Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.11 10:11
bxn.exe
11.11 10:11
glued.hta
11.11 10:11
MONDAYconstraints.vbs
11.11 10:11
tartarises.vbs
11.11 10:11
xwo.exe
11.11 10:11
comehomeconstraints.vbs
11.11 10:11
hello.exe
11.11 10:11
chrome_130.exe
11.11 10:11
s.exe
11.11 10:11
Citatfusk.vbe

Latest News
11.13 11:11
November brings cornuc...
11.13 10:11
세일포인트, "기업 약 41%, 아이덴티...
11.13 10:11
컴퓨터 수리 전문 브랜드 ‘컴닥터119’...
11.13 10:11
DirecTV Plans to Cance...
11.13 10:11
[사전규격공개] 2025년 기관 홍보 콘...
11.13 10:11
로그인 정보를 훔치는것 으로 추정 되는 ...
11.13 10:11
유니닥스, AI 기반 주얼리 검색 시스템...
11.13 10:11
퓨어피크, ‘솔리드 라인’ 초도 물량 완...
11.13 10:11
커버낫 우먼, ‘호빵 X 클로버하트’ 카...
11.13 09:11
(주)아삭·(주)유독컴퍼니, 소상공인 및...

Dropped Files | ZeroBOX

Name	221a97daf8263321_cef_extensions.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_extensions.pak
Size	4.1MB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`6e727928ebeeeb5847c65c15c41802ed`
SHA1	`d22ba6f8e3160484dd40fd5f4eb685182f404d88`
SHA256	`221a97daf8263321ceb9ce244452fc97b865b561e399b23d42682fef4785ea7f`
CRC32	`1B7C3C6D`
ssdeep	`49152:a297+EfG5u8mWexScqKTtUtxT6z/t/G1hoLwpbeuR2oSKolWZHqYNYzv2v3zjKNL:keuKZULT6k1hq`
Yara	None matched
VirusTotal	Search for analysis

Name	1ae405da05b26908_commonloginapi[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\commonLoginApi[1].js
Size	31.6KB
Processes	2408 (sdly.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`8c15896caba628cd9efe42116c7a3dfb`
SHA1	`2dc419a3889aa0118e022d06f1e172bfe5d118eb`
SHA256	`1ae405da05b26908c54b675be64db6d6bec894c230f902e7e6897b7c694897c9`
CRC32	`7445CC2C`
ssdeep	`384:+dOjuaI96CSeH2CgpJyLVWQd3WjApd0BBd1H43dLRR7Z4vKR:+XLNW/gnQKR`
Yara	None matched
VirusTotal	Search for analysis

Name	b6794c2cc0870411_{8FB170F8-F077-43d5-868F-264ADB0A5489}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{8FB170F8-F077-43d5-868F-264ADB0A5489}.tmp
Size	24.1MB
Processes	2088 (sdly_taskpop61.exe)
Type	Microsoft Cabinet archive data, 25278986 bytes, 1 file
MD5	`09fda8864ba82b306eeed8959bae888c`
SHA1	`b5004c3be7592f3b0b74c89346511e1c0d6c27e7`
SHA256	`b6794c2cc0870411e9ace6c17e4d3094c8e4386f66acee7dcde391ecc573e116`
CRC32	`02E469AE`
ssdeep	`786432:2nyHxH6qXvrx3BWUwStoAw4y+Ekdhjt8El0GdU1WS:2nOlTx3XLw4y+ESllLy1WS`
Yara	None matched
VirusTotal	Search for analysis

Name	c8744256f22ca0d3_id.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\id.pak
Size	42.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`07428ca91eead354d60dc8fd68738f54`
SHA1	`d227c7023f9a28bd5d9dfb9cb95246470e7ea6fb`
SHA256	`c8744256f22ca0d32f22b2d7a5cbec9d0bfe86c112632718dfa53452298833a7`
CRC32	`BD6DC1F7`
ssdeep	`768:ErwdHrJ9PIYvAQhXOcCu3QXVsPajTunJc9StA3hMLcpSYIcfbmsYYL8L:8WJccCLqajTa7tARMLWL8L`
Yara	None matched
VirusTotal	Search for analysis

Name	76483b86b529d070_ml.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ml.pak
Size	115.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`e53a7a75c56a080eaf70864602fdeef0`
SHA1	`88a2eb541037ea5c87568c7d9c7a8932f8e8c407`
SHA256	`76483b86b529d070dd5acd32fbf217cbc97f32b1c8878b238162323535b0eaff`
CRC32	`766A43CF`
ssdeep	`384:zAV1wQGrB1Bq1k+eyU2cKcZcx9bQIkukjERHbwPI2QLOguzQFG/IYKrNpcAn8QHf:zAM9dWmIZxNnYrtr0ptrMfFcKS`
Yara	None matched
VirusTotal	Search for analysis

Name	ea463d97eb088caf_d3dcompiler_43.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\d3dcompiler_43.dll
Size	2.0MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6e053d67b6073261f96f2c547d776676`
SHA1	`5fe7337abb09c1be286c14ec81a7755522197aea`
SHA256	`ea463d97eb088cafc5cd7574682be42efc791c46428b8db15c62de09649cce32`
CRC32	`5C469093`
ssdeep	`49152:vpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Ak6:73P9HP6Zpy9KyhMI50Du8LljslNsyHiX`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	77650516087c2a6c_zh-cn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\zh-CN.pak
Size	38.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`c3fd82ec2cddcf7192e9de8d9834dbc5`
SHA1	`f4cdb9879deef57d188b859744e4b1badfca7edc`
SHA256	`77650516087c2a6c43e7b775beb8148d8f9e6906dbe6bbcf5c3678fcbc02fa9a`
CRC32	`6CCE5C81`
ssdeep	`768:ijLnM3CfIIEafX6IWAepsuTaEa/g1rlW9HJFlzukK1TPAaIXoaRz:KOoIIEaSupf/g1eTZ`
Yara	None matched
VirusTotal	Search for analysis

Name	7244ecdb90048589_reg[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\reg[1].jpg
Size	170.0KB
Processes	2408 (sdly.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 848x480, frames 3
MD5	`bac4a047bc15d810d4f842ede9906b7f`
SHA1	`f130207d56f84bb89fcdb44124cd172992865faa`
SHA256	`7244ecdb90048589b7783eaacadf3c7678d53a42b4e661af92090293cdb91df5`
CRC32	`95206982`
ssdeep	`3072:yGLvH4uaSYx45C+/kwiMVobmgBrqX7uHc0EZwUARGc9tsZGGGyTq:yC4BpL8kj8gZBWKHsZwU8Gc0kgTq`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	2857fbe46d007307_icudtl.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\icudtl.dat
Size	9.7MB
Processes	2088 (sdly_taskpop61.exe)
Type	lif file
MD5	`d03ad9a1189d190119209072d048e428`
SHA1	`aa954098e3ae4c00f67bace45b39a7b4a8242c6a`
SHA256	`2857fbe46d007307b1e204c6eb1b7e4988973b958ec8edb07445988f332c1ab5`
CRC32	`7EED4272`
ssdeep	`196608:L+7mOUgAjk3MVMP7mxl2b+2WYZjU15obkTQ89kxgc3bbHo4QY7iUT0ep:evWjk3mMP7mxl2b+2WYZjU15obkTQ89a`
Yara	None matched
VirusTotal	Search for analysis

Name	84f9ff560f3df297_fi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fi.pak
Size	43.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`d4a7ba8027cfca09caf1a7296eb3e7ec`
SHA1	`7fae130235012413dd7c2049bf790af0ef89f219`
SHA256	`84f9ff560f3df29722e75f47e29e978e4d963f36109a28d432ddbba8737f977f`
CRC32	`0CCBF836`
ssdeep	`768:zUZLzZ0LdAyHXHhKDfTtxZGSC16ZrC0xH6zxStVA9X99nZDAYW6I4:LLHXHhKDfTtHC8VtxH6tStmbZDAWI4`
Yara	None matched
VirusTotal	Search for analysis

Name	861d4bc7876b968f_pt-pt.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pt-PT.pak
Size	46.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3cd4193d8640c6139982f884f1e5322e`
SHA1	`1951b71a2f5bc8c8c42512003ca102f8826967ce`
SHA256	`861d4bc7876b968ffa5736127da462a1b09d9ddd5534668f4a871d569033a962`
CRC32	`66AA3237`
ssdeep	`768:KPPFK1teDzBz1dDBS4/oT0vfC+7LUyZPEDBQ0/DRFl+y6MN7qxzyqKDBN:KPk1ezLToT0vFEDBQ0/DqMNmxzyqKDX`
Yara	None matched
VirusTotal	Search for analysis

Name	6b12d2d25aa996db_uk.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\uk.pak
Size	75.2KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`879bca053ba87f9a8bf03cb46438188f`
SHA1	`9f8a48a8c0bb6dc40a579888f664dd9060b9bb4b`
SHA256	`6b12d2d25aa996dbefd4af3d02b12eed86ecd8b75b8e8cadc317c13cfcbf5144`
CRC32	`7FC45712`
ssdeep	`1536:+fPORoE+KZ9FfrBmohrMVkSpqMaDDDvobCaftDQIMVUMTEb4USI:+fWR7BmoZMVkSpPaDDDvobCaVQIMVUMC`
Yara	None matched
VirusTotal	Search for analysis

Name	c9ac272850e1da40_fil.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fil.pak
Size	48.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`ba30c440e34a828c656b3057a6ef50d2`
SHA1	`cb223b3cc624a316ce4af12d0505c000a6820add`
SHA256	`c9ac272850e1da405981ec9c22c04280190988c69f20d8fa9d4ec35cf179d0a2`
CRC32	`7A649285`
ssdeep	`768:qxu3ggT0vzpJLWm6RSdoOHJrkOo3SmqucTkef7VdMOz8k+eD4My31YpB:F5RSdo8YOodqucTkefx3/a31o`
Yara	None matched
VirusTotal	Search for analysis

Name	ae2e05d6d0ea5a4b_sk.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sk.pak
Size	48.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`bd272aa038831bda0cdfab443849abbd`
SHA1	`176eed55b1668ca157e122941424c69017191c04`
SHA256	`ae2e05d6d0ea5a4bb798b550cb19ffeb6a940cbd9fc791f73ddaabbee80f1423`
CRC32	`8BC6E9EC`
ssdeep	`1536:W1hK+CGWCIvmsBTYpPnQnKQYwoqcHCY9O:WfK+CGv5sBT/KBwoqcHCY9O`
Yara	None matched
VirusTotal	Search for analysis

Name	5eefd1cedb3906fe_input_reg_code[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\input_reg_code[1].png
Size	2.7KB
Processes	2408 (sdly.exe)
Type	PNG image data, 197 x 35, 8-bit/color RGBA, non-interlaced
MD5	`f45c1eb97f2ec7c8770b98ce9ee07871`
SHA1	`a278730d3a7942ccaafa21f7290543683583d309`
SHA256	`5eefd1cedb3906fec615b2ff653b506cb65998477edcea8220a79a19dc3b9a51`
CRC32	`3B500BE0`
ssdeep	`48:CuR3OhzYhT9zg0EYqlCXk+cm0RXqqiutuNg8gFGn2Izqe5kLnf3NT:CxtYfYlb+cvaqvuNg8f2IOL/Z`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6016d121f8a5a628_vi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\vi.pak
Size	52.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`a2a7153a8b15820d1ca5be492b4d9600`
SHA1	`0fc2fa180c5785ce1432d19c0db1ed56b2ce25e9`
SHA256	`6016d121f8a5a6286c54cc27509af0b4de0c4c229e8d69cee6af437f6adee2ef`
CRC32	`C4699A3D`
ssdeep	`1536:d7mibcX2/NbqGNUlBTi99me8PNqM8NJYBCjlndx4C5se:d7mibcmd5CBO99OlqM8NJYB4tdX5z`
Yara	None matched
VirusTotal	Search for analysis

Name	9cafd68d4e23ae8f_widevinecdmadapter.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\widevinecdmadapter.dll
Size	227.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`1775b40455c7f12d9261eae9d9a2d2d7`
SHA1	`68a4c8d424c6add253a161037cdf178d0bfcccbb`
SHA256	`9cafd68d4e23ae8fcb2e766175b3e5b5ea6519295365d4d8a0937d6063fad378`
CRC32	`F96491C2`
ssdeep	`3072:WneZIFk4WA3BiLvZT0lxJqFpd7YIRf6uIvTsPVd6Ag0Fujbkmf7WuJmbIrF0:We6dEcJqFpSIJMLAOjgbJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3abf4b49ec48ea46_am.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\am.pak
Size	66.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`c8e9074faa1d9428089fe39a6340c43d`
SHA1	`3d345aa7462ef82e000057e49dfe7d48f6f049eb`
SHA256	`3abf4b49ec48ea46d97c7def4c4dbce5d24d452710e8bd113cd7cfcf6280f95e`
CRC32	`64705883`
ssdeep	`1536:6gwdwi4Y8YShhyO5nVZOWBARfJ7wmmrYfQrgE43/AXNX2dLaYKJn/kUZZbCKeQcU:6gji4Y8YShhyO5nVJBARfJ7wmmrYfQrV`
Yara	None matched
VirusTotal	Search for analysis

Name	a76263a6b5c969a0_en-us.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\en-US.pak
Size	39.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`ea20f7ef299ca680a72e9163c8ed0093`
SHA1	`f9ef3b9cc76f34f83142e1fcb67bf5c3f9031953`
SHA256	`a76263a6b5c969a0b0a2cc90bdb86d35f3adaddef41884fa84832c24b0940192`
CRC32	`5EDB6AD8`
ssdeep	`768:obq1iD/eqv9gNfDggl+dON+VcCwEpgmA1EmW+BlnkVSI/SBURkSNl:obq1iIfDggl+dO/EpVAppBAS2MURkSD`
Yara	None matched
VirusTotal	Search for analysis

Name	88c6ab714ba328de_pt-br.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pt-BR.pak
Size	46.8KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`d0fa28db4ee6aeff783c79b94ec50e80`
SHA1	`da7be8e7c2cf79679ebcdb562ae44e2525d3243b`
SHA256	`88c6ab714ba328de98c1b59cacc1ba2f2229f8262a57b5ba0d7be6fae0bcb2db`
CRC32	`4E9E90C8`
ssdeep	`768:On84KgfbimUYaQTBQeb79OZiyXStLSoMX6B7yAJtOeIc6xQxGel2:On8zm7TBKXXStOoMqEPc6xQxGe8`
Yara	None matched
VirusTotal	Search for analysis

Name	80b46f4e73ecff55_ta.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ta.pak
Size	109.1KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`cee22dd06699f093804e4cc822403392`
SHA1	`60b06291d29bc1588d83159058cca44a352d5d6a`
SHA256	`80b46f4e73ecff553ff815a0d406c9ed2c3d002909f1c1b2b57cde95d3fe3e2f`
CRC32	`20F2ACC2`
ssdeep	`1536:3B2Q1UOIPUN9HGX2S3e6SpeiMC5ydLtZW0wQbQX5QNQKogKW+XbWsyWtjWYnpJYj:3TgX24`
Yara	None matched
VirusTotal	Search for analysis

Name	ff7f926cd5c02f63_sdly.json Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\sdly\sdly.json
Size	1.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`269f5f90e115bd3d9b10a9e191e5ddfe`
SHA1	`f05cb5919ef30475adf738652d31f3c4294022c1`
SHA256	`ff7f926cd5c02f638541ea57cc8e596a458c759de6c8bd7f64006953a74158e4`
CRC32	`0DD05392`
ssdeep	`48:uUTuLdF5Van0RDad1M+MSOG3UI85g8/iFoJn:huBFvan0phxFI8+8men`
Yara	None matched
VirusTotal	Search for analysis

Name	d84ddda26f4f6122_de.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\de.pak
Size	47.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`6a2b3005805a7500570e442251efebe8`
SHA1	`da2127683f6fb31d5e065db13ce39ad4651c5dfb`
SHA256	`d84ddda26f4f6122f05c2bf06924097d374fb6f339693a0f5f0a30a52b2fce8f`
CRC32	`24DCCC4D`
ssdeep	`768:JwDgump1xwsJXusqGvl8TR16f49VX658lK9iXryiSolAsjvCs8RElXZxUM2i5G36:J4guQosF9L8TR1a5R9iXry5YX4Mx8XL4`
Yara	None matched
VirusTotal	Search for analysis

Name	efe550dc85ab4403_ro.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ro.pak
Size	48.1KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`228c2dc6de89cc5889a556b04625277d`
SHA1	`f2d4bb245abf2ad71f9ea4fd67a82b826d9371b5`
SHA256	`efe550dc85ab44038178bb99afc10bcccf8dcd7d0563fb6b4c31708407ecab79`
CRC32	`C13D2E1D`
ssdeep	`768:QGTSWhCoRxMcBQpBikEoqwTMU9cLUkh8cS7l8aTTZDtGY8LSg3de60BnsUejNv2Q:B4oRxABpEoqa9cgI8HyaTZtGSke6Wp6B`
Yara	None matched
VirusTotal	Search for analysis

Name	7d9c0c4d88618bdd_natives_blob.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\natives_blob.bin
Size	402.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`8f4d6515f4d321313a39a659c3c5ff01`
SHA1	`f4c95f1abd24c715a3dd4b3e4c9cff5decda7250`
SHA256	`7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f`
CRC32	`5AC01CCF`
ssdeep	`12288:ln3Cj7CQaMiyMzQ77Ua7Zm6ap4avfyM3G:lnk7CQWfy9`
Yara	None matched
VirusTotal	Search for analysis

Name	2addaaccec335c66_libcef.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libcef.dll
Size	47.5MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fe5219be2dda0fb7352bcee497556e75`
SHA1	`fe9ee85df3932826fac6a0ac6204c13f5860642a`
SHA256	`2addaaccec335c662cafdb5b36735c108e235fb03d2597edbf85c09b52aaff04`
CRC32	`BEA380BA`
ssdeep	`786432:6Gef2UiBDMxVI07lf0gtuPaa94GqEdxzVxNeZrp6PajHylGVQaiSNlyIvsln4rhl:AkBX07lf0gtuia94GqGxBxodgPajyGVr`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Microsoft_Office_File_Zero - Microsoft Office File IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4493b8d2ece172c6_CefView.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\CefView.zip
Size	636.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`51e723b78c3559a3e4ab4c291f221d2b`
SHA1	`fe86535bc14a49b9045c40d86b1511e5e3c3e7f8`
SHA256	`4493b8d2ece172c617d8eb10b41e83b757588c68eed8c8fdc7d64eb53ffffd45`
CRC32	`1B4769ED`
ssdeep	`12288:FdSGsVxJKsOf9WCeQnpURUH9+otLl6sfRdBwaS9LjimkPp1Kb1:FIlVSdf9JBwUHZ10T9LuFgb1`
Yara	None matched
VirusTotal	Search for analysis

