[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\security-image-vflZpPNwy[1].png
Size	62.1KB
Type	PNG image data, 275 x 262, 8-bit/color RGBA, non-interlaced
MD5	`6693cdc3279d5c78cdb920ebdf79451a`
SHA1	`431ff7f98ceb605d3bc08f2498340a167161d459`
SHA256	`4036a909a015179f6352cea77cab77de236094a264ef09b5c1d3755f4d80d545`
CRC32	`E449D695`
ssdeep	`1536:LYfvyscP61NI9vx6hkqbJnxtw2Q3NmykL+8M:cf6Ua9vx6hkqbPtw2Q3UM`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	b05ef8c194527967_INSTALLER.EXE-60163557.pf Submit file
Filepath	C:\Windows\Prefetch\INSTALLER.EXE-60163557.pf
Size	19.0KB
Type	data
MD5	`313f4699b8b458d445a1c9e5ff94f100`
SHA1	`63223820ea5533945873301cccd944fab893ab02`
SHA256	`b05ef8c194527967dc744897a0fad461028cca82dbec3d34dc3ce31af04ea83b`
CRC32	`356FE84F`
ssdeep	`384:JGA1GAn3J7JjNvSkVJ9NQSIV/DmfCgmGm8:JGiGczh6jSm/YmGm8`
Yara	None matched
VirusTotal	Search for analysis

Name	10c0e92f906e772b_Microsoft .NET Framework 4.5 Setup_20200715_141303844-MSI_netfx_Full_x64.msi.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Microsoft .NET Framework 4.5 Setup_20200715_141303844-MSI_netfx_Full_x64.msi.txt
Size	9.9MB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`a88a8e80c0f7e5bcd829702aba53d89c`
SHA1	`e53293584db89a23af30e94adcf97d624f1e097e`
SHA256	`10c0e92f906e772b580eb8cd135525fcbe28cd6d3c279b700028c41aea1dd793`
CRC32	`8CEBBBAB`
ssdeep	`6144:cm8jijdZf0CeqcjM1xhe2iDC6AJNxoA99g2NSfnqt6jgWRJBN45w9FpuduWXqxVj:ijQPrhe276AJNIfnqMJBNVWXqdrMNDZO`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	db828df4e38b7406_j2bqka6wquyc3c1out81sjn1.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\J2Bqka6WQUYC3C1oUt81SJN1.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`63f8321e99a429a71293ac4de3dda31c`
SHA1	`13c406cd4c021ca29e5671318d650c75372dac7f`
SHA256	`db828df4e38b7406816f80ababcabbd03ad9974ff47dbc9e285091bcc4075a16`
CRC32	`912DF1EB`
ssdeep	`3:Ljn9m1mWxpcL4E2J5cX0VuQdQGxKaNln:fE1mQpcLJ23ckQQD`
Yara	None matched
VirusTotal	Search for analysis

Name	50e509c56ee7437d_RGI1518.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RGI1518.tmp
Size	10.1KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`cfe2f1194768ebe8914c07c57cbada52`
SHA1	`70d1ca67cd1d3381fa7fea37605417510456d37b`
SHA256	`50e509c56ee7437d710345b977cb5edbde526206034dce0e52cc132c61cc5cae`
CRC32	`39E6814F`
ssdeep	`192:U9QI6wA1jUr2ol3ilWoTWgzMPiS+XdC8lUwRQHb:FwA1jUr2olylWouwRQ7`
Yara	None matched
VirusTotal	Search for analysis

Name	22a6b9f1430102c2_comdex - omega1.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.ini
Size	1.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1fe0cf880a1fbd2c105e85361ecdd3f8`
SHA1	`0b49f938cbcbbfb4f28ff070f85f9b01ae02470a`
SHA256	`22a6b9f1430102c28388dc50604fa010eaae46778e1def800a8acdf12b91f8c2`
CRC32	`BAB63B0A`
ssdeep	`24:BEQrGXz5lr9pk/7FoB35k6s4H6T13Z41rfLkc31CGm8bCinCd0X:BzqFlk/7Fy3u67C4ecFCGmQtCd6`
Yara	None matched
VirusTotal	Search for analysis

Name	45950471e4faf639_alert.mp3 Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\alert.mp3
Size	10.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 8000 Hz
MD5	`74053f5e4bf6420f04ae67a74bd025eb`
SHA1	`eadbdfa25c6f7c14d7ee06d557ab8449b9551334`
SHA256	`45950471e4faf639815b99c48bd87c140610dcb587c0a9af1f941d63a7500d78`
CRC32	`484906B9`
ssdeep	`192:0OQIOBHC22Ddnc+uCpmoHrXAUyZyYLTPr6L3zCY+dEE2apqgTMUiirzT3wa:0VJU2Sdn6CcyAKY/e7zCYmEE2e/iif7r`
Yara	None matched
VirusTotal	Search for analysis

Name	020944aa6f7a32db_support[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\support[1].js
Size	39.1KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`ed3e7b139f28336172a3aeb57c04befb`
SHA1	`f501f7d8d1c6113565a3d15fdcbc16ed0c15f0e6`
SHA256	`020944aa6f7a32db371d00243cfecb44b129963633957bbc73ea3c5b275d4da7`
CRC32	`8FCBC367`
ssdeep	`768:4+A52WQgzOyPB4v7QzxzISQMHsfF0F0p6o261fvPErUJCwtNGAxdQTM15Yx:4ttOKLtscr61f1t4ZTV`
Yara	None matched
VirusTotal	Search for analysis

Name	59e988a2cd09cf21_StructuredQuery.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\StructuredQuery.log
Size	6.9KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`dcaa9634ba6be9784ca6ccd4a6fe8f87`
SHA1	`cd5fc4280bcda22b647ddb18e3ce822263981750`
SHA256	`59e988a2cd09cf21291c8faa8ef940278f001dafc8c1d0d33070a8458110b2c9`
CRC32	`DD112E35`
ssdeep	`96:vQ/PLouJelsJTVPGQ/AaAi8zP8Q/AaZfBzPPQ/PLouJw3shrVPGQ/AaAi8zPPQ/Y:4LTp+pYLTb+YLThIYLTJ2H`
Yara	None matched
VirusTotal	Search for analysis

Name	a8a79d350c2a5e3b_2018.8.8.0_win64_win_third_party_module_list.crx3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrome_BITS_6916_1520674847\2018.8.8.0_win64_win_third_party_module_list.crx3
Size	5.6KB
Type	Google Chrome extension, version 3
MD5	`a27fd6952edc92d0ce6241a3926cd5e2`
SHA1	`c7b44abb244be659e5afdd22827100a6a94a1f2b`
SHA256	`a8a79d350c2a5e3bc36226633a8e0bed0dfab184e77f38fc8f0820ebacf8eafc`
CRC32	`16132F44`
ssdeep	`96:59xKwZ1WQhgsRitR4kiy9HwWh7gb2VuNrSCodB2H6BslyKYZPk8EwQDHrWjHC1Mv:52egTjxgXNrSCM2Hs8HUc3jzqQW`
Yara	None matched
VirusTotal	Search for analysis

Name	d3152443a9a52cec_PINGSENDER.EXE-8E79128B.pf Submit file
Filepath	C:\Windows\Prefetch\PINGSENDER.EXE-8E79128B.pf
Size	24.1KB
Type	data
MD5	`63f550d39c153dd227def72fd1e3b268`
SHA1	`dd3b0adb3a6a73d1d200a1cc9d0c99be6980434e`
SHA256	`d3152443a9a52cec9dbfec5e6a5b8593875575243b8b8a3537b5fe9b7346861b`
CRC32	`3B36F707`
ssdeep	`768:dGgtP9zpZhQReIG0U8SVXZn2JAhT0cJfRv:dGoP9FZuRef8SVXZn2JAhT0cJfRv`
Yara	None matched
VirusTotal	Search for analysis

Name	0babe95d7a9267b9_SETUP.CHM Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup00000994\SETUP.CHM
Size	101.6KB
Type	MS Windows HtmlHelp Data
MD5	`54c13e5183458ba80db948add23f5293`
SHA1	`059f9353a70c2131328400eba3dc06d5eb70d0b5`
SHA256	`0babe95d7a9267b9ef7e397b208d4f5b199d1c03ec7c8dd42ec97ba1fe7203b4`
CRC32	`56E6E3AC`
ssdeep	`3072:3N5NecB8UzTIkkQD175R+y18b1iEQq2Hqz73Fl7runWa5c31YMb0t1xY:3N5Nec2UXxkQD1FR+A8b0EEqX3jJa5cb`
Yara	chm_file_format - chm file format
VirusTotal	Search for analysis

Name	5feceb66ffc86f38_plus[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\plus[1].htm
Size	1.0B
Type	very short file (no magic)
MD5	`cfcd208495d565ef66e7dff9f98764da`
SHA1	`b6589fc6ab0dc82cf12099d1c2d40ab994e8410c`
SHA256	`5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9`
CRC32	`F4DBDF21`
ssdeep	`3:V:V`
Yara	None matched
VirusTotal	Search for analysis

Name	c5fdcee509ec0ae1_comdex - omega1.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.png
Size	71.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 150 x 328, 8-bit/color RGBA, non-interlaced
MD5	`26e6d02144112f1919fcc08ac0f6ce07`
SHA1	`7d3d5f287bf72c85c6b14c6f3fa8fd858367b542`
SHA256	`c5fdcee509ec0ae18872eea9daec67dbdf3c98552db579b49fb0a88397bd8bec`
CRC32	`E956BDCE`
ssdeep	`1536:IQSHf6+JZpEmnuiBXnfTb7UXhy/HShAypIe7w0+hdCsX/SOLFI6vD9ccIiUcjk3a:ne6UtVBXnrb70775khX60rvmcPjYa`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8685ad2206e8d603_stickyFeedback[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\stickyFeedback[1].js
Size	5.6KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`04d45d73090fe0f383edd2f169ff7653`
SHA1	`d9cc9033bb715e7930451dd792ec52789408fc3e`
SHA256	`8685ad2206e8d603a459de6496a59aea9659124f2c3a405e9ed72d708e063a66`
CRC32	`CA575F80`
ssdeep	`96:IZ8GD715hv//1Ao+rHPuffO2taay5rvFNxedvWTg4ofRpWV:w8GD715hX1AFHPmfO2T8fxqvGXofRp2`
Yara	None matched
VirusTotal	Search for analysis

Name	6c0c897b502f564f_RUNDLL32.EXE-5A853E81.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
Size	94.2KB
Type	data
MD5	`6f335571a5c8871127dd4d2ee0197331`
SHA1	`f7c2916c3f236348e3c3970d086f510af7721caf`
SHA256	`6c0c897b502f564f13ae938489067577356c0105ada19e9debe06be301ac3cb0`
CRC32	`28DC55F6`
ssdeep	`1536:VGr/qtzyjvv8ynmt0B6jtB6ZqilxTK2HfLYhA6wza4Wz99bDLwFGlFPw1NVUCc1z:VGvjrnmJCBVWzUFKF0U`
Yara	None matched
VirusTotal	Search for analysis

Name	ab8d75a5b7230938_white_apple_clock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.bmp
Size	36.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 101 x 122 x 24
MD5	`fbd9ca6cbbc07c9f7b16577e2ba8abb0`
SHA1	`4f9a98c739e9d209f77ad99396a8a4b77c0cfe69`
SHA256	`ab8d75a5b7230938e834da4ecb043256dfe5466a30e59b2787bd08eac14de50b`
CRC32	`39090E9D`
ssdeep	`192:3G+xNKrzZ4gb85tG/llgjmJahf7TyTWU8DgEdtN8xytFmnmU9OHGTV/zMmZilkL0:3JNK543hjTyTWU4gEdz8Icnf9PFs3D8e`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	589112537079c342_blueballonlydots.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.png
Size	24.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
MD5	`3dbecac206657c42196eb6258b85f7a3`
SHA1	`f496af89cad84d2c09ea0121bc3bd5c5690a09ec`
SHA256	`589112537079c34208b56e728b61fffecc514d898d37e45a4039a1ebbe1e0261`
CRC32	`6ECC2F4A`
ssdeep	`768:86rfzS40W3RuiRp5F8IdXo0t0WyfrovfU+TnTC:8aG4PRlpUjWMMTC`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f7824ed6d98211e4_AgRobust.db Submit file
Filepath	C:\Windows\Prefetch\AgRobust.db
Size	212.7KB
Type	data
MD5	`005d09a013f1bd5f2efdf081597834fa`
SHA1	`dfbc792079bf845babc111c284ff3e901a12c898`
SHA256	`f7824ed6d98211e4bfcbd914bc62eeed61731453c06338133452147f6d0c2613`
CRC32	`3AA1CA2C`
ssdeep	`1536:9yNn8A/QjINeCxndTWgzBzx16MF3FjNcZS2yZJ6QSu1ogzfnIEblwTRlnyYV3Sb3:61NvxpW86MFQmUVI/F`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	c3afeb9c30eee306_ICACLS.EXE-B19DE1F7.pf Submit file
Filepath	C:\Windows\Prefetch\ICACLS.EXE-B19DE1F7.pf
Size	16.8KB
Type	data
MD5	`e98db9ee4fa2f0bb17d7da67ba68aee9`
SHA1	`14fd93f9d86137ff125167fb636cad225e79de6a`
SHA256	`c3afeb9c30eee30621c8c5ab21678eae513faecc43b353fb7e6e1d39ab68cc13`
CRC32	`1788D057`
ssdeep	`192:M7eX4CfF41AdNUyQjdQFYgYAOkmNhZVlH2Gd0FQYM0lgpfKUFGm9S:MqX4NAdNUrdQq/eWhZVt2G2mg8Gmk`
Yara	None matched
VirusTotal	Search for analysis

Name	33271fea54f89761_IMEKLMG.EXE-3FEB7CC0.pf Submit file
Filepath	C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
Size	21.8KB
Type	data
MD5	`16eda911aa847faddb24da5d89ca59dd`
SHA1	`3db2b0fc70949eff62b5673e851e83c636a59b73`
SHA256	`33271fea54f89761136a452cdfe1e4f341d311e7bd9a8668521de977e0fc133e`
CRC32	`34673D25`
ssdeep	`384:jr1vlxp8vzUCDuaGqlFQALLa0+/7tW2d2v9WY9pBsYR/1un:jplKzVDZGQGAC/ErVpBsYR/M`
Yara	None matched
VirusTotal	Search for analysis

Name	f32a30899d104ef0_ring.wav Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\ring.wav
Size	9.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
MD5	`5549af0cbb0cc2f1ab1a1dd52ac3531e`
SHA1	`22e51923c9365edb643b68afbc8c44d0da25112a`
SHA256	`f32a30899d104ef03cdbda1d433015982ce34ea1d58481c1e437d56c92d2f5c6`
CRC32	`E9AED4AF`
ssdeep	`192:AHTBu49v6XhLYxXnIt6cFg9RdpVBFx3HYIQ04PpQlAZfu17QfW/Dtsy:0T19yRLYdnIt9+hpVBX3M00QlOGQfGDt`
Yara	None matched
VirusTotal	Search for analysis

Name	7260cfe0276c765c_cb9f54hr6tnrayky1mxvduaw.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cb9F54Hr6tnRAYky1mxvduaW.bat
Size	91.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`9c7d57e7a3bc6f257bdddad5b141cce8`
SHA1	`3d1fc9dd08c91094467611352c761d165f7e990f`
SHA256	`7260cfe0276c765c823df7f8f52ecb829f5d2c6ab6457d77d3829baab4e2132f`
CRC32	`81DE793A`
ssdeep	`3:Ljn9m1mWxpcL4E2J5fUOhUQpkASkdan:fE1mQpcLJ236/D`
Yara	None matched
VirusTotal	Search for analysis

Name	efa21c14e6e66a5d_GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf
Size	14.2KB
Type	data
MD5	`8737477d3a576a382dce0119eb23b3b1`
SHA1	`e3f2d1a19ac425af3b385f3abdb129f1595e695b`
SHA256	`efa21c14e6e66a5d8e090e2f74e7533e1d351ca541d3cbcc160c31aa5c14c842`
CRC32	`329411E6`
ssdeep	`192:0VPQHYwl2QprbgsgBecmxDszDoWEe+IVFqOxwKn/x2OCSeos9y/OouiR:0VMvlxprbCecmPWhPvxwKnjC/os4OouS`
Yara	None matched
VirusTotal	Search for analysis

Name	26f271ebb4debfad_NOTEPAD.EXE-D8414F97.pf Submit file
Filepath	C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
Size	47.5KB
Type	data
MD5	`a101035a632ce91e761f22807701d9ca`
SHA1	`26ac8ddfa4839803997c82bdf9af3e94fb949f99`
SHA256	`26f271ebb4debfad9f3cf1a3c563446e34a5cd8caeeedfaa0be251009dde75b6`
CRC32	`095E4EC0`
ssdeep	`768:+PqGtyAVLb+r5RaJFVezSQxjoOGFYX3dLkMxssGh6+KDA:+PqgyILb+rjYFwzDZ5GFYH1mVKDA`
Yara	None matched
VirusTotal	Search for analysis

Name	7ce1ffcbcbe0e292_mwfmdl2-v1.17.3[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\mwfmdl2-v1.17.3[1].woff
Size	13.5KB
Type	Web Open Font Format, TrueType, length 13832, version 0.0
MD5	`f287ae1953798ef761258841ce03f15f`
SHA1	`8d74334772a82b9a95e05b08dadb75314feea245`
SHA256	`7ce1ffcbcbe0e292d6b63c045e0302bfbcee98c40c1f74685fdbec2e880e9412`
CRC32	`A9DF3CC8`
ssdeep	`384:QOJrOwNSEP4WE93VFzJEHLRMPBCfrKV3i+rfbVjfNkTK5T:QOJ6BHzJsCPEmbRBksT`
Yara	None matched
VirusTotal	Search for analysis

Name	99299e9970cbf71c_css[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\css[1].css
Size	1016.0B
Type	ASCII text
MD5	`7bf73fd295afe35766eba38af0c4385a`
SHA1	`b44b27028d782c98986e081718072c4f14aaf3c2`
SHA256	`99299e9970cbf71caa5a5a5cf42366544187491ab3420c7ac5155379dec85a8e`
CRC32	`DF12959F`
ssdeep	`24:5MOYNo8EOzvMOYso8cKMOYUTodp/cMOYN7ovmP:SOWo8EPOLo8cBOxTod1OCovmP`
Yara	None matched
VirusTotal	Search for analysis

Name	6f2b80a4711b64b2_zu95nkxkdjdidswnghuaj8u8.exe Submit file
Filepath	C:\Users\test22\AppData\Local\zU95NkXKdJdIDSwnGhuAJ8U8.exe
Size	2.6MB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`598bcf7d8eeb46011593bb6729e142f8`
SHA1	`47ff1ed9d82607be3141b1ef56e84e659269bb21`
SHA256	`6f2b80a4711b64b2601f70286cb1d97bd7f79ff3676ee7872a032eca9728abc9`
CRC32	`7533F93C`
ssdeep	`49152:OJ33Y9YXyyUVYyCa0iNyXmAZ4z56BrWV8AZmG27DPHE8eAZzmLQyzGR/yQ41XAuv:a0YXyy9WGX496BNAAG27DvE8e08zGNyb`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	e062ebd6625912b6_7ZG.EXE-0F8C4081.pf Submit file
Filepath	C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
Size	121.1KB
Type	data
MD5	`9e8b7b467a8e5a7871b29065798196f5`
SHA1	`194049397a544d1177da74c60ba9b9b77fe7c3b8`
SHA256	`e062ebd6625912b6bca7bba07efd380653fc63ca78b67c4d0d6634eeb3ef438d`
CRC32	`67FB3646`
ssdeep	`1536:23/xRiNTsrjzqq7WjTJN9zc0W9dSbf1Un4PJear90CcAh6nkhGDA9SvcJ+rYFq3d:2OuMVH4SG4RvAhYor`
Yara	None matched
VirusTotal	Search for analysis

Name	72645cb08a9d89ee_mickeyclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MickeyClock.png
Size	97.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 246 x 247, 8-bit/color RGB, interlaced
MD5	`268519ba3d99bb1a48fc6a044eb1984c`
SHA1	`d5dbf25990d0d4b7254c31690569b76c7c6a95c0`
SHA256	`72645cb08a9d89ee34896521dff7cdd0ac79536c72296949d393a483d37b2cdc`
CRC32	`FDCFB259`
ssdeep	`1536:assTzTBUqQ3hK+9T/7NSOM0t5U7mn89Rby4MDS2NK3J9TvU68z/sa6xlcEyEPvTd:a3tUqKNSOMCDKbW+gU/xPvY1TRSa0`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d0933292c751f162_ipsec[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ipsec[1].htm
Size	18.0B
Type	ASCII text
MD5	`789a24f4dd4876faa12bfaf925570e74`
SHA1	`d7e9c86b8b59a52bbf5350aa7796d7d56af8e3b5`
SHA256	`d0933292c751f1624771bfdc13416bd7be352099b5698d7e09ade6d22270bc46`
CRC32	`35ED197A`
ssdeep	`3:9uuMxevn:9uxYv`
Yara	None matched
VirusTotal	Search for analysis

Name	08ecbb835a9061d8_earth.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\earth.png
Size	56.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 186 x 186, 8-bit/color RGBA, non-interlaced
MD5	`4aaff353a088e9b576d7439092b1dcf5`
SHA1	`ca044a1e5967d3cd2f9bb9f836b9866cd4cec0ef`
SHA256	`08ecbb835a9061d88a2b4e8955194f7a924a951d68c9c94f587a3e2ad6e6d707`
CRC32	`EC8F4F02`
ssdeep	`1536:iJ+ytG7+qh+bLgR52aFR/mizDX/xwE4pr9:C+ytG7J2LY52C7X5wn9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	82ab2915f0c86cbd_Checker.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Checker.dll
Size	41.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f523a939094cc8681a3636db2c8ff809`
SHA1	`608d175fa2c86b724f8137fead60aca3fc364265`
SHA256	`82ab2915f0c86cbdc4acc8ce4efd85af374b19d0d9f5c06006b20ba7bff56383`
CRC32	`D6EB90FD`
ssdeep	`768:FNZoBQfjXtKahyIXlQWBh/GxHxn2hEDVyx1jZvG9FN:FNZwApK0XlLYd9oM9L`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	2a54a029b2785f4f_dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548_000_vcRuntimeMinimum_x64.log
Size	173.2KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
MD5	`529ced16baa234b9f443ba179d49e4f8`
SHA1	`39402cede6338e4d8b248f0ef3912562e6cfb307`
SHA256	`2a54a029b2785f4f2ba09a4a3b16c077e03fe76d12f1f20e088adf6c22b58663`
CRC32	`5C6084EC`
ssdeep	`1536:ZN3wvEaike9D6MtPDJ6N+fI1pumZXPHde8sUyc8/ivoKqZyRflhwsch7m3+EfOPl:ZM5jcOhhhhhcaDyDWjk84n`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d951bb6d6d6ff4d0_mclkhrhand.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MClkhrHand.hpng
Size	4.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 82 x 29, 8-bit/color RGB, interlaced
MD5	`1807d18c930d5b762c02dfa33439d019`
SHA1	`7f542e821a9c6f7af1a1b7120c4fff8dc29e6fbd`
SHA256	`d951bb6d6d6ff4d0b15e3b9c803bb51c8eb10ce976517a7dc97f8636c7e24eec`
CRC32	`5DFD6947`
ssdeep	`96:E6/uudQD0HcoVjwpVP8mJtJRIyi1vjnwMC1DyaebT1arybARHyAgWp:EYdd7VjwpBnnIyWvjnp4+a+T1arQAdyY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c52b5891992a026c_MSIdfbe6.LOG Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MSIdfbe6.LOG
Size	259.4KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5	`fb1c239fbda65191b6678291783831d8`
SHA1	`4c97b36d0aed9bd7bcb51491aa5fd38c2840d899`
SHA256	`c52b5891992a026c256adef957d7b0f6e6f9da70ab461abeaa45cf07ad63f813`
CRC32	`E61F7F84`
ssdeep	`1536:x+VnYPr/n3z5PkZCofB7I4ecP0xKCl2mK7TLpW7hfmr1haiTGvZ3BN+Xk2Owwg7Y:1hjxfEiRhLF`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	5dbc2bf056da5918_CMD.EXE-AC113AA8.pf Submit file
Filepath	C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
Size	18.9KB
Type	data
MD5	`bd274632df7a9281bad81a6c8fb78140`
SHA1	`4fcadc3e3603880d7dd67e01e5c5db4e0ccea9ba`
SHA256	`5dbc2bf056da5918e2373d80619b00d4c1b858c1c7b469cf79b090e1b3d2f635`
CRC32	`E3519103`
ssdeep	`384:mRmk/CoEi9K5/ErF17Q4mKv3Vr4v/0Ap4W6BQbmo/+weGm8X:mMKCRkKy3mPv/EWOfweGm8X`
Yara	None matched
VirusTotal	Search for analysis

Name	bd9df047d51943ac_192_168_3_119[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\192_168_3_119[1].htm
Size	178.0B
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`cd2e0e43980a00fb6a2742d3afd803b8`
SHA1	`81ffbd1712afe8cdf138b570c0fc9934742c33c1`
SHA256	`bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d`
CRC32	`0296DA05`
ssdeep	`3:qVoB3tUROGclXqyvXboAc9FKEIHiHby4AqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiWHiHuwWSU6XlI5LP8IpfB`
Yara	None matched
VirusTotal	Search for analysis

Name	f4fad2f41abb996d_verde.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Verde.png
Size	23.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`6695a6e6d1a860bef4e6b14dd3a40b22`
SHA1	`184d69e9c87fb39ab70a03e7834a416465f7c46d`
SHA256	`f4fad2f41abb996d7f8f149082ee0ac56e9960748fbb587e50a93432504790b0`
CRC32	`4B196949`
ssdeep	`384:wKtpFYgTIAbgpMWf7/uBGdxNE8OWzMQs8gwYG0F8LsI2u4QV14dAlsoRp4OhX9VX:7n3z2jYw4WzPs8gX7COFOl3`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c414f47c2916c6a4_AgGlGlobalHistory.db Submit file
Filepath	C:\Windows\Prefetch\AgGlGlobalHistory.db
Size	3.5MB
Type	data
MD5	`79d6975ceddb16ce1b9b92c00e9fec92`
SHA1	`58d32c27064d33d26cdbfcfca2e8208d63099450`
SHA256	`c414f47c2916c6a4151f53e3190f6431386e76196ff21a31ca7a13d844ce5f32`
CRC32	`A9D00CC8`
ssdeep	`98304:M/KI0VVK8QKFrD2tQTixuMmqytVf9PPrNghPH:9I0rZ2tgi0MaVf9sH`
Yara	None matched
VirusTotal	Search for analysis

Name	7da15b7c64292b1f_alarme.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\alarme.png
Size	94.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 218 x 273, 8-bit/color RGBA, interlaced
MD5	`1138a4be4bb0fa2728e3d6dfe1c6b2e4`
SHA1	`1001a4d64d36486fad7e5acddd4f458829fc435d`
SHA256	`7da15b7c64292b1fe73983085a174669892a93d3cf344a613ebee8c33687898a`
CRC32	`307A7180`
ssdeep	`1536:OrUAxUUOq+08PZwDmJr9EfkFF8mYIDMvGZKfCg+kRTdIeKr86G0Ktu3O2UQ2s:P4wZwDsr9Efkv1xwGIfj+kR0r8LJQZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3833ddd6f28ae19e_Microsoft .NET Framework 4.5 KOR Language Pack Setup_20200715_141443571.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Microsoft .NET Framework 4.5 KOR Language Pack Setup_20200715_141443571.html
Size	225.3KB
Type	HTML document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`973a721bb5a4a2c93095c11d737ac95a`
SHA1	`9a04e5f961d20b65be5f783972d5211d6e447d41`
SHA256	`3833ddd6f28ae19e363dc316c9944a1bb1c721d1b860ed31d80d70e53f699522`
CRC32	`3EA68EBB`
ssdeep	`3072:fdsWTr+WUxpvYQFP/QyQd9mhU85wUqz7zl:k9/QyQd9my85wUqz7zl`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	75c6de781f983aaa_citizen.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Citizen.ini
Size	922.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`80c7b322338d51e96594de91a5e3c603`
SHA1	`d1e2f5689e71e04c2a90e0fe44882cae67ab4ac1`
SHA256	`75c6de781f983aaa2a4f2bb7315bdd1314c6c3f052435dd378aa0d1f8c0b0ccf`
CRC32	`1B00CA09`
ssdeep	`24:BEurKluCXTzqr1sRHkLKOLgGLXoIdKghi0uSdUjn:B9K8VPkGUB+UT`
Yara	None matched
VirusTotal	Search for analysis

Name	b653c83ccb4b6026_octopye2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Octopye2.png
Size	24.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`e6b20aa4b1d6b2a0c678d9194d042be9`
SHA1	`106ceba43cd660d22367d54d40f82d000fdfc706`
SHA256	`b653c83ccb4b6026bc10fcc2e110bb7c37869b95722187d576d6710810f4ca88`
CRC32	`01C46DDA`
ssdeep	`384:PXE05mYZsf551uyWvNZ+ZM696UTYvUiRqYud3OKaLBlkBnsUA0Z6jX/wB:f35ZZk9uDvNEKdUTYvUmMiUMjYB`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	099e2d25a3bcbba9_universalaccess.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\UniversalAccess.png
Size	27.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`506f6336897626bd9835e476684e6add`
SHA1	`3c61fe92e21aca5079397899d3f28e8658ee92c5`
SHA256	`099e2d25a3bcbba998b4ced1d927c975267f129bca18865c41dbbc111428b6a7`
CRC32	`D9EF5AA5`
ssdeep	`768:OEJ3pClk2uBpQvaJU13kpxmAKL53BT//5UfMOYAIy:OEJ3ckjBpzmAmJD4Nb`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	290ae127760f1f4b_Trace4.fx Submit file
Filepath	C:\Windows\Prefetch\ReadyBoot\Trace4.fx
Size	1.5MB
Type	data
MD5	`b338527b2cee345d4e96848cb2cf28db`
SHA1	`74eec161c97558da359ae42c4fbe199476330cea`
SHA256	`290ae127760f1f4b9128b1f7687a1ff42aca1ea6b20e12a9307071ccd659d0da`
CRC32	`2144DF1C`
ssdeep	`6144:SelO0ldShz/2xnIowtpKnjhGe6vkR3etEDMorb5NjSoWn0KkBkxbD1P5wEd9kUWf:SelOgQKqcKCEab7njBwbUEdAHOUx`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	1de95bc6957afb9b_roman2hour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\roman2\roman2hour.png
Size	2.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 70 x 17, 8-bit/color RGBA, interlaced
MD5	`c0086565894cb169bcc489833502b612`
SHA1	`b188d83ffd2bb7418e96678aebf3f0ffd68c581d`
SHA256	`1de95bc6957afb9b2906c37235c62a9b6ccf09b1c7a3580dbf18cc2877fa08e3`
CRC32	`97F9A976`
ssdeep	`48:WkrslCkP6Xi1YjEY8Dy1H05LdkKCMmXlpnXqz5yymUwKROk6D58GrQFfddu0:VrkCG1OEY8Dy1SiKxmVpXM5rJk/5vrQ1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3266fc18a2c5f36f_MMC.EXE-561C5A40.pf Submit file
Filepath	C:\Windows\Prefetch\MMC.EXE-561C5A40.pf
Size	172.6KB
Type	data
MD5	`0e1d62e7b64fbf9692cc02c4e5250505`
SHA1	`9c07060d94f632ffea73daa136741767d8ab90ea`
SHA256	`3266fc18a2c5f36fd4b8e9e130f839e84646ce9a8de5cb495c3e93eaec854512`
CRC32	`1C515FA6`
ssdeep	`1536:LR4BybXWonbQmpdPPKa+AyermVxQJPu7pu7AnNrCrZkHmWJmkiHbMtV+SS1IKPoC:p6dGWvmtB6V8ZpQ/3Q`
Yara	None matched
VirusTotal	Search for analysis

Name	5f91b8f29d030c8a_MSPAINT.EXE-76E10B24.pf Submit file
Filepath	C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf
Size	65.3KB
Type	data
MD5	`3a8b58b82eb955deb8a3dcfb1dfae1e3`
SHA1	`8dcb217da7a9373149cd7ef6b49cdc7c441d7953`
SHA256	`5f91b8f29d030c8a95a8f3d911548c531734c7bfb7da49a607d28df6e0b9f384`
CRC32	`FDF4D485`
ssdeep	`1536:nCwal+nVwsOCyRsalEWexHW7VaAO1Wgua/xQKF6alyNIrAjLjL3L:pQ2wyMEIpzLKFlIZ`
Yara	None matched
VirusTotal	Search for analysis

Name	4e4899431ff2790d_OSETUPUI.DLL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUPUI.DLL
Size	132.9KB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`f9b179a021d953313d64be941327a45f`
SHA1	`746f72f9158b320f6b912a92c30049d6430b3706`
SHA256	`4e4899431ff2790db0e4712766cf50961e5535eec788dfeba47c2d67f95af519`
CRC32	`F4BBDD35`
ssdeep	`3072:wuBd4VVzdAFbCKAC5ACoAXMQCnQCpCmRCYCNCMCVOGiHClCvCuCtCXC9CCC/C7Cc:FqVzdAdCKAC5ACoAXMQCnQCpCmRCYCNm`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d08bb435160f3021_dsx4.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DSX4.BMP
Size	86.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 172 x 172 x 24
MD5	`858779477d2cd597f1a2b379f25f2393`
SHA1	`0639e3c09e3007b2b81e07a7f1fedd80c340f325`
SHA256	`d08bb435160f30217ff90d2586e6178a5927787a453ca2b5b9f1f45f4d548d1f`
CRC32	`A76EE3C2`
ssdeep	`192:zcQE3KmYlXNZqpg7fGMGXGk+z19sLtNfcCuzE73qAWxmmXbDyio52j8USDPsA:GKTXNsC7fGMGMzKcCFqLxDDyiOPUSrsA`
Yara	bmp_file_format - bmp file format Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	883021939d48bf1e_fwtsqmfile02.sqm Submit file
Filepath	c:\Windows\Temp\fwtsqmfile02.sqm
Size	140.0B
Type	data
MD5	`654d337c02207d792a2c9dfa62de137d`
SHA1	`13e70a2b4fdba5838714f25bcddb90f946b36920`
SHA256	`883021939d48bf1e843b8a7cd04c74e33465ac1daba582e7f2a2c8b859058f8d`
CRC32	`9C76F14A`
ssdeep	`3:Hl1li9Qll+llltL3RFonTqZrHVgLAEp2iQdl5llll:F2Qm/7MqVHVgLAA2B5//`
Yara	None matched
VirusTotal	Search for analysis

Name	54efa1317f80dae7_original.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\ORIGINAL.INI
Size	947.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3ff821f0959312f31cd380d311b2e690`
SHA1	`a0153085828ff32d7020d35330e37336191f5c69`
SHA256	`54efa1317f80dae7326e9fff03d5aa7beefed3b1f10eb5cc2e2349ef3e362baa`
CRC32	`0BCBBA45`
ssdeep	`24:BE8rm5b9VTORXFBP1rfjkpWCGm8Oi5Zri:BT0AFNuMCGmIZO`
Yara	None matched
VirusTotal	Search for analysis

Name	c2a189d25b3591e3_nvidia2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Nvidia2.png
Size	37.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
MD5	`3f7a7f9ac3acb81a6ef1566c8abdea93`
SHA1	`63a3aa6dc8709bee66bc947ca44246457d18a146`
SHA256	`c2a189d25b3591e3f12e2da6d4d7d05b2c04588a15a0803fe1e66eb7bc460956`
CRC32	`BBF59ACD`
ssdeep	`768:YIygzjK57ldtn9T5V8/P6aUDIe2YpbZIflcVnhyEKUfa6:YIyl5719TQ/SEYpCchyRUfa6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2f7ac68d51c52c33_afrikaans.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Afrikaans.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`7f8d637f9ab63dc4120c6439b19710da`
SHA1	`38460cdd6c2ebb49fa2e49c6397aaff369697351`
SHA256	`2f7ac68d51c52c33d8186123bd0b7f8a2087ec5e5b3c5bd16fd844aa220774fb`
CRC32	`BBADDC63`
ssdeep	`48:YcosbKhFY9+dx0nCQIjGZfZfUnteSos+go5XboJ1oqcBI9zwqbkl9oKRvpgdTv:Gnx0n2jUqeRd5XsPNZbadvmdTv`
Yara	None matched
VirusTotal	Search for analysis

