Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
07.06 06:07
build.exe
07.06 06:07
CoronaVirus.exe
07.06 06:07
RedLineStealer.exe
07.06 06:07
stealc_zov.exe
07.06 06:07
newbuild.exe
07.06 06:07
setup.exe
07.06 06:07
leva.exe
07.06 06:07
CryptoWall.exe
07.06 06:07
univ.exe
07.06 06:07
inte.exe

Latest News
07.07 12:07
USENIX Security ’23 – ...
07.06 10:07
Researchers Discover C...
07.06 10:07
New Mallox Ransomware ...
07.06 09:07
[한 주를 관통하는 보안 소식] 2024...
07.06 09:07
[퀴즈 이·보·소] 최근 벌어진 국내외 ...
07.06 08:07
김포시, 70만 김포시대 대비해 최첨단 ...
07.06 08:07
식약처, ‘체외진단의료기기 품질관리 및 ...
07.06 08:07
코레일, 정보보호의 날 맞아 ‘사이버 안...
07.06 08:07
소프트웨어 가치 보장, 발주자가 앞장선다
07.06 08:07
‘AI 과학기술 강군 육성’을 위한 발돋...

Dropped Files | ZeroBOX

Name	169c04331f72fe4a_2WUcSUzOhDS1places.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\2WUcSUzOhDS1places.sqlite
Size	5.0MB
Type	SQLite 3.x database, user version 53, last written using SQLite version 3031001
MD5	`f77930486de1b1bb4b397d5d8f3cd124`
SHA1	`e3f5727a0774c7cba17f0b10569012dcea24cb55`
SHA256	`169c04331f72fe4ae9958da09e1b28ec5910f7ea523d6105b7e4ad521b2baaee`
CRC32	`D85072F9`
ssdeep	`96:Dm8j5PnH6xY2Wi+67tH2iB4q2xfX7ZbiZzdFzb4PPwI3A7:l5/IYOTAlQzdFzaDm`
Yara	None matched
VirusTotal	Search for analysis

Name	8916fb1d76be83e4_PQeATPGgrc2Pformhistory.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\PQeATPGgrc2Pformhistory.sqlite
Size	192.0KB
Type	SQLite 3.x database, user version 4, last written using SQLite version 3031001
MD5	`6b9c2ac2b5025e180231d8d38ece698c`
SHA1	`36f5cfe6ac59aaa7d7173555edeef5caa9bf61c6`
SHA256	`8916fb1d76be83e42cd2f7b41ee06706fe0adb936259ed7a7daa4dbcb4c51fcb`
CRC32	`95ACFD74`
ssdeep	`12:DBl/lkf12Of5LZWfY0xpMujuHWMu6N2OHjWOzMbdym/eRgBoQFmgW2FOmO6Mz6LX:DLlI1x7WxHaiSlMxosJF/Ezo`
Yara	None matched
VirusTotal	Search for analysis

Name	4c7690aae75b181a_flesh.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000018001\flesh.exe
Size	342.5KB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fd8a4f2b56f11fff594f526267468645`
SHA1	`90eb7d49e871f7bd92203ac58ecdd589471918c0`
SHA256	`4c7690aae75b181a414129672bbad75d30883ac9f59ccede66b3b5789bd105b6`
CRC32	`9D66EBEA`
ssdeep	`3072:+xnmkwesFA+1e8yDdv9Dv8O+6pcZ0Csem/t/umYOEY2qsCD5UgmmdpPjlnyl/Knt:+xnmXFA+Qx8AumuY2qPDmabjdSKngdU`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file RedLine_Stealer_b_Zero - RedLine stealer OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	1a9251dc3b3c064c_dinosaur[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dinosaur[1].png
Size	57.7KB
Processes	2232 (iexplore.exe) 2348 (2Fy3903.exe)
Type	PNG image data, 1200 x 800, 8-bit/color RGBA, non-interlaced
MD5	`bdda3ffd41c3527ad053e4afb8cd9e1e`
SHA1	`0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b`
SHA256	`1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399`
CRC32	`136A1553`
ssdeep	`768:C7Fv/DCdkYu6D+4+T9Z3PYLwkz5Z1sVvxjhL1y4ViUnMQCIR7N0gZ9fkJeZvPxG/:avJx6Dr+7PYRzz1yho4LCQL3kJEvJy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_4lTPVNBPLu2Mplaces.sqlite-wal Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\4lTPVNBPLu2Mplaces.sqlite-wal
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	a90665be0056a098_AdobeARM.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AdobeARM.log
Size	509.0B
Type	ASCII text, with CRLF, CR line terminators
MD5	`3126ec2b49f0bdd76e891817904afb16`
SHA1	`61e792e8ff42101fca2de173e67a9e63e6383ba0`
SHA256	`a90665be0056a09870d458157e8a7b7d18988ebc06ebda994ca38c847ae70baf`
CRC32	`D958EF7F`
ssdeep	`12:oPBRxj3Pn0dBR5BxI6EBR5BjtRvA6BBBR5BknBR5BMPBROOKZBRSsBRaECy:oPBRFcdBRH4BRHjDAaBRHknBRHEBROOy`
Yara	None matched
VirusTotal	Search for analysis

