Professional Documents
Culture Documents
Table of Contents 2
Windows Analysis Report pupy-rat.iso 5
Overview 5
General Information 5
Detection 5
Signatures 5
Classification 5
Process Tree 5
Malware Configuration 5
Yara Signatures 5
Memory Dumps 5
Unpacked PEs 6
Sigma Signatures 6
Snort Signatures 6
Joe Sandbox Signatures 7
AV Detection 7
System Summary 7
HIPS / PFW / Operating System Protection Evasion 7
Mitre Att&ck Matrix 7
Behavior Graph 8
Screenshots 8
Thumbnails 8
Antivirus, Machine Learning and Genetic Malware Detection 9
Initial Sample 9
Dropped Files 9
Unpacked PE Files 9
Domains 9
URLs 10
Domains and IPs 10
Contacted Domains 10
URLs from Memory and Binaries 10
World Map of Contacted IPs 15
Public IPs 16
General Information 16
Warnings 17
Simulations 17
Behavior and APIs 17
Joe Sandbox View / Context 17
IPs 17
Domains 17
ASNs 17
JA3 Fingerprints 17
Dropped Files 17
Created / dropped Files 17
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\scriptrunner.exe.log 17
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json 18
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview.ttf 18
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml 18
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm 19
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal 19
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\10BAD5B6.emf 19
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\11C0FCE5.emf 20
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\11FE67AF.emf 20
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\121B07FB.emf 20
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\13053A28.emf 21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\13CFE1CB.emf 21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\14A7521E.emf 21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\150A6B00.emf 22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15716039.emf 22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15895769.emf 22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15904432.emf 22
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15AD3ADF.emf 23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16C583A3.emf 23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\186462B2.emf 23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\18903CC4.emf 24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\194F3407.emf 24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1CFB9F5F.emf 24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D1E13F6.emf 25
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D60F6AB.emf 25
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1DA52891.emf 25
Overview
malicious
Evader Phishing
suspicious
suspicious
clean
clean
clean
Score: 72
Uses code obfuscation techniques (…
Range: 0 - 100
PE file contains sections with non-s…
Whitelisted: false
Malware Configuration
⊘ No configs have been found
Yara Signatures
Memory Dumps
Source Rule Description Author Strings
Unpacked PEs
Source Rule Description Author Strings
Sigma Signatures
⊘ No Sigma rule has matched
Snort Signatures
⊘ No Snort rule has matched
AV Detection
System Summary
Default 1 Boot or 1 1 LSASS 1 Remote Data from Exfiltration 1 Exploit SS7 Remotely Device
Accounts Exploitation Logon Extra Disable or Memory Query Desktop Removable Over Non- to Redirect Wipe Data Lockout
for Client Initializatio Window Modify Registry Protocol Media Bluetooth Standard Phone Without
Execution n Scripts Memory Tools Port Calls/SMS Authorizati
Injection on
Domain At (Linux) Logon Logon 3 1 Security 1 1 SMB/Wind Data from Automated Steganogra Exploit SS7 Obtain Delete
Accounts Script Script Virtualizatio Account Security ows Admin Network Exfiltration phy to Track Device Device
(Windows) (Windows) n/Sandbox Manager Software Shares Shared Device Cloud Data
Evasion Discovery Drive Location Backups
Local At Logon Logon 1 2 NTDS 1 Distributed Input Scheduled Protocol SIM Card Carrier
Accounts (Windows) Script Script Process Process Component Capture Transfer Impersonati Swap Billing
(Mac) (Mac) Injection Discovery Object on Fraud
Model
Cloud Cron Network Network 1 LSA 3 1 SSH Keylogging Data Fallback Manipulate Manipulate
Accounts Logon Logon Deobfuscat Secrets Virtualizatio Transfer Channels Device App Store
Script Script e/Decode n/Sandbox Size Limits Communic Rankings
Files or Evasion ation or Ratings
Information
Replication Launchd Rc.commo Rc.commo 2 Cached 1 VNC GUI Input Exfiltration Multiband Jamming or Abuse
Through n n Obfuscated Domain Remote Capture Over C2 Communic Denial of Accessibilit
Removable Files or Credentials System Channel ation Service y Features
Media Information Discovery
External Scheduled Startup Startup 1 DCSync 2 Windows Web Portal Exfiltration Commonly Rogue Wi- Data
Remote Task Items Items Software File and Remote Capture Over Used Port Fi Access Encrypted
Services Packing Directory Manageme Alternative Points for Impact
Discovery nt Protocol
Drive-by Command Scheduled Scheduled 1 Proc 1 3 Shared Credential Exfiltration Application Downgrade Generate
Compromis and Task/Job Task/Job Timestomp Filesystem System Webroot API Over Layer to Insecure Fraudulent
e Scripting Information Hooking Symmetric Protocol Protocols Advertising
Interpreter Discovery Encrypted Revenue
Non-C2
Protocol
Exploit PowerShell At (Linux) At (Linux) 1 /etc/passw System Software Data Exfiltration Web Rogue Data
Public- Extra d and Network Deploymen Staged Over Protocols Cellular Destruction
Facing Window /etc/shado Connection t Tools Asymmetric Base
Application Memory w s Encrypted Station
Injection Discovery Non-C2
Protocol
Is Windows Process
explorer.exe
Number of created Registry Values
dropped dropped
Visual Basic
Delphi
\Device\CdRom1\WERFAULT.EXE, PE32+ \Device\CdRom1\FAULTREP.DLL, PE32+
Java
started
.Net C# or VB.NET
Benign windows process
drops PE files
C, C++ or other language
Is malicious
ScriptRunner.exe
Internet
started started
WerFault.exe conhost.exe
4 5 1
EXCEL.EXE
92 425
Screenshots
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Initial Sample
Source Detection Scanner Label Link
pupy-rat.iso 2% ReversingLabs
Dropped Files
Source Detection Scanner Label Link
\Device\CdRom1\WERFAULT.EXE 0% ReversingLabs
Unpacked PE Files
Source Detection Scanner Label Link Download
Domains
⊘ No Antivirus matches
Contacted Domains
Public IPs
IP Domain Country Flag ASN ASN Name Malicious
General Information
Joe Sandbox Version: 36.0.0 Rainbow Opal
Analysis system description: Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Detection: MAL
Classification: mal72.evad.winISO@7/389@0/1
Warnings
Exclude process from analysis (whitelisted): cdfs.sys, vhdmp .sys, dllhost.exe, WMIADAP.exe , SIHClient.exe, SgrmBroker.ex e, usocoreworker.exe, fsdepends.sys, svchost.exe
Created / dropped Files have b een reduced to 100
Excluded IPs from analysis (wh itelisted): 20.190.160.14, 20.190.160.17, 40.126.32.133, 20. 190.160.22, 40.126.32.68, 40.126.32.76, 40.126.32.134, 20.190.160.20, 52.109.13.62, 104.10
2.28.147, 52.113.194.132, 104.208.16.88
Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmana ger.net, fs.microsoft.com, slscr.update.microsoft.com, self.events.data.microsoft.com, www
.tm.lg.prod.aadmsa.akadns.net, ctldl.windowsupdate.com, www.tm.a.prd.aadg.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com
.edgekey.net.globalredir.akadns.net, s-0005-office.config.skype.com, onedscolprdcus08.centralus.cloudapp.azure.com, login.msa.msidentity.com, prod.nexusrules.live.com.akadns.net, e
cs-office.s-0005.s-msedge.net, prda.aadg.msidentity.com, login.live.com, s-0005.s-msedge.net, e16604.g.akamaiedge.net, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net,
nexusrules.officeapps.live.com
Execution Graph export aborted for target ScriptRunner.exe, PID 6620 because it is empty
Not all processes where analyz ed, report is missing behavior information
Report size exceeded maximum c apacity and may have missing b ehavior information.
Report size exceeded maximum c apacity and may have missing d isassembly code.
Report size getting too big, t oo many NtAllocateVirtualMemory calls found.
Report size getting too big, t oo many NtCreateFile calls fou nd.
Report size getting too big, t oo many NtOpenKeyEx calls found.
Report size getting too big, t oo many NtProtectVirtualMemory calls found.
Report size getting too big, t oo many NtQueryAttributesFile calls found.
Report size getting too big, t oo many NtQueryValueKey calls found.
Report size getting too big, t oo many NtQueryVolumeInformationFile calls found.
Report size getting too big, t oo many NtReadFile calls found.