Name	f60297bec0df27a9_01.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\01.ps1
Size	2.8MB
Type	ASCII text, with very long lines, with no line terminators
MD5	`32e21644ece38047ecec2d2a0e473e0c`
SHA1	`f03e21ed3bc0cf51eb4c8dde9bf2230a021223b2`
SHA256	`f60297bec0df27a931e75b1f190803e596519c5f652a61b4c65fcc43a108133f`
CRC32	`194CB9B8`
ssdeep	`49152:Ms0/bDYZ5zCVUPAHgPxCUW1/x+XVrOoEVXZz947:9`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	77755e9a69c7365f_RUNDLL32.EXE-87432CEE.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-87432CEE.pf
Size	32.0KB
Type	data
MD5	`73ae0108f7364a6c5dcc43b370c59b30`
SHA1	`681b16185360e96ae37ef20cfe66763e04bb89eb`
SHA256	`77755e9a69c7365f674a8fcd241659d59e85084c43fb3e1f57ccb70396a7a094`
CRC32	`1916B1D1`
ssdeep	`768:jLTMmp2wOGYpar2LjPdjw//W+6nbGmiF21VsbkK2W1zB:j/Mm2LGYpayLjPxOW+6nuF21mb71zB`
Yara	None matched
VirusTotal	Search for analysis

Name	e5d04935496995ca_WMIADAP.EXE-F8DFDFA2.pf Submit file
Filepath	C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
Size	20.4KB
Type	data
MD5	`686afe98b784f2e1e8745849ffe993a0`
SHA1	`4a4bcda3a34e7d68f43e2874c9abfa5a1cba08d4`
SHA256	`e5d04935496995caf88aaf3aa41afb482ceb2aabb591d1326c9e660125eac4b5`
CRC32	`379139E1`
ssdeep	`384:ZVNAt6DbZfKgOsX07u75yfcHBPv1Wv+Xbm8ixmlt8sLTvouAK:ZXgWin7K5yE5v1Q8bm8kPsXJ`
Yara	None matched
VirusTotal	Search for analysis

Name	e2f27919c16e7593_TS_7FC6.tmp Submit file
Filepath	c:\Windows\Temp\TS_7FC6.tmp
Size	176.0KB
Type	data
MD5	`05765d37592d6e5578a23b209a7cecfe`
SHA1	`fa96c2b9b3d11ae949dbb9266ec41892f74207c5`
SHA256	`e2f27919c16e7593b51257ce61cec4f4b28c1d44e0ece622c2ac722bb4e3c0fe`
CRC32	`DCB024EB`
ssdeep	`768:FPXJQvcoNZboXWCDjgO+DBvj9qkymSxxuZS/eqVQbPVd8xOdP+5RX4REM240CeEw:FRQT1EeTNxIWT90P`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	1816477932cf6e7d_AgGlFaultHistory.db Submit file
Filepath	C:\Windows\Prefetch\AgGlFaultHistory.db
Size	1.1MB
Type	data
MD5	`086aa3ee3426cb300e3e4d009b35bc0f`
SHA1	`d77358082d9bd741b7e98d3310ffa07f86aa7fa9`
SHA256	`1816477932cf6e7d2405879e6133159b0178201be7c6dee6f35d9bd968ea675c`
CRC32	`A4BA79A9`
ssdeep	`24576:aB+bDZc77UPpyuCeEwO0TPEKTLWzZP5/SCsjFobgfrc2OKYXnjgGpFfU:ztc7oClwO0TcOmBLsjOEuzRP8`
Yara	None matched
VirusTotal	Search for analysis

Name	a04c33d7c5aa98f3_favicon[1].ico Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\favicon[1].ico
Size	6.4KB
Type	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
MD5	`9391620020d44c78b0dc51abbcd151a0`
SHA1	`8f22f15342a0c648631d2b3ea32cfdd9a26b4137`
SHA256	`a04c33d7c5aa98f3ba82edc2aa05c46c2af0c9c90d8617a92bca3a4f0fd3af8f`
CRC32	`549D2AB5`
ssdeep	`48:GQV+uEwNEDgr7DbFbSj8pPmApvl/oCSadCyMJE:9FPNEDgr7peKfvl/oCsyMJE`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	19fc573a1a0ff4a1_MSCORSVW.EXE-90526FAC.pf Submit file
Filepath	C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
Size	51.7KB
Type	data
MD5	`0609d6337ef1a36fc0d1e2794e9a9d1d`
SHA1	`04c730c9a7980bc61d566dbc16f8f8924e8a5004`
SHA256	`19fc573a1a0ff4a1abf3c42cd4ce3af590fe437ca2af799f8c9e4b7db80bd8c1`
CRC32	`0794A2E6`
ssdeep	`1536:0B4YUvp/oTUSsKMUHH8nR0e9KH4vevr5l:uUvI38Rzu4KD`
Yara	None matched
VirusTotal	Search for analysis

Name	18eba479b0202862_MSIMGSIZ.DAT Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
Size	16.0KB
Type	data
MD5	`43dcd5d40c4ab8d46b5c18f0d3369ca6`
SHA1	`fd65a8a763734be9843f4fa8c70e6eb2cd73a6a2`
SHA256	`18eba479b0202862d767c40ad68daacc25bf813f77a81d0699edf9ab05ba93bc`
CRC32	`22723891`
ssdeep	`24:39XD2Pa0MNRJoVgTu4EocHs6jqD//1GcEZD9Qawn6lzk+X0fNxguZ:398Sbn5VFEZWngQC8N`
Yara	None matched
VirusTotal	Search for analysis

Name	9c9d29270d4ad054_isink.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iSink.png
Size	15.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`b932f8103eddbd166081d7e308135926`
SHA1	`92f0ff8b1b5b14f0e034cd91f27160e813874d9c`
SHA256	`9c9d29270d4ad054d858d04d10300a5705b074298f77de67dc93eb4c2c41fb19`
CRC32	`1DB4D0DF`
ssdeep	`384:5LaVln1o68AttjFEJ5w0t/4aCOr7fl5gehzqURT5u6ECv:+O69/g5nlQOr7fl55RT5uJCv`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	06a1292ff82c497e_milkclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MilkClock.png
Size	20.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`47f1370d7ff57b3fbb2279bedb6b8aab`
SHA1	`4918369db575b65c1fc5429e4bdfb56b1318ef71`
SHA256	`06a1292ff82c497e9238734aef77c2f953371d5910a3af93289f6c2820508428`
CRC32	`09609F0A`
ssdeep	`384:5vztSCNV9xlvtlOzk3VB0/V+aWs9AGCexm2gRLfInmwzGCmTi5cUuYR00QQK1E50:TNV9vVlOu/0/7ZAGCexmdRLgmwzOikYm`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f254a8d5f35978d2_keys_js5[3].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[3].htm
Size	1.0KB
Type	ASCII text
MD5	`3817e012d3a11ee70fb3ba022b3f05b4`
SHA1	`7f8219fc154509080ec459134893c56268881629`
SHA256	`f254a8d5f35978d26c65f54641c9a0fbedf230f57713a9bdd7f1c062f7fe54ab`
CRC32	`28C2B345`
ssdeep	`24:avgE2xVRy3x/dxKXjbXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:aSeBdxK/XDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	762fbf5abf88a44a_r09kr5er53bkbiz8s4wdhscp.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\R09kR5er53bKBiz8S4wdhScp.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`acc6952a56d7f538cd8d6a3b45b51f28`
SHA1	`9534680d54f648fa276e229c138a203bd835d1f5`
SHA256	`762fbf5abf88a44a53b1e46c27ffbed4827d6aba3d931ae9f59d8342057a3a6b`
CRC32	`648636DB`
ssdeep	`3:Ljn9m1mWxpcL4E2J5CK3f2cMkm:fE1mQpcLJ23CKP75m`
Yara	None matched
VirusTotal	Search for analysis

Name	45f75b2eb209aa69_itoolsclock2.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iToolsClock2.bmp
Size	36.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 112 x 112 x 24
MD5	`4599b6d452f4fef6bbb533a2e12cab3b`
SHA1	`9e53546f69f1832c33faa52cb59154b131991132`
SHA256	`45f75b2eb209aa69fcd83d5945a6ec408dbaa6b63f2ee11440da2e86153a0ed3`
CRC32	`553DE7F5`
ssdeep	`768:/88JTLJqN2AzWf7NhGQYqLhswFrfs6YmUicXZ66gNrHTWOjV:/8g8sAzWf7N4NEtZfgXz06MHTJ5`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	68cec96a771fdebd_keys_js5[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[1].htm
Size	1.0KB
Type	ASCII text
MD5	`79636a24650f52629d63a2fce7006d3e`
SHA1	`4a95c44fa3471f3282025ef7e6914ace123d69d6`
SHA256	`68cec96a771fdebd225067a72f13515f5103a558c72ccc5980b844ba474d9a3f`
CRC32	`4E81438E`
ssdeep	`24:0mGpRmgoJX6RPDaebXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:g0goJX6R+YXDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	76d5e260267cf43a_MSIEXEC.EXE-E09A077A.pf Submit file
Filepath	C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf
Size	101.1KB
Type	data
MD5	`e3af18f268dbdbd01172af6e08d270ce`
SHA1	`0b158ef033a8738eb45973eefdd9dc14b2e30b26`
SHA256	`76d5e260267cf43ab10b3c5997eddae87ac158f865007e5f4f1c4d0c5059a541`
CRC32	`04D311A3`
ssdeep	`1536:g6oeZOV6U6QkqqfcOzMXKg4xq73H7Dfq10W9:gpgUS0/`
Yara	None matched
VirusTotal	Search for analysis

Name	1e2467ea0bc4a8dc_metalluhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Metalluhr.png
Size	15.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`b7d40312c4d52be2dcdf3b26e28c4225`
SHA1	`694a2a386bc5ae7627eb643c16141c826862ba5a`
SHA256	`1e2467ea0bc4a8dc323a6b61f82165a6a52af8d12245b7b7441ff7c8e4d40ecd`
CRC32	`897953E0`
ssdeep	`384:/Uyi6ZuPdB7WF2ZylcQ25aSjZk9yeXi+FAvblFmLo0h6aGZRKdhVHeAnlF:/+6ZulBISIlyYKzmLD4aGDKrEAnj`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2a886e80f321a013_W32TM.EXE-1101AF41.pf Submit file
Filepath	C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
Size	15.1KB
Type	data
MD5	`7a328836d3019586f108e4314d40e6ba`
SHA1	`1e1b89adfab60743dcd5bd0c7590fad8cbb0f058`
SHA256	`2a886e80f321a0136f017c3e33be8563d08d359d26c62b285941d0448ed7736d`
CRC32	`500F3428`
ssdeep	`192:amzXMWhkATIQ9ezcxCzbw8SL3gFcplqoRMvaltgsNalinMSCwLDocMs7q0yhrwNX:amL1hTTxHKXwLiSLFPpyWZI0CswbE`
Yara	None matched
VirusTotal	Search for analysis

Name	f8e75dd3767452a3_EXPLORER.EXE-254441E9.pf Submit file
Filepath	C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf
Size	26.1KB
Type	data
MD5	`6aeaefd367186ad660e134e9d0295ca3`
SHA1	`2eb737a6831018081d88e56df1b428d7662b13c9`
SHA256	`f8e75dd3767452a3d26ecffe5c1b9829dcc733a910a7d3bbf3751d2a0c291ba7`
CRC32	`11008BF2`
ssdeep	`768:YDgWC/wfSlvuRhdIl0Ned4HrSGmgaPGWJu:U3C/wfavuRhdKKK4H/abJu`
Yara	None matched
VirusTotal	Search for analysis

Name	a2ff9dd96588883f_DLLHOST.EXE-97F6A314.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-97F6A314.pf
Size	61.8KB
Type	data
MD5	`f9a643b3eeb1681019ded7008a88f194`
SHA1	`ad0c8b8a999ee0338352856520353ca7d7729aed`
SHA256	`a2ff9dd96588883ff34ebde01206f60ce3b1b8d6ddaebf9589906ae0ffa28010`
CRC32	`2E7E4132`
ssdeep	`1536:rCkDr/ewQ5FTClF0wEtCKrp7BCgeWswk+X:xue3j4`
Yara	None matched
VirusTotal	Search for analysis

Name	ab0f4d2a665aac30_uakgev2jfr2r8dtrjcfdgucz.exe Submit file
Filepath	C:\Users\test22\AppData\Local\uakGeV2JFr2R8DTRJcfdguCZ.exe
Size	4.2MB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`26b88788db74e79483aaf7454cef3564`
SHA1	`8140afa6d90e4f579e376e9bb8b6b2e877e3e480`
SHA256	`ab0f4d2a665aac3010d44ed1c5faa3707f0c19c42d8ce0651f5d688e4026302c`
CRC32	`B132407A`
ssdeep	`98304:B5zfigP4O7QuAmWAQFPQF72E7kTWVaTt14mwplkya:bqgP4O7bAm6QF79AbTt14mElg`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	296ef4e1954cbc9b_RUNDLL32.EXE-EFAA3491.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-EFAA3491.pf
Size	88.2KB
Type	data
MD5	`c9e5e869e15f3d6ad771301b3ee59dc2`
SHA1	`73a3e4630d68baa5a601d5761c97c91e106c474e`
SHA256	`296ef4e1954cbc9b5554da79f7d0200aced3759e33ed0cd4c9521ba32e8ec04d`
CRC32	`F2BD44A0`
ssdeep	`1536:bFvH3lS4+ACS5wdmRTChNRHf1+81o0UoWDP0d+zb/xXQFPw1qA/01zN:bRGAC+z83lLSPSS/xAF+q`
Yara	None matched
VirusTotal	Search for analysis

Name	58af54ca0c7c35a4_PrinterSetup.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\PrinterSetup.log
Size	1.1KB
Type	ISO-8859 text, with CRLF, CR line terminators
MD5	`271629f774a27962e919e271d08c0cf5`
SHA1	`38e4b3216f141e4a85a31dc9cff5953c9a33ea59`
SHA256	`58af54ca0c7c35a446c0dbfaec8d06e90f1c4bbff62c14bf278bfbabc43ae06b`
CRC32	`A55C4010`
ssdeep	`24:L9dY/mYz8YjYzxzw7iB3Yz+jB8g9Ez98g9er8g3291n1TEp8gwZB8gpu:L9W+Yz8uYzxYg3Yzgmge2gIIgmxEOgwy`
Yara	None matched
VirusTotal	Search for analysis

Name	efbe9b6066b97ac8_IMKRMIG.EXE-926D9918.pf Submit file
Filepath	C:\Windows\Prefetch\IMKRMIG.EXE-926D9918.pf
Size	12.7KB
Type	data
MD5	`d770b8f9d26078ce09398d608ae8dac4`
SHA1	`1f0c04d05be66b1c2b2e429774b07fe280916e50`
SHA256	`efbe9b6066b97ac8f31b4b28a4252e358393a87d751e416abfb3eebde6f2b05e`
CRC32	`1134387B`
ssdeep	`192:86SJHJNY1laN+P3Hsft1gDcuKFYAOR6iNNHRpEg+IcGm9dUeG:87G1lay3crPLqzDNHjEHRGmw`
Yara	None matched
VirusTotal	Search for analysis

Name	4764809159e4fd2d_romanian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Romanian.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`928a5c47953af408531cd2dc2ac8584e`
SHA1	`e27a61af8b8fe4b22b13ce948cbbd80e55a6af76`
SHA256	`4764809159e4fd2d9f0ed0e7f6d44a388c97bdcd6c2631d152dc871e29245ebf`
CRC32	`BB6B2B3A`
ssdeep	`48:9CsmPKCGCvGCtQCVlJupQnCY+hALpZ4AjrNGycLek18fwwV3MuZsCHYQ2r:9OPKjuGEQ2JqQnCYOErNGtLekKIwV3TW`
Yara	None matched
VirusTotal	Search for analysis

Name	956f79e369468779_mpam-c4a3e9a0.exe Submit file
Filepath	c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-c4a3e9a0.exe
Size	20.7MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`2ddadaf647737b570bc0074551a1e67d`
SHA1	`e906de6efd0c5071da92e1409bc30018d92a0fbf`
SHA256	`956f79e369468779e5edcbc87476585b75d7423b836a236b3cc605b4c289f19d`
CRC32	`AA210B48`
ssdeep	`393216:GixEJZo3j6YbVEuRPD77TWi+IkpBDDuM7wjP9OmnPj6aKUMNRkvNtJgE:GqKoGYbGul77HJEBDDuDPTnP3MDkvNbx`
Yara	Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) CAB_file_format - CAB archive file UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	b7cd2c45291c1912_adler.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Adler.png
Size	54.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced
MD5	`0429009042c10c55baa8a1399e50439a`
SHA1	`3e1290ede1d59d407747b2549e5e377ce1ebef2d`
SHA256	`b7cd2c45291c1912745bfbab53d09deb7807f5d7343bdd258a44d47b9b1bc9d8`
CRC32	`A0D15E7E`
ssdeep	`768:AvEl7OYQJBlmbnzl7WWsHp8Oi4rdq3mQYomnVb6kanEpHVjaBqUXz:xYmbzoWACO1rd7QYoeWERsz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2b008b4b55722c98_MSIEXEC.EXE-A2D55CB6.pf Submit file
Filepath	C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf
Size	141.6KB
Type	data
MD5	`3c91e488ca67a31adb01d9f04a6f290f`
SHA1	`45608a9404fb613b038abc5de271a76a6ed9a398`
SHA256	`2b008b4b55722c9878552aba99a0bb2e8d21be55f36c88a52028e084d0039de9`
CRC32	`E1847342`
ssdeep	`1536:+5Y/BGYH4vs+1YszHv1TFPHz4Iy/aZdlACeTw2nJGpm3oRJAtJ4dWC5DQ6cYLoD9:DHS59FTWjt3H+N/`
Yara	None matched
VirusTotal	Search for analysis

Name	10fe1d7788d9a779_dnserror[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\dnserror[1]
Size	5.8KB
Type	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`67bbf4af23868b17115e91fc0f35b5d9`
SHA1	`f43e2691fa1d733fdfc6dc7c280a659af3bc8dc2`
SHA256	`10fe1d7788d9a779bcaaeb53f879c6254425e4b64a84b24bbbc099cd7be99058`
CRC32	`099D8EAD`
ssdeep	`48:uqUPsV4VWBXvXS4nZ1a5TI7HW/Tu21kpd87KZA9f+upbthDb6Xuzut7Cih0:uOpiEQKHT272axfnRzkh0`
Yara	None matched
VirusTotal	Search for analysis

Name	4ae708280430ceb8_MOBSYNC.EXE-C5E2284F.pf Submit file
Filepath	C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf
Size	44.0KB
Type	data
MD5	`62bd1321ae0d77d9b57942880cf2e097`
SHA1	`1f1e138424393d13449a6e0b6a6676de05e55785`
SHA256	`4ae708280430ceb8dc69246c6c2a95768d94c8ba149badd9bbe5f228a4e46ac8`
CRC32	`86F25550`
ssdeep	`768:rfFHBoTv9LOfdFX+1s5UJIugGKdlKRZHEnAohE4ZsT6m:rfr8lLOfdFO1s5+IugGklKRZknAohpMp`
Yara	None matched
VirusTotal	Search for analysis

Name	a2495ef36c149342_MpCmdRun.log Submit file
Filepath	c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log
Size	21.7KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`b23d002c86f616b939e0cfcae2155f07`
SHA1	`197fc6ea2fd5b528429747c29edc9533d91fdf31`
SHA256	`a2495ef36c149342b759479e5bbfaad88b6ca3a1c3b717a63e1dabb9e2bece58`
CRC32	`D2BDA0CE`
ssdeep	`96:8wmxrt2Awmse4JjDYVb9QZWLOaQglAzDtwmexjVzDswmDZ20j6YVnZnTjlYVnbal:ZmxMmRUQF4SmaJmDeU4m4hE5m4KQbh`
Yara	None matched
VirusTotal	Search for analysis

Name	6b6de0d4db7876d1_jquery-2.2.3.min[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\jquery-2.2.3.min[1].js
Size	83.7KB
Type	ASCII text, with very long lines
MD5	`33cabfa15c1060aaa3d207c653afb1ee`
SHA1	`e3dbb65f2b541d842b50d37304b0102a2d5f2387`
SHA256	`6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a`
CRC32	`2B45973C`
ssdeep	`1536:MYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOi79xfWBZ+Bjda4w9W3qG9a986:n4J+OlfOM9xrCW6G9a98Hr2`
Yara	None matched
VirusTotal	Search for analysis

Name	f7224d50b6c667d9_REGSVR32.EXE-D5170E12.pf Submit file
Filepath	C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf
Size	26.7KB
Type	data
MD5	`cdda8a832f6a1f8d7fa47f1686a71ea3`
SHA1	`12dfe474b405901a210ecbe77f6d3ce445b56047`
SHA256	`f7224d50b6c667d99caff483a91f54c9f3ea30c174b424b09a80aaa49ab1f555`
CRC32	`639394F6`
ssdeep	`768:MwDdC1XjF31UYdpdRtGWMFUTGmcpZv2MdT+6RXJAh76:Mio1zF31UWpdRtGb+ApZv2MdT+6RXJAA`
Yara	None matched
VirusTotal	Search for analysis

Name	02696689d1ef5b7c_bahnhofsuhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Bahnhofsuhr.png
Size	29.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
MD5	`194e941b01069dfd6adaa0eae5133fd0`
SHA1	`320dd2e272dc6ab8f96c837262e2ae13330f50a7`
SHA256	`02696689d1ef5b7c77ce40c439cd6d9be7f4abde14b59f52297cd113955b6947`
CRC32	`65241E70`
ssdeep	`384:iJ7Z3xRpqfyMY75H8OWTuMcSVp4yiuNtv9lPadvB5iAR63e0MHAFq/zVIe+c9NAD:OZ3ReyMgFsuMlHFP9lyF7vkqOtwrY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f01c97fa190dfccf_jsll-4.2.7[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jsll-4.2.7[1].js
Size	53.3KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`508436cf010b16e44626f074f37f5d15`
SHA1	`e9535c9b5eadb4349f8e3d8da888d365f7576620`
SHA256	`f01c97fa190dfccfa4ae2bf4547cc128b0113b360353c94e40e3b59881222d3c`
CRC32	`490085A2`
ssdeep	`768:0tZVRjscT6MXsJjPmeAaKU7FD8kvq1hAHZcllEiKj/FGDqkgYkzO8PpYvkEbv6WD:0t/GmDXsd9CxhAiUi0sDczGsCv6c`
Yara	None matched
VirusTotal	Search for analysis

Name	42bdbffd088ee5af_ELEVATION_SERVICE.EXE-9F359A74.pf Submit file
Filepath	C:\Windows\Prefetch\ELEVATION_SERVICE.EXE-9F359A74.pf
Size	39.8KB
Type	data
MD5	`69193ceec23355d2ca2c5c4de554dd0e`
SHA1	`7b6a5a9e4bacf406730526ab7b60fb1a5bdbf631`
SHA256	`42bdbffd088ee5af742e1eb76fe1b8dc7588e50054a90f510c8146898270a771`
CRC32	`CCB28ADA`
ssdeep	`768:4x8GZwsLhW1I4bHbLFsWO+uWabgRKzmi3mLdkcIoDsns:4V6scjbNsjVgszRmLdkto8s`
Yara	None matched
VirusTotal	Search for analysis

Name	0155f40a6d36d680_NETSH.EXE-F1B6DA12.pf Submit file
Filepath	C:\Windows\Prefetch\NETSH.EXE-F1B6DA12.pf
Size	53.6KB
Type	data
MD5	`2450ace16aa75fdb05f2e2cc07f344dc`
SHA1	`5cbe045196887bb068db7a685a6d1fe2e2882447`
SHA256	`0155f40a6d36d680ac4b3a27c874fd619a4f97d5e16477aa8169b1672656d12c`
CRC32	`9CEA2E23`
ssdeep	`1536:5DlkvNPV44u2rvOqA0M50kp7Yfby2kIgqvC:ELI1xAL6`
Yara	None matched
VirusTotal	Search for analysis

Name	d944ff222626d50e_keys_js5[2].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\keys_js5[2].htm
Size	1.0KB
Type	ASCII text
MD5	`4883b75693300002c961b6da525a0ffb`
SHA1	`3e2e7b81671f7d8e233b3c8c2dc0b2965936a8c3`
SHA256	`d944ff222626d50eab3d10fcfb1e82bf9b768986b6655318236704b327df1aa8`
CRC32	`D4B7FCCD`
ssdeep	`24:mwmOEtw0SrX154VWhAOw/1JbXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:m76/D1/Z01XDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	bb8d7f1fb0ef7e29_HELPER.EXE-B63E9F86.pf Submit file
Filepath	C:\Windows\Prefetch\HELPER.EXE-B63E9F86.pf
Size	26.9KB
Type	data
MD5	`0eab4c2c501263833e14d3aafe791a79`
SHA1	`cb97b2f80be0388350a2eeacff552a4414a277cf`
SHA256	`bb8d7f1fb0ef7e29e2a43e89d6d5ce9f454adcd738d649ad683ee8af0565fe0c`
CRC32	`204FFF85`
ssdeep	`384:eIC9rUAqn32TQ2GL/P/4xnbm9fVtt/gu8iSi9YGm3e4:6KBANGLnGbaWhd5Gm3Z`
Yara	None matched
VirusTotal	Search for analysis

Name	15893da4dbacf464_nisfull.vdm Submit file
Filepath	c:\Windows\Temp\795F52BC-7C08-46BE-9C71-0DAF273CCE11d8.1d39bc50364e173\nisfull.vdm
Size	884.8KB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`aa860eb2d6e6a58a889d82797497ad3c`
SHA1	`2edd884e827b831c197162efe76678e75af8f8c3`
SHA256	`15893da4dbacf4647906ff3a07b57123b9d7661b5f5e609f780233c756645f93`
CRC32	`9E08DB6A`
ssdeep	`24576:DLS5bhsYmRKf2vjDNZ0oiwZktav0Op3gHQ6RxNt+HLZG4dfESOM:6bQlP0jw68JWHtRx6H4IESOM`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	a365b37a503f2948_IME2010imeklmg00000009.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000009.log
Size	330.0B
Type	data
MD5	`aba916524277db53210ede106ba4f0f4`
SHA1	`a1e373efa2f5820871e207361b899f5cb1a4c76c`
SHA256	`a365b37a503f29488c93f2656419e7d591002904360f6bdeb2ef2067fff23741`
CRC32	`C8E23459`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	6c422277c9bc2391_omega.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Omega.png
Size	67.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 170 x 191, 8-bit/color RGBA, non-interlaced
MD5	`90b33f49ba0866f011d67e640cca98b0`
SHA1	`35dfda4f68cbeb266587d307343fa4bf2ea7dc96`
SHA256	`6c422277c9bc23912ca6aef5a32f141ff1a7ad06711c52005fd8beae7c0655e3`
CRC32	`543BE925`
ssdeep	`1536:pJAQ0eiN162qhdH6wOnlskiRG5xFQlYbQFvUbxARNq:pJR0eiNnjlnlsjRMxFQkgdNq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	061efe7f182966ce_RGIC87.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RGIC87.tmp
Size	10.1KB
Type	ISO-8859 text, with very long lines, with CRLF line terminators
MD5	`aae8f5b14439d75e8151d0d9a4cc6485`
SHA1	`9fce1026ecbb90b90802779a046cafd7ce4a3e81`
SHA256	`061efe7f182966ce91eb999bd2587aa779b5c1f61eaa7b0b9032c7dccf2dc414`
CRC32	`E5C5599E`
ssdeep	`192:oeQI6wA1jUr2ol3ilWoTWgzMPiS+XdC8lUwRQHb:oBwA1jUr2olylWouwRQ7`
Yara	None matched
VirusTotal	Search for analysis

Name	6dc85572e5933ea2_articleCss[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\articleCss[1].css
Size	51.9KB
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`bb1f4adb8ef267f9f13e42a20234364b`
SHA1	`26422ef731a7182142fd0c93577c51280920ba6c`
SHA256	`6dc85572e5933ea27f395787bab21a844aecfec5236ee1b98f82389eec516f30`
CRC32	`E36CEBBB`
ssdeep	`768:7JbYOtWOUbWbjboAbXb5bpbSXbhKbObdbsbLbAlLHFWjAxJw/0LQ1Iza5jza5cco:VEYWOUqHzTFFi06pgPcyV`
Yara	None matched
VirusTotal	Search for analysis

Name	7e8d18ac15933808_stickyFeedbackCss[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\stickyFeedbackCss[1].css
Size	2.9KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`7efd3e27ed488cccf7ed01bd3be4c4d6`
SHA1	`588ffba11ae38ee3ec25fdf32b41e7857a9b9b98`
SHA256	`7e8d18ac15933808eb30ec8b1db47f2a4363c11cbdbd3c00b7e0d576e270528f`
CRC32	`8D447FB3`
ssdeep	`48:c/vQEVDLEV9ouhczXlbdlbnyXXIpBpq0ZPasXVSRZ3NZYLe0T+u/ObYwf+gRQA:WvVg0ssVbdlbn1pC0ZPasFSz4LL/ObYi`
Yara	None matched
VirusTotal	Search for analysis

Name	7bd5baaf5212eefa_ivylace.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\IvyLace.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3d708d8f639f76d859e665ef694a62ef`
SHA1	`0b1cc310f0033f40d0893bb5a13e6b69e6f2987f`
SHA256	`7bd5baaf5212eefad806866581eec7cef31bca8d1fdb1189f246f3ce6bf0cbfe`
CRC32	`54BDE573`
ssdeep	`24:BEZrGXE5lrABRhB0aKEszdeTOs010BJGkpUdGIo8dip4UGibQ0Wd9i8xLnQI:BkqylUhB0fXjAf6dGJP4AQJTi8xLQI`
Yara	None matched
VirusTotal	Search for analysis

Name	9e07c7737174b058_carpediem.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\CarpeDiem.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`3f95c7c4c98812f4937de9230feb4c12`
SHA1	`6e9299ae2a062ba6914c4f824cd5b7f7f5ff995e`
SHA256	`9e07c7737174b058c6ecfa5a82b5093d8647467c5a30be39497f95cc1cd454ba`
CRC32	`C72D194C`
ssdeep	`24:BEa2rPCkjbHSCEsrTNTOe01rfLkpGdGm8Ri+gFFibQ0Wd9iBxLuQI:B4VbHHIG4dGmSgFyQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	e51a5292a06674cd_OSETUP.DLL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup00000994\OSETUP.DLL
Size	5.5MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`fcc38158c5d62a39e1ba79a29d532240`
SHA1	`eca2d1e91c634bc8a4381239eb05f30803636c24`
SHA256	`e51a5292a06674cdbbcea240084b65186aa1dd2bc3316f61ff433d9d9f542a74`
CRC32	`35109001`
ssdeep	`98304:8EpQGDTa+ABNoBLkIV30LbZRop7MD79/By:PQGDTTA+LZ0iS795`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	9dd58101441599ac_0mxhfttk4hqhtwhmgf3yo6er.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0MxHFtTk4hqHtWhmgF3yO6er.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`2fc76e55d65e347f02970652030299d4`
SHA1	`2a003d42d84aac1142ca267447e6ec2f462e67bf`
SHA256	`9dd58101441599ac9cd7c93bab6d3f8e06301b105e5a12666832709bf7438957`
CRC32	`F695E02A`
ssdeep	`3:Ljn9m1mWxpcL4E2J5hAnQb0oWnAs:fE1mQpcLJ23dG`
Yara	None matched
VirusTotal	Search for analysis

Name	f6c4be7b24660d2c_SNIPPINGTOOL.EXE-EFFDAFDE.pf Submit file
Filepath	C:\Windows\Prefetch\SNIPPINGTOOL.EXE-EFFDAFDE.pf
Size	178.2KB
Type	data
MD5	`cee84c3a2014aac034418bdb5150c56d`
SHA1	`ed0eae38586de274a8a58834410edde80e4298e8`
SHA256	`f6c4be7b24660d2c09b148741747cb7ede892599d4fe137ce02a955386ed4777`
CRC32	`DF0E3F93`
ssdeep	`1536:SFavxma/DRhih0agwebcgT2uf+Q6mJ9LRCa5RamIqQCj7ANPt4Birt/nWMkoW34w:KasSSODwOfRbLRB5QxQE8oD+`
Yara	None matched
VirusTotal	Search for analysis

Name	f1a1f83979d764d9_WISPTIS.EXE-595A3677.pf Submit file
Filepath	C:\Windows\Prefetch\WISPTIS.EXE-595A3677.pf
Size	32.4KB
Type	data
MD5	`84160dab7509a1d11126f135189548c5`
SHA1	`a428dd2e568b6612e7c9ce1f15ba182284e93d8e`
SHA256	`f1a1f83979d764d9f959ad867d70053560d8f0a02a6ec4670dd7aed530a3ba7c`
CRC32	`CAEDB2CC`
ssdeep	`768:wIXB0Jw7pYSf4MBv8pTv+Bf6rVbsZDjtKQCNh:wABiw6TMOTWBgVUXtK9`
Yara	None matched
VirusTotal	Search for analysis

Name	62c4e8b0456f0d27_nskD08.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nskD08.tmp
Size	700.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	data
MD5	`9891bdc74229741b8f57297d95d98bf1`
SHA1	`e743ee835bd8820a77d7ae7c3ecb58c29a5cf5da`
SHA256	`62c4e8b0456f0d27c99b5f09e7ee5f8bf8ca4220a70f3889393c304748e62eb1`
CRC32	`DC6C0C1E`
ssdeep	`12288:lS7hp/BfUkZX5VcY8PjhoWbqZ1twKsBgK6ueGtPLM0+Dwh88MEdQoJvwRpeoAdRV:0p/BZXoBPjeWy7il6jUI0+E8UGKRzp`
Yara	None matched
VirusTotal	Search for analysis

Name	d1a685009f287faf_SVCHOST.EXE-80F4A784.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
Size	18.0KB
Type	data
MD5	`0d092214fcb06f94dca4e1e002f8cbe5`
SHA1	`d5c0a8ce3a16196d169a63042a3d2fbf132d40ce`
SHA256	`d1a685009f287fafa16798c39b97844bb573abeada2f600bf16c84e1164c7802`
CRC32	`7C99A966`
ssdeep	`384:hK37q5OBSklQ8WxqCHH09NCKCTnoasARZuC:IL4sLCHc9eoasOt`
Yara	None matched
VirusTotal	Search for analysis

Name	305cef2082aa78a3_TRUSTEDINSTALLER.EXE-3CC531E5.pf Submit file
Filepath	C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
Size	286.5KB
Type	data
MD5	`4974e87ac91d1bf2be44641af64df8c0`
SHA1	`d3de4d8c2344049666937c086960e6fa13f69ea7`
SHA256	`305cef2082aa78a32245119151c1c2d6a0fe158b53186530aa36aaa56ae7a2fb`
CRC32	`53509710`
ssdeep	`1536:ke9TfcBdJMgLM1oY1+6gSSh08yESXjiNNebjV3NEsRPOrMlF0ZRUtj1h95v+4l6z:ZfuiXmt6Va6mUFuoJJ2l`
Yara	None matched
VirusTotal	Search for analysis

Name	94f862f139d2b9ea_NTOSBOOT-B00DFAAD.pf Submit file
Filepath	C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
Size	2.7MB
Type	data
MD5	`8e7a063abedac73bb439607cd2331ccd`
SHA1	`167ab4dc15b0cb2bd16988614737fc7439adf286`
SHA256	`94f862f139d2b9ea7b73dd7f3d2cf820d370a3f5a0cfb33ce8d0ac289f87e43e`
CRC32	`A7C7A673`
ssdeep	`12288:EvpVmfouSJ6GxjNltUmxoUUsiMSm+XysMmDjb+UvXp4btNKZfEVL4jr9woeF3c9a:Exc1K97FUuWlzBitNyfR9DsHkrrsj`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	b30b748aac01bcf4_blackappleclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.png
Size	23.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ebfd13181f171f5e71d710a6ea9f129b`
SHA1	`e435734c679f3d7360b58498416703e63b41b699`
SHA256	`b30b748aac01bcf421013976b3ba9df1da074077d35773624e5b2411d7e49b52`
CRC32	`1A552303`
ssdeep	`384:5fOprdUBSqoJzEJzpXqIVCiBZ75lAIy9Q/Z8RpzjLn6itBtIOe4HY85Y+KeFz:ROprKPezA1LVCiJTZ8RpvN+OemY2YGFz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8479484df0fbf694_SVCHOST.EXE-A1476A17.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf
Size	123.0KB
Type	data
MD5	`b7622a6bae290cc3b2e8c68dcf94771f`
SHA1	`7fffd172960fe3fbb4b5ecdb0c8282c66fcf4e43`
SHA256	`8479484df0fbf6940805c12a23596080e5d0f1b08c79078efb361cb2c40e104d`
CRC32	`5805DC74`
ssdeep	`1536:vHtTtOm9PE1eb9W60/oaNbeAVAwJv/O+O2Ib4LGcQJxjq2155L:VfVVliC2Icqn51`
Yara	None matched
VirusTotal	Search for analysis

Name	f10da8852f7de84b_{E7573238-1B24-467B-B5A4-0BE967E0BF64}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{E7573238-1B24-467B-B5A4-0BE967E0BF64}.tmp
Size	120.0B
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`796798ff987e7f7e13d1577f41f5f449`
SHA1	`0ca259c8c9c5bcba7f45c7f89a30f2a63cab61f4`
SHA256	`f10da8852f7de84beff6438090d3111b40a82fb47894a620c7cf9b087de59a7c`
CRC32	`A42E3972`
ssdeep	`3:QzlkEylRfl2ENhfmTlkARlHUylPNylRfl2ENhfmTlkARlHYn:QzlHEbmpJYylfEbmpJ8n`
Yara	None matched
VirusTotal	Search for analysis

Name	d31861151805efb9_DLLHOST.EXE-76936ED5.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf
Size	17.8KB
Type	data
MD5	`56999433e207412c02f2b9453f1eb8cd`
SHA1	`742cd275c26180ad69830bfd96cc343bb40d168f`
SHA256	`d31861151805efb96b92697bf36ca24e9723c9cb9fdaeb6c421786a062b1f713`
CRC32	`3808DDE4`
ssdeep	`384:SXO9VXfsC7Id5NJQPOCXtfL2aMjdYD13AyGml1Sn1d:SaVvsyIsR96a08GyGml1Sn1d`
Yara	None matched
VirusTotal	Search for analysis

Name	e27727bd9eb90724_dd_dotNetFx45LP_Full_x86_x64ko_decompression_log.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_dotNetFx45LP_Full_x86_x64ko_decompression_log.txt
Size	1.3KB
Type	ASCII text, with CRLF line terminators
MD5	`ff57bfea61840b6d3789eb34b1570536`
SHA1	`20de3bae3f7c9b9f3cd1089acfb369319a3d0e94`
SHA256	`e27727bd9eb907248e47474a731507772c7fbecb093709b7e6fc55f71ac6fcc9`
CRC32	`4B34AAE2`
ssdeep	`24:htK6gxB0nkj1Oj7igvdaLK4FqnkjHIWt2jH5mIkv3VIB:htK6gUS1OfDvh4CQIWUCvlIB`
Yara	None matched
VirusTotal	Search for analysis

Name	08d3a0627e92df12_officeShared[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\officeShared[1].css
Size	1.2KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`61df8b647422fa31daf80697e31b4a12`
SHA1	`6015128294a5740854c871b235b11363d806a881`
SHA256	`08d3a0627e92df12e5d62101ecf789888e3e50e78c1003aa0fbf5097f0d8d4f8`
CRC32	`3E979863`
ssdeep	`24:2Xxmph0W+R7q1aqpf8jOcn2MbKLrdW/VTnEzn1/nAKprRw:wxmph0fRGTpf8y82LBWA5trRw`
Yara	None matched
VirusTotal	Search for analysis

Name	616e149f162dbdea_wall clock medium-sec.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Wall Clock medium-sec.hpng
Size	323.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 72 x 14, 8-bit/color RGBA, non-interlaced
MD5	`b5acf30d1585fab9da09cda5d6a4fee2`
SHA1	`98fa6bfa72f2c9241aabb36ef6e36f5b9723e666`
SHA256	`616e149f162dbdeae89bc3feb6271bcb5300fae10000f55dc56b0e399b60a055`
CRC32	`39970EC7`
ssdeep	`6:6v/lhP++2xlv3zF1QOOtWbUgdyNxhnYpXLxDaRPYXuoBUSvux2nrkFp:6v/72rzF1wtWb9cxx0VGYXuoBUGlnwr`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ef1aff8d42c199fa_earth2.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\earth2.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`f38314a74205c38938a37a67492d55f9`
SHA1	`a66f27af7d0c055ba04f2d8de77faa9c798d5e52`
SHA256	`ef1aff8d42c199fad7e1569dc34ed48f9a68b6cb15675040b6154c69164e7eaa`
CRC32	`7F9EEC0B`
ssdeep	`24:BEQrGXz5lr9BxoaKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFluf1EY4dGmQD8tPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	533f5d2c545abc2b_AUTORUN.EXE-EC0E27A9.pf Submit file
Filepath	C:\Windows\Prefetch\AUTORUN.EXE-EC0E27A9.pf
Size	38.6KB
Type	data
MD5	`3b20ef242571c3ad5ebad27f4f94bbc5`
SHA1	`aff4c3a60e00d32456a340d9cd403c5dc7816805`
SHA256	`533f5d2c545abc2b8c5281e199ea4a460fad70cb374ebba5c9d943421f721dff`
CRC32	`52199E9B`
ssdeep	`768:Uhyny2syJZtTqbB9bS3+YkKMrnGu6y6+Fz2T2JJ:iyny9yJrTqbbCiKMrCy6+Fz2T2JJ`
Yara	None matched
VirusTotal	Search for analysis

Name	c4b83c7ea62ad99a_CONTROL.EXE-817F8F1D.pf Submit file
Filepath	C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
Size	42.7KB
Type	data
MD5	`ef6e9acd57404285808012a3de8cbc6b`
SHA1	`904703b3447ce2828574ac4b8b9312831c2ad404`
SHA256	`c4b83c7ea62ad99a600fbbbbaa18c6a8b9f90b77be72d6af74b00e6b7136634b`
CRC32	`8C5AE207`
ssdeep	`768:S6IgEmuWY0iU8Gmg9us2zeilieFXStsZXzKSmwoQuoy4vsJwhO5:S6IlHWYHUBmB1XlieFXSuBKrGuHEO5`
Yara	None matched
VirusTotal	Search for analysis

Name	282397f5efc6b5a5_clocx.exe Submit file
Filepath	C:\Program Files (x86)\ClocX\ClocX.exe
Size	2.0MB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2943a5a31664a8183e993d480b8709bc`
SHA1	`e7c28c1692073cf3769b61a8b298d09497d2a635`
SHA256	`282397f5efc6b5a517881350736901620649c3cf0a692423cf77b9093f933e8b`
CRC32	`24278A1D`
ssdeep	`49152:g6vznGwXRuYl294VVamxwoWVXOSLsJelqJ1cya/caqYY3MSV2Uu:bpXRu594VVajoSXOSLielqJulc1YY3Ms`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_1_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	8cfe40fcb3b948bc_longhorn.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\longhorn.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`46c0294fe18adf12e512cc5ceb02ff8a`
SHA1	`7a3d6dcc3452649fb56a22991cd46b2575a8b6fd`
SHA256	`8cfe40fcb3b948bceb7969332b8f4a1e5955472c98d5b947c0d3af72f05a82e6`
CRC32	`7E6E5FC6`
ssdeep	`24:BEQrGXz5lr9BxoaKy4ATORXFB01rfwkpZdGm8bCi+ZQibQ0Wd9iBxLuQI:BzqFluf11FK3fdGmQEZHQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsfCE7.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsfCE7.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	2e7cbb274b70aa6f_favcenter[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\favcenter[1]
Size	687.0B
Type	PNG image data, 16 x 16, 8-bit colormap, non-interlaced
MD5	`79afa8ab0ff40639c6fb752e88e60ee1`
SHA1	`c940d08bfeb8a7012f9340c9c4821c8f59b7d38f`
SHA256	`2e7cbb274b70aa6f564088cb1b58029907b836e73119da8398687ae766b124c7`
CRC32	`55DFB61F`
ssdeep	`12:6v/7tWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW2cd//8NOR4JOzPi+oNoF2mcHhC2V:DWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWo`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4b1961adbb52f265_THUNDERBIRD SETUP 78.4.0.EXE-A278C73F.pf Submit file
Filepath	C:\Windows\Prefetch\THUNDERBIRD SETUP 78.4.0.EXE-A278C73F.pf
Size	54.6KB
Type	data
MD5	`d80b0d98bdedf31ac7b147fe3f8d72f7`
SHA1	`e1841ef43b7ee22cc33b1be5f6a6f1165d22e83a`
SHA256	`4b1961adbb52f2659668dd3b135cc9a8bb551b4fff865767ba28b956f2e77faa`
CRC32	`6E255931`
ssdeep	`768:KnCa2YmuwftYmTLM/8/AeBuP8Y5OhSjGSEzzGmOlkfTN:KnJ2YmuwVYK4eBI8YchSjblkfTN`
Yara	None matched
VirusTotal	Search for analysis

Name	9242b3d8e4e51e4d_dd_vcredist_amd64_20180201144548.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_vcredist_amd64_20180201144548.log
Size	17.0KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`d60aee165df08a9302f76fe0084bb876`
SHA1	`e36ef2738230937282d53415dccd002990b8c05b`
SHA256	`9242b3d8e4e51e4d49438f4cf2773d2e7ec9c0539491bbe82f4ea4b306b0dac2`
CRC32	`EF32FB21`
ssdeep	`192:Quk6i/1u1c1D1z1Q1e1N14/ewOd0vPkKoOcwAdjNjqjNjecyJruc8uNJIb4EL4pz:Qun/ewZAdhuhScOL/18VB7M`
Yara	None matched
VirusTotal	Search for analysis

Name	3a5f18b977b2d40b_svenska.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Svenska.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`692a55f3a8b0d2240679a9a8f6cd8b83`
SHA1	`2e58faab3b35f2c36f391e677932722949b66f8d`
SHA256	`3a5f18b977b2d40b832e362d5e3db7b5a10eaf7ddba793b830b60ca02fc7a9b4`
CRC32	`3BAB3F87`
ssdeep	`48:WavowZsfFXA9JUCFRQijv1BMTZKNQgXVynztV9QmqAUaxMxviysDHO5Ltg60Kg:WavowEFw9JUMRQixByZaJV0zVxqAxzyM`
Yara	None matched
VirusTotal	Search for analysis

Name	72e437c91cdca423_white_apple_clock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.png
Size	12.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`18b08fad1bd9bd1098fc3772888d36f2`
SHA1	`b7a44f8be157ed798b1a1b9cb2d56e5761a2b481`
SHA256	`72e437c91cdca423fcc9f7afc91dfba616157bc2ab344590baae62b75089f19a`
CRC32	`A9B7BCC3`
ssdeep	`192:WSb0V3Zxh1e7NN+aOZbEOMqy7wF6wYpk58VxjbqFS1VqmxVQLSopM7C2HUv5oxzR:5AVzferOZbbpUC15KoSPxgM7CMW5oDO4`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	19db7eb10fd8ddcb_components-vflfxQtKp[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\components-vflfxQtKp[1].css
Size	62.7KB
Type	ASCII text, with very long lines
MD5	`7f142d2a92c1f1487c42fcf08b776803`
SHA1	`bbe40c6935e274e523edebfa689c7eb87f24cc89`
SHA256	`19db7eb10fd8ddcba4971d112989a0e2f4dcad0281573eeb8e0bc392ffe30964`
CRC32	`126D7F03`
ssdeep	`768:C5Lc7j8oQiqSqdpOpAmFGnBkd28vdZJhV5l/cA4FbxbBUmR3yq0qsqZqu1o1LTw+:Ak8oQLHu`
Yara	None matched
VirusTotal	Search for analysis

Name	666888449b0988e1_BSPATCH.EXE-C0E5ADBC.pf Submit file
Filepath	C:\Windows\Prefetch\BSPATCH.EXE-C0E5ADBC.pf
Size	19.8KB
Type	data
MD5	`46227a90ebf4cb7abf379ce2cf1ae48b`
SHA1	`47ecf6d35bbf35df4a65ec416cdb4326fddc54dc`
SHA256	`666888449b0988e134a5369a671e3c0e3e0f616cf188d15dc53209bec8c87c68`
CRC32	`0D16004C`
ssdeep	`192:q/4xbKWbO/smVy0ngMfDMaNATSHcpbPcA4wVwnxIMnNaK3s4nczg/6rUZHkcRDrR:RKNn7fQtY4HB4hf9lbAoGmvN`
Yara	None matched
VirusTotal	Search for analysis

Name	e49afdc4cc23e0fe_keys_js5[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\keys_js5[1].htm
Size	1.0KB
Type	ASCII text
MD5	`90a93490455ef62f1e14723de78a45fd`
SHA1	`5b4b3b791d7421be1d53004712ed1ee498e546e5`
SHA256	`e49afdc4cc23e0fed6014cb2141087390a3c85927e68fbbe9a08c994064a881f`
CRC32	`87C7C41F`
ssdeep	`24:Ap8sL1a36zE54UpbXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:oL12x4IXDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	6cee1dfda69c5d1d_unreal.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Unreal.png
Size	46.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
MD5	`d483ffb9842a8f0a99f70376253fd45f`
SHA1	`351350abc3974b4ed94cb8adc11ef057be9f71d1`
SHA256	`6cee1dfda69c5d1d301919afe55b02954dba639ae118ebc446e32f41359ba005`
CRC32	`E2963F0B`
ssdeep	`768:iEIQli4ubch7Y6jAj+lFOf68cc3NWQReu8jmJaa4/ImyJi7RGF9kepuOOdY74G:mX4Ge7JE7f6/ONWQp8jmJa9/IfJmEclw`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	85a4d1b7cea0f0da_Trace3.fx Submit file
Filepath	C:\Windows\Prefetch\ReadyBoot\Trace3.fx
Size	1.7MB
Type	data
MD5	`448802824fff62f4d52818096d165f8c`
SHA1	`420493baf1df207ffb25164e0f334483bd6ec0a4`
SHA256	`85a4d1b7cea0f0dac132a9ab9848a555b7008f45f4960403d6db8db10b496fd4`
CRC32	`2144DF1C`
ssdeep	`12288:lLfgGLJwL53KaZcs7s54BxyGq3gaLHz+HAH6k7j:lLfDMKaZcs724/yxwaLT+HAlj`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	6c3c1986f231973a_noConnect[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\noConnect[1]
Size	5.3KB
Type	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5	`7686f6957ab9b36be2ebba88772a1541`
SHA1	`27089f8c09e41fdc4c994f8a5a5b115058479def`
SHA256	`6c3c1986f231973a68ddbacfd2a40408c8766bb18851c1a80e121f08f9bcf4de`
CRC32	`CA869C92`
ssdeep	`96:x4xOKDm0AK8naEFgkQgWmwep7eyaHNdj1BQp3VaYuV5pLeOMnCi:x4xOuuK8nNFgyW3eJe9HzjfQpI5p7md`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	727f8b3d9d785c14_SetupExe(2018040515215734C).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(2018040515215734C).log
Size	4.1KB
Type	ASCII text, with CRLF line terminators
MD5	`c0249e10720df11781358f7d1e7668f4`
SHA1	`926cf719ab6880fd2a8c65e94874df8198491899`
SHA256	`727f8b3d9d785c1400348756cdf207c56cf04971ae71c519d3e77e6b402a346d`
CRC32	`8EC1BB30`
ssdeep	`96:d7Id2ji+rIxN0dsOJ3upbplp8pB1pVprpwpTpBopVpHpupWpKpvp7pWprp5hW:d7wFROJ+xn6D139ORDoPpsUo190N8`
Yara	None matched
VirusTotal	Search for analysis

Name	94ecf6eacb75ad6d_IME2010imeklmg00000022.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000022.log
Size	531.0B
Type	ASCII text, with CRLF line terminators
MD5	`5b9fb7dd9e2c98765faac69ba38e965b`
SHA1	`9ee87dc211e398ebf56ea55ecc2dc8cc5b3e0148`
SHA256	`94ecf6eacb75ad6d8294ee8d3bf4a3422d8a76315aec1c04b9a938c5b4dba3ab`
CRC32	`1210346F`
ssdeep	`6:ovi4EE2EevpiAktHnRzVHTXkAHXFDaRk4EKxgAko5wTJsMwmn8+VtSNUZ3HTXkZw:o58xiRHRRHTBHXsBi85gYmn2e3HTaT6v`
Yara	None matched
VirusTotal	Search for analysis

Name	399d718ed5dffdb7_JRE.EXE-3BBA3E7D.pf Submit file
Filepath	C:\Windows\Prefetch\JRE.EXE-3BBA3E7D.pf
Size	12.5KB
Type	data
MD5	`08bdea96caf5d28fb00cf203bd4d3544`
SHA1	`c37fdd501a8496e39ddabda080482b2f1522c7a7`
SHA256	`399d718ed5dffdb7c883d0847d2a209260d6da8138b79a94ee390eb15d8c7038`
CRC32	`0675AA3E`
ssdeep	`192:MY69bK15DyvixlBN3egsmz5dvsXKmUxlVlHulhBcy6dFGnqKP/uXGm9NL:N6ZKFS7mz3fxh9KQGmn`
Yara	None matched
VirusTotal	Search for analysis

Name	c241583b8b385499_polish.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Polish.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`6dac613d6c6d0a30beac1b1536e051af`
SHA1	`faf8f9ea6e95a1177b62e10cb8d9e3bc54f5f8f4`
SHA256	`c241583b8b3854991d37c399d82f71994f20ea961054fa94006815d72b713507`
CRC32	`23DF7CA7`
ssdeep	`48:LtjgkeiQhyCSJsZmDnami9fdB2CLLIIDj/I1zICfonRF1XOzYF9x2bL1aCFr/f:hMgCSJamrami9f3jHd2ImonhXp9x21a+`
Yara	None matched
VirusTotal	Search for analysis

Name	aa2d6050b1b0211d_widestonestudios.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.ini
Size	982.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`0b235dc651e778ace561ce903e1bcbae`
SHA1	`56aad578090cbc90b8f760019fc0339175988e21`
SHA256	`aa2d6050b1b0211d43ad6bc919e239b42c9a361fcfc07995f470f3ff3557dd75`
CRC32	`42AE45DC`
ssdeep	`12:a4EqmYvrrijpJTpb27XFPVGRXFdnXFPVJ99XFPhNhXFqA2kBIok9Gst81M2qYKcy:BEErI1MTwFBP1rfEk5CGm8Z5kNOi`
Yara	None matched
VirusTotal	Search for analysis

Name	051468a847913306_earth.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\earth.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d4c8bc1c07c0077783e15664badf33e3`
SHA1	`ef27b3ae33d84581098c96384784282e090afac1`
SHA256	`051468a847913306cf9fb5dcbf17bddab5ac36689dcba6da0374dbbb5383b6c0`
CRC32	`1198EC5D`
ssdeep	`24:BEQrGXz5lrUBRSTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:BzqFlQGiEdGmxtPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	f375dfe125d10a47_omega.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Omega.ini
Size	921.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`039055d6e6ec2f827f2144d2690ba58e`
SHA1	`f8aec1f29548cd3c825aef43bfc6fff9be8b91e7`
SHA256	`f375dfe125d10a47f758f7dcc26a0e0b69798516e8872a0127db465ea2f30f84`
CRC32	`13F53A7D`
ssdeep	`24:BEurZuC/Tzer1SfPkLKpSLgGLTIZKgNi0uGUnn:B9kb+SkG/pAUn`
Yara	None matched
VirusTotal	Search for analysis

Name	ef968a0ea1018e06_ASPNETSetup_00001.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00001.log
Size	2.9KB
Type	ASCII text, with CRLF line terminators
MD5	`d2773d3772a50be852d3722b7322b9f0`
SHA1	`b9201e89b4891d9fdb90b0ae7539979f31b8e821`
SHA256	`ef968a0ea1018e0685ea93756c5cba213bd1408212c0d01d7180203ae8fcc71a`
CRC32	`4B8716DB`
ssdeep	`48:hUEQNOGOA1uhxFGFp/JO0N7h77hZqFrEJqnqTqL9Z93l2t:hUEUOGOrPMj/Jl7h77hw9Z93l2t`
Yara	None matched
VirusTotal	Search for analysis

Name	3a615f5afdf35923_indonesian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Indonesian.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`93acabec2dafec5e819d4adfbdd86429`
SHA1	`7459019e4db35d21e2494432860ff94ba11ab498`
SHA256	`3a615f5afdf3592336bb992b8176a702b7ce81aaba0cc13f7192e57023a973aa`
CRC32	`78321874`
ssdeep	`48:S7Ikp8cURun1XREJ7aTBHkRAfdkkDdOhcjSDEnb4rt6VwTu:SMke7RsXREJ7ckk5SGb4wVwTu`
Yara	None matched
VirusTotal	Search for analysis

Name	cd6dcc20c7fc1645_gmail[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\gmail[1].jpg
Size	2.4KB
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 132x48, frames 3
MD5	`addcb559cee69f7c0818cfe02dd3f1d4`
SHA1	`fc7a72635ad7636706ff33bbc080efd2cfa99850`
SHA256	`cd6dcc20c7fc1645a20cb212ba8b84d16212bf0bbfb3b0c987e1724479d54a9b`
CRC32	`609E0DDE`
ssdeep	`48:dX/abXZHj60OzMY9hpcPMIcy/XPa6NxXs8WXqR3vD6NBAculN/0MN2RJFHnYx:dXSbpeCYSPQy/SIxXCIlplN/0MNI1Yx`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	2b6eed6932c65f8a_bahnhofsuhr.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\bahnhofsuhr.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`ba768117b0ee7dcc4d22d0cf34f17177`
SHA1	`048df18f592eb751dc8094ba82bc77a9ec7e1316`
SHA256	`2b6eed6932c65f8ac44e36d62c4bbed226db938acb6ab43134e756f5f85de943`
CRC32	`50EA8931`
ssdeep	`24:BE8rGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BTqyllTJfgLFK3MdGmQ71PXQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	7bf64e8381313090_ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat
Size	287.9KB
Type	data
MD5	`1720c4f036fb3a42419ac9e584677b23`
SHA1	`5b1b2ae930577a78b4f63e56473dac2b05edd4f5`
SHA256	`7bf64e838131309095732443755fcb8a488b03c5009490451d8b42786f20e473`
CRC32	`FDD6CDE0`
ssdeep	`3:KoNEVlltnkltlM/tc/tc/tc/tfwsXW/tofJt:ZN2lxk1vwsDfJt`
Yara	None matched
VirusTotal	Search for analysis

Name	dffee37c9c2fafac_MPCMDRUN.EXE-6AA90EA5.pf Submit file
Filepath	C:\Windows\Prefetch\MPCMDRUN.EXE-6AA90EA5.pf
Size	18.9KB
Type	data
MD5	`37b3f8463fb78ee601fa6ac7b70e2f5f`
SHA1	`4ac307b35ba5e19f25e6df55747ce3ce337c237a`
SHA256	`dffee37c9c2fafac33c387a95f97ad56f152531c8dfaf496594ba02af93dd4d6`
CRC32	`4C67FEE6`
ssdeep	`384:Va2yrRDYbrjAlfycE0HUMvgw+UoBvCZs64uOvn:V5ERDGyy8JvD+UoBv4s6Cv`
Yara	None matched
VirusTotal	Search for analysis

Name	c9243878c5b9b666_default.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\default.bmp
Size	43.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 121 x 121 x 24
MD5	`15eaa774ac3848a3b4dda0e66f5e9287`
SHA1	`a3df74fd4ebe8a46d301e27e295082cc4eba3c39`
SHA256	`c9243878c5b9b666681d16df368eb1532a5605701a25aa6121f3d5cfc7189c8e`
CRC32	`8C07C048`
ssdeep	`384:bTjuQGkjL9f2ulV12XTVv2ENp8JAoa1137h7ANbUx2:njXqukjk/Jc376NX`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	7608128e882e3a34_ukrainian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Ukrainian.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`d10e2a8bcccaf9eff46d453e6fb127d0`
SHA1	`7c7a5c843c6b8fb615cbf30de329a1505276450c`
SHA256	`7608128e882e3a34cfc48a35da9c2f1c77bd07b491ee4bd1d6d48bb425cb68bd`
CRC32	`C38387B9`
ssdeep	`48:1liKJBTGlVWryPQ42xZZW8KVIFND5i394wtoPlnjp3uPAPxM:1liKnTGlVSyIzZW8KVIFtwZoq4m`
Yara	None matched
VirusTotal	Search for analysis

Name	b5a38b2b7c86b6d4_DLLHOST.EXE-ECB71776.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf
Size	36.6KB
Type	data
MD5	`f2b1542183bf9d94fb86df87cd936bf1`
SHA1	`1427eab2972861b405d4011cd8c1fb8d71a527e8`
SHA256	`b5a38b2b7c86b6d46eb82951b78ca1b7435ce25059b8a7b14fd13a2b2ba3288f`
CRC32	`A29F50D6`
ssdeep	`768:Hv3KebP9PrmRfKU0aRmM0xWghEGmiqv/1/I6:P3KQP9PrsF0AghzK/1/I6`
Yara	None matched
VirusTotal	Search for analysis

Name	79f96700543dbd7a_animation-vflzHcTyC[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\animation-vflzHcTyC[1].css
Size	537.0B
Type	ASCII text, with very long lines
MD5	`cc7713c829f9ce536c471fd215c11040`
SHA1	`28b9a89dd6b5daf595231b8066fd8c6c725d2e50`
SHA256	`79f96700543dbd7a21c830fa974fae3ad275a4994bd850c2cac7dff05a5cac29`
CRC32	`C101EA6E`
ssdeep	`12:zzJIXRXFX+5xR2h5Rva5+YYYJ+DSt5e+Jp4+r2:zFYXBAgPk+B0+Wze+Jp4+r2`
Yara	None matched
VirusTotal	Search for analysis

Name	038edac0fa25b829_blue_sphere.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Blue_sphere.bmp
Size	43.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 121 x 121 x 24
MD5	`e7aa8136a3ab665606cf7c759a90b44d`
SHA1	`8679df46ff5f6a5ad64ef2c3942cfd3a6c0d6b6e`
SHA256	`038edac0fa25b8299b05657ace4541dbf1363598d1992ba09003625751b58710`
CRC32	`4EC6B1B7`
ssdeep	`768:5UgVAiVbt4DDDPywwDu5QQWdkMAlCy+eE8sN7qX3sUcQN:5vhMPad+loeE8rHzZN`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	69e4cba68588981e_aquab.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\AquaB.ini
Size	962.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`1a89edbfd22ba1d75dd1b647d14acf19`
SHA1	`e2b42f0a5751be735f9f1c253b1054dc0a21818b`
SHA256	`69e4cba68588981e07949cf2b90d506f7139e5ddeb0922d84abfecb6ada8d666`
CRC32	`FBCD2B9B`
ssdeep	`24:BEIrIA83TORXFB01rfjkpWdGm8xiF0ZJGi:BzucFKuMdGmEZJp`
Yara	None matched
VirusTotal	Search for analysis

Name	c31661f979ee1b7d_java_install.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\java_install.log
Size	28.4KB
Type	ASCII text, with CRLF line terminators
MD5	`4bee407b683d8653f5f43af542529213`
SHA1	`a37f6828ad5d38f18ae69314aebb7f6d4899d2a8`
SHA256	`c31661f979ee1b7d41612a5edb3d572067e7ecf5e99dd8ad16f3fc06c3470db1`
CRC32	`D5D76DF5`
ssdeep	`384:ZpOh0WPn1T7WTb6A5ZelXrSGDbaixZlmIo:HOiWfhs6A5Z8rSGaiPlmIo`
Yara	None matched
VirusTotal	Search for analysis

Name	093e1350402900ef_aqua_apple_clock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Aqua_Apple_Clock.bmp
Size	35.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 100 x 122 x 24
MD5	`9ab412a79776c5575eaac0d8cb36c294`
SHA1	`b8bd1945591a00235f5c8c80076f7b54c421ae4c`
SHA256	`093e1350402900efaee414d0506425a690a4eabcfd77a78a1979b2e072fdb083`
CRC32	`2F186258`
ssdeep	`384:ovrz7c5apfURSGfJJsvMOO7WOhc4tHwOormPeJ7bEnb6f1ofnpapYR+MqV0yT:AZUzVOO7WODtHwOormPPU4nhuVfT`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	2b885590f9c5cd14_blackballroman.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlackBallRoman.png
Size	17.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
MD5	`732674a58e6e96725158ab71d39d1af1`
SHA1	`19e9fd5080fd624a0ba53c23be8939166431fe55`
SHA256	`2b885590f9c5cd14accf5066e444edeb4dd5a678a278401ebe60422e93eefd18`
CRC32	`48D1F5C9`
ssdeep	`384:+RTsz18O1aVoTRG/gB3OySclWba32Z58aPY5I2YelngpOILTc/61ENvt:sm1TootG0Oy/WbqlFI0y1EBt`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c19bf11bdd0f5cfc_article[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\article[1].js
Size	70.3KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`20f0a87712f0f96826d7e775df03628a`
SHA1	`235d37230fd467dbe66ac68038c0855d5cb22b6c`
SHA256	`c19bf11bdd0f5cfc9d495c464b45815ced94165be08cfbb51f7ed4d34062ab9d`
CRC32	`70EAB75A`
ssdeep	`768:McrAueTlKThIdL+HIgtpdGLA54+expZijsEi8xqyBeNy7Le5p3XUS0p8+fMm2SXX:M/qnybgBeWJjbudFQBp`
Yara	None matched
VirusTotal	Search for analysis

Name	acbb48573778a5ad_other[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\other[1].jpg
Size	12.5KB
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 132x64, frames 3
MD5	`28ca094cffa08d33ee71610ce3ed1fad`
SHA1	`4b5a541b0ca7cffb2909ddd5d2f6f05c2ede9147`
SHA256	`acbb48573778a5ad0ea3885b835ef94a2a8c123774d61ea1d3457e4c912a0986`
CRC32	`0ADF40CA`
ssdeep	`96:5FnN26MT0D5MdtbZPAVwzVZpkCTk09sFnEsmLbSdD8p2cwgdc+qAtN2:CYNMtKwJk0keOnjIbHp2cFdcKC`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	c4c8103acd324637_RUNDLL32.EXE-89545801.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-89545801.pf
Size	56.2KB
Type	data
MD5	`ceda443e634065dd1976e086dfe3a4f6`
SHA1	`864a181568072b32a21658a35d427dd6abe1661d`
SHA256	`c4c8103acd32463791d3543fe9e62fddd857ba4cd7a43554d4c4c081cc293e9d`
CRC32	`BC27B0C3`
ssdeep	`1536:Y3hEwiX2Reh77nndfJOJkNTPpXJwV4Pq5ZW8uqXqubF7s/eloSL:Y+VX5wV4Pq50Pq+m`
Yara	None matched
VirusTotal	Search for analysis

Name	a1140fd231524cf1_dd_SetupUtility.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_SetupUtility.txt
Size	660.0B
Type	ASCII text, with CRLF line terminators
MD5	`7bffc6a3c4ab6237967a9ec4711841b7`
SHA1	`20f1c976a16e411d280496ab88cd12709a3d8a6c`
SHA256	`a1140fd231524cf1e196e31c77c15e421ddce53d795bf794209317b57d8088f7`
CRC32	`AB970EC9`
ssdeep	`12:k+C1vrdAfNL5ePQAZ11IrdAm9AlGO1lGQyrdAqJlGNAXNCM5elGxVlGUa:k+KvJCZ5ePDz1IJlWpFyJjSvM5eqa`
Yara	None matched
VirusTotal	Search for analysis

Name	35c6e7d3b9bf347b_marblemin.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\greenmarble\marblemin.png
Size	4.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 117 x 14, 8-bit/color RGBA, interlaced
MD5	`e4f18584a1443e393889d6b0725e69b6`
SHA1	`943a2815f066d5c44777eef80d0978ffa84a696f`
SHA256	`35c6e7d3b9bf347b696eee60a2196f10355c07f132d4ac9be48191bd876335ef`
CRC32	`12BEDF9A`
ssdeep	`96:ytePcbs8T/pKuzqSpOOTD6IZ8mE10A1bHb3GDfxkwfK:x6TT3uAxfZ8n7bHb32U`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6b61f4b0bd3f31af_7Z2002.EXE-53C3CF69.pf Submit file
Filepath	C:\Windows\Prefetch\7Z2002.EXE-53C3CF69.pf
Size	40.6KB
Type	data
MD5	`debb5f7e613676f7c4259569ce809b02`
SHA1	`b328b7a33ddbc4eb3e4cf80f255eb35510de8225`
SHA256	`6b61f4b0bd3f31af7040952efac1955c0568b83e652c2dfdf5fbd98bc42ab7f8`
CRC32	`E74664A0`
ssdeep	`768:DwAp23wGHFoiDQFpbDox29ipe03yLwDPj+IEF/CYUuGmpXu:D72HHFoiD6pbsU9iU03HDPyjF/HXu`
Yara	None matched
VirusTotal	Search for analysis

Name	698a1a399e48fd08_octopye2.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Octopye2.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`85653aba4507ab8f7aa3b19c5b04694b`
SHA1	`ea5411f08d9e1e2242d8527e0a18a2dc9c1a5327`
SHA256	`698a1a399e48fd084fe2453458cea1f87fe6a66cacc18bae34c5c2aa4dfb60e0`
CRC32	`F7901EB7`
ssdeep	`24:BEGrGXz5lrANhjaKhVuTOLX01rfPkp+dGm8JiX1PgibQ0Wd9iBxLuQI:B1qFlWhjfiiEdGmx1PXQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	40a519f829558e1b_woodhour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\woodone\woodhour.png
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 40 x 14, 8-bit/color RGBA, interlaced
MD5	`2b3ab55ee12a47f5a20f8cfa2d46724b`
SHA1	`1fb28f49ec9d8f2b7e90eef82cfa48c5b7bd8687`
SHA256	`40a519f829558e1bd12c88f891125420079d40ff3c10b5940724f8d27d69d4b3`
CRC32	`21AACCF8`
ssdeep	`48:LLDh2CM+hIEWlV2mEGE9cx7g+SNpWmefyAZZJDrS:LB2oe5lVEYx7hSNCf7Zfe`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	a52d66851491a9f5_RUNONCE.EXE-0E293DD6.pf Submit file
Filepath	C:\Windows\Prefetch\RUNONCE.EXE-0E293DD6.pf
Size	28.4KB
Type	data
MD5	`b299c06d25e7a7a376c26ec23802fa6f`
SHA1	`d062978b613bc184ce8d8f5e44511987593834d4`
SHA256	`a52d66851491a9f5744759244dfce73e108c444bfbe11887ef1dc38750615515`
CRC32	`4AB6BF48`
ssdeep	`384:ZqG9k6IQ3D/+i9ylu/gaglm3gp86nZVUes4BWIvd8hGmVSK4J:gGvnZXgaGmiN8hGmVSK4J`
Yara	None matched
VirusTotal	Search for analysis

Name	04b44bd2f0d96d81_trumpet.mp3 Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\trumpet.mp3
Size	17.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
MD5	`a8543f9f3bca2d1d1e610a2255644ca9`
SHA1	`a94b4154825bb1eee6704fad78afc4ece10bbcce`
SHA256	`04b44bd2f0d96d81475f9e5d18c20aa70b37c77f1f60570ff448da25a9c78754`
CRC32	`CC21ED33`
ssdeep	`384:O4aEJEp87W0A3vAADh+9gZCh4UzWEuZ8l9E9Zsjjh3m5:O4Hh7WL37z6zWEueb3Q`
Yara	None matched
VirusTotal	Search for analysis

Name	8d47c549094f6868_cappuccino.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Cappuccino.png
Size	9.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
MD5	`399b9c9dc36ded079b004fac8a2747e2`
SHA1	`769a7a703e83fc62357e8b66017074c911a0616a`
SHA256	`8d47c549094f6868cddc13042e2136318feb819cdd3090c5804a98bea59fc389`
CRC32	`58C38261`
ssdeep	`192:apbPCmV6zP1UjFjRWkIt68pM3dBvAgc+vlhWH65iHWRUtDOQbHy5RkcP8zY9pz:apb6TpUNRDsYFvPEHWj6cPWo`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	887cd38d38e4fcce_nsx392A.tmp.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsx392A.tmp.exe
Size	341.5KB
Processes	2828 (tOtcmAUyZOxR462do2YSqCR9.exe) 2924 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4867a941fe6c9a852c3460888d711b87`
SHA1	`0bd27ee28fd1b6359e460c8efdd8503d3f772329`
SHA256	`887cd38d38e4fccecaaea1c64d41e92320cb735fa481e387df910144fd82503d`
CRC32	`8BB2A2BB`
ssdeep	`6144:ivzQtMCLU861kowu2q8dqULy9yQfcA2fCmyQutV:MzQeCwuDu2q8dpLCcXflyQMV`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	c07da73ed598a9e0_ballclockamber.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockAmber.bmp
Size	31.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 104 x 103 x 24
MD5	`13b2cd8ac7c2041757e7f8133f3615ac`
SHA1	`421f8e88710e56be792b4e2c5cf7b80f2df9fb5f`
SHA256	`c07da73ed598a9e0c3064791984360b211031cac9b42a42ec50c1eb7e5c12b3a`
CRC32	`B4EA07A6`
ssdeep	`384:Ds2SUYkFxoF79oRKLcX/uWL8Owlk75v9h2y/rrftfLDdOKVLB0lGuRsUxlIB:g2YQXRKL8/wM1Yy/rrftjPLB0wuRsSIB`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	73dafe6e6fe8c0ca_violeta.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Violeta.png
Size	24.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`03b13207e96453a1724e2c86844d6f03`
SHA1	`60ebe3929d936a6df44e80ae9db5e061ca41d555`
SHA256	`73dafe6e6fe8c0ca6f689a899cd704ae26b7d35f494a7fdcab895c774afaf17b`
CRC32	`547127F5`
ssdeep	`768:NLPppFgWbMSDrW/a/e/mbWfMpB3MXKlKQ:NDLASDr+myiVMLQ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	bc87b08c2dcffd24_dd_wcf_CA_smci_20200715_051339_493.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_wcf_CA_smci_20200715_051339_493.txt
Size	6.9KB
Type	data
MD5	`381a2fc8f9e00f85e107891285749f4b`
SHA1	`c2bffbe79982a90c9f1c51fb5cef331d18119223`
SHA256	`bc87b08c2dcffd2486ecf6e2d3be5ee38f46db641a15840b8b2345178c2d091e`
CRC32	`9A8BD85D`
ssdeep	`192:bpJCB1HvBpQpQPcIQtYUlMICA3/nP2lGZGpYq38rN0rV:I1KzEL`
Yara	None matched
VirusTotal	Search for analysis

Name	cb30c8527bd4938f_nvidia.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Nvidia.png
Size	50.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
MD5	`76a66cc455fe13cc78642306b6b0ffc5`
SHA1	`ec2239dc12a29f2e779cf8e7d5c7d0d11e72f050`
SHA256	`cb30c8527bd4938fb783e767294c729da016fe0fea5ff77537648a7c93ea6f07`
CRC32	`3449ABC4`
ssdeep	`1536:1UgYGQi4Wwa/oNQNl7rZm18uE9UgRt3Nx:IagNql7rZi8ueUgRt3Nx`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	a1496495805f85f5_DRVINST.EXE-4CB4314A.pf Submit file
Filepath	C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
Size	107.1KB
Type	data
MD5	`60ee187ef280be39f0021ce92097f01a`
SHA1	`bb9b1876827cbca7a332cf1e03c9f2963d567e86`
SHA256	`a1496495805f85f5a4e1ee2ad4a9b1d925b2ee1acbed6aead0e331e1697d128a`
CRC32	`C7CFD31A`
ssdeep	`1536:7XCBjaS0/XnuZj6KRlX4CRbKAwHHVz7GHt+HH2MvLiGvyqUT:mjzK44WWL5`
Yara	None matched
VirusTotal	Search for analysis

Name	953af43628ee6880_isink.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\iSink.bmp
Size	35.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 110 x 110 x 24
MD5	`a7067fa4cea0838fff9ed1c329c02a10`
SHA1	`cd35e731c2c95c5589c7f612a4438719018422f6`
SHA256	`953af43628ee6880a3d574dd0a167f58e7cfa4124f66a82bdc9554f177e229bb`
CRC32	`24225452`
ssdeep	`768:1MVcHjhp9uXNffJo8wYUxkM7z7M0L6lfjnjZMRi:vDsMCXMg`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	214ae5eb9503957c_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
Size	287.9KB
Type	data
MD5	`8198d259a418eac522a52953077723d1`
SHA1	`63be54f799c1cae3a4ec8156852e3ca4438085a5`
SHA256	`214ae5eb9503957cead6a3a94bc19446d283ac50ec1e908c3401809e28f1422d`
CRC32	`6FE0A9F2`
ssdeep	`3:kIhFPFl/l5kltlM/tnve+/t3ll:k2vvk1Gve`
Yara	None matched
VirusTotal	Search for analysis

Name	808986ba3ffbd5b0_hebrew.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Hebrew.lng
Size	2.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`e312627e571323c7805473d7c8a6b3e5`
SHA1	`eb9eca27cdebd2984b3b4fce6279731ec7c40ef3`
SHA256	`808986ba3ffbd5b0befe6c8cf4dfd5578d138b5569adf7dc1c41d32f37542d81`
CRC32	`B06491C7`
ssdeep	`48:A+UFyubnHRyCv8TzCVoL29Vg9mAsMeoXLyh+y/5WnRzuPCnXTu:nubHpUPAoL2VgLsMeoXLT+5Wno6XTu`
Yara	None matched
VirusTotal	Search for analysis

Name	9973ed776e0504d6_JAVAWS.EXE-FE17358E.pf Submit file
Filepath	C:\Windows\Prefetch\JAVAWS.EXE-FE17358E.pf
Size	18.1KB
Type	data
MD5	`587334ff10f5e8d1073ec62a11740120`
SHA1	`05792a0cf801ebda1898ca9ce26c15d3337185b4`
SHA256	`9973ed776e0504d6b680d7613345492057e895b9b9dd6751acc9d072e012e390`
CRC32	`F6E2ECC1`
ssdeep	`384:oNJbGXf+NhJLPxEHfd0pVSXcGSo99T7GmX:ofGv+t6M2T7GmX`
Yara	None matched
VirusTotal	Search for analysis

Name	e908ea82c5f020a5_RGI1518.tmp-tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\RGI1518.tmp-tmp
Size	8.7KB
Type	ASCII text, with CRLF line terminators
MD5	`6f430c55aec23bc128397127f8e31b19`
SHA1	`669f7c3ade66a1a790c2aec2c1d0bb4ed5ebd6ee`
SHA256	`e908ea82c5f020a5006c5feeaae75b98dc5da5d376ab091c31990554e28a46d9`
CRC32	`C6A04325`
ssdeep	`192:qI6wA1jUr2ol3ilWoTWgzMPiS+XdC8lUwRQHb:CwA1jUr2olylWouwRQ7`
Yara	None matched
VirusTotal	Search for analysis

Name	8e7127c6161a3ab7_SetupExe(201804051522349E8).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(201804051522349E8).log
Size	4.1KB
Type	ASCII text, with CRLF line terminators
MD5	`5e7fa4fa0b34aadd97946b1e8d429f08`
SHA1	`b758bc2270d69da03f9a75ae4b04e4723e6d2904`
SHA256	`8e7127c6161a3ab75f684b0c10ea8d0ad00db49d00546e7591ac961bd27a9d52`
CRC32	`88279EE2`
ssdeep	`96:47Id2ji+rIrN09pbupbplp8pB1pVprpwpTpBopVpHpupWpKpvp7pWprp5hW:47wFC6xn6D139ORDoPpsUo190N8`
Yara	None matched
VirusTotal	Search for analysis

Name	6f8806a904f7aded_arabic.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Arabic.lng
Size	2.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`b0277fb1e01f2c417ac128a7e683b81b`
SHA1	`4265377b929a15d510a6dc07e2c3986751d984c7`
SHA256	`6f8806a904f7aded9c217c8a7fa5f38f13ce0bb5f5a21e0ccb74612c9c9b3eb5`
CRC32	`30870794`
ssdeep	`48:sf8rC2JvLPvHQbQbQ3ktvMpVf5+rwx0w5GcgAuPCnXTu:i2JPvCQbEYrelgT6XTu`
Yara	None matched
VirusTotal	Search for analysis

Name	a06c4473a671855f_SetupExe(20200504233731A78).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20200504233731A78).log
Size	155.1KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`e642294906f5d5a5cee1da40c6d61e64`
SHA1	`08b23e1bd25d8c6b8621d591cf3d81e8d6d4e3a0`
SHA256	`a06c4473a671855f7cc1f985134d3d5b9c3b135048c85a74614e8545a609ecb1`
CRC32	`B55EAF0E`
ssdeep	`1536:amBvM+j8kox8VIVi6mAVIVBNTVIV0aq6iVIVIVxqNxnYBVIVIVf7gxIVIVIVR32w:a4hj8bs6SqnY5adN8qfZl+LP`
Yara	None matched
VirusTotal	Search for analysis

Name	7d4cf4c12caa2980_klokje.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\klokje.ini
Size	645.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`6eafc943cfb82ef659063b558ec46a69`
SHA1	`957bc898591918cb6115ec956b736a21f218e3cf`
SHA256	`7d4cf4c12caa29802e666f1264ab9c6e273ddbb33e1b53228926b5a8c73763f2`
CRC32	`5867A65B`
ssdeep	`12:a4Eqmz2rrp5pjpuDtOpCRWWh37L4a2Kg1nea90KU9LlTYQUywcG:BEurF5buxOQW8L4ZKg1eY019FUZn`
Yara	None matched
VirusTotal	Search for analysis

Name	96e532eb349deb34_romanhour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\roman\romanhour.png
Size	2.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 80 x 10, 8-bit/color RGBA, interlaced
MD5	`d51150b7fa07035717f4007284a73c6e`
SHA1	`62825d81670244a1652fef4573f6b21fd3e61caf`
SHA256	`96e532eb349deb34228ebe3321e0727c3638a0a4f80e7700760c08a436b13ddb`
CRC32	`008A9A27`
ssdeep	`48:rmzGRbMWjvJsO1a/S+2OVag8MQBAYQ7f0wcGrdQiAn7y0Jyd2suRYhZB:r+GtMWm7/aOqBAYQRrSiA7/Jy8NRM`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d338c477d7542d75_hourhand-7.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\hourhand-7.png
Size	997.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
MD5	`ddc1cb30b5b35268f7c85e9e0f2f3039`
SHA1	`41808dbe86473a57f1f327bc4740eaefa9affe4f`
SHA256	`d338c477d7542d753c2e919f66c50fb53f8dfd22ae22d4e54a90db895ef3e433`
CRC32	`5AC43DD0`
ssdeep	`6:6v/lhPkgm0CcgCMkuldXGrr05PMnP8wE3BEdBNmoSaRRClb4Ja96mMcKhTVlljp:6v/7sCE2URmP8RBEdBNmoR04Ja9t6Tj`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8698018387dc742c_media_text-vfl6jBpfO[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\media_text-vfl6jBpfO[1].css
Size	4.2KB
Type	ASCII text, with very long lines
MD5	`ea30697ce1fdeb9e67dd5774bc122edf`
SHA1	`6cde24a866327e3f48e5bfd9405fd889f54d0643`
SHA256	`8698018387dc742c449a6dbbdbd561cac73a02e91e8ce59a67024d8deb60ffdd`
CRC32	`D83BFD8C`
ssdeep	`96:+WgAjrwsSSjDWgnL9QlxrrOi8XxTtF1l7Agv:+WgSEsSSjCgnL9yHOi8XxTtFXAgv`
Yara	None matched
VirusTotal	Search for analysis

Name	ec7cb6388335d394_IMEKLMG.EXE-CF8CFA9B.pf Submit file
Filepath	C:\Windows\Prefetch\IMEKLMG.EXE-CF8CFA9B.pf
Size	14.8KB
Type	data
MD5	`6a12d5e372ee3b186730b5bcd799dec1`
SHA1	`086e360cd825d74bffd2c9d6c916b49456241dbc`
SHA256	`ec7cb6388335d39416fed8d6877e5f07a6973ea9088d204ffb96b3a9888732a5`
CRC32	`A592769B`
ssdeep	`192:X7/pWoZCqiQDxmaTeSxgJr6EefkXPLhNMNgenxzCraHfG5cnsGm9I:L/fZCqxjjxsr6atNMNgenN2FasGmW`
Yara	None matched
VirusTotal	Search for analysis

Name	19dc497a97a19e09_Microsoft .NET Framework 4.5 Setup_20200715_141303844.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Microsoft .NET Framework 4.5 Setup_20200715_141303844.html
Size	713.7KB
Type	HTML document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`6c1cd17427ab482cee87fff12afc63a2`
SHA1	`a73a16e36ef425cfd6a6f639b27ffc9005b31ff5`
SHA256	`19dc497a97a19e096c901694678f9cce82ad551a8ccaf1bd0ee45d9bf0a29582`
CRC32	`F498C767`
ssdeep	`768:fdsOTLyUFJFEWUxFzvUQCOuliWRtdqUldm6PfWwrmRE3vGCa6u/6EA78s8etd790:fdsWyUr+WUxpvUQNJP`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	d97dfa52750abec4_index.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Size	464.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`9be18baf11143c7fbfcd40748000fe8f`
SHA1	`c01c43c4138074b97c30171d75f2c81c36387288`
SHA256	`d97dfa52750abec4e80d8ebff4785f8d2ed5ed73611452df2d491998ae72ae65`
CRC32	`404C9302`
ssdeep	`3072:LK2sjLJqg9yBhadZcR7UAJPo0JagJbZ992EJa5/uD:lsPIse8du9Z99Pg4`
Yara	None matched
VirusTotal	Search for analysis

Name	9876cbe95d2bca6e_black and steel.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\black and steel.png
Size	7.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 150 x 145, 8-bit colormap, non-interlaced
MD5	`747303365a184814658774165bd7c883`
SHA1	`93bb4d77704884f2da950f68aca59f1e60ae9d98`
SHA256	`9876cbe95d2bca6e45f20be2c75b4425dc434ff5e56df4f7db1985f679bf4056`
CRC32	`293DC806`
ssdeep	`192:E6s2mM8JBwjL+2Cze54iq+LMpWZizMVHGzRmz8Lu7vDpri15n:ZSMswf+te3q+o8szRmz8gvE3`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	56339eafd194d4de_Layout.ini Submit file
Filepath	C:\Windows\Prefetch\Layout.ini
Size	459.6KB
Type	data
MD5	`6e1e8838ad2ea04eec9ae901086cba8f`
SHA1	`a64fccf64b870fffb5219dc5f47466d711b5f452`
SHA256	`56339eafd194d4decc0eda433654844020a4596d12294e2ca1841cdb9dd21dcf`
CRC32	`6397C45C`
ssdeep	`1536:9ErLuXY/fZlq+PY83qpW69T/j4efUlD+K4lNQmGLrYt0iuwbPkCGfWMKC1+hHue1:uMgCG3e4oH+dEIy4JvQFvaL0`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	e944decaa4698cdc_OSETUP.DLL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUP.DLL
Size	6.2MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c0feaa8b015dfa39963a2dc576ee4316`
SHA1	`f86d0be83554878df6e18075a70d83fcccc2918f`
SHA256	`e944decaa4698cdc252b56e06c94e403fd801507c72eea35327984cd91a1dc22`
CRC32	`A0FA3059`
ssdeep	`49152:Xw4jwKBUvd8JzttyVY81DasilJoab20Maoc5+OcoP1xbaHdLHkJEZ11QAfloTpcP:EO81DaLlJoab8aocpj+DheTp+`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1012ad506727b85c_UserInfoSetup(20180405152131B24).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\UserInfoSetup(20180405152131B24).log
Size	653.0B
Type	ASCII text, with CRLF line terminators
MD5	`6e120b8a50c0b812a0d0ee697d3683f0`
SHA1	`b7cec399c5cbac96df3b98ac21292c91b15cd230`
SHA256	`1012ad506727b85c429fdaae0de6eea21d6ab29ce69bf9640092c53b6e121509`
CRC32	`43778045`
ssdeep	`12:vA2OLMWUGqgHop6CDVtsrvQPa3mVwWM83KfNHf2WM8BRD0gWNv:vAYWUGXHoMOsrIPOmOWM83KpeWM8C`
Yara	None matched
VirusTotal	Search for analysis

Name	79bd621a88910759_dropbox_logo_text_2015-vfld7_dJ8[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\dropbox_logo_text_2015-vfld7_dJ8[1].svg
Size	2.6KB
Type	SVG Scalable Vector Graphics image
MD5	`3ddde6715bc6ab253d527e22f1b314fc`
SHA1	`7b38c7c58b496611a1e959a4accf6458c302d7d7`
SHA256	`79bd621a88910759e37617b01a7488bd37fecfb6d718c90dae2a1b07e018c4c4`
CRC32	`F943C631`
ssdeep	`48:cJAOKfsoj54hBDOUkMWH4DVDQByNGnXA0OAW9j:ZOKfzUkMsW2lXMlj`
Yara	None matched
VirusTotal	Search for analysis

Name	f753008c1187ce56_PfSvPerfStats.bin Submit file
Filepath	C:\Windows\Prefetch\PfSvPerfStats.bin
Size	584.0B
Type	data
MD5	`1c38bb4319bab7fc03c781663a56b941`
SHA1	`c7fd6a7fdd1d7b6f3249d80db58950f28a01f5c2`
SHA256	`f753008c1187ce5663904a90761135e15df62ce22fad815495728056e5e62aa0`
CRC32	`0DC50BF1`
ssdeep	`3:KXkAYlll6Vklllllv4BMllpelVMlDlMltGsktl/zlllql/bXHjtqbln:KUv/1//vAklM+ytGskX8/bXDYn`
Yara	None matched
VirusTotal	Search for analysis

Name	53b13873417183ad_darkcrystalball.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.png
Size	18.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 259 x 293, 8-bit colormap, non-interlaced
MD5	`7040cf8badffa9d06acdd6ebdc09ee1b`
SHA1	`fd1dd414926151a3ccf845225bd42283dabf666e`
SHA256	`53b13873417183adc06fa7a02f044c4be9ab7a34d7572d487b23df1dc08c8292`
CRC32	`341F4631`
ssdeep	`384:8XK3pDi4J8D6x2f07PdcijEepIP8n3ImeVEvXoGlQVcr:bDicTD7Pd5HIP83IxV3Glf`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3e693bcd12d1beee_apple.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Apple.png
Size	21.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`17a826cf3e44be13dc3d3077bce71456`
SHA1	`2b4067840db9403bc4dff49dd0b4cbc686830003`
SHA256	`3e693bcd12d1beeeae1a419286539dadcbaaa970dc39ec0e4c928431b89684f0`
CRC32	`7C91C3F2`
ssdeep	`384:5tGsRrRU7jBNZv2+ytf2IbDeKuY2PDuRuxm6Cilnov4fsxqZlQ:ukRANuHlzHVa0i9R7sxz`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c8a83d9a856df3ce_mefqbor8xudlt33aztnxgkrt.exe Submit file
Filepath	C:\Users\test22\AppData\Local\mEfQBOR8XUDlt33AZtNXgKrt.exe
Size	4.3MB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`c7207f25a68d4179e9a07969de719eda`
SHA1	`217eb428256ddb5772cd593545a53ff645b4219f`
SHA256	`c8a83d9a856df3ce975abe0dffa5c7f0e9a22469ae21c2461cc3e9c59d541921`
CRC32	`9A15A95F`
ssdeep	`49152:vS7OO75f2R6Hjz40wOUNvzsaSSq7tceaMget9WD5W5VN+JCuyz9p7kuc7ioYRpu1:8fAEHbwOGz5ytu/scOoYOQagnbil6C`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	887ee063f618d73f_greek.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Greek.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`9ca688f0e5f418ab6d24df39ccd336d2`
SHA1	`ee45bc8eeffad60d1f7f54a9894137cab160bcea`
SHA256	`887ee063f618d73f46b7ed49c6a36ae0a117cb060a6af0986a5e31b7270b9d92`
CRC32	`3CA459D8`
ssdeep	`48:fQQV08HDWRNNxzWfwVDmC7yrdxKInE/nzjsGUM+GGAEIHVGVqYNmZ7+5a1PTu:ruNdwwVyPBxhnE/zYGh+GVpGVBei5a9C`
Yara	None matched
VirusTotal	Search for analysis

Name	534cbc29ae677dd9_MSOHTMED.EXE-3422027F.pf Submit file
Filepath	C:\Windows\Prefetch\MSOHTMED.EXE-3422027F.pf
Size	24.4KB
Type	data
MD5	`ad08a72860226b783693aef860e4dba0`
SHA1	`26d2c7b5ae3b8bd0f1802781d6504ba32b6a3e67`
SHA256	`534cbc29ae677dd9e89931a81d7ebdb09f4ac743a44781818237f6f7e575b21d`
CRC32	`C22B2156`
ssdeep	`384:9Ve8+lwHRzMy/XDlLVbnMqc2cew17BXz5EGm:9VeFS6y/pVnS2c/BKGm`
Yara	None matched
VirusTotal	Search for analysis

Name	93b48d4a808dbd19_GOOGLEUPDATESETUP.EXE-14A93FA4.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-14A93FA4.pf
Size	45.1KB
Type	data
MD5	`0efe8c8f39b190f8bb4dc2dc40bda240`
SHA1	`e7171e39a72f5aeccaee8f9a4ee282dc74d74977`
SHA256	`93b48d4a808dbd1963398928f36b4293c2bcf9ca1d5da7b6a117e03f167e1658`
CRC32	`78434C6D`
ssdeep	`768:8gU7XqtR/KDIzGfvncQNwsyZUkHjp+t9UwMGmfU3:8H7XQR9cUQN0ZUqp+3WU3`
Yara	None matched
VirusTotal	Search for analysis

Name	283d50c20a0568dc_TS_842D.tmp Submit file
Filepath	c:\Windows\Temp\TS_842D.tmp
Size	352.0KB
Type	data
MD5	`1dd6daffd8302a10aa5e8c8a1a96a402`
SHA1	`c1638d1aa8defe7762873802066a80e1dd386671`
SHA256	`283d50c20a0568dc130f0460589d84e9e949785a664b48731748f5291c8d63b1`
CRC32	`D545009F`
ssdeep	`1536:xBHE57gMhflL0f416ShPaf/emZckAFfuvlBaSrNQvlBMVxbOVVcPngaewr76nTPb:xb6mlB0vDMV5OEEwr7STP54mtbZ`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	41bd95b40deea2b9_dd_wcf_CA_smci_20200715_051341_086.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_wcf_CA_smci_20200715_051341_086.txt
Size	2.6KB
Type	data
MD5	`69a9de62dcf63f9022e5d43960df39ea`
SHA1	`7f318157166f8fbd2d544fe104d0e1716f971235`
SHA256	`41bd95b40deea2b98c9568d31faf82d372fc92d01d2f5a88f3f90b05a14ad8fe`
CRC32	`85D414D8`
ssdeep	`48:iJunkTu4u5XuBYW1u8siu8lznu8Dzxuo/QO3znuo/QO9vlMxTz3un0l5+Ak:7kSr5eBBENM6qMGQe6GQEdYOt`
Yara	None matched
VirusTotal	Search for analysis

Name	61e5011bb068b291_SEARCHINDEXER.EXE-4A6353B9.pf Submit file
Filepath	C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
Size	129.9KB
Type	data
MD5	`d78cfb19fc6c7d482d189c5358566ad2`
SHA1	`aa7155c1f51cb6b56480cd39a416227e167f8c05`
SHA256	`61e5011bb068b2912e2d8c507802924387b2fbe7f8f6d955422d218fedf35cad`
CRC32	`387F141B`
ssdeep	`1536:Y2hTRiBnkLSyOgqlwaC2mJy4VXESL1kDuKeFpIk8hG+I/yZ87TCSlaYDj5T2mP0c:ebgDcBV0aY57ZazKyYL`
Yara	None matched
VirusTotal	Search for analysis

Name	0ab5df5226313d01_traditional_chinese.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Traditional_Chinese.lng
Size	1.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`1087c3f3ddd9cc72492c6ce37579d069`
SHA1	`3e715a01456d0421d6c407538a69e670cc18a512`
SHA256	`0ab5df5226313d018060b308af3db6c5c9cacf7a1985607c3542380268076f56`
CRC32	`73E2F196`
ssdeep	`48:u8hbLlIx/SDsjUqJPgocfhc65yk8mGaEQNcbqCgjkpRqM4LkXNfua2SiuPCnXTu:u8llIx/SQ4qJPWfhc65yJAElwkAkdH6y`
Yara	None matched
VirusTotal	Search for analysis

Name	bc8d35bfb7f76801_negro.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Negro.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`8f3b521e705b5627f46e7b0013ff6c32`
SHA1	`022116186dbde488c76a3576313b6a85e8d867e2`
SHA256	`bc8d35bfb7f76801fc490b94ccc9f7ee56ed46ffbaec4c6a2863360a11905685`
CRC32	`FBAEB75F`
ssdeep	`24:BEGrGXz5lrUBRyTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:B1qFlQmiEdGmxtPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	d541d668dfcf5f26_Trace2.fx Submit file
Filepath	C:\Windows\Prefetch\ReadyBoot\Trace2.fx
Size	2.0MB
Type	data
MD5	`a733d8428e9361cc273c99720aec0b54`
SHA1	`24bebd93967ab3db1dc307fbc0bb8f4d32a71abc`
SHA256	`d541d668dfcf5f266bbe43918671a72f96c990b918049d71a6977e9556502eba`
CRC32	`2144DF1C`
ssdeep	`12288:AKvAhypHUw9N87hXa0AMHAYIPEWPXf2OOW1o:AKvAhaL9a7hKGgY3W//o`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	6b3961e71ff0eecb_CMD.EXE-4A81B364.pf Submit file
Filepath	C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
Size	24.5KB
Type	data
MD5	`0d74091fffa4234bb7917d22ed2c5b8a`
SHA1	`f5421cf7638976d75389a01d1d63c68041e5ea5a`
SHA256	`6b3961e71ff0eecbe7a5af0e1c0748801f101c1577144cf159fd8ea108864aad`
CRC32	`084B6684`
ssdeep	`384:M4WX1vX3eu52z3QuWXWRaMPLrxWTu6YVXJW8QRH9/aAWsPNXSZu0:MJVw3QuWGDXxWcX8TT/azsFXSj`
Yara	None matched
VirusTotal	Search for analysis

Name	f05d25a154821cfc_SETUP.EXE-67C5457C.pf Submit file
Filepath	C:\Windows\Prefetch\SETUP.EXE-67C5457C.pf
Size	23.3KB
Type	data
MD5	`33ec07d5c9cf731a421bf86d97584258`
SHA1	`75799afb00befd552ad924e080a1c0fdcf3e469a`
SHA256	`f05d25a154821cfcb1e0ebdcf02cf3ed50aab0cdc93ab598159da6eda89f16b0`
CRC32	`3F3C3EE1`
ssdeep	`384:e67tNP06R+GVxBk4IWAmx3vrLUSh8mijagJns8wd:eiNs/yb73x30Sh8PjTJns8wd`
Yara	None matched
VirusTotal	Search for analysis

Name	9eb36a825dec5269_JavaDeployReg.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\JavaDeployReg.log
Size	23.0KB
Type	ASCII text, with CRLF line terminators
MD5	`39b634d6591e968f153a2095f77711f0`
SHA1	`c24ec84f0d3f7a84f2c3c21bb5cef2ba7b2e4e84`
SHA256	`9eb36a825dec5269927e29f79ad4de4d8bbce53940ff4120cd3ae40be608208a`
CRC32	`E6149272`
ssdeep	`384:oO2NyexTlaL733333Dz0gRS6P9EmcgK2zsno+nIXAMURoDfTPu7ejKxxxxxjBXXO:X2NdSL733333Dz9d9TcgK2zsno+nIXAy`
Yara	None matched
VirusTotal	Search for analysis

Name	786d87e5eaedabee_getLoginStatus[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\getLoginStatus[1].js
Size	270.0B
Type	UTF-8 Unicode text, with no line terminators
MD5	`4810e261e5d57ad79ab643044d88bb71`
SHA1	`8b8be4b5eea4fd8292ccad1c8da4968f009d61b4`
SHA256	`786d87e5eaedabee435590f15226d43bc12244711c43024333eb3c1e0008b41b`
CRC32	`55B2CEEA`
ssdeep	`6:s8G3Tg7KQ4hCr2aC/qcZlH+nEOJE1Ys/FkaXeJV+DVN8EWn:xGE7csQycZlHGEXfZXW+NVWn`
Yara	None matched
VirusTotal	Search for analysis

Name	6b1af85883b2ab64_hotmail[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\hotmail[1].png
Size	5.0KB
Type	PNG image data, 192 x 50, 8-bit/color RGBA, non-interlaced
MD5	`4901cfc069f5d64ec8d47550486cb420`
SHA1	`b36a2e42ef9cce426f82bc253f2ff1fc47fbaecb`
SHA256	`6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b`
CRC32	`F899B8C9`
ssdeep	`96:XOSDZ/I09Da01l+gmkyTt6Hk8nTcu+9Vp+8JEfEvV31RnHY7D:eSDS0tKg9E05TwVpLEfEvV311HQD`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c61f93d21895b392_klokjehour.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\klokjehour.hpng
Size	1.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 34 x 8, 8-bit/color RGBA, interlaced
MD5	`3ce465c5a6fa15ed85f3d78b5d9a669a`
SHA1	`d9eb7392ecfb586cc6ba793f44e3ebc6c68d15c6`
SHA256	`c61f93d21895b392ca21395735d01d4514e279ef4ba7a34cc20decd1b818ecbc`
CRC32	`5FDFDA0C`
ssdeep	`24:Vq0kBWKRD/SdTcFMjulNQIXRI/XlvSF+2hAJO0Q28cFkoVHqelN:Vq0Op6dTcm6KuIfE9hAA0Q2NFhL7`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	425d286f16fccd07_UserInfoSetup(201804051522349E8).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\UserInfoSetup(201804051522349E8).log
Size	24.8KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`3ad9ddc7f0fada03b72d78bb9a16c5bb`
SHA1	`4c346f9747b3e39da6d407d60520ff0443eb77c8`
SHA256	`425d286f16fccd07d24c78f350ab67d98cec439b6e9adcc04d348e5407225c97`
CRC32	`3A9E5C7D`
ssdeep	`192:gYsZoBtqjsEX/rXv2oy+c8uXv2oy+c7Cm:gYlujZX/Fb5YbE`
Yara	None matched
VirusTotal	Search for analysis

Name	af050ce22f6b2cd7_test2gmailcom-Outgoing-04_05_2018-14_18_32_995.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Outlook 로깅\test2gmailcom-Outgoing-04_05_2018-14_18_32_995.log
Size	195.0B
Type	ASCII text, with CRLF line terminators
MD5	`d5ebd389819b9bcc3cea91702b5a5345`
SHA1	`3319927301c3c97d7d731d404564480f34657c09`
SHA256	`af050ce22f6b2cd74ba23ae4e8573657c0da6b99729c65962dbac8af7a1d5d99`
CRC32	`AA87FAAF`
ssdeep	`6:usxdY7tIMqi6kpxdY7tIMBgsxdY7tIM5C7A:PxhMjxhMzxhM5Cs`
Yara	None matched
VirusTotal	Search for analysis

Name	f2afc04a24c9d89d_red_shield_48[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\red_shield_48[1]
Size	6.8KB
Type	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	`f413dd8a75b81a154a1fd5e4c4a0a782`
SHA1	`667f7e3da51ca3417a1feb66d238466423c9487d`
SHA256	`f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb`
CRC32	`D96BDACF`
ssdeep	`192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d9723ea171bddde5_PW.EXE-1D40DDAD.pf Submit file
Filepath	C:\Windows\Prefetch\PW.EXE-1D40DDAD.pf
Size	89.5KB
Type	data
MD5	`df346f5a7efe37f7e0c72cc502b2b286`
SHA1	`9e78b22790894150cfd630e9e12dc09990770ae0`
SHA256	`d9723ea171bddde5c3dc8f2e5820e3c3d16cbad08c38c68b41dbcfb496cb1250`
CRC32	`2E8AF38C`
ssdeep	`1536:hARgrnhxMtkCKlH29oPhbtLmRlYMpY4dvX7:6eCKleoP/cSo`
Yara	None matched
VirusTotal	Search for analysis

Name	28e430d0655ec2f1_uhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Uhr.png
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
MD5	`3d8e36965e80f589e391048b6e451828`
SHA1	`24adcdaab515189f8b7e354a414fc9a96458e609`
SHA256	`28e430d0655ec2f1372272ab4de2a7bce4d3d068a6c4ed3c1d4fa38c7c5eb9f2`
CRC32	`37A7C61B`
ssdeep	`48:u3LCLjFmREUcOLr9MoQw5QGojHtHLCZdp37ri1luua27zP8V75m9qz:ufjL5MoQfGkNH2Zdp3i1lujGg`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0eddaab3b8cb0b15_ajax-loading-small-vfl3Wt7C_[1].gif Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\ajax-loading-small-vfl3Wt7C_[1].gif
Size	1.7KB
Type	GIF image data, version 89a, 16 x 16
MD5	`dd6b7b0bf5c3af22499abc0a9ee1e1b2`
SHA1	`e8c0018145d616fac4deb460d9c1d9c9dd4d3302`
SHA256	`0eddaab3b8cb0b15d81d62e5ae5960329c3e576ea78dc321b20734ab20271847`
CRC32	`5999FDD4`
ssdeep	`48:T/4HaRZBFylUzyUOn1X9BNAnkj3hkZ9iO:T/majqloyUOn1t/AnoR2oO`
Yara	None matched
VirusTotal	Search for analysis

Name	ecb57ea8ab125d47_OSE00000.EXE-D36F8D80.pf Submit file
Filepath	C:\Windows\Prefetch\OSE00000.EXE-D36F8D80.pf
Size	220.6KB
Type	data
MD5	`ae7ae5a18e14790b52f5678f401ed300`
SHA1	`bd0ccded9217c567161756ee463f3833940d522a`
SHA256	`ecb57ea8ab125d479c1432c0ec383ba755c255ac27438177023f3e1b55ca20d2`
CRC32	`CEFD5F24`
ssdeep	`3072:I4IyMnCBMQ8RXkoKUVkYBfSqw1sb99cnXQXVX:IByd2Q8RhTxBfRw1spenQx`
Yara	None matched
VirusTotal	Search for analysis

Name	a276f3c81b9c1b57_IME2010imeklmg00000003.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000003.log
Size	330.0B
Type	ASCII text, with CRLF line terminators
MD5	`5696a4adc2b71a23377c495f1abd7e08`
SHA1	`576478949428addf0749be90a4de3b4b4a9f6d82`
SHA256	`a276f3c81b9c1b57c107e26ea12ad27a994f15db075530a4d6838836f16bb9dc`
CRC32	`AC94B243`
ssdeep	`6:ovi4EE2EevpiAktHnRzVHTXkacHTXkZA4EEvPP4vn:o58xiRHRRHTCHTaT6v`
Yara	None matched
VirusTotal	Search for analysis

Name	a60d9c647a8f1349_b3-277220[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\b3-277220[1].js
Size	92.1KB
Type	UTF-8 Unicode text, with very long lines
MD5	`11ba82b2826aaee94851194bd66f1bb0`
SHA1	`4e3ba49ad8c33ffe7f6d1e68a743ef9212dcced6`
SHA256	`a60d9c647a8f1349935a1cefaa8853924e228da62429dedfc739fc18ec3c005b`
CRC32	`A1ABBF5D`
ssdeep	`1536:0fYUV8Rc49fjDAKS7bxqbqet9wIzOIq8u+Y6jtJ1EygXAuhai06iDX3qcpHNEpgT:0f6S7bxAOIKP6jL1EygXAuwqm`
Yara	None matched
VirusTotal	Search for analysis

Name	a7e40a2e8679b045_CHROMERECOVERY.EXE-64100A9F.pf Submit file
Filepath	C:\Windows\Prefetch\CHROMERECOVERY.EXE-64100A9F.pf
Size	45.6KB
Type	data
MD5	`663afccf1bb00435ab8a5a02b9adcaef`
SHA1	`9cdb5fd183eb7b5a6e888b2ef0a2a906dc710295`
SHA256	`a7e40a2e8679b04599fa5fc753acdea1fdd1d514dd45393ded0fa650ff12dea2`
CRC32	`53C86EEC`
ssdeep	`768:muYHPyF65ER+BKEKzyCmefBNP+MqaG4iXGE2LG1fNz1zx:m7HPyFYE0BKEK1JpNP+MqaGCLG1ft1zx`
Yara	None matched
VirusTotal	Search for analysis