Name	6b8e428cff996c49_explorhe.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\d887ceb89d\explorhe.exe
Size	426.5KB
Processes	1236 (explorer.exe) 1044 (7pB3Mq40.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9a0b7ee713610b8395c8f0580a3b1e3d`
SHA1	`e44a9e7ec6fe06ae6ba1b9518db78e95ad451942`
SHA256	`6b8e428cff996c49aa52e017213c7016880a2bc1583d051240c74992bf83c357`
CRC32	`175F0A5A`
ssdeep	`6144:1OP1cLnbZQOvBM1nGT7SVJEeFRuhuRlOBC+3hmHfqYr5PcfT5m0JuGeFxACt70+N:cPkOOKGNeZ6C+RpYrtS5m0JuGeFxZ06`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	23d0ee7d7279e063_golden.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000004001\golden.exe
Size	365.5KB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6563774617de1b4229cd69bdb823a4f2`
SHA1	`71870a8e15d8a39d71e7934d84fa8c69c4e5b6a8`
SHA256	`23d0ee7d7279e063ddbca86376557628ace23c767171798789cae2174767b31f`
CRC32	`DB636F0A`
ssdeep	`6144:rcR59r7BmrKxyn30tm7u9yMYeRewed+yYc7hyGvvis+EDE45PNUlRWPIvFn7yO+2:rcR59r7BPynwmLeUwe5YCyGiJ4YOgvFt`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	d9835fe6f202da81_rise131m9asphalt.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rise131M9Asphalt.tmp
Size	13.0B
Processes	2348 (2Fy3903.exe) 3000 (nocry.exe)
Type	ASCII text, with no line terminators
MD5	`1a963b6f1bd7ed97bd8e360602a45f2c`
SHA1	`5e9efdf9b3f862b1c6d186b51963212c2a7e1b74`
SHA256	`d9835fe6f202da818633cbf0ce2c8f060910d8be18d8ae2d360b35ef74bde192`
CRC32	`AB319259`
ssdeep	`3:L7wgn:Hpn`
Yara	None matched
VirusTotal	Search for analysis

Name	351fadc9f1ddd2bd_MRK.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000009001\MRK.exe
Size	5.2MB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`04f93f610df4d1c941ec7f64679e3039`
SHA1	`11a8b38934a55d203fa78f13e9b7d24754baf9dc`
SHA256	`351fadc9f1ddd2bd6bd34ceed2353b8211123e057b52c6aeb60a28643d92f137`
CRC32	`485F7230`
ssdeep	`49152:8jxUCLBTkbWcYz5rTyMHUORJeiHkcO09cl2xeAEynEOsFDqnNg9QFiDxAdlv+nZq:6UCpkUHUyeiHK2r8FDkNgyFo51C2ARt`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	9ce7f3ac47b91743_kfolcnqeu92fr1mmeu9fbbc-[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
Size	20.1KB
Processes	2232 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20544, version 1.1
MD5	`40bcb2b8cc5ed94c4c21d06128e0e532`
SHA1	`02edc7784ea80afc258224f3cb8c86dd233aaf19`
SHA256	`9ce7f3ac47b91743893a2d29fe511a7ebec7aef52b2ea985fa127448d1f227c1`
CRC32	`2CDC4561`
ssdeep	`384:yIaxgESUyNlegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyn:yIw8UElewHxRmqd8PdwLLeR/ZLGwZLbX`
Yara	None matched
VirusTotal	Search for analysis

Name	85e03805f90f7225_inetc.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsl60FF.tmp\INetC.dll
Size	25.0KB
Processes	1868 (InstallSetup7.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`40d7eca32b2f4d29db98715dd45bfac5`
SHA1	`124df3f617f562e46095776454e1c0c7bb791cc7`
SHA256	`85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9`
CRC32	`61C1A751`
ssdeep	`384:pjj9e9dE95XD+iTx58Y5oMM3O9MEoLr1VcQZ/ZwcSyekMRlZ4L4:dAvE90GuY2tO93oLrJRM7Z4E`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description)
VirusTotal	Search for analysis

Name	a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	893.0B
Processes	2348 (2Fy3903.exe) 3000 (nocry.exe)
Type	data
MD5	`d4ae187b4574036c2d76b6df8a8c1a30`
SHA1	`b06f409fa14bab33cbaf4a37811b8740b624d9e5`
SHA256	`a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7`
CRC32	`1C31685D`
ssdeep	`24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x`
Yara	None matched
VirusTotal	Search for analysis

Name	b6bc62948875b3b8_nocry.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000001001\nocry.exe
Size	856.0KB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e33b43ac05fddf2791d1312f67e921a5`
SHA1	`d093f53e81ff2337ecff7147f5826649acb36866`
SHA256	`b6bc62948875b3b8f74a1726bcbce53e74f1c918b0676d20e6bbf76f9f069ae2`
CRC32	`62F14BCB`
ssdeep	`12288:eIR98s6RdDGTS/zac/rIFNmrO++h5X+V3nFzTfwPwFrbdxOTsegf/bd+Jo8SVNGa:TvehB/rIGOd`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	4b26b857f78692d2_202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`1fd2fa78c68205f6584ac7cca25b7a8f`
SHA1	`51383d4581dbea023d8acb7f82c93508a0bb50ec`
SHA256	`4b26b857f78692d2c0da7515a32e99e2b89b10ca98fb72f12f7ba9f946ee0f07`
CRC32	`CBCA3EEA`
ssdeep	`24576:76O7cglbAMTDu2h73Ufws831I7mIbgSEhtf7EOmINL4ch+aXX:fQMbDfUfo31smIg7EJINL42H`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	d146ff1237c23120_qw3hzqngedjao2m6tqiqx5e-avs5_rsejo46_pctrspj0oosolrbejl3hmxfxqaslul2m_danvawbpsf[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF[1].woff
Size	18.0KB
Processes	2232 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 18412, version 1.1
MD5	`37392a82f2d94c9236b8de6b2f3e2a5e`
SHA1	`bb16b62b552b9e84edec4b5bc3a9ee08993885d9`
SHA256	`d146ff1237c2312060bc87450cbae69ab86184f7b382521394c6034743d4e1e2`
CRC32	`FBF4F4B3`
ssdeep	`384:54xxsN+8B+/q8EGq+DorALC6KCHWDDLQEaEUM3tI5X8RT:ExsNrB6qNmmALJUDDLtaE2Y`
Yara	None matched
VirusTotal	Search for analysis