Simulations
Behavior and APIs
Time Type Description
19:55:42 API Interceptor 779x Sleep call for process: explorer.exe modified
IPs
⊘ No context
Domains
⊘ No context
ASNs
⊘ No context
JA3 Fingerprints
⊘ No context
Dropped Files
⊘ No context
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\scriptrunner.exe.log
Process: C:\Windows\System32\ScriptRunner.exe
Encrypted: false
SSDEEP: 12:Q3La/KDLI4MWuPJOKbbDLI4MWuPOKz8Khav:ML9E4KEKDE4KGKz8Khk
MD5: 01590F5008650E61E2F3A3399E1E6816
SHA1: 05A4812BF4CA42B3681CD13A12DF215BE2E323CB
SHA-256: E45BF7BA8915AA8B6BA09C23AE04231E6806FEBC4107DA41DAE24EF187598900
SHA-512: 553847D41BEF16CCE0BE55DF9BB99A75D26BBBCD20414B2ECE52F97517D05D22DECD9D49C3AA794BF580FED3771A89D3E5119C642E660CC1723DF8791D80D
B16
Malicious: false
Reputation: low
C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json
Category: dropped
Encrypted: false
SSDEEP: 1536:MApDpphudnceJZezca9uRszBEmj6QkjfoJ5Jj7DMnDAYRbLSm5rYOLdHKmC9:lDThumeGzcTRszB7DkjfaJj76RbNbLW9
MD5: E9FB5A0DF105C6F7F80E8B650DF56AAB
SHA1: 0B7F6ADA05673F2535E61267C3CB428489ECEB55
SHA-256: A24470762A1F9F5F069C0F70EF53D693D08B7C99797935800FF294BD3B2566F3
SHA-512: 65C83135CE550981ED88CB4A83127CB3C94D5C616F26B05185FCC129E5201A88EB0A1351D144E1511B50ADB388071BFCC60388FDD613EBBA5B202FFC76F7D42
B
Malicious: false
Preview: {"MajorVersion":4,"MinorVersion":17,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983040,"lsc":"Latn","ltx"
:"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Ligh
t","fs":22180,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[214748365
1,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":983042,"lsc":"Latn"
,"ltx":"Agency FB"}],"gn":"Agency FB","id":"31150835240","p":[2,11,8,4,2,2,2,2,2,4],"sub":[],"t":"ttf","u":[3,0,0,0],"v":67502,"w":45875968},{"c":[536870913,0],"dn":"Agency
FB","fs":52680,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Agency FB"}],"gn":"Agency FB","id":"29260917085","p":[2,11,5,3,2,2,2,2,
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_o iceFontsPreview.ttf
File Type: TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_17RegularVersion 4.1
7;O365
Category: dropped
Encrypted: false
SSDEEP: 12288:/3zUbLds556T1BEFGHtASk3+/KLQ/zp1km/WJ1ov0mPqxXE/RoVZPE9Ob:/Qfds5opwSL1kovT92
MD5: 4DFB7AADD4771ADDF1BA168C12DEDBF3
SHA1: B379DC0E19FE0F51E77305BE0A7F3421B80E8A0F
SHA-256: DB9B46CC2132D76EF90CA9A59AF03CB478BB91EA2CDA3E8E42DD0801873416E2
SHA-512: 1C5AE2C794017A81A4232A2EF43725A0DA30F9672123940D85D34A4A77744D2D7ECA5FFE9A91E2FEDDBDBADE4EEAD6AB80E565C1F8FBB813C5A2BC25F7F0A
359
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
File Type: XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
Category: dropped
Encrypted: false
SSDEEP: 768:H1G501T1fJFVHYwDQrpAElQKPV3pEbWcMd3o6O3Qgqbx+B+Vso7Rx0/USkHx3BNU:HcHr6KPgb2XuN
MD5: A99A1BA698D7F802F5628734F8CB394F
SHA1: 31844709E7841B457EE2C83CD1AC300DDB5B94B3
SHA-256: E4BEB971B7150D90D26315BA6698F6913D499A00923336E8B52D7B342915EEE0
SHA-512: 63DC193CEF60ABABCD2FB710044774A66A4D12852A101BC28C8733D4373AB377F5757087339A702A1A639EF8B72022B60C73474605CB5C95596EF9F105F21BA8
Malicious: false
Preview: <?xml version="1.0" encoding="utf-8"?><Rules xmlns="urn:Rules"><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d
448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU" xmlns=""><S><Etw T="1" E="159
" G="{02fd33df-f746-4a10-93a0-2bc6273bc8e4}" /><F T="2"><O T="AND"><L><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="37" T="U32" /></R></O></L>
<R><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="29" T="U32" /></R></O></R></O></F><TI T="3" I="10min" /><A T="4" E="TelemetrySuspend" /><A T="5"
E="TelemetryShutdown" /></S><G I="true" R="TriggerOldest"><S T="2"><F N="RuleID" /><F N="RuleVersion" /><F N="Warning" /><F N="Info" /></S></G><C T="U32"
I="0" O="false" N="ErrorCount"><C><S T="2" /></C></C><C T="U32" I="1" O="false" N="ErrorRuleId"><S T="2" F="RuleID" /></C><C T="U16" I="2" O="false" N="
ErrorRuleVersion"><S T="2" F="RuleVersion" /></C><C T="U8" I="3" O="false" N="WarningInfo"><S T="2"
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm
Category: dropped
Encrypted: false
SSDEEP: 3:Gtl8/6wlrYtM1OhMpWl3l8/6wlrYtM1OhMp789//Wlkl:GtGRrYtMIMc3GRrYtMIM189Xis
MD5: 82E386E0182B0317F7BD534BA5CED397
SHA1: CE8293F6CF1A59D6379F6F48221BD686CE10AD57
SHA-256: 6819F8E9E6E2C5B4769BC4443795A1B5BEAD098EF81846B488BECB9DDABC2BD3
SHA-512: A5147AAD15F9D5DB602013A083DE9BAF786492C05E199E4AB238BD8571C870500737679791383715D83647C15588FAEC58843AFA4ADFEE43B95283EB54A4B8DF
Malicious: false
Preview: ..-.....................T..............+.......-.....................T..............+...............................................................................................................................................................................
..............................................................................................................................................................................................................................................................................
..............................................................................................................................................................................................................................................................................
..................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal
Category: dropped
Encrypted: false
SSDEEP: 12:KAgKRo0QqCmqtZeY4syJttJxUSo0x9DdN1tDEX4vcImm5RyZkFv4sbf:KAZ8qDqt8VtbDBtDi4kZERDf
MD5: 3BDA78537760571242CA8EDA37B261A7
SHA1: 21EDE7BAB993883AC2F04936AF08228D6A4ACACF
SHA-256: EDD3AEAD29338005E47CBBA9B5EA3B322AB76455425BE4E667F23C984724DAC1
SHA-512: 62AC005B64EA4F2F58F2E8255CA11D8A68D51AC300DD50255AB673BB9D4CF90BB55824BDFB3EE12A1242979BB383E0D70B94DCBEE51DD8219E188F5DC78193
57
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\10BAD5B6.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:/H+bhhQp+8MZQkuPXoGiwSgjFVi23FsSpjnk/bRJ:v+bhhQp+8MZQNPXoFw/fR3Fs7j
MD5: A44851198EAD2610792A5549EC2CFFA2
SHA1: AEEFC7E605892E2E3E54171FA5F8A382106D8F48
SHA-512: E7276EC48B585E571062599DAC20447B49F89F9693AC7C55ED56CAFF49632D774B45B1740C3BEFAA5DE70DB4090B2492D2FAFFCA5B40DF764E497FE078747D3
2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\11C0FCE5.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:Jwt7ntfogEHvsYTBzXKLOZdFrAh072OI3AACggKhW2E2v8QNUXrP3gOJ4e:QlogofLXSWCOMApyhWddjx5
MD5: C6673A71B42872752F573B5992DA760E
SHA1: 1AF501DF5E0032AF646397E3EB0E279373F19A0D
SHA-256: 96A2EC32E48250A09309B262DFB26EDF745E67CB941A2502413455891062A8D2
SHA-512: C4CBD525A77814AB7005CC7AD8B9F06E1AA34C70FA763864C33061A2AB363022A27332E5DC1D1B30273EB3D0F6A3A06E3518E2878C4AB01F26250AF924449415
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\11FE67AF.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:e3fawCUSbzhcSn0IDk0TMxSjAD2HzJXFBuSGVvWOG6ae+xZEtSItV/:Vwih7n0I40TMxSVNFsSGVvW2kxKIed
MD5: 2327BAD7D1BE18C844ABBBAC57647F30
SHA1: C6A7899D1AD24C0A3C3241487D4BBCFDC4B6DB44
SHA-256: FCD4DEF04A1D3CE41098DCD96C3692CB33982A2ADD9F637D1F8084CAD6772467
SHA-512: 399972B92ACDB84E8ABC340C426C17890179C06124F4593BAC7ACAA0DCFE02F6821516909007CBE0CB1461CCE07CD5A6906B186E8E9C74FF77DF41E424F262C
5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\121B07FB.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:9zubdzEXaIMwkH76HZMFieL0wdCeqpKAedwPoewxFsPMJl3mX:9zubdzEXaIk76HZUxNd4ExaOlQ
MD5: 0BB15BF24D41568161111C6E7B921F5C
SHA1: 1D269185061592C9AA86567804EEB818FAC8A362
SHA-256: 8157E13F99D233E246404EFE8D9BFE8629A8E86881EBB2B12ADFDC0315BC1F26
