Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.29 12:04
X-Rays From an Overdri...
04.29 12:04
[일본 애니메이션]샐러리맨이 이세계에 갔...
04.29 12:04
[Control systems] CISA...
04.29 12:04
Sony Weighs Chip Spino...
04.29 12:04
IT Sicherheitsnews tae...
04.29 12:04
Automatisierung: eine ...
04.28 11:04
Ubuntu security adviso...
04.28 11:04
IBM security advisory ...
04.28 11:04
Dell security advisory...
04.28 11:04
Combat Rising Account ...

Dropped Files | ZeroBOX

Name	d18c8312df01bcc3_craft127.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\craft127.dds
Size	21.5KB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`17a2de181662cc2b3de3d0f76a9bfed6`
SHA1	`f8589636946709caf048e17fb09263a142966eb7`
SHA256	`d18c8312df01bcc37a2a078b302a9ffa0321852adbbe347c5e74ac960dabbab6`
CRC32	`1627BF77`
ssdeep	`192:P0Qj9bND7xuM5UjWl1+KUxnItoKcViCGiw0nUFiKk7sxPM:cQj95DluM5Ua4ccV8FFE`
Yara	None matched
VirusTotal	Search for analysis

Name	bc51fa3984a4143e_custom.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\custom.dll
Size	80.0KB
Processes	2272 (update.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b410b7064f39b3d6bd3a42ef91f0b6c7`
SHA1	`2f0535486b4967241e7bb30c9ebbd82781caee14`
SHA256	`bc51fa3984a4143e2566e7e3d76f38e61bfdb4850e73e67fe96ad215d3f98c81`
CRC32	`4406F367`
ssdeep	`1536:tZ8fk9Vpe6LorJWHbo7Ex4II8QoOsWSscdQsGL9fZU5:fLII7oPI3l1tQ5L9i5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c8bfc56418e00016_smob.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\smob.enc
Size	103.0KB
Processes	2272 (update.exe)
Type	data
MD5	`e2d66460d2f82cff159a61ca75930e2b`
SHA1	`f92d782f28e4b72ea7962455fc2dc2ccbfe1dd93`
SHA256	`c8bfc56418e000166725df408551df6669b2b65de86e625946fb31c5ca5c1894`
CRC32	`47121BD8`
ssdeep	`3072:BbJCbl7uVZI8oNFQa7CpnFkjUgk9XHqBR:BbAl7qzo/POFkIgkpHm`
Yara	None matched
VirusTotal	Search for analysis

Name	1f767f74c7a38ef5_assistant.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\assistant.enc
Size	7.9KB
Processes	2272 (update.exe)
Type	data
MD5	`f0ce48ef331f7213cea582f493c9daa5`
SHA1	`5d5ac8f493f4e64a1026fc373f332ca0b3af5756`
SHA256	`1f767f74c7a38ef51d54afe3d3780108bb39ae34468f398c0d91925065017945`
CRC32	`BCFF2B09`
ssdeep	`192:oI667YS6Wr7KY45juE+zYVcAl0MU0G1lbRHK8OgJpIu:f/aA145/V90MUnjRHK8OgJJ`
Yara	None matched
VirusTotal	Search for analysis

Name	906853a2e2901e41_title.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\title.enc
Size	37.0KB
Processes	2272 (update.exe)
Type	data
MD5	`5def49b7858921a3d64fee66f38e54b3`
SHA1	`20f79f13fa3f11cb0335990b6bbc6807ef504551`
SHA256	`906853a2e2901e416f5e4ba7e8a2feecdf4bca38f2aecd60873cc4531b5c2c27`
CRC32	`6E6C85A0`
ssdeep	`384:+1jZdgJgKpbmiudrfXLYNLlTwdPEtAbPI9Yxw+5ZeFxTQR5xfWd19tUk:mdObm3T72IsSbPxe+beTQTsdek`
Yara	None matched
VirusTotal	Search for analysis

Name	5c6dce51379e7f66_achievement.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\achievement.enc
Size	43.0KB
Processes	2272 (update.exe)
Type	data
MD5	`2efc38d636321b883cf2adf170f22a47`
SHA1	`a9e18fcdc1368fa02a59fb0e7e216b5dda09ef9e`
SHA256	`5c6dce51379e7f66e284801e78de0b237d1b0c644071ce3378a46e2c4ebee436`
CRC32	`E206BED3`
ssdeep	`768:h8pSQ/WXKgSzO4QS0biPHrRthKCgUeXy47zNVsQKZa+ZgbLVy2WMdY:+tuXKgSD0mfNtJ0waXbLvWMdY`
Yara	None matched
VirusTotal	Search for analysis

Name	78aee9646afe7ef2_usersetting.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\usersetting.dat
Size	343.9KB
Processes	2272 (update.exe)
Type	FoxPro FPT, blocks size 2, next free block index 134241539, field type 0
MD5	`1a39c93e842be381a7bf7fff51e1f0cc`
SHA1	`5494f3f91d1e05d816eaa14d4935ad9167927f2e`
SHA256	`78aee9646afe7ef2496366c412760bc18185dfe2b042873fa57c01a415b38026`
CRC32	`C4F971A0`
ssdeep	`192:esepzgz4MnxHwFUmRvuK7KQSdg7X+riKNgY5t:Oz+twSYvlRSsX7mX`
Yara	None matched
VirusTotal	Search for analysis

Name	12c2e386cf6a5bd6_gilas-cabal.ogg Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Sound\BGM\Gilas-Cabal.ogg
Size	605.6KB
Processes	2272 (update.exe)
Type	Ogg data, Vorbis audio, stereo, 48000 Hz, ~128000 bps
MD5	`970763fb55aedba3869273791d648b0d`
SHA1	`8952590169ed5decf7337ca8e04fbd85762867ae`
SHA256	`12c2e386cf6a5bd6d1649f46d8ac2a6723032f1d06dd49415cc88ca66dc0e93c`
CRC32	`40186D99`
ssdeep	`12288:qeA1Vo9r3O1lWo4mD/mD/1JJTEEzxWjNHia8WL5vT:oiOH4uK/vNZxWR18WL5L`
Yara	None matched
VirusTotal	Search for analysis

Name	217408ea0b31ca04_ui_texture0.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture0.dds
Size	1.3MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024, DXT3
MD5	`e74c4c295a37c2f089801e784359fee4`
SHA1	`35d6e589ba81a2b1fca4ea43fedd4f87a5ec5d3c`
SHA256	`217408ea0b31ca044b6258cbc72c725c4400d7f916878192f2834f4cc49fe894`
CRC32	`1598BD20`
ssdeep	`24576:a4177SW1S+++++++++++++++++++++++++++++++++++++++++++++++++++FdbV:a4wW1DFHNH`
Yara	None matched
VirusTotal	Search for analysis

Name	2f31e1a97d7412d9_destroy.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\destroy.enc
Size	95.8KB
Processes	2272 (update.exe)
Type	data
MD5	`d748752548440f738a142bc7df841439`
SHA1	`f1a3eb15243c73856e4e05313e5211f047831214`
SHA256	`2f31e1a97d7412d92c56c876c079fdcad56ea1607af653667cb80dd6aef7fc11`
CRC32	`106162D0`
ssdeep	`1536:7sRFR/pW8eWtxaP/FSOFVlp8OJGGcgxSjebdfXOGdotGdTeuIPvUNG:oDMWuP/FSOFVlp8OJGGcg0jebdCuAvUg`
Yara	None matched
VirusTotal	Search for analysis

Name	aae310d51ceb77d2_keymap_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\keymap_msg.enc
Size	2.8KB
Processes	2272 (update.exe)
Type	data
MD5	`e3c2bb915457d144243154cc98a00f19`
SHA1	`2c5bdad3ea263a13f16485b5a2e94a2a8771b6dd`
SHA256	`aae310d51ceb77d23ec3f812272ea9ef9f5aedec515563c2182d5f71be12c79e`
CRC32	`5DA08D3D`
ssdeep	`48:lGxjeMWtkSztu7e30vTepQc28A9mHGxuXbazlowt53FHHMCIZJwr3zy07IYiIXpF:EM3kStuScSavlVxrlZvHHMCIZNw50/Ja`
Yara	None matched
VirusTotal	Search for analysis

Name	c2d8c8a8e6f9fb46_skull_13_keep_r.ebm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\SRC\ebm\skull_13_keep_r.ebm
Size	149.9KB
Processes	2272 (update.exe)
Type	data
MD5	`fe3b2988ce9b06f1f4919f00ea48dd30`
SHA1	`4609a5daf94ee436d817d73e907cd00421e233b7`
SHA256	`c2d8c8a8e6f9fb46b2328d5d450dbc5532fedb960b025dad2d57b184dd8af67c`
CRC32	`52465FEA`
ssdeep	`3072:+aJx8Wr0QY0Gfh/pxTlzUY9glzUY9L9WpZd69n+RFNqUXOZZftLjuUj:+a9NI/BKdcy9UNMZNtXfj`
Yara	None matched
VirusTotal	Search for analysis

Name	47887e0418fa0d14_cabal.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cabal.enc
Size	412.2KB
Processes	2272 (update.exe)
Type	data
MD5	`75d678ed6e9a106a98fbd3c709628796`
SHA1	`75be88900278ca01b2a7917b3a41498d98e569bb`
SHA256	`47887e0418fa0d146e66cd4eeb9876e98b89b7a2d4965097c9050a55020d459e`
CRC32	`1F0807C7`
ssdeep	`6144:Fui6BR90muTw4ZNHAdiUTmk/plOy5UDGfWQ26TP7hxBnReJCRTTSNHkZD9OjOnHD:Mi610zwYCJOiUyP9eJCRT2qZhGgzR`
Yara	None matched
VirusTotal	Search for analysis

Name	f9571ec59fd63282_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\msg.enc
Size	60.4KB
Processes	2272 (update.exe)
Type	data
MD5	`fc77705d4b26714bb4310ac81c2f2ddb`
SHA1	`585957517a97417d27de26bbfe80aefc9b5f5bac`
SHA256	`f9571ec59fd6328258637c211f66ae8f1b108630b5ad4be9c5d44656768683eb`
CRC32	`A1175B08`
ssdeep	`768:XW/tKzFuOoyfxoxsizgwe3ud3KDDTkltVS+KaTSmwcYTEbAjFuweL1mby9LhEFN:GVKzFlyxjnyuxck/GkSEbAMweBmycFN`
Yara	None matched
VirusTotal	Search for analysis

Name	2ed29f6036cf2c07_quest.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\quest.enc
Size	157.4KB
Processes	2272 (update.exe)
Type	data
MD5	`c3f7de5746e8ff5d7b46715a2be66673`
SHA1	`2e253789ef0ffca674263ae05993e6fb97bbec32`
SHA256	`2ed29f6036cf2c0796650e51fa83d90ab2b8860940023e3e98f0a59a4383fee6`
CRC32	`3161FCDD`
ssdeep	`3072:eRva0Pu0shjhwQukyarVol2zZzh7qvuJBVixEswEAci9c9OHv0+bm:APFI1uvWvzZzUvupN0+bm`
Yara	None matched
VirusTotal	Search for analysis

Name	49284b31f28d0a62_sevenzipsharp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SevenZipSharp.dll
Size	147.5KB
Processes	3040 (cabal.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`05c9849856abc683bcbc5c8d7921c146`
SHA1	`ad8ec49116b026eee2dd04d6434ede7ddce9734d`
SHA256	`49284b31f28d0a62d797cfcf17f464c8c2b22b29d0e8ab7c15c94724d83e595c`
CRC32	`0A380B54`
ssdeep	`3072:auMYWaB5+DBS4+aYX/PzJiXyjdZXUtd6uEhd/yZcvdUCG:auMYD7gJY1iXyjb`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	65823cd1d2332f50_cont2_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\cont2_msg.enc
Size	18.1KB
Processes	2272 (update.exe)
Type	data
MD5	`2f896fc5d6c5148f597328d42cd46b15`
SHA1	`2fcf2beea8d62a1c74f93f6e3ade0f84ef9c9da0`
SHA256	`65823cd1d2332f508b59d5eb6b494af4a9c79cd39f3fbf22b26462c0782ab1f4`
CRC32	`D3700A75`
ssdeep	`384:KWxF3K4u9POBnHfiShLaFDWjRuO8RE+3Y/hqYH0b7Hd1tKkOnPCii:n9K4u9eHqSBiYuOoYZbUHHZKVzi`
Yara	None matched
VirusTotal	Search for analysis

Name	0453c78b2cb7b446_craft122.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\craft122.dds
Size	21.5KB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`45b9a24d8711f83637428e41ce14bbd9`
SHA1	`3c60e6d2cd00f04466722b2030c615bedd193211`
SHA256	`0453c78b2cb7b4469fb38123bb1fa3ecbe53f519fc82abc38ec2ef571e82d601`
CRC32	`FD599A3A`
ssdeep	`192:OlZkHRkM4gRcABOOtavEF8C7LX566QFWJO:OlqxkM4mcABOOtavEf/X566GEO`
Yara	None matched
VirusTotal	Search for analysis

Name	275ede41cdee509c_resources.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\resources.xml
Size	15.1KB
Processes	3040 (cabal.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`289308f2e9495c8a538d5da59b92b2ff`
SHA1	`698ee95e700b0baf6cf00891698bf0c9a9e2d220`
SHA256	`275ede41cdee509c3f5da931c385c8e0ec4db0c6c0b748dd2ecc0325740cd206`
CRC32	`796AAF58`
ssdeep	`192:393H0WY0nv9/4JjzxnTeifvrhNTf5kIddGdwXcwVRwkBMXTUs:teC4JPxnvrzTxkIdwdwXcXkgYs`
Yara	None matched
VirusTotal	Search for analysis

Name	17239c9c25979956_klog.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\klog.enc
Size	599.0B
Processes	2272 (update.exe)
Type	data
MD5	`88ef7144d3a313caca880f6172f2a408`
SHA1	`8a1583d006b7f7509a116cdf0977e9c38a893a64`
SHA256	`17239c9c25979956ad5c2866f4631c4fa0a8009899052f77c1dcba4f8df47578`
CRC32	`6DEBCAC7`
ssdeep	`12:074CXYUOj2F1YpNWiABxouhGoPv6H9Yp37dGJBVHh2+wPR9xaVwKMjklKSMQJpp5:wX10nWOuhLv6H9e2+59xv3jk1Rj5`
Yara	None matched
VirusTotal	Search for analysis

Name	9ec302e084f312e0_craft121.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\craft121.dds
Size	21.5KB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`dfa07eee1896dd7be6728a45fd219961`
SHA1	`9534da8127781e9c01f398ea22bfa3585a3c81ca`
SHA256	`9ec302e084f312e09bf7b9afb12540d10bc5a5cdf3d8ccce3875e93b64bc8560`
CRC32	`684D3B32`
ssdeep	`96:GZ/ZlJRodwDCBHj1wBMwJ6ZKOkfJRyBWfTOJ+gR9q8a+0/cEe8tMzSEumLXqK66x:OlZkHRkM4gRcABOOoxEF8C7LX566uF5s`
Yara	None matched
VirusTotal	Search for analysis

Name	957df7c107a16e4b_update_1.7z Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\updates\update_1.7z
Size	180.0KB
Processes	2272 (update.exe)
Type	7-zip archive data, version 0.4
MD5	`ef603dc1f57e8686899c907aa6c5c9eb`
SHA1	`d704ee6a4047264da0ac0f58583ccfa9cf72d548`
SHA256	`957df7c107a16e4b0af6145c737de3ed39d7b2255ba02b184d41b8e76c2afce5`
CRC32	`08CE25D1`
ssdeep	`3072:nLY61ZYA26bSDM3ILCXfzgHnNyh2uV5KAHC8TFkshRfyNR4H244smw4ot:Llk6mD0ILCX7MuV5rHvFkEt8R4Ht41wB`
Yara	None matched
VirusTotal	Search for analysis

Name	e13db9793f20fcd8_skull_13_keep.ebm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Item\arms\Skull_13_keep.EBM
Size	309.7KB
Processes	2272 (update.exe)
Type	data
MD5	`ee6bfe23a65ceaf56496fe01f6e26e2f`
SHA1	`ec5152b21d764c6340c128c47e96ef5a85e80571`
SHA256	`e13db9793f20fcd8161274168ea7ab60da1bdc12d4088d40777a76ce1e5d91a6`
CRC32	`818ED2C3`
ssdeep	`6144:p8X4/61JUhXyXvPqBVyw9D3mOeKRsCwxAxVyUZmR11cy9UNMZNtXfj:qXsKkSBKRfwx1dhZNZ`
Yara	None matched
VirusTotal	Search for analysis

Name	96f29b004cce0f55_bike_46.ebm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Item\bike\bike_46.ebm
Size	2.0MB
Processes	2272 (update.exe)
Type	data
MD5	`33df49e9aac027c77ca448b62746f0a5`
SHA1	`70aabc1e5437f9676e54052890ad67427f413fb6`
SHA256	`96f29b004cce0f55b8c3248511297f61a553ece00003408443c82595d44e05a4`
CRC32	`FF4AB532`
ssdeep	`49152:mtp4H8TiHn++txDoKRzQmojoOgP2bpX9VF7f:mtp4H8TiHn++txDoKRzQHjoOmKL7f`
Yara	None matched
VirusTotal	Search for analysis

Name	5a45618cfe299408_ui_texture10.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture10.dds
Size	1.2MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024,
MD5	`1424f92e9ddaec14f67f856dbde93e86`
SHA1	`f740a50897d8cc4f112f6ec1af74f3a8d2f64b45`
SHA256	`96a5b626d1c59d809ecdc1fcbc3bdfdb625d50351893cd44e83accca0c96341d`
CRC32	`509B9855`
ssdeep	`1536:ccMFnFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFm:rM5fC`
Yara	None matched
VirusTotal	Search for analysis

Name	efd63fbfb324bce3_ui_texture1.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture1.dds
Size	5.3MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024,
MD5	`a1ebeabd16a933c7a584fac51d374b91`
SHA1	`068402a3a410958681282edd547049a2c575a824`
SHA256	`efd63fbfb324bce38eb65e5a999c20efab3db662918fb9a9aa2b389500875456`
CRC32	`4BD6B5A9`
ssdeep	`12288:ll3Xc+vXq40V/yl0FwDc7/4jC231nt6ALbyHYhoOCGvBe/I1MwI0VAO44gx:ll3Xc+vXq40V/y4/I1MwI0VAO44gx`
Yara	None matched
VirusTotal	Search for analysis

Name	27da7f4e4065778a_ability.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\ability.enc
Size	9.1KB
Processes	2272 (update.exe)
Type	data
MD5	`3a53507d689520d5594bb6e788d725ba`
SHA1	`3338ce31438a925273a436a83e444a39fa620257`
SHA256	`27da7f4e4065778a1109cdea341b2f17bdbea4ac46e0c4d4fe6c75a667fe7f27`
CRC32	`583FCA14`
ssdeep	`192:jxlZWPCtqm4vOUhFeL1SgNwgOvl7R58Mr5mluAuDJ0fo1W6Sii4Sq6Ri:jxl4PCtqJDeAcw55n8A5mQeo1F/Sq+i`
Yara	None matched
VirusTotal	Search for analysis

Name	67135c5c4f61b1af_caz.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\caz.enc
Size	2.0KB
Processes	2272 (update.exe)
Type	data
MD5	`384bc3ca984771792d8b348c3fcc461f`
SHA1	`d4f0210ad7cb448a2f159ad8a94ebed18da23c87`
SHA256	`67135c5c4f61b1af597f0c11bdda0b00fcc1b53797a95bc46fcdd4883c6024f3`
CRC32	`96CDC40D`
ssdeep	`48:B7VgGh+qhv1pZzTy5TpYh6IYAaDlFne1R6b4Q0apQqcU16Kw:1VH3zTy5bAQnBb4XaKqJ1zw`
Yara	None matched
VirusTotal	Search for analysis

Name	736dd134f85f5ba9_global.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\global.enc
Size	62.1KB
Processes	2272 (update.exe)
Type	data
MD5	`2e6af8665579ccf8aa1d5a28450c134c`
SHA1	`2b385be8525c999a8f7a6e69c6b9d6c3afec9ab5`
SHA256	`736dd134f85f5ba9addb27cba58788eeef4eb83610a5d35cdac097f4a44d5d59`
CRC32	`705E4D91`
ssdeep	`1536:0B2YJ8knX8vLJpS82pcy02JzkGobIGy+5Jb4ONgD5NFjlqi:0Ln+9pS82OwJwGob/5lN0NZlqi`
Yara	None matched
VirusTotal	Search for analysis

Name	e0ff03599f59aff0_xdata.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\xdata.enc
Size	25.9KB
Processes	2272 (update.exe)
Type	data
MD5	`1fb409eea04190ebc083907b7ee87394`
SHA1	`71d817dd83d172ab98b0947699719b1064ac4e68`
SHA256	`e0ff03599f59aff03f35e780db61c9afc034fabac6354913a1661ab96835c214`
CRC32	`95AA09CF`
ssdeep	`384:2J+s8B3nt5zw52K7lP9v5gZE90nXLSF1G8iIAGE9d32KUZDWfsKJ4zS9T6kSW26c:3B3t5+99uNLF8lEvuQKS99Is54vTP`
Yara	None matched
VirusTotal	Search for analysis

Name	f6883df7b96645c3_craft123.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\craft123.dds
Size	5.5KB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64, DXT3
MD5	`af8092a05c0d5ca8cc89056ac5d5bb77`
SHA1	`d47e297df4bc0f78bd26d6218461f84b3991a9c7`
SHA256	`f6883df7b96645c3135599a870919e8895e6d95082b27a21b947fd47c1c08819`
CRC32	`11751A49`
ssdeep	`48:GZ9dz0r6+gP1C798K7fCrYyStxaYSXpX9rvulawrf1jWqa7:GZ92qi9/7pKMawrf1jW17`
Yara	None matched
VirusTotal	Search for analysis

Name	e1e499ea11377e71_item.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\item.enc
Size	163.9KB
Processes	2272 (update.exe)
Type	data
MD5	`9ed3ce455bca155b16eb830ed3d649ed`
SHA1	`fcfe9e08f316e0f2400d450160eb8255090f4a31`
SHA256	`e1e499ea11377e7115cd3f81a93358e0c098ffd2d993bfd844082e49bfaf4c0a`
CRC32	`CF60A6F3`
ssdeep	`3072:EI3sGhXeUJPXPWclYxfT8FOcHmrzKOsb6Bw9kFDh7eWw2doR:E+XXPuaYxf4FOymrDsOBIkFDFTw2doR`
Yara	None matched
VirusTotal	Search for analysis

Name	ec8118bb302a9210_cont2.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cont2.enc
Size	11.5KB
Processes	2272 (update.exe)
Type	data
MD5	`5e70fc84c5e5f2196ed7744e84400066`
SHA1	`06d937e97a000e02f2d7c484e403d9190054f8d7`
SHA256	`ec8118bb302a92100a9f41e98da23c1affad60abf230f3ac56fcbc0f16fd4abe`
CRC32	`A6919ADD`
ssdeep	`192:yDEDdpSBzsgBgnWV+JYGmeHrElo7ItFYHDgeux1d01szaGBC0WIRu6W:YUHDDqGmeHrElKAFYHMeuxbsGUI5W`
Yara	None matched
VirusTotal	Search for analysis

Name	e7d019c4d6d6ab0b_change_shape.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\change_shape.enc
Size	96.4KB
Processes	2272 (update.exe)
Type	data
MD5	`3f1a35002906642a8dc628573f75472c`
SHA1	`a7a6d1dbf8693e069acdd488b161e279cc0bbfde`
SHA256	`e7d019c4d6d6ab0b577cd84a68c826d573246882e72acfe595a42cb046866e13`
CRC32	`66653406`
ssdeep	`3072:asnUGiBBVBBJBBC3QBBlBBSBBcBBmGBpIYPYK+qKB+Bly:aw3XGPtYrL`
Yara	None matched
VirusTotal	Search for analysis

Name	690f8ae15da063dd_craft128.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\craft128.dds
Size	16.1KB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`39c5d316d8227880ef7c995716092dba`
SHA1	`c688831685c2cef2a263b10bf79272f664eac6de`
SHA256	`690f8ae15da063dd8a99a2c7e5a983ed0864bdec57304909c93d377a04376d7d`
CRC32	`99D0F33A`
ssdeep	`96:GZiJ5kDs1PTSLFUfVytPLzEwB7lyWbm/O+L1bTC73wMHMSy3fF9rb+RL/1:ZjTSZ+gLzE2pcWwTw35sSyvzrb+F1`
Yara	None matched
VirusTotal	Search for analysis

Name	984384937c451407_skull_13_keep.efx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\EFX\Arms\skull_13_keep.efx
Size	3.8KB
Processes	2272 (update.exe)
Type	data
MD5	`0df7d5820bb108b63364f0c66a54eb20`
SHA1	`8656217acbfdd196bffa0a8995a1fca5545020a3`
SHA256	`984384937c45140711b863a0aa9595b4cb2cbbb4d4a619b36ccf20d1f1878b43`
CRC32	`9603AE06`
ssdeep	`24:BoiIi/iIixTgOyyycSk/++soTSSvdDD5oTSu5Zmmm18555wEnEnEnE:BLr6rVDSk/+JwfVDD5wbG`
Yara	None matched
VirusTotal	Search for analysis

Name	4aace8c8a330ae84_system.windows.interactivity.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\System.Windows.Interactivity.dll
Size	39.0KB
Processes	3040 (cabal.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3ab57a33a6e3a1476695d5a6e856c06a`
SHA1	`dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7`
SHA256	`4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876`
CRC32	`490DC598`
ssdeep	`768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1f27022a187e728d_klog.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\klog.enc
Size	599.0B
Processes	2272 (update.exe)
Type	data
MD5	`a88b9d452131c1bb42d6a74cec60478b`
SHA1	`7f1dd0221042da959fbf944b55ac7388a54fe2d6`
SHA256	`1f27022a187e728ddc66844954329f498104d75bead8dfb084f35092462cdbbe`
CRC32	`EAD85411`
ssdeep	`12:JIKz+EuSpztIviEH51JAhge/6WzPd9ICFUQeDyu+Ers2tX5sPlBj9UUlvB:d+EuqGviEHAymlmQeFzrs243vB`
Yara	None matched
VirusTotal	Search for analysis

Name	917d0908b4371943_main.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main.dat
Size	171.0B
Processes	2272 (update.exe)
Type	Maple help database
MD5	`5c76d529171bd1e07e258d342ac7e59c`
SHA1	`9781c06569223e24614137e8914ea2cc85bd0fc6`
SHA256	`917d0908b4371943c4168344a36bd3f862685bc29450a18ea93acfb111dc9dec`
CRC32	`3757D97D`
ssdeep	`3:oll9llulnlvlklsl1lslslslslslslslslslslslslslulfltltlsltl5ll:olWycWWWWWWWWWWWWWUt1tW1`
Yara	None matched
VirusTotal	Search for analysis

Name	51c4ec1775887a85_script.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\script.enc
Size	296.2KB
Processes	2272 (update.exe)
Type	data
MD5	`cd46c7942a3a72d0c3f329af3b4e9afd`
SHA1	`8098700ab49f18ad9315cee71914f366da61e791`
SHA256	`51c4ec1775887a854f62d886679b65250d8c5386442688ec9843dc107e3dd1a4`
CRC32	`BCDA3EB2`
ssdeep	`6144:0P9nEO2tbLhOoFxzaRiYd1LbMiKjwyHrvtyFvj6nksiF:0P9EOoLowxzaEYd1LbHFyHhyFLbNF`
Yara	None matched
VirusTotal	Search for analysis

Name	d04f0568a7ff7103_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\msg.enc
Size	67.8KB
Processes	2272 (update.exe)
Type	data
MD5	`21beb4cf2aceb73b991b6bad0eaa67b5`
SHA1	`5b659852e9661957cd349faa4cde00eea436b3f0`
SHA256	`d04f0568a7ff71033fa5ef60c5007f691d4ddd70a7a3a75b2e2ce4f4f92e2a1b`
CRC32	`01CD9CF1`
ssdeep	`1536:oMSzhHqEokDzIkxvFXU+IFxB8It42jOUNN9qaLsBVbX6yp:yzNqEoGH9XU+UxB8ItJjOUL9+FXBp`
Yara	None matched
VirusTotal	Search for analysis

Name	5c5ec09df3ba6e06_language.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\language.enc
Size	71.0B
Processes	2272 (update.exe)
Type	data
MD5	`6ee50fd07686cc503b321134570e323b`
SHA1	`7825b6866e529a12752ac090d999b2ea359fc8dd`
SHA256	`5c5ec09df3ba6e062974b6bc205c8c5c45a2f52950f6c88524309aaf8c36a5c3`
CRC32	`D5215154`
ssdeep	`3:kl1SsRpuM7V3LtgE9HPlf0QhUe:sBRAMh3ZbBdcQhJ`
Yara	None matched
VirusTotal	Search for analysis

Name	c7580df9e969ac3c_keymap.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\keymap.enc
Size	3.5KB
Processes	2272 (update.exe)
Type	data
MD5	`e5372420148ab6d0670434784adb5fa2`
SHA1	`205709b3ad08b17427073ea0b078eca2eb6e9120`
SHA256	`c7580df9e969ac3c69679bc772a578a1fa9be49f13626dadb7b1874886129acf`
CRC32	`94C31392`
ssdeep	`96:VdwkY7yCrPsKyo7PXLTxYfhRGzI36WpGFIEIhC:7wkXOEo7PXLqJ4zIppG/eC`
Yara	None matched
VirusTotal	Search for analysis

Name	b0ed57076270d413_help.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\help.enc
Size	16.8KB
Processes	2272 (update.exe)
Type	data
MD5	`cc5025ac5cfe7087f2a97ca0fe1d0bce`
SHA1	`4497f0811f1422d1202e956c70b418ac93d24559`
SHA256	`b0ed57076270d413300536bacf6a43db6ea02b0239cd0a1ba06a62c50366925f`
CRC32	`8260DDCD`
ssdeep	`384:+W9Rj9IWRBM2A+xTxpif9BnIkEYGh2pFAJZrrs1+eNd:tbj9FRBpTLif/IkEHh27AJxs1Jn`
Yara	None matched
VirusTotal	Search for analysis

Name	8d6fb83d2d89592f_cont_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\cont_msg.enc
Size	19.6KB
Processes	2272 (update.exe)
Type	data
MD5	`06d924a3758db40a1d82ec9389dbc708`
SHA1	`30ded9e68008c9d459fb349c4c836916913dfda9`
SHA256	`8d6fb83d2d89592f9aed1d70e2949af654a0fa321247c3dfad3b033dda82fb3d`
CRC32	`0FC49375`
ssdeep	`384:cbb+BZ9EKzUhZKSL/0izu40kJgt+NPz1cmdzjTdc4ir//3/TlCXK8cNyItBn:cME+UhZ5zu4TcOaPfLk3ItBn`
Yara	None matched
VirusTotal	Search for analysis

Name	765d55d3ae64ebeb_achievement_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\achievement_msg.enc
Size	30.6KB
Processes	2272 (update.exe)
Type	data
MD5	`919ecb9d7816a55761a110d7cdc2f164`
SHA1	`392d399cd1c33962021d083e230481dbb266a56b`
SHA256	`765d55d3ae64ebebb7ac8398bf57001941f6ed7136dd441a9eec26a58e46229f`
CRC32	`B146DB1D`
ssdeep	`768:8A2Ua5wl3cHhhfBIcW86UGav97wNhgxx7PEp:8Ia5wl3cHJVGzojEp`
Yara	None matched
VirusTotal	Search for analysis

Name	b9b2593ee137ab9e_ui_texture10.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture10.dds
Size	1.2MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024,
MD5	`fc90f0f20d7ac2fac7f464dc69db78ba`
SHA1	`137607458318cc1d0c1cf2f37bca78cad6a01de3`
SHA256	`aa2d8e2d8309e17abd07d838dde77d81689b24d55d00eabe2c0b6ad9522ca1d0`
CRC32	`027653B0`
ssdeep	`1536:ccMFnFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFi:rM5fO`
Yara	None matched
VirusTotal	Search for analysis

Name	835d5165020ecfc6_extra_obj.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\extra_obj.enc
Size	25.1KB
Processes	2272 (update.exe)
Type	data
MD5	`e38a3f9a1083cb4544ec168d3bcdf80e`
SHA1	`f554308a078c6542d7e6aee713d98faf1a247a42`
SHA256	`835d5165020ecfc680f978e742c781484f1588605877daf4d25cdc1ecc44d1ac`
CRC32	`55EB45C0`
ssdeep	`768:Ck6gTqj/YdZpje8fSiHCkBRlpVsuHdrcU1rq:Ck6NoieCkBpVk`
Yara	None matched
VirusTotal	Search for analysis

Name	df3f735a987e3bfc_caz_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\caz_msg.enc
Size	2.3KB
Processes	2272 (update.exe)
Type	data
MD5	`ce3bb36772c262f6372a54dce45a4687`
SHA1	`4f6c4d123fc9b5aaa2c42f4255dc0545ad71c7da`
SHA256	`df3f735a987e3bfca57cf36a192d7279acc77b4bda37da1787bd6b8727a971dc`
CRC32	`AA13DE0D`
ssdeep	`48:PawI0Wn+EepIHBF6T9OdTqawYYFquk96txqX5nNhvyFm:PawIv+EepqHigTBwYwqFQ8X5Nhag`
Yara	None matched
VirusTotal	Search for analysis

Name	8543499b2c60f031_skull_13_keep_r3.ebm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\SRC\ebm\skull_13_keep_r3.ebm
Size	54.9KB
Processes	2272 (update.exe)
Type	data
MD5	`efe7ece69bc048bd54f8515258b6b21c`
SHA1	`930e5608e2b6f2eab0e352b133adc439555acfda`
SHA256	`8543499b2c60f031ac91e934ffbce3f1f7e2d70c4942d2ebcc25c36635faf827`
CRC32	`BAFE5BF8`
ssdeep	`1536:3hdLZWpZUoCmucA+1++RFNCzDQXLCZZCotLN1f20tEoiSj:r9WpZd69n+RFNqUXOZZftLjuUj`
Yara	None matched
VirusTotal	Search for analysis

Name	534aa4fb0d0e3f50_mobex.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\mobex.enc
Size	21.7KB
Processes	2272 (update.exe)
Type	data
MD5	`6d32dd4a5e5cc31a5292205bbe0fac9f`
SHA1	`1345487e287ddacd266124807cd3ed98a3c54f80`
SHA256	`534aa4fb0d0e3f502c339eba76436954fcf6977332032a85dfb2dd86034ad438`
CRC32	`B2A165A9`
ssdeep	`384:mSBxvn2ree4bfQNSjxPWP13gLne3vg9NnPn9y/TLnQJRrxNj2lmvG8x4eWqxNM:mOhH7OSRmlgLne3o9pP9ifqRvilmLx4J`
Yara	None matched
VirusTotal	Search for analysis

Name	b58996661563b96a_skull_13_keep_r2.ebm Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\SRC\ebm\skull_13_keep_r2.ebm
Size	77.9KB
Processes	2272 (update.exe)
Type	data
MD5	`8c2a94c7441ee0eec5afab3742c63ff0`
SHA1	`1b33410699cb172cc3cc6ed18f8c6f1fcea7275d`
SHA256	`b58996661563b96a46c4ca83020832e7610a8903bc1e53fc09974f3caf0b66b7`
CRC32	`12651567`
ssdeep	`1536:3j1B7ApMVE+VEOdLZWpZUoCmucA+1++RFNCzDQXLCZZCotLN1f20tEoiSj:T1BcTX29WpZd69n+RFNqUXOZZftLjuUj`
Yara	None matched
VirusTotal	Search for analysis

Name	e5f6ed0c70d8e2e1_mainex.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mainEX.dat
Size	285.0B
Processes	2272 (update.exe)
Type	data
MD5	`242b66f61d075f06316774148ed7b361`
SHA1	`ee9f46a214cf07be556f91ae755ed3f0d69e0878`
SHA256	`e5f6ed0c70d8e2e172f0decd93ceec55341dc6d0dc910308129f364645f64180`
CRC32	`7718D350`
ssdeep	`6:TwHzdt1t191qNWWWWWWWWWWWStg1WW1tWpslXd1:UBH3qUoEXX`
Yara	None matched
VirusTotal	Search for analysis

Name	2072784cc0c9e89f_ui_texture10.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture10.dds
Size	1.1MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024,
MD5	`480afd0c18c902f3c9c6eb752d8a2b9b`
SHA1	`30a8315cb1a3b0c4b9a0a8bd0796b54ce384ebde`
SHA256	`2072784cc0c9e89ffcc11dcedd00232667cb30e166872618dcf712756b75940d`
CRC32	`8A477BFF`
ssdeep	`1536:ccMFnFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF+:rM5fC`
Yara	None matched
VirusTotal	Search for analysis

Name	9d4e179519220280_update.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\update.exe
Size	7.9MB
Processes	3040 (cabal.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`800c2a63a019a6956b88271cf41a5e7c`
SHA1	`8ad80480ed47b7fdb2199645834855ea744d4e29`
SHA256	`9d4e17951922028099c60eb6f4b3694094712134d7018d32842d2d4d28a79f03`
CRC32	`AD22FE98`
ssdeep	`196608:lcIVANHU5F88mbmIklyu9YIk1Ig7Hl+6Dj9eM30MAT51Jkj2G:lpAN0Fw0hkXVY3/q2`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	0ea4f08f1ff4c586_data.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\data.enc
Size	13.4KB
Processes	2272 (update.exe)
Type	data
MD5	`b369b9a4fe44d037edc2fbea7556a4ad`
SHA1	`f7e444791c15b695c038b25272d1cc3dec92da51`
SHA256	`0ea4f08f1ff4c586311df811573b94d877c93c3409b645ea333c360db8488e09`
CRC32	`40B887EC`
ssdeep	`384:fYKCzBm1yxq6acLFh1i5OsluIrvxR4Azh2iHBHNncu:wKCm1Gq6acBDi5BP9ZV`
Yara	None matched
VirusTotal	Search for analysis

Name	e3e954ff689ac7cc_mbuff_keep__888.efx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\EFX\buff\mbuff_keep__888.efx
Size	5.7KB
Processes	2272 (update.exe)
Type	data
MD5	`dca869e7744644851e92bd0e421ba41d`
SHA1	`91a920386080c8c61b26d20157badce8f14753b7`
SHA256	`e3e954ff689ac7ccf82fa253d6f219bc6e64c8b57dbcddc674c92005bc40b129`
CRC32	`3FE33428`
ssdeep	`24:6jNDdwIiB1WE1qg1q3U2gHrlooH4yYCG/Xd2yB+RqJzJewrziJ3:6c/rDuojLGrdkL`
Yara	None matched
VirusTotal	Search for analysis

Name	9d9afc6eca118051_ui.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\ui.dat
Size	1.3MB
Processes	2272 (update.exe)
Type	data
MD5	`db2bca626df876d44b7f791b38c96528`
SHA1	`fb11e71783cfcdff5d5032fe85c425c3130462ee`
SHA256	`9d9afc6eca118051a3ba85fe83057a434eaca6f121e777d271fe646a5494bb24`
CRC32	`82FF11DF`
ssdeep	`12288:YCx/DdqBeZg8ZEJ8Ry6Ja4qP1gX4gAx0l3WeWradkxrEFR66YiRW62hzz+jdRi5s:ldqBeZC1xrE2TB8IG8`
Yara	None matched
VirusTotal	Search for analysis

Name	bd2a9ec0c066e0d8_cabal_bgm.ini Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Sound\BGM\cabal_bgm.ini
Size	11.7KB
Processes	2272 (update.exe)
Type	ASCII text, with CRLF line terminators
MD5	`637a3048cbf34382257a37cfcd3c9b83`
SHA1	`4d64ef423e405da8f2e238132e0386536f2ecdf0`
SHA256	`bd2a9ec0c066e0d85d9281eff6efa803b7ae613b28aa1d7288392bcf6a71df45`
CRC32	`C61CDEC3`
ssdeep	`192:5k29H2Uw2eHVBl82ke+iKN2Xx2d6c2aTNLxinwIC5wmKf4qM9DV+eCLHj3w/pvsZ:OWH2UZeHVB/ke+iKN2XMd6FaTNLxinw6`
Yara	None matched
VirusTotal	Search for analysis

Name	16839561908fd313_skull_13_keep_15.efx Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\FX\EFX\Arms\skull_13_keep_15.efx
Size	2.1KB
Processes	2272 (update.exe)
Type	data
MD5	`a9ffb02dd3a72e578f339aacb79e17a3`
SHA1	`acec75d605d532991340613834849051a0df8c83`
SHA256	`16839561908fd3138cb7b692a9caf62d40258032220f67c7b53ebb36d2db1264`
CRC32	`DEDA6AD7`
ssdeep	`24:/FHTHTHTHJWmri1i1i1im8t8t8t83/9V9R1ooo:3WD`
Yara	None matched
VirusTotal	Search for analysis

Name	dc1c580beeee6ee9_market.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\market.enc
Size	12.5KB
Processes	2272 (update.exe)
Type	data
MD5	`b91f4b3a7f023b443de24bffb02a141f`
SHA1	`a90c5f4a3b3c28ab539283c9255bfea0ec37db84`
SHA256	`dc1c580beeee6ee9ff7e9b5a769babfa927f61eaf0be25b43b51247158d4097b`
CRC32	`4294BCAC`
ssdeep	`384:4Ym9caab28jPX1JO7C7dg7+YoDYd+g3qqerJqfBa:kX8jv1JO7CKCYo9CqqerJqfBa`
Yara	None matched
VirusTotal	Search for analysis

Name	09ea8668ae6b11ee_cont.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cont.enc
Size	46.6KB
Processes	2272 (update.exe)
Type	data
MD5	`6e000f5a95b2ac51bae6f8eec5e45cbb`
SHA1	`4d5341371857f499a94974410fb0d9707bbd266b`
SHA256	`09ea8668ae6b11ee2a79bfe867741f6986b9fc704dbf24ecc55817dd437538cf`
CRC32	`25715A75`
ssdeep	`768:5Ca2LbPxCTrqS3HES9AOZmihzS6yBX7zJAUkar94UMY6Uurn9fvRDraezmhnjmWa:GbA13HESe1j5RAFr9fdraomBjmJ`
Yara	None matched
VirusTotal	Search for analysis

Name	a1e1d1f0fff4fccc_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7z.dll
Size	893.0KB
Processes	3040 (cabal.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`04ad4b80880b32c94be8d0886482c774`
SHA1	`344faf61c3eb76f4a2fb6452e83ed16c9cce73e0`
SHA256	`a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338`
CRC32	`C034F035`
ssdeep	`24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Microsoft_Office_File_Zero - Microsoft Office File CAB_file_format - CAB archive file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	b7c49735a2db87f1_tip.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\tip.enc
Size	6.3KB
Processes	2272 (update.exe)
Type	data
MD5	`4faa040c130c3bb3d47d8bee8c2ab90d`
SHA1	`c9aa7300c42a8546270c7eea298332367dd29480`
SHA256	`b7c49735a2db87f11391e51c676730f13e100ab08e104eeb3b087aecd36b3768`
CRC32	`ABAADA69`
ssdeep	`192:4LIduOUu4pzKga99OuW/4OUUbj4BAf9cgnJ5uTLRrId+Gk:4LIiu+Kga/Ouq4NUbj4BM9RJ56dfGk`
Yara	None matched
VirusTotal	Search for analysis

Name	b145e7d59a71721d_mapinfo.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\mapinfo.enc
Size	4.0KB
Processes	2272 (update.exe)
Type	data
MD5	`c9320ce77b479ec87b2db6d236742c94`
SHA1	`dd1b8e828d6a438c7095f829bdaa43568134ab08`
SHA256	`b145e7d59a71721d85d39e9880a460d1beabf21dd165f76aec7fe9cd178ab5cf`
CRC32	`C79E28D2`
ssdeep	`96:M9plKXZ+BAC8d70gbHqhsOFO+OoSkBGI6ATJ9XV46mSmvLbgmNRR:M0C87dqXO+OHg6AnuSsP`
Yara	None matched
VirusTotal	Search for analysis

Name	25757e45566f38a4_ui_texture10.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Theme1\ui_texture10.dds
Size	1.2MB
Processes	2272 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 1024 x 1024,
MD5	`364e47b1104e045a4a3841a2b7c0196e`
SHA1	`6e6f2814d6dd7a76bd68e62fce5cfe789f332c49`
SHA256	`25757e45566f38a464f1e6e7c83e73693528a4b86028991df730a940f81f38d6`
CRC32	`BDD0F790`
ssdeep	`1536:ccMFnFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFq:rM5f+`
Yara	None matched
VirusTotal	Search for analysis