Name	6fb31acdaf443a97_edgium[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\edgium[1].png
Size	7.0KB
Processes	2232 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`01010c21bdf1fc1d7f859071c4227529`
SHA1	`cd297bf459f24e417a7bf07800d6cf0e41dd36bc`
SHA256	`6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e`
CRC32	`C5C47D22`
ssdeep	`192:vRb1blB+w3GiZiTUH3Fxkiss/qophQc+PvzFDdSqqF:vXPLgo1xkteqkOvh5SqqF`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	20fad8097502c4e4_css[3].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css[3].css
Size	354.0B
Processes	2232 (iexplore.exe)
Type	ASCII text
MD5	`1bb2a157e6de2f7e7078a5aaef8516a0`
SHA1	`877ce405de56783d9351b524cfcd0c7da02627a9`
SHA256	`20fad8097502c4e4256f6acaa5a88a4f71e48bef44a3412d7cbaa54af6d1aa94`
CRC32	`D99E72F0`
ssdeep	`6:0IFFli+56ZRWHTizlpdAxI6sVuNijFFli+56ZXizlpdAxI2JNin:jF/iO6ZRoT6pix3sEqF/iO6ZX6pixRJY`
Yara	None matched
VirusTotal	Search for analysis

Name	13e1e027ae06f26c_nsl6e4e.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsl6E4E.tmp
Size	230.0KB
Processes	1868 (InstallSetup7.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f5a012b280a59cdf9a9ca390146fb321`
SHA1	`d35af1f8d57d7e876202dcfb1a59e44ecb8025a7`
SHA256	`13e1e027ae06f26c4a6a69ca80b7af98ea8efc72df2fd9f1cfb1d98e762e3acd`
CRC32	`0F591566`
ssdeep	`3072:QV3biULGIDfUo2Sq/oq9AkY8U6wtu3tfom9sot36smXWe5e:QV3HLMo25QyvI6LNouFtqsu`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	340c8464c2007ce3_cred64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
Size	162.0B
Processes	3040 (explorhe.exe)
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`1b7c22a214949975556626d7217e9a39`
SHA1	`d01c97e2944166ed23e47e4a62ff471ab8fa031f`
SHA256	`340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87`
CRC32	`CC58D737`
ssdeep	`3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu`
Yara	None matched
VirusTotal	Search for analysis

Name	150fb1285c252e2b_clip64.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Size	102.0KB
Processes	3040 (explorhe.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`85af6c99d918757171d2d280e5ac61ef`
SHA1	`ba1426d0ecf89825f690adad0a9f3c8c528ed48e`
SHA256	`150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e`
CRC32	`D1FB26E2`
ssdeep	`3072:MYHZ5o8D+sjrW2sosmrtuQRYKr77BUEYW0Z:McDoBkPsituQR5+W0Z`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file Win_Amadey_Zero - Amadey bot OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	5f622a2bfeb83b59_thunderbird_g8t0pe67.default-release.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA3MVmbz6Kpy5Gj\Cookies\Thunderbird_g8t0pe67.default-release.txt
Size	361.0B
Processes	2348 (2Fy3903.exe)
Type	ASCII text, with CRLF line terminators
MD5	`95dff27b67a96f98827e72f9330eb164`
SHA1	`2d86a3aca1d9a7c16127a333fe642cae08cea0c8`
SHA256	`5f622a2bfeb83b597d9556ffc8bc107e219eb6ab2ef3cff2d4428e5048ebddad`
CRC32	`4C9B7FD3`
ssdeep	`6:JiKjaphXX7aQ2vSI95Bj9GfBHthf+CthfMl0kq/H+LkiKjaphXXrSdrNBPPi1H:J/EhXraQ2v795BxGfBHff+CffMOkqP0J`
Yara	None matched
VirusTotal	Search for analysis

Name	824fae3331b95e2f_SNiNNmvOx739Login Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\SNiNNmvOx739Login Data
Size	40.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`41c19a9e8541fcb934c13c075bf47721`
SHA1	`648a7622d533d79b9a0bb31dc370134ec3a75ed7`
SHA256	`824fae3331b95e2f88ca60c87a6c9569086906ec76fc1db8d6dee9adddc4e80c`
CRC32	`560F7642`
ssdeep	`48:+35TqYzDGF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:Ulce7mlcwilGc7Ha3f+u`
Yara	None matched
VirusTotal	Search for analysis

Name	f60297bec0df27a9_01.ps1 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\01.ps1
Size	2.8MB
Type	ASCII text, with very long lines, with no line terminators
MD5	`32e21644ece38047ecec2d2a0e473e0c`
SHA1	`f03e21ed3bc0cf51eb4c8dde9bf2230a021223b2`
SHA256	`f60297bec0df27a931e75b1f190803e596519c5f652a61b4c65fcc43a108133f`
CRC32	`194CB9B8`
ssdeep	`49152:Ms0/bDYZ5zCVUPAHgPxCUW1/x+XVrOoEVXZz947:9`
Yara	anti_vm_detect - Possibly employs anti-virtualization techniques
VirusTotal	Search for analysis