SHA-512: DDBA203C915832C5670F5DBBA1C8CE5D30A4E31A2EEA56202237A6CAA9E8C5A25AD970E626D207E128B57C3BCB610C3F06956934B7D2FF2ED0757DE4CB3714
F9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\13053A28.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:YppJ/t7iPWhvR4NjgP0eE0Tyx1zFdy3ityFxue00Q/7RaNYG:Y7J/t7iPWzejgP0eE0Tyx1xdy34yKe0G
MD5: 288013E2282C8752B4C64E6B0549F426
SHA1: 4766C0F7CA0838051DAB0E571CF8D7CF854B579F
SHA-256: D7A0AAD9AFE90CF2CBD2CEE67BEA83104BBDA8E176561797FF5F94D74EE666AC
SHA-512: D6F95BB5CC0AD34CB444F5EFA035BE6DBEB14C5794B23905153213F708C7C1E494E5BD82455FB8DCDC54B7B0D3720C86288D47A6DC9BE11F166EB4D03D395A
DF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\13CFE1CB.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:ilhPkS2pj+Ipil17TdIoSP6S8w+TaSbjS2c1F+t1Ymmv:ilhcpj+Ipil17TdIW9T/bdOF+Ymmv
MD5: AFD3F2262AE7AD72D5BCCB88A8448CE3
SHA1: 108B5444FA436F62B5D119EFFD08CC2866DA7CE4
SHA-256: 1D5001568B47418ED3AD830D9D0D622EBCACB703F53A75CAB7B04C14D4FB422C
SHA-512: 3E1D640E1EE81EF280EA492D374516C39C10B213E9932C0C4FCDD536C14B8A5AC85873E05E3689D2E851802D0E56F7EFFCBEB1628C0171FBCEFCDAED480B9E
A6
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\14A7521E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:N5Bg9bXZ/Qvt9c863qJB27dFrTAU+52FAQYgzF2E2v8QNEVXlP3gOJ4V:MZqPz2pmU+cF9YudRRxC
MD5: 12A95BEA3C9BBB27472470122A94D005
SHA1: D472EA90EA2C7536E96D9269C05B8637B33AA951
SHA-256: 7C702AE9D248563C4BDAE2AFCD15954A93AB21507978BB080FB1CF81713381C4
SHA-512: 853E166408C9957D5F1E7C31FE1EB741E086C240B07EA6E74B9697D3AA33EF144A46409F490A1A085740C78B1D6B35B4AF66DA2300F949D4F8B4F2607E6C5E78
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:JWMqIbaxOp5N0AFKcfvLTCoKNi08+3P18kQJ3s5tuYAMiC+lsUbS9pEapyNRd/cP:p5ZFvw
MD5: D6CE8C8502672E81E6B45BF932AF6E69
SHA1: FBEEA9B68CAC40FE4FB2C8819873A7F761834591
SHA-256: 17DFBFED5E6C9F5B92224AFB6E531D8D9B429090EFE123826F6936D057E572D1
SHA-512: A75F0B658E062CEDAF6C63E4F0EBBCB8404881FDEA9A831BCF2766D5B5E46BB6C964A49F84FEDEC674FFF04CDBF0348859DD26D0013EA14489BFD2BA63B4A
224
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15716039.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:9s4bGG1YshwzRyeC6JwI3etx55Fs4CFHdcS:9s4bGG1YsO0Gqx55zkHdp
MD5: 60E4C02644BF61E70CB7722D67FA2788
SHA1: F07173C01C72AFA23F21769325AE45869C0A61CF
SHA-256: 9A037445568621B932AFBDA46BD2F682ECE355924C5C0D8E36C9CF89D0F14464
SHA-512: CAA7784F8CBD2581B118A791888B6CC08DF2B325AC10B33A60EDB271C258CDC0B464A9B7879EBCB827435F14CD7ECCB582719749FC3D785D2D96B8E96D46D4
A2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15895769.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:whrG0Wk+U0vUsfefdfjf7fgfkfO3q+fofaImjLFRS88xW2eWoAQSpu0z:whrG0+TFRLMr5u0z
MD5: 9AE9D17C772283DED3BF898D5C3C2F2D
SHA1: FC81661214698D0A8F35DD104C0005EE82A5EDC0
SHA-256: 01AD4F7F7BCFA742D4DA72DFAC7E799B9739CC42B9F79C3E428CB1BA28A8FFE0
SHA-512: C37F30E4FD69E87F46C08E9D3FEEB5E0B8EB1DDF31CD42CE1F4406EC4B939F5343BD5017E98D8B51E091E1F3327F0A8DC23E9726662A1294D815628CEE998D7
7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15904432.emf
Category: dropped
Encrypted: false
SSDEEP: 192:TpbugiJVd24vgwdldFL7FL7b12E8Gv8QNUJlP3gOJ4m2L:6d1Vv1+dXxt2L
MD5: 080C9E4B38CC9B396BBA91650A56E017
SHA1: 9FA7F092F25C8D5A937FC1F86F9E19C3E9E66E7C
SHA-256: B82B66DA02BE99C0640CA89BDE1E3A0934016E02C0DA04FCCE5325E0AFEDCC65
SHA-512: 259E6FFB454491598DD4686B74E23525078F959B32841AF1C63CAF40F088B82EABB906EAB6AC8D64AFC4B30E4B95C9CF3FD5847AD1D2186654B5236B3D80967D
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15AD3ADF.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:8IYUw2H9BiMzdwNSbufHO6RjSUNDxzTeQn+3M3105KFYZG3cLrCvR7NE5KIC8MhD:8IXbH8qQFTco7YBMhV4DEuzq
MD5: 4D8E4A47CC5215670FDC03D66C6B17EF
SHA1: E08FCED213B27766C15D40C701EC16AF43D174A9
SHA-256: 3DED705F713ED76E1559F1C2625A9FEEAFFE94D02E8BD94ED01E05EDEF178227
SHA-512: F1C72122990B9AAA4312A663EE4114C3E7776238369BC3C41B5661F8AC34DA8EA333B004C5E744DEE3589EDBAB141C845BB0CE34CF56F844029A722C2C82248
9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\16C583A3.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:1Fp+cNiJO/pOJCNJRWNavYFDFRMcTGylDvMcn:1/5NiJO/pOJCNKNawFRMcTGUvfn
MD5: 007190642696B49C08508C0BB85739A2
SHA1: C6D45494B1D5E4629A8C9E19C13ACC346D7F0B71
SHA-256: EE20874B8E028A7177E7DF9E2CCCCDE2F82A38D9E5350DD0305118E15634C86C
SHA-512: FF3C1E9363CC0D1372C53AB20E242ADF5DB66A07E0B3E04A62294A3A8B9B6E88F156629AB06492D542A40B8362B466C5113A966824C02933D15232A812B7B74C
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\186462B2.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
MD5: E2D675A55B03A745458672DD5235677D
SHA1: A76A9B15CD148209E2EC7EE11FE0EA488B96D965
SHA-256: F367A584B22026066782E9C04B0BE004AB0C6CEAC77E162565B204186F5E7540
SHA-512: E3C8B20C439BC0E42A45F077801D89C5719C171D11DB328B09E487B9D116091C69B46E081C69AE96A4485A6D5F0E369E51D993E161AF7E576D09A398DD0DF8C
E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\18903CC4.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:Y05Bmuxcb1c9vdFrwnpP8pPW2E8Gv8QNUXlH3gOJ4c:Y0bSnGdW+dFxH
MD5: CD069A1BA11CB4C7B5318D04E60DBC98
SHA1: E14D28A4C3AD80E7648FF29120FF070C0918BD04
SHA-256: E2321143BD0500DB8D333EEFD303001B5A2A62B6EBC277542585A16DC9F47DEB
SHA-512: CD6EC623BADFE87DF1AC3097E8ECF87EE41A6264EFED45493B0A051A3B3DA98B0B5B59F093C209896B2C03AC0AA30C10FD6F232897AFB68B6E8ECDE5AB484
56A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\194F3407.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:pwTXBRezzHZ9e/UwxezO13iFCpM9f4a2POVFmQ:hzHZ9e/QO13i2of4O9
MD5: 7D114EF05A8E5B393EE41580C2954D06
SHA1: A8E6B06ECB0C8543B2F65060478CC0A40B04FC3F
SHA-256: 347F0490F3C77920FE1BEA1EE460AEBF55AFCD040C7467646F642BAC607353B4
SHA-512: 38AA8B8FE98F6AECD7764A769FD4D29921FB6DE9752F1441AF30757CAEC5D3FA9463E83EA9C972B63F2C806202A3525EEA5DB1A0E942E945E2E785FF8F35249
5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1CFB9F5F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:5AvMmUPT8hIKmqoD8P53ugBSlMe79PdjtyJbFOPxn0V:5nT8hIKmqaMzQ/xhtQbKG
MD5: DB3F84AEBC88E310599A6459DF743DFA
SHA1: 4255AFD6A58DD77A580F28966B74DCCDB5C26AE9
SHA-512: 5762107DFCC5CAD93147C067DF062B020C2705324312DB152F917665796AFC9ECEBE8FA334733F15CCC13F1EB6F3EABB76052E65EF60AAF7B04C3A474B95D4B
2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D1E13F6.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:yWIQN9KS0w7wHryPOGhdFrt5h/2E2v8QNHXlP3gOJ48:yWIq95tHj/dARxt
MD5: CCFAF190690C0015BC64DAA8114607FE
SHA1: FA18FE59B8F6557F57BD7AA64F6A541268AFD80F
SHA-256: EF36C610A1B1438D69097D1046FF192745D5867D6C780E5B5D60F2CFAA19E301
SHA-512: FF858593D2C13481FF1EB70FCE558F0C86977BC7F9F236F9E3ED76CF7F3CE75CFEDEBD8A3CFD3048A985DA3E3B5FBD49A914EC2C61557165E76F5CCD8D3062
B1
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D60F6AB.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:k6RtJj6H3xa7n9UT9rEONS3JdVIFRMcb8+uUx:l76H3xaZUT9rr4aPv
MD5: 3740967549DDCCD46AC56CF441FCFC1C
SHA1: 2512106038CFB85D41718AB2655C1D2BB6E6F784
SHA-256: 36861B6FA54E8D38B7EABA34754B8395FBB669FD599C4EA86DEC4222ECB5AF8C
SHA-512: D3B552C723649CAA8945752594E79E60241E93ABA159986F2B5BD43520CC5E0B139B618732AFB1F8D015DA85FD8AE04B8E7022F8C278258C02D38CD3E2FA4C12
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1DA52891.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:IrcVX1ucvZaCvv/e2zXEKApOAVbXvrMwnFx71:IrcVX1ucvZaC/VzXEKApOAVbTMwnH1
MD5: 54ACD239F157AB8674851946D753DB19
SHA1: EF2501110B576DDA32C44D265F708AADCD4B7609
SHA-256: 5A46C31465DFCF368ADA30E160EED56762EA6E8BF0DB34539616A4055D80598D
SHA-512: 87B466857ABF259A693331FF4D86F66CDCC17B0B071C8CE5C62BA217F8B0E5F54C0A03337E0FF6935288EA59EB2DE2C94C3A71BB353CC2903C6700AF71E0F09
