Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.21 01:04
update.exe
04.21 01:04
dxw86.exe
04.21 01:04
USDTFlash.exe
04.21 01:04
newfour.exe
04.21 01:04
nircmd.exe
04.21 01:04
dwinxp64.exe
04.21 01:04
rr.exe
04.21 01:04
Deku_X_Cheat.dll
04.21 01:04
random.exe
04.21 01:04
Explerer.exe

Latest News
04.21 03:04
본아페티, 미국 와이오밍 S급 벤토나이트...
04.21 03:04
TSMC Warns of Limits o...
04.21 03:04
코오롱베니트, 자체 개발 ‘AI 비전 인...
04.21 02:04
뮤즈라이브 키트앨범, Those Damn...
04.21 02:04
쿠도커뮤니케이션, ‘2025 TXOne ...
04.21 02:04
Preventing Galvanic Co...
04.21 02:04
엠리무진, ‘디 올 뉴 팰리세이드 하이리...
04.21 02:04
케이토네트웍스, 단일 벤더 SASE 플랫...
04.21 02:04
시큐아이 'BLUEMAX WIPS', W...
04.21 02:04
엔키화이트햇, K-CTI 2025서 ‘O...

Dropped Files | ZeroBOX

Name	6b6f22dd7ec799fc_edgems131.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS131.lnk
Size	1.1KB
Processes	2544 (zara.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Mon Feb 12 18:17:59 2024, mtime=Mon Feb 12 18:17:59 2024, atime=Mon Feb 12 18:17:59 2024, length=1879040, window=hide
MD5	`42564a0f97f71e7be13cfd79ccfba6d4`
SHA1	`038e10269789bccfded247f206120352a2027465`
SHA256	`6b6f22dd7ec799fc3e1511db9743233bf04da43166a8837122af0481b41e50eb`
CRC32	`F15C1088`
ssdeep	`12:8ium6Ek64cZCrR8EvSWpUR+/xmX1w0ag3kn6Hc/3g3BizCCOLMClo3Z1zs3es3qo:8xSkHsERd2RPw0bc/NzNRCMO6Pyd`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	7ee927529f7108d8_BrowserMetrics-63327DF3-A54.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63327DF3-A54.pma
Size	8.0MB
Type	data
MD5	`2f83a72f095bc42146a77940353d776c`
SHA1	`7b525857dbae3b79cce3f836475604f46d60008a`
SHA256	`7ee927529f7108d85841c07e1d05bafa82cb7d5a9a0db3ad9cf804c5a7b1632e`
CRC32	`1A7C42BC`
ssdeep	`6144:H9LG+zeL7c/lhRgdTTEDtsHVdUXaHmVGKPFIrgHkjdr:t6bcF`
Yara	None matched
VirusTotal	Search for analysis

Name	63d0fb3f81a9293a_66ba93ae-8a2e-46a0-ac05-4d8dabe04d62.dmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\66ba93ae-8a2e-46a0-ac05-4d8dabe04d62.dmp
Size	83.7KB
Processes	3572 (firefox.exe) 2876 (chrome.exe)
Type	Mini DuMP crash report, 11 streams, Tue Feb 13 08:38:52 2024, 0x820 type
MD5	`72fb6308ece810e430a4101dd02cd8fa`
SHA1	`723a74d414f1da23451795b69a8d3553ef02cc4d`
SHA256	`63d0fb3f81a9293a1daba3b0f4d63e3376456313fefbb5ff1ab076160d764693`
CRC32	`44C4BEBD`
ssdeep	`384:n8pJuLTIQly3wSmyKDmhQq04xw5tVLLk8LSEGubx6fRVV07:8pwLnlBSCDmhQql+LLLk8GOt7`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	4993311fc913771a_passwords.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\adobenwBI5Bnh48LP\passwords.txt
Size	4.8KB
Processes	2544 (zara.exe)
Type	UTF-8 Unicode text, with CRLF, LF line terminators
MD5	`b3e9d0e1b8207aa74cb8812baaf52eae`
SHA1	`a2dce0fb6b0bbc955a1e72ef3d87cadcc6e3cc6b`
SHA256	`4993311fc913771acb526bb5ef73682eda69cd31ac14d25502e7bda578ffa37c`
CRC32	`FDAE46B8`
ssdeep	`48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q`
Yara	None matched
VirusTotal	Search for analysis