Name	ff3025f9cf19323c_broomsetup.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\BroomSetup.exe
Size	5.3MB
Processes	1868 (InstallSetup7.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`00e93456aa5bcf9f60f84b0c0760a212`
SHA1	`6096890893116e75bd46fea0b8c3921ceb33f57d`
SHA256	`ff3025f9cf19323c5972d14f00f01296d6d7a71547eca7e4016bfd0e1f27b504`
CRC32	`9F039262`
ssdeep	`98304:X4zVE2GO5za356R7mgdqMhW8hQjqb0It:gl7mg1WO`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0b31aaa140573807_tesaea.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\tesaea.exe
Size	8.0KB
Processes	2352 (newrock.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`92679285051c8d0464f4295bed3f0fb3`
SHA1	`0673fa629ff9ae4dd0d10091bd0a09cfe7a7ab93`
SHA256	`0b31aaa1405738071f6a6589d3fafebe57362f1cf4b2da06cc4c612a431f99ec`
CRC32	`55286C91`
ssdeep	`96:zJOujlmu1B9ilJJMOfOkdyKozt12fsek3zNt:zLkJyGy32Gh`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	137a0704f360303d_bongo.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\bongo.exe
Size	2.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`98e589da2cf91986d1e703189919dec1`
SHA1	`39e11c023c75ca9fcb64f92e0482c4ea3dfee47c`
SHA256	`137a0704f360303dbaf6efaf66c07d4c74a8fe78b4eef1e67602081c9c2b740f`
CRC32	`50C963A2`
ssdeep	`49152:xhXkxroQ262hhbZo9zce8g3N7D37ghUdmku/wmhbe9ye9+:7XkOQ+fbS9LLZdGYm3e`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c53008e01856bb22_e0f5c59f9fa661f6f4c50b87fef3a15a Submit file
Filepath	C:\Users\test22\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Size	252.0B
Processes	2348 (2Fy3903.exe) 3000 (nocry.exe)
Type	data
MD5	`06865d82b1083e67fe4241f257b5ade0`
SHA1	`72d0642137f0f76acff8fd0fc133c03901630a1a`
SHA256	`c53008e01856bb227f768fa5b39f7a3f42f8dde680fcb97c99b965e3ab2d9a00`
CRC32	`CB2B9606`
ssdeep	`3:kkFklD/klfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKIYxliBAIdQZV7I7kc3`
Yara	None matched
VirusTotal	Search for analysis

Name	aeef1a74d5611e07_css[2].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css[2].css
Size	311.0B
Processes	2232 (iexplore.exe)
Type	ASCII text
MD5	`174a4f980a382954c9b0aa319c342eca`
SHA1	`264daa21b679cb370b854f5829d6be567d24152e`
SHA256	`aeef1a74d5611e075847c2ded762af12a7300d1f607ef49725084f072122e698`
CRC32	`FF223DD7`
ssdeep	`6:U+4OUr940FFTf21C5+56ZXizlpdaQHcueiyAZ4wcM4Nin:UJO6940FRt5O6ZX6ptc+5crY`
Yara	None matched
VirusTotal	Search for analysis

Name	02f95fbdb68f232b_opera[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\opera[1].png
Size	2.3KB
Processes	2232 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`5cb98952519cb0dd822d622dbecaef70`
SHA1	`2849670ba8c4e2130d906a94875b3f99c57d78e1`
SHA256	`02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7`
CRC32	`AD4AD45A`
ssdeep	`48:T/9xo755n07P4gcVK+VJOuCORmJtLnzvzNkYzGQqvz3EP3/pFqcU:no755nQPeVKMbNYJtLzvxkMheEP3/3s`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	dfce2d4d06de6452_protect544cd51a.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
Size	742.5KB
Processes	2872 (MRK.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`544cd51a596619b78e9b54b70088307d`
SHA1	`4769ddd2dbc1dc44b758964ed0bd231b85880b65`
SHA256	`dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd`
CRC32	`94895C27`
ssdeep	`12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	675eae5e18d01810_bakhtiar.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000011001\bakhtiar.exe
Size	4.5MB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fabf8dca1b11532b560d638e85d67110`
SHA1	`b6df1f081fc50924f20f7b4f96a3922b0766f562`
SHA256	`675eae5e18d018109f42efb7c76c9ac83af9ffd9e010d39acbb6a12450d6d1eb`
CRC32	`0E891C02`
ssdeep	`49152:MB0T5eLWY4IoG8UKkP6beyAMKN573OIYoA5SMNnMC0G59:MMIeU7P+TAM8LOdp9Nn50U9`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult
VirusTotal	Search for analysis

Name	ef968a0ea1018e06_ASPNETSetup_00001.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00001.log
Size	2.9KB
Type	ASCII text, with CRLF line terminators
MD5	`d2773d3772a50be852d3722b7322b9f0`
SHA1	`b9201e89b4891d9fdb90b0ae7539979f31b8e821`
SHA256	`ef968a0ea1018e0685ea93756c5cba213bd1408212c0d01d7180203ae8fcc71a`
CRC32	`4B8716DB`
ssdeep	`48:hUEQNOGOA1uhxFGFp/JO0N7h77hZqFrEJqnqTqL9Z93l2t:hUEUOGOrPMj/Jl7h77hw9Z93l2t`
Yara	None matched
VirusTotal	Search for analysis