Name	424bf20cecbb097f_portuguese.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Portuguese.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`dcd35241bcb58cb9a495aebbee280e77`
SHA1	`a70e368a9e2e5fd002dca142ac7c357bb87b4aa4`
SHA256	`424bf20cecbb097f714fa9bd12b4ea6ec4902f6229fec88c80ff0a28f6e91bcd`
CRC32	`0384CA79`
ssdeep	`48:9DL1hlqQSf339bGvpmxNOp7DIPHCErjK4QvX2UXaUJkwwIG:9DZnqQS3NbCmz5rFQuUhJTwIG`
Yara	None matched
VirusTotal	Search for analysis

Name	32070d5ccca9d3d9_GOOGLEUPDATE.EXE-90B99168.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-90B99168.pf
Size	108.7KB
Type	data
MD5	`694753f32634becc32c980c11c75184a`
SHA1	`c60368c10f2fdc0602615f521158acb89b603f17`
SHA256	`32070d5ccca9d3d9d8e6c6ff64e1583bfaf50ff018e28435264cfa0d67cdb002`
CRC32	`A2AE23F6`
ssdeep	`1536:ewHRyQGxapw2vDw8s10jI9D7sg8HdYnzdA9JgDB:eJQh8KjI9D7+`
Yara	None matched
VirusTotal	Search for analysis

Name	57fd253981d14e29_SETUP.EXE-E199D442.pf Submit file
Filepath	C:\Windows\Prefetch\SETUP.EXE-E199D442.pf
Size	47.3KB
Type	data
MD5	`7d7e4a90232528499e6bc62da198c8f4`
SHA1	`0b996d7a7ae069da187b36fb0accee10c0edc47b`
SHA256	`57fd253981d14e29095ff4f6cfaf99585a432dbabd99f9061cf540d7177a565a`
CRC32	`40733295`
ssdeep	`384:mHZ3OADUMQSLrxY5rOIemtt8RfH/TxJ/WvqJ8A1yda6DnZg9P9LcgGmbWF0qY4t:mHZePyyrpemtQ/TXWyXUY6z67GmbWlt`
Yara	None matched
VirusTotal	Search for analysis

Name	24e3fcb3ad0dff75_dropbox_logo_glyph_2015-vfl4ZOqXa[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\dropbox_logo_glyph_2015-vfl4ZOqXa[1].svg
Size	1.0KB
Type	SVG Scalable Vector Graphics image
MD5	`1f00c8d7fbffef1c69691c917f525f80`
SHA1	`d0743fab77e4f825e34681a5fb2f28d74a613e4b`
SHA256	`24e3fcb3ad0dff75a380313470daaeda6a38319ec723e167995c464c3df3cf04`
CRC32	`66CBBCBE`
ssdeep	`24:2djNAOx8LfscZjCAjE4ipLF0MnDEW0j43im1EXaR:cJAOKfscZjCb4SZ0MnL0y9y8`
Yara	None matched
VirusTotal	Search for analysis

Name	6e5d1f477d290905_ose00000.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup000023ac\ose00000.exe
Size	141.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a432a042dae460abe7199b758e8606c`
SHA1	`821b965267ee15c6c59178777ae7a8dcfc80f4ba`
SHA256	`6e5d1f477d290905be27cebf9572bac6b05ffef2fad901d3c8e11f665f8b9a71`
CRC32	`68A22F15`
ssdeep	`3072:42aACAMfVxHsjqUwkMejsRkCdvR0FlgHIRXmUa9Il6:42dMQRcR0FZXpw`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b379e31a40387b9b_weemsplath.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\weemsplath.png
Size	64.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 228 x 228, 8-bit/color RGBA, non-interlaced
MD5	`e4309650933f9b7f4f7bbcd07161047c`
SHA1	`0c4cbe0f0d28b3ba2c2aed2c555b5b284b86bfa4`
SHA256	`b379e31a40387b9b80c7d7196b15e77921ecf612ff3b3de114da67e7f6d99612`
CRC32	`3BEA996A`
ssdeep	`1536:h6id/CGLVRKm+KOx487IQdf8WCLAl/QMJlW3cyb+C4q:hDxCG2ps0u9ArWkG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6ca32e2a9c5cdb03_DLLHOST.EXE-B2EB1806.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf
Size	16.9KB
Type	data
MD5	`c316e92c5cb9884d0063e5556fd9d2ac`
SHA1	`9ff50d6dbfb480da9cfc1fad631dafb39a80efe9`
SHA256	`6ca32e2a9c5cdb036dfa7b62bb7be4c2b286448eb1092dbaa2951b752b1e9341`
CRC32	`533AE53D`
ssdeep	`384:vcgAoKi1x7WlRpx6gT3aATkpVhNKHA9sNfSb2Ts8ItsfZu:vcZoKyA56gjaMmV3Kg9sNqb2w8Itsf`
Yara	None matched
VirusTotal	Search for analysis

Name	9f02d910b1b8a352_MAINTENANCESERVICE.EXE-FA0B1B99.pf Submit file
Filepath	C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
Size	15.6KB
Type	data
MD5	`60516aea384734c41def4808a234518e`
SHA1	`6a90edf0225126651cfdea45e1fbf545524401ec`
SHA256	`9f02d910b1b8a352c1ff8937930a2eb1634b8f52266963071c75b65755070b15`
CRC32	`D003221B`
ssdeep	`192:ANKdbKi8zkhTE5JyWwO9NwrBW7xUGd06SFWPrjSeVfXMELnMhDncFqQEOtWxP4dT:AE5KLJcObDGZmSeVa4oxPN55Gy0`
Yara	None matched
VirusTotal	Search for analysis

Name	acf1e10098ec5727_UserInfoSetup(20180405152044A34).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\UserInfoSetup(20180405152044A34).log
Size	24.5KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`a03d1a5734618257e81f633ccdec8397`
SHA1	`dcdf1e992c1faf5e8081db5cf50da1c7ef7298db`
SHA256	`acf1e10098ec5727bc402e1a70c7283c3bc52c98009d38fd0698f92f771f4650`
CRC32	`C4D41E97`
ssdeep	`192:5msZoBhCjsEXzrXL2oJ+c8yXL2oJ+c7PW:5mlejZXzxA5UAt`
Yara	None matched
VirusTotal	Search for analysis

Name	1a93f6ed5578452b_earth2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Earth2.png
Size	23.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 99 x 98, 8-bit/color RGBA, non-interlaced
MD5	`3d11a2f8562dd07a4d1c0bccad601535`
SHA1	`0f123de33890fd36a1e11a7b8e4f15ca68bdadcc`
SHA256	`1a93f6ed5578452b808bdadf9a19c889d262c2264c98a204aec82cfd35eda4a7`
CRC32	`45A1BC59`
ssdeep	`384:fG3wnDvFur/1BzxGeMzVDrTYk4cOLS28OG55+cqkem85Y2YErO5nEOmYKyhMAiw1:xnpu5DczdY1cOHmed9y5H7JUGf`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e444253e619e3599_default.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\default.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d90f48df60acde7569bedc4c4b5c7ac3`
SHA1	`75229a0ad9d810d292b746d9b2fa04514c509d72`
SHA256	`e444253e619e3599ab17bd1927911b8f0362254ef469886edb53a6fae9c580ce`
CRC32	`F03483E5`
ssdeep	`24:BEZrGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BkqyllTJfgLFK3MdGmQ71PXQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	93c5d3a982e8bd1e_ballclockaqua.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockAqua.bmp
Size	31.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 104 x 103 x 24
MD5	`25f334f4a79dad4448c324bc0200f02d`
SHA1	`306892204ce74fc72e197788e4ed03270574e889`
SHA256	`93c5d3a982e8bd1e17579d41a833155e5bec92fcf2063d6e14b9f7e8f6fe4613`
CRC32	`6857FD26`
ssdeep	`768:Hc0SD1wzFxbmt9DT8vkbZKHrI2mmLyKBRygYK0s:80w6ZiSVlbyKBbYo`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	13eded24bb1a6778_SVCHOST.EXE-E2D039A7.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-E2D039A7.pf
Size	89.6KB
Type	data
MD5	`6a9eefde7b7704fc16bf1e4960611a6d`
SHA1	`6affa4a843199fbede9d5de03044edbb1a80df8e`
SHA256	`13eded24bb1a67788592b9ac7575898a4b81fca293e8254eff9794225b420731`
CRC32	`E7F7CA07`
ssdeep	`1536:SKWHVfWn5oHabRXMXCxE5T79r/CV/90PgBmirZFMi:LKhdGbm2`
Yara	None matched
VirusTotal	Search for analysis

Name	8633dd0386acb524_original.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Original.png
Size	18.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`e22608fecba37804abade6a53491d5f5`
SHA1	`dc6332d7e549a5d0e784125dced56b029ef0f902`
SHA256	`8633dd0386acb524e19decb2546525086c13723eeaca26daf16a91507a142c97`
CRC32	`B8710DFC`
ssdeep	`384:f6sWIpV7vdV85P6H1LNCaP3TzMVAr/bR5fy/GPr5Kzd99qjEHwyxZ6rlgSS1Gh+n:nWyV7L2P6Vx3TzMVAr/NBy+z5Kh7wEHb`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ce0e3af094d20db3_CHROMERECOVERY.EXE-97998C2D.pf Submit file
Filepath	C:\Windows\Prefetch\CHROMERECOVERY.EXE-97998C2D.pf
Size	23.8KB
Type	data
MD5	`33b7f7f3c8a316d1bb23512ac533f38b`
SHA1	`92f9682092203cdfacb1b78fefd3dd1c5d1ab095`
SHA256	`ce0e3af094d20db319aad5740cc2ac8a02f96f40a59ea4e4d3a672cbc2b11f22`
CRC32	`B8C11B44`
ssdeep	`384:D0sKkzk9w4iucdYS1DTxYmZxpo1TIGMEL:DdVEWbL0NIGMEL`
Yara	None matched
VirusTotal	Search for analysis

Name	540cfb2ac68142a7_MSCORSVW.EXE-57D17DAF.pf Submit file
Filepath	C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
Size	22.1KB
Type	data
MD5	`414b77ba91e807fa1bfb2e7a7fa7a69e`
SHA1	`ee1574d7e7926a352fd72b28374da56378b16e41`
SHA256	`540cfb2ac68142a7347f05e821ea9f49b7fc176314210890a36caaa97579a998`
CRC32	`EA892EAB`
ssdeep	`384:BE4SlB3fpKCizEIjm1NF+cq4w4Vi9ea0/fgwIl5sYt9RVistBpHLq/4xc6uS7T:BnSPgCizLjwNF+obMApSs4Rksi`
Yara	None matched
VirusTotal	Search for analysis

Name	c47b083d1eb8e7b7_IME2010imeklmg00000001.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000001.log
Size	868.0B
Type	ASCII text, with CRLF line terminators
MD5	`df7515087d924fc8eccd42a4ddb5a2b7`
SHA1	`f43cb89504ab39f38405848ae5ea6e5b0e9056f6`
SHA256	`c47b083d1eb8e7b7e2c7d1358af3fe284be7744a57600687afe0f449e0b18de3`
CRC32	`FB5E3989`
ssdeep	`12:oHp6YHaRHqxYHaRHqMlRHA5wHTPiTcHTJMRHA53HTaJTv:nYwqxYwqqACHTecHToA1HTq`
Yara	None matched
VirusTotal	Search for analysis

Name	ccaec9d7a575b615_cabA0CC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cabA0CC.tmp
Size	177.8KB
Type	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5	`ca833c3853b7d394d39c460da2ee3db1`
SHA1	`d24d61e6df9d4682e30b88728ce4c474b5004a5c`
SHA256	`ccaec9d7a575b615342e9943c1c18ad9dcdef3219d7de684b33269b4f8c0e3fd`
CRC32	`B7E77569`
ssdeep	`3072:3KalR8doLUaBAq3B5tLY0pgJ5W/DzzrozHfPxOgiv:35GdoLJYWFP44d`
Yara	None matched
VirusTotal	Search for analysis

Name	ab828bd89229725b_firstrun.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\outlook logging\firstrun.log
Size	371.0B
Type	diff output, ASCII text, with CRLF line terminators
MD5	`e852f16578349082df20657c59dfdd7e`
SHA1	`75fe41ef161281dc6ca5e1cae985afec08839459`
SHA256	`ab828bd89229725b5a5f585ff9c24c15be17186fb02211dd4e8607b2d9c672d0`
CRC32	`47A3C83F`
ssdeep	`6:YD5jyJeHSkgMGgHhg9wZFQASE6LhGYB08DQUcd6B0LOOJRKEy9YgLse4LMgLk+:0VyJgSXMlDZOASE6VGYB08hhBKOY7yBG`
Yara	None matched
VirusTotal	Search for analysis

Name	e0840d2ea74a00dc_ioi8yd2upb6fg1ufkh1hc1to.exe Submit file
Filepath	C:\Users\test22\Pictures\ioi8yd2UPb6FG1ufkh1HC1to.exe
Size	7.3KB
Processes	2400 (CasPol.exe)
Type	HTML document, UTF-8 Unicode text, with very long lines
MD5	`5b423612b36cde7f2745455c5dd82577`
SHA1	`0187c7c80743b44e9e0c193e993294e3b969cc3d`
SHA256	`e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09`
CRC32	`8FC72A1A`
ssdeep	`192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu`
Yara	None matched
VirusTotal	Search for analysis

Name	ab9b7235119d95ff_SPLWOW64.EXE-297C4568.pf Submit file
Filepath	C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
Size	13.6KB
Type	data
MD5	`840b5d9b1b0094dc422dc298c9594f89`
SHA1	`9a52b6d062ec2b072bff0d6ba0447ed734ffd847`
SHA256	`ab9b7235119d95ff4ccc1fe176771caab4843ed67a0a4f69e2c6e1587c9cbc24`
CRC32	`79AEC3D9`
ssdeep	`192:OzWppZ4wYtmibl5c8h9J5f2eeM/YrjMrFShuKkAVO0s9oCau0u:OCppZnvMzcuh2ergjwHTA7sdaux`
Yara	None matched
VirusTotal	Search for analysis

Name	79dbbb2de47a367b_bosanski.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Bosanski.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`4dad1a9bfcb103d54b06909abb097536`
SHA1	`b4d125726c841fdbe717be04fb22843c2fdee837`
SHA256	`79dbbb2de47a367b70646dccb4af1dfcd56a9adcd4959d82612cf6889b1d8cf7`
CRC32	`CED880DB`
ssdeep	`48:OeeySYKHbJVvLmhXm6NPL+Y4EGidNoiqiEUygVMg+a3kGjkIa2RFmk4SaTv:OeeySFbJhLm86NPL+1bwSPU50a37BVI7`
Yara	None matched
VirusTotal	Search for analysis

Name	80d565fdedc4640c_ballclockred.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockRed.png
Size	18.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`48c63e4358b3c3747f617a6b636acd74`
SHA1	`e22eb43b6e4eb4bd758bc3f8a07cfd4589a2b616`
SHA256	`80d565fdedc4640c7f0c1086b53b0741449770899122ef1e4bd718ced53f2523`
CRC32	`2E37DBB7`
ssdeep	`384:56UKEwcqBzASUGvcXbSSnUWCi6WExgCY9vgHA:Av8qBzAfGvcrSSnUX3XK`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c20964406739a4c5_MSIC11B.TMP-CD0AA47F.pf Submit file
Filepath	C:\Windows\Prefetch\MSIC11B.TMP-CD0AA47F.pf
Size	11.5KB
Type	data
MD5	`961187733aaf3881a60f1d5d7c14b9f2`
SHA1	`877e4b3cb031a5812dd960843aac25a1e1725f40`
SHA256	`c20964406739a4c5d2f85cfdf81a744fdc2ee16d25515ea7f744ecfb075a74f0`
CRC32	`19C97AC2`
ssdeep	`192:niq2g8lA9OzssULzgHK5K3DkkCoovfAbmJcXiF4DK1CsQvq1AzmZs/C1wjeZQrTK:ijrzM8HNkhoCRwCxs5a`
Yara	None matched
VirusTotal	Search for analysis

Name	3796cf0105972a78_blueballroman.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`d7bc067beb09ee29e2ff239b39dbc1fb`
SHA1	`26b5b966ee8872a2cb2fd038a8d9448826e77aab`
SHA256	`3796cf0105972a785f485135ed1429b778ec9a3549a24eaa2796035f1d84e9d8`
CRC32	`33328410`
ssdeep	`24:BEarGXz5lrUBR6TO5P10X7kpFgIGIo8Jim03NPeibQ0Wd9iBxLuQI:BhqFlQP1IIGJoYPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	205d000aa762f3a9_~DF2C79C1E8AE840965.TMP Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\~DF2C79C1E8AE840965.TMP
Size	16.0KB
Type	Composite Document File V2 Document, Cannot read section info
MD5	`679672a5004e0af50529f33db5469699`
SHA1	`427a4ec3281c9c4faeb47a22ffbe7ca3e928afb0`
SHA256	`205d000aa762f3a96ac3ad4b25d791b5f7fc8efb9056b78f299f671a02b9fd21`
CRC32	`115F6835`
ssdeep	`3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	768d3a6bd89e8888_ASPNETSetup_00002.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00002.log
Size	4.7KB
Type	ASCII text, with CRLF line terminators
MD5	`aa470a73547f51a42b232ae33b144e74`
SHA1	`ee06b256c62b1adc3c69a2e8604836f184e16acf`
SHA256	`768d3a6bd89e88880e15dff028aee64b1f4627c195b84f17885e0e5996af8af3`
CRC32	`56D6A419`
ssdeep	`96:2U+YO3OfW0S/087hK7haR0ANO3OhiSB2fEU9t:2QO3OfW0m0Ehyh6O3OhiSBAEi`
Yara	None matched
VirusTotal	Search for analysis

Name	a99cd68112261a50_OffSMDL2.2.59[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\OffSMDL2.2.59[1].woff
Size	21.9KB
Type	Web Open Font Format, TrueType, length 22408, version 0.0
MD5	`11795bc7ac1923cb41969717aa3f8cce`
SHA1	`159356bef85fed1e63e742d1117b564421e98400`
SHA256	`a99cd68112261a50cd7eb022b9ef459f3733c4d646e0caa5b1fd5223bee27d15`
CRC32	`DA05ED65`
ssdeep	`384:2OSLdVfCZmavl8XPG6RWutoLyudzmXqWNlWQUrWoxSV5lWCFeN8icfkfp0D3nnJZ:ELJXPD3vX3nm3CoC0N8j3nJsePGKT`
Yara	None matched
VirusTotal	Search for analysis

Name	69274cc505982e37_bigben.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BigBen.png
Size	50.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 254 x 254, 8-bit/color RGBA, non-interlaced
MD5	`20f7051c41230a7c304ae9fcc2b1672a`
SHA1	`6f601c41ac367325375df553ec8c3e2907a4a6ef`
SHA256	`69274cc505982e37f5cc1cf478775e4fe5cece83ab1c836e924c4fbc702391cf`
CRC32	`0F0E26B7`
ssdeep	`1536:ycHNm1xLbHcKpCtCvfMw3kGMZ2Bc/p8Xp:Ftm14C30Gw2Bc/p8Xp`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	76f559f709f54602_ASPNETSetup_00003.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00003.log
Size	3.1KB
Type	ASCII text, with CRLF line terminators
MD5	`241cf4b4722dd4e799735afb98c9f896`
SHA1	`301734d5eceb81faa31b7f325950d4a74a6b825e`
SHA256	`76f559f709f54602f5fa55800555aeb26708df6fac61752b6163aa5b8afab072`
CRC32	`466EF72A`
ssdeep	`48:VGUEYOpOw1+QxIg/eGN7hQ7hnirjEL2lkwLGGzt:YUEYOpOrYIg/eC7hQ7hgjTGGzt`
Yara	None matched
VirusTotal	Search for analysis

Name	7e1947aa387e9e85_jaguar2clock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Jaguar2Clock.bmp
Size	37.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 112 x 113 x 24
MD5	`1fb082e898c2dcf91f26d998690b30a5`
SHA1	`87a4dc0d6f778717bb9af2e2f2b7853cd1cea6f9`
SHA256	`7e1947aa387e9e85b3e8d83eb850dd26c47c301b4a7f9ccbc098d0c902996f92`
CRC32	`009012B6`
ssdeep	`384:mhipaBfLvA0hW8KqcE/iq4UREimrRPwavK:KipG/W8Jc7q4Uaif`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	4298489ea4e99bb8_turkce.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Turkce.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`af5bf71bf65c85430f339fd263d19e60`
SHA1	`5004e292e76559c176a0a2bda06fdd75aa0788ec`
SHA256	`4298489ea4e99bb8cf68c0051312d10424e17026a82a868f9fbe16014244100d`
CRC32	`58C2C437`
ssdeep	`48:vfuHDUxQ2FPl6UoFzHioqkIqKpyLm50pN+b2DFFakIss2q8WeHSwTu:vfSgxQ2FtxAzfIpyLHN+qPm2C6Tu`
Yara	None matched
VirusTotal	Search for analysis

Name	35a3e61e917a23f0_romanblackhour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackhour.png
Size	853.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 55 x 8, 8-bit gray+alpha, interlaced
MD5	`042882177aab65a2b945b6bcd293c7da`
SHA1	`5c7588dce0dc34cc5dc4d4bef84ec738dfee6860`
SHA256	`35a3e61e917a23f068d2e4b3c2e7503b1c2bca5d610f4a106bf686bae441670c`
CRC32	`196D65C2`
ssdeep	`24:VqpER+AftkhOqlEWJYK+HGhF4oXzpCkZix64h:ApEUJYe5JY4hF40FZZG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7b4f72a40bd21934_jawshtml.html Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jawshtml.html
Size	13.0B
Type	HTML document, ASCII text, with no line terminators
MD5	`b2a4bc176e9f29b0c439ef9a53a62a1a`
SHA1	`1ae520cbbf7e14af867232784194366b3d1c3f34`
SHA256	`7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73`
CRC32	`FF20B03B`
ssdeep	`3:In:y`
Yara	None matched
VirusTotal	Search for analysis

Name	8de577d96c63e9b9_nederlands.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Nederlands.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`c817194b9bcbd2d5323b0a6d7ef7c56a`
SHA1	`810c07d0d0385c428d5d1b4be7fc00dff3dce76d`
SHA256	`8de577d96c63e9b9e2d7211bc900718f872c6ebe3979a83f46876fe768b1aa09`
CRC32	`963FAC45`
ssdeep	`48:fm2ZJkrpaZ4DbqfTHD2E5tFUHzRKZmu1dE69x279IIjHim90gcqID+mTu:fm2ZJkESHq7FqRKZPZ9x279PjpOY5mTu`
Yara	None matched
VirusTotal	Search for analysis

Name	2deb821546723ba5_aqualarge.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\AquaLarge.png
Size	45.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`fd4e0d5d5a8a964e2b25d1cfebe5a4a6`
SHA1	`ca0a5d1f4d0d7910f6677113710278c766902ab1`
SHA256	`2deb821546723ba504dc12614b388cfbccb785c74d7c5ec04033e66642187771`
CRC32	`9644972F`
ssdeep	`768:Mfbx5EU99lKeGQVYgofZgJTe1mY3FABwXRfrd5Z3H0Yzf5VrZmX:Mft7seG3g5e1mY3EwBR5Z3Hnj5VtmX`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	5198ae71c0b8b8af_ss6yx9ebpdnr7h5awivdv6bl.exe Submit file
Filepath	C:\Users\test22\Pictures\SS6Yx9EBpDnr7H5AwiVDv6Bl.exe
Size	743.5KB
Processes	2400 (CasPol.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`faf0d1a297e74fed509e1c473b3d2a06`
SHA1	`ed50e669e4d5ac02bf61b065a674d29501bb780f`
SHA256	`5198ae71c0b8b8af29ee6665b8c33e37d0c03ac097470e39cd6ce4930a1dba9e`
CRC32	`1B27BA73`
ssdeep	`12288:mm0FAOLsv+v0DNWR9AZ+tJoOff0RYm8hcaM9c5T1KuPZ1MIky5Jtu2v:xCsv+v0DNkmZIJZ8RH8OCDiIky5S2`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6242a15a05ec07aa_zrs0ntuaylsq91ssl1lxhjbs.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zrs0ntUAYLSq91SSl1lxHJbS.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`de68c356102308214f89bd12f99ef194`
SHA1	`29336d339ff32020c94869383bd62fdbaf513f31`
SHA256	`6242a15a05ec07aada0381e7ba1338a591946784001af6eaf4e4ab2449a3c04a`
CRC32	`2B5F8AFC`
ssdeep	`3:Ljn9m1mWxpcL4E2J5QPDn1U0TL4iF:fE1mQpcLJ23QPDCIv`
Yara	None matched
VirusTotal	Search for analysis

Name	3b5aecd81b46aaa3_dsx4.txt Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DSX4.TXT
Size	52.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with no line terminators
MD5	`cca118da9d40aa92b4c49ea17402e071`
SHA1	`933017121e0b936b1ff2be7e3a0bab114540e8d7`
SHA256	`3b5aecd81b46aaa3bedad81de9a9b988f80b9eba4552957500b842e61b27570b`
CRC32	`509097B6`
ssdeep	`3:FERjVM0lLLiRFQLZQ:FERjzR66Q`
Yara	None matched
VirusTotal	Search for analysis

Name	858d8ff1f4f91c37_groennekugler.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\GroenneKugler.png
Size	17.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
MD5	`b32a0c1c5d6ffedd2af545f0c774cf67`
SHA1	`a16b334b7b7a19b2f04842c2d586a7d14e78385b`
SHA256	`858d8ff1f4f91c37d2034d3e39fd1b7b9222f63199a92f133766d0c8d03aff41`
CRC32	`02F3AF92`
ssdeep	`384:mp5XLNVMnsvqqyUuXWEDgdYpUN8y5t0awON+:m3LEXDWEO600sN+`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7110c85a78477162_SEARCHFILTERHOST.EXE-77482212.pf Submit file
Filepath	C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
Size	16.2KB
Type	data
MD5	`f2a05f2b858c956ee2c0809cbd978f29`
SHA1	`b9d0f87c92c6644bf268f42cab9f7316e226b7fa`
SHA256	`7110c85a78477162624e94ecc4f0ee9c03597ac0c547346df905e101d2d89440`
CRC32	`2F3937F8`
ssdeep	`384:4wkbSnJ3F2Qa3RAkf8p3cWVf3Lrb8cYwADflEsUK+uFTN:4waGJA9f2MWlPb8c9ADfasjN`
Yara	None matched
VirusTotal	Search for analysis

Name	74441313bb1fb625_gap[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\gap[1]
Size	44.0B
Type	GIF image data, version 89a, 10 x 1
MD5	`96c4c871750d7ca05dfa18ce6a85d369`
SHA1	`afe63ad72576922e708bdc0bd7bffbec84fd42f5`
SHA256	`74441313bb1fb62500484443c4937e90d4e335351a4fcd12a9ac48448500e33e`
CRC32	`13E752AB`
ssdeep	`3:C3WvExltxlrlen:ncFlen`
Yara	None matched
VirusTotal	Search for analysis

Name	600ae52eaffcb88e_Trace5.fx Submit file
Filepath	C:\Windows\Prefetch\ReadyBoot\Trace5.fx
Size	3.2MB
Type	data
MD5	`d37ec71bc2356c0b730ac127be0f3cad`
SHA1	`29f3d4d23e49b373e0777a0ae4feb30bcef92c93`
SHA256	`600ae52eaffcb88ea978ddd2b2318cc3261e079ba78295c8236840db01349729`
CRC32	`2144DF1C`
ssdeep	`24576:6sDL96sY01tb3Ozir6oNEB2zXn+6oH0tjZoKIapK:CsY01t8irljTRoH0lrK`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	75d0b1743f61b76a_index.dat Submit file
Filepath	C:\Windows\SERVICEPROFILES\LOCALSERVICE\AppData\Local\Temp\Cookies\index.dat
Size	16.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`d7a950fefd60dbaa01df2d85fefb3862`
SHA1	`15740b197555ba8e162c37a60ba655151e3bebae`
SHA256	`75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a`
CRC32	`D2D57D77`
ssdeep	`3:qRFiJ2totWIlXllll:qjyx`
Yara	None matched
VirusTotal	Search for analysis

Name	6f7a122a20dcbfa6_SVCHOST.EXE-61AE5AB6.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf
Size	22.0KB
Type	data
MD5	`7a721f26ee537423e3fc723f7da40a4b`
SHA1	`557a28f952ece6aad9c661eb90bcfa5e2badcf9d`
SHA256	`6f7a122a20dcbfa619a73ce3d82be552b7ce6d9fbed2332eaa92abe1407faa77`
CRC32	`DE3888C7`
ssdeep	`384:CfZSs9wLqs/3PULQGjOdvXO8kcexFK+nElSDell0vlMymesWjmLu9:CfZ3wLTAQbvOBcKFEcell0viy3sWjmO`
Yara	None matched
VirusTotal	Search for analysis

Name	5c2faa546c5860e6_wonderglobe2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Wonderglobe2.png
Size	20.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 95 x 95, 8-bit/color RGBA, non-interlaced
MD5	`6c8f406a6aa5dbfc6dd07e10842867db`
SHA1	`b2e7fa8aae533ed129f3a5ba1733a89a5ca42105`
SHA256	`5c2faa546c5860e69f39c7bcf97d67f473f3301ee19460b9769934a946fef390`
CRC32	`C2E16EDB`
ssdeep	`384:USxy+3/jChO3XBcz2dlqj4SH1kp+6tqmBbBrf0EunL3a2OtT89UvEPa4DRnlO8za:vx//jJ3Xazmg4SVbgzBran7J8TFj4DtY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2842973d15a14323_desktop.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\desktop.ini
Size	67.0B
Type	Windows desktop.ini, ASCII text, with CRLF line terminators
MD5	`4a3deb274bb5f0212c2419d3d8d08612`
SHA1	`fa52f823b821155cf0ec527d52ce9b1390ec615e`
SHA256	`2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38`
CRC32	`6C4EDE16`
ssdeep	`3:0NdQDjo8hzUzYcB:0NwosUzxB`
Yara	None matched
VirusTotal	Search for analysis

Name	d0df0ce0e36de4ec_mickeyclock.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MickeyClock.ini
Size	678.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`11e9efe0037da4f0fe989ab84830ba3d`
SHA1	`ca50ec23fcce716d006a4bf0bcb12d24b337154b`
SHA256	`d0df0ce0e36de4ecc1d6b132cccba792033d86cb8bb5c93c8bd9998bb705c56f`
CRC32	`08D3A1CC`
ssdeep	`12:a4EqmYLrrcR5pjpJrtOp0BP5oHy4yjQp2i0dO92HOFLlTYQBSwcz:BEQrm5b7Ouh5obykcix4OFFLi`
Yara	None matched
VirusTotal	Search for analysis

Name	0a74fc0ffa8dff0d_longclock.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\LongClock.bmp
Size	37.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 122 x 104 x 24
MD5	`224d809351eac5981a93d5f78f325a14`
SHA1	`a28af5df1908b2527e827931849d7891f6b2e508`
SHA256	`0a74fc0ffa8dff0d8a080c3306ca98707be271e02458879ea533cca5bf43c3d8`
CRC32	`70544C39`
ssdeep	`768:+SY8aR+Fh1mCcbLhN5PJsmU9exbK1UUWkOuRuaUivtgc:6V2zmCcbzPsmZhK5bRuitx`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	7395739003ab6d80_MSCORSVW.EXE-245ED79E.pf Submit file
Filepath	C:\Windows\Prefetch\MSCORSVW.EXE-245ED79E.pf
Size	49.1KB
Type	data
MD5	`763250e18ed879985469411d064b2a6b`
SHA1	`516346e242b8ebd72ed5e5f7cb57f04200508af0`
SHA256	`7395739003ab6d8065c933edc872249c03fbb204d4c16630d310a613c8aa3a60`
CRC32	`145BE0DA`
ssdeep	`768:qP1oE112xeyNrTRNoEk6qxTlrkbtrj28sn5Hn:qP1oA2pRFNoEdqbrQtWxn`
Yara	None matched
VirusTotal	Search for analysis

Name	8206494360928e9b_minutehand-7.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\minutehand-7.png
Size	994.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
MD5	`938cc637343645dc9c62b076d5136eea`
SHA1	`aa97737ce6ed4a6467565ffae188b8065e3584dc`
SHA256	`8206494360928e9b8567fb00b05249b2e484cbffe61297ce3aab13c19319f657`
CRC32	`42D50752`
ssdeep	`6:6v/lhPkgm0CcgCMkuldXQPMnP8wE3BEdBNmoSaRRClY4bbGVic1xu67z3p:6v/7sCEwmP8RBEdBNmoRP4bb7H67F`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c4cf7021ef0fb7d2_RUNDLL32.EXE-411A328D.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
Size	305.8KB
Type	data
MD5	`4b127638bf6866e0fd1d60fc02af3398`
SHA1	`8b745f241edc6642edcb87dc7b310730178a5433`
SHA256	`c4cf7021ef0fb7d22b0849b2fa72961df39a72d0b50e8653011743da5f5dc2d7`
CRC32	`57993A6E`
ssdeep	`3072:rzyKSDgusVU1WwxkCb834SgoL9CbJsON/OyV49e:bmgJYWp4iCbJBNOe`
Yara	None matched
VirusTotal	Search for analysis

Name	70964a0ed9011ea9_ose00000.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup00000994\ose00000.exe
Size	145.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9d10f99a6712e28f8acd5641e3a7ea6b`
SHA1	`835e982347db919a681ba12f3891f62152e50f0d`
SHA256	`70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc`
CRC32	`8D3DAEF9`
ssdeep	`1536:vC4QOL26NOd32mM6X/pGzd4t/qcarbwNfQ8WfQJ+ItkbKR2zy2IoN7Zo86eAI0UV:K4QgNOd3z44Kw6JrokFyF5Zat/Vq09oi`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	cc51c20ef9133b8b_backupalarms.bat Submit file
Filepath	C:\Program Files (x86)\ClocX\BackupAlarms.bat
Size	70.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with no line terminators
MD5	`c8bf8f5a39c3cd41974f240de82a0e75`
SHA1	`f37b3319d1349ddbc34a3229ffe5f567e845c058`
SHA256	`cc51c20ef9133b8b13f5ddc0464679b81677413cf34a5b70785abfef857367b5`
CRC32	`B011B0CA`
ssdeep	`3:8hFgEYiXukHqp2YR3snjo1q5hXIWn:8h23iXzj83GU1qYW`
Yara	None matched
VirusTotal	Search for analysis

Name	0fabbe61f9e6638b_ballclockred.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockRed.bmp
Size	31.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 104 x 103 x 24
MD5	`e26ad55938ae56feb11b2450a5a02b0f`
SHA1	`5436a23577c3f33038963c8f44d8bee50dd5fccf`
SHA256	`0fabbe61f9e6638b396fe35f2a02ccab1af7d2de40e284318565b7983fd58408`
CRC32	`6DE62367`
ssdeep	`384:DM7J9t2ORX9hUmbPtJ4T9oF4UeMPNShuK/3mNvQTgUX:w7JPX9hFnoiF4UeMFeum04Tgq`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	0dc9adda1ac844e4_aquamade.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\AquaMade.png
Size	27.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`9aae18427a5bf4b00f9ba4a58ae01a05`
SHA1	`4d59ce4542295d5c2e5b9a9325c6191c3ae25fe7`
SHA256	`0dc9adda1ac844e4a8c3d5a9033b2ee35d1afc81988faa155e88308aa16d9499`
CRC32	`4FBAB71B`
ssdeep	`768:xp4+24RPlPmseLV72TgAUjwVq16Z9Xd12XIVVL/wUjJ5Vq:jpHheh7fvjwV2m9X2O/wWJ5Vq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1d47eb67a9025116_eq7mxwvyoavkp6po5u4o8umy.bat Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eq7MXwvYoaVKP6PO5U4o8UMy.bat
Size	70.0B
Processes	2400 (CasPol.exe)
Type	ASCII text, with no line terminators
MD5	`f5f0e3bd49f368bf0372fc69d2db47d9`
SHA1	`16debfa4e81216ebd89a2625b2040608ce77578b`
SHA256	`1d47eb67a902511627f67a3d5e9382894a235c2d03e24645786c91985d210cc7`
CRC32	`D28B350D`
ssdeep	`3:Ljn9m1mWxpcL4E2J5TdVUw+Bnmn:fE1mQpcLJ23L9Am`
Yara	None matched
VirusTotal	Search for analysis

Name	8f8e24924515ff1c_aqua-clock2.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\aqua-clock2.bmp
Size	37.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 112 x 113 x 24
MD5	`fad209473000f30fb8ac132e5addbb94`
SHA1	`5886423659f1de4d705ba68583c3b36d9a3857f4`
SHA256	`8f8e24924515ff1cc157405fd35a2dfa60e49558a4e11cae4406d88c75202bd5`
CRC32	`9A5A84AE`
ssdeep	`96:mEPBcUiVCRGqKcOnrmGDVNdKh9B+QRGB9Ov7OPcmn:mEP00xRGhQG`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	dc1768ee7f261fa7_MSCORSVW.EXE-C3C515BD.pf Submit file
Filepath	C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
Size	41.2KB
Type	data
MD5	`ca3d170e9edc29fc31d3f5453c0cdc98`
SHA1	`1b0ebfa81d6ada17c1072cb38b2c6e48a95a2ab9`
SHA256	`dc1768ee7f261fa7d9434f14298d50f9ee352092ce8b62ad76a3c135a227c33e`
CRC32	`1E339D65`
ssdeep	`768:FjD+fkN2F3Dyg+MgHeIpxGmRiTXqJ8rzdGms38xYp04Ug1:U3DygVGFbGmunY`
Yara	None matched
VirusTotal	Search for analysis

Name	c0e1c48439536075_ballclockice.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockIce.bmp
Size	31.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 104 x 103 x 24
MD5	`6c0b705bde7d2afe37253e45524b729c`
SHA1	`46bbaa392e19944fa0dc67a867d6bab5c5fabe8d`
SHA256	`c0e1c4843953607594fa2d32ca85bd516d6bf19fdac0c49f6d7c71702dec57f1`
CRC32	`293AE092`
ssdeep	`192:DZ8oIe45flGoS3iItFTeQsHyXw7Hmyak1v+1fveN3e9Iy6CGCMV6JgMuutekplCl:DFRSItFaQsHyXw6kIqD0lwhI2uy`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	e7ff7af9f3faa555_jusched.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jusched.log
Size	70.2KB
Type	data
MD5	`e00a8a5a0510b43ea4028d77b4da4e7c`
SHA1	`98398ffb55f1a0c33e6d8b2ff5c4c9a7676571f1`
SHA256	`e7ff7af9f3faa55589df8511dc4d283365341ee3fde2cb9a9d237d7240ffe4c3`
CRC32	`FD028FE7`
ssdeep	`1536:v1crKkkl5oVW2tPZ3hge4XiBHPsEzSNMpZG:5oVW2tPZ3hf4XiBHPsEmNMpZG`
Yara	None matched
VirusTotal	Search for analysis

Name	d1d9c71b77f88160_kirchenuhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Kirchenuhr.png
Size	26.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 142 x 143, 8-bit/color RGBA, non-interlaced
MD5	`4af2ec664e52978f64f505d6c2ab29b3`
SHA1	`288c0683413f7e7ad06a868c4da687c073d3a208`
SHA256	`d1d9c71b77f881609e96467df3fade83d734030101943064d201201ebe3ebbbb`
CRC32	`C82A627B`
ssdeep	`384:WHpNa5lfTIYOR0MEvwGYHyEmHH497tvTDo8s7mTHX3cTLmkZR37B4jc23wXDpXGM:6OXgyE1hXod7mjcTLmQ74c2gXVXGwgns`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e2c01fca10e1d1ae_iesqmdata0.sqm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm\iesqmdata0.sqm
Size	15.7KB
Type	data
MD5	`698e645a05c717824d5a1e5a6ce85815`
SHA1	`8b607c49b2424bc40e596f1a8f7b3116c22f248a`
SHA256	`e2c01fca10e1d1aece27872d6a7aa16f6c097c73097d1b389ef8d75bc37f0ab8`
CRC32	`C7C5508A`
ssdeep	`384:gyVrPexXvzPrTS1nm1/S+6Ulj/qmq9yt3WZ0Z1oc4jgPWZGJg13WZzZjbi6jg+L3:K/NqZOh8pdBA`
Yara	None matched
VirusTotal	Search for analysis

Name	1c72b437f4916fd0_settings.dat Submit file
Filepath	c:\Windows\Temp\Crashpad\settings.dat
Size	40.0B
Type	data
MD5	`91c17646b86548a0ef7ee3f157c03f2c`
SHA1	`c7e85bdd2eebe4b7dee879a77e059b9303f51b14`
SHA256	`1c72b437f4916fd0264ed1e8ac8814edd469659a77dd27e7ea7d3e1d160279b6`
CRC32	`322132C6`
ssdeep	`3:FkXyooso:+yoLo`
Yara	None matched
VirusTotal	Search for analysis

Name	81dc5e6439f08ede_aqua.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Aqua.png
Size	29.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`73e7b2f60f8ac6fde449861ac5484755`
SHA1	`ff314467b04e04a70c2bcaf2c5e65c1c7b5d9274`
SHA256	`81dc5e6439f08edea70408774e1195fb2d01be1aae88b0a157eb7e8bc342dda3`
CRC32	`03638958`
ssdeep	`768:3fQkIoTw9vw5VugTvrBRCKbhNE3uJJD1GYP71q:vQ6CIVuGTvhbLE3iYqq`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	52dbd2b5100d571b_WINWORD.EXE-CEA9B574.pf Submit file
Filepath	C:\Windows\Prefetch\WINWORD.EXE-CEA9B574.pf
Size	125.9KB
Type	data
MD5	`f0a736205d5f79662a06d3ab316f56ec`
SHA1	`ff0ee48f4622622f23b0a2d3deeef366675923db`
SHA256	`52dbd2b5100d571bf34afd2e9749547d99e53ca23dbc214631f019d6696e1bb4`
CRC32	`3EF71CF2`
ssdeep	`1536:wwCGjvGXGOfmqqnR1k0N2//3kE22quppnyjojRppdPBzhzXqZx4F2oDVB+HEMu+L:Fa2Of5zMENh8eDVB+kMu/zxTxaaC`
Yara	None matched
VirusTotal	Search for analysis

Name	545a031afd96a8da_SDIAGNHOST.EXE-8D72177C.pf Submit file
Filepath	C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
Size	157.4KB
Type	data
MD5	`4aa5eec9fd2ea10fab9b01158e1d9f20`
SHA1	`931e0e72b88593adace82d3877e7e8d447f6e603`
SHA256	`545a031afd96a8da01da6afbb47110e4780b85a7421638ef8be2ee206fce0393`
CRC32	`BD538E3A`
ssdeep	`3072:sG1a/Mo7DSJI4PquFBx7w+hVgDvnzI9TQ:sG8UwOJPquH9w+hVyH`
Yara	None matched
VirusTotal	Search for analysis

Name	7e59083736758b25_alte standuhr.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.png
Size	44.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 140 x 165, 8-bit/color RGBA, non-interlaced
MD5	`c09624e5a94c36866d9bf05a3c07dd33`
SHA1	`a98aca5ba10ea2187bf11cc506be2fa893aeaa79`
SHA256	`7e59083736758b2575545383bb8ed07ef79972d4ed3ab08f78b367528faeb596`
CRC32	`62E09E60`
ssdeep	`768:TnOKv1UzMqfrTun4WXmRdkWKGoHfX7Yik3gAv2zMpr6VPtJHj2M4hmH4G:TnOKNyMqfrXjkWKGoHfX7YiInhpr6VrJ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	fb19dba36edee8d7_SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf Submit file
Filepath	C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
Size	12.7KB
Type	data
MD5	`8c46a58b62b5e0bd5582a5811076ceaf`
SHA1	`fbbf9d2576012dc8879e907c2e3fc8e2071bd210`
SHA256	`fb19dba36edee8d74c6a1558ed8d74066ededa6e3f5ded689eb3040627f9d5d1`
CRC32	`76F7E4EA`
ssdeep	`192:i6ECi6eqohSpq+rbDhYrukfcQLxbLayTxPWcIk1Lqs9aQ3Eu6:iN3L5SpLzhlGbLaytWcIk1qsVEu6`
Yara	None matched
VirusTotal	Search for analysis

Name	c4e752988ea9d300_dragon.bk Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\dragon.bk
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`187f4e9c78ac647ef5c632c9910211f3`
SHA1	`c0bc244e495b267b294237ebb158689cfe7787a8`
SHA256	`c4e752988ea9d30089db49cda515fe5b4f460db402879cba941d27f271fde0cb`
CRC32	`FAD06E4D`
ssdeep	`24:BEQrGXz5lr9BxoaKy4XTORXFB01rfLkpWdGm8di9MiXGibQ0Wd9iBxLuQI:BzqFluf18FKeMdGmfMiXpQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	a534e20fc73ea320_uninstall.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk
Size	798.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:32:08 1600, mtime=Sun Dec 31 15:32:08 1600, atime=Sun Dec 31 15:32:08 1600, length=0, window=hide
MD5	`2f43c8c79fe87ab0ccf69254c54f3a94`
SHA1	`08cc4340fc17c2a3706987b3de29ecf0fe63131e`
SHA256	`a534e20fc73ea320f9ef66e71006b1807a03bdfb070ab9a6f9067220246042d3`
CRC32	`C6797CBC`
ssdeep	`12:8wl0Q02lqqdp8uUXUceZbdpYmp50y0bdpYmp5ucKNUGa4t2YLEPKzlX8:8ceqdO/XuldjKygdj+UG2Py`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	ce8b62e4d4f14d50_siren.mp3 Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\siren.mp3
Size	8.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
MD5	`59966d556e3973dab3fa5b70683c3729`
SHA1	`9e6a68d02c46f86c17b310a87fd9b6c1c3fc1b12`
SHA256	`ce8b62e4d4f14d50861eb57f67107556984f06c85f6eb3a6208dd2e42b027452`
CRC32	`894681FC`
ssdeep	`192:5bcKdv2kGc5TguhA4i+Xguk4bAhwZbA7HThwkK0N5KIzA9j04cn:5B2Y5Tguh/guAwZbAr191IJcn`
Yara	None matched
VirusTotal	Search for analysis

Name	ab754ccd7f412550_GOOGLEUPDATE.EXE-F2AAEA76.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-F2AAEA76.pf
Size	123.3KB
Type	data
MD5	`c6137e117fd537517b9e0a72f21db5bd`
SHA1	`68554756488faf63f6bf61bc3d47d45b76fe4b0e`
SHA256	`ab754ccd7f4125502de66fddeb44aeeb6f6efff39e240ae1fc9905168c189e7c`
CRC32	`C66A59B7`
ssdeep	`1536:laBEHDamxX/ojmsj6nrQiltnmdYI2bF9wI37FCQazMZflyPjN7:5ZLns2tnmq7bF8HR`
Yara	None matched
VirusTotal	Search for analysis

Name	1bbcd2add1840e98_chrome_installer.log Submit file
Filepath	c:\Windows\Temp\chrome_installer.log
Size	37.9KB
Type	ASCII text, with very long lines
MD5	`01cdf653cd0b512c62f7d92d474096d2`
SHA1	`e3bb8d3648f0e3454d8461d78633497fc13e3d01`
SHA256	`1bbcd2add1840e98b341bddced89b301f036b15970be6e1a16265b2051673cd4`
CRC32	`8AB45D12`
ssdeep	`768:2quEmZadTLF6NI8jv9WNUIF9qfgDY7VcaFw4OauN27R797gVK+jQaaH:cEmZadTLF6/jv9WNUIF9RDY7VcaF1pVr`
Yara	None matched
VirusTotal	Search for analysis

Name	54991d21c1ea6c3c_thai.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Thai.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`5a008d847d9846db2eb9d84b500fc407`
SHA1	`f4dbd5725559f1fde3497959f15f8e2db01b9a60`
SHA256	`54991d21c1ea6c3c3c54fe68daeff96041df96c4ae05e13b300c8e60a8da3de3`
CRC32	`4122E872`
ssdeep	`48:Q0QaBfLuSJH+yK99GThN/+5l1VeiOmxzgSCQLQiTpCyB7XgAuP8XTu:Q0QaBfLuSJVK99ChY1V5VbXpCyB7XgTz`
Yara	None matched
VirusTotal	Search for analysis

Name	860f151eaf087456_JP2LAUNCHER.EXE-3EEAE9B8.pf Submit file
Filepath	C:\Windows\Prefetch\JP2LAUNCHER.EXE-3EEAE9B8.pf
Size	76.8KB
Type	data
MD5	`6b9b7f847497931d5e4eb09f6e2a3543`
SHA1	`42c245c25708a1a49d8db6f6d541eb178c350e94`
SHA256	`860f151eaf087456fa6c85b992e0c670718b58bc05ce3b59e4436aecbf8f7124`
CRC32	`247C8C31`
ssdeep	`1536:BCm223aQkotyEuCDjyPf1/S4r2ZyrymwPJINKNudQyI:6JyOOk9OEnd`
Yara	None matched
VirusTotal	Search for analysis

Name	b846f82239a1e1e0_TopNav[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\TopNav[1].js
Size	1.3KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`dfebdd6655f1be6d37481f3928d23f6a`
SHA1	`aabdf65af4a4d0cf213766bca60285c0fa46d05f`
SHA256	`b846f82239a1e1e0dcf2b52cbebe5da690c623d1fcf92288c077e4d335a09564`
CRC32	`BE3F72F4`
ssdeep	`24:2gNrIcyv+BuaKzPsAaZcfv+9aFXLKW/veNgjSvA6JgP9gbxr:WcyvpScfvZ/v5SvLJfr`
Yara	None matched
VirusTotal	Search for analysis

Name	55394fa1a821c3aa_SETUP.CHM Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup000023ac\SETUP.CHM
Size	81.8KB
Type	MS Windows HtmlHelp Data
MD5	`8ecb1bc6340bc8d5f9e6bf7233c4847c`
SHA1	`c2e0ecce3fc143d3119989fd51f2a0abfdf06b55`
SHA256	`55394fa1a821c3aaafd62514a591ba4d0780c6ed242695e60f08df7b948ea33d`
CRC32	`46CDD8B2`
ssdeep	`1536:RKdcCcldgTpJNS91GsNC54F8O0308cswnwIwQODEuVGDurIDjyh/EXiunXjX:YdcCcwlJMfQ54F8r30IwnwIwQO4u3o8y`
Yara	chm_file_format - chm file format
VirusTotal	Search for analysis

Name	d8ddd4e4f5fceacb_romanoldhour.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\romanold\romanoldhour.png
Size	2.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 100 x 13, 8-bit/color RGBA, interlaced
MD5	`d57f357bd6ec6cb8e6b4113934c93219`
SHA1	`d1c3760ad06626d717096d565daa5dd279404aaa`
SHA256	`d8ddd4e4f5fceacb7487cdc71ddc3e611987b1baccf7110797e2f33726023dfa`
CRC32	`CA3B6BE4`
ssdeep	`48:rmLJNMjy7tneNT+ND/whTKkxtYhremTYJCnJwcosFFnmOqdhJe5HLHxZznVnShi6:i3MjmeNTejuTKkxt+reqJwcFFhmTJYLS`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7390caad759f3c49_SetupExe(201804051529428CC).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(201804051529428CC).log
Size	9.4KB
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`22361425982d3f02d7830fe7beaab3c6`
SHA1	`07caec43cb408c155725d0d5ce77a1c84e0197a8`
SHA256	`7390caad759f3c4918f005f63d2cd112d70d6bfa8bdc34e01e1c2f48b38d9797`
CRC32	`D649B61C`
ssdeep	`192:Q7wU2Dxn6D139ORDoPpsUo190N2E+oBu9n9n9fMqO:ueEbEtt2`
Yara	None matched
VirusTotal	Search for analysis

Name	b0296c84a695fb91_cappuccino.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Cappuccino.ini
Size	994.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`fe5be53d2267788942bb4d382592a376`
SHA1	`a6b987ca380de8fae09e40a07b1460264b8a3186`
SHA256	`b0296c84a695fb91f33c65a0b7cc0df52de0fe610f9327cb07f43a288e7a88e5`
CRC32	`3BD358A5`
ssdeep	`12:LXe4EqmYrrrcRQBjpJrpqZ27XFPV+m1nXFPVG99XFPUXFqZ2kp0oH9Gst8ZVB2iU:LdEQrmu9rTOe01knkprdGm8ZWiWN2i`
Yara	None matched
VirusTotal	Search for analysis

Name	1bd06c2f2d7005ab_WERMGR.EXE-0F2AC88C.pf Submit file
Filepath	C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
Size	12.4KB
Type	data
MD5	`a6ee9cc6abd451bb954c7ee9a97c8803`
SHA1	`275cbdb0ec6838605c42b00aad597fd182d3f999`
SHA256	`1bd06c2f2d7005ab48563ea6c3ff1b70d422088cb8d8729ed5d9d38dd6536a87`
CRC32	`15B5C8DE`
ssdeep	`192:W2IIUrQ+HOqVIPqe1OVYy8BAZZL5Xk1XLdGs9W9eLuyk:WI8XH7aqeczbRIXJGs9Lu9`
Yara	None matched
VirusTotal	Search for analysis

Name	5213b4a9ebc9bdc7_Microsoft .NET Framework 4.5 KOR Language Pack Setup_20200715_141443571-MSI_netfx_FullLP_x64.msi.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Microsoft .NET Framework 4.5 KOR Language Pack Setup_20200715_141443571-MSI_netfx_FullLP_x64.msi.txt
Size	2.5MB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
MD5	`eb2cb9e2ea324fcda3e9848372f51a89`
SHA1	`9ceeae547181f541ef0fe9fe00abd31af4cb54e4`
SHA256	`5213b4a9ebc9bdc7a9e37d81f6cab4a41921d71f84160dbe3f0c93cc83c1b85a`
CRC32	`D0015436`
ssdeep	`3072:avF2s+QfvbQji+fLNJSxiD8/acq5TCenhAoJAu4Pb0leWEAr9E6m+J8PYS1+yGiW:a92s+Qfv8jVfLNMDzax9EEjfp`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	e2c426880eafb1b0_danish.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Danish.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`1793fd4614d665e1b0fa41cbfe09c531`
SHA1	`360ccba52499f0b7498dc5e3e87c22f901994ab4`
SHA256	`e2c426880eafb1b032b70678965628795c5655ab3c97a1f5404dabec3dd1ff52`
CRC32	`B91C1A16`
ssdeep	`48:NBTNJZ209IBMoFnjw18YvIPRg85a5QXyKUjFkkaTu:NNNJZ20GBLJw8YvEx0apUjFk5Tu`
Yara	None matched
VirusTotal	Search for analysis

Name	980d3684362c214b_Trace6.fx Submit file
Filepath	C:\Windows\Prefetch\ReadyBoot\Trace6.fx
Size	1.3MB
Type	data
MD5	`0b45f2cff63f7051a612505b23804da7`
SHA1	`1ba5ac25e10d1e812d23d64fc6d6d9ec41a81422`
SHA256	`980d3684362c214b60ddb17a53312d7d0f3b142968229cbe8d6b1123d1a3e9c5`
CRC32	`2144DF1C`
ssdeep	`6144:KICoEQEE/FRFTmOVIGx7G55KwARSL6X9yE0bYq+2fmUtk1y4IdEY:KtoEQEGZaOVIGU663Dsp2fmUeyL9`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	c5b385800df0038b_RUNDLL32.EXE-DE9673F9.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf
Size	15.9KB
Type	data
MD5	`8b9248f1f0885257951533ccb62303c5`
SHA1	`8087e10c42910b9612926684442cc9dd9788e9f5`
SHA256	`c5b385800df0038b532a333d8c8b44af323740da797d25f03e7b81022d90648e`
CRC32	`CAF7F9BF`
ssdeep	`384:Ra9blD74UTC0GOxiTNEHUX6nsR+l3s6rnA4nJuT:Ra9BZZGgiqHUX6sR+ts6rnA4no`
Yara	None matched
VirusTotal	Search for analysis

Name	38ed2b2be3780af0_SetupExe(20210707202303A60).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20210707202303A60).log
Size	307.7KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`5223d9c1ec40ca6d96fe00875f98d6e8`
SHA1	`4bb24128c2f7f9b8ac39c79dc17afea6a888c96b`
SHA256	`38ed2b2be3780af0394ee950fc4e24132fc2d5fa36c9fd70d78090305e524476`
CRC32	`1333A28F`
ssdeep	`1536:NcUhZ68jyHDapJUatD3rb2iaYO/8TXl7Yww2cNCqoV9msIb/H5LRjvJ5jF7nlRMk:uSjcapzD3rCYO/IalRkNYvps9M`
Yara	None matched
VirusTotal	Search for analysis

Name	aea2e2c6f689c1db_negro.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Negro.png
Size	15.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`b2ed7e8fd0ccf0e6b45b3c47cefa3742`
SHA1	`0bc335e49a4e210a677181d3867ca1342c269b10`
SHA256	`aea2e2c6f689c1db7caec63bb7d6a1863f4a564560b0c90d145c76b9f3a2d8e3`
CRC32	`A442C6B7`
ssdeep	`384:+WRaK+pYK+RSwp359dz+GWW0DlS3dSX45sEHI44bkOvVYD:+saKO+Qwb9d/0DstSI5sA9D`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	97c2036aa1da3985_IME2010imeklmg00000010.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000010.log
Size	330.0B
Type	ASCII text, with CRLF line terminators
MD5	`f5b0e6883246f8799e05251f7afa0a64`
SHA1	`11d60f88133dfcbd98dba8e3a2a0c1cc1755362c`
SHA256	`97c2036aa1da3985399dad77f18b09cc6521df760b55e9c3c6e9fe48e40f735f`
CRC32	`69AD05A3`
ssdeep	`6:ovi4EE2EevpiAktHn8VHTXkacHTXkZA4EEvPP4vn:o58xiRHkHTCHTaT6v`
Yara	None matched
VirusTotal	Search for analysis

Name	8696ba5f48d1eaac_BRANDING.XML Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup00000994\BRANDING.XML
Size	358.4KB
Type	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`fec32c28969c6d60c9682b8bd3448e5e`
SHA1	`c79a65b50d32cd4c2c2454cf0c2eb6447c2f22c3`
SHA256	`8696ba5f48d1eaac8f264272a90f11d8406ef699cb714c361619e46d7211925b`
CRC32	`4B3CF4FA`
ssdeep	`6144:hLhnP6wcZevDBBYQhBBbLptSiVwuZ3r9/3GzR1jhnP6wcZevDBBYQhBBbLpU:vPvfD3Fh3bGiX3r9uxPvfD3Fh3bG`
Yara	None matched
VirusTotal	Search for analysis

Name	b1671db4bfccb430_AgAppLaunch.db Submit file
Filepath	C:\Windows\Prefetch\AgAppLaunch.db
Size	326.3KB
Type	Hitachi SH big-endian COFF object file, not stripped, 0 section, symbol offset=0x7e000000, -33488896 symbols, optional header size 1024
MD5	`4b6cdf51ad55a1b292d1eaef30afdc8b`
SHA1	`0559a2bc2657e7edf25503cb93407af7c92bcc15`
SHA256	`b1671db4bfccb43087e8c29b012482d12429ca20ed11598d07035f7867c20c83`
CRC32	`2175BFC3`
ssdeep	`768:O22KJNqLWLhOqEiSeO0e5D5Zsd1tJ6DmAk8MQPd+R:zZEp0+jsvH6DmAkRzR`
Yara	Antivirus - Contains references to security software
VirusTotal	Search for analysis

Name	2ba02be2cec55835_clocx.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk
Size	1003.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jan 14 06:48:34 2013, mtime=Sat Dec 23 00:16:55 2023, atime=Mon Jan 14 06:48:34 2013, length=2090496, window=hide
MD5	`282538d0697b5fe2eec1c6d96d0a087b`
SHA1	`8b07297f586486ecf8703d6d09cd20e4ea373214`
SHA256	`2ba02be2cec55835c723189fc5167237d94ecc8d0812c9e1e6a5c81f6e6809f4`
CRC32	`69FA61E7`
ssdeep	`12:8mIqKl1+0A3kyVGdp8DCD2h8AE6ce9DOgcwEjAZmEYbdpYmp5c5+0bdpYmp5uBNN:8mMJdOEyrZ9DSAZ1MdjuggdjIUPPyV`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	81e7a2fa505d364f_Opera_installer_2312231557071713008.dll Submit file
Filepath	C:\Users\test22\Pictures\Opera_installer_2312231557071713008.dll
Size	4.3MB
Processes	3008 (GuMIRR01ABdwlRPjBwLToenr.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`8cf8e93e2916d18389c23338d95ef472`
SHA1	`21adefb0dcdfbff39e31bcde8da84ce048adce54`
SHA256	`81e7a2fa505d364feb8477724cb38846e4f9744eb983b826b9283977a3c3f19e`
CRC32	`CDF81C38`
ssdeep	`98304:Q6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwwwc:S4Xx0djW+UyQ6rjnHqtJRn7ZrHzq8QVY`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals IsDLL - (no description) Antivirus - Contains references to security software UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3a6f29a0469fb3fa_TASKMGR.EXE-5F5F473D.pf Submit file
Filepath	C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
Size	66.1KB
Type	data
MD5	`98b9859365e6595d8a25e653149a09b7`
SHA1	`0830d82686c256d61d6a455ba412ef57a7b77d2c`
SHA256	`3a6f29a0469fb3fa1a4ee787335d3c2bacd77ae13073588f3e947ded1d34d920`
CRC32	`03CEC473`
ssdeep	`1536:7KI7dB63g4YTI/RlaIqR6f3Q6cUFRCfRPI1ikjDEJ7:7P4j/baM3eQ4IY1`
Yara	None matched
VirusTotal	Search for analysis

Name	420e912411e4cac7_blueballonlydots.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`5acc6f230ef671cd047e46010ffb5782`
SHA1	`552172f52383e1c286e8b4c9d373165f511feda0`
SHA256	`420e912411e4cac71f88f0485ad13d9ab40e513979c8c2e820b0ba70a1c9a843`
CRC32	`11A86000`
ssdeep	`24:BEarGXz5lrUBR6TO5fq10X7kpFg4SGIo8Ji4h3NPeibQ0Wd9iBxLuQI:BhqFlQfq1I4SGJmDPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	a538afc1dd3c0b6e_SetupExe(20210707200853994).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20210707200853994).log
Size	28.6KB
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`952f3972957ea4733410faf52c177668`
SHA1	`396461429fb30db712487efbe447f7ccfc6ba102`
SHA256	`a538afc1dd3c0b6e737b396ff17884fd1d2d96b7460dcee1c5ababe2b87aaa49`
CRC32	`332DE2F5`
ssdeep	`192:37J3TH75KxwUD1yqDXMJR1owxASaDoqWQXoRBzYLJdPdracEVaalEgIeZRBLRITe:ZJSdWQXcqVracEVaal3Ni/x18venG`
Yara	None matched
VirusTotal	Search for analysis

Name	99990dc895f009db_5eafba20-a70b-44bd-80e4-81c11ba11305[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\5eafba20-a70b-44bd-80e4-81c11ba11305[1].jpg
Size	19.1KB
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=12, height=35, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=116], baseline, precision 8, 116x35, frames 3
MD5	`0855598392e5219a02f73a5b68d0d786`
SHA1	`b10679c326319ea006c07c621b6317a0498fa550`
SHA256	`99990dc895f009dbe598450775c8d941ed4ebbb1108b94f5b4c52c0c193823a5`
CRC32	`43FE158D`
ssdeep	`96:7YkEWp2hSRoiHrCNXrNjN/FNnnm+jnvEpR86KOgDZXEpR86KOgDZx:Ekm5BvdjnvOc9OcP`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	9b38b20bf5ce7778_JRE.EXE-A621F6AA.pf Submit file
Filepath	C:\Windows\Prefetch\JRE.EXE-A621F6AA.pf
Size	37.7KB
Type	data
MD5	`9038ea7d6541625b7506c5175f50f044`
SHA1	`f13bc9537a4d9bafe9680820be21197c1526f270`
SHA256	`9b38b20bf5ce7778982cb395da01ce56448e7c0fcffcf0e6d7e1cd4b46c268b9`
CRC32	`4A2D2070`
ssdeep	`768:MMt7aWaQxaXY41Lic3HkpcRFpGmGJqC3PC+:MMt7aWaQxaXYYLlHecRFAB1`
Yara	None matched
VirusTotal	Search for analysis

Name	feb312b60bcf8cb4_naranja.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Naranja.png
Size	25.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`6e26841542a025bb86b2bea057b57704`
SHA1	`ce1a326fb113ac7b0f5a5850f6efaaf35637c6ed`
SHA256	`feb312b60bcf8cb4a74f95639cca0fc8c0ad71567ebd3a980d868671e5a0c105`
CRC32	`29CAF9A4`
ssdeep	`384:izRtQkbn+VtynIsPHlUGcCv5OcTfDs/YipSwz+H0lco7iHTA6ve+O4AypF21w:uLQkbn5Pn5OcavTzZlc1H06mn4LIw`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d349abdd0be697a7_AdobeSFX.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AdobeSFX.log
Size	1.6KB
Type	ASCII text, with CRLF line terminators
MD5	`f6b81f68c866e3c048a0f72dd215827a`
SHA1	`d00845e885d4bac7b68b88530b8b676dfc72ea9f`
SHA256	`d349abdd0be697a709f42f2a80a3cb2d5b3ee813f0645efa3575c22303e9d788`
CRC32	`38F02841`
ssdeep	`48:oMSUSWap8uL9TN2g3H3YQ4O/3HSSik+4paG:oMde58U`
Yara	None matched
VirusTotal	Search for analysis

Name	206bb7ca92b651bf_15e2d0f4ee9e60851ea97e72ad563f3e[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\15e2d0f4ee9e60851ea97e72ad563f3e[1].htm
Size	12.1KB
Type	HTML document, ASCII text
MD5	`14feb112d2cda6f509ee79d644c35579`
SHA1	`c4c8e70028528c9de8daa3030c9471f515a30809`
SHA256	`206bb7ca92b651bfccfedee22757e88a51646f198035f5753ee7a61a692cf7e9`
CRC32	`DAA740A6`
ssdeep	`384:Sn5yCmvExouvYx1vYxBuwDMxFNvwI7wv99rLtOxqI34utRe8kwhg64ZF:GUdjvK8kh`
Yara	None matched
VirusTotal	Search for analysis

Name	1471693be91e53c2_background_gradient[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\background_gradient[1]
Size	453.0B
Type	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5	`20f0110ed5e4e0d5384a496e4880139b`
SHA1	`51f5fc61d8bf19100df0f8aadaa57fcd9c086255`
SHA256	`1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b`
CRC32	`C2D0CE77`
ssdeep	`6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	a7ac46f2d7c9fea9_ballclockamber.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BallClockAmber.png
Size	18.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`c0b3cd6a12d50f9cd681bbaa03015423`
SHA1	`db1ef651280d3b37a279d1f56bea4959563bd46c`
SHA256	`a7ac46f2d7c9fea9c99f356a18d4f3d4814da0d93584209c69e8be36bfd600ce`
CRC32	`918399C5`
ssdeep	`384:5td1uc5PdIUsIhMmNNRTHzhTjXQKnZVwIvXTY4XhP+e/Tsjf:fdooNlNAmLXZxP+eIjf`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6cf612f8e25a26a8_estonian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Estonian.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`84c4d2361103b662bebf68da906d4f40`
SHA1	`0aa776c9cf78f45212f953a274c4f6c703016ab0`
SHA256	`6cf612f8e25a26a8fe2dd498df727c4aaccea47bd2ed871edccdd5c074b99167`
CRC32	`E7426E19`
ssdeep	`48:HrWjaA54MqKpFKlZx2MPq45Gm38OWuyHVCJ20Qv+bC/gloIGMINTu:hAaH6qH2MPqD48un4p+bUizBuTu`
Yara	None matched
VirusTotal	Search for analysis

Name	07854d2fef297a06_TMP9CF7233BEC8BD82D Submit file
Filepath	c:\Windows\Temp\TMP9CF7233BEC8BD82D
Size	512.0KB
Type	data
MD5	`59071590099d21dd439896592338bf95`
SHA1	`6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c`
SHA256	`07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541`
CRC32	`75660AAC`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	5c131d1314bdf05b_suomi.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Suomi.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`faa5bf602e511ad03ed8faeeec9d40cf`
SHA1	`1748b8d296b6a6d742ad378befac1622d8845a37`
SHA256	`5c131d1314bdf05b942583f5d6d1ea2d5659628feadb42f4d3005bdb9982e470`
CRC32	`B2715A88`
ssdeep	`48:jAspe44gcoLB3zjkP0FdaJnSp/K2drjNamUPTu:jAsp2gcMjk8F8ABjNLWTu`
Yara	None matched
VirusTotal	Search for analysis

Name	ca68b7fbf8e01441_TS_88E1.tmp Submit file
Filepath	c:\Windows\Temp\TS_88E1.tmp
Size	96.0KB
Type	data
MD5	`24855fcb02ffce8d15ead39114805ba0`
SHA1	`9233a7579c27b093c39e99b6c7346b5a8ab6a1fb`
SHA256	`ca68b7fbf8e01441a0e1583e802d7bf1b047164dd000d3b9547bf43e3bcdd126`
CRC32	`09A2B534`
ssdeep	`384:RbBQLSvNwENbRy12stlbznSOi+ZqNlcVC6Exy8KFtRnR5pm0c6JnxpvB33uGo6y:EcbRktla+ZYyvp7Ob`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	dc92936e7f1b197a_widestonestudios.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.png
Size	13.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 144 x 104, 8-bit/color RGBA, non-interlaced
MD5	`ebffa2ad6f19e5418bb2f65e3b4cf5d4`
SHA1	`87c70fbb8c6a0f4c83d67320931d23c4a498197e`
SHA256	`dc92936e7f1b197a209bed51b50c2c274564e22ebdb6889880b58d11df993834`
CRC32	`88A7FEB6`
ssdeep	`192:/SD4RQg9vDQfUzRKk44poiF6QoqHK8fdhP1eUBuvuHyQT1BFni6XNPH/xGkvjm:qDN2vWk44GdQoshNeUsxgDni8PHZGAjm`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c686babc034f53a2_green_shield[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\green_shield[1]
Size	3.4KB
Type	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	`254d388ce19d84a54fd44571e049e6a6`
SHA1	`51ca725642f679978f5880278e5cac5ca4f70fae`
SHA256	`c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227`
CRC32	`265B0B9C`
ssdeep	`96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	56fb2fc2890bafb2_black and steel.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\black and steel.ini
Size	1.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`885f743529845bdc1b4c9766fda77d0a`
SHA1	`478e113115b3958e77076d0f1e2f7cfbcee00fcf`
SHA256	`56fb2fc2890bafb2324d7168d211b1ddc91af4c869eeb5613f15b2073757c83c`
CRC32	`D80A3A35`
ssdeep	`24:BE0rGXE5lr9BP5WaKDihTOh01kPkpFgdGm8RiTm7ib/v7Wd9iBI5auQI:BTqylRWfkbIdGm5msCTiBtvI`
Yara	None matched
VirusTotal	Search for analysis

Name	713ebb2266bd5192_keys_js5[2].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\keys_js5[2].htm
Size	1.0KB
Type	ASCII text
MD5	`cec902854d271c5e11670a3429cdcc27`
SHA1	`10d44dd02cf16e22817738d8bbb8ff344c9ca091`
SHA256	`713ebb2266bd5192d16da43820f6aece13b9a077ec17aa7067e2bdbd81702791`
CRC32	`3F80C1B4`
ssdeep	`24:jp3nSVtSBwxwVdENE1bXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:jsccwVdmCXDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	d56e5151c7eb06ad_aquamade.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\aquamade.ini
Size	949.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`96fd9cca4bbb46e48f65ec26e3aa1f3d`
SHA1	`aea8888332bf8635a1ffdbeaed9e8a632a21423c`
SHA256	`d56e5151c7eb06ad35a0364baa8d95ddb11700754889c5498dfa6af2ca945888`
CRC32	`8EE773A5`
ssdeep	`24:BEQrIADTORXFB01rfjkpWdGm8xiF0ZJGi:BzCFKuMdGmEZJp`
Yara	None matched
VirusTotal	Search for analysis

Name	daa5d6292a35a6dc_RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE[1].eot Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\RxZJdnzeo3R5zSexge8UUfY6323mHUZFJMgTvxaG2iE[1].eot
Size	17.2KB
Type	Embedded OpenType (EOT), Roboto Medium family
MD5	`03bb29d6722bf52f7fe88a6ed47d9e6e`
SHA1	`3ed6513bbbefe39be7f356a1fc63c5115d7511f8`
SHA256	`daa5d6292a35a6dc7e075436d0567dbe02515d5e886731fa5ca230e3d8fe26dd`
CRC32	`E9F582BC`
ssdeep	`384:9tM/+psH6v92xhu52Ed1ha6W2W5v5lPhDTrJNdF+mq3F0:9tMqa6Uxhu52E1RW7ffiDV0`
Yara	None matched
VirusTotal	Search for analysis

Name	841220954f291915_SOFTWARE_REPORTER_TOOL.EXE-94B376CB.pf Submit file
Filepath	C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-94B376CB.pf
Size	21.7KB
Type	data
MD5	`44fc3a86bcad35b97eb49d2781160328`
SHA1	`c0588cbe4500d213b758237368ad924e05127fce`
SHA256	`841220954f291915bd10ae308e0a3eb956ab31bd2fee3e2a72e89063c8298987`
CRC32	`8B597CB7`
ssdeep	`384:w9AZxdyjBnzt4RSHsSge2d5y9qaZ8gzgmsgY48YIcUua6pU:KAD81n54oxgVdk9D88lsnce`
Yara	None matched
VirusTotal	Search for analysis

Name	03d0b14986dd3e58_blueappleclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.png
Size	27.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`674cf0106048dfe1ba8f9afbc3840b48`
SHA1	`7cb8af5db17da0a779de76cc96f4181f741b20ec`
SHA256	`03d0b14986dd3e58b69c15979712f323713eb11ccb095d9137a29c5a169199b2`
CRC32	`E79ACECB`
ssdeep	`384:5sCbXvMMC03YbV0tj3tx398ZUGY22JbWwlrFijLr+ZBmef/6/xRppPy8/b7zwkxF:/fMx03Oa+KtijLr+Hf/6JJ7zhxNJn+I`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6de598428c334097_IE9CompatViewList[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\IE9CompatViewList[1].xml
Size	141.7KB
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c236e316e1b9ac60ce15dac7bcb8b2de`
SHA1	`1e240ed5f7cbc3dc8cd2397c7151a0d7e5f173c2`
SHA256	`6de598428c334097a21eb2dd5963c190fc5f80a6289bce205ded0466393745a4`
CRC32	`8B345ADA`
ssdeep	`3072:toSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:mSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR`
Yara	None matched
VirusTotal	Search for analysis

Name	94d4b77dd4e25232_topNavCss[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\topNavCss[1].css
Size	4.0KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`5e764b73341aa4ec5c7c52c9d7c534d0`
SHA1	`c3ccfcb18e673d7ca40de7ca61204e14284d2295`
SHA256	`94d4b77dd4e25232bf217c5f44a8ec84bc275f981034d881535057cfe8c758b4`
CRC32	`05B5C712`
ssdeep	`96:M42KO2xhtf+6h1u31ErEbTc3h0AZ9a4kT0nZ9/DJ:Qotthm1EjjaT+F`
Yara	None matched
VirusTotal	Search for analysis

Name	6def2b26ad82d205_simple_chinese.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Simple_Chinese.lng
Size	1.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`fa2ba4997b287ce38f2dbddcd180d4f5`
SHA1	`521b78583ae110dda52ccacd57848b89b9589fc9`
SHA256	`6def2b26ad82d20590cdb14ad36a5851f6e2af6fca72efc87c26fe576ddd962a`
CRC32	`648707C4`
ssdeep	`48:VlpO2ZDqLqz0Sog9VNQmdZFnU0T2fn2lYQE8cCM4vjvqB4uPCnXTu:zpO2ZDqLOP79zxnvT0nhQpJ9jva6XTu`
Yara	None matched
VirusTotal	Search for analysis

Name	d9c00401bf038c43_jaguarclock.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\JaguarClock.png
Size	22.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`c257f6dcf2a842219e24f43bd47f09ee`
SHA1	`999662c17d219cc7a6675a3ef0868104d13479b2`
SHA256	`d9c00401bf038c437165b16271c0594fa63f0c26355b348ebf126cb322dd8bf2`
CRC32	`3C418733`
ssdeep	`384:5Ahl3Fn0P77pTlP0pz5R1RPHwYNUSEAI9wiF/6fXwgQScBeWyW64Z0Y1HKlwJALt:e7WBTpkTvrzEAI9wdvXzgZtEGGL40v0U`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f815c404d6707a23_REGSVR32.EXE-8461DBEE.pf Submit file
Filepath	C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
Size	24.3KB
Type	data
MD5	`03c7abbc8b718b1241047d71c1417ca0`
SHA1	`10aadc7000605e8ed8cc4330b3d4105ee25ab1c7`
SHA256	`f815c404d6707a23e8cc9aded42ee45c852916f948c6f3fee6a648592b602e46`
CRC32	`A514AC13`
ssdeep	`768:nUPWCPd0yKofrCoOM4qKl7Tsk71cU2i8t/WOnOCU9:nUPnPd0ywoOM4qA371cU2i8t/WOnOt9`
Yara	None matched
VirusTotal	Search for analysis

Name	bb360b4109fb2408_TASKENG.EXE-48D4E289.pf Submit file
Filepath	C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
Size	19.3KB
Type	data
MD5	`8fea408c4a71c711147ddfa07d36da66`
SHA1	`0925990f2b9c5bc1aa8f79e684c48c5973fa724c`
SHA256	`bb360b4109fb2408d16b6bd4ebda945f386f10c52333ab70b940020b578fb575`
CRC32	`8A149992`
ssdeep	`384:iIhmrtgDQofYoSlndqKde3193cfPeKlYp8yf70JV0I0sxeAu:iI8iMlndqK0noPeKlYf7YVD0sxe`
Yara	None matched
VirusTotal	Search for analysis

Name	ab47a5adf204bc4c_romanoldmin.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\romanold\romanoldmin.png
Size	3.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 100 x 14, 8-bit/color RGBA, interlaced
MD5	`bea6a1b4cc75e0a5d69c3e4ee40387c5`
SHA1	`0a74c9554d2a88075d5f79c9cb308cc96fc22173`
SHA256	`ab47a5adf204bc4cd1c14a7050fc6b1dc0dfa8c791ebcabc8111fdb003c45c17`
CRC32	`F7531326`
ssdeep	`48:897lfu06j8qtm8LF+2XKtC69+K06bqFoNUrtzi4pTGM+QjA3yn7o2/cre49YKq7B:6G0NmpXKcmqFkEte4pTGz3y7oNrhWB`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	85e03805f90f7225_INetC.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsj2581.tmp\INetC.dll
Size	25.0KB
Processes	2828 (tOtcmAUyZOxR462do2YSqCR9.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`40d7eca32b2f4d29db98715dd45bfac5`
SHA1	`124df3f617f562e46095776454e1c0c7bb791cc7`
SHA256	`85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9`
CRC32	`61C1A751`
ssdeep	`384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	ea1df8ee0d0ddf20_CVTRES.EXE-2B9D810D.pf Submit file
Filepath	C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
Size	12.7KB
Type	data
MD5	`e1d2113ab830bff9edf440043b0b2aef`
SHA1	`93dd98dfa567a16867050518e370cdc10ee21a48`
SHA256	`ea1df8ee0d0ddf20af35990148b0288dbfe1ff1d45ce64071b42a4f0b118534b`
CRC32	`0D177B99`
ssdeep	`192:mOH9tEzyG3iKvqEDAlWoP9e2ZeSycCfgsW7hdF8zt/dJfs9P2zbNT2r:msKzr3LvqXoYzrssF8/d5stcT`
Yara	None matched
VirusTotal	Search for analysis

Name	af0bc4cf79640a01_hallow.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\hallow.png
Size	85.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced
MD5	`fa8384d8da635f35bf502976a6dc7f43`
SHA1	`4cad60130366d35dc1ea05099bafe6dea0e566a1`
SHA256	`af0bc4cf79640a01cf9e991d3f73993ff47d7d148f214af36b6143c269ef1bc3`
CRC32	`60A2C136`
ssdeep	`1536:2gdcj1dn9NCguYm6249KZqmzkHcX3qNswTBP/o3wdvdGQwPQSXpTfTWpQdZFT:jcfDyLs9Kkm3oVTBP/hVdO/ll9`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3c3dbf9abc00c052_icon_spacer-vflN3BYt2[1].gif Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\icon_spacer-vflN3BYt2[1].gif
Size	55.0B
Type	GIF image data, version 89a, 16 x 16
MD5	`377058b768302462a7348edf12e4dd3e`
SHA1	`05d10ea50e54dd663fa9c22431deac46785d4326`
SHA256	`3c3dbf9abc00c05204be607b949df581016f519c5d664f8cd65d44cb3d133658`
CRC32	`5A0ABA05`
ssdeep	`3:CsBPSkLGXNE:NdSkmu`
Yara	None matched
VirusTotal	Search for analysis

Name	ffe096724f22fdd9_apple.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\apple.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`38f4322d84e0e6a5bd58bbe888061ac7`
SHA1	`4db5c23a6298d62914714e7b92e11ef4cb41ac35`
SHA256	`ffe096724f22fdd9cfb9c9622ce51f965648d9ee7c2c5537b39f5c1313a6391f`
CRC32	`5C84F927`
ssdeep	`24:BE8rGXz5lr9BxoaKy4YPTOI01rfwPkpGdGm8bCi1iYdeibQ0Wd9iBxLuQI:BTqFluf19j4dGmQDiYdBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	18da64030d2af11b_RUNDLL32.EXE-4366A668.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-4366A668.pf
Size	80.7KB
Type	data
MD5	`0c55e2b1f498eb40d77a1fd7060f7c37`
SHA1	`3c0a3bd94a9ded788ea39ec140d9a00bff09f6e1`
SHA256	`18da64030d2af11b8f443627ddfadb031cea7d309d2a500d8de3e9298247d847`
CRC32	`8E31EE9F`
ssdeep	`1536:nWJ+2TPTSAbRhPKsktI/ZYyS6gGReD/N1H4PX41+fJ43l11jyN9b1b:nWISSXKYvvzH4g1+B6/kP`
Yara	None matched
VirusTotal	Search for analysis

Name	b122038a876caf6f_getProfile[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\getProfile[1].js
Size	187.0B
Type	UTF-8 Unicode text, with no line terminators
MD5	`87cda6e9aea9f92c986af015aa29d827`
SHA1	`b89c12959bcf81d609ee1dc6bb0c53d55d962451`
SHA256	`b122038a876caf6f6a0e8e9d1e812e595a7f4f80d26737dedd443c5630ddf8cd`
CRC32	`740007B1`
ssdeep	`3:zQgdcRXSqXEiHVNaYGuvOPStIEZHftV1iYhDqckd0iX+c2PSzTEWHJE15XcAbqiB:zQvzUiHVH2atIi1P9qck6FcEOJE1VcIB`
Yara	None matched
VirusTotal	Search for analysis

Name	4d50d965fe2a23e1_SVCHOST.EXE-5901D5E8.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf
Size	37.1KB
Type	data
MD5	`b5c1a29be21ff34b2fcb58b415e9951f`
SHA1	`bcb47ab02070791922323e1332e9918b0e461d5f`
SHA256	`4d50d965fe2a23e1ca7f38d63a6a3b72526ff4f61cb33b21103cb4f5e61c078b`
CRC32	`55D0997E`
ssdeep	`768:Dwb+UbHaP+XbEWn8UCFyav8LuH1aVLJNsjwvo/:DmbHasAmnCFyWtVarYwvo/`
Yara	None matched
VirusTotal	Search for analysis

Name	39fa7d37de6bad36_EDITPLUS.EXE-BB0BC86D.pf Submit file
Filepath	C:\Windows\Prefetch\EDITPLUS.EXE-BB0BC86D.pf
Size	67.1KB
Type	data
MD5	`5e4a49d2b56b22370f725c2907771873`
SHA1	`162835227314103bd52c6e6edbb83512a614cb38`
SHA256	`39fa7d37de6bad363e5cd514e08d82edb673cc50a5d1aa3508687edb29ef51b2`
CRC32	`68B5C1C9`
ssdeep	`768:anR04ilSmBc3zAKXYr/RrG83K3PtRABLQJFx0CFrrwzw7GmhLHzcpJ:PlSu0zXXYDRrz63PwB8/x0CbNLH2J`
Yara	None matched
VirusTotal	Search for analysis

Name	4fae92c18d8063b6_clientlogging[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\clientlogging[1].js
Size	44.2KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`c2f11119f939504f7f5c786e36bc5b06`
SHA1	`fb6897a9b995360115439454393bb49bfe1c10cc`
SHA256	`4fae92c18d8063b6df06ed4d624e11fa1cfcf4d9307e1aac28997274d2701cd1`
CRC32	`1542D087`
ssdeep	`768:ImocNJQrrL7aRraglz0T7wQCUagdJG8U1UXFnPV0UPhGCsjUQtJHCsispwt/1xO:vNJQPMraglY7G85zcCnO`
Yara	None matched
VirusTotal	Search for analysis

Name	9a2c4015a6ff9b30_test2gmailcom-Incoming-04_05_2018-14_18_32_876.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Outlook 로깅\test2gmailcom-Incoming-04_05_2018-14_18_32_876.log
Size	196.0B
Type	ASCII text, with CRLF line terminators
MD5	`bc67613616f72334ab0ea1919ed2652f`
SHA1	`49eeecc2e1f7b10eeb80b397e80afd0540bbfc76`
SHA256	`9a2c4015a6ff9b308882c397fb622401541f8f467c029a3668163190a8d59118`
CRC32	`09DE4122`
ssdeep	`6:usxdY1qcFQMq9+kpxdY1qcFQMBgsxdY1qcFQM5C7A:PxFDMIxFDMzxFDM5Cs`
Yara	None matched
VirusTotal	Search for analysis

Name	9b7af8bac852e210_getProfile[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\getProfile[1].js
Size	187.0B
Type	UTF-8 Unicode text, with no line terminators
MD5	`88313eb24c7750e926294bef79ca3143`
SHA1	`aaf453dab3753a8004cfb900c8c3253a32ba46e7`
SHA256	`9b7af8bac852e2102b449602f62f5116d96db0bba5c73748a47dce9924160b41`
CRC32	`D4756D2F`
ssdeep	`3:zQgfdi21iHVNaYGuvOPStIEZHftV1iYhDqckd0iX+c2PSzTEWHJE15XcAbqiB:zQej1iHVH2atIi1P9qck6FcEOJE1VcIB`
Yara	None matched
VirusTotal	Search for analysis

Name	197344ce42505c8e_aol[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\aol[1].png
Size	2.4KB
Type	PNG image data, 178 x 69, 8-bit colormap, non-interlaced
MD5	`155df79eb51f2b0800b7c5a970c2ddd0`
SHA1	`28bbcae41db52be16f350fe499057b64b2228251`
SHA256	`197344ce42505c8eaff5578f71caa538bb88e3adcc3b90a1ded21a7a352989d0`
CRC32	`8E161DD0`
ssdeep	`48:V2g2DfLtL+aVhBL/icMboqEdAXasviX80wz19vGHTSr:EBfpqaVD6c9Iqv8bb+c`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	91e6d2a44b8be983_getLoginStatus[1].nhn Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\getLoginStatus[1].nhn
Size	138.0B
Type	ASCII text, with no line terminators
MD5	`adc5d96f6bcef323a83ee760624ded7b`
SHA1	`04f3cbeb085d8314515123ff7bd103dccbbde616`
SHA256	`91e6d2a44b8be983adc19513b407a4cf90f87ce0b631750e6d64854f042c3196`
CRC32	`3801C5C9`
ssdeep	`3:s8G3fLHrJLVCfLHLtIih9JE29rLjExPDeJV9gEofVtKI:s8G3BhCrhZVQeJV+DVp`
Yara	None matched
VirusTotal	Search for analysis

Name	5821718c8e53a8ac_aj-cityhall-500-hour.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-hour.hpng
Size	1.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 181 x 27, 8-bit colormap, non-interlaced
MD5	`cdbc4abb27f64b3e4073d798d205b5b7`
SHA1	`58577123b1d59fccfb80a588d92c11f447258a23`
SHA256	`5821718c8e53a8acd10dd52c12e451e88f3dd7ce94332e6406490df2459823d3`
CRC32	`B0642D46`
ssdeep	`24:m6y1htZdWwjx82lY2T3pHEVbuYYiyJ3Vbq4G6SA9dGogWH+192AotNLFFg2u:twqNn2SATJ3X3feH2JF6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	610fb3556b3e858a_blueballstd.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallStd.ini
Size	1.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`bb688c71a92147a2f5f7c60e9bfd6d4d`
SHA1	`802183cbaf47321f3a9144f81c36ae4d8545d158`
SHA256	`610fb3556b3e858a233766fa9af50057d41f6dbcbb15ac998a1de733de2f471b`
CRC32	`BBA63498`
ssdeep	`24:BEarGXz5lrUBR6TO5fq1rf7kpFg4SGIo8Gio403NPeibQ0Wd9iBxLuQI:BhqFlQfqeI4SGJ/4YPBQJTiBxLvI`
Yara	None matched
VirusTotal	Search for analysis

Name	8ef6e4f16ae501ad_SOC-Mail[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\SOC-Mail[1].png
Size	284.0B
Type	PNG image data, 32 x 32, 8-bit colormap, non-interlaced
MD5	`3c7700243b9493c12b1b682caa47f5f2`
SHA1	`d522ed9d356837fed083e4d69262c749f4807fc0`
SHA256	`8ef6e4f16ae501ad18088960b404af57871be54ea8a0c7088872b88eb5dc2b02`
CRC32	`F6C10AB6`
ssdeep	`6:6v/lhPkdsEejylMSB8POk1SljdAOh06VJJtBafxJ0lX0hRCAp:6v/7sW3jk8POk6j9PJjt1A4K`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	176286673e73dd83_AgGlUAD_S-1-5-21-3832866432-4053218753-3017428901-1001.db Submit file
Filepath	C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3832866432-4053218753-3017428901-1001.db
Size	508.6KB
Type	data
MD5	`c7e79423232d79890a622811b400a8bc`
SHA1	`06e545662e9414bfa0308a48221a87ea8831c67f`
SHA256	`176286673e73dd83d91d1ca8e13bef245ffc825f59e190d6d36cf01a7a7ca401`
CRC32	`CDA41A2E`
ssdeep	`12288:jWXP12gM5e/qRcoY2bVnMS6ZLoO7CIk2anijZy4em1bZ8E:5Y21M7ZouCIdZy4fVqE`
Yara	None matched
VirusTotal	Search for analysis

Name	94da919fcc7fdf0b_japanese.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Japanese.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`2e5f6a85256da31d089291a7e2a9a762`
SHA1	`70ae0bc41f4111dbe941f42cc3148b5b7839ee1c`
SHA256	`94da919fcc7fdf0b84b6e056d7c5151e3bf481f83501e0956c4482e9c7dab324`
CRC32	`15CD5FCA`
ssdeep	`48:R1ZqJLkNJuzKizSeJjhrMVRazEBplicgrqrjYAayZyGX8LD/uPCnXTu:DZqKNJfixJjhrMjazEBqnqrjYAa8Ls25`
Yara	None matched
VirusTotal	Search for analysis

Name	43e465ae6cb6bd2c_mickeymouse.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\MickeyMouse.png
Size	27.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 123 x 124, 8-bit/color RGB, interlaced
MD5	`138b8fbf86d45154f336d82b65f64318`
SHA1	`7ef479f3143ce1981d5b7586c770a5befe2f4c39`
SHA256	`43e465ae6cb6bd2ce7d58ed2082ac8598437b40b77b6ade04b89c39ec1e82001`
CRC32	`24B20027`
ssdeep	`768:xXTnuvx75M3cPMaaI5SG58+a3/zRHC8nDawy6AXe68Dp:IvJ5kGeI5qPzRwhXe6E`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9d004a4d0ff6cd77_mnrstrtr[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\mnrstrtr[1].js
Size	81.0B
Type	ASCII text, with CRLF line terminators
MD5	`8002d393b690dffcff1b29584a2d7d0b`
SHA1	`7bf4b49e7c5977e64ec11da7c9a684d4d464d93e`
SHA256	`9d004a4d0ff6cd7794ef4a76e6b66ab98f149af5ea58ead5774a8e6b9464988c`
CRC32	`A0BAF66D`
ssdeep	`3:qbuJZJhNqcKdEdRcaRGUgtUV2/W3v:q0ucPdRgUwMYo`
Yara	None matched
VirusTotal	Search for analysis

Name	86652bf37435c6e5_jaguar.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Jaguar.bmp
Size	42.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 119 x 120 x 24
MD5	`41c592514dfa1093a831102815aad068`
SHA1	`20474fcead8eda8247270b171fc0ccd6b1edbaec`
SHA256	`86652bf37435c6e524e5dc73056f9a22f08acfb8e427372e51d4c18fed4f2053`
CRC32	`00F8DBDE`
ssdeep	`384:kZz8J05teDCm3J1MREBqXFlKbBfqJ+/VAImPWFOQ:cOZHkuqVlKBd0CR`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	02908c5b2e4603c6_darkcrystalball.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.ini
Size	699.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`9873ab1c4f582f7dba405e18bf9ec1f5`
SHA1	`2ed9bb9613ebf3b11b334f0132c3ad7c24c64e28`
SHA256	`02908c5b2e4603c69abbd0f6dd5be49b2ae0c68036624c3001574b8f87970c1c`
CRC32	`BFCD2557`
ssdeep	`12:a4EqmYrrrcR5pjpJrtOphhAlL4GOy46hp7pEH3eJvzpEH9CPpEHoNlTYQBcpwcz:BEQrm5b7OSF4G66hpOUvm0SIrJi`
Yara	None matched
VirusTotal	Search for analysis

Name	5f8639ec82c16607_violettekugler.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\VioletteKugler.png
Size	17.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
MD5	`579bd68b443b5ae75f83b7e55dcb66c1`
SHA1	`447ceaafeca2f9c59c5c5fe9e15ec1efabdd173d`
SHA256	`5f8639ec82c166074ec913ed4b953c9cc91363b597a2a103cfde56b4e4ed3fbb`
CRC32	`ABDB77B0`
ssdeep	`384:uysVnL98NSU2tOrwmR154tM8Bc88TqnlJpd:uySXUaO9R4fBc86qhd`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	03eb2e1e3186c033_java_install_reg.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\java_install_reg.log
Size	6.3KB
Type	ASCII text, with CRLF line terminators
MD5	`6c44bfcefd0a66e9600f09dde25a9b9c`
SHA1	`ce8e53ef8297c23717fa50a24a66ef24d476a8fe`
SHA256	`03eb2e1e3186c0337186894861202ae9807c3c0f9122fdecca93e683878321df`
CRC32	`A9F53212`
ssdeep	`96:uMcq24KIWWB2jUlg5RN88Xdk3RXqHmpvyXlHDo/eURUxRR7:0IxGRN88X6RXnvyXlHDo/eUR0R7`
Yara	None matched
VirusTotal	Search for analysis

Name	4b96bfe27adba4f6_EXPLORER.EXE-A80E4F97.pf Submit file
Filepath	C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
Size	27.4KB
Type	data
MD5	`58d9d6df65361960b265f0e5031e6100`
SHA1	`1d5d31ffe55d479dd91c0a3c06a6e4d21e3fe2af`
SHA256	`4b96bfe27adba4f60809ea4e1d0e19dd47eb8bb03453fda9daae3d67e7c9b7a2`
CRC32	`99A5F362`
ssdeep	`384:ii+5Vc//310WBAgYiMXBOsg2Lwd+SBKX3zybggAyKp3IW+w4Xlh0UsSdLluyLJ:ipcHzIEshkd++i6vK5Ic4Xr1sSdL7LJ`
Yara	None matched
VirusTotal	Search for analysis

Name	4db314221b4c98e7_bulgarian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Bulgarian.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`fc5efbe2a513acfc40b7276ba1d9e7fd`
SHA1	`68879191dc99cbe8f1d0de298aa2ea9dd2126017`
SHA256	`4db314221b4c98e7d8e5849d7502bb2926e2a7cd4b340ea127e3351c9fe38f57`
CRC32	`7F00C3C0`
ssdeep	`48:Q4D1txCI+Pyna/m9PDbSRiVXwCZhYRag3YRikKYuPCnXTu:NLxWTsPDbS8GCFY81KL6XTu`
Yara	None matched
VirusTotal	Search for analysis

Name	82337473c6749c92_COMPMGMTLAUNCHER.EXE-D8C6028E.pf Submit file
Filepath	C:\Windows\Prefetch\COMPMGMTLAUNCHER.EXE-D8C6028E.pf
Size	48.8KB
Type	data
MD5	`6f3872a3a215eab55283899561addfc6`
SHA1	`6483b86b8a2dd6aaa77b2eba85d478b26828da83`
SHA256	`82337473c6749c9256599218d3a4afabeb9f0fa38b6c6c78be1ae102b9d45a60`
CRC32	`F2EF0F6A`
ssdeep	`1536:4FMHxcSMIER539Ax1v3Dm1YPfCH6OpwMgs2yR+SL7:KCClcDfOD`
Yara	None matched
VirusTotal	Search for analysis

Name	8cb94c6c68fecfb7_SetupExe(202107071812439D0).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(202107071812439D0).log
Size	185.2KB
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`de98c1c18a24759e5b7dc78d626576d2`
SHA1	`470f820130c47c8baf430c5f6f2dd1a610b8f446`
SHA256	`8cb94c6c68fecfb753590de5dd53651e16ee9e2eceacacb15a553df1ed50d129`
CRC32	`0779CB24`
ssdeep	`1536:DO4lw3+oGEu4xOVGV8P/VGV2wGVGVAMRVGV11106VGVdW5xmVGVGVl1NVGVGV7bx:q3lGE1e0nEG5Q1Ktj`
Yara	None matched
VirusTotal	Search for analysis

Name	3b78eef71580d0d8_bluesphere.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueSphere.bmp
Size	44.7KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 123 x 123 x 24
MD5	`d0f718a4ec8c75af41446108fc6dadfd`
SHA1	`4267134842903e2967a93896fd48a8cf92ea2a71`
SHA256	`3b78eef71580d0d884fc53773a304a22c9c3ac007bc1f28ae182b7b153394713`
CRC32	`6095B96D`
ssdeep	`768:4JNtQgkxvPaaWTDWWzXSFzhVORp+8jYCzPlT/536x4:IgPaakXoLOdP55j`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	6b4041b6dfd71c01_aj-cityhall-500-minute.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-minute.hpng
Size	1.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 230 x 5, 8-bit colormap, non-interlaced
MD5	`8619f256a096c9e1ad177f97b799d82d`
SHA1	`9eedcb61bb671006830d76a89969ce962c4f6813`
SHA256	`6b4041b6dfd71c01e16016d5cc98a950951a1b44a3fa0ce48a7668bd4a229853`
CRC32	`0E356A89`
ssdeep	`24:uLy1htZdWwjx82lY2T3pHEVqSacyJ3VcHJqlGZE+JMGzl0s2snMj:mwqNn2S8JPJ3K4l+J0dj`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	41e3f69ecc09290e_httpErrorPagesScripts[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\httpErrorPagesScripts[1]
Size	5.4KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`dea81ac0a7951fb7c6cae182e5b19524`
SHA1	`8022d0b818a0aea1af61346d86e6c374737bc95a`
SHA256	`41e3f69ecc09290ebc49be16d2415036ddb2f7a4b868eef4091d0b5a301762fe`
CRC32	`5E7F4A18`
ssdeep	`96:JCc1g1V1riA1CiOcitXred1cILqcpOnZ1g1V1OWnvvqt:xmjriGCiOciwd1BPOPmjOWnvC`
Yara	None matched
VirusTotal	Search for analysis

Name	7a0585664371e361_GOOGLEUPDATECOMREGISTERSHELL6-19C11DAB.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-19C11DAB.pf
Size	12.9KB
Type	data
MD5	`7de668d7d487f1e2e6a653d57e9ba18c`
SHA1	`5805d54dc28b9355dc7ec8d77cac777e00a4e234`
SHA256	`7a0585664371e3617fa205fc97e1c6846dabaa8e68538108f38d3e06cd921bad`
CRC32	`B3081964`
ssdeep	`192:wHRara+ULJohtA0BsSTKLZ956KTLIBEs0YBCNxCN1C2Ft+ts92/Youq:wHRwzOohSrST2TqCNxq1C2KtssYouq`
Yara	None matched
VirusTotal	Search for analysis

Name	e5ab21e6321eaa11_SVCHOST.EXE-CF79EE4C.pf Submit file
Filepath	C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf
Size	59.6KB
Type	data
MD5	`a2b18214e1ef4dfd9a9b677613501b7e`
SHA1	`68221e1829f5620d570cfe04acd3cd34200f8b5b`
SHA256	`e5ab21e6321eaa11aa26288ea688d65da6f38a8af032036efef16fd84bf6a52f`
CRC32	`AD22546C`
ssdeep	`768:43ZnhxBM5k8RM7O0HFVbScMf2TU14EJk20k1CqiGbZ8Ss+tIiNk5hxzQZ:43bSzM7O0lUMTU14EJk2dXBSzQZ`
Yara	None matched
VirusTotal	Search for analysis

Name	cfe734403030dd1a_brazilian portuguese.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Brazilian Portuguese.lng
Size	2.2KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`663ca37cb27aa3b419c76f228889b08c`
SHA1	`875e600ffea6e925d35011f5a44ca5e9fecd1140`
SHA256	`cfe734403030dd1a5bdea2f307fb3416c2dc424af6c298a127a2cd13900bde67`
CRC32	`8E5C339C`
ssdeep	`48:9DLSULlHyDf339z4wakpkxNOp0EIPY5drDQvXcBkK/h2nb3M:9D+ESz3NzNkzadrDQNkao`
Yara	None matched
VirusTotal	Search for analysis

Name	a9575b7ebaca877d_cloq.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\CloQ.png
Size	12.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 160 x 110, 8-bit/color RGBA, non-interlaced
MD5	`49856033126c7ead5edc2b3a82504a7e`
SHA1	`9fd4b61502c34a93b9c5e401aa84fe661559f575`
SHA256	`a9575b7ebaca877d5693de98d9298317574bd6463e3ef129f8301c151698227d`
CRC32	`F47BDDE3`
ssdeep	`192:xSx2nqVZzOLi+6PrSjnGhLaU5TZaMRF11U8yAgk0AaUNxTX0acFNNyZik72XdZ:Yx2mlOG+6UGhLxaM91U8ypk0BUNd3NwB`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	163836a57326cd51_bluesphere2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueSphere2.png
Size	23.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`daeb5b8e238848f28d9cb967dc211d2e`
SHA1	`6672cacb53247fe0fdb4f68452b19a462ba2555d`
SHA256	`163836a57326cd517c89098265e5dcb0cf689c55a169e5b0b576565560951f70`
CRC32	`9A28878B`
ssdeep	`384:5jIsgmpetEnrsFb0gxMo2FHnRvS1VicSzk+U3Qa8FNvB7SrSDlE8LpwyTWEtJwJB:9IQpeMIMokvS1gxz83nq57YL80EtJwTr`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f523af1e5d9ac336_VBOXDRVINST.EXE-7DCD6070.pf Submit file
Filepath	C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf
Size	57.0KB
Type	data
MD5	`b76782959bc21a7a912f75ee4ced43a8`
SHA1	`c2e35baef35d575028e51b5a26e489fabc5b9073`
SHA256	`f523af1e5d9ac3365f0103ace62edf365366e3b786cf041572c0ee80f5651020`
CRC32	`5D9CB501`
ssdeep	`768:KywupdPYJaXKUbNUyA0Y1O+tgVdy3uiwyR+nMJGAMIaQg9YK4sRdbCuZ:KYpdAJINRTAH1OcgVdwuOhngyabCuZ`
Yara	None matched
VirusTotal	Search for analysis

Name	2065d94ff0ef5fe4_russian.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Russian.lng
Size	2.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`ba5647e2889a3b3da10e3bd5be0ce4b5`
SHA1	`cbe0ef3874710a2efc9725d1a2c2f900b828d6c0`
SHA256	`2065d94ff0ef5fe40f3521861e61ab70ec546a17cb3cc2e9b15d64bd3eb96ba1`
CRC32	`98DE55E6`
ssdeep	`48:t8IUxeikqFAecTGM+Nygw49MLuDbV3NaG2PHZG+DcZ577UagrTu:twxTkqFAPB+LwMMLUb2GaHhcZhUzTu`
Yara	None matched
VirusTotal	Search for analysis

Name	33419d7fac1e84ee_ASPNETSetup_00000.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00000.log
Size	4.0KB
Type	ASCII text, with CRLF line terminators
MD5	`0484a5e405303240f603f0e411db6133`
SHA1	`1a9720e66a0edcd644e605fc69192b6bd939cff7`
SHA256	`33419d7fac1e84eee3c1d2950ba7ee8b5a971f83bea00f87688d1402fba0b895`
CRC32	`A11D8E1C`
ssdeep	`96:dU+MOyO+//lx7hX7hWUjhOnOvOBKflrit:dEOyO+HlVhrhvOnOvOBUlU`
Yara	None matched
VirusTotal	Search for analysis

Name	a3bfbcef85e83170_czech.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Czech.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`a1a459aebed25c19f29a65e4ba95649c`
SHA1	`d9c7e65249563cc9523305e9d56f8bd6ac10b6e1`
SHA256	`a3bfbcef85e8317089b62b98265b052949f3b11d0b404526b51aa489c14e5649`
CRC32	`D05A4A43`
ssdeep	`48:hInwTWyJOTni5/QS90WmUBC3MRq6mgmcvL5uJBUTLoAc9ceGK6mq6vs5:htTWyJOTi54oecg/cT0XAjY6AG`
Yara	None matched
VirusTotal	Search for analysis

Name	44a363ff74d105bc_TS_8361.tmp Submit file
Filepath	c:\Windows\Temp\TS_8361.tmp
Size	192.0KB
Type	data
MD5	`c68be703fbe1fe8567fc18f497321436`
SHA1	`e7f266def363383b817fc9054ab8598b429f7ce4`
SHA256	`44a363ff74d105bcf9c66d8ff9380720dccbb80c4d2205909eebb7ea60bc5284`
CRC32	`A3B5A716`
ssdeep	`3072:eoElBicCWkSu5mgqzHXVSael5PiLj0LOCHud7Tcgp1eIraFTFeBhpBy7Cb:qyg`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	4ffe5d4bf560c15d_french.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\French.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`7767fbcda3db9b77f1e8feb02172ae34`
SHA1	`2e7fc2b22e094061ab51fc805cf16863e601a512`
SHA256	`4ffe5d4bf560c15db2777f0bc31652d7c733dc3cad3b4e052b10bbd6af65a0ec`
CRC32	`1BE6B4A9`
ssdeep	`48:vJFRS8/MlfWqeawdkKPnwShTJAnMZ/ekJOFGD6l243LqicRy:RFs8UxWqeanSTJAnXkJOv7qicg`
Yara	None matched
VirusTotal	Search for analysis

Name	526d4d99a16c035f_807805_114[1].json Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\807805_114[1].json
Size	432.0B
Type	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	`c34a7e7cac58f00f60b04448922a3404`
SHA1	`21becc410e8fbbd33f521c7f30cbfdb9bfbf127b`
SHA256	`526d4d99a16c035f300f8a9898df0276a9489d59cdae5b9b72546c5a91477923`
CRC32	`DC2D6BF6`
ssdeep	`12:ecJ2cdLAPAdL3dueudrEJvPX06cSrUOSYGtw9:ec/dUPA3ueuN0XVcSrUpYN`
Yara	None matched
VirusTotal	Search for analysis

Name	2d6cdcb52f0d9b8e_intl[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\intl[1].css
Size	9.2KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`b3e5190c44b3483f7c36af5a45458664`
SHA1	`c27fb81d77f366796acc068b96a25cfac10b636e`
SHA256	`2d6cdcb52f0d9b8e8467a093fb69d56bbf73d79b7aeb48a8e93ada59eeacf902`
CRC32	`664EE47C`
ssdeep	`192:7LwMQQE4wGPIQAYqC3OyPXc8PwS3jQm0PKPaP3PRPMIxhmfbEkUppvyyMmbk3wk8:AMQQE4weIQAYqUOkXcc8`
Yara	None matched
VirusTotal	Search for analysis