Name	acce8b5e165d1909_explorgu.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\00c07260dc\explorgu.exe
Size	1.8MB
Processes	1452 (explorer.exe) 504 (H86W_nRG_QiDnpacl1Q7.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`230d48d3de46d40a863e1da9a99e11ce`
SHA1	`97c8e04fd1efe9642de5b1aa60bb29c2eace4e00`
SHA256	`acce8b5e165d19094002a2f1207f81dcdadb19a03e5f259df4c0ad64d9883959`
CRC32	`1B6CD3A6`
ssdeep	`49152:iqtIp5m1HOMrTbkUZhSvrkVQsoK9G5Luo5PJoF:iqGvm1XHZEyQFK9G53k`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	16187ff9b5096b21_D87fZN3R3jFeplaces.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\D87fZN3R3jFeplaces.sqlite
Size	5.0MB
Type	SQLite 3.x database, user version 69, last written using SQLite version 3038003
MD5	`837705c24eaa032145b6f82119af4eea`
SHA1	`7d38a13b37105ef0f6c24c585de581949616f32c`
SHA256	`16187ff9b5096b217d405d1492c115a096f8d63d72befbf5851e19b61581f857`
CRC32	`8BF87D31`
ssdeep	`192:StsqHQnwkYjcoBMc+uK6ik4QtjJz3ig48pp0:StsbwVTBMc+uK6ikPpJz3E8`
Yara	None matched
VirusTotal	Search for analysis

Name	5a3ec8851acd1bb6_CrashpadMetrics.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
Size	1.0MB
Type	data
MD5	`aea7ffdba870ea9d59d542f890fecc8c`
SHA1	`2efe83750eebdfacc148d376cc4edfdf8e5d2ac9`
SHA256	`5a3ec8851acd1bb62d270e9bdca9625da9f34df69ef39608bc2ce3de68960056`
CRC32	`CB7B9D10`
ssdeep	`12:bHiZXAVMMOKEKSCemJKlkQPdl/JG89Hy3aJ0oMFgigpCbUycIXuYJ05:bwQOMzBS+Mk0/JvWoMeigp1y5eYW`
Yara	None matched
VirusTotal	Search for analysis

Name	e6df828276f55e0a_66ba93ae-8a2e-46a0-ac05-4d8dabe04d62.extra Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\66ba93ae-8a2e-46a0-ac05-4d8dabe04d62.extra
Size	755.0B
Processes	3572 (firefox.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`67d4481d2b891968f748a4890f0e3dc0`
SHA1	`bb4134b5af2bb18c02b1a41ba22237998d15a38e`
SHA256	`e6df828276f55e0ad28f23b8c3cc3697b11a79b97e75e6dafacd71099e7abaa8`
CRC32	`79E38BA0`
ssdeep	`12:YNTvJijyKBS4zQqMuSHJTJiF9pp4TjJxpQ+LijpQJiEF8gJ0n:YRkjyK7v96ripEpQ+LijpQJiEF8/`
Yara	None matched
VirusTotal	Search for analysis

Name	28dacc81e6177e44_zdsqt76own37k50hotgl.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\zdsQt76OWN37K50HOTgL.exe
Size	1.1MB
Processes	2544 (zara.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2f0c7203c626bcd488bcb5a9f12d3c87`
SHA1	`db1d7a5eb456a34ff526a27f5f19b251c50c23df`
SHA256	`28dacc81e6177e4462d65801d2342b98f139174c68743395f1477b182f4142ec`
CRC32	`1FB26C54`
ssdeep	`24576:BqDEvCTbMWu7rQYlBQcBiT6rprG8au/2+b+HdiJUC:BTvC/MTQYxsWR7au/2+b+HoJU`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	6da5620880159634_favicon[1].ico Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\favicon[1].ico
Size	5.3KB
Type	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
MD5	`f3418a443e7d841097c714d69ec4bcb8`
SHA1	`49263695f6b0cdd72f45cf1b775e660fdc36c606`
SHA256	`6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770`
CRC32	`6F59F9C6`
ssdeep	`48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B`
Yara	icon_file_format - icon file format
VirusTotal	Search for analysis