Name	67373e64eff1710d_31839b57a4f11171d6abc8bbc4451ee4.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
Size	4.1MB
Processes	2352 (newrock.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`85582c48c50e7682bbf9236d64cdbc36`
SHA1	`dbed7580e7f6ecb4123b1bd738bdcc6ae592b4f0`
SHA256	`67373e64eff1710d6c2f4b0a761567439a19197699931c22be30ffbe6f75b19f`
CRC32	`D2ADDC90`
ssdeep	`98304:1f/nMMyu/+4JyPrKGVmuq+njk86AN1EEGD5zTY6MVnG4x/NvWA6Pz1:t0Myiy+GVmuq+jvVuN5vYRVnH/NeBPp`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0c7cd52abdb6eb3e_sqlite3.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4BEBm54EdcYPJ\sqlite3.dll
Size	791.5KB
Processes	3000 (nocry.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0fe0a178f711b623a8897e4b0bb040d1`
SHA1	`01ea412aeab3d331f825d93d7ee1f5fa6d3c46e6`
SHA256	`0c7cd52abdb6eb3e556d81caac398a127495e4a251ef600e6505a81385a1982d`
CRC32	`C173DE02`
ssdeep	`24576:2/ZHet+kwxRLvxx/ccPA7leR+g/oU6xGmdRA7G4fRjqTr:eZ+t+v/nMleR+g/oUI/dmi4cT`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	756c48b8e22d22ea_macheri.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000010001\macheri.exe
Size	8.1MB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`962824cca80e5383661a072b452812ef`
SHA1	`b5a2747a34b5ac66c64d631383de63412742ca5f`
SHA256	`756c48b8e22d22eaf24ad8c69928bcf1cbb08e63ef897eac21366f4f6bd2c403`
CRC32	`BD11347C`
ssdeep	`196608:0hOi698VEyHewhqN0q+LNazg+WqMyhFw6rrCi:6Oiik+uJxaTMyD`
Yara	Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	edb006e05cfa8501_tYIK7FLM1k8TCookies Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\tYIK7FLM1k8TCookies
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`3f5ca3e29b1b60e298aeca0a32164c03`
SHA1	`f9b5ee59c31a3b06a6b8e476b22d2d7cf1fa8b66`
SHA256	`edb006e05cfa85015aa76c758d6298c279fd318cff0dbb286927c7ad45105488`
CRC32	`E1ACA097`
ssdeep	`24:TL2C0RlPbXaFpEO5bNmISHdL6UwcOxvo5:TYLOpEO5J/KdGU1Eo5`
Yara	None matched
VirusTotal	Search for analysis

Name	f2abf7fbabe298e5_kfomcnqeu92fr1mu4mxm[1].woff Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\KFOmCnqEu92Fr1Mu4mxM[1].woff
Size	19.9KB
Processes	2232 (iexplore.exe)
Type	Web Open Font Format, TrueType, length 20344, version 1.1
MD5	`d3907d0ccd03b1134c24d3bcaf05b698`
SHA1	`d9cfe6b477b49d47b6241b4281f4858d98eaca65`
SHA256	`f2abf7fbabe298e5823d257e48f5dc2138c6d5e0c210066f76b0067e8eda194f`
CRC32	`B5ADEB16`
ssdeep	`384:pVO/VZJNNePVkOJJSu6SsCKTIRDqG9oHKwZh98OSv+MsgkA4Y:pVQemOSu1guh+fZhLSxkAN`
Yara	None matched
VirusTotal	Search for analysis

Name	c519bde5e40e48d8_installsetup7.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\InstallSetup7.exe
Size	2.4MB
Processes	2352 (newrock.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`40d3ae185878b6758367a26f34afc6e3`
SHA1	`d45d76be63d8ff2a8f6ef12e55ba43bced76735a`
SHA256	`c519bde5e40e48d81a0d6bd46c72364383d75f1a5b70cda223456a00c0dfa929`
CRC32	`A53F66BE`
ssdeep	`49152:vg2s5FXQ4EmojLjCRELVf7Avil+dHIsLp1thIikN+6u2hsg:vAzX71oDCRAZUviAHImDqia7hsg`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fd4c9fda9cd3f9ae_4lTPVNBPLu2Mplaces.sqlite-shm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\4lTPVNBPLu2Mplaces.sqlite-shm
Size	32.0KB
Type	data
MD5	`b7c14ec6110fa820ca6b65f5aec85911`
SHA1	`608eeb7488042453c9ca40f7e1398fc1a270f3f4`
SHA256	`fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb`
CRC32	`DDC506B6`
ssdeep	`3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX`
Yara	None matched
VirusTotal	Search for analysis

Name	88f9dc0b9a633e43_O343ANNwYhoecookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\O343ANNwYhoecookies.sqlite
Size	512.0KB
Type	SQLite 3.x database, user version 11, last written using SQLite version 3031001
MD5	`dd47ebe6866ad2ab59d0caa1de28d09e`
SHA1	`afdf6eb7a01bb7ef4c9d768b65abbbeae5ba2663`
SHA256	`88f9dc0b9a633e43c6d2c6fae136e782c15aa38c1601dcff948987f1c2a391c3`
CRC32	`8DEE9EEA`
ssdeep	`24:DQHtJl32mNVpP965hKN0MG/lZpNjCKRIaU5BnCMOkC0JCpL3FYay:DQfrbWTTTqtStLm`
Yara	None matched
VirusTotal	Search for analysis

Name	79faf99a020f0cb7_newrock.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000013001\newrock.exe
Size	6.5MB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`afe68125f4aa525cb7e8828ac30d2390`
SHA1	`fd82376c20955a290cf6509ed1fa23fa367437f6`
SHA256	`79faf99a020f0cb7250a9de84a7537cba49abaa0c34b4582a0b2782e74d00d36`
CRC32	`AC65B322`
ssdeep	`196608:0rZ3kwcLHeLSIz13cbHMH3mwX8pXKcmHV2QDt:0uwPjXmwkXKcmHV2Q`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description)
VirusTotal	Search for analysis