9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1E17657E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:cAsEfR1bQ3vzZ2S+w8rdFXvglVun12XZzfi3P0OQxbg7lch4RI8+EHboNx04jsW9:pwsexpBY4cd2
MD5: 2826A62A4AACA81E1CE4733C35A248ED
SHA1: 6A9C139189A487FB381E19C98940BA5CBC486931
SHA-256: AB4D48EF809A0A6C118B596AF3C6A972FB68EB406F9749CA14AED2370746FDDF
SHA-512: 1B0FF327E220773892660ACF6566B6A4E308A6FBB77B782CF5C338FEF2DD69E8D675A341A3CCFF9DAA9B7CB85BBA1E9086DA631773DE19A50FA7EA61EBD060
AC
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1FF4D30F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:YHY5lkC4z8DSRhFtjwT+5BO3kZFRMXsb7EXhj:YHY5lkC4IDSRhFtjwT+5BTFRMXskXd
MD5: 0E4FEB5C688EEBC946834417ED8B3B37
SHA1: 345E10BAAB68E13EF594BAF5C7713E6B403E74BA
SHA-256: 22E1D03A1B1C76A4C35C01528EC93B915CD0CB41F19598FE886061C61F17B318
SHA-512: AF188217BAC4C0FAB7CD0BA5215EEAF0F958EA5660D5AF0D7E48E58BE620E9FB55084BA0D4459E41E8170FA2EC142716A63ED5D58F4AC03C63DF96B7E240B
ACD
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2081CA0F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:IpWmMLIkbyDdFr4VpYoAedV2E8Gv8QNUXYP3gOJ44:IuexUGoF+dgx5
MD5: 9E1154B090EACB94183D4450DF8E39EB
SHA1: E730AA3568955D4A4EB319A58C041AA2811E2B7B
SHA-256: F4C979EC371B86695422A32FFA43E351E12EFC4E01AE36B5CE589CCAC1879337
SHA-512: 924CB17F289583C092B18FC263C5FDDC946FC065AB381815BA5ED8F363EF15109901F106C80351C9D114F810D7A28B755AD53789D256BD1E66180C45A167A838
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:36IU36zchF9BzB7UsRpBzYhdFUm8Gy1q2E8Gv8QNUXlD3gOJ4a:+H7x1Gd7y1q+d1xJ
MD5: 69887B7E73D107CD8B088AA78AD2B31A
SHA1: 38C6B7E30E2A1B01B3B2EA648FE6FF75608D88C1
SHA-256: 860985415925DD70B9FDDD91DF8A4F9B05C6CFDC4FA039098A5E6C883D5A0DD4
SHA-512: 1712C0BC2308F3ED1567CFE5FEFAAB2D449A41E56A8CA1BEEAB52A23E9AB8A02241819FFD204F9873FC4CA634D74400F7272619F1BDD6A3BE9F6B2276AB864
8F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\24EB40F6.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:UUhh0YSqo7S3xSvLUG5HXIgwqJCS0nSEQFWmWgg72:jhhFo4SLUG5HXIgwqJsQFWmWL2
MD5: 4478AF8C4A961C1C326CDB506ED42603
SHA1: 1267BE061499EF842C09F82873A23E66F33F8E20
SHA-256: 8402C6C059D21A2607B797193B3519E75E79A7C75CF84933787E448C8DFA5EE4
SHA-512: 38CFF742F9845D32E75F6F14028DE8231D319404B2F35354D0F2CDDF30FE2AD1EB2049EBBA389EEFCCE5778168A9567D6BB700B604E84EC221B0DB092AB0E11
2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2647AAEC.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:vnhQ9su4g+RNgCqjKJ2u2UKLX2chLGgu35MfBFRVrUJJ6tnel:e9su4g+RNgCq+J2uJKLX2KGZMfBFYr3l
MD5: 687CB9B634731408D88410DACC078AA6
SHA1: 9A17752795C63801566CE383946C7CCE5B5C0690
SHA-256: 9DA82710CFC771655A09C365A8E77EAD1551B71A26CE54FCEA986E66A578CC74
SHA-512: 5B0DB396B723238F55910E747C2C2B748197F0F693A56C17CFBCFD7B1058123B115719AC70E1F2DA2DACE88251FD5F65FD018F369696BAEFD7FB99264CB80237
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\267E3898.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Encrypted: false
SSDEEP: 192:5nwlGOv1yXP6fdFrRdzZ/2E8Gv8QNUXlj3gOJ4b:lTWBzV+dhxY
MD5: 17E9381B5CC02CC633ECBB0C95884780
SHA1: D5012B7FC9BC02E2DDCD6DE383D9D999BB1B248B
SHA-256: B2A9B9D6C4382FEF0A30B7A7DCC4F0FE10A5F3D7A43188C73E18934453945E09
SHA-512: DCBC8D78C984442416D87BB9EB92D70E3DE37145FE9B888D204CB1F778EF5552B4AA5D96C3A471F6B7C2B04C690572726E77E4C7F1C61A52C9907677791BE251
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\26DC2624.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:n6nP4B3eTbdFrpMD2EBy3k0yzdv8QNaXlP3gOJ4hF:QJkC7LJRxmF
MD5: 22C3E1C8F07F9E6D3EC566E890CF79A7
SHA1: BB3C609AC07D99033E742B429E1E7A5E65F41B1E
SHA-256: 7DBE50E9C96BB3CFE0FB3FDFCA8AD9A4081509805B56571809C6925775076C48
SHA-512: C65D222D0F189E5F4F3BD71BC1276A01C059F12990A29C2E196EC2348BEF5B783BBF9CD4F251A755F94BF6C17DE71D7F38D713D9EB70DDD3CECEC55D395B09
82
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\27CA7CCD.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:t79S8tfVd/iXYafBdsM+2lLn/zmkHzCdIv7lbxcgxYpwnOFJFj7H1zIdH:1M8tNd/iXYafbNusbxpxYpwnO/FjD1z4
MD5: 92C6E15538E085BC20A5F9D54E02BD0F
SHA1: 58F7C6520670F42B968F66CD07548FD24475C8A3
SHA-256: C1D53FADA8102B968065E66579F05370655602D7937850C446580E4870424B4C
SHA-512: B11B7528945387B175B17ED01DA9AD34175BB7B68E43D5044E877606C096BDF8BC55C9EED76605073A67FA1A7D1FC26A6E2BE0D67CC9240B5CE12DEF54C7206
F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\287C8B9E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
MD5: E560468D3AECFF0F056625F457ADF4B2
SHA1: E85171CE3321607DB6C5662DE0A895AA054822BC
SHA-256: 9B9D35DBBF2A2EF8DA73F66CD46901CE7E028F7DF964EE77DFB483585572CCC5
SHA-512: BD446483CFEE6C0B2503772AC8454A3D26DFE98104DFF4322A2956F3ABA6A6F22CEB6557185E94093A2E8DFF7E72AA0CE40DAE02DB592DDFD8040FB176785D
79
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\28F2D5F4.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:03GsFMOXYvRpjNGE+kFkkvzKgDFxSRkNg2h4gzxX:03Gs26YvR9NxxFkkvugDFx1lhr
MD5: 0A9FC386BA1DF3BDD8A5035A6C59590B
SHA1: 7D0B021CCF70AB5EC78E6391BCC805FE6B893134
SHA-256: 6D1B547265E36E0611ACA900234013269F79D51CD70E98A7DED000EE01CC46C8
SHA-512: BBA9C3B54864889C23D369FAEEF1B9C29B5C9ACA4D44CB69FB9820D3A6E693FA325D95D7079B3EFCF63EBC43FF2A7EF1DE27BDB168B25B145D5D9F8D6D730
537
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\29225B7B.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:LSJYrBuNlWidFrwoNF2E8Gv8QNUXlm3gOJ4A:JqnF+dAxt
MD5: 795B995E2FAEC05E0A224BDB06E6227D
SHA1: FF8DE4396DD3EB2580A1E6B87D19800C8B234692
SHA-256: 9FA6F3D050010A6FB04D4EC37B76A700910E0957E8E4CE212B187EA3AA736FB8
SHA-512: A07AECB3D140308ED757C46DB94DE189568DEF8B6A01E065BF99359F022B29DB5E6A60D35BC1188F8569E44297C8A6650EEC6B121AFF85512C62E1F7E893FA6
4
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\29695E3F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:N/LHEBXcgiqh1JhkwMFLL51l2o7bsFsSMMzU8r/bR/:N/LHEBXcgiqh1JhkwQND7gFspMfrN
MD5: EB64B6C90CF9D71EC9C7245CE73AAD58
SHA1: D63A15793DB59905DFF45BA861BDA19BAE8F141F
SHA-256: 501190A840422B1B718A9F8B6656EC7F9F97CF3C82465BC7C48FF546F62D6C74
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\29EBEC4F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:azQQiaOuRFMZ5YtVsIysvLKdFrDP0XwXwK2E8Gv8Q8UXlP3gOJ4CJS:ajxF7t2jXb+mRxq
MD5: 039469F0467C36313505BE2A0B06507E
SHA1: 45062C0AD43F44E7ADE68176150813378F399D1D
SHA-256: BB4E62CA02A1C9EC68E655E2731FB1F359641F6878B79B331C880AD27E1783C6
SHA-512: A35F565E0C8E5A039AE37F700F5DFD2C4071F2C9306602B7C45A47B1D488C7704FD9F03FCBC966B59D21F405189759A9065A9C21CCC8B1C3DB7520D90280040D
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2A1673A0.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:GOThRGeSNwSvXgLI+9OSUtxNhRQXsuS3SDqFAyYT:GOThR4RXgLIJtxNhRQNqFbe
MD5: 6C3EBDD2926CC7284FF6FB8125742340
SHA1: A4109CD0E0FC1068F2EB2214E69FED5996ED5C5E
SHA-256: 105825EFCE45D6A898FA271AA57A80A5A15C9A58A49FBFAEE3FF92A099AFF043
SHA-512: BC5B6EECC8FBEBA71B54CBEA5CE0A987E09CF1BB2F16DEA10C6D6F707932FA07C4058AF40C56FAD90DCF2A7442F1E137D0D74C43CB73183C471B98E3DA08
FF2B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2A207B8.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:w4YX2+0EUjv2jlNxeOIq2U4m6LEToPbs//k4el3sRnKYFI2JBWRVQBi:xkqVQBi
MD5: C9DEF1F8E9AB6BBE39979EF2740FE018
SHA1: 3563260F5CA13AE2620CFE1EFA671CE3F5A6A840
SHA-256: 732C9078DBCF2A2E679A6860EAF1D552C51316DA0A3281005BF2E6840728DCB8
SHA-512: BEB296487E9C429C1DF82B98C1D26567077D0301A0398E66CB17BDD6DA9123D52942821DADB7C1535394E9B550434E6DFC4AFF2C26E36399F3536385F22CE04A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2D15189E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:rVw0fiEezKwaHvezgdnnfKalNDrzFsS1XRyM7:Zw0aEezKw2vezannfKa7rzFscRyC