Name	d77a795c721d718b_BrowserMetrics-65CB2AA5-850.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65CB2AA5-850.pma
Size	8.0MB
Type	data
MD5	`8892c48d981d7fcf4037d26cb10c4306`
SHA1	`e0a35d451b3a4856678115bd575b8fb4edc8af69`
SHA256	`d77a795c721d718bb0a37b0784becd6e2ef40d6d4fc8f5f5256970fc047bc838`
CRC32	`3957FEA9`
ssdeep	`96:bYWHHu3M05KJF1LelP8sN5Mo9KkGH9GrpGKWDs1xO2nBgSkeFcb7kLqqOml2/nEK:fuh5KH1LepNRGH9SrLkLkLNOe2/PDLx`
Yara	None matched
VirusTotal	Search for analysis

Name	1215d5cb5969355d_information.txt Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\adobenwBI5Bnh48LP\information.txt
Size	2.8KB
Processes	2544 (zara.exe)
Type	ASCII text, with CRLF, LF line terminators
MD5	`3160ec5c46d0325463a3e742e418fb14`
SHA1	`4042169c06214df56816430268cadb2f582d4406`
SHA256	`1215d5cb5969355d7a4fb68fe4f637ca757a862baaee7a0b1e9804abcddd6898`
CRC32	`90BED420`
ssdeep	`48:x9bbtaFcnPrF/SO/4cydMtffVPh3RxoGE+ruTBAT+iaGaHa/F+WRhatp++CZGdjT:x9PrzFMBmtfNP/EpTabMuatp+9MdjwLA`
Yara	None matched
VirusTotal	Search for analysis

Name	4818e6ba172dcd54_bbd0yznj45tdqr7kikra.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\bBd0YznJ45TDQR7kIkRA.exe
Size	2.2MB
Processes	2544 (zara.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`15cc1fb4b7dfac00d3fdefd5201a4165`
SHA1	`5d26ce50ba94fced18fd6d2e1a6a51b6a8ad9d46`
SHA256	`4818e6ba172dcd54b782a0e3c41da926565a09dc6e0825ab16082754d9633d4b`
CRC32	`FCF44E01`
ssdeep	`24576:xdnKK0BnOjWT/SV+9rZnU89atLDlEF+cNcy8zMdPENVwNzNNNQ8dwzgViBmMA3PG:UeWrhn10d+8fy8A/1S8y0ABm3PEjoL9`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	f1e8809f4064c59f_66ba93ae-8a2e-46a0-ac05-4d8dabe04d62 Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\66ba93ae-8a2e-46a0-ac05-4d8dabe04d62
Size	816.0B
Processes	3572 (firefox.exe)
Type	ASCII text, with very long lines
MD5	`b9b96685f5c446a6b2691d91c95eed9d`
SHA1	`0856d55087e3f30e312375d8ea846e3b6a4e3a23`
SHA256	`f1e8809f4064c59f0d3e38c24b376efcf5b96eebcf5dbaf43215f602e03b73a3`
CRC32	`5B5250B1`
ssdeep	`12:8wkZfCM/TvJijyKBS4zQqMuSHJTJiF9pp4TjJxpQrScijpQJir0qF8Xn:cfB7kjyK7v96ripEpQOcijpQJiww8X`
Yara	None matched
VirusTotal	Search for analysis

Name	cf3d9b25c9ed3b04_explorgu.job Submit file
Filepath	C:\Windows\Tasks\explorgu.job
Size	274.0B
Processes	504 (H86W_nRG_QiDnpacl1Q7.exe)
Type	VAX-order 68k Blit mpx/mux executable
MD5	`5e096d836963d0ba5c3fe4b8733349aa`
SHA1	`45c41550fec3840032ac19a791c3209077f527b0`
SHA256	`cf3d9b25c9ed3b04c60d600800278ef69c9782041ac24fcece5b1b9f75788d6f`
CRC32	`E8740989`
ssdeep	`6:ECgXE/Xm/UEZ+lX1yrlbtI4y0l9X7zt0:rKkW/Q1yrM4VNnt0`
Yara	None matched
VirusTotal	Search for analysis

Name	5ee454eb05fcbbc0_02zdBXl47cvzHistory Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\02zdBXl47cvzHistory
Size	120.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`64202674f6acaafa94c3390b0cc720b9`
SHA1	`38c8537feccfaabb095805d290af69272aeb32f1`
SHA256	`5ee454eb05fcbbc0ac1ff5662ba2be1f22688ddb97d3cc357d4da5cff5b5e5e9`
CRC32	`3685166F`
ssdeep	`48:TGjDU66tTKfxNPp+suktLReRK+NaUvdWSZ00LTL0drQHHp7C5fVcS2+VANUXq6uG:BeJQpWSZ00LTL0QCbc0VANPjwQU+`
Yara	None matched
VirusTotal	Search for analysis