Name	aa94b5261901e96c_{837143a0-ab53-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{837143A0-AB53-11EE-91C7-080027C2F7B0}.dat
Size	4.5KB
Processes	2140 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`4dc3f6c3d3c7649a6d8cdae8170cd9ce`
SHA1	`4fe18cb55c88c1217c1d089e957f02d45e11e12e`
SHA256	`aa94b5261901e96c88189abd2a379d9a05a0ba09ddc21041b74e96a8e3ba44e0`
CRC32	`DBDFC841`
ssdeep	`12:rl0ZGFkDtOrEgmfQB06FejDrEgmfh0qgNNlTVbaxGNlx/U9baxk7b9QWll69:r5GLGmNNlpTNlan7b9P/69`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	e02d728a40bd8945_recoverystore.{8371439f-ab53-11ee-91c7-080027c2f7b0}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8371439F-AB53-11EE-91C7-080027C2F7B0}.dat
Size	4.5KB
Processes	2140 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`e5f80c2c4a057e463fd85555ae17be2f`
SHA1	`f3f9ca1499d382b22bb890e7e6b67d7e949d535d`
SHA256	`e02d728a40bd8945dba856d3eff36b1bc11bbb3b353804c697deb802c03560a2`
CRC32	`D65D0CA7`
ssdeep	`12:rlfF2RaSrEg5+IaCrI0F7+F2nOrEg5+IaCrI0F7ugQNlTqbaxhlC4NlTqbaxhl2:rqRaS5/1O5/3QNlWml/NlWml`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	491036beef1fb122_vkzs0uyi.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\VKZS0UYI.txt
Size	282.0B
Processes	2232 (iexplore.exe)
Type	ASCII text
MD5	`3932584d273b30ce52a114d5048baec5`
SHA1	`a3e6d2609c60449bf48d21e26a52d7f96893a16d`
SHA256	`491036beef1fb122797f22ce46699c8f23af3c2dbb2d181ad86447eea366a9c7`
CRC32	`6E0D04E9`
ssdeep	`6:2UdGkxGRXbDRzByMdVaOWhGRXbQMeWMdVWH0okAM0GRXbQMeCFT7Vr:2ctGRXbDN8cVaThGRXbYWcV+0oJXGRXj`
Yara	None matched
VirusTotal	Search for analysis

Name	768d3a6bd89e8888_ASPNETSetup_00002.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00002.log
Size	4.7KB
Type	ASCII text, with CRLF line terminators
MD5	`aa470a73547f51a42b232ae33b144e74`
SHA1	`ee06b256c62b1adc3c69a2e8604836f184e16acf`
SHA256	`768d3a6bd89e88880e15dff028aee64b1f4627c195b84f17885e0e5996af8af3`
CRC32	`56D6A419`
ssdeep	`96:2U+YO3OfW0S/087hK7haR0ANO3OhiSB2fEU9t:2QO3OfW0m0Ehyh6O3OhiSBAEi`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6f5d8f32f13d58_yt_logo_rgb_light[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\yt_logo_rgb_light[1].png
Size	9.0KB
Processes	2232 (iexplore.exe)
Type	PNG image data, 1588 x 356, 8-bit colormap, non-interlaced
MD5	`d654f892f287a28026cd4d4df56c29c8`
SHA1	`98779a55fe32a66ebec8338c838395d265e45013`
SHA256	`fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8`
CRC32	`ADDC0391`
ssdeep	`192:xTgkM9IY3KfGF7OhNzYlIgLUZt6oBhRLpiUQgkM4ICB6CvE9:NNM9IY3DF60lA6kLpbQgkdze`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	76f559f709f54602_ASPNETSetup_00003.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00003.log
Size	3.1KB
Type	ASCII text, with CRLF line terminators
MD5	`241cf4b4722dd4e799735afb98c9f896`
SHA1	`301734d5eceb81faa31b7f325950d4a74a6b825e`
SHA256	`76f559f709f54602f5fa55800555aeb26708df6fac61752b6163aa5b8afab072`
CRC32	`466EF72A`
ssdeep	`48:VGUEYOpOw1+QxIg/eGN7hQ7hnirjEL2lkwLGGzt:YUEYOpOrYIg/eC7hQ7hgjTGGzt`
Yara	None matched
VirusTotal	Search for analysis

Name	b839a06030277c44_pixelguy.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000006001\pixelguy.exe
Size	300.0KB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`255e3b30fb239e20c9441ce9e89169fd`
SHA1	`db8de3bd096af87b912517f6ac88eaf7ff87301e`
SHA256	`b839a06030277c44e842557ceb98ff7e06861b93c0922c61b47bd45bcf208408`
CRC32	`1C669F97`
ssdeep	`3072:22JLXfYoQk+nJLMbI7NKeiZixKMD4UydbXcnDaAxKR5AgkVMRqT6Dv/YCeqiOL2P:7NbIEn1bMZxKPAXVMRqT6D4QL`
Yara	IsPE32 - (no description) detect_Redline_Stealer_V2 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file RedLine_Stealer_b_Zero - RedLine stealer OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	43cd2b4fed991ab5_nsl60FE.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsl60FE.tmp
Size	15.0B
Processes	1868 (InstallSetup7.exe)
Type	ASCII text, with no line terminators
MD5	`7607c5619b3221c5d9f6a1eb859dd62a`
SHA1	`ddc22f5c44b44fe982dde46db81b742a7bede8c3`
SHA256	`43cd2b4fed991ab5ee8305ab0a58aac7b4d3ab9957461bd47f917036e1ff51d3`
CRC32	`31DBA204`
ssdeep	`3:Lb8:/8`
Yara	None matched
VirusTotal	Search for analysis