MD5: 7FF710B9DF6C8321BBAF95EC90505F34
SHA1: 9C21C5C03F0B6F00C7A1CC03E84E4802F15F19A2
SHA-256: 927D1063BD2A659E35540ED5E002DA378A840B53A6A977C29D83C8699EDE6BEE
SHA-512: 133D33FF6B9054F1D4DBFC5231BA0D4E1BB06E4021B9776BC9DA78F1AF0F57CB8C45276F3F8C41AE82B0E1820317533651E2948184E70DADDE30EADB965C371
7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2D163B02.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:xlMu3llFh+tPxIi1mffGKdL+MW5RMWypFjw+J:DllFh+tPxIi1s055aBws
MD5: C9D7051AF17AD9962939533EECE2D5BC
SHA1: EF81F36104142000C09E54585C46B5A252BB6074
SHA-256: 57D592F1B4A2D84C15A8F4670168D6F995A7D9C2C8B7013F98E89218186C6F73
SHA-512: 5CD3ABA84815B59E47AD3B937CFCEBA1433300B718E857978B315F1C405E4B8A9B87B3DC809D4604D7C58685C8A13CCB6FC215D974B3893096F5B5CC3BF0B8
E6
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2D597744.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:e5qLp6pn0ezSk5qisDf6EUXzvo1ewfjNaFxSKxx1cX8r:CqLp6pn1zSqbsDfUDvEewfjNaFxR1csr
MD5: 0559B81FF2F4CC24FBCFCD396B5BE616
SHA1: 66A90252F1692E7E33D322923388882AF7130A12
SHA-256: CBA3513ECE2305F1B554001FD4328FEB274EC1D8B9F55013AAA8537D07BA87EE
SHA-512: 6128CA55D098E17FE30E7FFAACC4988ECBD2BE1DA16E2006A19E83450B68E2F678FE62A790619B332ADA416A47E06BF1900CAA0EFD0E7E4DD9D00860F891C7
BF
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:J1sgay/dVKUQ3oB1SxdFrrlyOTFY2E8Gv8QNUXlL3gOJ44:QCCFY+dhxr
MD5: CBE78430333A5BC83AD8DBA28E14FA99
SHA1: B56F8B5678F5A9243A284F448B566D996A62337E
SHA-256: 7F4856ED6A3A27163F5BA7D76BF77A750CA1DEE33B5E8ECAFBB96B2689E10D82
SHA-512: 141B0C11DF8E65CD62B033F2D9978BD15738AE41F8B05AA0CA0473A44DF4D60CA7DB5DAB67C4F4040861960378674AF6266B70F407FFA9D329490330877C257B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E65AFF1.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:kEd/xH4UhAvoOrSTdFrkna1zb52EBy3k0yzdv8jNUXlP3gOJ4hQy:kExhCaTC7LORxmQy
MD5: 9DE584B09E28177A9FD6EDC8434CBD2B
SHA1: 0F9EA579C2768A43E3A691246B8D699A0393154D
SHA-256: 77E63B0E6A75F63A0B386D2FD84F0C313054611EC04C16D4642C534CAB17CE2D
SHA-512: AA2AB0DE9C67EA046D6E1E63B3312E3B130A5D3205E6FB52BAAFA0CD69782E626E743A10A85A4A0E5C6A86D761A47A62AF1ABB841EAE6A42C977F1932B4A7
2D2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E7CB9BF.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:Sm5HBd/TzmThKyyb8dFrti95bgRKW2E8Gv8QNUXU+P3gOJ4R:ZhpFyTyc3+dfxS
MD5: 5D505CE52D00E4A98ACC60B4707025FB
SHA1: CCA750F59D6EF00C7CD49F974026F977D35DAB48
SHA-256: 86708BC929DFC85CCCF3C91EDAB6D7B6F786C79F87A14C8945ADC805EA2F89C3
SHA-512: E5D6440446285263536AA03F9192A1709F09E7078169B42861D6A3AACA9AD99CB156873BBFD083CE82A7841F53C5A30678FE0139AA8365DEF16B94F78573D845
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E9D42AD.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Encrypted: false
SSDEEP: 192:wt4gIrYjiERa2wdkibeQwZJeroIFsuefZeK796:w+gGYjiERaL0qoIsF7Q
MD5: CBE9EFB80C83D7B3021B62296878B5C5
SHA1: A98ED7070EFC62F0493F339A6F9FE77471574AE5
SHA-256: C727DFE45D5E5386ED2CD102A5B14E7E2820131901DB0F5429D89F9A1F0FAB8E
SHA-512: 30372F259FB07D9365FDE1F66C94E836C8C97C2719965350E92DAD1951BCC30DFC2DAAB7AFECB9D8037FF82DA0359FC6E71FD480287CF575191C57E806C8C67
5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E9FF88D.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:ZfawOUi4ZD21qDADED56DaDiiD5D2DUDZD/DlD9HRNDfH+3FBuSHzWwTGFg0QOya:swjZx8Ad62j1aYVbJNS3FsSH/p3keh+f
MD5: D0936B03CFBA436AB26F3623486891DA
SHA1: A478E998CCE6EB779E75372410A347815D8C9184
SHA-256: 84F6B9373C03DF7A796989BD7402B50C732B6012FC229B84864B9A07BC89CB49
SHA-512: 690FE5406C7D0B13B9336FD0F843B6FFDBB188414365081F0A618FBA8FE2A8B18EC2F50687DD9940097595846BFB10D4359C74B91598DC3DCA249ADBF9A63357
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\30169E86.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:zPi0IxJ24RaeUeNrcl+fOJJnod23XMo5dN2tu/+GuEQZJ37:mbQFDQZJ37
MD5: 2EDA406E959407A2BBA62DFB32F4CC7B
SHA1: DE2AB2230684441516E2DDE90E6419BE0B525082
SHA-256: 4FF8B8C191F403DE59D170CA2A47BC6F68B735DB1EC9481A1B6FA1B1266411B2
SHA-512: 5B170008CC0E5DB75A51356266417C8C6B62C936C41112143295EF1A92ADE74D64B45FCD2A65E7E25AA732C2087CD528B46C468DA80B6F46879CFA7A360F10BF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3059EDE1.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:aFp7r3ZX/ZlY2dF1MuVF2E8Gv8QNUXlr3gOJ4o:GZFXhF+d9x7
SHA1: F37CEE321E3D3823262A5C85610B86B755B919CD
SHA-256: 7AFEE441D6AFF6B66FFBB712FFBF9BB8584AE7529FE6E9A7878AE6252D9E329A
SHA-512: 83C5CDC8E8B1CF839EF6C567778914E3F22B0144FCA621649BF27945549945130BA8289192CF7DABF7A91EDCCD60727C3AA8682C828AAB6EC5A8BC9B6BD0B2
13
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\30C9B5FD.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:XO6whB5dxLoxhKvox7LL6V60kZNiHFGMFji2p:XOZxLNvs7/O60+OoMc2p
MD5: E56ED1E7260669C61E280BE79C128385
SHA1: 23FB3EC2A1F716CC3552A2DB2017C680EEEF2034
SHA-256: 9BB9EB9C71F31688E7F068B85D5A0849CC4548F395FF1ED874484006026C17DE
SHA-512: D67B94336AC4F2A024DC7CC9318C66F4A5DCF212F5062D99749FDEE659A53CCEB037682BC9ECE8B980B7A25D9D08E8F17D4FFED6BD3D4DADE2F14F36780A4
045
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\31B38055.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:HKohRNCXFo66vNN2WV5RYGNh301pd8TMa/S/lFxaC2Saz44Q0:HKohRN426S2WV5RYGNh301pd8TMa/S/8
MD5: 12112C19485CF58857EEA15085F3CE98
SHA1: 7BCE9FA3130E5DE03227C588A1E31FEBF5DB41B3
SHA-256: FD7AF5830DF4047FEEC47A25B7B408D4F042C1F969D8774AD2E180FAA293CF23
SHA-512: FC0CD1D0E5EEA9596774E50380F8DAB01837FF952984DD797199D78D2F34648CDA78637BCD8B7C7F7FA5B31B7486C0C776EED922995D7992315715A1FF1C998E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\31FE88B4.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:FYQtNpc1NMydD+dFr30n/O+2E8Gv8QNUXlY3gOJ4W:R8ISn9+dSxj
MD5: 583533574275C0B991573E034873960B
SHA1: D723E70D37CA71E58BB534D6D8339A9D327F775E
SHA-256: 2B761354BB84988C942E416A949F1CAE6F15488E37B154E6CB8C7037632FA2F8
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3232803.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:zMvZfMXzd4VPF+nFjvlV4sFxKOp68uynfl:zOfMXzd4VPFoV4sVQyN
MD5: 06D31CFD3A47F9A94F8D120AAC4D4FBF
SHA1: C127EAB7B69551512A866424ADD648A3CC3276BD
SHA-256: 4900BDFBD7C8918D58BE66269C1BBBDC620D8FE694DE8073BBF4FEB67188DF7E
SHA-512: D32620673F5240110AC5A4EF978B6A76EF239C48455FFC4C5DCFD5C72321F44758BF9ACEEC1009A72064A5E62CC05CA07AEDA14847FA137EB2A839484C0A0FF
C
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\32BE5E21.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:UuKg2ZIj+M9dFrTOV2ECv8QNUXlr3gOJ4Kv:UsHUdd9xFv
MD5: BC6AD9995E0BE6AD934261B84D524AFB
SHA1: C81FF86544060C625142EABE53A9758259632EC7
SHA-256: 8157117CCE010214BAB424241EAB110644971D7FAB9710C52A2E8F1A7D295CFF
SHA-512: D141612002F24B01D2BC3F7336CA473ED81DC6FCF1CC79B420B0B63C5E38E2D3B0B5F506599DC621CA91892E86C24B7680B3DE8482E75AB830AE65FF5807FE4
3
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\33BD3489.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:yBh0rS7PlNS7p6Sq2Z6jf853Sib58RSO1JSmbmnG1SjadF0mpW:yBhtPepe2Zwk5iibuD7bmGXdFBpW
MD5: 72B1657E97CA2037242F1B932B805962
SHA1: CF257B4ACFB0776A7CFD589CF854479FE58C70B0
SHA-256: 86D63533E77B4D8221FF27255AE7BDA855670DEDD168830B5E6B8F1696FBD7AD
SHA-512: 6516F81B7B0EC04F17C218F47D67F6BCB3C6C5530A7BE83D9043DADC15535D571CBBF9048458525F60510AD221755422D04FFBB6E23CC94CD4649B7AA1F1E16
B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\33DBF84.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:Ty85VxNISqdFychJ4sG2E8Gv8QNU5lP3gOJ4D:GwyOsG+dnxY
MD5: BD1EE66BD6E10ADCDF5DDBA285DB77DB
SHA1: 401D0B5604E1C506C52D069F5C6A054FD1294F87