Name	9495c58645df64da_lv.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\lv.pak
Size	49.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`4f3db8bacddf08035ed01ea66cc72d84`
SHA1	`36b03be97bdc2abae90d191bb2f6f3eace7ee463`
SHA256	`9495c58645df64da9f12af60276420145c47cd032465ee52b216b243cec9022e`
CRC32	`34FA9492`
ssdeep	`768:Qjh52P2d7B1TWSMJ8JUP9MEQxPp8ykGOfsWMZHuIkpI0pDou:Qj2PwbWSAZQ78ykcYPpI0pt`
Yara	None matched
VirusTotal	Search for analysis

Name	84478e9e8edf2980_cef_resources.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_resources.pak
Size	33.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`91dcd33ea77cf56fa39f3c3b0628141f`
SHA1	`092de5a70119bd7675b5c81dc2546d685696e281`
SHA256	`84478e9e8edf2980b5d214ab6019885ff762db832ee8a12e6216d4439ba56b63`
CRC32	`A373A92D`
ssdeep	`768:xNwNU5pqbjUFhDoH8TOLgHqSnhZOLPcIyoejomm1396i0ebbF:xC4p6UvDocSnShgTduy3`
Yara	None matched
VirusTotal	Search for analysis

Name	d19534767de432af_third_qq[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\third_qq[1].png
Size	4.1KB
Processes	2408 (sdly.exe)
Type	PNG image data, 76 x 38, 8-bit/color RGBA, non-interlaced
MD5	`664ebbeea5e330a5adc8d729070dd213`
SHA1	`6a929d0ced20c7d75faff558776fbba597703209`
SHA256	`d19534767de432afb00cb0c0658458f0e6ed380be08d4a0a36f5ab94e8277d2f`
CRC32	`5A6628C2`
ssdeep	`96:mZXMt283zwASN5E5ag1Y0ElrSlNJuNHI9AiPQYF6O1pMfF4vCqU:mZn8j3SN5kagREeNJMJiPQYFPiN4vCqU`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	25006f654d50e7e6_cef_200_percent.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_200_percent.pak
Size	227.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`66fa52c0523ae2ec18c37960e4eb3e6a`
SHA1	`61ac3e8e84a7f84790a835998873431c4a086bd9`
SHA256	`25006f654d50e7e63f4557357437eff5f6bda3dc6e8bf86cf0bd5b02fdbf2a28`
CRC32	`8DAD5103`
ssdeep	`6144:HJW/jBysmlC9BzMklLwozV1oJoRc5QXfHgs4jTlnG:pW/lDmYmqh1qggs4jTM`
Yara	None matched
VirusTotal	Search for analysis

Name	e9c9b9a56fbd98c4_third_weixin[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\third_weixin[1].png
Size	4.8KB
Processes	2408 (sdly.exe)
Type	PNG image data, 76 x 38, 8-bit/color RGBA, non-interlaced
MD5	`3783f1e3acc2f223129173d034a30920`
SHA1	`75ece47349995085ce0e4ed0972ea8bfc57e3523`
SHA256	`e9c9b9a56fbd98c444cc5cdcfdc597fa5d4dd3d6dd1db4b3b655b84bb344208c`
CRC32	`6F0265DC`
ssdeep	`96:mMLdR5ceT+DYGYs7dNiSO1XDZGzjTf400CWPIzvyIYLwyIFNYsrpH6vwfgFTFn1:mUdR5bmdNXOdDZob0CWPqvyIk9IFiDhR`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	24dd3c96b0e95fdd_input_reg_act[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\input_reg_act[1].png
Size	2.0KB
Processes	2408 (sdly.exe)
Type	PNG image data, 345 x 35, 8-bit/color RGBA, non-interlaced
MD5	`438b1d52c1d19f3e3829d9abaa3e91fd`
SHA1	`34cac5cef055dc1ecdfc7df74e6736b5055cf96b`
SHA256	`24dd3c96b0e95fdd836d7abae2127519a864c2bced711dd04136ab1ddc79cc34`
CRC32	`5E84EE0F`
ssdeep	`48:Uqjj+6OqtTlID+6q967V6UwmIdYOAemzw5NlLCbh:UqjjjO6TlID+qVImMYjemzwzlL6`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1387fab14e942765_gettoken[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\gettoken[1]
Size	175.0B
Processes	2408 (sdly.exe)
Type	ASCII text, with no line terminators
MD5	`e393e940ebeca942e401159df700fa55`
SHA1	`6cefb5c160a5deb66e7a5772d386a21275bc84ee`
SHA256	`1387fab14e94276590638b955cc7bbac9f03dd6d26388ed458e4d3409b5ea509`
CRC32	`875F2B1D`
ssdeep	`3:RAVdSdRTOE2VHgb6ttGG9pQHOu5xVLVuCV1QZDJcOgFiRqzjvR4q13DSSGLhBHn:B0E21gb6ttGGLl2TLVfzOgkRqX73DS1z`
Yara	None matched
VirusTotal	Search for analysis

Name	5a64cb26f7e95c44_gu.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\gu.pak
Size	92.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`470244adc1084b9411b6bd8f0a028ea7`
SHA1	`589c30309fc65e546a740a5d6ef04dd41919c2fc`
SHA256	`5a64cb26f7e95c44b9d400d8b30befe53c09096fb0385856f4b5b9e9006f9fd5`
CRC32	`3A09CA2C`
ssdeep	`1536:z2sgszl3/NifmzduKOeEozoVtG2BCXyQIXnSAcfU4RXtwAdjbXOgJBC4uKBBxj7F:Nzl3/NifGduKOeEozo7j4i9XnSAcs4RJ`
Yara	None matched
VirusTotal	Search for analysis

Name	072a6488c6b07632_license.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\LICENSE.txt
Size	1.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	ASCII text
MD5	`fd74ae632a39d7dc6b1a4e3bf81def7d`
SHA1	`3655ff8a1a94273610fa4b9861453d52f0e5b21e`
SHA256	`072a6488c6b0763259987b586f2a6ea00e351aa3f5025090b4c14f04508720f2`
CRC32	`938F512E`
ssdeep	`48:VcbD7BOCrYJ4rYJVwUCazPXy43HV713XEyMmZ3teTHv:VoDYCrYJ4rYJVwUCaDZ3Z13XtdUTP`
Yara	None matched
VirusTotal	Search for analysis

Name	0150cca64343e7c4_en-gb.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\en-GB.pak
Size	39.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3a0a0f6b73f7f7e8a021ee435f494139`
SHA1	`d63b91c0923872b2ba2cabf5bd8b00b6437b3b3f`
SHA256	`0150cca64343e7c4e29ddbb1e266a77fded9dbe42a09d4adeedb1dca61f07fa8`
CRC32	`AC5FAE89`
ssdeep	`768:9YKjUTS5rq2bJg2fmgglS7d0+VEIFEpJQFAxSMW80Blnz1SI/QBoRYSc3:LjU2pfmgglS7dZEpqABUBvS2eoRYS4`
Yara	None matched
VirusTotal	Search for analysis

Name	220aa7ee2524ff66_cs.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\cs.pak
Size	48.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`4d08959d93c5f8f665ef2824856f5e64`
SHA1	`56d19a6da933186467adfad896d58e78a4c12e65`
SHA256	`220aa7ee2524ff663ff866a589a99bdcd8238fe2f5f1676896e881ed713a4ece`
CRC32	`A386F5EF`
ssdeep	`768:szl8FnAQG35P5Iq8Qb6ySisHKYjyAfJYhEyN12o9ZuxafeYhPLs9qVqriVqTxuI7:seFg8Q3s9RYhN119Hh8AsRx`
Yara	None matched
VirusTotal	Search for analysis

Name	1ed331fbba49e120_hr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hr.pak
Size	45.2KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`d88949fd915bcb7a18ad44474ef74da7`
SHA1	`d1fa82bb1d7dd27fbd95cf08cadbef7a874b5333`
SHA256	`1ed331fbba49e120e97ecdb00e95ef6907dfbd060a061381fb5b12d712e32e58`
CRC32	`51272147`
ssdeep	`768:u0UUzsAu0EnGmYIp0YwpyZs9XtS6DgBx/KlsoPYVWS/ok/yR+RPj:um5uNq/9yOXtS6DgrCCzVDVFPj`
Yara	None matched
VirusTotal	Search for analysis

Name	a8bcbb49cf933f2b_sr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sr.pak
Size	71.1KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`00b884aefac9f3d2ff05f910491081b0`
SHA1	`c74034c271d347a9a9f58058311adeeeed8c7953`
SHA256	`a8bcbb49cf933f2bb74bb6536eb2ea38f5082c8558c7bbed6f2f5fa89b6d536b`
CRC32	`5EEDC24F`
ssdeep	`1536:rBbH88/1k1JVNLHCWk2p8kFmSmndpyDP+fwws1NW780Q+gtksaYI:FbH88tk1JVNHNk2p8kFhmdpyDP+fwwse`
Yara	None matched
VirusTotal	Search for analysis

Name	2e07dc909efb9d93_cef.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef.pak
Size	2.2MB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`4d991b6db94e823aac8cef6eb1959662`
SHA1	`84856f2eba08c5ad2df6a946e0eb7519bc9fb6cc`
SHA256	`2e07dc909efb9d9316e15452f168581966bdc7ad8fb607d3d3a339aaa8dc0266`
CRC32	`D0571B61`
ssdeep	`49152:m+jA+bQaVNVtw5uwB2UKO0GGxsbMFsEMtggb7xqk2UQfVGGG2pLTux:FDGGG2pLTux`
Yara	None matched
VirusTotal	Search for analysis

Name	2a78c7b704cd403d_ru.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ru.pak
Size	72.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`6cc147ff2e74eb4640a65e42f45459e1`
SHA1	`11eaa5d4229173cfc621533f04ff11ac5ad31b59`
SHA256	`2a78c7b704cd403d488d7163bf13be9c0cc61b7647a0f8fc832111807748756b`
CRC32	`F9F44DB9`
ssdeep	`1536:UqgKW7SujESvL7dM7JOEo0tJotLVn0UItiy:UqgKWuujESvL7dM7JOEo0t6tLVn0UIp`
Yara	None matched
VirusTotal	Search for analysis

Name	21e523ccb6269935_cir[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\cir[1].png
Size	1020.0B
Processes	2408 (sdly.exe)
Type	PNG image data, 4 x 7, 8-bit/color RGBA, non-interlaced
MD5	`9e43dd74317164da84b254d22a4bab53`
SHA1	`a76374d07f5adaa68408d8d7856a30ba55814ad7`
SHA256	`21e523ccb626993544479e7da691d30cf99880118194c16d868be70258081ef6`
CRC32	`794D097F`
ssdeep	`24:bl1he91Wwh82lYSKwUc1FyqViT3ouyJ3VRUc1KGp8T:bLqQvnL9cKq0IJ3EcItT`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d3a9caa7eebc914c_jquery183[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\jquery183[1].js
Size	91.4KB
Processes	2408 (sdly.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`4d30fceb0a9da287c6f802ea05b69e3b`
SHA1	`bf4ce064f2ea3d6f9ab4be257ebd897a4078e4e3`
SHA256	`d3a9caa7eebc914c861dd7fb50145903d27ac6f52b18320eba2f3d313867a577`
CRC32	`0F83D821`
ssdeep	`1536:8hIGG4EYrbSkPAQWSaKTlf5g42M4O5b7DuKM7G0i33Ky4J6iVM+tEKo+zt5mKhUP:wOpWR/2NK+21NGZ1gSa`
Yara	None matched
VirusTotal	Search for analysis

Name	c4b00e4c223b241d_pl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pl.pak
Size	47.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`854a4765cb37d769a8b108b3b6335860`
SHA1	`390f2289f120337e5d9d29de757baafd452fb04f`
SHA256	`c4b00e4c223b241dc643f91531f0d503216d58d7dab4ee79ab64d63123661290`
CRC32	`6785A981`
ssdeep	`768:pBXySF1eIYFvW/ELwMbQyeZ1uRi0NUmLHA+ba7XCoe1nRTLchC+eVj2ho/k8ah:pBXyOWeUi0xH7+7XCogTLchU2x8m`
Yara	None matched
VirusTotal	Search for analysis

Name	f35537e623a4b0e1_mr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\mr.pak
Size	94.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`bc943169d21bbfd16dd412ae477b3dc0`
SHA1	`d7befe9dde62ff36e586f9d15c3719fbfba618f7`
SHA256	`f35537e623a4b0e1d335fd38d69e1d1df443f22aea206d0e151733a577771973`
CRC32	`459F285D`
ssdeep	`1536:biDkYC7WyrzGknqixCiAqHSinMhTfMlHFSv:b4xCqyrzG4qiRAqHSUMhTeFSv`
Yara	None matched
VirusTotal	Search for analysis

Name	ae8af09fdee6c385_ja.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ja.pak
Size	56.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`b44747ce81c6936d62d52e7ce33107e7`
SHA1	`5b0d1943b3173d7f2d3be74602100f2d2f685594`
SHA256	`ae8af09fdee6c385bae57d2d72562c3457db1194d3492a9ecca71219c6e6fdbd`
CRC32	`D70E137E`
ssdeep	`768:OSdNz1aIICoinJec52H9HgHO4lHNkg3c94NXm75iiq1Y0o86FH++O4E:OmNz1aIICznJealHNNc9F7DRRH+p4E`
Yara	None matched
VirusTotal	Search for analysis

Name	63472dace0e0138c_main[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\main[1].css
Size	10.1KB
Processes	2408 (sdly.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`d738e1514919958964d42d7efbe4430d`
SHA1	`1bf7d348a6e80eecd5b55c22eb1de98689ee8e5e`
SHA256	`63472dace0e0138c4b4c013adf0a9b649c1beadbbc7463bfa7a57c64b8b03c7a`
CRC32	`22802C91`
ssdeep	`192:AD6U6GN9Bct5rCi5zrX2X2bp4eMwXDj3a6/JUbEue:Q6UH9BvkT4ZwXDj3aq3L`
Yara	None matched
VirusTotal	Search for analysis

Name	d396545288768e70_ms.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ms.pak
Size	42.8KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`6cfd5b74d08c8a5d5596b4712647feef`
SHA1	`7fd304a4cccce04a610f7c17e36b34c2b74bfecb`
SHA256	`d396545288768e70239190854577b1df2ab8e6a935b0b839d651116eeb7b195b`
CRC32	`5148418F`
ssdeep	`768:llKJK/a9RRwiz8uUrTduWWzE9n9k8rpvwfvNSeaiZi3tUev5Q:lwD5z8usbWzE99X6oem5Q`
Yara	None matched
VirusTotal	Search for analysis

Name	16100ce36243801d_wow_helper.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\wow_helper.exe
Size	80.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`36029141d8cfea329c99c319989a05b9`
SHA1	`4ac51c1ee3c9e005053b2a628ee4a056ed4aae53`
SHA256	`16100ce36243801d03f6e1b9d6b1c6924c7c71e928b8f9e7eb8eed2d8d2447e1`
CRC32	`F86F24C8`
ssdeep	`1536:9f77+031ru/qpap4qUqm+rIqRqEp+85LQyiL1LOFfv5:VWo1/op4qUqfrIkb+aLQPFOFp`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	eb27e13405f6b89b_libglesv2.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libGLESv2.dll
Size	1.6MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`887811e68328733da8129f171707f8a4`
SHA1	`c3386e67582046967202e5db86a31691bdcf145c`
SHA256	`eb27e13405f6b89bef0e3d9970719849b82fa849197b7639c52e14cd0b584e01`
CRC32	`F4927916`
ssdeep	`24576:83G/W8s2nTwA0yFQ+d/v5990lQI0FvE0F5eNCL0/UeZRQ67G:Q32ZFZd/vj+lQrsS5wCLSS67G`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	27ff6b32f26c129e_index.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020080720200808\index.dat
Size	32.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`69532461e9fb3aa3061133c9905d58a2`
SHA1	`2ac52d6b2a49ee80af7ac6562b143a77dbb123ed`
SHA256	`27ff6b32f26c129e2e1abf8249a921a561388f6be65ffdd56934426a1bbc37e6`
CRC32	`6FFED8D6`
ssdeep	`48:qOETUplGKs4MlXMKs4jXhGPFdSo1TcRo3+14gy:qOOULGKstcKsSX2Fdj1F+h`
Yara	None matched
VirusTotal	Search for analysis

Name	75d3bd312d2cef6a_th.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\th.pak
Size	89.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`f836e6cc433d1144620b7774f3230efe`
SHA1	`1fe000b10eb44df261fb346dfbf4e294eb0bec8a`
SHA256	`75d3bd312d2cef6a0f24a57ddaed316e34ba38b791e14b25b173e896a5431d4f`
CRC32	`0A216470`
ssdeep	`1536:FjhWt3hRbKDWhOyF7IqfrmMp8iReeyiPIiSztED:F6RbKDW3F7DfrmMp8iRee7UtED`
Yara	None matched
VirusTotal	Search for analysis

Name	774b93b8e931522d_log_btn[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\log_btn[1].png
Size	34.2KB
Processes	2408 (sdly.exe)
Type	PNG image data, 223 x 78, 8-bit/color RGBA, non-interlaced
MD5	`ec910f7e6a65d4362b8776e7b3ad1a52`
SHA1	`91f5f0fc4bc2123959325c0e85f410c8df1b552b`
SHA256	`774b93b8e931522d896855793ce6b19f87a26348a0860bf67f38824ceee80fca`
CRC32	`3DA85E73`
ssdeep	`768:ydn6D9CVLZP8D8xqhg5GWPiL8LfKWpo9USsF7tINFIJT4k:EnQ9uLZUDrSgIiL8LfKNUrGeEk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d4298c89fc524598_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\7z.dll
Size	1.1MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c4aa6d9e72a1721b3f65646e04e702cf`
SHA1	`6a41028ab246ce033e19da5c54e066e0752cb616`
SHA256	`d4298c89fc52459842e7658ebf3aa34a9f6e061a97b8984790239609b492f696`
CRC32	`C99B623E`
ssdeep	`24576:SZ+lCPq8bgPqPRzWu+sjvNfEz0z/JiJXosc3:FlCPnbgiPRzWFsjvNffJtsg`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) Microsoft_Office_File_Zero - Microsoft Office File IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	c54d294e04ef0542_checkbox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\checkbox[1].png
Size	867.0B
Processes	2408 (sdly.exe)
Type	PNG image data, 17 x 16, 8-bit/color RGBA, non-interlaced
MD5	`a2d3beaf27ddcdf29baf47d299640813`
SHA1	`1f728af69a9c4d39c59cd618eba7f45ec1cd39d6`
SHA256	`c54d294e04ef0542bfeb3f4528c9cd0563df19e33fefd80200896f06c6ac4cb4`
CRC32	`CD20D9D3`
ssdeep	`24:ABncg1wQB0zelKiKH6Ft+tHZvXjKdJh0pXi1:5JHycXgwy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	58f7ce00d589aaae_cef_100_percent.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_100_percent.pak
Size	141.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`ad2ddfc39c78eedc734af6506a579a8c`
SHA1	`64e66d48ab3a98503948202dec3ff2f35470cd5b`
SHA256	`58f7ce00d589aaaebfaf3d0badac45924545e49f2d1531156f282eac7abb11b5`
CRC32	`45FA0920`
ssdeep	`3072:Z7qrTpJroFYgI1epIMIZOgl95h4vjWX6pCa8+1pq0YAhstEtTUuS/po:Z74JrEXjIZJlHavSqT1YZYstATJ1`
Yara	None matched
VirusTotal	Search for analysis

Name	a63541e0913c172c_helper.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\helper.zip
Size	551.9KB
Processes	2088 (sdly_taskpop61.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`7bbf919ac238fe6aa103a8d70bfd278b`
SHA1	`be007e073c298327ad47a27ba4cb6741602f1819`
SHA256	`a63541e0913c172c717b0b897bc033585b0b5f1561cbd391aa856224c783a421`
CRC32	`8CB321DE`
ssdeep	`12288:VXJtf4lfb8XhxLW3y44OzAOYSCPjaemeDTNJSQ:VZtf4lfbixLW3y44AQPjamSQ`
Yara	None matched
VirusTotal	Search for analysis

Name	2e50152c5f6215ac_nl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\nl.pak
Size	44.9KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`264ffe560b523d126c51dceb311373cc`
SHA1	`3ea124acb4d1d5d76fd706279a0bedece200f08a`
SHA256	`2e50152c5f6215ac24dce2a3dc233a220869183034948f0356232c57514cbee0`
CRC32	`9F56D77A`
ssdeep	`768:+JpaVkrA8LVnuQtnHyG0LLv8wEDRlp6q5qR2D2GqRk5zJEZnsrJydE/:+zaFQtnHFwE1lp6q5ZZdidE/`
Yara	None matched
VirusTotal	Search for analysis

Name	f0512df91a72d1ab_sdly.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\WdGame_sdly\sdly.ico
Size	384.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	MS Windows icon resource - 7 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
MD5	`676a9347296a56d4d12de1fd765b5eae`
SHA1	`3a6d22e5e0abf57417db1464491b7604505d0b74`
SHA256	`f0512df91a72d1abab994234b8ed9f08353ac6cde2b65ec624913b7d6c0a6a09`
CRC32	`F9BD2A5B`
ssdeep	`12288:0UbuX8Q/QWmmqQQQ7QQQ7QQQ7QQQ7QQQ7QQQayyyyS:DbRQ/QPQQQ7QQQ7QQQ7QQQ7QQQ7QQQN`
Yara	None matched
VirusTotal	Search for analysis

Name	67ec49bd6f9d84ef_login_tit[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\login_tit[1].png
Size	3.6KB
Processes	2408 (sdly.exe)
Type	PNG image data, 83 x 17, 8-bit/color RGBA, non-interlaced
MD5	`c06f48ab67b5af6b611896eb6a8292ee`
SHA1	`0a40249f41c2aeb007f011b533799f403f199ccb`
SHA256	`67ec49bd6f9d84ef935de74e83f7624cb3c5c3d643fe77e9c5bd0beaeb275353`
CRC32	`635AEF91`
ssdeep	`96:5hNpHB6Qri24+f5AQ1FIffYBnb7K6W6asvRIbmiSv:X/Uv+xAAIfA5b26zasCaiSv`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f9b8de7fe6fb2a6d_pagemicro[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\pageMicro[1].js
Size	33.6KB
Processes	2408 (sdly.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`53637ddca6c502fb53378d56cb33eedb`
SHA1	`aefa8dd4086f96e7744fc5ea7eaaab44db353d98`
SHA256	`f9b8de7fe6fb2a6ddb9c9678d43844a282a436cece126a040139b8fd1a40f91e`
CRC32	`A4542ADB`
ssdeep	`384:M3Lv2V/Y62LzYyvJy9MQoa+AWBKVOdmLDf3Ni1jb6HQom5:MIuY8Q9MqDfVQ`
Yara	None matched
VirusTotal	Search for analysis

Name	1f4b6a83d0e2cceb_zh-tw.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\zh-TW.pak
Size	39.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`1a09c6b7412b2a5d7f1b379dd4fcba1b`
SHA1	`58ac3377bcbc8fda31a0f77809128c9f0ecd82c5`
SHA256	`1f4b6a83d0e2ccebb596d010f5146fe3a45fcadcef786d696479e33be8c9c905`
CRC32	`8BFFABB3`
ssdeep	`768:wolbXBdh4+Jt8IIqIhGa1bfe0wvRtMDZ8KtZPqdjryEfv11JxzdXcHKh1COQPLsj:worAI8IIqIcATwvRtMDVIjB1LxzdX+K9`
Yara	None matched
VirusTotal	Search for analysis

Name	98214079c6d17eb7_da.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\da.pak
Size	43.9KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`b99e86c8f7b181322ece052e1a57a2be`
SHA1	`6cbc6a960f9e071f23aee5d75f362ca5092924c6`
SHA256	`98214079c6d17eb7d878e23cfb3a87b6191d40baccfa4895bccf13324c1c29f4`
CRC32	`943FDE38`
ssdeep	`768:+hW1usun9x6J7siMZ3XCX+K6ek4w7Oybg+y6TWNK5BomXbuDNveGGgEAZOnU4:+U1ux9xQuCX+zTLbXy6omCUAj4`
Yara	None matched
VirusTotal	Search for analysis

Name	84757406545e7c19_commontool[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\commonTool[1].js
Size	27.5KB
Processes	2408 (sdly.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`62fbeb7ab3a48b20ef33600fc8ea5465`
SHA1	`6be30eccae4fd34a7d83cce1eff2f57c048e7a20`
SHA256	`84757406545e7c19676bc7f3660602502a86e63c4a3022705967eed9c33cba11`
CRC32	`8435C6DC`
ssdeep	`384:QCV2SvA+ExnO/L33rGV/G70ErU+1IcI7coAQXlcG+U0rEA0rEbaZcYMvR1MjMqIP:QpSvA+qnOjLw/m1zc/VKUyccR1MjMhP`
Yara	None matched
VirusTotal	Search for analysis

Name	651883dcac3e615c_nb.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\nb.pak
Size	43.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`134cb79b07d6bfa385cdd0f93cec84e0`
SHA1	`acbd382820affad858bf37a2a4dc36a5c9ef05fc`
SHA256	`651883dcac3e615cca3f9759efa4f96672c788fd3e2524f1d7236a48fa8dc54b`
CRC32	`A613054D`
ssdeep	`768:So8MysOlF2nsYhoX6xqggR80Ny9vKXiLoNmb4d3INsfg8/MXcrzXnspc1EW33Pw:SoppToX6edN/NmMd4OI`
Yara	None matched
VirusTotal	Search for analysis

Name	3525f253e1e2c575_he.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\he.pak
Size	54.8KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`a322fe105df1a8ff7bbb5411b2ddf744`
SHA1	`b546989536c7fdf2ea7852cef72d4690ed6f52df`
SHA256	`3525f253e1e2c575c22fdd87385d631ff848be6d065cafd2710e5cb00dd6e27b`
CRC32	`40E7852D`
ssdeep	`1536:2mLx1igXzDXq8AUfGEBgVE/DXDTRx9DVUZoUTKPYmOCjMUy+xxXhvJCpXTed2scz:NxX/r1MUy+D1JCpXTiVcI/0N`
Yara	None matched
VirusTotal	Search for analysis

Name	7846611e01c7aaea_nav[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\nav[1].png
Size	5.0KB
Processes	2408 (sdly.exe)
Type	PNG image data, 551 x 26, 8-bit colormap, non-interlaced
MD5	`68a22da1eb2bce91d55280a47fadb583`
SHA1	`e90b2a27c2933c80b7a973e72a5946f75b5f8d0b`
SHA256	`7846611e01c7aaeada1ffc4ac1a8517ffa2114729d1bbc44188b989fbae9d2c6`
CRC32	`C82FA296`
ssdeep	`96:lqmBsXYPar9B2EBZMkiOVgQMJCeEH4+PQ1fBJ+Ye3Ssl9OYfkH80SVqZ3gfe6ocl:lqiP0j2EBZBdgHJAnIVb+Yfsz6H80SK2`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6d7620ca3059fcf4_hu.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hu.pak
Size	48.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`c81df0315db423d0c318d46e8fce8e39`
SHA1	`cb5e676e5cebf20ae94c3062321dab37520d2689`
SHA256	`6d7620ca3059fcf4fb2dcd935bfaa45968ef4851cd8dce9f435a6d5b129b2399`
CRC32	`1EEF9D59`
ssdeep	`1536:1dpEpE9r2tuVdD+DlK6Tk+wudBmFZfRRm0b+ZwUo:1dpEpE9ri+dD+Y6Tk+wudBmFZfHlv`
Yara	None matched
VirusTotal	Search for analysis

Name	132f24640ef6e7be_ca.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ca.pak
Size	48.1KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`63f9363aa965e0b6835b1b84c48b1ae8`
SHA1	`8dccb0f28805885a34abb183a3c74e8d9f017774`
SHA256	`132f24640ef6e7beb6bd5e7a8e556adc2c8b209576d9a92b4d2cffaf162958ef`
CRC32	`B52E8CF7`
ssdeep	`1536:THxARU+AKn1h911Rx/TlRKgq5qmHg0uec38CtY+H1LjclR4+LXZY:iOQh91/x/5Mgq5qmHTueO8iH1LjW4+Lq`
Yara	None matched
VirusTotal	Search for analysis

Name	2689367b205c16ce_wan[1].txt Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\wan[1].txt
Size	2.0B
Type	ASCII text, with no line terminators
MD5	`444bcb3a3fcf8389296c49467f27e1d6`
SHA1	`7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb`
SHA256	`2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df`
CRC32	`79DCDD47`
ssdeep	`3:V:V`
Yara	None matched
VirusTotal	Search for analysis

Name	6b9461bd8d2eb0b8_uninst.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\uninst.zip
Size	201.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`6adab4ffbc921966d0700953265d653b`
SHA1	`57e72408ca98b39b7656b93f5e3fc3ee6ecc3170`
SHA256	`6b9461bd8d2eb0b8a2cddc69e053cdd6c2d0959c332456b1750c173b09326fe0`
CRC32	`F0D52B8A`
ssdeep	`3072:fR2pzs2baNkoXroAbeush1720hq/elCKLmxM8QTFTc+5ZEPDvlgpbhZw4aaVctvg:Z2pA2bEzbv4EvelCwwQTuiOWlwD7o`
Yara	None matched
VirusTotal	Search for analysis

Name	5328bfd92b9c1ac6_bn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\bn.pak
Size	97.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`1442225a0a7fd12ca7ed34f6ed37ff22`
SHA1	`80e86ce712326d37a30eef8725c6a07a26eae577`
SHA256	`5328bfd92b9c1ac61ca43591574118d970ae7b158abbd9d331668e94583e5b14`
CRC32	`D3DF0AB2`
ssdeep	`768:3Wcv/ZImKtO2AUIXYReB00WxIenYW+K/tsg1wVjk+1NbTr19s1VBgSlgp75vedYB:3WJsBzTr1fZ5zcEu6`
Yara	None matched
VirusTotal	Search for analysis

Name	e3e69d0475b15998_upload[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\upload[1].jpg
Size	44.9KB
Processes	2408 (sdly.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 341x186, frames 3
MD5	`998f964e86ac83e15fc400aeb2af0563`
SHA1	`e6aa095fc12741e900c0515873cf19251f73fae3`
SHA256	`e3e69d0475b159982753607c61acbf1eb7e97bcf5b09dabdeb1bf77614ed70fc`
CRC32	`29D608C3`
ssdeep	`768:PbCwwCFqec1gatgPRM6FzC7ooP2k41Ngezk/U0c0WZFLMm2UBe1OpaJ06nZ:PbhFrhamPXddNtw8C6SWosaJ3`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	e94e8cf76b9e7ce9_lt.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\lt.pak
Size	48.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3638ecb7e65f15945ef8f4d88c1f55ff`
SHA1	`6935747e844b561b28b3cf12c86f274d1ddb1c33`
SHA256	`e94e8cf76b9e7ce944f58e7a518cd34ed8d9b0fef0e9393181a885e6f36c8539`
CRC32	`9957A5D5`
ssdeep	`768:BEmzv5Kl+p/mF69qTqAxUdE4eB2Y8+DwUaxJ9B/K7yEINv55zOTbUbdgBHaewf9D:BEmzF/T6NQxJ3BIqM+yi+6`
Yara	None matched
VirusTotal	Search for analysis

Name	adaf6a166e9a0ddc_tr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\tr.pak
Size	45.2KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`034cbcb6d790b30c617e3a895d7b06eb`
SHA1	`63df99cd38fc2be9bdfd7faa32ee00c0c857f190`
SHA256	`adaf6a166e9a0ddcbc244a7e3aa61d5cd8d305f974ac24c1350914220d9d67d9`
CRC32	`88D32951`
ssdeep	`768:hjF0h4hQOnNYV6AlIOdIsLpLj3cLhMVinZNHzupDshvrgapqSWO0r2he4GKHWotX:TrCvV6AiOdIs8W4NHzsDs+SNDhJGK2ol`
Yara	None matched
VirusTotal	Search for analysis

Name	7cea1f1dc968b0e0_神的领域.lnk Submit file
Size	1.9KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 02:15:08 2021, mtime=Mon Jun 14 02:15:08 2021, atime=Thu Aug 6 20:04:04 2020, length=3643816, window=hideshowminimized
MD5	`8ff7aa30c34cc5e4ce1ca8a4e19375a8`
SHA1	`4c21f356557d2668424e9a7734c64e8c33210a30`
SHA256	`7cea1f1dc968b0e0792b198ef2721a909ab54b18f1c6b4591b9d0ede249bd5a1`
CRC32	`69EB223D`
ssdeep	`24:8UsERdG+L9ZoyNk5h7NNFzN14wYyYLZYRwZYyYfl1w4eiYyYr08:8Us9e9Zo15rfp14whWKihC/w4jhK08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	c8c5d6a4909be6e4_sdly.ui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\WdGame_sdly\sdly.ui
Size	627.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`e04294852554e7c92ca128437fcf3d03`
SHA1	`a278d063431977a979140064c1d771220fd82d50`
SHA256	`c8c5d6a4909be6e49ee6cf0e4b32f8e9578815b72bf0c40f9833f4b1185885e0`
CRC32	`85977A75`
ssdeep	`12288:HScXXP55vP5PxUtQw9YBMK5hOG9+xELF7J2lC3ZFmUAyt7w5J2Hn3ZZbQauO6j:yOXP55n5PURwSGaELOqFnAySJ2HLQaud`
Yara	None matched
VirusTotal	Search for analysis

Name	de82f49719ba9b94_fr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fr.pak
Size	50.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`62ef4ab8c2884194759a32a45f4fc260`
SHA1	`ba939b19b995b7a4438c86902377a1c22594b3e3`
SHA256	`de82f49719ba9b941dfc9a2141043a9c78a6f54b8933fee5c1bfc3a5175ae500`
CRC32	`850EAD7D`
ssdeep	`768:+N0Y7nP9CqzpfliN+XdG0m0skOc/N4SUG7cCmHL5n32YY0gyroFpwu:A0m8qHiNMOc/OcYCmGtyroFGu`
Yara	None matched
VirusTotal	Search for analysis

Name	0d3d78dd76f89424_te.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\te.pak
Size	100.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`b0c9b3ca840cadb88394128a2270a648`
SHA1	`d242f4690da8dfcd05d2620273848406e8f4a4d4`
SHA256	`0d3d78dd76f894242fefd80d239f0f4b3052e2895aaddaa7e7e9ad640d6bf5d8`
CRC32	`0DA414BF`
ssdeep	`768:F8YlwYAnHfqlWCKeK8Agjf+9PzqeNWa+MfxYvYu5L/TMPNiqy9jcIq9ZVYSQ+d7w:dqjn6BAJ+KPNi+p9hq7HrwhIB`
Yara	None matched
VirusTotal	Search for analysis

Name	556bef8ce02fdb59_et.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\et.pak
Size	41.6KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`efde79dd01a9a54343213e92e0f0fd17`
SHA1	`5e7e14aa6be07871797a5dd6d322717df7e1dd5e`
SHA256	`556bef8ce02fdb594daf3becafaa474ef0dc12b127289e63b3d8d8f34325802b`
CRC32	`C37827F9`
ssdeep	`768:+Cqf8JNsulBv3Lr5igUAMAOfB0ZUJo+RF7vg63Uoy1psCR:2WOB0ZUJHBlFCR`
Yara	None matched
VirusTotal	Search for analysis

Name	51cde2e6665acef0_sl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sl.pak
Size	45.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`a163522503dee64ed9165d7810fc2ecc`
SHA1	`bf0e8e185139d56b97812b2696267474ea5db540`
SHA256	`51cde2e6665acef0ab30c165006a6105b0f41235d050a4f1b6c5ee7395959adb`
CRC32	`5B616E06`
ssdeep	`768:RJQzdRo71JjG1S6nIDOtop30QqJ2BQdPyGTTXwlTN:RJt7/KnIDOGZ0QrMPyGTTX2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	a930a3aef9a72482_sea[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\sea[1].js
Size	8.3KB
Processes	2408 (sdly.exe)
Type	ASCII text, with very long lines
MD5	`26a812ede84886a75880d9a2e723a00f`
SHA1	`a601cef80a60a99200950123ac9821e1b26c5581`
SHA256	`a930a3aef9a72482c88962bb979ce88d3628abc918db3c0a0f9491a8ba0c1f5d`
CRC32	`17964885`
ssdeep	`192:hLTnM7vkOBpTf4L5pAPa6aF3a81MdgicdNKiHrD8YRDyQ:hT4kOBpTf4L5aaF3akMdXcvzHHlt/`
Yara	None matched
VirusTotal	Search for analysis

Name	8dbd2f8c37086117_snapshot_blob.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\snapshot_blob.bin
Size	474.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`594f4b02c26e84837108e2b9cc894d39`
SHA1	`bee0e10f6547d76bf91520f689429d87bc5b6431`
SHA256	`8dbd2f8c3708611755d103c3776b31c8a9f62e2408d0cb9f670bd79cf2f5a7d4`
CRC32	`35E9F23B`
ssdeep	`6144:h5a2x1hJCulzMq2+ok7G6RzkkR1Kjg2zE7TGrG2:/a2XfMq2+93zk41Cg2zE7R2`
Yara	None matched
VirusTotal	Search for analysis

Name	2d9efa8a626d16e8_it.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\it.pak
Size	46.3KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`23f243b5399fbcf3d3a96a5219a1f80d`
SHA1	`c6945745b5a0a84e64149e53101abcda8cfaa992`
SHA256	`2d9efa8a626d16e8ad571813a3901e8fa0532ecf0da34760b8c725492c418244`
CRC32	`25F6D9F7`
ssdeep	`768:Bv3IHSRg2ITUO9aGM884d1FxDpKnf1SsY25tea7REbaSz:V3CWOkw8Kwnf1bhhaeSz`
Yara	None matched
VirusTotal	Search for analysis

Name	1ea5f5c61d9ef4fc_bg[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\bg[1].jpg
Size	147.1KB
Processes	2408 (sdly.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 848x480, frames 3
MD5	`452f85f8c564269ce178f025a90c1483`
SHA1	`11b699bd5d8f899578b4a519ebde62fd1789aee5`
SHA256	`1ea5f5c61d9ef4fc66bef252649f9ef4910e8741c94ae992cbc0f04cfeffd763`
CRC32	`D0EEE851`
ssdeep	`3072:50/k0OnBNSZtt3kQpEiiXPTuOGc1ItT+ijsVXiUKDIaes:28ZmZnkQmRbu3vHEi9DIc`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	4fba49dca07e7674_bg.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\bg.pak
Size	73.9KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`5db5f8e5b0b52076aa0462d382c15c4d`
SHA1	`bc240e4b1c1697b86fcf916947a48393a3a1a6b1`
SHA256	`4fba49dca07e767405ab42a07b9273554a9ded4ff48ed0af64c5e11296317610`
CRC32	`A7E06694`
ssdeep	`1536:xyebb4grW76g2rzMkGSlEdXneom1Ktj8uADDViwfj3a+mqtIaU:Ye/VrW76g2rzMkG1dXneom1Ktj8uADDW`
Yara	None matched
VirusTotal	Search for analysis

Name	d2df093e94aeb5ab_es.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\es.pak
Size	48.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3a7434e0ede68cd976502cf490c6b8e2`
SHA1	`0590cee58d9e6b435b8b26e5f52bc919ac9f4f34`
SHA256	`d2df093e94aeb5abb31f1482bebcd1302ae699b98271072386ebbc803496dcd2`
CRC32	`742F5D15`
ssdeep	`768:isK3WDRLeNearNkrBvcqflXDwS5pN8IBCEfIQgRCPJRvX6wTTgsgWJ49zdgK3:4hFroB0qtwSrWlhchRvXPTEsgq49zKK3`
Yara	None matched
VirusTotal	Search for analysis

Name	b8ab608596266900_pepflashplayer.7z Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\pepflashplayer.7z
Size	6.8MB
Type	7-zip archive data, version 0.4
MD5	`f541d00b14b9c08873d92077566ff63d`
SHA1	`3e5610a7547fa6f852ec5959c9234bf1363a8877`
SHA256	`b8ab60859626690078bfc50645c33ae57e8cfdd597e5bf6be33cc869452eb83a`
CRC32	`8DCF1DC6`
ssdeep	`196608:98mpL8l6iIUt3Lh3LOnk/86nZ1/VH1j3BF84D:9LY6Zs13LOk/8GbH84D`
Yara	None matched
VirusTotal	Search for analysis

Name	44560fa96f769689_input_log_code[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\input_log_code[1].png
Size	1.6KB
Processes	2408 (sdly.exe)
Type	PNG image data, 158 x 30, 8-bit/color RGBA, non-interlaced
MD5	`2ecbc1453276e9bd508a61d4d8c233f5`
SHA1	`ff9bafad409b73dfd402d060c5b4474167b1f4d2`
SHA256	`44560fa96f769689baf512003fd75323e6e6e9db9a5cd7522a013dfdecf0cd1e`
CRC32	`B6247734`
ssdeep	`48:UkBD+pzTbGRRdVG+JZW1XhFR1V+5xl2sHdop5HaiAN:fBDeTKRpchhFRn+5xHumN`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f4acb8de7ee4c64e_netbridge.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\NetBridge.dll
Size	238.1KB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1618c56fd42a483782f863555b2eef12`
SHA1	`130dea21a6aa501ab63277fe429571442c520193`
SHA256	`f4acb8de7ee4c64e9ba4a0004cbde9282fd3ed5f0cee7633cd3efa197eeda196`
CRC32	`AA0A9535`
ssdeep	`6144:yJlU7zM4nGH4Ye1XBINNN8YCh2Jo9TB7PTkRc3/:y/SMH4YUXBIfPdo9T1V3/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	19136cdcf4c802b3_input_reg_pwd[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\input_reg_pwd[1].png
Size	2.3KB
Processes	2408 (sdly.exe)
Type	PNG image data, 345 x 35, 8-bit/color RGBA, non-interlaced
MD5	`2d5f1696f6c245dc0e283727f99ba80d`
SHA1	`5ff33dae5633ffa68ae05ea93dae16baf9264413`
SHA256	`19136cdcf4c802b3d2099cf90eae31a88076be9c49178f8ffd643b6525f3b9be`
CRC32	`34D98162`
ssdeep	`48:nxMTVT1ASvAWjQHSh7W0+fGXzc4To6PDyP1Q8:nkVT1VvrM/TeXzNTo6PDyN1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	4db92cc0a57f25c6_log_btn_h[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\log_btn_h[1].png
Size	34.6KB
Processes	2408 (sdly.exe)
Type	PNG image data, 223 x 78, 8-bit/color RGBA, non-interlaced
MD5	`7ac0585ff4dc10b937d757dbc2fc7c26`
SHA1	`6aca2f18cffd7eb43f66a8b082bdf3a016313f59`
SHA256	`4db92cc0a57f25c67045ca6f8d82cafc7ce7199be993932b0cb03cf018376991`
CRC32	`2C1AC038`
ssdeep	`768:hJUJw/G3TS4e779TfZXS5wc4TL5uzvEcmc0QvbCE8RB:hJUJIATS48ZXyw3TSmcvv2Ee`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6d13cd7546e4c997_d3dcompiler_47.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\d3dcompiler_47.dll
Size	3.5MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`bf435f59c5a079919ae75eb3964d796f`
SHA1	`175be2807da8ac9cbcdad7e3b22c519353c308a7`
SHA256	`6d13cd7546e4c99799cd030dca8d13f0d1d350f084a53e92bd885821b4ab8f41`
CRC32	`B107E34A`
ssdeep	`49152:6XxztRVg63VCssRWQnP73DPFeYjLpZyLpsRug4TJz07+GM:6BzrVgoVCbLxTpkpsRugYiM`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7a5e440b0a92d28b_sv.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sv.pak
Size	42.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`f7e36957c30dfe2bd84d0e4caeb38665`
SHA1	`8def0bbc31904575c554c6197331213d4f206b89`
SHA256	`7a5e440b0a92d28be0f09a506011904c7869d3525ea9b401dcbd74926b20bfa6`
CRC32	`8C6821CB`
ssdeep	`768:uBpgKmbIB5nC1XIvIb4COmX/wrJxiEnlG2qmznRMX1tTTbCp:uMVIvIb4C9I9xi+lflnRMX1trCp`
Yara	None matched
VirusTotal	Search for analysis

Name	6fe9ad228f3cd89f_news-bg[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\news-bg[1].png
Size	3.8KB
Processes	2408 (sdly.exe)
Type	PNG image data, 65 x 17, 8-bit/color RGBA, non-interlaced
MD5	`f54ce52fabba9384351cf92c9516c383`
SHA1	`8ec1a674e77443b5fcf41dcbb961e2f12e0ab97e`
SHA256	`6fe9ad228f3cd89f9f3be596d456f64e56b62746a02530f18f393f4ca62f2e61`
CRC32	`CD09C4B9`
ssdeep	`96:PQkcUU3zxhORbN/dWBgBivMik/m3zpHBmQbLbTk:PruyHdWBgcIKzSQbXTk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	8f60ffc81c5fbaa3_input_log_pwd[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\input_log_pwd[1].png
Size	1.3KB
Processes	2408 (sdly.exe)
Type	PNG image data, 227 x 30, 8-bit/color RGBA, non-interlaced
MD5	`8f78b279ff7a882a897b32d62a023d5f`
SHA1	`3ca322fe68a2e300f6d23a5c94ef3047af3099a7`
SHA256	`8f60ffc81c5fbaa38a8c6dbb2e0c2e3af54651d8f501c16a3f649a7ef3fff878`
CRC32	`ADBEAEA3`
ssdeep	`24:JEuJxJ5vFh/O0nvbVd9X/GaoL0oCRFfyIDh9GGLGmI+lRQwTpN0gKv4OgCX7+Skc:JbD9g0Bd9X/GdL01GIDBLGqQM8gKvNg2`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	0753934de50316eb_神的领域.lnk Submit file
Size	1.8KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 02:15:08 2021, mtime=Mon Jun 14 02:15:08 2021, atime=Thu Aug 6 20:04:04 2020, length=3643816, window=hideshowminimized
MD5	`f896e123d47acbe162b85b0dddd2891e`
SHA1	`1b3d18afb41bb14ef46fcd676bafe330b5e474e0`
SHA256	`0753934de50316ebb9fca886b561af1149e2f1ae62e8541187eb8faf6cb743e6`
CRC32	`FC087B0E`
ssdeep	`48:8Us9e9ZoCigMfp14SBWqd9ihC/w4jhK08:8D9eToCxM4Sjd93zY08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	171efd2ca8280595_input_log_act[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\input_log_act[1].png
Size	1.1KB
Processes	2408 (sdly.exe)
Type	PNG image data, 226 x 30, 8-bit/color RGBA, non-interlaced
MD5	`ef0abec20c7020b25562150b6ed83e5a`
SHA1	`b84cf4a12f22ec9dc4d5dad40898e5fa70ef264a`
SHA256	`171efd2ca8280595c585625027522d6cfe0ef81dba2dd78b1969bb2762854f30`
CRC32	`3264AB11`
ssdeep	`12:6v/79v9tFPCB2Jx8PtZugEbZZ2nlZp3koqYK2C3jL5B1u3Ireq2oOeoKrCTJJw6C:2LqEbZZkfkoq2yYoOErCfKfN6O0BJQP`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d76d7bce5ce4cc34_sw.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sw.pak
Size	42.9KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3349962c8302ccf02250964b9e16dfd9`
SHA1	`890073d6dbdae60faae25913dff3689bb3e63a98`
SHA256	`d76d7bce5ce4cc34c94a496c1cd25851036bb3e2236aee8b2d7de2942f41f93a`
CRC32	`C276B436`
ssdeep	`768:QF0e4sBkyjRCWl9BiIMjuVilk/ceTphWz+sAjPhOTmLfn7oeyRad6FvRjVHygWT:dvxyjoWlHxhOT8mPVHyH`
Yara	None matched
VirusTotal	Search for analysis

Name	58c0edb1598cf840_kn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\kn.pak
Size	105.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3a02551fee49f1fdf1d6f334e1f9c3c9`
SHA1	`7ca83006a0b550704048236719f9f1948901e7c7`
SHA256	`58c0edb1598cf8404699e532f2c4d6421958bc575d2f55e2f351c464440e3288`
CRC32	`E8AFE301`
ssdeep	`1536:cTEYbFkXhQRLD39o0zOiqU+3HnLgf6a6bnFSZxF84sjG9gNu3L5iFr9wavU01C3s:cclaU7l113J3AaiAoqpXxX`
Yara	None matched
VirusTotal	Search for analysis

Name	f6c41358472ae149_pepflashplayer.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\pepflashplayer.dll
Size	17.0MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6329cbe4b7487a6a4dfc000260f43219`
SHA1	`2d33f64afd22e5c7ff75b4361be9d4b2ea9b64e6`
SHA256	`f6c41358472ae14914eccf3e3cbd4688330e7f3e7a741c3cc71c4e3fc4babab4`
CRC32	`3CD4F771`
ssdeep	`393216:CzvAuAbPuXsTsaf7YQhvfod1zLH/mjxzSjj4rZUoZNH:Czv7AbPVfjed1zrAFJ+I`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	29592acfe049a7a1_神的领域.lnk Submit file
Size	1.9KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 02:15:08 2021, mtime=Mon Jun 14 02:15:08 2021, atime=Thu Aug 6 20:04:04 2020, length=3643816, window=hideshowminimized
MD5	`f43063a1392aa3682b4ef389fff59845`
SHA1	`c47450d07c3dc93af729c42dd7b6ad0b53530a47`
SHA256	`29592acfe049a7a1e8468738c6fbc4d981254606dba7d7875e3e8d6000b1ca94`
CRC32	`1AE6C284`
ssdeep	`24:8UsERdG+L9ZoyNk5h7NNFzN14mZYyYLZYF0ZYyYfl1w4eiYyYr08:8Us9e9Zo15rfp14chW2OhC/w4jhK08`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	557236ca4930c9b9_Cef.7z Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\Cef.7z
Size	24.1MB
Processes	2088 (sdly_taskpop61.exe)
Type	7-zip archive data, version 0.4
MD5	`b4397bc61fc3cc1ff3e3a82c50c964c8`
SHA1	`447cfa5a3a6574e0f3a01eeb34f7f7e713184c52`
SHA256	`557236ca4930c9b9964313de8f055f7264c534ab00738d80512fd3c196e05879`
CRC32	`7B22AD84`
ssdeep	`786432:8p93h/NbHXz9qvayto6pHTH5sTFDwN8CmanQm1/Si:8pV7j9qIETH5sTK2aQu/Si`
Yara	None matched
VirusTotal	Search for analysis

Name	1c0af7fa747d3c59_fa.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fa.pak
Size	64.8KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`8b70d5fd5cd6756f1741bf06bc45440c`
SHA1	`31d7407b576777420e8ee921988e54181ac82839`
SHA256	`1c0af7fa747d3c5906191fe47c1d17f7fea3984c42f0432927e5e52d02dbc64e`
CRC32	`0D9993F8`
ssdeep	`1536:HFHhwLeXFkTEwhw+Y+smpAVlg+EkhPK/ofjHw9BVRlWaXZl0pPxeAkriLijiti4z:lmLeX6TEwGssmpulg+rP8Uw3/lthipLP`
Yara	None matched
VirusTotal	Search for analysis

Name	d82c1a849c963054_cefres.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{A8E6BFB4-FD85-44c1-868E-C1CA4845E741}.tmp\CefRes.dll
Size	24.2MB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6ebc597bcfd7267fe42045005bb796db`
SHA1	`7313c8b9d34e92e12ca8f614b8a5f2913dedae6f`
SHA256	`d82c1a849c963054e41704d49258ea634de816f0b596de1ae97fd9266de3a5a3`
CRC32	`0D7AB7E0`
ssdeep	`786432:GnyHxH6qXvrx3BWUwStoAw4y+Ekdhjt8El0GdU1Ww:GnOlTx3XLw4y+ESllLy1Ww`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9a7bbba149721c58_el.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\el.pak
Size	82.5KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`9ca20da58e84e6f426deaf7821530ec6`
SHA1	`8d3b3ee5a2a3eb977ac6e88f4d3a448de89a87a6`
SHA256	`9a7bbba149721c583a42a74ec6a6579eed9999a8ea4b25d37315c5cc5a14b0bd`
CRC32	`0895015A`
ssdeep	`1536:CEI+xVsjrqyKKDrzUlXIgTlv0pod/Ayc6jKpKxGh5LSdKnwrhdGN:CXKGzUlX9lv0pod/AycKKpuE9SdKnwrC`
Yara	None matched
VirusTotal	Search for analysis

Name	1804cab9fa42d773_ar.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ar.pak
Size	66.4KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`3e0f34e58af836de6b1ffa787e0653b2`
SHA1	`bdd143eb4abd1adf116ff7f6fb15381157ca0630`
SHA256	`1804cab9fa42d7735689e9cdd7a17ecc1660aa70fe0ffd4eb634f5c3b5a1c9bf`
CRC32	`B58800A0`
ssdeep	`1536:FxYq7fOD2NWAPPtivQoFKyZhAIptPQIBXiHSIccZo4s6qyJ+8N3l8O+oo7:FxPXivQodZhAFSIccZqyBY`
Yara	None matched
VirusTotal	Search for analysis

Name	07313e6077ff97bf_version.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\version.txt
Size	15.0B
Processes	2088 (sdly_taskpop61.exe)
Type	ASCII text, with no line terminators
MD5	`ccdff7dce4b97b49ab39ed7b1ab98a13`
SHA1	`38f8c5de77acd49c21f085abda7da47d4b1cc28b`
SHA256	`07313e6077ff97bff7503339ec15f737b8e54170fafbd83ccb482074495e8cc1`
CRC32	`A1C91090`
ssdeep	`3:SQkVVUrT:SQk/UrT`
Yara	None matched
VirusTotal	Search for analysis

Name	a060999854c47e2d_libegl.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libEGL.dll
Size	101.0KB
Processes	2088 (sdly_taskpop61.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`222fae9bb84a4ef4a5198bda24c2e4b2`
SHA1	`99aa8fec03efb23e622b55f7271f99888aef63f4`
SHA256	`a060999854c47e2d481dc526c7ecb3694cb764c4130a26b19be06313ac438c38`
CRC32	`CB95054F`
ssdeep	`1536:M2uK+kq7jnqf7l2UYMUkTSq+/0pFCQB4uPTLZVsWKJcd59/07LsunLRQE/+188FO:M2pl2UYd6+/8vP3L59c3suLRZ/+y8FO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bee7d8571d43883a_ko.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ko.pak
Size	47.8KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`5b3a3241d2b048074cf841cedfa48ab9`
SHA1	`49eaad312f6e1a84621bb3678e6477368da455f7`
SHA256	`bee7d8571d43883a5e90d06f59c6e60d63d354efaae6da93446841a961e1d881`
CRC32	`A3339B4F`
ssdeep	`768:hqTznhlG8IKZ3Y347TS1zzQmtJuJ0JYJb+4sI6MjKf2y15aHPYfOiJpNzNbV7ZpO:oLHj7TS1zHGwkbAKjKf2uaHwfOM9bA40`
Yara	None matched
VirusTotal	Search for analysis

Name	c730345485d4b819_config[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\config[1].js
Size	2.9KB
Processes	2408 (sdly.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`9680daf7c9d9e06f41550ee8d56a19e9`
SHA1	`5fa542baab09fd10d48ece740d2240abef444ea2`
SHA256	`c730345485d4b8191f055a96da4e13cfb5d1b5de5f22efdef22ba033c92ffe08`
CRC32	`28BD6F13`
ssdeep	`48:391aCe0zwglWSpXjuMV5m9BQiloFYKkCrDSaZH+2Qz7JzdPaepqjOkBnqf:3WMjlnpTuMVOBQiloFOCrDSO+PJzdPag`
Yara	None matched
VirusTotal	Search for analysis

Name	f56a343f0aa70ace_es-419.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\es-419.pak
Size	46.7KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`4e39e879e5a53df3d78db05328bfe87e`
SHA1	`80b1abc10c0917a99e1f76f946a8f39471db83aa`
SHA256	`f56a343f0aa70ace3bd982d8dbddd59cd297cffd2ba2cf7a49e664a752c70606`
CRC32	`3B02DE22`
ssdeep	`768:hbRytj/884TLyoKmP2sbBgHTMNh6S/z28/RfArKgBCAIQUuY8BKRJFX11V0:+jDwLyePzm06S7DdAUuY8BKRJFXvV0`
Yara	None matched
VirusTotal	Search for analysis

Name	7607f601e7f7bc4a_hi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hi.pak
Size	94.2KB
Processes	2088 (sdly_taskpop61.exe)
Type	data
MD5	`a8dbe08e837af7350d12b0c6797e8f26`
SHA1	`c9142ed1d8a1b3a5bdc2ddd04f803a4a82c6abe0`
SHA256	`7607f601e7f7bc4a7deb1f68cf3d5791ec4d2811f37fac0efc658eb1ca1d9b04`
CRC32	`85E37EA1`
ssdeep	`1536:SrFi05kT4PSLfgx4JtqT386/TOfFT3mcp:4i/gx4JtqT3TTOfFrmC`
Yara	None matched
VirusTotal	Search for analysis