Name	8155a80d3e9c7bd0_information.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA3MVmbz6Kpy5Gj\information.txt
Size	2.8KB
Processes	2348 (2Fy3903.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`23d9658f9f611d708358b7b3c2fbe884`
SHA1	`2c4eb9dda9a740f94c7c8e78e1a8a31cd2024ca2`
SHA256	`8155a80d3e9c7bd0157650f3209a8a4cb794a754e5f657e1289c61b3b1cb6256`
CRC32	`F9112AC6`
ssdeep	`48:x7xbtaFcntDg0F/S6Z1OTgnirphi0Mwxv+mLAhH1eZ07uxqU8rf2dIv2OvhiU2AD:x7xrtZFPaUnirphi0Nxv+mLqVeZ07uYD`
Yara	None matched
VirusTotal	Search for analysis

Name	39f9942adc112194_firefox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\firefox[1].png
Size	9.1KB
Processes	2232 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`7f980569ce347d0d4b8c669944946846`
SHA1	`80a8187549645547b407f81e468d4db0b6635266`
SHA256	`39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7`
CRC32	`AD988195`
ssdeep	`192:swtZ0EaLRTVeaA8vS4ooLD76IujS/izb8dSEG07bjHG/T7emn3CtmVU:lgbNJeahv3BLKjS/inwBG0PjcemnKZ`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c85533dc3627cc14_YT.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\1000007001\YT.exe
Size	2.2MB
Processes	3040 (explorhe.exe) 2264 (BroomSetup.exe)
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`b1087aa5a1a538d7ee3bd9c3b774bb38`
SHA1	`0842a7d8905be9dbe06f9b2bd7376f33373af246`
SHA256	`c85533dc3627cc14b81a22fb204c42c9e5527e15ad78c832da7a159825de6ec7`
CRC32	`C2D3C95B`
ssdeep	`24576:EQ1OwhF5/u7S/OiUVkcOpckjLDSvWrtaG2cskcA8AvuyLdk0JdQGwct28MENdhX2:DMwP5/u79ScOqkjqOrnq29QFxa`
Yara	Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	846a9b551e74f824_chrome[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\chrome[1].png
Size	6.1KB
Processes	2232 (iexplore.exe)
Type	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	`ac10b50494982bc75d03bd2d94e382f6`
SHA1	`6c10df97f511816243ba82265c1e345fe40b95e6`
SHA256	`846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd`
CRC32	`601FBBE8`
ssdeep	`96:JSI2DA4yfvxQfGx7VW/Jagwy8dwMwjU9KgmgJLdcJLHZp5r8wdDMhlJGD/nmw8v6:8dDA/gidaUswM5bwSoaew8v6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d349abdd0be697a7_AdobeSFX.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\AdobeSFX.log
Size	1.6KB
Type	ASCII text, with CRLF line terminators
MD5	`f6b81f68c866e3c048a0f72dd215827a`
SHA1	`d00845e885d4bac7b68b88530b8b676dfc72ea9f`
SHA256	`d349abdd0be697a709f42f2a80a3cb2d5b3ee813f0645efa3575c22303e9d788`
CRC32	`38F02841`
ssdeep	`48:oMSUSWap8uL9TN2g3H3YQ4O/3HSSik+4paG:oMde58U`
Yara	None matched
VirusTotal	Search for analysis

Name	e01c7c49b96ad557_passwords.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA3MVmbz6Kpy5Gj\passwords.txt
Size	4.8KB
Processes	2348 (2Fy3903.exe)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`e06ad085924fdda1d43e2f4c02efde60`
SHA1	`86711756f4df0ca49ebcb6ed0b0a65f2c62d5d4b`
SHA256	`e01c7c49b96ad557ca218baf3915d23869b3820fda54e966c84c0ff96cc14ca9`
CRC32	`827491BC`
ssdeep	`48:ZMMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:5`
Yara	None matched
VirusTotal	Search for analysis

Name	b3dfa692f7da19ee_4lTPVNBPLu2Mplaces.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\4lTPVNBPLu2Mplaces.sqlite
Size	5.0MB
Type	SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5	`c395620f9a8337341636a78a98f5b3d9`
SHA1	`97700ec4db7362e02a56df5e70dd828ad9823d24`
SHA256	`b3dfa692f7da19eede9aa2fe2ac76052cfaa32a7d30cc53b88ea5ef23ec32624`
CRC32	`476CDB88`
ssdeep	`192:StsqHQnwkYjcoBMc+uySBQies13A29D+oBpp0:StsbwVTBMc+uySOiJ3Z`
Yara	None matched
VirusTotal	Search for analysis

Name	54cfed4f859d0ec3_L2gjN3DcstHkHistory Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\L2gjN3DcstHkHistory
Size	116.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`6f490da5428093674c9e609077dcdef2`
SHA1	`d77592944313656a90f359fea62921c20078ff19`
SHA256	`54cfed4f859d0ec37535b9f16acfe42cae6206fad4b1652c2a3d33d5acf636c7`
CRC32	`A046246D`
ssdeep	`48:T4ItVG+3C7nNfVcS2+VANULn36uw5NPM5ETQTpUPxK2PIs6kJL5R2+zaSZ00LTLU:ce/C7n/c0VANUjwQU+KraSZ00LTL0J`
Yara	None matched
VirusTotal	Search for analysis