Name	482fed1a79de8171_accounts_google_com[1].htm Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\accounts_google_com[1].htm
Size	329.0B
Processes	2104 (iexplore.exe)
Type	gzip compressed data, last modified: Fri Jan 19 20:33:04 1996, from TOPS/20
MD5	`272c0292045b051231365e28d2396370`
SHA1	`6dbbd562f5f8e07c67bb4187c92d8d9bfa263723`
SHA256	`482fed1a79de8171720acef0bf4aace88d8d9903a6fce879f05eb5ee8b32fff2`
CRC32	`F69CAC56`
ssdeep	`6:XtZTC/VGTGTGTGUlU8SXCtnx2vPjUe+VZ/tif5YcADh/EpMyztr:XDG2UXCtnKPozTixnANEpMo`
Yara	None matched
VirusTotal	Search for analysis

Name	512e4e95427a8c66_5lop_S5WM5ERCookies Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\5lop_S5WM5ERCookies
Size	36.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`f4c540f52d5c08d24a79805eda1d7abf`
SHA1	`22be46826df7693f58736adb232ab2da790f2571`
SHA256	`512e4e95427a8c66b2993b27bb23d99cdab2ebd6e9e8937c7f6a39ed8c6a5b94`
CRC32	`95C9FB3A`
ssdeep	`24:TLmg/5UcJOyTGVZTPaFpEvg3obNmCFk6Uwcc85fB34444z:T5/ecVTgPOpEveoJZFrU1cQB34444z`
Yara	None matched
VirusTotal	Search for analysis

Name	b3bc329605c3a555_pzgj043a.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Cookies\PZGJ043A.txt
Size	130.0B
Processes	2104 (iexplore.exe)
Type	ASCII text
MD5	`d8c25f9354840348cd87b75a2504a720`
SHA1	`b44f2be8c09c6a913ea3799625a0ce87a0c320ac`
SHA256	`b3bc329605c3a5556ab08a31cac19603c22c116732700c9df8b77bf0030b6711`
CRC32	`D714555F`
ssdeep	`3:LDM8vU03QQUMR6DlzYEQdgvLJ3uJcSMMlQYtWOWQVXZbFU3VJXvn:Lg+lA7MoDGRwt+SVfYtbXLbF2Zvn`
Yara	None matched
VirusTotal	Search for analysis

Name	b1bf6d6062131b55_rage131mp.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\rage131MP.tmp
Size	13.0B
Processes	2544 (zara.exe) 2744 (bBd0YznJ45TDQR7kIkRA.exe) 1320 (Ji6eSDaqEh9J_LBdm7Gg.exe)
Type	ASCII text, with no line terminators
MD5	`9375bdae30957c1c64abd2f117c4655f`
SHA1	`32cee583993f5777156b431c3bebd9f53dc8b7b2`
SHA256	`b1bf6d6062131b55815933cb05d63765124c054dcbb858c1c76c5bfc24cbaa12`
CRC32	`FBACFC11`
ssdeep	`3:L4dWcT:FcT`
Yara	None matched
VirusTotal	Search for analysis

Name	1741c623b33b3427_recoverystore.{7b011647-ca1e-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B011647-CA1E-11EE-948E-94DE278C3274}.dat
Size	4.5KB
Processes	1216 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`c18d759825cf2f70fc7fbfe2c83f19db`
SHA1	`bf39327463a1fac6292a16357bf6de92fa571c81`
SHA256	`1741c623b33b3427d3ef0b96844d3a0ca65ce7c87a82d739ae89b0a0c08e085b`
CRC32	`7E14EAE1`
ssdeep	`12:rlfF2RQrEg5+IaCrI0F7+F23rEg5+IaCrI0F7ugQNlTqbaxjpHNlTqbaxj/:rqa5/135/3QNlWANlW`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis

Name	0b8607fdf72f3e65_02zdBXl47cvzcookies.sqlite Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\02zdBXl47cvzcookies.sqlite
Size	96.0KB
Type	SQLite 3.x database, user version 12, last written using SQLite version 3038003
MD5	`d367ddfda80fdcf578726bc3b0bc3e3c`
SHA1	`23fcd5e4e0e5e296bee7e5224a8404ecd92cf671`
SHA256	`0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0`
CRC32	`842B3569`
ssdeep	`12:DQAwfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAwff32mNVpP965Ra8KN0MG/lO`
Yara	None matched
VirusTotal	Search for analysis

Name	1beb05868ce93bcc_IE9CompatViewList[1].xml Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\IE9CompatViewList[1].xml
Size	141.8KB
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`9b63e0fb3785ffa49686dd75e303d177`
SHA1	`e3992de5a1b8f58a11a52ad71f275ae413927eb4`
SHA256	`1beb05868ce93bcc8fafc46adccdda6d104f3c6f6c6ed454d8a6c0c208d9bd0e`
CRC32	`F778EDEF`
ssdeep	`3072:AoSMrEDL1FwhdFFaz6l8vHG+TbFPAzepobjyG7I1K1IB2+Tir8v1IG9aIedyPcFC:dSMrEDL1FwhdFFaz6l8vHG+TbFPAzepR`
Yara	None matched
VirusTotal	Search for analysis

Name	4a9da8ce01d4304b_48gaglphe8sfqaaeuujd.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\48GAGLpHe8SfQaAeuUjD.exe
Size	1.7MB
Processes	2544 (zara.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bf4f382e984d0508166a5c9ce6457826`
SHA1	`f274d6b564c9c6f237d75e332543e6aa5107c594`
SHA256	`4a9da8ce01d4304b17a7673fcc1237e1aa687967d57a3689dd701a23353f3a08`
CRC32	`FABD51AC`
ssdeep	`24576:dnBKPG7SCV0++roF5S6dFXPx7fLFcCVOPoDaiuBGKHxhEH3osY:dBU+/0F8FhFjFHbLImN`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	fe71178509eab534_539f6f4a-a0c7-4ede-b970-099eaf599984 Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\crashes\events\539f6f4a-a0c7-4ede-b970-099eaf599984
Size	813.0B
Processes	3932 (firefox.exe)
Type	ASCII text, with very long lines
MD5	`01c2c91e0694a7ef9019d2856a946bf4`
SHA1	`d822b06246b49cd98f73c8cb688fd92512409413`
SHA256	`fe71178509eab534be3820cf49c07dbd8dc42b5f4ec163b2f5bdf8fd397a47ac`
CRC32	`AE583CC3`
ssdeep	`12:8wAETvJijyKBS4zQqMuSHUhJiFsp/TjJxpQwijpQJiLF8/nJ+n:WekjyK7v96sDpXpQwijpQJiLF8/nJ+`
Yara	None matched
VirusTotal	Search for analysis

Name	bbc59eb43822e646_Ei8DrAmaYu9KLogin Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\Ei8DrAmaYu9KLogin Data
Size	18.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`53ea322f91d6f0de8448b68583284d22`
SHA1	`b6c835867fbf7e432b834f7366eb0407f3eebbfa`
SHA256	`bbc59eb43822e64660cc4ccbca37d6dc016eaa9b85b2c6f5b40826bb03188b34`
CRC32	`CA013001`
ssdeep	`24:LLY10KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6ocW:4z+JH3yJUheCVE9V8MX0PFlNU12W`
Yara	None matched
VirusTotal	Search for analysis

Name	bd7983840566c336_27jq3pcqagfjwkgzsaj0.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\27Jq3pCQAGfjWkgZSAJ0.exe
Size	896.5KB
Processes	2544 (zara.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c960f17a1d7227943b9a905e8aca815f`
SHA1	`cc2ce4526fe48b7daf58379dbd8438a4c7167732`
SHA256	`bd7983840566c336c24c3aeb4fe4dc0a95c383c04decb3e33616dace25cf59b3`
CRC32	`B309BB46`
ssdeep	`12288:AqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaeTe4:AqDEvCTbMWu7rQYlBQcBiT6rprG8aGR`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	a0d9577ffcf5c763_ji6esdaqeh9j_lbdm7gg.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\Ji6eSDaqEh9J_LBdm7Gg.exe
Size	3.0MB
Processes	2544 (zara.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`eaa9a6d2ba243567af4c323276bee334`
SHA1	`e36055a0d6bfb7ca4c8b6289d257cbadc7c3ac42`
SHA256	`a0d9577ffcf5c76383a20653b4abd06385ccd6fe5a8e7c48ac2652cac249c881`
CRC32	`B4F3AA16`
ssdeep	`49152:FQQNqn9L3M56JX3Ualq5tIktd9JLzAsQ5b+Y5nS5gWh7kFHTaRRSJijaerJhYj:FQAIQ2nDItIk5Joow+ZiFccpeFe`
Yara	IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature EnigmaProtector_IN - EnigmaProtector
VirusTotal	Search for analysis

Name	cb6b09a64f0193e4_BrowserMetrics-65CB2A9D-B10.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65CB2A9D-B10.pma
Size	8.0MB
Type	data
MD5	`9abc7801fbd611f1eaa23e70c7c5d9a6`
SHA1	`a1941e32e89edcb82d7d269bf95d03d03311eedd`
SHA256	`cb6b09a64f0193e445fbe39d21bf9aa1ac88507d9f9056645b43ef1089532590`
CRC32	`C5454FE2`
ssdeep	`192:BOh5KH1LepNtH9Sr1kLkLEkUFPBj3Q7x:BOhqLy/w+kLEPZj3G`
Yara	None matched
VirusTotal	Search for analysis

Name	a4e504cb5a0aa75f_v8eCDzBUcGdclwQaq_pVxuY.zip Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\v8eCDzBUcGdclwQaq_pVxuY.zip
Size	1.6KB
Processes	2544 (zara.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`239b063da0e2af3d64eb7693ec3e5a62`
SHA1	`1a4d85080fe751e3baa4d2c1d37e58f1d713531c`
SHA256	`a4e504cb5a0aa75fa00d2751838937ba508d5a8cc5fbba8494d4af4091943ea0`
CRC32	`5AA1CDA9`
ssdeep	`48:92xcghxtLF2AzkKCavg81GJhuK+CBEan3KJ6wuw:gcg3iA4KXvDSuC3KJb`
Yara	zip_file_format - ZIP file format
VirusTotal	Search for analysis

Name	1891f99d2fcbc72f_539f6f4a-a0c7-4ede-b970-099eaf599984.extra Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\539f6f4a-a0c7-4ede-b970-099eaf599984.extra
Size	752.0B
Processes	3932 (firefox.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`e54fc49e1c0db7f375fe801c5ea51ff3`
SHA1	`62630edb0795ee658a421f221216f78cc92a661b`
SHA256	`1891f99d2fcbc72fab01f1d3f1ad0fe78acb7e6122f9fb5a0ef5bd984d18b1cf`
CRC32	`C8B30829`
ssdeep	`12:YNTvJijyKBS4zQqMuSHUhJiFsp/TjJxpQzLijpQJiNKF8/Ebn:YRkjyK7v96sDpXpQfijpQJicF8/Eb`
Yara	None matched
VirusTotal	Search for analysis

Name	3a7e6cb8ef9dc1f5_BrowserMetrics-65CB2A9B-B3C.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65CB2A9B-B3C.pma
Size	8.0MB
Type	data
MD5	`0afe696c3347d6eb1dc5046ee8d0c75d`
SHA1	`003447ccadd25834b4e679c72af22d46d8ad6af3`
SHA256	`3a7e6cb8ef9dc1f5861110f971c53a2aa9d7dafd9e700c7e033570a39cf5b5b0`
CRC32	`C66098E3`
ssdeep	`192:n5Yh5KH1LepNNAfHkkxsukLPFcOwPU8Q7x2NsgvCJTj6jvikP4:nmhqLyePVnkL9kM8GlJn`
Yara	None matched
VirusTotal	Search for analysis

Name	be1200ba3ec2c15f_CrashpadMetrics.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
Size	1.0MB
Type	data
MD5	`513a60f2b9b95ff0c53de8b9cfe0cddf`
SHA1	`44ad91edd4db2c7ff2e1989f0994b1e4d69efedb`
SHA256	`be1200ba3ec2c15f17e22a0d6ee4aa6e56416d104f8f70cec75ec33246ab380d`
CRC32	`3FFE6C1E`
ssdeep	`24:bCQOMzBS+Mk0/JHG0WoMeigpDLyYWI5q89W5:blO1+M9m0WougpDrWIdW`
Yara	None matched
VirusTotal	Search for analysis

Name	32f0123d21a146c9_539f6f4a-a0c7-4ede-b970-099eaf599984.dmp Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Profiles\qxo5wa6x.default-release\minidumps\539f6f4a-a0c7-4ede-b970-099eaf599984.dmp
Size	94.6KB
Processes	3932 (firefox.exe) 2128 (chrome.exe)
Type	Mini DuMP crash report, 11 streams, Tue Feb 13 08:39:09 2024, 0x820 type
MD5	`86e4a145b10055e33d0ca245640de2a9`
SHA1	`2403782430571e8acd0562df3aace6f8600181be`
SHA256	`32f0123d21a146c9465bfc6f6a6ee39b9a1fcd3eb63b725846a2fd5ee8e7c375`
CRC32	`13A753DE`
ssdeep	`384:2CMSP3QlEly3b2zhM7myoZDsoRBMiNuEecfe9xG89igV7VOsj:27UQOl3VM7WDseeLcCrLrj`
Yara	Generic_Malware_Zero - Generic Malware
VirusTotal	Search for analysis

Name	7e0022aa7178b2eb_lastcrash Submit file
Filepath	C:\Users\test22\AppData\Roaming\Mozilla\Firefox\Crash Reports\LastCrash
Size	10.0B
Processes	3572 (firefox.exe) 3932 (firefox.exe)
Type	ASCII text, with no line terminators
MD5	`d1d6dadc1b485fd9153917ea32aac0a2`
SHA1	`62fb0f0976233639ac2b969043de79321cbdeefd`
SHA256	`7e0022aa7178b2eb235dad063e4cdd7d4a2d07911edb10fca1e1299923925491`
CRC32	`AD1BD55E`
ssdeep	`3:L4dOQ:tQ`
Yara	None matched
VirusTotal	Search for analysis

Name	51ff131ff48f3d9f_BrowserMetrics-65CB2A7D-748.pma Submit file
Filepath	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-65CB2A7D-748.pma
Size	8.0MB
Type	data
MD5	`7b23c35fce846e794dd3588827cf9b7a`
SHA1	`e31725895630db92890bb2a989ea719b36641b61`
SHA256	`51ff131ff48f3d9f173ded32c98e3ef7deb0c7e90f81708344e7f970ba7a71e1`
CRC32	`0802475E`
ssdeep	`192:Heh5KH1LepNNAfHkkIukL2TLzwP2nhQJxuLJJrvaJTq67EacnrmdWJ5A:HehqLyePfkL2T4OhoiaJ2`
Yara	None matched
VirusTotal	Search for analysis

Name	9a8ea0e2df7554c5_D87fZN3R3jFeWeb Data Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\heidinwBI5Bnh48LP\D87fZN3R3jFeWeb Data
Size	72.0KB
Type	SQLite 3.x database, last written using SQLite version 3021000
MD5	`0539a773e44d21a84fd97fee0dffd4a3`
SHA1	`5904058c20aad54c552edc57826babd36ab61149`
SHA256	`9a8ea0e2df7554c57fb4ee6a8a12782f5a2474a3e4c23dc61e4768631dc4eb9f`
CRC32	`964BC0B2`
ssdeep	`96:P0CWo3dOOctAYyY9MsH738Hsa/NTIdE8uKIaPdUDFBlrrVY/qBOnx4yWTJereWbY:PXt769TYndTJMb3j0`
Yara	None matched
VirusTotal	Search for analysis

Name	c3e4ac9e63ca4e86_{7b011648-ca1e-11ee-948e-94de278c3274}.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B011648-CA1E-11EE-948E-94DE278C3274}.dat
Size	9.5KB
Processes	1216 (iexplore.exe)
Type	Composite Document File V2 Document, Cannot read section info
MD5	`b0b341439a00d4620251ec114d445e63`
SHA1	`66b109277e535170411dd942a26ab1c72cc128ac`
SHA256	`c3e4ac9e63ca4e869c27323d9c037c449f887720eee9b21c4ad63426c6fd2dab`
CRC32	`46B2AEF7`
ssdeep	`192:73HAzZd3fzpG3HAAzK3HAzQ3HAz63HAzMWfs3HAzG:QZZpuXZn1`
Yara	Microsoft_Office_File_Zero - Microsoft Office File
VirusTotal	Search for analysis