SHA-256: B1B82387A87EEF9DC16DC660096B40D207CAC39B0429BF2E15B5D65F3AE35151
SHA-512: 8A2A62D1C0DD6A92593E3287C6A0A61FDFB4344443021A19E820BCD57A7C466D0FB21E3CD26518653836D6BF8621E5DCEE21206E6EC8A42EF3D17AED5DCC38
9B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\34D97A04.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:lInWCGNZgJdoRRkM3go4OL2NQqJVjAUbYo0DbWml2mdpLSd2IdFrFbcn4uZGHJuu:eGbgAk22NrV4YLbcntZkJZx+dRxg
MD5: 7AAB1650D0EB97BFB3CCAC2C7C27AF3F
SHA1: 869BF44B56D1F5D386AC7F0EDEF605FBDEA14C71
SHA-256: B280B5E071BDA33E6E65F64E825FB51174336B70849D584DF55CC61675025BEC
SHA-512: 530ABF88C99E098A51A388CF331834C18BF72B40189A19F64B9CB7C490BA7E8A0F915DB0E377815CAEFE1B9E8D503B666A190602A87FD77B41EA132157499BA3
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\35F990F8.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:xi6hdW4NSp1SRSnSp3MLGV+5fIzAPe7fSJf6jTtFDPG5nExkfWN:xi6hpooS63MLGV+5gzeeCCj5FCWxkfWN
MD5: 2CCFBE3C36327F01F6583143050A6F3B
SHA1: 3E8964B25B87C78BB4871467DD2A7E1972C55305
SHA-256: 9348BE538D5B8AA6A7A45A146FD1BEE734442E72011BADD9F98B6873682FEF27
SHA-512: A59B9BBD67E7AB2DF8806AD4E5B7EA0C230C05F1FE31559F22F6FC8D33465D3E08BE9547BF2EFFADB9060362041EF03519D487B0C031A4D41FC32D8B94C1C8
11
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:QwWm89NXHWroPIpG8N2eOQH/dFr+zY/SY6vybDcGO12E8Gv8QNMXlP3gOJ4h:poXN/EEzY/SBWAGM+LRxG
MD5: 5B2AE666BC4847A2C45A73145F54259A
SHA1: 25CAC6447387A3A83C1F92D9D5EED9523DB250E3
SHA-256: 613F0F1A296AC94DA3992069F88B251071C274CB8A3074E1DF487E06709C3389
SHA-512: 054EB075AAEF7841764AD9392BB7B3FF1BF62EEBC951EE7EF94CA91EB18494908B11E8C93525F83C6C33515DD42D5D6169E5C46CE49516775A0CF86D953011B
6
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3627023E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:wA7M+/VR25nIKLIQoIFsCTM0i/M69X6brFWP2:wKR25njLIQoI/jm9X6brH
MD5: 38EAD39CFF6A67361DE74FACDB19626F
SHA1: 8F8BCFA7303A36CBB61E154DF805E2EB77FCD788
SHA-256: B357D36CEC715D23E7C5CB8E8A6F188D14DFAB441D7535F24FDFFAEF4E152DFE
SHA-512: 0FB36BEDDCC02B7E752082F558CF3E53242E61DB08C978B6879B4C9402A457969D30B554B2E87FF7E6C5D65C1498E8279CC9E116915DD533AA9A7641361E2A45
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\36E7A8B0.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:0XOLDVLUl/rTWMO0rfgzdgvGg+KrSEMY6ecwz6FFH1U0F:0XOLDVLUl/rN0zdgvG6V6twz6n1U0F
MD5: A0CAB472F56991FAD6498296FEEDE011
SHA1: D23B329D52579CD1CD769FC839E46DFEF0E18A4D
SHA-256: 708530489A1FAB1AEC783B6CB9EBD73B00B5EB777F8090333C4C74BA07400D97
SHA-512: F542FD58EA7888080811EBC0DA7BF0FA9168EC8CFF81527993C8A8438A1677ACC2736F8F0701F678635242A4E60BF1709ABF26F354F6CB052B18EB613FC896E7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3797D1BB.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:qvg3Mz7jtK4ekHkORWNAgNt0vIAFxSe59BpUKWil/cydp:qv+Mz7jtK4TRWNAgNt0vhFxbLtXdp
MD5: F5CE96474B03B15298382152F6DA1C78
SHA1: CE9C40DCA5DF790546DB048D7A1860837A624A2A
SHA-256: 13011082BE87B2DB62C885A202B64E68C37BCA64969A3BFA3EB57F4E69AEE887
SHA-512: 5713C9FBA2D79B409287560A3185CB0A617B21BB2A442D2C1A552D7F4E299EBB9BB2A327DE24C9A6C0787F82A11010DB96101BC7A49FF29470C97301D55D7405
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\37A44F58.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:V9z9GyZI3wUYOdFrQNq72EBy3k0yzdvkQNUXlP3gOJ4hb:WiN4C7VdRxmb
MD5: 88733A36931F8DC19DDE91629CA7D6BE
SHA1: EA7CAD8D6AA13F120FB553658EB59F732D29E327
SHA-256: FEAE07AD190501B7F7ED3AB5F3BB9E614837F4718F169E3BFE6A869AC87F7C6D
SHA-512: 1D5224096FDF8797868DFA2E61EDF3A01457DF0C6379A4071A276D04ADF849CAEBD9DD1BADC38341F1A8CF4796E25EDE633087463D39FB24DB934B910E1439E
5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\38CD7869.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:FzgPODlCQWHKJlIWV9KM2FjuC5FoEBXCF6GNGONI:VMylCQWHKJlIWMnc6XCDGOG
MD5: 43E344FB368FD20C673248D8F24670DB
SHA1: 63C947E01EC8011237EDEF778BE2AD34E736E207
SHA-256: 888FAAAF0ED3A05F5C31869BA458AEA552115683BB8DD02CF501E9B4235E3A05
SHA-512: DBF449065093D6521DBD6F3CFA21CE7F5354B698A78B7B1175B3A3BBAE13A3C467D16365FBEBCE90D18AEC364804FE7E3074DD03E8A3872785C33E3984BFA4
9F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3A524B18.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:9wvlX5vrGoiwij4Uyb2gRzBkFsM/Lmp5Avkysutko:9wvlX5vrGokj4Ue2gRzyjs5AsNuuo
SHA1: 83C9419DFEF060129322C02C8A9985D1059C0C3D
SHA-256: F840CADEB8ECBF63268D5710DAAEE506FFDF9D810F2A4E08A63FCB9427313B11
SHA-512: 6CC3A777A4302B183F712475814758157BD703A7420142A1BD8E1B5E2A15D383293AC1ED26F1E79BB2AD4348369D864DEFCB8C514BC01F6D3AC38D60E3EAB54
8
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3A8FB074.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:k/d8+T6almJ6xIXrH35ZOSTpU7OeejlDRPaSWqE1xJ7LnrX:M7rrX
MD5: DB0E8EB8F43D3BCCC54141DEC108239A
SHA1: 00E739D32E253174B482A6F092DD54C7D06974BD
SHA-256: 0E85B1B7A4307CE18A83C91476E80570B63EDD7F9E35A0384A467E4B54761059
SHA-512: D035D1748A4AAD4276549CEEBB8442D41E3956737B3427093CDB43F64B184ECD9AC650E63E4CE05F76B12255F0A3AE16DDE5CDD1997329483241DD3C4C93FE3
A
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3C61628B.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:oQQgtNbzGw6fUmGAjdFTDP5Y92E8Gv8QNUXl33gOJ4Yl:lEtDPQ+dtxp
MD5: 902E7FF00742D8641909BB376EBC3C33
SHA1: 16D7139479B864745ADC094AD405AB781304B528
SHA-256: FCFB2243341EE897DB812EC0318A612836B4A64DAF82E3CF9F2694B76A574E64
SHA-512: C49DC8A957442713513C3AD363F4906F79D31FE9D95153520B97B9D7A21CE44B215FFB36BC7AEFCDEE19CC9907CE1C00B93B3BE552F88D11564AA6FB3E7D35
D2
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3C7A587E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:92m5FMbpipVmQJai6dFr+RzbGK2E8Gv8QNUXl/3gOJ4z:U0zbGK+d9xo
MD5: 195EBC244FE5E65E70DE56B41096FB1B
SHA1: A4EF27E73AE33DFFD0E85134FB52A6FACD1E1C8E
SHA-256: 086252EB2A0716F2834D243518BE21E99F9E2EC9D1C0C700D886E248BE7969CA
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3D017613.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:RKuzVFvtlQPchd1jlHC8SHBSi0F0FBSrLnqbbne:RxFvtlQkhdF5ShSibFSKC
MD5: AABF11CC3D2C9383A7AD324BE14D66A2
SHA1: EAE04D9AFCF8C6A25746F3EA76869205594B0638
SHA-256: 5FE0E9516D0DB90FDACEFF34DE7BF0D00EA79C250D4892C3C2370B622948A2C3
SHA-512: 68A17B841DF16CFAB748ECE5BC3BDD11C27647AE3FF3D1080536EA88AED834B19513D3FB71125EEFCF503E32CF9B002889DFD1AD6EE1FB153A2011D3E7BB2
985
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3EA98EDE.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:dAn4IgnbdupXwtWtt/m19F3dFril2E8Gv8QNUXlEL3gOJ4R:vIYmtJm1t6+d+Lx8
MD5: 7853B61B91695495407F4AAC04D7DDD1
SHA1: 202EE445962741FBAF5CADFD69FFD263D38D3673
SHA-256: 83B9FB156E263627A3BAB1FE8AEF166620104A420123761AE7364AB72F999F07
SHA-512: 43C32996B776AA9F8FFC861523A453C6164BE0E2356E4569C3EE8B7265723C0761E4848550AED627CA4A54CC4081E8201B91383694DEBA38101AA6CB4FFE2AFF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3F6F55EA.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:UvZ72sgme8aCTHiwaYBzDkcLzXViFsSlcmpD:UvZ6sPe8aCTCwDBfkcvX0FsmbD
MD5: B5BB1F60AC9B6421802E908F7463C036
SHA1: 221AE364CB0A4872FBA6AE863DDA2E342A6AE234
SHA-256: 69F9AF259FB4797C0337BB7F28CF5F27089A4C0B83259E0AB6E660DC8F7422D1
SHA-512: 0198DE32B56CE230DBD1794FEE75E4EB19657F629DC3D26E44E15DB6B4B9FB75EB0FABFEF2D966D29DFA97EC1B4AD44CBD8E87118146DF62C7DC614F251ED
FBF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\400CCA35.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:iNyNQClpGafuBUCWeOrqPd4KPUkvdFr3/LY1tD2E8Gv8rNUXlP3gOJ4t:dzfJCDOAfd5KD+mRxw
MD5: BB671AA65AA13BA93B6E4B0DF65EAFD8
SHA1: 29E9053D04B5C0694BB7415D88C6D1133A6E25B8
SHA-256: 73247FFDD6F9129C5951BD1B31B073A49EDAB2048EB818F4CB6B98A11E5BBEB9
SHA-512: 85C6C40C977B5A9FDFB669CEA9456E7E3F8443DA50CA122E579AD09FD0C2AB60F0D9198603759785525CB574FDECEA17699491488E44492AAC9E47038FEEE05
7
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\404B1362.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:0fawnUG7wlEtHqsXlY4B2PViij0B4z0fFGFBuS41wbkH5jMjkPoW5ez17:lw8lE5VXlY4BlfgFsS41Go95Ip
MD5: 2C079F6E9C7F1FE449F44B7B631B944D
SHA1: 328DE2B81F3A0FDFCA35264094B6FCBB1AD86AFB
SHA-256: CF4856DD4E5DC64ADCBCB05C2F3F66AEACCFF75D5470DBEFF211D85385F11F0A
SHA-512: 7D224A6A9A85BF74746C37E0CA8325C1BAE072124AC0078D01EA119D4A2F4E35149A6AB27DDF732DFEAD0A3101DD4440D73A71B6FB0C3D60B70388897E47B18
5
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\410A63BC.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:9yfaw6UQ/wDRDMDT7D2sDBDPDlDQxjDeDEDDUECDCAbDYxC0iFBuSMCx6pYhey9q:JwVFQ7Ztj5o6w1CnExZiFsSM9pMS5COj
MD5: 7B77F4869326410F2FE4272AC5ADCD5F
SHA1: AFA52F5321748CF1BF84A76FF5AFC5F805856718
SHA-256: E385A723E15862AB768962856980D3E13D10113CE4A0E0746CB1C70F09B3371F
SHA-512: 4D7E8E9299959919A2AF4A359E92D92827F8032BB8F4E73B605504CA18673D7FAA416FE5E7AD7E01FECAAA08A133C658A171A80DBDDAEBE033732B23ED0D5E
15
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:aN6h/t46Q+R8fAWKOQvVwDHmNiFaVTRRXo0q:Zhl46Q3fWRVwDHmNisTRC0q
MD5: 0EB25F58D861E6CAFCF061066119FA07
SHA1: E7616E305E0AE1D8F45C6DDB5ABC82852199542C
SHA-256: D3BA7BC4C99166A27A9B29986128D6B0E2D21D5E0F6C5A7C40AB8FD63DC06E1E
SHA-512: 473CCBCA0AE727B011CC7979C908CFD13647E76011A6F6B0DD5959EA2BF2FBA2A62B95CE0DEC99AF84E8FB3E5584E3293926D7D3047510BB1AB7C36317BA77
FA
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\419009B7.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:D3LB5b8ksLRyhaijOEmq7+IUQonWFFSYMYG+LJe24JuZ7l86WaK3:D3LB5b8ksLojOEmq7+jQAWFMYnG+LJez
MD5: DEC1B3137D7965D479C2A53B43BA75B8
SHA1: D35A036F215735C511851780B1A63611AC67C8FA
SHA-256: 55EE96CCDC737C3C58DD7F3E6045787961879E7E41E56E0A606911EB4DB244F4
SHA-512: CD07A9F6E1870C0E9574EDD4EDA0E891E391D6B7C4A3FFB9FCA31695A268AC6241DAE95767200A3BFD9013A193D60503C6AEFF4279DF2B2F4C0565A5AB198C
67
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\42678494.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:PJI9Z9d7CLvq+0IeM/Dr9BGH3FxStoHN6Si+9xCazM:PJI9Z9d7CLvR0IeM/Dr9BGH3FxhHNPNM
MD5: 8ED5841DA77FA6A05CEE8122ABA7E7FA
SHA1: CAA4713CDEA3BAB490EAD4FC92FD2232DF90A664
SHA-256: 6A83E3A466BB75BD672F2C1A836332B80C1ED0BDD082D545DA6F973CA4352C8D
SHA-512: 46AF5EF8B62BECF669D5373D073AEDAFF6A43950C95FFF5D6803032464E6B4D27BE3101573ABDDB2026C69D23824B8CF9EE76AB85CB9BEE8F3BFEEC9052C0
D1B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\433228E.emf
Category: dropped
Encrypted: false
SSDEEP: 96:MdP7v8Soe3zdUbvjqNBpU3fSMFxSp1bxkjh8wg4:OP7v8Soe3zd8v2NBpU3fSMFxm1bx3Z4
MD5: B5406691011D502706ACF093B1FBFE6A
SHA1: 5EFE512EF546453A2B5186CD57742F4364DC1900
SHA-256: 5DD62A3E237053B825E6398A4356E575F69250E2837110FD0EE8FB3FE462875A
SHA-512: C0988CD745F9C69F8161A5BE1277D74ABAF00E1C36B2790D29E395F29114E8F833A0656CE88DEC4EC8C39C9420201FFE91137CA9863C520721FE96E7AFF25AD4
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\44F967CF.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:Y+I+GvPCk2thavFL7AdFh4LxbMly2E8Gv8QNUwlP3gOJ4j:Ycj3uSM+dSxq
MD5: 69AE31B31C92D9DB981D55165C4FCD4E
SHA1: 8A27B41466925567F6CA34F59E39FC9C731C063B
SHA-256: F871AD39505CD2E6E2D0C35779B60CCE1E806C077F0BE0A74305A38EAC075598
SHA-512: 1E0CF489955827303E05DAB55E2FFA007ECC3671B7852E3DBA786CA6047A5368550A53D94CF43BE5ED30C7BE89CD388A44AFC0FB7FCD221C7BC7132AF466C7
EF
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\45B5D55E.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:Wyz97R3YuonvoYLF2Pv/v35zrHqFxSVfGon67ah:Wyz97R3YuKvRLF2Pv/v35zrHqFxQ76Oh
MD5: 7C10B0B2E3C29E46998F416B9FD06349
SHA1: CA8B840785F04F64CB4D23D5AB8A173698C9A3F0
SHA-256: 8C4BADCACE72A1D0568B0EA0DD0EB81B906B44BE383102474B08436278679F16
SHA-512: BA036E4DCFE2FC59B25AD360DF82D5146716B267D22F8E7C30CC48CB3C7077DA7C729DD42298117EA66973DDB669AD7C4530BB617405FF384E53083AF8FF058
4
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4689A56F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
SSDEEP: 192:9vCRfaGcZ7UEtufWG1Jf+1NY5sWXqDEiJngBQLFIZFxE3mObubh:UBaGcZ7UEtufW0Jf+1NY5sW6DEiJngBX
MD5: 5DC02DCD7BD56B0C34F66A2DF5E64E77
SHA1: CFD380676C5C56E0A3009B973293B15F0F34CD59
SHA-256: A116EB73C9A719DBCB5E8750F833706826AE7AA62F3F539870547276795E0920
SHA-512: EED0811E0CCBF184EF864D60B93DE3DCE1D52474E35491402D1375A1CD74635A222DDFC381A874B7706CD5752A24E16253144495AC1028BBADCA83F6E7FBD44
9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48B97D13.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:ic8zTQv4uAndFrBzgb9gr2E8Gv8QNUXlq3gOJ4o:Yd7gur+dcxp
MD5: 40A618BCBBD8CCF6A9CBD2F9F28A2229
SHA1: CD286E2715C6F9CDB685402AE7D9C11887D881E3
SHA-256: F3907F2783EB81D73B5B76C2C112235972DFA463EBE9EBE2840D39D51AAC9D48
SHA-512: 4616B58F3902928C57FB70511E26E6E8B13DBD8AA7FCF36EAD7031C13140CF9A488A88EFACA66473F5EA65AE96DFC050CBCE95BEF4401F3CC670E7D5E233EE
13
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\48D8BC63.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 96:Brw0qGMDqL7DStQZvIFRSl24NllofyMb/Yw/CtSG:Brw0CthFRZ4/loaMTY9
MD5: 96D7D4D94B4306E69C226FF948F18F2C
SHA1: 26BA088A8A5951A689591403B36ACBA0D4613DBD
SHA-256: D00209AA46C5ECE6C848B92B59F2B66685D4E1175236E2DACC4A11A5707DF45A
SHA-512: 957813B39F3B0308F347599682893C6F5EF4BA7F8A774FC4D20C46D1BB203ED88CAC5A4F413783AE467B939C87191E099913D4B964BB4BDC5BC00756ACD0FC74
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\49310B1.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:bwKfavLU4dTKJHVekH27Xk+CmiyDANdjwaRGFBuSIp1P8OKrLlvgUsnl6xvr3gu2:bcvbKJHVekH27X4miKADVYFsS0QUbr
MD5: C64B7A6DC758FB16D256C736356ED0CB
SHA1: 597DF076EBE0D3EA03700E08ADD14A93D549D105
SHA-512: F095F11A1BBD3CCB1D082B4A9CDE80B968BE6917802D37F6BEE81305C4E9240786832E055268E08FF2CDB7A99BFBB9C56B331888D5677A51FD29F75D6EB32B1
D
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4958DA57.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:Mfav8fTSZ0dUeW8fOz4i76GWTEMUABBnLF2uSvCVDtZG3M/rWOhD:tvUjW8fO0i76BTEMU0LFxSvMO3MqW
MD5: C0985D4200E59D3D9CC0C0827F944BA0
SHA1: BD716C956B785679A064941BBE09B3FD3E0756B0
SHA-256: D2DCA022561B7650FFC231E2B733928667EEFBF1F96C463057C3070B67647C54
SHA-512: 1C654EFD876FE845F22C39D11E7CDE03502273A2A4275DAA9E40C8D2429AD50CAADF1E2A5E442DA8E1D7E1FD43468A47FE3D9779B6F001A8EE14F96EF6A415
6F
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\49AD2C2F.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:tbfmlWuYJMVLAdOEUYGT0Evi9NgfdSGmF4TAITvC20:yWuEMVLAdVUYe0Si9ewGmWA4vO
MD5: 740127EA6ACAF425C7AB43BD04F71778
SHA1: 6F567CD44BCF0A483B2D84334D8919ADA46F0306
SHA-256: D3AAEEF86625EE11AC927652BD23B136D90D3DA25586A18B9AE66663E502B3F2
SHA-512: 841CF18A0B79DAC1C9D755FD3D22F5C656917856C8A4485AC9D6867D02D00C294F46693127D12E025D0874CCDBC0830ADDCDA6331A86270EDFF1502841DFFB7
4
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\49E591F2.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:57QnteSPyTdMk9CV2I80FsQcw1mLuPFBm+EEPFBNjmyW/cPkQLYcR:SteHyk9CVcPqmCzm+EEF3yjGVxR
MD5: 3C899CD2B78684FC0CB867C62B8078AF
SHA1: 7457E46595438067E861380F46F12B1E8258B336
SHA-256: C4E481E9C7C0929484EA31E861D6DECF13D70DF9EB75C78B941E6474DDB73637
SHA-512: 858B83AE8DF629188D4DAD0F4AB641516EF172BBAACA5622EAE8577F1EAD35E8638C8EDF733F9D817A2AF82229F060692A49D43DC187DC684368CFCA7ACB45
99
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4A0DE334.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:nzfawGUhL9Hngeg70G9PePLmo9TpFBuSXxCU/GuX4B:nGwT5ngeg73mFsSXx1G/
MD5: 84F56076EC1788B77CA6C4E68A1839C0
SHA1: 61EA9E7E400BB193B3F87A9C104C6F7A670C2263
SHA-256: CCA6BFFE57BB17E27395A48A56D831E5730F4DC1136212CCE88BF0CA62F22011
SHA-512: 0AED0CF484306D6D92B70F0B3FCC214086E66016EEE66F7859200961856A572B5FC87C29C68B1A8E1AF60E34A15342B2265866A16EA8A620ED079521A0547880
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4A8DF1D4.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:cUmHrkvCLTwUfr6MeHWsd8XSQKmMjYOFk2CI347V:hmHrkqLTwUfzstJ3YOm0347V
MD5: 11EFA5C3A2398782E157A5B725F696B8
SHA1: 4EEEB2C89E19FD2E9E65C887D905762E13E85CEE
SHA-256: B6BE21076CF4381107D8989C253910F02FC312E4134B749378013847861A5B88
SHA-512: 02CFE17A7C71299E3ACC06A57B91DA5F273BD37E9B1C27B71A567A1A6366F98BB819D5D7195BE10B43D480B0063D710143A5B3EAE9D809DBBAA5F0A279A2E1
41
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4B0A2BFF.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 48:lwk6Ue+tEzfavR+fTSWQyLxVvRzilCUYeF2uSmA9gIg0iUovlE:lwk6Ue+tEGvRmFVvg9FxSRgl03P
MD5: 026DB301C5E93519D5828FDF5BE73711
SHA1: 1AAB2FCAC3870F6B8409F6D9556DA2103B09D5D0
SHA-256: 1A884AE6BE0326386EA33B122ED9CA6ED73946D4C1F528B2AD344520917E1C70
SHA-512: 6FE7EBFDD5851163E5159996C27F5A13D288935663E44B80C1497DAE75D6680A17557D0F1CB8FF479B30D77FD14353BCFE7049C63C2E6D532A34C622BB1D94E2
Malicious: false
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:3lm+0OqcV9SmzLkQTOnl0+euPb0szdFrRLsSvQ2E8Gv8PNUXlP3gOJ4V:3lm+LqcWmYeiBLLzvQ+6Rxq
MD5: E63781E6F711713E80370BEB7189A935
SHA1: 5D44FF77000A4E264828C6741FDBE3BF5F8AE7BF
SHA-256: DBF567A36BBB28BB95667CDE741736E2153E07C845B7588DA95A98A781D437D0
SHA-512: BFF62FED093AFDDC847046E326D892DEBCF1CBED88331CF0C153AE34474F3FD952556A3726F9C4D41EEEB8EE345BD474090F9DE75D48E8C6443CD47F9E0C0A
6B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4C0CF77.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:g0NM3BtOO33JwGH6MYkJ+BkvJLA6Fsx3QKSob:g0NM3BtOO3iMYksBkvVA6Kb
MD5: 35EA1EAE4DE3023B803E9026A0AECC84
SHA1: 5F2A36B9C6A8FB2A82DB8C9426CD147795172A28
SHA-256: 3318A181D39CEE25A547DF6C588CA8D173C14F0BC96FABE63C663C03B255C18D
SHA-512: 53E276AFBAAC7A66A72B5CD3A0B63F8CD964224290DCC737882B503C53C3475A2E0439314A4A0D73FA034DF70A81CB973DCE6E691C0E5C0F497E686A3AEFE1
5B
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4CE85770.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 768:lE6MjqXsJoCL1GxVqota6ssN+XxPdGcCUCMGq7V1weyzCZYO:FBI1GxVqota6ssN+XxPdGrUCMGqfwey6
MD5: EEEEB63A2A08C42A0AA09353DAAC0333
SHA1: 4139610A1032D13C94F81F3C0AC24B64258FF2CF
SHA-256: F28575C0666711092A477BB8675CD3A249E3D6160CB609D7A19510F8402C6274
SHA-512: EC196E94E809F8B238AD0C0836ED08D2604FC98A2B064A299A58F7F97798DF52FD599C072F9CD143AE3F0F586FDE546C6B93FA8776E46845932834CCC5360676
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4D18E0EE.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Encrypted: false
SSDEEP: 384:iunwdvUNRt57+8Ofs3RlVY42jfG8X+MnyeB0J3DaFiZi/Bo4ZdSOxkb6MZEQS:iunwdMNRX7+8Ofe2jfG8X+MyeCJ3DaFt
MD5: 3D06C4C876B2FD0BC5927380B7D61C11
SHA1: 52F328EDD308AFC2A3C8C9CDC1FBA07C21BD0474
SHA-256: 3059E5B739333040D3E456777EBE6D4C7D8D943D535C23B8391C8DA644E3EB88
SHA-512: 088632128EC562AAAB122A00B29D263AAC0617825E5528B350328B94C52FBC413E94B04A8ECF550D164CDFB28F89E7F39183A72D0F8BE883BAD50D4904A5E83
E
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DC63CEB.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 384:CsTL3ryUwtODWgQW/7fYb6rYeWVu50IebyCFOmIbkLD9a:e9zliea
MD5: E66044381CEAE3153DB7AE5E508CBB80
SHA1: FE1A8037CD38DB7320CE6152F1163A34EBD1F896
SHA-256: 96558D7E186808BDA10BFE20F5316773824E60137BDEF4BED59249F166BEA15C
SHA-512: 22D227BADE712FD0DE8BB28B0A729E3955DCE05E57282C67281208F3E91E56875DD2D257A0FD6E792C42A3D013EE2353ACF4D3573D8BFDC6EE36BD7A21B759
D3
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DF8A925.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
SSDEEP: 192:IADt2YztbdFrCFK/tc8Hq2E8Gv8QNUXlr3gOJ4P:3vf/t5Hq+dJx8
MD5: AD6B4AF4650532700033E1D97600AA62
SHA1: 58280FA1880DA57411A7FFD56C112596744FDAC3
SHA-256: B05E1AD216D68DE3551AD8E9F61CD509996708019882BD67DEF9D87CC17AF2BB
SHA-512: 192C42D88B52F47BCEF54E9F41494074676421681E220E32E3A1CC01DB61F358246A847AEA956BC67BB3D3635BA679A75513AB761FC74D2827580D112CFD64D9
Malicious: false
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4EDF2723.emf
File Type: Windows Enhanced Metafile (EMF) image data version 0x10000
Category: dropped
Encrypted: false
MD5: B25152CEC406246775C34634B6C0E3AF
SHA1: 2EF32C1DD6549A9898F1449783381C45E31B9050
SHA-256: A5D2D38EA9D64604ADA6C13EC29A963E2C0E22D061FB0A0307A0152EBD5519FD
SHA-512: 8EF4F44BE1897884176FC6041B6E199811FD6D02B64C9C39336EC3E071DC135DC4BADDE7E68BFCF565782365740943862EA386A86446DDC0C712B751DC63B566
Malicious: false
General
File type: ISO 9660 CD-ROM filesystem data 'recent inventory& our specialtie'
MD5: d069812aa63b631897498621de353519
SHA1: 6b0cd7ae05f88d474c361fab658bf4b70c434cd4
SHA256: 17a3c8d822309ce792bcfaac2f1b52eda4974ebfce17a5a7c9821daf6b5fc61f
SHA512: 6dbee994501a4179e7cbbde3a46d26701f046f806b124c671284b8ac12abcfb428816eea4980c807e7588e5fa0005f9a585f23501eb5494e43049dc35602e27b
SSDEEP: 196608:liNPuXPM0cjq/RLx5xsDT/wY//Z/V4On1OFn:sJuXPM0aqFxO9H13o
TLSH: 61B6BF19BB848713D038573080D78B097B39A4107B03472F63A972ADBEFE3E56E67A55
File Icon
Network Behavior
TCP Packets
Timestamp Source Port Dest Port Source IP Dest IP
Statistics
Behavior
• explorer.exe
• ScriptRunner.exe
• conhost.exe
• WerFault.exe
• EXCEL.EXE
System Behavior
General
Target ID: 12
Path: C:\Windows\explorer.exe
Commandline: C:\Windows\Explorer.EXE
Imagebase: 0x7ff7c7a20000
Reputation: moderate
File Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
File Path Access Attributes Options Completion Count Source Address Symbol
Registry Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Key Path Name Type Data Completion Count Source Address Symbol
Source
Key Path Name Type Old Data New Data Completion Count Symbol
Address
General
Target ID: 13
Path: C:\Windows\System32\ScriptRunner.exe
Imagebase: 0x2bd67df0000
Reputation: low
File Activities
File Created
File Path Access Attributes Options Completion Count Source Address Symbol
File Written
File Path Offset Length Value Ascii Completion Count Source Address Symbol
File Read
File Path Offset Length Completion Count Source Address Symbol
General
Target ID: 14
Path: C:\Windows\System32\conhost.exe
Imagebase: 0x7ff7603a0000
Reputation: moderate
File Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
File Path Access Attributes Options Completion Count Source Address Symbol
General
Target ID: 15
Path: \Device\CdRom1\WerFault.exe
Commandline: "E:\WerFault.exe"
Imagebase: 0x7ff642a00000
Reputation: low
File Activities
File Created
File Path Access Attributes Options Completion Count Source Address Symbol
File Deleted
File Path Completion Count Source Address Symbol
File Written
File Path Offset Length Value Ascii Completion Count Source Address Symbol
File Read
File Path Offset Length Completion Count Source Address Symbol
Registry Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Key Path Name Type Data Completion Count Source Address Symbol
General
Target ID: 16
Imagebase: 0x7ff6add80000
Reputation: moderate
File Activities
File Path Access Attributes Options Completion Count Source Address Symbol
File Deleted
File Path Completion Count Source Address Symbol
Old File Path New File Path Completion Count Source Address Symbol
File Path Offset Length Value Ascii Completion Count Source Address Symbol
Registry Activities
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Key Path Name Type Data Completion Count Source Address Symbol
Source
Key Path Name Type Old Data New Data Completion Count Symbol
Address
Disassembly
⊘ No disassembly