Name	b8ccaef86394de99_world_01.mcl Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Map\world_01.mcl
Size	8.2MB
Processes	2272 (update.exe)
Type	data
MD5	`347e522b9427517c9ae3c63055b87ceb`
SHA1	`ef85e12ed30cd92b90ed975cb15b6ef023978807`
SHA256	`b8ccaef86394de994ecf9424dfa857afaa917be770135ca3a8a2c579f6d6aed9`
CRC32	`782252C4`
ssdeep	`98304:v6y47QXH+0pBH9Q5EAdQxWoIpPCAFIZ+icUL:v/4QpgvQIrjQL`
Yara	None matched
VirusTotal	Search for analysis

Name	dc43e3e308b1d784_maze.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\maze.enc
Size	512.0B
Processes	2272 (update.exe)
Type	data
MD5	`bcf98767897c8a14b29c89a00385f9ba`
SHA1	`92c6999b02c9c69acbcb6b4d71e0c6de5b4eb14e`
SHA256	`dc43e3e308b1d784f6720c1a3fe8730395d1e774d1be359ef7e8e764c331db13`
CRC32	`70959ED0`
ssdeep	`12:DL1OwZh47qzgeR/ZMXv/cwZh47qzgeR/ZMXv/cwZh47qzgeR/ZMXv/cwZh47qzg2:DL1O0PkchAv/c0PkchAv/c0PkchAv/cG`
Yara	None matched
VirusTotal	Search for analysis

Name	126cd711df31c734_extra_obj_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\extra_obj_msg.enc
Size	2.5KB
Processes	2272 (update.exe)
Type	data
MD5	`0c5e2a7956ccf1262a09f4a1f08f4431`
SHA1	`d03b0335c123875f3627bafba42c970e289aa4d2`
SHA256	`126cd711df31c7342549d261a7a5a996b2442cbf36c32edf1cc579ac8229f2fb`
CRC32	`AA111A44`
ssdeep	`48:GJKCQEKar8J0mcTRJdajGnFmcyzIYYr8P2mPuTkOsspOhl1A:vrpT2HEXjYoP/PuTkOsg`
Yara	None matched
VirusTotal	Search for analysis

Name	e731569dd9cea8a7_help.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\help.enc
Size	30.9KB
Processes	2272 (update.exe)
Type	data
MD5	`b20cd30f741086750cd882d8fb7b2c90`
SHA1	`ab141580fb694ba0706d5e6b49375cc86125e9bc`
SHA256	`e731569dd9cea8a736cd3986e0023b568a81e3ac95c2ee2827842c365efcc662`
CRC32	`4C0CA6E6`
ssdeep	`768:cAE7Xapn7ueAS2pw/qjCph7q+sTvxf2A15sXQ4OnWbPIK:37yi2pw/1h7oI65sA4OnWbIK`
Yara	None matched
VirusTotal	Search for analysis

Name	18be6f50b88f6f98_man8.ech Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Object\Character\man8.ech
Size	9.3MB
Processes	2272 (update.exe)
Type	data
MD5	`b77d15010dae9706d62258f921609f32`
SHA1	`9e32e8a064f4c204578e5fdbe02d4cca2f011151`
SHA256	`18be6f50b88f6f98bf7e050a8392bfccadd46d3a1faf6a4bf58e5b1f72a6f647`
CRC32	`47A6C84C`
ssdeep	`196608:ga64+kAo6uh0Z1ni810wAlwjyxmsDNrMoV:gZZkAR80ZY82CPsDN`
Yara	None matched
VirusTotal	Search for analysis

Name	cdce96f836a20c7e_mob.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\mob.enc
Size	83.2KB
Processes	2272 (update.exe)
Type	data
MD5	`7d00de611838d32f739b5c64b78f84e4`
SHA1	`85316b697e5b4ebb4357c21c62501240096ea939`
SHA256	`cdce96f836a20c7e7f20a8fbed68e68987b230915aec0b5e4210f68e3529b307`
CRC32	`39A7B7E1`
ssdeep	`1536:DY5fsRXynV+bL9Xah+yJxt0a+lHy6MYGmWDr2JUrq6Qdt9vbsHwo6YQLKysd3Qc:Dof+yYbpAfJ3yMYGmrJTt9vbsH76YQGT`
Yara	None matched
VirusTotal	Search for analysis

Name	c85f9c3a3c7bd389_cabal_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\cabal_msg.enc
Size	624.3KB
Processes	2272 (update.exe)
Type	DOS executable (COM)
MD5	`b032c00066662fde728405d26434c214`
SHA1	`64a2233cd794aeee6b4bbaec5de15d938837409a`
SHA256	`c85f9c3a3c7bd389e72a682aa706725246b8d5fcf616e4512fd6ea8a479f6afc`
CRC32	`5A605D22`
ssdeep	`12288:6yXb6UGK4FC0H+4AsyT7q1VB3h/3V9x2EOlw+H0aP+VI6Spqlfta4sf258:p6J00vAfq1/R/3V6H4DXa4sf2W`
Yara	None matched
VirusTotal	Search for analysis

Name	30a257bff7982f6b_ui.dts Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\ui.dts
Size	48.5KB
Processes	2272 (update.exe)
Type	ASCII text, with CRLF line terminators
MD5	`a6a0b42352642dcae9b33694aaf11ed7`
SHA1	`22ee92fa85673df8d2e20b11c1a180e75d458155`
SHA256	`30a257bff7982f6b01240c8b173b09990f9b35cd8cde86460ed4c54bbc12a982`
CRC32	`D04212E4`
ssdeep	`768:2wl+vlvx85OfLAOsxonLlPW8+ylCBoUvrMm/e/:R+9vxgOfM9xoLlPW8xCBoUv/G/`
Yara	None matched
VirusTotal	Search for analysis

Name	c20b0cd60667e2db_script_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\language\English\script_msg.enc
Size	804.5KB
Processes	2272 (update.exe)
Type	data
MD5	`7f2ffe32b4d11c05d0c3408a1f880b61`
SHA1	`40d980fff6ac426e035ea2fc3bb7d2ebc4738f54`
SHA256	`c20b0cd60667e2dbc4e35b7b33986f198b480b19847e4de8773f4d95ce58e444`
CRC32	`AE63C85A`
ssdeep	`24576:bMtktDam+BhTpUVBiRcQ0BjDTa1d+SFBxEzZDSxe/9:bM6iB0E0hT2jBxwZ2s9`
Yara	None matched
VirusTotal	Search for analysis