Name	f9527615e11ed611_pw4WpJXbmHNQWwBArSX57IPYHBIzQH2g.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\pw4WpJXbmHNQWwBArSX57IPYHBIzQH2g.zip
Size	2.2KB
Processes	2348 (2Fy3903.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`7f548e670a6d2a90a4269622eafd43f6`
SHA1	`9496f4bc7a5e23e219a43481ecf129b829c6cb60`
SHA256	`f9527615e11ed611fea522035fdcbff37767ccd9137a3f8d094b36337cebc9cf`
CRC32	`EA62D093`
ssdeep	`48:9ayh+epyNqsJLDv8AkOsPbhvK6bYMCOddqnkhq1s1ywJZ2ojedkNkn1Kw:4yhbypJ8AhArbYMHddqnkh/18ojedR13`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	33419d7fac1e84ee_ASPNETSetup_00000.log Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ASPNETSetup_00000.log
Size	4.0KB
Type	ASCII text, with CRLF line terminators
MD5	`0484a5e405303240f603f0e411db6133`
SHA1	`1a9720e66a0edcd644e605fc69192b6bd939cff7`
SHA256	`33419d7fac1e84eee3c1d2950ba7ee8b5a971f83bea00f87688d1402fba0b895`
CRC32	`A11D8E1C`
ssdeep	`96:dU+MOyO+//lx7hX7hWUjhOnOvOBKflrit:dEOyO+HlVhrhvOnOvOBUlU`
Yara	None matched
VirusTotal	Search for analysis

Name	0e11cc0da6340384_d93f411851d7c929.customdestinations-ms Submit file
Filepath	c:\users\test22\appdata\roaming\microsoft\windows\recent\customdestinations\d93f411851d7c929.customdestinations-ms
Size	7.8KB
Processes	2568 (powershell.exe)
Type	data
MD5	`ab3111984468b8c51c68a898e264759c`
SHA1	`144174c679297f981c82db02739427e8074ec26b`
SHA256	`0e11cc0da6340384e924b9607b911f4053ca111656448d50df937c3b67381581`
CRC32	`7A3880CA`
ssdeep	`96:ctuCeGCPDXBqvsqvJCwoptuCeGCPDXBqvsEHyqvJCworSP7Hwxf2lUVul:ctvXoptvbHnorrxQ`
Yara	Antivirus - Contains references to security software Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	8114b09818641481_test.docx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7zO416BDCC9\test.docx
Size	13.0KB
Type	Microsoft Word 2007+
MD5	`72c8f202c0f669e4771c071d77f0ae01`
SHA1	`46e77ca734f26d703b24fbf4e75918906b14de35`
SHA256	`8114b09818641481c591e0dadd6f16b171134ee0425d05e7b9121fbc9bb6addd`
CRC32	`44B0028E`
ssdeep	`192:TDtm8w5lG9xv+qzOVjQaL8hjvQUh9y8u6ubv3vlfc37AxJtK05FoAdpqbv5L7Wb:TDv2QAxLGj19WztBXtK0kPL7G`
Yara	zip_file_format - ZIP file format docx - Word 2007 file format detection
VirusTotal	Search for analysis

Name	c119a54b6bef3a48_8wBgk3GYUi7pWeb Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\8wBgk3GYUi7pWeb Data
Size	80.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`255929949dea51a2f43a1f40e63764ec`
SHA1	`8f32ab419264fdad05f4f3828db3c1cd38d919fd`
SHA256	`c119a54b6bef3a48234950dc07fe70f73b69d1390ef0235e66481faa1048ead6`
CRC32	`F7A79605`
ssdeep	`96:5Bc7fYLKYZCIdE8XwUWaPdUDg738Hsa/NhuK0l0q8oc5PyWTJereWb3lxzasq9u4:5BPOUNlCTJMb3rEDFAa6E/`
Yara	None matched
VirusTotal	Search for analysis

Name	7fc0fdb5467fa1c3_fanbooster131.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
Size	1.1KB
Processes	2348 (2Fy3903.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Thu Jan 4 13:49:33 2024, mtime=Thu Jan 4 13:49:33 2024, atime=Thu Jan 4 04:41:58 2024, length=1545216, window=hide
MD5	`eff8d970e59e1e0c014230950eb01d3f`
SHA1	`09e74837de023be439fc91e86629f0aac88263fa`
SHA256	`7fc0fdb5467fa1c37482a693b1383e75e39a59950414c92a779ad5aaf4add2d6`
CRC32	`FA6F8F53`
ssdeep	`12:8i8EpwyKg4cZCrR8EvSW36R+/4genlNo/BtizCCOLMKNlaV12uawua4t2YLEPKzd:8VMmsERduRplOGzNRWYcL6PyR`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	b4d4dcd9594d372d_ArmUI.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\ArmUI.ini
Size	251.9KB
Type	Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`864c22fb9a1c0670edf01c6ed3e4fbe4`
SHA1	`bf636f8baed998a1eb4531af9e833e6d3d8df129`
SHA256	`b4d4dcd9594d372d7c0c975d80ef5802c88502895ed4b8a26ca62e225f2f18b0`
CRC32	`21C6A2BA`
ssdeep	`3072:wT4DJAvCXkQqSmSgojgTaDuK1+4xKtaU/QX5Pm9vR549QHmYPCjTMNro0Jnxu4Fn:xvUzH5`
Yara	None matched
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_5XIVFFJ7NrzVcookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\jobA4MVmbz6Kpy5Gj\5XIVFFJ7NrzVcookies.sqlite
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis