Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 04:09
솔데스크, CPPG자격증 합격을 위한 온...
09.20 03:09
에듀사이버평생교육원, 종합미용면허증 단기...
09.20 03:09
보물섬투어, 베트남 나트랑·달랏 3박 5...
09.20 03:09
버드리 위승용, 50-50 메이저리거 오...
09.20 03:09
국정원, ‘한국우주안보학회’ 우주안보 전...
09.20 03:09
[PASCON 2024-영상] 파수, 끊...
09.20 03:09
Insurer Alan Hits €4 B...
09.20 03:09
스타일러스·따뜻한동행, 장애인 위한 '동...
09.20 03:09
[PASCON 2024-영상] 굿모닝아이...
09.20 03:09
Critical Ivanti Cloud ...

Dropped Files | ZeroBOX

Name	221a97daf8263321_cef_extensions.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_extensions.pak
Size	4.1MB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`6e727928ebeeeb5847c65c15c41802ed`
SHA1	`d22ba6f8e3160484dd40fd5f4eb685182f404d88`
SHA256	`221a97daf8263321ceb9ce244452fc97b865b561e399b23d42682fef4785ea7f`
CRC32	`1B7C3C6D`
ssdeep	`49152:a297+EfG5u8mWexScqKTtUtxT6z/t/G1hoLwpbeuR2oSKolWZHqYNYzv2v3zjKNL:keuKZULT6k1hq`
Yara	None matched
VirusTotal	Search for analysis

Name	1ae405da05b26908_commonloginapi[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\commonLoginApi[1].js
Size	31.6KB
Processes	8724 (scbybt.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`8c15896caba628cd9efe42116c7a3dfb`
SHA1	`2dc419a3889aa0118e022d06f1e172bfe5d118eb`
SHA256	`1ae405da05b26908c54b675be64db6d6bec894c230f902e7e6897b7c694897c9`
CRC32	`7445CC2C`
ssdeep	`384:+dOjuaI96CSeH2CgpJyLVWQd3WjApd0BBd1H43dLRR7Z4vKR:+XLNW/gnQKR`
Yara	None matched
VirusTotal	Search for analysis

Name	c8744256f22ca0d3_id.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\id.pak
Size	42.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`07428ca91eead354d60dc8fd68738f54`
SHA1	`d227c7023f9a28bd5d9dfb9cb95246470e7ea6fb`
SHA256	`c8744256f22ca0d32f22b2d7a5cbec9d0bfe86c112632718dfa53452298833a7`
CRC32	`BD6DC1F7`
ssdeep	`768:ErwdHrJ9PIYvAQhXOcCu3QXVsPajTunJc9StA3hMLcpSYIcfbmsYYL8L:8WJccCLqajTa7tARMLWL8L`
Yara	None matched
VirusTotal	Search for analysis

Name	76483b86b529d070_ml.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ml.pak
Size	115.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`e53a7a75c56a080eaf70864602fdeef0`
SHA1	`88a2eb541037ea5c87568c7d9c7a8932f8e8c407`
SHA256	`76483b86b529d070dd5acd32fbf217cbc97f32b1c8878b238162323535b0eaff`
CRC32	`766A43CF`
ssdeep	`384:zAV1wQGrB1Bq1k+eyU2cKcZcx9bQIkukjERHbwPI2QLOguzQFG/IYKrNpcAn8QHf:zAM9dWmIZxNnYrtr0ptrMfFcKS`
Yara	None matched
VirusTotal	Search for analysis

Name	ea463d97eb088caf_d3dcompiler_43.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\d3dcompiler_43.dll
Size	2.0MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6e053d67b6073261f96f2c547d776676`
SHA1	`5fe7337abb09c1be286c14ec81a7755522197aea`
SHA256	`ea463d97eb088cafc5cd7574682be42efc791c46428b8db15c62de09649cce32`
CRC32	`5C469093`
ssdeep	`49152:vpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Ak6:73P9HP6Zpy9KyhMI50Du8LljslNsyHiX`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	77650516087c2a6c_zh-cn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\zh-CN.pak
Size	38.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`c3fd82ec2cddcf7192e9de8d9834dbc5`
SHA1	`f4cdb9879deef57d188b859744e4b1badfca7edc`
SHA256	`77650516087c2a6c43e7b775beb8148d8f9e6906dbe6bbcf5c3678fcbc02fa9a`
CRC32	`6CCE5C81`
ssdeep	`768:ijLnM3CfIIEafX6IWAepsuTaEa/g1rlW9HJFlzukK1TPAaIXoaRz:KOoIIEaSupf/g1eTZ`
Yara	None matched
VirusTotal	Search for analysis

Name	3f46b20923d432b3_gettoken[1] Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\gettoken[1]
Size	175.0B
Processes	8724 (scbybt.exe)
Type	ASCII text, with no line terminators
MD5	`c6324ed353541a471dc774ed8e23515b`
SHA1	`a89b390fdbf049896beeccf0a724246868dfa074`
SHA256	`3f46b20923d432b3339b4edf29072120b57f61ac8141602eb6666b7566cd89ad`
CRC32	`2EFC3FF6`
ssdeep	`3:RAVdSRXiG469XSR7UWG9pQHOu5xVLVuCV1QZDJcOgFiRqzn6bzsmQcwU3XOdtI:NQdUWGLl2TLVfzOgkRqsYmeUOdtI`
Yara	None matched
VirusTotal	Search for analysis

Name	6bd9daadabe93e3c_log_btn[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\log_btn[1].png
Size	78.4KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 450 x 85, 8-bit/color RGBA, non-interlaced
MD5	`d7872d871ef9778c6f6132f7ddc8cf27`
SHA1	`3e880ec5a9bf42a44602eac1f8395c43a9f77e01`
SHA256	`6bd9daadabe93e3cee397b1fab2a1be5b34b1a92618dd7579b5b036d470ca77e`
CRC32	`AF3C6BEC`
ssdeep	`1536:uOeEktBgMwz6rrePkaOUJmpWqhIvLy1P3Ij35F1c:uOEO7zorbafQNhIDW4jG`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	2857fbe46d007307_icudtl.dat Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\icudtl.dat
Size	9.7MB
Processes	7388 (scbybttprepush528.exe)
Type	lif file
MD5	`d03ad9a1189d190119209072d048e428`
SHA1	`aa954098e3ae4c00f67bace45b39a7b4a8242c6a`
SHA256	`2857fbe46d007307b1e204c6eb1b7e4988973b958ec8edb07445988f332c1ab5`
CRC32	`7EED4272`
ssdeep	`196608:L+7mOUgAjk3MVMP7mxl2b+2WYZjU15obkTQ89kxgc3bbHo4QY7iUT0ep:evWjk3mMP7mxl2b+2WYZjU15obkTQ89a`
Yara	None matched
VirusTotal	Search for analysis

Name	84f9ff560f3df297_fi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fi.pak
Size	43.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`d4a7ba8027cfca09caf1a7296eb3e7ec`
SHA1	`7fae130235012413dd7c2049bf790af0ef89f219`
SHA256	`84f9ff560f3df29722e75f47e29e978e4d963f36109a28d432ddbba8737f977f`
CRC32	`0CCBF836`
ssdeep	`768:zUZLzZ0LdAyHXHhKDfTtxZGSC16ZrC0xH6zxStVA9X99nZDAYW6I4:LLHXHhKDfTtHC8VtxH6tStmbZDAWI4`
Yara	None matched
VirusTotal	Search for analysis

Name	861d4bc7876b968f_pt-pt.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pt-PT.pak
Size	46.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3cd4193d8640c6139982f884f1e5322e`
SHA1	`1951b71a2f5bc8c8c42512003ca102f8826967ce`
SHA256	`861d4bc7876b968ffa5736127da462a1b09d9ddd5534668f4a871d569033a962`
CRC32	`66AA3237`
ssdeep	`768:KPPFK1teDzBz1dDBS4/oT0vfC+7LUyZPEDBQ0/DRFl+y6MN7qxzyqKDBN:KPk1ezLToT0vFEDBQ0/DqMNmxzyqKDX`
Yara	None matched
VirusTotal	Search for analysis

Name	6b12d2d25aa996db_uk.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\uk.pak
Size	75.2KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`879bca053ba87f9a8bf03cb46438188f`
SHA1	`9f8a48a8c0bb6dc40a579888f664dd9060b9bb4b`
SHA256	`6b12d2d25aa996dbefd4af3d02b12eed86ecd8b75b8e8cadc317c13cfcbf5144`
CRC32	`7FC45712`
ssdeep	`1536:+fPORoE+KZ9FfrBmohrMVkSpqMaDDDvobCaftDQIMVUMTEb4USI:+fWR7BmoZMVkSpPaDDDvobCaVQIMVUMC`
Yara	None matched
VirusTotal	Search for analysis

Name	c9ac272850e1da40_fil.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fil.pak
Size	48.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`ba30c440e34a828c656b3057a6ef50d2`
SHA1	`cb223b3cc624a316ce4af12d0505c000a6820add`
SHA256	`c9ac272850e1da405981ec9c22c04280190988c69f20d8fa9d4ec35cf179d0a2`
CRC32	`7A649285`
ssdeep	`768:qxu3ggT0vzpJLWm6RSdoOHJrkOo3SmqucTkef7VdMOz8k+eD4My31YpB:F5RSdo8YOodqucTkefx3/a31o`
Yara	None matched
VirusTotal	Search for analysis

Name	ae2e05d6d0ea5a4b_sk.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sk.pak
Size	48.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`bd272aa038831bda0cdfab443849abbd`
SHA1	`176eed55b1668ca157e122941424c69017191c04`
SHA256	`ae2e05d6d0ea5a4bb798b550cb19ffeb6a940cbd9fc791f73ddaabbee80f1423`
CRC32	`8BC6E9EC`
ssdeep	`1536:W1hK+CGWCIvmsBTYpPnQnKQYwoqcHCY9O:WfK+CGv5sBT/KBwoqcHCY9O`
Yara	None matched
VirusTotal	Search for analysis

Name	bfe9b111de6e7e7d_hovers[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\hovers[1].png
Size	6.2KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 146 x 45, 8-bit/color RGBA, non-interlaced
MD5	`053461ee26bd6b8a12f6cbb898c059e4`
SHA1	`0d0ab462d76d2c87fd0ab498172ba1ccd1d83ea7`
SHA256	`bfe9b111de6e7e7dab4d65933665aa14dc8bf6d07049a3a9f6e36c39091815af`
CRC32	`FB6DB9ED`
ssdeep	`96:XLuuPUacE76n5f0SNPYSL8Hkn8e5L310HJ5aSKyRGOyyofUL/bqfYCdsKFdkGIPL:XLuN57YSL8EvtFxSKnyKUyAZKfkGk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	6016d121f8a5a628_vi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\vi.pak
Size	52.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`a2a7153a8b15820d1ca5be492b4d9600`
SHA1	`0fc2fa180c5785ce1432d19c0db1ed56b2ce25e9`
SHA256	`6016d121f8a5a6286c54cc27509af0b4de0c4c229e8d69cee6af437f6adee2ef`
CRC32	`C4699A3D`
ssdeep	`1536:d7mibcX2/NbqGNUlBTi99me8PNqM8NJYBCjlndx4C5se:d7mibcmd5CBO99OlqM8NJYB4tdX5z`
Yara	None matched
VirusTotal	Search for analysis

Name	9cafd68d4e23ae8f_widevinecdmadapter.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\widevinecdmadapter.dll
Size	227.5KB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`1775b40455c7f12d9261eae9d9a2d2d7`
SHA1	`68a4c8d424c6add253a161037cdf178d0bfcccbb`
SHA256	`9cafd68d4e23ae8fcb2e766175b3e5b5ea6519295365d4d8a0937d6063fad378`
CRC32	`F96491C2`
ssdeep	`3072:WneZIFk4WA3BiLvZT0lxJqFpd7YIRf6uIvTsPVd6Ag0Fujbkmf7WuJmbIrF0:We6dEcJqFpSIJMLAOjgbJ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	3abf4b49ec48ea46_am.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\am.pak
Size	66.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`c8e9074faa1d9428089fe39a6340c43d`
SHA1	`3d345aa7462ef82e000057e49dfe7d48f6f049eb`
SHA256	`3abf4b49ec48ea46d97c7def4c4dbce5d24d452710e8bd113cd7cfcf6280f95e`
CRC32	`64705883`
ssdeep	`1536:6gwdwi4Y8YShhyO5nVZOWBARfJ7wmmrYfQrgE43/AXNX2dLaYKJn/kUZZbCKeQcU:6gji4Y8YShhyO5nVJBARfJ7wmmrYfQrV`
Yara	None matched
VirusTotal	Search for analysis

Name	a76263a6b5c969a0_en-us.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\en-US.pak
Size	39.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`ea20f7ef299ca680a72e9163c8ed0093`
SHA1	`f9ef3b9cc76f34f83142e1fcb67bf5c3f9031953`
SHA256	`a76263a6b5c969a0b0a2cc90bdb86d35f3adaddef41884fa84832c24b0940192`
CRC32	`5EDB6AD8`
ssdeep	`768:obq1iD/eqv9gNfDggl+dON+VcCwEpgmA1EmW+BlnkVSI/SBURkSNl:obq1iIfDggl+dO/EpVAppBAS2MURkSD`
Yara	None matched
VirusTotal	Search for analysis

Name	88c6ab714ba328de_pt-br.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pt-BR.pak
Size	46.8KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`d0fa28db4ee6aeff783c79b94ec50e80`
SHA1	`da7be8e7c2cf79679ebcdb562ae44e2525d3243b`
SHA256	`88c6ab714ba328de98c1b59cacc1ba2f2229f8262a57b5ba0d7be6fae0bcb2db`
CRC32	`4E9E90C8`
ssdeep	`768:On84KgfbimUYaQTBQeb79OZiyXStLSoMX6B7yAJtOeIc6xQxGel2:On8zm7TBKXXStOoMqEPc6xQxGe8`
Yara	None matched
VirusTotal	Search for analysis

Name	80b46f4e73ecff55_ta.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ta.pak
Size	109.1KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`cee22dd06699f093804e4cc822403392`
SHA1	`60b06291d29bc1588d83159058cca44a352d5d6a`
SHA256	`80b46f4e73ecff553ff815a0d406c9ed2c3d002909f1c1b2b57cde95d3fe3e2f`
CRC32	`20F2ACC2`
ssdeep	`1536:3B2Q1UOIPUN9HGX2S3e6SpeiMC5ydLtZW0wQbQX5QNQKogKW+XbWsyWtjWYnpJYj:3TgX24`
Yara	None matched
VirusTotal	Search for analysis

Name	d84ddda26f4f6122_de.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\de.pak
Size	47.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`6a2b3005805a7500570e442251efebe8`
SHA1	`da2127683f6fb31d5e065db13ce39ad4651c5dfb`
SHA256	`d84ddda26f4f6122f05c2bf06924097d374fb6f339693a0f5f0a30a52b2fce8f`
CRC32	`24DCCC4D`
ssdeep	`768:JwDgump1xwsJXusqGvl8TR16f49VX658lK9iXryiSolAsjvCs8RElXZxUM2i5G36:J4guQosF9L8TR1a5R9iXry5YX4Mx8XL4`
Yara	None matched
VirusTotal	Search for analysis

Name	8463bfd74ece049b_沙城霸业bt.lnk Submit file
Size	1.9KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 16:27:57 2021, mtime=Mon Jun 14 16:27:57 2021, atime=Mon Nov 2 02:18:46 2020, length=4677032, window=hideshowminimized
MD5	`332199feca4a49c77bbed844198d664e`
SHA1	`06bc35713731b91cd7845e9b2c46a86853234e11`
SHA256	`8463bfd74ece049b3986c2b84de69c89d1155ad101a118358c02e410504dd2d7`
CRC32	`F05EC77F`
ssdeep	`12:8VCdTXr4cZCrR8EvSESTzSLktE7qnk/rizCCOLAHTK/MJnaQGg2CSIqm/MJnslZu:8oXssERdEUlenk/uzN1LUQd90yl1wP/9`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	2d6b605eb096312c_input_reg_code[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\input_reg_code[1].png
Size	1.6KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 194 x 40, 8-bit/color RGBA, non-interlaced
MD5	`a608aa57da172c2dc56e933cefea9907`
SHA1	`0332d28f191f267b8215bc32efa09471ac096575`
SHA256	`2d6b605eb096312cf0acf03cf2bf40e7ef26fb89a7854eaba7f523d13b82f7e5`
CRC32	`76FD766F`
ssdeep	`48:M9unp+kdz9W49dMYZTJSsah8EcDyiVB9+/7:YupXpdMKTJSX8EcDymE7`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	efe550dc85ab4403_ro.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ro.pak
Size	48.1KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`228c2dc6de89cc5889a556b04625277d`
SHA1	`f2d4bb245abf2ad71f9ea4fd67a82b826d9371b5`
SHA256	`efe550dc85ab44038178bb99afc10bcccf8dcd7d0563fb6b4c31708407ecab79`
CRC32	`C13D2E1D`
ssdeep	`768:QGTSWhCoRxMcBQpBikEoqwTMU9cLUkh8cS7l8aTTZDtGY8LSg3de60BnsUejNv2Q:B4oRxABpEoqa9cgI8HyaTZtGSke6Wp6B`
Yara	None matched
VirusTotal	Search for analysis

Name	1d60c9dbcffd823f_button_right[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\button_right[1].png
Size	5.5KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 110 x 36, 8-bit/color RGBA, non-interlaced
MD5	`3333d4bd9a43ec5e14f89ed0db8add2c`
SHA1	`60541662d663381fabc1ca3ecc1ba9bc7592a372`
SHA256	`1d60c9dbcffd823fee68eb6aff8dd2121639f131fff6cfa82d27282968331d75`
CRC32	`0C48B768`
ssdeep	`96:Df4Mm28LSNX+TyuRuk5aMpd6uzzoRSXSYTjy34+N+90ZeVQa+YjWySoUYnQVH52S:EiuRTJuk5aMpUuzzoRSXS4w4+N+90Zek`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	7d9c0c4d88618bdd_natives_blob.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\natives_blob.bin
Size	402.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`8f4d6515f4d321313a39a659c3c5ff01`
SHA1	`f4c95f1abd24c715a3dd4b3e4c9cff5decda7250`
SHA256	`7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f`
CRC32	`5AC01CCF`
ssdeep	`12288:ln3Cj7CQaMiyMzQ77Ua7Zm6ap4avfyM3G:lnk7CQWfy9`
Yara	None matched
VirusTotal	Search for analysis

Name	f082cfb5bce2f1af_沙城霸业bt.lnk Submit file
Size	1.9KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 16:27:57 2021, mtime=Mon Jun 14 16:27:57 2021, atime=Mon Nov 2 02:18:46 2020, length=4677032, window=hideshowminimized
MD5	`192ca6e27f9ae67e9dc2d0433555da34`
SHA1	`88509798086892804818d42178f6b9594e6f930b`
SHA256	`f082cfb5bce2f1afc8809f81015c20450877260edd11fc57e734cb51472e4083`
CRC32	`97E30907`
ssdeep	`12:8VCdTXr4cZCrR8EvSESTzSLktE7nnZ/rizCCOLAHTn8U3/MJnGJCSIqm/MJnslZu:8oXssERdEUljnZ/uzN1coI0yl1wP/9`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	2addaaccec335c66_libcef.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libcef.dll
Size	47.5MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`fe5219be2dda0fb7352bcee497556e75`
SHA1	`fe9ee85df3932826fac6a0ac6204c13f5860642a`
SHA256	`2addaaccec335c662cafdb5b36735c108e235fb03d2597edbf85c09b52aaff04`
CRC32	`BEA380BA`
ssdeep	`786432:6Gef2UiBDMxVI07lf0gtuPaa94GqEdxzVxNeZrp6PajHylGVQaiSNlyIvsln4rhl:AkBX07lf0gtuia94GqGxBxodgPajyGVr`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Microsoft_Office_File_Zero - Microsoft Office File IsPE32 - (no description)
VirusTotal	Search for analysis

Name	4493b8d2ece172c6_CefView.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\CefView.zip
Size	636.4KB
Processes	7388 (scbybttprepush528.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`51e723b78c3559a3e4ab4c291f221d2b`
SHA1	`fe86535bc14a49b9045c40d86b1511e5e3c3e7f8`
SHA256	`4493b8d2ece172c617d8eb10b41e83b757588c68eed8c8fdc7d64eb53ffffd45`
CRC32	`1B4769ED`
ssdeep	`12288:FdSGsVxJKsOf9WCeQnpURUH9+otLl6sfRdBwaS9LjimkPp1Kb1:FIlVSdf9JBwUHZ10T9LuFgb1`
Yara	None matched
VirusTotal	Search for analysis

Name	9495c58645df64da_lv.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\lv.pak
Size	49.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`4f3db8bacddf08035ed01ea66cc72d84`
SHA1	`36b03be97bdc2abae90d191bb2f6f3eace7ee463`
SHA256	`9495c58645df64da9f12af60276420145c47cd032465ee52b216b243cec9022e`
CRC32	`34FA9492`
ssdeep	`768:Qjh52P2d7B1TWSMJ8JUP9MEQxPp8ykGOfsWMZHuIkpI0pDou:Qj2PwbWSAZQ78ykcYPpI0pt`
Yara	None matched
VirusTotal	Search for analysis

Name	6e29db11514167c0_nav03[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\nav03[1].png
Size	3.7KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 73 x 19, 8-bit/color RGBA, non-interlaced
MD5	`1fa3632f40216dd0830dd644eee9c6b1`
SHA1	`0d27d8303b1c00ee9f14eeb2af4786697528c014`
SHA256	`6e29db11514167c02be2688bc77051a36e9ab523835426c50086f4d597854412`
CRC32	`569E5145`
ssdeep	`96:yas7gWONpFj1E70qHCIAx26DfaFZUJKZT6N6Bi2h6tIOeW:yas78pQ0qiR9yFSJoyXK1OeW`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	84478e9e8edf2980_cef_resources.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_resources.pak
Size	33.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`91dcd33ea77cf56fa39f3c3b0628141f`
SHA1	`092de5a70119bd7675b5c81dc2546d685696e281`
SHA256	`84478e9e8edf2980b5d214ab6019885ff762db832ee8a12e6216d4439ba56b63`
CRC32	`A373A92D`
ssdeep	`768:xNwNU5pqbjUFhDoH8TOLgHqSnhZOLPcIyoejomm1396i0ebbF:xC4p6UvDocSnShgTduy3`
Yara	None matched
VirusTotal	Search for analysis

Name	d19534767de432af_third_qq[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\third_qq[1].png
Size	4.1KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 76 x 38, 8-bit/color RGBA, non-interlaced
MD5	`664ebbeea5e330a5adc8d729070dd213`
SHA1	`6a929d0ced20c7d75faff558776fbba597703209`
SHA256	`d19534767de432afb00cb0c0658458f0e6ed380be08d4a0a36f5ab94e8277d2f`
CRC32	`5A6628C2`
ssdeep	`96:mZXMt283zwASN5E5ag1Y0ElrSlNJuNHI9AiPQYF6O1pMfF4vCqU:mZn8j3SN5kagREeNJMJiPQYFPiN4vCqU`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	25006f654d50e7e6_cef_200_percent.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_200_percent.pak
Size	227.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`66fa52c0523ae2ec18c37960e4eb3e6a`
SHA1	`61ac3e8e84a7f84790a835998873431c4a086bd9`
SHA256	`25006f654d50e7e63f4557357437eff5f6bda3dc6e8bf86cf0bd5b02fdbf2a28`
CRC32	`8DAD5103`
ssdeep	`6144:HJW/jBysmlC9BzMklLwozV1oJoRc5QXfHgs4jTlnG:pW/lDmYmqh1qggs4jTM`
Yara	None matched
VirusTotal	Search for analysis

Name	e9c9b9a56fbd98c4_third_weixin[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\third_weixin[1].png
Size	4.8KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 76 x 38, 8-bit/color RGBA, non-interlaced
MD5	`3783f1e3acc2f223129173d034a30920`
SHA1	`75ece47349995085ce0e4ed0972ea8bfc57e3523`
SHA256	`e9c9b9a56fbd98c444cc5cdcfdc597fa5d4dd3d6dd1db4b3b655b84bb344208c`
CRC32	`6F0265DC`
ssdeep	`96:mMLdR5ceT+DYGYs7dNiSO1XDZGzjTf400CWPIzvyIYLwyIFNYsrpH6vwfgFTFn1:mUdR5bmdNXOdDZob0CWPqvyIk9IFiDhR`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	3e0db1b503f738cd_button_left[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\button_left[1].png
Size	6.0KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 112 x 36, 8-bit/color RGBA, non-interlaced
MD5	`7e5ee6f11a5961cccaa4d553951ce67d`
SHA1	`f3703efd5a28b30c8019f9abaec27aa57022b773`
SHA256	`3e0db1b503f738cdd3603f17e202dcc755c5792bfd2bb0dcdacaa4fbd913f213`
CRC32	`01F08AE6`
ssdeep	`96:Wcs9E1DRfdf9qKL4tYRZxwkM1t2EupmB2vd0yHZ3KDLhBK0MVXuQYRmpEiLB2:29EndfwzugBE0E0a0IYeI`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	258698b17ce4226a_scbybt.ui Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\WdGame_scbybt\scbybt.ui
Size	1.6MB
Processes	7388 (scbybttprepush528.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`533680b38d35cf14c063a38c80748592`
SHA1	`4fb1e1271b7dd4ad9d80ccebb6517daa15f9920a`
SHA256	`258698b17ce4226a320160f9bcb2c0b662dc7db62bd9b414b39517d647fa1e67`
CRC32	`9B53A30C`
ssdeep	`49152:WXB5n5PUR4Sy1wOi6YbX1wJPaO6DZhshYaIP6h0L7g9:2n5P3dipbX9DZhshMK0L7g9`
Yara	None matched
VirusTotal	Search for analysis

Name	0cd8375c95f0e286_沙城霸业bt.lnk Submit file
Size	1.9KB
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Jun 14 16:27:57 2021, mtime=Mon Jun 14 16:27:57 2021, atime=Mon Nov 2 02:18:46 2020, length=4677032, window=hideshowminimized
MD5	`ce005d79cb3a9a4007eb7d60bf72f644`
SHA1	`861ca0fa5cfc12b2a85ef37b48f4ab7b151866ae`
SHA256	`0cd8375c95f0e286c658af3fcf7df4ff13b0ba0188dce8e47fdd2f3cd5da044e`
CRC32	`837B3875`
ssdeep	`12:8VCdTXr4cZCrR8EvSESTzSLktE7nnZ/rizCCOLAHTreMJn3/MJne2Z4iX/MJnslo:8oXssERdEUljnZ/uzN1rRm81yl1wP/9`
Yara	Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	5a64cb26f7e95c44_gu.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\gu.pak
Size	92.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`470244adc1084b9411b6bd8f0a028ea7`
SHA1	`589c30309fc65e546a740a5d6ef04dd41919c2fc`
SHA256	`5a64cb26f7e95c44b9d400d8b30befe53c09096fb0385856f4b5b9e9006f9fd5`
CRC32	`3A09CA2C`
ssdeep	`1536:z2sgszl3/NifmzduKOeEozoVtG2BCXyQIXnSAcfU4RXtwAdjbXOgJBC4uKBBxj7F:Nzl3/NifGduKOeEozo7j4i9XnSAcs4RJ`
Yara	None matched
VirusTotal	Search for analysis

Name	072a6488c6b07632_license.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\LICENSE.txt
Size	1.6KB
Processes	7388 (scbybttprepush528.exe)
Type	ASCII text
MD5	`fd74ae632a39d7dc6b1a4e3bf81def7d`
SHA1	`3655ff8a1a94273610fa4b9861453d52f0e5b21e`
SHA256	`072a6488c6b0763259987b586f2a6ea00e351aa3f5025090b4c14f04508720f2`
CRC32	`938F512E`
ssdeep	`48:VcbD7BOCrYJ4rYJVwUCazPXy43HV713XEyMmZ3teTHv:VoDYCrYJ4rYJVwUCaDZ3Z13XtdUTP`
Yara	None matched
VirusTotal	Search for analysis

Name	00a811032b3bb8c7_reg[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\reg[1].jpg
Size	86.0KB
Processes	8724 (scbybt.exe)
Type	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 848x480, frames 3
MD5	`da17eb2411e9e0930a85adae68d38695`
SHA1	`9afb7a18501e785eb6352f6224150b0d1d9a14e0`
SHA256	`00a811032b3bb8c7f0d3384c71da0028b09cf4cec1a6d8807703f2025a406c84`
CRC32	`ABD56CEA`
ssdeep	`1536:4Cd03jjSbuWV7RkmsaH6bRlc3ZeTDRiT/DFR+SPI7I3YGz3yr1f7+:4CSvgV7RsaH61QeTNs/DmSPLR`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	0150cca64343e7c4_en-gb.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\en-GB.pak
Size	39.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3a0a0f6b73f7f7e8a021ee435f494139`
SHA1	`d63b91c0923872b2ba2cabf5bd8b00b6437b3b3f`
SHA256	`0150cca64343e7c4e29ddbb1e266a77fded9dbe42a09d4adeedb1dca61f07fa8`
CRC32	`AC5FAE89`
ssdeep	`768:9YKjUTS5rq2bJg2fmgglS7d0+VEIFEpJQFAxSMW80Blnz1SI/QBoRYSc3:LjU2pfmgglS7dZEpqABUBvS2eoRYS4`
Yara	None matched
VirusTotal	Search for analysis

Name	220aa7ee2524ff66_cs.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\cs.pak
Size	48.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`4d08959d93c5f8f665ef2824856f5e64`
SHA1	`56d19a6da933186467adfad896d58e78a4c12e65`
SHA256	`220aa7ee2524ff663ff866a589a99bdcd8238fe2f5f1676896e881ed713a4ece`
CRC32	`A386F5EF`
ssdeep	`768:szl8FnAQG35P5Iq8Qb6ySisHKYjyAfJYhEyN12o9ZuxafeYhPLs9qVqriVqTxuI7:seFg8Q3s9RYhN119Hh8AsRx`
Yara	None matched
VirusTotal	Search for analysis

Name	1ed331fbba49e120_hr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hr.pak
Size	45.2KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`d88949fd915bcb7a18ad44474ef74da7`
SHA1	`d1fa82bb1d7dd27fbd95cf08cadbef7a874b5333`
SHA256	`1ed331fbba49e120e97ecdb00e95ef6907dfbd060a061381fb5b12d712e32e58`
CRC32	`51272147`
ssdeep	`768:u0UUzsAu0EnGmYIp0YwpyZs9XtS6DgBx/KlsoPYVWS/ok/yR+RPj:um5uNq/9yOXtS6DgrCCzVDVFPj`
Yara	None matched
VirusTotal	Search for analysis

Name	a8bcbb49cf933f2b_sr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sr.pak
Size	71.1KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`00b884aefac9f3d2ff05f910491081b0`
SHA1	`c74034c271d347a9a9f58058311adeeeed8c7953`
SHA256	`a8bcbb49cf933f2bb74bb6536eb2ea38f5082c8558c7bbed6f2f5fa89b6d536b`
CRC32	`5EEDC24F`
ssdeep	`1536:rBbH88/1k1JVNLHCWk2p8kFmSmndpyDP+fwws1NW780Q+gtksaYI:FbH88tk1JVNHNk2p8kFhmdpyDP+fwwse`
Yara	None matched
VirusTotal	Search for analysis

Name	2e07dc909efb9d93_cef.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef.pak
Size	2.2MB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`4d991b6db94e823aac8cef6eb1959662`
SHA1	`84856f2eba08c5ad2df6a946e0eb7519bc9fb6cc`
SHA256	`2e07dc909efb9d9316e15452f168581966bdc7ad8fb607d3d3a339aaa8dc0266`
CRC32	`D0571B61`
ssdeep	`49152:m+jA+bQaVNVtw5uwB2UKO0GGxsbMFsEMtggb7xqk2UQfVGGG2pLTux:FDGGG2pLTux`
Yara	None matched
VirusTotal	Search for analysis

Name	2a78c7b704cd403d_ru.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ru.pak
Size	72.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`6cc147ff2e74eb4640a65e42f45459e1`
SHA1	`11eaa5d4229173cfc621533f04ff11ac5ad31b59`
SHA256	`2a78c7b704cd403d488d7163bf13be9c0cc61b7647a0f8fc832111807748756b`
CRC32	`F9F44DB9`
ssdeep	`1536:UqgKW7SujESvL7dM7JOEo0tJotLVn0UItiy:UqgKWuujESvL7dM7JOEo0t6tLVn0UIp`
Yara	None matched
VirusTotal	Search for analysis

Name	21e523ccb6269935_cir[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\cir[1].png
Size	1020.0B
Processes	8724 (scbybt.exe)
Type	PNG image data, 4 x 7, 8-bit/color RGBA, non-interlaced
MD5	`9e43dd74317164da84b254d22a4bab53`
SHA1	`a76374d07f5adaa68408d8d7856a30ba55814ad7`
SHA256	`21e523ccb626993544479e7da691d30cf99880118194c16d868be70258081ef6`
CRC32	`794D097F`
ssdeep	`24:bl1he91Wwh82lYSKwUc1FyqViT3ouyJ3VRUc1KGp8T:bLqQvnL9cKq0IJ3EcItT`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d3a9caa7eebc914c_jquery183[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery183[1].js
Size	91.4KB
Processes	8724 (scbybt.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`4d30fceb0a9da287c6f802ea05b69e3b`
SHA1	`bf4ce064f2ea3d6f9ab4be257ebd897a4078e4e3`
SHA256	`d3a9caa7eebc914c861dd7fb50145903d27ac6f52b18320eba2f3d313867a577`
CRC32	`0F83D821`
ssdeep	`1536:8hIGG4EYrbSkPAQWSaKTlf5g42M4O5b7DuKM7G0i33Ky4J6iVM+tEKo+zt5mKhUP:wOpWR/2NK+21NGZ1gSa`
Yara	None matched
VirusTotal	Search for analysis

Name	c4b00e4c223b241d_pl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\pl.pak
Size	47.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`854a4765cb37d769a8b108b3b6335860`
SHA1	`390f2289f120337e5d9d29de757baafd452fb04f`
SHA256	`c4b00e4c223b241dc643f91531f0d503216d58d7dab4ee79ab64d63123661290`
CRC32	`6785A981`
ssdeep	`768:pBXySF1eIYFvW/ELwMbQyeZ1uRi0NUmLHA+ba7XCoe1nRTLchC+eVj2ho/k8ah:pBXyOWeUi0xH7+7XCogTLchU2x8m`
Yara	None matched
VirusTotal	Search for analysis

Name	f35537e623a4b0e1_mr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\mr.pak
Size	94.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`bc943169d21bbfd16dd412ae477b3dc0`
SHA1	`d7befe9dde62ff36e586f9d15c3719fbfba618f7`
SHA256	`f35537e623a4b0e1d335fd38d69e1d1df443f22aea206d0e151733a577771973`
CRC32	`459F285D`
ssdeep	`1536:biDkYC7WyrzGknqixCiAqHSinMhTfMlHFSv:b4xCqyrzG4qiRAqHSUMhTeFSv`
Yara	None matched
VirusTotal	Search for analysis

Name	ae8af09fdee6c385_ja.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ja.pak
Size	56.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`b44747ce81c6936d62d52e7ce33107e7`
SHA1	`5b0d1943b3173d7f2d3be74602100f2d2f685594`
SHA256	`ae8af09fdee6c385bae57d2d72562c3457db1194d3492a9ecca71219c6e6fdbd`
CRC32	`D70E137E`
ssdeep	`768:OSdNz1aIICoinJec52H9HgHO4lHNkg3c94NXm75iiq1Y0o86FH++O4E:OmNz1aIICznJealHNNc9F7DRRH+p4E`
Yara	None matched
VirusTotal	Search for analysis

Name	d396545288768e70_ms.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ms.pak
Size	42.8KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`6cfd5b74d08c8a5d5596b4712647feef`
SHA1	`7fd304a4cccce04a610f7c17e36b34c2b74bfecb`
SHA256	`d396545288768e70239190854577b1df2ab8e6a935b0b839d651116eeb7b195b`
CRC32	`5148418F`
ssdeep	`768:llKJK/a9RRwiz8uUrTduWWzE9n9k8rpvwfvNSeaiZi3tUev5Q:lwD5z8usbWzE99X6oem5Q`
Yara	None matched
VirusTotal	Search for analysis

Name	16100ce36243801d_wow_helper.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\wow_helper.exe
Size	80.0KB
Processes	7388 (scbybttprepush528.exe)
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`36029141d8cfea329c99c319989a05b9`
SHA1	`4ac51c1ee3c9e005053b2a628ee4a056ed4aae53`
SHA256	`16100ce36243801d03f6e1b9d6b1c6924c7c71e928b8f9e7eb8eed2d8d2447e1`
CRC32	`F86F24C8`
ssdeep	`1536:9f77+031ru/qpap4qUqm+rIqRqEp+85LQyiL1LOFfv5:VWo1/op4qUqfrIkb+aLQPFOFp`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)
VirusTotal	Search for analysis

Name	eb27e13405f6b89b_libglesv2.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libGLESv2.dll
Size	1.6MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`887811e68328733da8129f171707f8a4`
SHA1	`c3386e67582046967202e5db86a31691bdcf145c`
SHA256	`eb27e13405f6b89bef0e3d9970719849b82fa849197b7639c52e14cd0b584e01`
CRC32	`F4927916`
ssdeep	`24576:83G/W8s2nTwA0yFQ+d/v5990lQI0FvE0F5eNCL0/UeZRQ67G:Q32ZFZd/vj+lQrsS5wCLSS67G`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	75d3bd312d2cef6a_th.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\th.pak
Size	89.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`f836e6cc433d1144620b7774f3230efe`
SHA1	`1fe000b10eb44df261fb346dfbf4e294eb0bec8a`
SHA256	`75d3bd312d2cef6a0f24a57ddaed316e34ba38b791e14b25b173e896a5431d4f`
CRC32	`0A216470`
ssdeep	`1536:FjhWt3hRbKDWhOyF7IqfrmMp8iReeyiPIiSztED:F6RbKDW3F7DfrmMp8iRee7UtED`
Yara	None matched
VirusTotal	Search for analysis

Name	d4298c89fc524598_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\7z.dll
Size	1.1MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c4aa6d9e72a1721b3f65646e04e702cf`
SHA1	`6a41028ab246ce033e19da5c54e066e0752cb616`
SHA256	`d4298c89fc52459842e7658ebf3aa34a9f6e061a97b8984790239609b492f696`
CRC32	`C99B623E`
ssdeep	`24576:SZ+lCPq8bgPqPRzWu+sjvNfEz0z/JiJXosc3:FlCPnbgiPRzWFsjvNffJtsg`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) Microsoft_Office_File_Zero - Microsoft Office File IsPE32 - (no description) Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
VirusTotal	Search for analysis

Name	6a67db9ad3222b97_input_reg_pwd[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\input_reg_pwd[1].png
Size	1.5KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 324 x 40, 8-bit/color RGBA, non-interlaced
MD5	`18f5301d7d65c53ce510030527af80ba`
SHA1	`c517e663e9150a1f9530c107c80d30a784a6fe5b`
SHA256	`6a67db9ad3222b973f7809149b38e76070d624030a5e5151518c5f331e4cbe4c`
CRC32	`2DBC3848`
ssdeep	`24:t/8va0T61sFx0cH6vvRujdiw7KUQBTbEsIN0sxudbO//WNTPF+/bfw34a20FS9Oo:h6HsRujoLB/KbqSIga20FS9O/O2xZhp2`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	c54d294e04ef0542_checkbox[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\checkbox[1].png
Size	867.0B
Processes	8724 (scbybt.exe)
Type	PNG image data, 17 x 16, 8-bit/color RGBA, non-interlaced
MD5	`a2d3beaf27ddcdf29baf47d299640813`
SHA1	`1f728af69a9c4d39c59cd618eba7f45ec1cd39d6`
SHA256	`c54d294e04ef0542bfeb3f4528c9cd0563df19e33fefd80200896f06c6ac4cb4`
CRC32	`CD20D9D3`
ssdeep	`24:ABncg1wQB0zelKiKH6Ft+tHZvXjKdJh0pXi1:5JHycXgwy1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	58f7ce00d589aaae_cef_100_percent.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\cef_100_percent.pak
Size	141.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`ad2ddfc39c78eedc734af6506a579a8c`
SHA1	`64e66d48ab3a98503948202dec3ff2f35470cd5b`
SHA256	`58f7ce00d589aaaebfaf3d0badac45924545e49f2d1531156f282eac7abb11b5`
CRC32	`45FA0920`
ssdeep	`3072:Z7qrTpJroFYgI1epIMIZOgl95h4vjWX6pCa8+1pq0YAhstEtTUuS/po:Z74JrEXjIZJlHavSqT1YZYstATJ1`
Yara	None matched
VirusTotal	Search for analysis

Name	a63541e0913c172c_helper.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\helper.zip
Size	551.9KB
Processes	7388 (scbybttprepush528.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`7bbf919ac238fe6aa103a8d70bfd278b`
SHA1	`be007e073c298327ad47a27ba4cb6741602f1819`
SHA256	`a63541e0913c172c717b0b897bc033585b0b5f1561cbd391aa856224c783a421`
CRC32	`8CB321DE`
ssdeep	`12288:VXJtf4lfb8XhxLW3y44OzAOYSCPjaemeDTNJSQ:VZtf4lfbixLW3y44AQPjamSQ`
Yara	None matched
VirusTotal	Search for analysis

Name	2e50152c5f6215ac_nl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\nl.pak
Size	44.9KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`264ffe560b523d126c51dceb311373cc`
SHA1	`3ea124acb4d1d5d76fd706279a0bedece200f08a`
SHA256	`2e50152c5f6215ac24dce2a3dc233a220869183034948f0356232c57514cbee0`
CRC32	`9F56D77A`
ssdeep	`768:+JpaVkrA8LVnuQtnHyG0LLv8wEDRlp6q5qR2D2GqRk5zJEZnsrJydE/:+zaFQtnHFwE1lp6q5ZZdidE/`
Yara	None matched
VirusTotal	Search for analysis

Name	2f2a3ca0f0c80349_input_log_code[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\input_log_code[1].png
Size	1.3KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 132 x 33, 8-bit/color RGBA, non-interlaced
MD5	`30ff11b994ffd1ff2438c9fc4e3d87e2`
SHA1	`ee8a845036aeaad6c97e4bec9deaa6897ba4137f`
SHA256	`2f2a3ca0f0c80349026149f9395d824f6eed2ba5ce514303902d8e5c98205826`
CRC32	`B461B1A7`
ssdeep	`24:BV9CGeIOXEPnExyuZGEKfetgo3XRFjopxW3ejYkGWnO3Cb9:BbemEx5E4FRJopxW3eckGWOK`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f9b8de7fe6fb2a6d_pagemicro[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\pageMicro[1].js
Size	33.6KB
Processes	8724 (scbybt.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`53637ddca6c502fb53378d56cb33eedb`
SHA1	`aefa8dd4086f96e7744fc5ea7eaaab44db353d98`
SHA256	`f9b8de7fe6fb2a6ddb9c9678d43844a282a436cece126a040139b8fd1a40f91e`
CRC32	`A4542ADB`
ssdeep	`384:M3Lv2V/Y62LzYyvJy9MQoa+AWBKVOdmLDf3Ni1jb6HQom5:MIuY8Q9MqDfVQ`
Yara	None matched
VirusTotal	Search for analysis

Name	1f4b6a83d0e2cceb_zh-tw.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\zh-TW.pak
Size	39.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`1a09c6b7412b2a5d7f1b379dd4fcba1b`
SHA1	`58ac3377bcbc8fda31a0f77809128c9f0ecd82c5`
SHA256	`1f4b6a83d0e2ccebb596d010f5146fe3a45fcadcef786d696479e33be8c9c905`
CRC32	`8BFFABB3`
ssdeep	`768:wolbXBdh4+Jt8IIqIhGa1bfe0wvRtMDZ8KtZPqdjryEfv11JxzdXcHKh1COQPLsj:worAI8IIqIcATwvRtMDVIjB1LxzdX+K9`
Yara	None matched
VirusTotal	Search for analysis

Name	98214079c6d17eb7_da.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\da.pak
Size	43.9KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`b99e86c8f7b181322ece052e1a57a2be`
SHA1	`6cbc6a960f9e071f23aee5d75f362ca5092924c6`
SHA256	`98214079c6d17eb7d878e23cfb3a87b6191d40baccfa4895bccf13324c1c29f4`
CRC32	`943FDE38`
ssdeep	`768:+hW1usun9x6J7siMZ3XCX+K6ek4w7Oybg+y6TWNK5BomXbuDNveGGgEAZOnU4:+U1ux9xQuCX+zTLbXy6omCUAj4`
Yara	None matched
VirusTotal	Search for analysis

Name	84757406545e7c19_commontool[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\commonTool[1].js
Size	27.5KB
Processes	8724 (scbybt.exe)
Type	UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	`62fbeb7ab3a48b20ef33600fc8ea5465`
SHA1	`6be30eccae4fd34a7d83cce1eff2f57c048e7a20`
SHA256	`84757406545e7c19676bc7f3660602502a86e63c4a3022705967eed9c33cba11`
CRC32	`8435C6DC`
ssdeep	`384:QCV2SvA+ExnO/L33rGV/G70ErU+1IcI7coAQXlcG+U0rEA0rEbaZcYMvR1MjMqIP:QpSvA+qnOjLw/m1zc/VKUyccR1MjMhP`
Yara	None matched
VirusTotal	Search for analysis

Name	651883dcac3e615c_nb.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\nb.pak
Size	43.0KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`134cb79b07d6bfa385cdd0f93cec84e0`
SHA1	`acbd382820affad858bf37a2a4dc36a5c9ef05fc`
SHA256	`651883dcac3e615cca3f9759efa4f96672c788fd3e2524f1d7236a48fa8dc54b`
CRC32	`A613054D`
ssdeep	`768:So8MysOlF2nsYhoX6xqggR80Ny9vKXiLoNmb4d3INsfg8/MXcrzXnspc1EW33Pw:SoppToX6edN/NmMd4OI`
Yara	None matched
VirusTotal	Search for analysis

Name	a181e450c9ccb193_scbybt.json Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\scbybt\scbybt.json
Size	1.6KB
Processes	7388 (scbybttprepush528.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`340be9e6fef3dc6fd68d7d3a1ea09cf2`
SHA1	`3f7668359a2413548648f9c9fb59a122c65be6d8`
SHA256	`a181e450c9ccb1930856b3d9d511afd91fda4a97f2be014332b01f32b9ffa4e4`
CRC32	`8EE4A988`
ssdeep	`48:YJiHyjaSeGm+alBdliGJH8MEwwuXPRKLsdT:YYHy/elBdwGJHjEruddT`
Yara	None matched
VirusTotal	Search for analysis

Name	3525f253e1e2c575_he.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\he.pak
Size	54.8KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`a322fe105df1a8ff7bbb5411b2ddf744`
SHA1	`b546989536c7fdf2ea7852cef72d4690ed6f52df`
SHA256	`3525f253e1e2c575c22fdd87385d631ff848be6d065cafd2710e5cb00dd6e27b`
CRC32	`40E7852D`
ssdeep	`1536:2mLx1igXzDXq8AUfGEBgVE/DXDTRx9DVUZoUTKPYmOCjMUy+xxXhvJCpXTed2scz:NxX/r1MUy+D1JCpXTiVcI/0N`
Yara	None matched
VirusTotal	Search for analysis

Name	6d7620ca3059fcf4_hu.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hu.pak
Size	48.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`c81df0315db423d0c318d46e8fce8e39`
SHA1	`cb5e676e5cebf20ae94c3062321dab37520d2689`
SHA256	`6d7620ca3059fcf4fb2dcd935bfaa45968ef4851cd8dce9f435a6d5b129b2399`
CRC32	`1EEF9D59`
ssdeep	`1536:1dpEpE9r2tuVdD+DlK6Tk+wudBmFZfRRm0b+ZwUo:1dpEpE9ri+dD+Y6Tk+wudBmFZfHlv`
Yara	None matched
VirusTotal	Search for analysis

Name	132f24640ef6e7be_ca.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ca.pak
Size	48.1KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`63f9363aa965e0b6835b1b84c48b1ae8`
SHA1	`8dccb0f28805885a34abb183a3c74e8d9f017774`
SHA256	`132f24640ef6e7beb6bd5e7a8e556adc2c8b209576d9a92b4d2cffaf162958ef`
CRC32	`B52E8CF7`
ssdeep	`1536:THxARU+AKn1h911Rx/TlRKgq5qmHg0uec38CtY+H1LjclR4+LXZY:iOQh91/x/5Mgq5qmHTueO8iH1LjW4+Lq`
Yara	None matched
VirusTotal	Search for analysis

Name	2689367b205c16ce_wan[1].txt Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\wan[1].txt
Size	2.0B
Type	ASCII text, with no line terminators
MD5	`444bcb3a3fcf8389296c49467f27e1d6`
SHA1	`7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb`
SHA256	`2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df`
CRC32	`79DCDD47`
ssdeep	`3:V:V`
Yara	None matched
VirusTotal	Search for analysis

Name	6b9461bd8d2eb0b8_uninst.zip Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\uninst.zip
Size	201.5KB
Processes	7388 (scbybttprepush528.exe)
Type	Zip archive data, at least v2.0 to extract
MD5	`6adab4ffbc921966d0700953265d653b`
SHA1	`57e72408ca98b39b7656b93f5e3fc3ee6ecc3170`
SHA256	`6b9461bd8d2eb0b8a2cddc69e053cdd6c2d0959c332456b1750c173b09326fe0`
CRC32	`F0D52B8A`
ssdeep	`3072:fR2pzs2baNkoXroAbeush1720hq/elCKLmxM8QTFTc+5ZEPDvlgpbhZw4aaVctvg:Z2pA2bEzbv4EvelCwwQTuiOWlwD7o`
Yara	None matched
VirusTotal	Search for analysis

Name	5328bfd92b9c1ac6_bn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\bn.pak
Size	97.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`1442225a0a7fd12ca7ed34f6ed37ff22`
SHA1	`80e86ce712326d37a30eef8725c6a07a26eae577`
SHA256	`5328bfd92b9c1ac61ca43591574118d970ae7b158abbd9d331668e94583e5b14`
CRC32	`D3DF0AB2`
ssdeep	`768:3Wcv/ZImKtO2AUIXYReB00WxIenYW+K/tsg1wVjk+1NbTr19s1VBgSlgp75vedYB:3WJsBzTr1fZ5zcEu6`
Yara	None matched
VirusTotal	Search for analysis

Name	e94e8cf76b9e7ce9_lt.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\lt.pak
Size	48.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3638ecb7e65f15945ef8f4d88c1f55ff`
SHA1	`6935747e844b561b28b3cf12c86f274d1ddb1c33`
SHA256	`e94e8cf76b9e7ce944f58e7a518cd34ed8d9b0fef0e9393181a885e6f36c8539`
CRC32	`9957A5D5`
ssdeep	`768:BEmzv5Kl+p/mF69qTqAxUdE4eB2Y8+DwUaxJ9B/K7yEINv55zOTbUbdgBHaewf9D:BEmzF/T6NQxJ3BIqM+yi+6`
Yara	None matched
VirusTotal	Search for analysis

Name	adaf6a166e9a0ddc_tr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\tr.pak
Size	45.2KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`034cbcb6d790b30c617e3a895d7b06eb`
SHA1	`63df99cd38fc2be9bdfd7faa32ee00c0c857f190`
SHA256	`adaf6a166e9a0ddcbc244a7e3aa61d5cd8d305f974ac24c1350914220d9d67d9`
CRC32	`88D32951`
ssdeep	`768:hjF0h4hQOnNYV6AlIOdIsLpLj3cLhMVinZNHzupDshvrgapqSWO0r2he4GKHWotX:TrCvV6AiOdIs8W4NHzsDs+SNDhJGK2ol`
Yara	None matched
VirusTotal	Search for analysis

Name	de82f49719ba9b94_fr.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fr.pak
Size	50.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`62ef4ab8c2884194759a32a45f4fc260`
SHA1	`ba939b19b995b7a4438c86902377a1c22594b3e3`
SHA256	`de82f49719ba9b941dfc9a2141043a9c78a6f54b8933fee5c1bfc3a5175ae500`
CRC32	`850EAD7D`
ssdeep	`768:+N0Y7nP9CqzpfliN+XdG0m0skOc/N4SUG7cCmHL5n32YY0gyroFpwu:A0m8qHiNMOc/OcYCmGtyroFGu`
Yara	None matched
VirusTotal	Search for analysis

Name	0d3d78dd76f89424_te.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\te.pak
Size	100.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`b0c9b3ca840cadb88394128a2270a648`
SHA1	`d242f4690da8dfcd05d2620273848406e8f4a4d4`
SHA256	`0d3d78dd76f894242fefd80d239f0f4b3052e2895aaddaa7e7e9ad640d6bf5d8`
CRC32	`0DA414BF`
ssdeep	`768:F8YlwYAnHfqlWCKeK8Agjf+9PzqeNWa+MfxYvYu5L/TMPNiqy9jcIq9ZVYSQ+d7w:dqjn6BAJ+KPNi+p9hq7HrwhIB`
Yara	None matched
VirusTotal	Search for analysis

Name	0850ba9a564be140_input_reg_act[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\input_reg_act[1].png
Size	1.4KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 324 x 40, 8-bit/color RGBA, non-interlaced
MD5	`5994a5d6f57151112f4d48fde33a9acc`
SHA1	`620658352bb281774c66e98183e2756758c59cef`
SHA256	`0850ba9a564be140a75d6b806df2f8f98b8b813e95b2724962f53714ca046e21`
CRC32	`7A1FF162`
ssdeep	`24:kiHRryXA5LcgXTCjokXFLNugfDTQZOkp4+/vkCgMCmhCKpZt+0YNc8tZ1:r1/Cj/LggbTQZLmi4MCOCK5lqcs1`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	556bef8ce02fdb59_et.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\et.pak
Size	41.6KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`efde79dd01a9a54343213e92e0f0fd17`
SHA1	`5e7e14aa6be07871797a5dd6d322717df7e1dd5e`
SHA256	`556bef8ce02fdb594daf3becafaa474ef0dc12b127289e63b3d8d8f34325802b`
CRC32	`C37827F9`
ssdeep	`768:+Cqf8JNsulBv3Lr5igUAMAOfB0ZUJo+RF7vg63Uoy1psCR:2WOB0ZUJHBlFCR`
Yara	None matched
VirusTotal	Search for analysis

Name	328ffcf9e79f1e05_nav02[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nav02[1].png
Size	3.7KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 72 x 19, 8-bit/color RGBA, non-interlaced
MD5	`44a6bff792e9f0143659199aef21c5fb`
SHA1	`6c9367b26a46994073d8c1c4fbb80d4857dad0c1`
SHA256	`328ffcf9e79f1e05f111f7d0315f894df6a7137cbb026db92702cc0370b695c4`
CRC32	`2DFD6100`
ssdeep	`96:fADbRBA9ey3Q9DXy9qnnHOpWqUL4OcRIU:fAPk9eyJ0nHOpN/aU`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	51cde2e6665acef0_sl.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sl.pak
Size	45.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`a163522503dee64ed9165d7810fc2ecc`
SHA1	`bf0e8e185139d56b97812b2696267474ea5db540`
SHA256	`51cde2e6665acef0ab30c165006a6105b0f41235d050a4f1b6c5ee7395959adb`
CRC32	`5B616E06`
ssdeep	`768:RJQzdRo71JjG1S6nIDOtop30QqJ2BQdPyGTTXwlTN:RJt7/KnIDOGZ0QrMPyGTTX2Z`
Yara	None matched
VirusTotal	Search for analysis

Name	a930a3aef9a72482_sea[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\sea[1].js
Size	8.3KB
Processes	8724 (scbybt.exe)
Type	ASCII text, with very long lines
MD5	`26a812ede84886a75880d9a2e723a00f`
SHA1	`a601cef80a60a99200950123ac9821e1b26c5581`
SHA256	`a930a3aef9a72482c88962bb979ce88d3628abc918db3c0a0f9491a8ba0c1f5d`
CRC32	`17964885`
ssdeep	`192:hLTnM7vkOBpTf4L5pAPa6aF3a81MdgicdNKiHrD8YRDyQ:hT4kOBpTf4L5aaF3akMdXcvzHHlt/`
Yara	None matched
VirusTotal	Search for analysis

Name	8dbd2f8c37086117_snapshot_blob.bin Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\snapshot_blob.bin
Size	474.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`594f4b02c26e84837108e2b9cc894d39`
SHA1	`bee0e10f6547d76bf91520f689429d87bc5b6431`
SHA256	`8dbd2f8c3708611755d103c3776b31c8a9f62e2408d0cb9f670bd79cf2f5a7d4`
CRC32	`35E9F23B`
ssdeep	`6144:h5a2x1hJCulzMq2+ok7G6RzkkR1Kjg2zE7TGrG2:/a2XfMq2+93zk41Cg2zE7R2`
Yara	None matched
VirusTotal	Search for analysis

Name	2d9efa8a626d16e8_it.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\it.pak
Size	46.3KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`23f243b5399fbcf3d3a96a5219a1f80d`
SHA1	`c6945745b5a0a84e64149e53101abcda8cfaa992`
SHA256	`2d9efa8a626d16e8ad571813a3901e8fa0532ecf0da34760b8c725492c418244`
CRC32	`25F6D9F7`
ssdeep	`768:Bv3IHSRg2ITUO9aGM884d1FxDpKnf1SsY25tea7REbaSz:V3CWOkw8Kwnf1bhhaeSz`
Yara	None matched
VirusTotal	Search for analysis

Name	4fba49dca07e7674_bg.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\bg.pak
Size	73.9KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`5db5f8e5b0b52076aa0462d382c15c4d`
SHA1	`bc240e4b1c1697b86fcf916947a48393a3a1a6b1`
SHA256	`4fba49dca07e767405ab42a07b9273554a9ded4ff48ed0af64c5e11296317610`
CRC32	`A7E06694`
ssdeep	`1536:xyebb4grW76g2rzMkGSlEdXneom1Ktj8uADDViwfj3a+mqtIaU:Ye/VrW76g2rzMkG1dXneom1Ktj8uADDW`
Yara	None matched
VirusTotal	Search for analysis

Name	d2df093e94aeb5ab_es.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\es.pak
Size	48.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3a7434e0ede68cd976502cf490c6b8e2`
SHA1	`0590cee58d9e6b435b8b26e5f52bc919ac9f4f34`
SHA256	`d2df093e94aeb5abb31f1482bebcd1302ae699b98271072386ebbc803496dcd2`
CRC32	`742F5D15`
ssdeep	`768:isK3WDRLeNearNkrBvcqflXDwS5pN8IBCEfIQgRCPJRvX6wTTgsgWJ49zdgK3:4hFroB0qtwSrWlhchRvXPTEsgq49zKK3`
Yara	None matched
VirusTotal	Search for analysis

Name	040f8cce22ebda70_input_log_pwd[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\input_log_pwd[1].png
Size	1.2KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 236 x 33, 8-bit/color RGBA, non-interlaced
MD5	`49d68c0a6cb65e55fdcd40a88fa5964d`
SHA1	`2e0adbe4d656c22ec8bc0cad71cae2320f1ba292`
SHA256	`040f8cce22ebda705a209f32b4eb958bee24be4b74307691c0e72e8328e4d364`
CRC32	`74787C9E`
ssdeep	`24:5LOS1U9N3Gm7NV+g2WbKsWqqjjLSVl+NLB14di9apVe5Hwz1dvIF+:5LrSkkNr/yHLM8t11apVgHG1dvIF+`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	b8ab608596266900_pepflashplayer.7z Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\pepflashplayer.7z
Size	6.8MB
Type	7-zip archive data, version 0.4
MD5	`f541d00b14b9c08873d92077566ff63d`
SHA1	`3e5610a7547fa6f852ec5959c9234bf1363a8877`
SHA256	`b8ab60859626690078bfc50645c33ae57e8cfdd597e5bf6be33cc869452eb83a`
CRC32	`8DCF1DC6`
ssdeep	`196608:98mpL8l6iIUt3Lh3LOnk/86nZ1/VH1j3BF84D:9LY6Zs13LOk/8GbH84D`
Yara	None matched
VirusTotal	Search for analysis

Name	aa0042426b43b790_bg[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\bg[1].jpg
Size	33.6KB
Processes	8724 (scbybt.exe)
Type	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 848x480, frames 3
MD5	`28ce0bee04ab5e87bdf396a2335c5bbc`
SHA1	`97bcbe96b87043a21828aec8f1a5fea5788aa9a5`
SHA256	`aa0042426b43b7909a426b1f6e913ea1a24e1fb6a00fb94952c4deef434cace6`
CRC32	`5209AC30`
ssdeep	`768:QXE/B9PORE/shCH3KJ6VFZsNBVa9HiwTpaP1d3fiGXC2WBMnK0xc:Q038haWUzqBYHiw8vvRXCHJ0xc`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	f4acb8de7ee4c64e_netbridge.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\NetBridge.dll
Size	238.1KB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1618c56fd42a483782f863555b2eef12`
SHA1	`130dea21a6aa501ab63277fe429571442c520193`
SHA256	`f4acb8de7ee4c64e9ba4a0004cbde9282fd3ed5f0cee7633cd3efa197eeda196`
CRC32	`AA0A9535`
ssdeep	`6144:yJlU7zM4nGH4Ye1XBINNN8YCh2Jo9TB7PTkRc3/:y/SMH4YUXBIfPdo9T1V3/`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	b6794c2cc0870411_{880CE2EC-4532-4955-8AB8-9E08330A7C82}.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{880CE2EC-4532-4955-8AB8-9E08330A7C82}.tmp
Size	24.1MB
Processes	7388 (scbybttprepush528.exe)
Type	Microsoft Cabinet archive data, 25278986 bytes, 1 file
MD5	`09fda8864ba82b306eeed8959bae888c`
SHA1	`b5004c3be7592f3b0b74c89346511e1c0d6c27e7`
SHA256	`b6794c2cc0870411e9ace6c17e4d3094c8e4386f66acee7dcde391ecc573e116`
CRC32	`02E469AE`
ssdeep	`786432:2nyHxH6qXvrx3BWUwStoAw4y+Ekdhjt8El0GdU1WS:2nOlTx3XLw4y+ESllLy1WS`
Yara	None matched
VirusTotal	Search for analysis

Name	36c6686f8d6c9909_upload[1].jpg Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\upload[1].jpg
Size	76.6KB
Processes	8724 (scbybt.exe)
Type	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 359x196, frames 3
MD5	`423067346e97aa49abdd14d0c9303e8e`
SHA1	`f7b6d25a5f2d68de6964c998b8d45ac585f5da0a`
SHA256	`36c6686f8d6c99097763902b687ad5ddf67b5851e5139f1fae7e0bad5c739737`
CRC32	`8CA26DF4`
ssdeep	`1536:11270IRjlLEsZAB8Yn7M9TRoFVih8ZiXZw6iDTONLetua:1470ehDZYn7M9TRyih8ZiXZtiOiua`
Yara	JPEG_Format_Zero - JPEG Format
VirusTotal	Search for analysis

Name	6d13cd7546e4c997_d3dcompiler_47.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\d3dcompiler_47.dll
Size	3.5MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`bf435f59c5a079919ae75eb3964d796f`
SHA1	`175be2807da8ac9cbcdad7e3b22c519353c308a7`
SHA256	`6d13cd7546e4c99799cd030dca8d13f0d1d350f084a53e92bd885821b4ab8f41`
CRC32	`B107E34A`
ssdeep	`49152:6XxztRVg63VCssRWQnP73DPFeYjLpZyLpsRug4TJz07+GM:6BzrVgoVCbLxTpkpsRugYiM`
Yara	Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature IsDLL - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7a5e440b0a92d28b_sv.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sv.pak
Size	42.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`f7e36957c30dfe2bd84d0e4caeb38665`
SHA1	`8def0bbc31904575c554c6197331213d4f206b89`
SHA256	`7a5e440b0a92d28be0f09a506011904c7869d3525ea9b401dcbd74926b20bfa6`
CRC32	`8C6821CB`
ssdeep	`768:uBpgKmbIB5nC1XIvIb4COmX/wrJxiEnlG2qmznRMX1tTTbCp:uMVIvIb4C9I9xi+lflnRMX1trCp`
Yara	None matched
VirusTotal	Search for analysis

Name	6fe9ad228f3cd89f_news-bg[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\news-bg[1].png
Size	3.8KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 65 x 17, 8-bit/color RGBA, non-interlaced
MD5	`f54ce52fabba9384351cf92c9516c383`
SHA1	`8ec1a674e77443b5fcf41dcbb961e2f12e0ab97e`
SHA256	`6fe9ad228f3cd89f9f3be596d456f64e56b62746a02530f18f393f4ca62f2e61`
CRC32	`CD09C4B9`
ssdeep	`96:PQkcUU3zxhORbN/dWBgBivMik/m3zpHBmQbLbTk:PruyHdWBgcIKzSQbXTk`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d76d7bce5ce4cc34_sw.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\sw.pak
Size	42.9KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3349962c8302ccf02250964b9e16dfd9`
SHA1	`890073d6dbdae60faae25913dff3689bb3e63a98`
SHA256	`d76d7bce5ce4cc34c94a496c1cd25851036bb3e2236aee8b2d7de2942f41f93a`
CRC32	`C276B436`
ssdeep	`768:QF0e4sBkyjRCWl9BiIMjuVilk/ceTphWz+sAjPhOTmLfn7oeyRad6FvRjVHygWT:dvxyjoWlHxhOT8mPVHyH`
Yara	None matched
VirusTotal	Search for analysis

Name	58c0edb1598cf840_kn.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\kn.pak
Size	105.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3a02551fee49f1fdf1d6f334e1f9c3c9`
SHA1	`7ca83006a0b550704048236719f9f1948901e7c7`
SHA256	`58c0edb1598cf8404699e532f2c4d6421958bc575d2f55e2f351c464440e3288`
CRC32	`E8AFE301`
ssdeep	`1536:cTEYbFkXhQRLD39o0zOiqU+3HnLgf6a6bnFSZxF84sjG9gNu3L5iFr9wavU01C3s:cclaU7l113J3AaiAoqpXxX`
Yara	None matched
VirusTotal	Search for analysis

Name	f6c41358472ae149_pepflashplayer.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\pepflashplayer.dll
Size	17.0MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`6329cbe4b7487a6a4dfc000260f43219`
SHA1	`2d33f64afd22e5c7ff75b4361be9d4b2ea9b64e6`
SHA256	`f6c41358472ae14914eccf3e3cbd4688330e7f3e7a741c3cc71c4e3fc4babab4`
CRC32	`3CD4F771`
ssdeep	`393216:CzvAuAbPuXsTsaf7YQhvfod1zLH/mjxzSjj4rZUoZNH:Czv7AbPVfjed1zrAFJ+I`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	9c5cfbc5e628ea8a_nav04[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\nav04[1].png
Size	2.9KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 72 x 19, 8-bit/color RGBA, non-interlaced
MD5	`2aa5b2d5b1e94dfe00b60bcaec6f4244`
SHA1	`5ed97d771392c2358008b05fe3e9de6de4fec6c0`
SHA256	`9c5cfbc5e628ea8adc6bdf4e4427e8f0a4867939e9a350f68255b1d8b2c8624e`
CRC32	`911FBA23`
ssdeep	`48:QoArUjgxL2q3WwX9nCVeTFqq443ElHH0QEbtS/+qgU8tUbpgN48t371NRk:cYEN2AXCVSz4MOQtSGPU8SbpMr18`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	557236ca4930c9b9_Cef.7z Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\Cef.7z
Size	24.1MB
Processes	7388 (scbybttprepush528.exe)
Type	7-zip archive data, version 0.4
MD5	`b4397bc61fc3cc1ff3e3a82c50c964c8`
SHA1	`447cfa5a3a6574e0f3a01eeb34f7f7e713184c52`
SHA256	`557236ca4930c9b9964313de8f055f7264c534ab00738d80512fd3c196e05879`
CRC32	`7B22AD84`
ssdeep	`786432:8p93h/NbHXz9qvayto6pHTH5sTFDwN8CmanQm1/Si:8pV7j9qIETH5sTK2aQu/Si`
Yara	None matched
VirusTotal	Search for analysis

Name	165265fd45a2f5fe_nav01[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\nav01[1].png
Size	3.2KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 72 x 19, 8-bit/color RGBA, non-interlaced
MD5	`5f8f5a1edd1a8a52bae7aef3682dc8fa`
SHA1	`01f89bc00cf477e4eb3597f52bd7e4aadf3b9918`
SHA256	`165265fd45a2f5feb83d4887b32ab8068237c16e5ce2acece722cf74027dff98`
CRC32	`2FEC3609`
ssdeep	`96:NXrRo6uR0BXNxOJIjAl7/YpIYEJYsKtrEuw:JK1eXNxOJIjAB48J2Yuw`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	1c0af7fa747d3c59_fa.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\fa.pak
Size	64.8KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`8b70d5fd5cd6756f1741bf06bc45440c`
SHA1	`31d7407b576777420e8ee921988e54181ac82839`
SHA256	`1c0af7fa747d3c5906191fe47c1d17f7fea3984c42f0432927e5e52d02dbc64e`
CRC32	`0D9993F8`
ssdeep	`1536:HFHhwLeXFkTEwhw+Y+smpAVlg+EkhPK/ofjHw9BVRlWaXZl0pPxeAkriLijiti4z:lmLeX6TEwGssmpulg+rP8Uw3/lthipLP`
Yara	None matched
VirusTotal	Search for analysis

Name	d82c1a849c963054_cefres.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\{F6D41D1D-CDC4-4221-9769-8B15A651D2AD}.tmp\CefRes.dll
Size	24.2MB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`6ebc597bcfd7267fe42045005bb796db`
SHA1	`7313c8b9d34e92e12ca8f614b8a5f2913dedae6f`
SHA256	`d82c1a849c963054e41704d49258ea634de816f0b596de1ae97fd9266de3a5a3`
CRC32	`0D7AB7E0`
ssdeep	`786432:GnyHxH6qXvrx3BWUwStoAw4y+Ekdhjt8El0GdU1Ww:GnOlTx3XLw4y+ESllLy1Ww`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7bbfc0e10cc75931_scbybt.ico Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\WdGame_scbybt\scbybt.ico
Size	384.4KB
Processes	7388 (scbybttprepush528.exe)
Type	MS Windows icon resource - 7 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
MD5	`3e4a199680f2f395d921709b074e37f6`
SHA1	`ff9a278ed746a24e40e49bc6e39c208ba5318162`
SHA256	`7bbfc0e10cc759317416a6fff54fc097818cef03654ce581ee295b3ca0a28c4c`
CRC32	`C124651F`
ssdeep	`6144:2n/LrHyn/3C88HKHKHKw6QJJmAAAA0AAAA0AAAA0AAAA0AAAAnKKKXKKKXKKKXKJ:Win/3Q6QJJYyyyyyoNNNN7`
Yara	None matched
VirusTotal	Search for analysis

Name	9a7bbba149721c58_el.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\el.pak
Size	82.5KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`9ca20da58e84e6f426deaf7821530ec6`
SHA1	`8d3b3ee5a2a3eb977ac6e88f4d3a448de89a87a6`
SHA256	`9a7bbba149721c583a42a74ec6a6579eed9999a8ea4b25d37315c5cc5a14b0bd`
CRC32	`0895015A`
ssdeep	`1536:CEI+xVsjrqyKKDrzUlXIgTlv0pod/Ayc6jKpKxGh5LSdKnwrhdGN:CXKGzUlX9lv0pod/AycKKpuE9SdKnwrC`
Yara	None matched
VirusTotal	Search for analysis

Name	1804cab9fa42d773_ar.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ar.pak
Size	66.4KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`3e0f34e58af836de6b1ffa787e0653b2`
SHA1	`bdd143eb4abd1adf116ff7f6fb15381157ca0630`
SHA256	`1804cab9fa42d7735689e9cdd7a17ecc1660aa70fe0ffd4eb634f5c3b5a1c9bf`
CRC32	`B58800A0`
ssdeep	`1536:FxYq7fOD2NWAPPtivQoFKyZhAIptPQIBXiHSIccZo4s6qyJ+8N3l8O+oo7:FxPXivQodZhAFSIccZqyBY`
Yara	None matched
VirusTotal	Search for analysis

Name	48bc71118ef8aa72_index.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012020110220201103\index.dat
Size	32.0KB
Type	Internet Explorer cache file version Ver 5.2
MD5	`4d73fb54c11273f3b7dd12e460df9a7e`
SHA1	`53c458d7f25b3b2a567991efc4edcb338af93089`
SHA256	`48bc71118ef8aa72552c477b89cbba8a3536622afe1a06387c04020daae80fe7`
CRC32	`46532081`
ssdeep	`48:q9EoMMm1zKyvG+TKnOHrU1BhFwGlHfstlfl/k7lEVGtDh8TPbWMx03hxb:q9EovE7KB1/hwxen`
Yara	None matched
VirusTotal	Search for analysis

Name	07313e6077ff97bf_version.txt Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\version.txt
Size	15.0B
Processes	7388 (scbybttprepush528.exe)
Type	ASCII text, with no line terminators
MD5	`ccdff7dce4b97b49ab39ed7b1ab98a13`
SHA1	`38f8c5de77acd49c21f085abda7da47d4b1cc28b`
SHA256	`07313e6077ff97bff7503339ec15f737b8e54170fafbd83ccb482074495e8cc1`
CRC32	`A1C91090`
ssdeep	`3:SQkVVUrT:SQk/UrT`
Yara	None matched
VirusTotal	Search for analysis

Name	a060999854c47e2d_libegl.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\libEGL.dll
Size	101.0KB
Processes	7388 (scbybttprepush528.exe)
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`222fae9bb84a4ef4a5198bda24c2e4b2`
SHA1	`99aa8fec03efb23e622b55f7271f99888aef63f4`
SHA256	`a060999854c47e2d481dc526c7ecb3694cb764c4130a26b19be06313ac438c38`
CRC32	`CB95054F`
ssdeep	`1536:M2uK+kq7jnqf7l2UYMUkTSq+/0pFCQB4uPTLZVsWKJcd59/07LsunLRQE/+188FO:M2pl2UYd6+/8vP3L59c3suLRZ/+y8FO`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)
VirusTotal	Search for analysis

Name	bee7d8571d43883a_ko.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\ko.pak
Size	47.8KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`5b3a3241d2b048074cf841cedfa48ab9`
SHA1	`49eaad312f6e1a84621bb3678e6477368da455f7`
SHA256	`bee7d8571d43883a5e90d06f59c6e60d63d354efaae6da93446841a961e1d881`
CRC32	`A3339B4F`
ssdeep	`768:hqTznhlG8IKZ3Y347TS1zzQmtJuJ0JYJb+4sI6MjKf2y15aHPYfOiJpNzNbV7ZpO:oLHj7TS1zHGwkbAKjKf2uaHwfOM9bA40`
Yara	None matched
VirusTotal	Search for analysis

Name	4a6c87955f2fe9ef_main[1].css Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\main[1].css
Size	10.5KB
Processes	8724 (scbybt.exe)
Type	ASCII text, with very long lines, with no line terminators
MD5	`202990cb35a8687fc02f535294f42773`
SHA1	`f785b411725b040af9753183eca18f4a70d4c87e`
SHA256	`4a6c87955f2fe9ef79fd6c454d3e42d5a84ee107cd781f8c1fbc2637f4324e2e`
CRC32	`84AAED1C`
ssdeep	`192:3x6n78pU2Z0W8lq3hFUH/9eXWpuG2f2ltyK4a:3x6n7zM0WH3vUfe2yva`
Yara	None matched
VirusTotal	Search for analysis

Name	c730345485d4b819_config[1].js Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\config[1].js
Size	2.9KB
Processes	8724 (scbybt.exe)
Type	UTF-8 Unicode text, with CRLF line terminators
MD5	`9680daf7c9d9e06f41550ee8d56a19e9`
SHA1	`5fa542baab09fd10d48ece740d2240abef444ea2`
SHA256	`c730345485d4b8191f055a96da4e13cfb5d1b5de5f22efdef22ba033c92ffe08`
CRC32	`28BD6F13`
ssdeep	`48:391aCe0zwglWSpXjuMV5m9BQiloFYKkCrDSaZH+2Qz7JzdPaepqjOkBnqf:3WMjlnpTuMVOBQiloFOCrDSO+PJzdPag`
Yara	None matched
VirusTotal	Search for analysis

Name	5245e48f2a60dda1_input_log_act[1].png Submit file
Filepath	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\input_log_act[1].png
Size	1.1KB
Processes	8724 (scbybt.exe)
Type	PNG image data, 238 x 33, 8-bit/color RGBA, non-interlaced
MD5	`c6d1f0af77f472ff7d2837dc39003fbc`
SHA1	`daa5487051038faf0cd5efa5ca8ea3701f32ab4e`
SHA256	`5245e48f2a60dda1004d79d370ae4dc68d7871e65e7d1e77e7da2ba50165109a`
CRC32	`F6490452`
ssdeep	`24:zuqRH+iPjH9+GyMBXsWEjewIO9wantRsVbCz:zPTL9+aPESDakVbY`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	f56a343f0aa70ace_es-419.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\es-419.pak
Size	46.7KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`4e39e879e5a53df3d78db05328bfe87e`
SHA1	`80b1abc10c0917a99e1f76f946a8f39471db83aa`
SHA256	`f56a343f0aa70ace3bd982d8dbddd59cd297cffd2ba2cf7a49e664a752c70606`
CRC32	`3B02DE22`
ssdeep	`768:hbRytj/884TLyoKmP2sbBgHTMNh6S/z28/RfArKgBCAIQUuY8BKRJFX11V0:+jDwLyePzm06S7DdAUuY8BKRJFXvV0`
Yara	None matched
VirusTotal	Search for analysis

Name	7607f601e7f7bc4a_hi.pak Submit file
Filepath	C:\Users\test22\AppData\Roaming\WdGame\Utils\cef\locales\hi.pak
Size	94.2KB
Processes	7388 (scbybttprepush528.exe)
Type	data
MD5	`a8dbe08e837af7350d12b0c6797e8f26`
SHA1	`c9142ed1d8a1b3a5bdc2ddd04f803a4a82c6abe0`
SHA256	`7607f601e7f7bc4a7deb1f68cf3d5791ec4d2811f37fac0efc658eb1ca1d9b04`
CRC32	`85E37EA1`
ssdeep	`1536:SrFi05kT4PSLfgx4JtqT386/TOfFT3mcp:4i/gx4JtqT3TTOfFrmC`
Yara	None matched
VirusTotal	Search for analysis