Name	b83910844eda80ef_SetupExe(20180405152131B24).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(20180405152131B24).log
Size	4.1KB
Type	ASCII text, with CRLF line terminators
MD5	`26842baeb788bfb5a048944dabad9242`
SHA1	`db2c15bcdb951e5fb32df7679585175646842632`
SHA256	`b83910844eda80efa66a2c1fd2a164f6acef9d27430a1540a4b19a08c442a4af`
CRC32	`89783185`
ssdeep	`96:97Id2ji+rIJN0ZlHsyupbplp8pB1pVprpwpTpBopVpHpupWpKpvp7pWprp5hW:97wFcHspxn6D139ORDoPpsUo190N8`
Yara	None matched
VirusTotal	Search for analysis

Name	1f4a7272783e4a28_beep-clockchime.wav Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\beep-ClockChime.wav
Size	3.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 7418 Hz
MD5	`fedc74e595f352049284195de8e75f09`
SHA1	`8cf9d3e2d8152d843122358e10f43a66935ea5ad`
SHA256	`1f4a7272783e4a28b0bb7a73cf832f75d0d1358a99555a1f84c9cecd52d2a227`
CRC32	`2BFED7C0`
ssdeep	`96:mzWFPsX5MewbZxnvkQRti2glLf0KpyhF7YdBF2eKAtFjP:ma+MewzkKglLf0Kpzy47`
Yara	None matched
VirusTotal	Search for analysis

Name	24f4fde27885baac_css[1].txt Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\css[1].txt
Size	182.0B
Type	ASCII text
MD5	`e9aff6816ca4a33ed9da3da1505355df`
SHA1	`9498747e71e247fc63623753fbd0c5a20e0a0d61`
SHA256	`24f4fde27885baaca7ec460ba78c362f85ee747d5637d69c309283af57bd5eb2`
CRC32	`A08D3721`
ssdeep	`3:0SYWFFWlIYCzHRiRI5XwDKLRIHDfFQWzfqzrZqcdAqsKTJ9X9wwQI21XMvKRMevC:0IFFli+56ZXizlpdAxI2wQv1XCKqeAv`
Yara	None matched
VirusTotal	Search for analysis

Name	33b1ecfa6dc605fc_deutsch.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Deutsch.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text, with CRLF line terminators
MD5	`b4db92c415b94a3f270b3b4a06d2a446`
SHA1	`0413f4d52d6174d0c3c5e792eb2c7be08e907d02`
SHA256	`33b1ecfa6dc605fcb6c7dbebf1792ac93ab1f8c7c2fc98dff10af4c97553ee9f`
CRC32	`2917626B`
ssdeep	`48:ZfBd7wrhvl0k/Bz2XAxq9J4SCVbYaeuHQyVSXh2F0bzvxFWIEuJsZFXlVUMjL7YX:/wxJz2wxqQFb3NSFWIzUXoMzY1Z`
Yara	None matched
VirusTotal	Search for analysis

Name	ea03bfd7fdda1eac_f[3].txt Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\f[3].txt
Size	113.0B
Type	ASCII text, with no line terminators
MD5	`446dfcea2ff3436918f2dacba3cdeab9`
SHA1	`81972855e41941736d23fee567721e53b4bedb40`
SHA256	`ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742`
CRC32	`50F4F831`
ssdeep	`3:oVew2dzzxHJzdd/xC0MId/avHvpHlxfYf:ogw2zzn/xeq/Ynxwf`
Yara	None matched
VirusTotal	Search for analysis

Name	23dfb2a6b5310650_Zip.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsuCF7.tmp\Zip.dll
Size	76.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b6ffd4a7812b0608b18c8665cf3b4b5b`
SHA1	`1a486e8281b80ddb0060a28e43ab14ee90ea4e91`
SHA256	`23dfb2a6b53106509444bec24b9c3893a82f8f04520f03f6b1696f53d19170c5`
CRC32	`D3FB1EDE`
ssdeep	`768:6qzEOfLo2T0pHES42P2wsSrSlAKL0RvTZTEeo9L1Po0OQuiSKcKysNU3her9doh3:6hQspHrXK5eKO5KysyxAd4C+R`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	40eee20b565174bf_IPCONFIG.EXE-912F3D5B.pf Submit file
Filepath	C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
Size	13.9KB
Type	data
MD5	`571ed5e6ec1b2d8983e5314a043a577a`
SHA1	`8d2a7c291b1a1b3f7efd3c7efd9d6d347656fbe4`
SHA256	`40eee20b565174bfb0bbb848ddd19568301f82a2c7fb5c66ad689d64789d5b1c`
CRC32	`A187080C`
ssdeep	`384:JNLM97B/g4m5m0CSXmeTX1Df3lWkssQvCu:JZkB7YFFD/lWkssQv`
Yara	None matched
VirusTotal	Search for analysis

Name	5c3e260b650af5ce_jquery-3.2.1.min[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1F4WQUHZ\jquery-3.2.1.min[1].js
Size	143.9KB
Type	ASCII text, with very long lines
MD5	`9ff279cffa673c2fa8c6ee9f700f9d62`
SHA1	`1fff46ca59f1c5d5cab1bc74a6adb60bd3d436ba`
SHA256	`5c3e260b650af5ce94c9c81c87575348f553698919a2014d41acff1b2c21e918`
CRC32	`0784A982`
ssdeep	`3072:9oa/1yiGGWY5iZ4LKZORUa/1yiGGWY5iZ4LKZORUts+N:9oIyzGL538OR/yzGL538ORAlN`
Yara	None matched
VirusTotal	Search for analysis

Name	2245ec669454f7fd_{1C306CB1-771E-4B4B-A902-86E897877F5B}.jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{1C306CB1-771E-4B4B-A902-86E897877F5B}.jpg
Size	740.0B
Type	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 16x16, frames 3
MD5	`218704c24299ab2eecf113acacf5c9f6`
SHA1	`5c6aea4d289b901e5d886f2d896b0d0ad10878c4`
SHA256	`2245ec669454f7fd27267fa1e706a37efec0a8983d3b5786fca85193636c85b6`
CRC32	`281299B0`
ssdeep	`12:FC9YM8fijy0lJ0Xx0WzOsvWGKkCHdcfmcGHMf/qXzUOrS07DAzEgOsvWGKkCHdcP:49YMWTo0XxDuLHeOWXG4OZ7DAJuLHenP`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	8114b09818641481_test.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zO416BDCC9\test.docx
Size	13.0KB
Type	Microsoft Word 2007+
MD5	`72c8f202c0f669e4771c071d77f0ae01`
SHA1	`46e77ca734f26d703b24fbf4e75918906b14de35`
SHA256	`8114b09818641481c591e0dadd6f16b171134ee0425d05e7b9121fbc9bb6addd`
CRC32	`44B0028E`
ssdeep	`192:TDtm8w5lG9xv+qzOVjQaL8hjvQUh9y8u6ubv3vlfc37AxJtK05FoAdpqbv5L7Wb:TDv2QAxLGj19WztBXtK0kPL7G`
Yara	zip_file_format - ZIP file format docx - Word 2007 file format detection
VirusTotal	Search for analysis

Name	f6f4ad8f998096b3_ring2.mp3 Submit file
Filepath	C:\Program Files (x86)\ClocX\Sounds\ring2.mp3
Size	6.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
MD5	`ffe63755c41c834caa3d4967d099108c`
SHA1	`b3c86a2fba4123dc1a107328b810c64a12280936`
SHA256	`f6f4ad8f998096b329677bce8cc1db37b6923c5de6761328dd5c3ef6a49ce892`
CRC32	`1D412A21`
ssdeep	`192:gFG+4dGvjjICGxrvRRIOHmEaS4VwpZo0TuoMa:gFG5QfIxxrpRIOGBS4Vw4auda`
Yara	None matched
VirusTotal	Search for analysis

Name	590751e40a4b39a0_SETUP.EXE-9129729F.pf Submit file
Filepath	C:\Windows\Prefetch\SETUP.EXE-9129729F.pf
Size	106.2KB
Type	data
MD5	`4944251b293025c799da59d330c8895c`
SHA1	`1774904fdc852403582375bba36ef447d4709100`
SHA256	`590751e40a4b39a0d5cbc12881622c666b96a05c4451e91302e80acc74157c33`
CRC32	`5178B2F9`
ssdeep	`1536:oXMud+pbpnoAiGpgENsf8nKjlAqqw5s9zq3t0p+0X8GY9x/oKWcseCqMNlCAx1Hi:om3xNElAxw5s9St30fLoaG`
Yara	None matched
VirusTotal	Search for analysis

Name	edcad5b1ce8a304b_views[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\views[1]
Size	1.8KB
Type	ASCII text, with CRLF line terminators
MD5	`bee1758a485085bb8a121eb74ba7e96f`
SHA1	`8024492e1126b17f832e36c932d433200180b693`
SHA256	`edcad5b1ce8a304b70b8c9ea57d4aeab740d979ffa59243b943011cb1ba4d57e`
CRC32	`3FB291C2`
ssdeep	`48:1QuIGYwCQ73ZOaFibdMpn1c2CqWMwr8Qp5lAh:SncJO8ZDru9S`
Yara	None matched
VirusTotal	Search for analysis

Name	bcde729100d23631_blueballstd.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueBallStd.png
Size	27.5KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
MD5	`52b3b390690b8cc3d7e432f7ad26069e`
SHA1	`2a777edc8d78796291722ec5ad91fd036224daac`
SHA256	`bcde729100d23631e527e126ac820e00b894d5ca0e2b1d11dfe13e2da2045ffc`
CRC32	`C2AD2154`
ssdeep	`768:MtXV8nMgM3Da9p/tp3bH73l8vAPt9k73YpH1:wV8VMalb7l8YPtS7oH1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	43cd2b4fed991ab5_nsj2580.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsj2580.tmp
Size	15.0B
Processes	2828 (tOtcmAUyZOxR462do2YSqCR9.exe)
Type	ASCII text, with no line terminators
MD5	`7607c5619b3221c5d9f6a1eb859dd62a`
SHA1	`ddc22f5c44b44fe982dde46db81b742a7bede8c3`
SHA256	`43cd2b4fed991ab5ee8305ab0a58aac7b4d3ab9957461bd47f917036e1ff51d3`
CRC32	`31DBA204`
ssdeep	`3:Lb8:/8`
Yara	None matched
VirusTotal	Search for analysis

Name	fde433aba0fde669_jaguar2.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Jaguar2.png
Size	26.4KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`a12a30ad1d5df1aa37a800872f645267`
SHA1	`6b2235dffb9c8ac6a3d86e852a00d46d623f6843`
SHA256	`fde433aba0fde6691638d7af029ef95561980183697595097d23beed55263bc8`
CRC32	`8DED925B`
ssdeep	`384:5hLqpEkpEyxcmTzRgctHZTjeZz0V0LFLXxnQISR+ApHwsXRcyXnEWjsExibdCaVO:vuSIEBajH4hBQtJpHwsXT0zpdCao`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	650e6ef95912df10_SetupExe(2020110220215923AC).log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SetupExe(2020110220215923AC).log
Size	29.9KB
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`4faf7188661f4bb94f921fa2bc31bda3`
SHA1	`c67c0cba808d3e850fe0f853d897cc6f536d78eb`
SHA256	`650e6ef95912df10ba1ef5277c6b52a3c94ef95c9c230512d52fca6aae8e2fcd`
CRC32	`5233DEA7`
ssdeep	`768:v64vUX+V21VGGcSmMav3UmddYXxbHxhJ5S4gbdv3GJt:v6d+w1VGGcX3v3UmddYXxDvJ5S4gbtO`
Yara	None matched
VirusTotal	Search for analysis

Name	7aed747c87234579_OSETUPUI.DLL Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup000023ac\OSETUPUI.DLL
Size	126.3KB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`d2187caf767c7f95ac5769c93d736ce3`
SHA1	`0ca608cfb9fc817620973569dd2ea5026016b6a9`
SHA256	`7aed747c87234579b7964f3f531938f0372ae743e80811bd890757ea650111ee`
CRC32	`46F6CE3F`
ssdeep	`3072:0idCZLxhnnLPAuDmyCKdC+lCDdCPdCndCYCmMCVCNCMCpnvbVClCvCuCtCXC9CCl:/yxhnnLPAGCKdC+lCDdCPdCndCYCmMCQ`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	4c8995ad7e901b37_BRANDING.XML Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Setup000023ac\BRANDING.XML
Size	304.2KB
Type	XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`d57bfcd3640758afd97db8380be3e32f`
SHA1	`bb3125b3fc52379d47364e1569c6bb142e91870e`
SHA256	`4c8995ad7e901b375acf8ef6a94111973914a12ba793817a902e31bbaf7758a0`
CRC32	`C863ACA7`
ssdeep	`6144:fd0shrG2c9HBoouJ7IbsXsmemPujnr2PROcWf3GGsoLt1RArhjLomUOG:Neaoc6pJPOhLhG`
Yara	None matched
VirusTotal	Search for analysis

Name	8de29b958f3e9105_MAINTENANCESERVICE_INSTALLER.-C7F8A77D.pf Submit file
Filepath	C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-C7F8A77D.pf
Size	41.7KB
Type	data
MD5	`8a76419ae076c782c65bf6135aed8f03`
SHA1	`8673a35ecc3b0309f79ee4c3c241842d47a979a7`
SHA256	`8de29b958f3e9105e182f920ed92a4423588e5c04b7b75354bb7fbeb1f49b88e`
CRC32	`60F9E4A5`
ssdeep	`768:nom8UUZwYTpBy5qsBxZ7P+aqYgtIGmW/K:eUUZwCpBUqsBzkYgVi`
Yara	None matched
VirusTotal	Search for analysis

Name	6d8a01dc7647bc21_favicon[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\favicon[1].png
Size	237.0B
Type	PNG image data, 16 x 16, 4-bit colormap, non-interlaced
MD5	`9fb559a691078558e77d6848202f6541`
SHA1	`ea13848d33c2c7f4f4baa39348aeb1dbfad3df31`
SHA256	`6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914`
CRC32	`FC87942A`
ssdeep	`6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d0a63da3fda9ab34_RUNDLL32.EXE-7BCB21A1.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf
Size	42.2KB
Type	data
MD5	`11be20643d94ce4800e4bcb2499082eb`
SHA1	`66e7cba8a17d497eb60bf14c85df154cfb172a52`
SHA256	`d0a63da3fda9ab34f474d3af441f43549f0c3be010864643f775c1512edfe420`
CRC32	`D3715DBC`
ssdeep	`768:04sjfRpMPAwjzIIWaS9Iu4XQ/3AIPwsCFjmxwt7gjcHQvkC+iMKss6yAoCNVKxzF:0BPpEsrX9IuiQPAIPrC14wtcQHQqipak`
Yara	None matched
VirusTotal	Search for analysis

Name	b4d4dcd9594d372d_ArmUI.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ArmUI.ini
Size	251.9KB
Type	Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`864c22fb9a1c0670edf01c6ed3e4fbe4`
SHA1	`bf636f8baed998a1eb4531af9e833e6d3d8df129`
SHA256	`b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0`
CRC32	`21C6A2BA`
ssdeep	`3072:wT4DJAvCXkQqSmSgojgTaDuK1+4xKtaU/QX5Pm9vR549QHmYPCjTMNro0Jnxu4Fn:xvUzH5`
Yara	None matched
VirusTotal	Search for analysis

Name	757b6322ff5894af_slovak.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Slovak.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`6b5809a31de634a0ec58019350e4d50f`
SHA1	`6060c89f71ffef00df7053d66087938de5e2aef5`
SHA256	`757b6322ff5894af64ab3887bd8690838d5d59c561cb963cae1ad8ff78117f1e`
CRC32	`CE3AF562`
ssdeep	`48:Y81cEWQ51kbiZyt8jJkuVB+X4lGxvSDjvna4HP/MTNOTJPcRW9ZBM:YYWQbDQW9eIlWEnJP6OGUa`
Yara	None matched
VirusTotal	Search for analysis

Name	d2c7f802a6a9d133_MpCmdRun.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MpCmdRun.log
Size	1.1KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`8c9afe9b42f8849ea8a7ee09ba677370`
SHA1	`8e675bd82224342dc144fd967a9cdee7ae0e5ad0`
SHA256	`d2c7f802a6a9d133244b89c3e78bd2a330fa038e6c7dfbe74f0b2dc2f8b22df9`
CRC32	`28F9347B`
ssdeep	`24:QO6qdmRrF15psxuqdmRUp9f5sBC5s0l+5ps+DL:F6qd81tqdBp9aBfc+tDL`
Yara	None matched
VirusTotal	Search for analysis

Name	1e6a1db4e61efca3_SOC-Facebook[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\SOC-Facebook[1].png
Size	240.0B
Type	PNG image data, 25 x 32, 4-bit colormap, non-interlaced
MD5	`44352b4a87345dce6414cca0f0693755`
SHA1	`6504e7370b22bd5c767e295b33a02afa10c24fe6`
SHA256	`1e6a1db4e61efca3846b5a27f5abb9ed776b935e90424cd55ae1f2ce92d73e15`
CRC32	`5C031243`
ssdeep	`6:6v/lhPWmCXqP1eHa848kifdrrm0eZIYzrEdg2At2up:6v/7eHrHpFki1rq0eZzrWgjt2c`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ef28d4ef8cab0cee_mars.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\mars.png
Size	46.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced
MD5	`abe2e3676135dc72c21f6ac4d55d5c8c`
SHA1	`43073cc174592a80d8e2d7ad23bfa2164b92774f`
SHA256	`ef28d4ef8cab0ceefd7b60fe2c2ecde52decfea74b041c452046dddd4852cba8`
CRC32	`70145C62`
ssdeep	`768:iNAFMfapVRMLrN41wNbVDgrnTjBebwTXR2B6tYhfU3XlGfKWFDJrtw+dceO06ANw:iNAF5VUEEbirTdmwTgBLhfUFGl5dG0na`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	baece35cc80c8abc_hallow2.ini Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\hallow2.ini
Size	925.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text
MD5	`448e7ca51ff946140e484e2b8685e9c5`
SHA1	`da9fd561cdd1783f0b9a43a842f5b301d13b0bcb`
SHA256	`baece35cc80c8abcfa11089aa019fbeef1878a0e989c3b49c2734f621cbecc67`
CRC32	`E24D123A`
ssdeep	`24:BEurZuC5CTzbr1nvlVkLKhaLgGLXoIZKgVi0uzUrn:B9Dyn+nkGUnNU7`
Yara	None matched
VirusTotal	Search for analysis

Name	0f4118847f284623_CONHOST.EXE-1F3E9D7E.pf Submit file
Filepath	C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
Size	23.6KB
Type	data
MD5	`7c7dc5ba340c3d20706a79ec9fd40afc`
SHA1	`ee11a28a1695f068e920ed8e8eac40cf514ef607`
SHA256	`0f4118847f2846231c85cf780afb461693ba0ceca0a2aacbc934ad0c800ac43a`
CRC32	`8E566EC4`
ssdeep	`384:MuQhzbD0awo7ZaHU7ikrRRvpaYjiFetzib4CiEAr8Hu7i1QoR3ZpsVSULu36:Mu+zr1Z64iwRDBAeVi0CiEAoO7uQoR3W`
Yara	None matched
VirusTotal	Search for analysis

Name	8c923eec22b59e97_wall clock medium.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.bmp
Size	73.0KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 158 x 157 x 24
MD5	`a87fb416d0d925ec81816e43b4e6205d`
SHA1	`7355f2e82aa5d9b11c706c4275f86986c26a421f`
SHA256	`8c923eec22b59e971ef0d1a0fff6c8f2d7b42c8577be7430cf3e1e4f0024f3b7`
CRC32	`AF5A2207`
ssdeep	`768:hHhvyP75gct7nK+cQ/d7yJZFDU+nfVOjKx2mW6ENRObp+A6iAk9x1:phKP7ndKcd7u/tOjKx2hNcAH+9x1`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	d85be3334ddbfca7_DLLHOST.EXE-925C7095.pf Submit file
Filepath	C:\Windows\Prefetch\DLLHOST.EXE-925C7095.pf
Size	20.4KB
Type	data
MD5	`75b18618f1bd809af26ac41a5a77d1ed`
SHA1	`b035da2adbeda335c1bf00f83ec21a156552650c`
SHA256	`d85be3334ddbfca78745eae23b477719aefbf05c0d96f4c0f2382db74036ce85`
CRC32	`315DE31E`
ssdeep	`384:YFmM+cvLYx8yqPvXO2cGpnyJeBtiX8D7RiCPupYkUmsLenZuNSo:Yw4vkiniSzBt481ijpMmsLenwSo`
Yara	None matched
VirusTotal	Search for analysis

Name	fc214d8533a48a7e_bluesphere.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\BlueSphere.png
Size	25.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`e8b800502663e1dc178c8c7f20e4910b`
SHA1	`67d4438f1114f2d66de8082c06ce873e1b0977bc`
SHA256	`fc214d8533a48a7e6acb73ea847484b4ba9d9591196612a63a803f71dfd1e5ba`
CRC32	`A8F73700`
ssdeep	`384:5gAXluiJgvL09fKPHmTCrKnehZk/Bl/a6dPipbz2J/ivEIs8fHF30X1OuaUol9:VlIvL09fKPGl/rbjcVmX1ZaH3`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	ab3b00dc3529370a_dd_TMPA86C.tmp_decompression_log.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\dd_TMPA86C.tmp_decompression_log.txt
Size	588.0B
Type	ASCII text, with CRLF line terminators
MD5	`287f9572e2bad19b297a21e5dd9225d4`
SHA1	`c7c63f303369430ff714f37a853c6f11a63eecb2`
SHA256	`ab3b00dc3529370a649b195bd1e474e8ebf6613424d6ec7c0da77b7e4c413453`
CRC32	`99F24844`
ssdeep	`12:ltK0tz9DFSCBBZKSFkPEjH0Z09DFkeQE0Q:ltKCDFnBB0SFkcjHN9DFkhEn`
Yara	None matched
VirusTotal	Search for analysis

Name	a4cf909a8f6eaa45_MSIc6ae6.LOG Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\MSIc6ae6.LOG
Size	256.5KB
Type	Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators
MD5	`dd6016a4ec8b0a14551f9e7fbd1b7bac`
SHA1	`5a20bb18bcfa4f81e62743292849362812cbb294`
SHA256	`a4cf909a8f6eaa45e56153fce8453121919d023ae92f778ae3b894ae0b2f275e`
CRC32	`F418FC47`
ssdeep	`1536:w+iX0/7DHHz5Ufp3qUhbVvOcQEB633woMcLxwistN/b3Cl7jBhRmQSnbxAWcDJF7:z6jrKC70XnX`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	0f5cdbe57a86ffc5_keys_js5[2].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\keys_js5[2].htm
Size	1.0KB
Type	ASCII text
MD5	`806b8779318889351f73daf895ffaab7`
SHA1	`fa95480dcef1090776066cd33aa165e12edaa43a`
SHA256	`0f5cdbe57a86ffc5bc5fc0cb7c16ce8e8800650150db1abe35b3cfc7452adf4d`
CRC32	`465E139D`
ssdeep	`24:lIA+2TBKuuJWsV3QKfbXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:Hvk3BDXDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	1f6f37adb95bc0e5_klokjemin.hpng Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\klokjemin.hpng
Size	1.9KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 50 x 9, 8-bit/color RGBA, interlaced
MD5	`9d6062887c1ac43745755af0decb59cf`
SHA1	`03f8c2912da77d162468d97b29583446de040cdd`
SHA256	`1f6f37adb95bc0e517f8aa261c2ea545368ce5a3893c869df24f84b2e051109b`
CRC32	`25DCA8C9`
ssdeep	`48:+UBnMSY1NiJ7G+lYXQd1GCkVrTzjI2yvf:+UVvbYXc1k1zW`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6f0ed8ab11b3397d_mailCount[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\mailCount[1].js
Size	49.0B
Type	ASCII text, with no line terminators
MD5	`c11f0b04a91dc2cc641f5f2359bafe42`
SHA1	`c1a6ff11de2e9e09c710aef8c6a91276e0e806d2`
SHA256	`6f0ed8ab11b3397d955c42f209bb455beb3b299768c87be2514fa96b5c57ff57`
CRC32	`C010593D`
ssdeep	`3:RloKieXgXvv2RwrrUf:vo/n2Rd`
Yara	None matched
VirusTotal	Search for analysis

Name	ac4006337db9d304_index.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
Size	128.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`4d4a7dddb7af03aa26f606914c4dad32`
SHA1	`d33b107973a74b978d30db390b01ccfa4894ee5c`
SHA256	`ac4006337db9d304e46668bc0e5a3d5c3638f81bfd83d159a4aed423e1d86974`
CRC32	`8A1AF359`
ssdeep	`1536:osEhpTQEXKhpy9GJmMDsTjdMsJ1ebd5fgjTwxOEoZol0:o5GJw`
Yara	None matched
VirusTotal	Search for analysis

Name	18ae9d76727c45a5_errorPageStrings[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\errorPageStrings[1]
Size	2.0KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`867666e4f73a755e0c135ce4e90de230`
SHA1	`a7b1d23f1d2ef9de6b149925147d44076e17fcb3`
SHA256	`18ae9d76727c45a577073bfc8d8914fedccfcf43b5afeeaf26737448712334e3`
CRC32	`D8C63FA6`
ssdeep	`48:z9UUiqu6xl8W22751dwvRHERyRyntQRXP6KtU5SwVze/6e/+Ng7FU50U5ZF0:z9UUiqRxqH211CvRHERyRyntQRXP6C8o`
Yara	None matched
VirusTotal	Search for analysis

Name	80e87432d7764634_srpski.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Srpski.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	Non-ISO extended-ASCII text, with CRLF line terminators
MD5	`1d9538a2f34f9f14c5359a802d88eea3`
SHA1	`97d508ee407e866ee43d93789edf66a82e067af6`
SHA256	`80e87432d776463469912bc1a0b42039fe76fc86014f236d277678abc3f3246c`
CRC32	`C2CFAEDB`
ssdeep	`48:Oe2ySYKHbJVvamhXm6NPLFXYmB4midNoiqiEUygVMg+a3kGjkIa2RFmk4RTu:Oe2ySFbJham86NPLFX3OmwSPU50a37Br`
Yara	None matched
VirusTotal	Search for analysis

Name	7cbb733c2401fb4b_OffSMDL2.2.68[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\OffSMDL2.2.68[1].woff
Size	22.9KB
Type	Web Open Font Format, TrueType, length 23432, version 0.0
MD5	`42759efc06bbf2a7431228076e2b553d`
SHA1	`29e926807ec79188226f7ce74447e58a3cdb23e4`
SHA256	`7cbb733c2401fb4be2e46c4c39f61f4dc70ec4784b7607e869b513a769c47e32`
CRC32	`7D75B633`
ssdeep	`384:H4rW46NMLHjdR707PF9HmcAd0EWguRWOrMuZA+5UaqhxZYHAyi6sEtbIa+:LojjdR7GFdmTd0lguRWgMWA7hxZ7TEWj`
Yara	None matched
VirusTotal	Search for analysis

Name	48db744d53e5d7eb_dsaqua.bmp Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\dsaqua.bmp
Size	32.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PC bitmap, Windows 3.x format, 129 x 129 x 16
MD5	`4d99c681a6f8df6bd48a49b3162b0dbb`
SHA1	`123e39e10426bfec2a050b963ecec4fc379ead97`
SHA256	`48db744d53e5d7eb33715cf57215b6d556bff12a0a21158b37215ef67ce96787`
CRC32	`AE09C30F`
ssdeep	`384:WF3WK3fGUUUUUUUUUUUUUUUUDUUUUU63EZJTL/o70pn0cCzW7dmb90:k3WK30UZpL/o70UzWkK`
Yara	bmp_file_format - bmp file format
VirusTotal	Search for analysis

Name	b2391bb989c14573_citizen.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Citizen.png
Size	73.6KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 200 x 199, 8-bit/color RGBA, non-interlaced
MD5	`74d7455a9e42edba04a1fc8e5d1ca1a4`
SHA1	`9d0cd86a18aca40aae14018ea9fa8b37a1d929f5`
SHA256	`b2391bb989c145731214525dd323cfe4978c87dd6781fd2a23e1209a2df7115c`
CRC32	`39A464A4`
ssdeep	`1536:Engr3PcDKaKs6I/Dmqji+UUK7Rt+E8VyMkHsBP8jnZ5oi:f3PNnI/Fm+UUKekMkHkP8gi`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	44b6c13bcd035681_GOOGLEUPDATE.EXE-B95715F5.pf Submit file
Filepath	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
Size	41.8KB
Type	data
MD5	`9b091cf9b8fe69e2d722323b0c382fde`
SHA1	`479ef8b382b735efd2f0d71c1e91cff7debdc6ce`
SHA256	`44b6c13bcd0356818054a7c87187fcc0c3ebebe7d4c279b5c91c1a19de1a3fbc`
CRC32	`ED705ED3`
ssdeep	`768:mmLTBQp+No+H655KDn5ITDncMfRBB1CeOOGmeHNDfZ7:HhQp+vazM5mosAHNd7`
Yara	None matched
VirusTotal	Search for analysis

Name	d0923abaef6bca75_index-vfl0GyzuL[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5BY0Y7HX\index-vfl0GyzuL[1].css
Size	21.1KB
Type	ASCII text, with very long lines
MD5	`d06cb3b8b7fea292574fd692de8d7d7d`
SHA1	`49c69d9d27e565825551c0c762914f88ae271e3d`
SHA256	`d0923abaef6bca75b89a58de0057d11a9a00b5b2312d2ff5fc65c79aae28c2e4`
CRC32	`3CA42E4C`
ssdeep	`384:5+gKG53/iBkNwz/JBr46+9PJR1aoigS9fZBlMNApe/JW8tc+:5NRqbJBr46+9PJR1aoigS9fZBlMNApev`
Yara	None matched
VirusTotal	Search for analysis

Name	dba15736751a45dc_keys_js5[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\keys_js5[1].htm
Size	1.0KB
Type	ASCII text
MD5	`5a3ab9e38f59b345e5de3aa02d077ae0`
SHA1	`3723c1a5f7e661e29e2f698f673473ccd7a7c2c1`
SHA256	`dba15736751a45dcc8811119aebe35e5ab0bf0592617818e6b966dd181a8d635`
CRC32	`D2326B60`
ssdeep	`24:y8E8Zx1Hv1bXDaEKzkOJ7F0zVTefXor+wMwenZfur+wfC:/Zx1HBXDa9zPJ7F2ZefYrEZfurq`
Yara	None matched
VirusTotal	Search for analysis

Name	e913e546b84c80f5_english.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\English.lng
Size	2.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ASCII text, with CRLF line terminators
MD5	`e873d0c2ecd4dcce5e89191ffde5253a`
SHA1	`04d6c989c41d8e2895b94e1d41882c3f76ef9c0e`
SHA256	`e913e546b84c80f5f2d4b4cf85d72bf1f722aabd7b9c5c97814f828966077296`
CRC32	`2FEB52EC`
ssdeep	`48:S9910MsOKxTvsoVeOFLvxCBkin0Dqtbry4whkLA8wFfHYwgAuPRXTv:S9xkFsoXZg0DqtbG4whknwFf4wgTNTv`
Yara	None matched
VirusTotal	Search for analysis

Name	ac322a5c1ab93b1c_secondhand-7.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\secondhand-7.png
Size	966.0B
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 258 x 5, 8-bit colormap, non-interlaced
MD5	`903639fd237d7a7ad546c610ac3e5b0c`
SHA1	`e387cec4b6524e228adde937ff7a73a10e4d5c7e`
SHA256	`ac322a5c1ab93b1c7c6311ebfbadebb5fed8d4745032c024fdd4520d040c55b6`
CRC32	`8025E3F3`
ssdeep	`6:6v/lhPk51llGMkuldXgknPMnP8wE4cyOP5Rt+D/6SaRRClMUspNvsOzQp:6v/7Q+EQGmP8ieRt8/6jRjUspqOza`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	711b797c47b4d076_romanminute.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\roman\romanminute.png
Size	3.1KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 100 x 9, 8-bit/color RGBA, interlaced
MD5	`a86418dbe12535f31e5e73b3dc7baf2a`
SHA1	`f080ea7232635292a8bfc14f7139c2df009cd70c`
SHA256	`711b797c47b4d076e3fea8ff4049da416fdaf36550df6b913a2399af6ac5c8aa`
CRC32	`9973E922`
ssdeep	`48:3AzX0UHGEFpLWR5XgeqLFOYhxzRnwMdsrnYPcds1oIFFTth5bNMuv5qWBR3hxk:wrdGEFlKJg7LFXx9nwMdeldsa6Ff57E`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c12f6098e641aaca_jquery-1.9.1.min[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery-1.9.1.min[1].js
Size	90.5KB
Type	ASCII text, with very long lines
MD5	`397754ba49e9e0cf4e7c190da78dda05`
SHA1	`ae49e56999d82802727455f0ba83b63acd90a22b`
SHA256	`c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4`
CRC32	`8476B490`
ssdeep	`1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe`
Yara	None matched
VirusTotal	Search for analysis

Name	3553fe6479f1d737_RUNDLL32.EXE-8C11D845.pf Submit file
Filepath	C:\Windows\Prefetch\RUNDLL32.EXE-8C11D845.pf
Size	26.7KB
Type	data
MD5	`e9235ab227683daf5ec6f5c89ea49edc`
SHA1	`d28c0b298307237858dd5e010e4f3b5ba14a903f`
SHA256	`3553fe6479f1d737acaec866731106694081f188dc7f37200e26906c401d6040`
CRC32	`782F8AAC`
ssdeep	`384:A4hDL8NllR4LpZOOr4ZHrMWJeyFfEw+n56akYUwvMs6yIIkKS:A4duGp+rMnUak2vMs6yIIkKS`
Yara	None matched
VirusTotal	Search for analysis

Name	f054eec75474fa5a_italiano.lng Submit file
Filepath	C:\Program Files (x86)\ClocX\Lang\Italiano.lng
Size	2.3KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	ISO-8859 text
MD5	`2d6c2e8ae88c3269b639ddacfcc87775`
SHA1	`43ee3f9a70a9127bbf36b7c82d19716fe0b7a316`
SHA256	`f054eec75474fa5af87268d06c5dc7b007ed18c5a7fcb682c8f1e681bc5ca63a`
CRC32	`CCCC6107`
ssdeep	`48:eYCHSWlXfWhQYLnGWDvuYhAbBLG/VDR1OUZFM9S+Net8W92xxZxpvdAj/M:F0SEXf4QMpDvu8AbSVV4eFM9S+ct8Wgd`
Yara	None matched
VirusTotal	Search for analysis

Name	8d018639281b33da_ErrorPageTemplate[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\ErrorPageTemplate[1]
Size	2.1KB
Type	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`f4fe1cb77e758e1ba56b8a8ec20417c5`
SHA1	`f4eda06901edb98633a686b11d02f4925f827bf0`
SHA256	`8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f`
CRC32	`E6FF242A`
ssdeep	`24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6`
Yara	None matched
VirusTotal	Search for analysis

Name	269899c2b9a7a864_dismiss-cross-vflIlGysZ[1].svg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U06NAGU2\dismiss-cross-vflIlGysZ[1].svg
Size	368.0B
Type	SVG Scalable Vector Graphics image
MD5	`2251b2b192bebb21ec1c4dfb7a4de639`
SHA1	`473f689ce4ba5d361e9b130254d917a4f17d9a85`
SHA256	`269899c2b9a7a864dcbe551571de2b57eed361a1a16ecbdac6ac94b09487d12c`
CRC32	`8E3CC75F`
ssdeep	`6:tnrAt4UOYmc4sl2Y3qz9qWc9UQdFfKgaLC5xTStpdzpeiXtPIprwK/RrZRME:trA+ScY3q5W9zFxau72Nzpei9IpRZXME`
Yara	None matched
VirusTotal	Search for analysis

Name	4807722eb149030d_amarillo.png Submit file
Filepath	C:\Program Files (x86)\ClocX\Presets\Amarillo.png
Size	23.8KB
Processes	2580 (ugttmv0bWvGn3XMEJXD45JlM.exe)
Type	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
MD5	`0bc808a35c32957f3c115de1593263af`
SHA1	`639dff4394e4739e48b8647e24bf5ca055975482`
SHA256	`4807722eb149030d3be8df0d51fe0b0232ca618360d7982f637f9560a00488e2`
CRC32	`BE6AF714`
ssdeep	`384:Pj/Jv0KxBi7S2563Y7bY45Bi3cmrt05iuxtrjFrF27F0JP6BSyk:P7JVx+7cYHH5M3cS053LrjFrswPxyk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis