Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.28 07:04
[NEU] [niedrig] LibreO...
04.28 07:04
[NEU] [hoch] Commvault...
04.28 07:04
Sicherheitsupdate: Unb...
04.28 07:04
LibreOffice: Schwachst...
04.28 07:04
Earth Kurma Targets So...
04.28 07:04
[NEU] [niedrig] Ghosts...
04.28 07:04
[NEU] [hoch] Rancher: ...
04.28 07:04
Whatsapp plant Neuerun...
04.28 07:04
Mit Malware: Cybersecu...
04.28 07:04
Gmail für Android und ...

Dropped Files | ZeroBOX

Name	c60eac90b91cc824_data.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\data.enc
Size	13.3KB
Processes	2860 (update.exe)
Type	data
MD5	`13f7dec39e64f3db5b8bd63beca0abab`
SHA1	`bc24ea49baae355c2763a481c07c0957d6bccc49`
SHA256	`c60eac90b91cc8243f8a29f97f6bd6c8910a150118ea3529dadea8d081fb11a9`
CRC32	`DF12F69C`
ssdeep	`192:siizEv6ka9vcVFJI5hu31jR1Cp05lkMOESR/yx8uW65duadVcn0oklAXdcY:ham/D31V1Ci5SMs28uD5dFdV60pAX/`
Yara	None matched
VirusTotal	Search for analysis

Name	f2c77d4f5206d141_1_15.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_15.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`75b0d97ce70b7777f3b556623b124432`
SHA1	`90e5b5fd73d6b27f98b95299856ec5d2d97449d3`
SHA256	`f2c77d4f5206d1413c58705c4b891332e2d6ffda157b0cf4342c68a92ec7ad7d`
CRC32	`AC89CC65`
ssdeep	`6:88wiTP5Hv1c18INNpuFcA/UyVjMmVHFo+Ts7tMJLe5BY6AyEJnUTtZL5/prl/dyK:88lxHtwFxuFc9yVPzrBnu15BBYuIyH3`
Yara	None matched
VirusTotal	Search for analysis

Name	bc51fa3984a4143e_custom.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\custom.dll
Size	80.0KB
Processes	2860 (update.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`b410b7064f39b3d6bd3a42ef91f0b6c7`
SHA1	`2f0535486b4967241e7bb30c9ebbd82781caee14`
SHA256	`bc51fa3984a4143e2566e7e3d76f38e61bfdb4850e73e67fe96ad215d3f98c81`
CRC32	`4406F367`
ssdeep	`1536:tZ8fk9Vpe6LorJWHbo7Ex4II8QoOsWSscdQsGL9fZU5:fLII7oPI3l1tQ5L9i5`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	c8f05783f4403091_help.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\help.enc
Size	16.8KB
Processes	2860 (update.exe)
Type	data
MD5	`14625c8f3bf05a383edda89be4b08a07`
SHA1	`f6d032562c2ced8ae243a7f145638b6980eed3a1`
SHA256	`c8f05783f4403091264ce96a8dcf0b09382da95103a9363df8a810758abd72a0`
CRC32	`B9430454`
ssdeep	`384:c9Rj9IWRBM2A+xTxpif9BnIkEYGh2pLp3u2fd5P:cbj9FRBpTLif/IkEHh21oo`
Yara	None matched
VirusTotal	Search for analysis

Name	1d7573de3e278380_1_231.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_231.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`cb3b69e6ea4e35d017b22cd445d50d68`
SHA1	`b243e8347228a6a1c3fa3017c771e91d90ba6e31`
SHA256	`1d7573de3e278380838a756238549ccc2f6044282d22d59ba396bf56239343ec`
CRC32	`CAE1460B`
ssdeep	`3:2dv+8wiTPrC4Uv1xT794yYrrrrrrrrrrrrrG4ag2ywrrrrrr7KwrrrrrcXsXsXsS:2dv+8wiTPUv1cZJAAAAAAAAzSQvvvvX`
Yara	None matched
VirusTotal	Search for analysis

Name	326f82a84042d4be_1_17.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_17.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`8d374fd478618749bcd9bef152f1633e`
SHA1	`956aadecb2a08fad24fb787460bcf323c4140433`
SHA256	`326f82a84042d4bedfb9d174d2e7acd5136a79f39d8249961bd332d68eef044b`
CRC32	`8AE278C1`
ssdeep	`12:L+8lxHtwACMqzjAEKjQ/1ANUpNJ/YzDqZD3eOLMoaVKKc:L+8lyMqFKE6YN4DqZD30K`
Yara	None matched
VirusTotal	Search for analysis

Name	c964ddf5e7bf1306_script_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\script_msg.enc
Size	601.2KB
Processes	2860 (update.exe)
Type	data
MD5	`fa31f4bce816a8f16099a82a558ba3cb`
SHA1	`7fdb87f3b18fc90af7ebbbb91faee493e576cc26`
SHA256	`c964ddf5e7bf130685e51d895638df433d30652ca3f10c1ad6c4ee6225504fca`
CRC32	`67ECACC2`
ssdeep	`12288:Y3oC0LDIwSNUpWoIMWKJNvySR2Ng+ccxD1l8nDinjGqLAG9FbssHJRVWmcd2YlY/:Y3iLP+oVWKJxb0m+c4D1l8wjGWAWsspn`
Yara	None matched
VirusTotal	Search for analysis

Name	3f0497b82cd99757_1_218.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_218.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`eeb5abef1b74bbded5ad62f0eb2536ac`
SHA1	`a6fe183d458e79d1aada81c1a390d5be971e444c`
SHA256	`3f0497b82cd99757fa2f960691d75c8cf21793ff1a2493254973091916b69e84`
CRC32	`6657E047`
ssdeep	`12:nlHlZHtwObCk5spStqu1M+bCFs6wDK+AF9rOerPmQt:lHlzbCkHtqWM2p60sFcerPmQ`
Yara	None matched
VirusTotal	Search for analysis

Name	bc4567a1a22890aa_force010.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\force010.dds
Size	21.5KB
Processes	2860 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`b25f8a198ad401fc852acb63299a488e`
SHA1	`d76c20b372d33251650e094f862293c4805871a9`
SHA256	`bc4567a1a22890aa7056b2e6742e17a623cfb67ff1fcd66ea9cffde55bd71dae`
CRC32	`41A7FF3C`
ssdeep	`192:mnOwpCSHbET1sfAlWv5BpeWULvO+VGsmY4Qt/uKGM1zC:mOwXIT1YRpEfGbY46u/QzC`
Yara	None matched
VirusTotal	Search for analysis

Name	27015ba453783bee_klog.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\klog.enc
Size	660.0B
Processes	2860 (update.exe)
Type	data
MD5	`508f9324728ac22d77c1efac10f6d03f`
SHA1	`3f008cc712d7e6a7935eef32c9cf14b8613af15c`
SHA256	`27015ba453783bee030ebb2eaff7feb0430c37cbf8e2c799e25d2c37ff55209d`
CRC32	`03DDD924`
ssdeep	`12:0ZRJPVqpc7ftT4Q47aiu2vZ0TlYTnJNe0L37ZU8Ma53nN0FFnJPPWleg9vtEeEot:0ZRJPZfeqiu2vhn/LrZl3N0FxJmleg9R`
Yara	None matched
VirusTotal	Search for analysis

Name	8a02c2fd2f5657ae_1_199.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_199.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`b87b972e4d82841e1ec66bc24dd4e0f9`
SHA1	`9817d8dac2020b7bc85fbb328323595525ca9faa`
SHA256	`8a02c2fd2f5657aec2ad2e57ace7e3e98b3dd13a3ff8cd0319f116ad780e3942`
CRC32	`43964EF9`
ssdeep	`12:WnlxHtw0x9/L6V0HuYUCmWHywu9MA/CrIA5dytvHQ:8lL9OqHuRCHPu9RGCt`
Yara	None matched
VirusTotal	Search for analysis

Name	cc7560fb80e86fcd_1_42.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_42.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`e0ec412d806baf17b855c0bd211b44b8`
SHA1	`22e5b730753ecfb866690ca5200c07bb84fb9884`
SHA256	`cc7560fb80e86fcdc2f55b021ed96c2599871669a4de3465ffba88c8efed47ab`
CRC32	`D3C14BDF`
ssdeep	`12:wlxHtwztkFfjge0FzuFdCdDsyc7hY4RsrINLNaIh:wlAEfjV0FzuFclcoc/Bh`
Yara	None matched
VirusTotal	Search for analysis

Name	9f2a4b56d35eac13_update_1.7z Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\updates\update_1.7z
Size	180.0KB
Processes	2860 (update.exe)
Type	7-zip archive data, version 0.4
MD5	`d472d6206090822fbb5ce511479380e8`
SHA1	`c787d0a60a53f9f011317f9e754472d7a119e29a`
SHA256	`9f2a4b56d35eac132064acd473eda3015160a827edbb0107c5df22bd1de9ce1e`
CRC32	`DAF2F775`
ssdeep	`3072:tOziJBkeBgA9XprAZXGKAh2EFkKLfno8OlPIloJinlqpxqBVd:dJBkeKmxTd0ECgoRPeACeOVd`
Yara	None matched
VirusTotal	Search for analysis

Name	bffd91168c4640e2_destroy.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\destroy.enc
Size	92.5KB
Processes	2860 (update.exe)
Type	data
MD5	`2da2b5ef125f19d187055b1160204c4f`
SHA1	`4da235ac15f7aafa9c2a8ae9d146482f5510144f`
SHA256	`bffd91168c4640e2e4d4643529b78c3be8decaef3433a8e4dcd88a32fdc6bf9d`
CRC32	`8EC548E4`
ssdeep	`1536:MtmNWFTA1Sm3qvkfAZiX6TQviPNpFdff+zDpyRleyceo4DGy3i4J2XkBxrzYqO:MUNzIZiX6zPRhkIGT3oR3isLYqO`
Yara	None matched
VirusTotal	Search for analysis

Name	3d3b0768f4c75c34_smob.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\smob.enc
Size	86.5KB
Processes	2860 (update.exe)
Type	data
MD5	`36377c3d0f8d9fd6c3f4838f6ca9d6f4`
SHA1	`d80df989815a0d465272ad8efbf44c31a3f3e2ee`
SHA256	`3d3b0768f4c75c34253c6b32353c2b77e1901edcb85fb1561bcfaf96fe9dc400`
CRC32	`F5263C6A`
ssdeep	`1536:obeafEUmMrvbzF4vl4f0iSlVqRwog5LkWxLpGi80F4wkH5rv7QQ97JJIQloW:ZLUrrbzGvKiog5LkYGi8tRJOQD`
Yara	None matched
VirusTotal	Search for analysis

Name	aae310d51ceb77d2_keymap_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\keymap_msg.enc
Size	2.8KB
Processes	2860 (update.exe)
Type	data
MD5	`e3c2bb915457d144243154cc98a00f19`
SHA1	`2c5bdad3ea263a13f16485b5a2e94a2a8771b6dd`
SHA256	`aae310d51ceb77d23ec3f812272ea9ef9f5aedec515563c2182d5f71be12c79e`
CRC32	`5DA08D3D`
ssdeep	`48:lGxjeMWtkSztu7e30vTepQc28A9mHGxuXbazlowt53FHHMCIZJwr3zy07IYiIXpF:EM3kStuScSavlVxrlZvHHMCIZNw50/Ja`
Yara	None matched
VirusTotal	Search for analysis

Name	ba7f1e50958f9da8_ability.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\ability.enc
Size	8.3KB
Processes	2860 (update.exe)
Type	data
MD5	`fa375535b5c70c44202f1c304e368933`
SHA1	`76db54c70fe49e943d28175cd8fd0187a5b3d35b`
SHA256	`ba7f1e50958f9da87faf654d3cac51bcf1ce097cadd66ca7aaa7ad49afa83c97`
CRC32	`F6A64C15`
ssdeep	`192:QKt6kH+2Q5wrytFg3jiLslKgW4Hi2su/Rlh+QZBJt:8ke/8ytcjiSwUTLZh`
Yara	None matched
VirusTotal	Search for analysis

Name	b6dabcf2812a2b0f_1_104.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_104.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`2e2b36758ebbdbd697cd3864a316de3c`
SHA1	`96a25c48f5b1f2a04a2dd9bcb3e3e9ab2d1baa13`
SHA256	`b6dabcf2812a2b0fb31cc9a3827cd6e8dff0fd0341e246a928a9a6b3332a4479`
CRC32	`5E73BD5E`
ssdeep	`12:ilxHtwuA6Wf13YuOOrBstegiwenhYKe1iXqjNV:ilPA6W3YwrBs9zenhYKCIQ/`
Yara	None matched
VirusTotal	Search for analysis

Name	d6045ee33c0a90e1_1_253.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_253.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`5cac5a3cb59f18b2ccb2de12846e5a61`
SHA1	`40f92266e187827b69edc65f7750bab60cd232b6`
SHA256	`d6045ee33c0a90e1c1339c4a76bd741ac5ca86138dd670aba32bffe9c8e3fb39`
CRC32	`F9E154B6`
ssdeep	`6:qs8wiTP5Hv1c1tyKiSXuy6vxw9x1OND1VmOKtHU9p5U23wdpXQgjNR:alxHtwAGX96vAOcOLTPwrX1jN`
Yara	None matched
VirusTotal	Search for analysis

Name	bcc7072bd009cbf6_1_32.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_32.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`fb97111a5fad316b88ccfb1b2f1f5903`
SHA1	`f6f361c2df6542d3427197080787bd872c339c4d`
SHA256	`bcc7072bd009cbf6fb6ee21c2c6c4d52658d4944e2ae89dd561cdcfb6e65e0d0`
CRC32	`443A0547`
ssdeep	`12:6lxHtwAYYYYYfzGNLuTGVSD7qWx/YYYYIt:6lOG8J7K`
Yara	None matched
VirusTotal	Search for analysis

Name	49284b31f28d0a62_sevenzipsharp.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\SevenZipSharp.dll
Size	147.5KB
Processes	2636 (cabal.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`05c9849856abc683bcbc5c8d7921c146`
SHA1	`ad8ec49116b026eee2dd04d6434ede7ddce9734d`
SHA256	`49284b31f28d0a62d797cfcf17f464c8c2b22b29d0e8ab7c15c94724d83e595c`
CRC32	`0A380B54`
ssdeep	`3072:auMYWaB5+DBS4+aYX/PzJiXyjdZXUtd6uEhd/yZcvdUCG:auMYD7gJY1iXyjb`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	71acb65b7c6e67fe_1_24.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_24.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`a362143ccc31d5ad79d4aaeacfbbd603`
SHA1	`97087182e23bd2eca4d6435a7a8af4e967e215b0`
SHA256	`71acb65b7c6e67fe9e2e15c2d7951836599b549f26e245df507604734d2b8524`
CRC32	`33347E33`
ssdeep	`12:z8lxHtwbctI4xoosd16ral0+n+khAjZHVNw3KaWYOkqqiI:z8l6cqPosd16uiAhAjdl+6qiI`
Yara	None matched
VirusTotal	Search for analysis

Name	8ca8ba644d07f0ba_1_257.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_257.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`fad043ee566c6fd6789e1e47ec1b5bf1`
SHA1	`cbd2d68c6147269a44246ae71015478a6d3bd552`
SHA256	`8ca8ba644d07f0ba0bbd96e2582737e9b2524f759617326cb1480b2d623a04f8`
CRC32	`B931CEF5`
ssdeep	`12:GlxHtw1mDynGUNEyQlbUrm7cIS9O5BSPL:GlN2G8ZQNUK75S9wBc`
Yara	None matched
VirusTotal	Search for analysis

Name	4708790e094debf3_maze.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\maze.enc
Size	506.0B
Processes	2860 (update.exe)
Type	data
MD5	`ebec536c0af49db6c81c3a31b38be65e`
SHA1	`073f95f984014d7e4089fc8ec61ced9bf9d3f333`
SHA256	`4708790e094debf34f3efbc46262fcf42d1c0d64530c39823955458e26f7331c`
CRC32	`06B86ECB`
ssdeep	`12:IPFmE+h4pBELWj4pBELWj4pBELWj4pBELWd:IPwk666d`
Yara	None matched
VirusTotal	Search for analysis

Name	cda027ec6e04d645_resources0.xml Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\resources0.xml
Size	9.2KB
Processes	2636 (cabal.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`6f2d3f0f9b04c8ca09e5b3db1fd2dcf6`
SHA1	`d4880d977c8c74175e6b865db1371e94a84abaa9`
SHA256	`cda027ec6e04d645a64ebba00c4af7f7c9212a15e40089ee4d470738de6a4771`
CRC32	`782A5DAD`
ssdeep	`96:8FD9SAHe5GWb7+o+DGvdzPW2djnoHNGjoIaYXFoOv81dyTF6omBB:8zS8WHHU2Zot+aYrqdyTFQ`
Yara	None matched
VirusTotal	Search for analysis

Name	1fdb4722444c45a3_cont2.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cont2.enc
Size	8.9KB
Processes	2860 (update.exe)
Type	data
MD5	`5dd832747322d88f2474224ff5d9115f`
SHA1	`96159aa8105a3e138925c22aca69f1844b7956a5`
SHA256	`1fdb4722444c45a3c7c05c70d8769a5f7ee5b03db181db89c1a2daf22eec6132`
CRC32	`8F211437`
ssdeep	`192:yEu/5sUHO3oJLKaCD10uOA71IyN3/C8xi6cEeX7CSjQ:3yTu3G7kB7Ph06cL3jQ`
Yara	None matched
VirusTotal	Search for analysis

Name	f2568c777273c695_1_125.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_125.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`dbaa3953610ee804ead2d9184f33dbde`
SHA1	`682d7f8dae7ea7979f8b95774b0c2dd9da29bece`
SHA256	`f2568c777273c6955b56756de28c9defcc70fb7418c3f6d2a8dafc23eb280596`
CRC32	`A7AF55C1`
ssdeep	`12:zlxHtw7HGeVDHZHqzp/kFHuHmVV4boJY3nZHa+cG:zleHGehHZHqz9A4bv3ZH3`
Yara	None matched
VirusTotal	Search for analysis

Name	7bc9c68cc4d5793b_1_252.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_252.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`8172e7f9277c28f3846de51f9f87c478`
SHA1	`05e967c4acc8e54bb0e9ebd5e82e840be7ddbc16`
SHA256	`7bc9c68cc4d5793bca651426b3ec4bb2322acbc4e33097a5a0c22aed58dde431`
CRC32	`7CE3A58A`
ssdeep	`12:nHlxHtwwhTSp7umdAeDF9CN1CnPqGcOnXUHvvf64PE7gDr:HlUp7uUhCYbc7f74g`
Yara	None matched
VirusTotal	Search for analysis

Name	047c44ccbee20acd_1_208.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_208.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`43365e0aa9b002d535d89aa21f3c3db5`
SHA1	`fa4f3167a4587532c6f201454fb6c223727a5906`
SHA256	`047c44ccbee20acd7067d7e84d74a6c5fbc1eee35268ee02d4cac352804e0712`
CRC32	`D0CBD791`
ssdeep	`12:THlxHtwhxUz47C1ekkfv7Q65DtWz1ISkhOXhzfWevHsPv:DlYKz47hkkdYzeSO8We/U`
Yara	None matched
VirusTotal	Search for analysis

Name	eac0f641b76192d9_1_258.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_258.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`9f773f5ad96f08b42881b4a32d74fbf1`
SHA1	`b35a26c3bd6458b219dbf08e59297852d98a5e72`
SHA256	`eac0f641b76192d96d34ecc060560d6da27cc08ef3c896a5c011c4e5658f132d`
CRC32	`D57572D9`
ssdeep	`12:vlHlxHtwwt1nF5MlH+LEoZg27SrPuqFh/n9M8nw:tHlXt1F5Y+LEYl7O7v9M`
Yara	None matched
VirusTotal	Search for analysis

Name	df739bb8dc7525c9_achievement.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\achievement.enc
Size	34.9KB
Processes	2860 (update.exe)
Type	data
MD5	`7f3a9d49ad6661ba66a4b2dfe5d51074`
SHA1	`bae57d3c9eb050b6542809195042fef63df2945a`
SHA256	`df739bb8dc7525c98cbf7d75230f85113c02700c2494d78f1e0174b3d3e2383d`
CRC32	`93D7821B`
ssdeep	`768:awxSq6J/x4e7VSOCiMMqMhoy9UKlGGZjKAJnk:awx2dx5ShMq+9RIG0Ae`
Yara	None matched
VirusTotal	Search for analysis

Name	f4c8978dc49745b5_1_99.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_99.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`cb63e42988c82b2ca1d41aac00b7e40d`
SHA1	`9d91293a028697186bdd17f8f5e7174beb9deb80`
SHA256	`f4c8978dc49745b52e9553b54a1d8aa6a949fda05c1a359c69c057344b81924b`
CRC32	`57CABA9F`
ssdeep	`12:FlxHtwwhIdqzCTr0xCQyG8g3jzNJBagJTwYCV7CTiRtt:FlDydtr0xJrj9ztwL77Rt`
Yara	None matched
VirusTotal	Search for analysis

Name	8e38bc7a64d5ed1c_script.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\script.enc
Size	227.3KB
Processes	2860 (update.exe)
Type	data
MD5	`c8a76fe12c65bacb6d9ad283d885f3fe`
SHA1	`75472cb639eea105613ab54135436708f179dc54`
SHA256	`8e38bc7a64d5ed1c4ad94126fdb9a1522336c9efa60308adcfb85d4da8ac17ad`
CRC32	`41A2E062`
ssdeep	`6144:bhB8ujo/AwASrtCEvc8LCvUwFcf+ki2fv1kFfTDHc1y5pKB:FB84o/8SE8LCvhJ2fdkFfnr5q`
Yara	None matched
VirusTotal	Search for analysis

Name	dd95db36a80e67db_1_22.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_22.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`af667c7d544d3a1d5b219b14139239b3`
SHA1	`d642f60f9d7b4f3cbce76af585b102287f58305c`
SHA256	`dd95db36a80e67db6492eec7d8ace44844a77390a3db2ad8bda154050e8ff429`
CRC32	`74791E7F`
ssdeep	`12:t8lxHtwAX8vEJGk8kbaqoAjDs1OrGu4J:t8ln4sGnCoA81Ord4J`
Yara	None matched
VirusTotal	Search for analysis

Name	81bfa88a4b3011ae_change_shape.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\change_shape.enc
Size	96.1KB
Processes	2860 (update.exe)
Type	data
MD5	`60742ae7a3b4664098b6e280aeb8559c`
SHA1	`4359ab5c3419e8fe65ae995595dc8367dc619a3c`
SHA256	`81bfa88a4b3011aed977bba129a87ad05ffbebd3a2f5e8185923e2e3b17084e7`
CRC32	`6F10E2A0`
ssdeep	`3072:rwiFhgBBEBB9HEdVquUZCBBdBBZ2W7Waw0vb/xgDr+vMBB4BBqBBPBBNM9XBBxBv:rwidEdVqbZtW7WaZCDr+v35`
Yara	None matched
VirusTotal	Search for analysis

Name	3469ff70be7ad339_global.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\global.enc
Size	62.1KB
Processes	2860 (update.exe)
Type	data
MD5	`4c36c04e34b0cf35da8537c74e8ac5f7`
SHA1	`ccf1a3ed59e0d54c8a6721d06a3fd77fd7d97524`
SHA256	`3469ff70be7ad33953b8b0b1dc1836c88db4d114ec2ce73cc08102ae89dd0094`
CRC32	`090F37A0`
ssdeep	`1536:WvYJ8knX6vLJ7LXy7aDS2oQEBN3to4ONgZT:5ng9GaD+VN3tENmT`
Yara	None matched
VirusTotal	Search for analysis

Name	32e88ae97a3cdfb1_1_6.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_6.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`6e262a52425a0f5da94ea11832ad3dd4`
SHA1	`23af925df211791d0d5e40aadd3aa44de23371cd`
SHA256	`32e88ae97a3cdfb1ab96ae3cc2b3f35a12fdcd3702340428852a23b5b4dc8f9b`
CRC32	`3BE1C2BA`
ssdeep	`12:d8lxHtwsKsKVqT7Hyqrs+mxSTs0wkeBDA:d8l3KsBnHyqrjmos0NZ`
Yara	None matched
VirusTotal	Search for analysis

Name	c0587c4653ed687e_1_2.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_2.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`c133c9d26b052d5aa7c6420dafa7945b`
SHA1	`68116efdf27446abfeb29eed1b67c34d7f09361a`
SHA256	`c0587c4653ed687e31f6e2fd335a44f1b61ac28df761f9d577e1afefab83bcb3`
CRC32	`F8BDE981`
ssdeep	`12:IlatwAYYtgA0RnYFSViWVEjmLgwa/JpPyYOLmRbjxyQt:IlP1nYFkiWVEjWgwajq9sbjAQ`
Yara	None matched
VirusTotal	Search for analysis

Name	ac746ba2ebf25b75_1_28.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_28.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`149e076e5f04bca031ac62b3caac3f31`
SHA1	`d4ada5fad4ba1336a93741bc382f27c0ac273eac`
SHA256	`ac746ba2ebf25b75bbf772a174c42c5c113aa590c4055c2c397b2c4174278bab`
CRC32	`46EED1D5`
ssdeep	`12:GlxHtwrGG+GAd071hGrqbBdV0xYMi/pCCQAsgdU0/+QX:GlfHGy+fkYMKJxV+QX`
Yara	None matched
VirusTotal	Search for analysis

Name	1199e4c9389c03b6_cont_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\cont_msg.enc
Size	19.6KB
Processes	2860 (update.exe)
Type	data
MD5	`a93c77480648a45560fc08c5692a8fd4`
SHA1	`296dc4ff93f237343980d2df7ceb63ea1376eaaf`
SHA256	`1199e4c9389c03b632e21196efd8462d3002a36220fb7aefeb47785997b78e74`
CRC32	`167F13D7`
ssdeep	`384:/tnH60p+wcVNNDcoVkRbmK0uSxNglAKyQEoabgLXjLci:1a0p+wcPNA4kRbmY4N6qFgLXXD`
Yara	None matched
VirusTotal	Search for analysis

Name	2fb8770638fc29ed_extra_obj_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\extra_obj_msg.enc
Size	1.4KB
Processes	2860 (update.exe)
Type	data
MD5	`50878a2cba73efb117ffec51b647c2f1`
SHA1	`f715246129c3b618bb8ffc3e99c40ac3526c54ed`
SHA256	`2fb8770638fc29ed7c75fd690ab810631a66786e4b6dd414ff76b94165d7c1e0`
CRC32	`D8EB33BD`
ssdeep	`24:L6Nccy4Syl8cMwvuXPoXnvCIi3Nm9MKHexdpoIUEcxSLl/f5prex3l1:mV+cMCeYGm9p+zpon1x8/PexV1`
Yara	None matched
VirusTotal	Search for analysis

Name	a9cdaa9ea4743235_quest.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\quest.enc
Size	190.8KB
Processes	2860 (update.exe)
Type	data
MD5	`e4c8eb79b527829acc2c94d7c5068b92`
SHA1	`9ced12fdff637b3edd0324c07306fa0b3636bd8b`
SHA256	`a9cdaa9ea4743235fabc3ed1617dd1d63e3edb3c024cf88a8ef5f09a9f88b18e`
CRC32	`29E61F98`
ssdeep	`3072:GV+WWiScr1nPUQxXfvMWwj4X3QsFFu3CRyJ+V3e5HW3qdtmmt5M3KxZ9msWM7uwj:G4iSsnPUkfEWwjdsFFpgi3oW6rmAXmsx`
Yara	None matched
VirusTotal	Search for analysis

Name	504476ebbc518de0_1_25.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_25.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`78da2d81bfc823e5daadfaac9747113b`
SHA1	`43da68441392df645c25deec2b456505cca369cf`
SHA256	`504476ebbc518de0ed1b11fb1979a45eac4cc237e157e4efe2162eeb7fcf6095`
CRC32	`F944452E`
ssdeep	`12:i8lxHtw8HGdFJJX8eyfO6yvBV7MVST16ET18TW:i8lpmdFHXrXTYAm`
Yara	None matched
VirusTotal	Search for analysis

Name	e25267568771a2c7_1_260.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_260.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`3559f21e23b01a55eb90ede3f4e13843`
SHA1	`cde1de328195230a0901a934ef434ad968cd80f2`
SHA256	`e25267568771a2c7a8b756714dea9937f32bb2f17b4e38a2652565de2ca1d75d`
CRC32	`102B4839`
ssdeep	`12:/lxHtwAXtRD8pvPpl+dglPd8MWZYYYIa8h+tt:/lnEpXpl+dglqMWIu+t`
Yara	None matched
VirusTotal	Search for analysis

Name	723c2980474190a2_assistant.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\assistant.enc
Size	8.1KB
Processes	2860 (update.exe)
Type	data
MD5	`4e08675f0ff7acd23335a5c0705a2b84`
SHA1	`e053b14019c313d60f8e82ab652b074121291312`
SHA256	`723c2980474190a2511c059fe9daa40aa1445b2e32c3fc019d9e119064091a91`
CRC32	`FCF7EB21`
ssdeep	`192:yJaKQiaYSGF3z9xA8+e41ttkK3iH/ISVszSInv7rMNcx+f:oatp2kJ7tp3iftcvME+f`
Yara	None matched
VirusTotal	Search for analysis

Name	c85dfe0cf10e3bfa_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\msg.enc
Size	67.6KB
Processes	2860 (update.exe)
Type	data
MD5	`e6f5ab2596c90f267b61b060dac26588`
SHA1	`64774df4ccc8b60632e7e8cc103e790750a2a9a0`
SHA256	`c85dfe0cf10e3bfa78f21a5996069c0c2d8412e3f3a8f60e8b219c9b2de312a8`
CRC32	`2633BF21`
ssdeep	`1536:FLRoHisvR1CJ0cFRlU6x6DMHc5APFMtyBMpFk205:FLCN/CJ02RKc6DM857g4E5`
Yara	None matched
VirusTotal	Search for analysis

Name	5a047f430b60ff05_1_192.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_192.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`81b289f8967ac9b7c8fc853cfddb09bc`
SHA1	`98ca5a57330e237e21b9787f665f5c00b2db084e`
SHA256	`5a047f430b60ff05793b94af8ccbe968b0928a8c0475f5e1d4a949a6ee6d170c`
CRC32	`D702F372`
ssdeep	`12:jHlxHtwqczPzCNCc5ulxd5P+iFnEe+cRqmu6+jIsCpKT6:zl3MWNCHZAiFn8coS+jILpKT`
Yara	None matched
VirusTotal	Search for analysis

Name	57d6fb343a2c3501_1_26.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_26.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`08188cf3a06c6530496cdf187df73d04`
SHA1	`286d52742ba6e65b34b6607ae2b9544f1fd401be`
SHA256	`57d6fb343a2c3501dbac50e04bf55aa5a0eddc660db94abb1b4991dd2575a80c`
CRC32	`78907B18`
ssdeep	`6:CM8wiTPUv1cZho01e4cavN3USPrlMjS07jlCVJJDnPrkWrSQLXu:glstMOhiNJZ/AwVJtn5SQL+`
Yara	None matched
VirusTotal	Search for analysis

Name	9f422136ffcc2a1b_1_102.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_102.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`24620a73217303a40eb18e364bc71dad`
SHA1	`b8f6ea342d9e132dd6fa819f6883116b769457b1`
SHA256	`9f422136ffcc2a1b003fb93240c64e2a8b2458433d57c76a3b69f79d624491c5`
CRC32	`A7234FC9`
ssdeep	`12:slxHtwuA6Wf13YuOOrBstegiwenhYKe1iXqjNV:slPA6W3YwrBs9zenhYKCIQ/`
Yara	None matched
VirusTotal	Search for analysis

Name	9232665bc916a27f_cont2_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\cont2_msg.enc
Size	18.0KB
Processes	2860 (update.exe)
Type	data
MD5	`960a2ba3a7cd56d7af9778646e6bce6e`
SHA1	`cf0f812a5782efc44adfdffc3b80dd71aea1016a`
SHA256	`9232665bc916a27f19627b5c911d7b0bfa58362e4a46f652f2542ed599048cba`
CRC32	`32722190`
ssdeep	`384:Fp8x7UlQs8mmH9fMEAdK8LGws+BXu+P/QC7fQfe6yixDCf8:Fp5lQFdfWdDL20X3di7`
Yara	None matched
VirusTotal	Search for analysis

Name	b56cb2edeea07ab2_1_92.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_92.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`0c23651b75b2d660ea55fda2232fe052`
SHA1	`3439cbcabd1f82207513e12bdaa558d44424d7f7`
SHA256	`b56cb2edeea07ab25f0d3cadb5225ff13e82ee0b6a6a5794b56a8fc16c5d2318`
CRC32	`38A6F1B7`
ssdeep	`12:GlxHtwrXNV2iwlQ04Quduqz8iC4yw1972Kt9PLUt:GlGV2N/4QSnCWJ2cU`
Yara	None matched
VirusTotal	Search for analysis

Name	76bf8c3ab703a775_1_55.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_55.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`28ec783b35e615282db6384f72f2487e`
SHA1	`a98548dd3bc70645c1b4f9cb6bc1863a3e11ef81`
SHA256	`76bf8c3ab703a775cf3e6ad11646a79b15e3a61faad4e3ead07bc155848520fe`
CRC32	`C11AF4DE`
ssdeep	`12:JlxHtwIAdmVxAVDO2S16GVNGTa0fGZ/H8dT8NWQ1VQotGVqVj:JlhAEVxAVDfSlVNGzGSUQUGVqVj`
Yara	None matched
VirusTotal	Search for analysis

Name	bf701dd89a13f220_1_145.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_145.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`6324fd248de1d0c9efbf93f2a61b7575`
SHA1	`522b7323a0487fa47f39fd220f29eb91a10d39c9`
SHA256	`bf701dd89a13f2203677ce2373553aa5226d9aa83d79d5a1653d3b0ca359f9bc`
CRC32	`736BB47E`
ssdeep	`6:wlln+8wiTPUv1cZoHLGNLLb+iH8CkzKUIwHRVrdOo+VvvH9R6bhWFXfHIk/AZtl:QlllstMoqVnImeHdkVH9RIWFXvl`
Yara	None matched
VirusTotal	Search for analysis

Name	200fb9e504913613_cont.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cont.enc
Size	46.7KB
Processes	2860 (update.exe)
Type	data
MD5	`7e0c25befefae1c2f955e1ed478f7017`
SHA1	`23267109a178dbb2d023de9897b7eea3aa44bc3f`
SHA256	`200fb9e5049136139b4ac56da949e26903bed95ee3fbe7932eaa7fa35fea6c66`
CRC32	`A72302F4`
ssdeep	`768:zMU6B8IBS6tPLzVKucVt0oeU8MlUBJX7I6U/YOTBSRiRTdWnPhAh2VCOCum2w3bO:IU6lzVKucVtKXM+JX7/FhR9iYgOCmubO`
Yara	None matched
VirusTotal	Search for analysis

Name	f4de8b9a0f20cfb1_skill264.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\skill264.dds
Size	16.1KB
Processes	2860 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`e7e10d30a6e1ac9284ead4b5c69dd139`
SHA1	`58dbcaa482e5d24048707a8d10091bc1334988d6`
SHA256	`f4de8b9a0f20cfb158714eef09d2d6db8bcd76d49b39cf1e4e2fa933f6c5f2b2`
CRC32	`26845AA1`
ssdeep	`192:JiBYJd6Z/HLx8Fp4VZkTCYhjY2dAkyTt:JiBYvw83kkOEAh`
Yara	None matched
VirusTotal	Search for analysis

Name	66d3de8c2b62d38a_skill265.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\skill265.dds
Size	16.1KB
Processes	2860 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`f8e85a0274b8f35aa377c626d5e5a10e`
SHA1	`f896f549f02d0b6c4b0334d75cea3cf99a66d677`
SHA256	`66d3de8c2b62d38a1f9bdbfa35f92b0c4c5160bffcc27c29ef6ee8c0b75b1987`
CRC32	`2389E763`
ssdeep	`96:GZrzdDTzXYGHknC+W7ICKu7KT6wthFteGHRI1ZSUu36waHg/UJQfwm06d1XUZ25:4zlzXYGHkC/mFt5HRuU76TsV7UI5`
Yara	None matched
VirusTotal	Search for analysis

Name	a51f6124fafa6667_1_70.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_70.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`8e7283ec4571b491afbb8ac44d6db230`
SHA1	`ca7317d4743542426bfc5ba2573276433edc4ce5`
SHA256	`a51f6124fafa66678200b326f382e33a841383cd117654097bd841a12c08416b`
CRC32	`02D0576B`
ssdeep	`12:MlxHtwN2N+yEZ/znp9lrl8JYOzSulCBhRMVIcdFJ8d4RE:Mli2N+yEZr4JYnukVMVIcdFJ8d4`
Yara	None matched
VirusTotal	Search for analysis

Name	4ca03ca88092838b_tip.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\tip.enc
Size	6.9KB
Processes	2860 (update.exe)
Type	data
MD5	`ae04249eee1122ba9a760f4090432d96`
SHA1	`2b3f29d186f038fe871369fed842c9bd1993be74`
SHA256	`4ca03ca88092838bad0be40e88c39b712c53eae6a9bbf9d070f3693ccb0be4eb`
CRC32	`7DC1D798`
ssdeep	`96:5ZHONKiCLe1bczg6DybgGUptioHZZTab+cFB4irc/AS0MjktleDD1k23/:5ZHAKDLqbcUNbgxblDo4p/AMj1DBDP`
Yara	None matched
VirusTotal	Search for analysis

Name	8be5d1e9de3864b8_1_140.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_140.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`25d9ffe16d89d767edd7a95169b8148a`
SHA1	`baae2d1d4a70624e789382aa6250dbd163f3433e`
SHA256	`8be5d1e9de3864b86150fd8e091c09f72c8ce1c92c7a6477d5f22156dc76ee2a`
CRC32	`25BAF4EB`
ssdeep	`6:t/+8wiTPUv1cZoHgovjHHVuM89ml1PHZAbIHKfR5RGLXy0HvLdtl:t/llstMoAovroAK0CLR1+v`
Yara	None matched
VirusTotal	Search for analysis

Name	4aace8c8a330ae84_system.windows.interactivity.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\System.Windows.Interactivity.dll
Size	39.0KB
Processes	2636 (cabal.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3ab57a33a6e3a1476695d5a6e856c06a`
SHA1	`dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7`
SHA256	`4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876`
CRC32	`490DC598`
ssdeep	`768:6MazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7E:63wBccZdxuB8mQen6JxKjrlMZgR0Eo`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	66f9ec9536bcba45_extra_obj.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\extra_obj.enc
Size	21.9KB
Processes	2860 (update.exe)
Type	data
MD5	`8217cf0eb16dc06de638f0b58472cbfb`
SHA1	`14c3b3abb3a56508ab3c5cf40acc13bdbb77d0b7`
SHA256	`66f9ec9536bcba455030b5ef579242f4dd2c559a5b2d1dc941b29ca22e2b9d9c`
CRC32	`A65E4FCF`
ssdeep	`384:Tanbl2yMTKdeQ1H2rQz9fOW+hE9yk+n40UiE2NUG/24k913Xkij:WZSQ17GWs4viLNUG/24+kij`
Yara	None matched
VirusTotal	Search for analysis

Name	97d4f51e536601f1_1_38.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_38.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`400a71765ab75d76bff3d8cb64d70000`
SHA1	`edfdb5bba695693a3cce9919b9a672c50485c9e1`
SHA256	`97d4f51e536601f10c11f712537f3b2641c2337fb47dd6d4801a711c96521896`
CRC32	`9FCBBCA6`
ssdeep	`12:slxHtwRR2wffg3EQ6reG2MYUluxp9hwr4:sloMqx1eRfr9x`
Yara	None matched
VirusTotal	Search for analysis

Name	917d0908b4371943_main.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\main.dat
Size	171.0B
Processes	2860 (update.exe)
Type	Maple help database
MD5	`5c76d529171bd1e07e258d342ac7e59c`
SHA1	`9781c06569223e24614137e8914ea2cc85bd0fc6`
SHA256	`917d0908b4371943c4168344a36bd3f862685bc29450a18ea93acfb111dc9dec`
CRC32	`3757D97D`
ssdeep	`3:oll9llulnlvlklsl1lslslslslslslslslslslslslslulfltltlsltl5ll:olWycWWWWWWWWWWWWWUt1tW1`
Yara	None matched
VirusTotal	Search for analysis

Name	780c4ec153884545_world_01.mcl Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Map\world_01.mcl
Size	8.4MB
Processes	2860 (update.exe)
Type	data
MD5	`acca93554adc46c007332791984b34b9`
SHA1	`38bed29d839b04c7ae84d92e28f484a16da1e640`
SHA256	`780c4ec153884545d789ac2eb99ea610aa862cdc13c3a9f25c85efdbaf912122`
CRC32	`4E40DE03`
ssdeep	`98304:d6y47QrhAzg5lAdQxWoIpPfMv2OfIZ+icUK:d/4ZgKQIriv2OSK`
Yara	None matched
VirusTotal	Search for analysis

Name	a21363ab67c7bcd8_1_136.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_136.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`a9872beffeb256d59e788d7971f65166`
SHA1	`6baf9ba655c1105037b629c445644948c9811c15`
SHA256	`a21363ab67c7bcd82d710f666af47dff51c108b307e6c720b5b38dacfb8615fd`
CRC32	`46FFCC39`
ssdeep	`12:h/llxHtwTLFw+2s9BunKIof6Zq65MJAT0VY/Xnqg:Lluht2GBunwbJy3`
Yara	None matched
VirusTotal	Search for analysis

Name	3061cfdfe0cc051d_1_43.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_43.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`10ce7b1b2a95135e2006e801e86c4dca`
SHA1	`c1dc01dded992a55479582547fa9351ae9bc6f69`
SHA256	`3061cfdfe0cc051dc2bc600bd49d230dc5638fe75e6351342e88c59af02b6a30`
CRC32	`8C0C8796`
ssdeep	`12:l9llxHtwAUGqEVtTutaY3/Nl6+4vfmuQqOEn0psGOryE8o6:lnliw1sd0LOuFGUw`
Yara	None matched
VirusTotal	Search for analysis

Name	c7580df9e969ac3c_keymap.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\keymap.enc
Size	3.5KB
Processes	2860 (update.exe)
Type	data
MD5	`e5372420148ab6d0670434784adb5fa2`
SHA1	`205709b3ad08b17427073ea0b078eca2eb6e9120`
SHA256	`c7580df9e969ac3c69679bc772a578a1fa9be49f13626dadb7b1874886129acf`
CRC32	`94C31392`
ssdeep	`96:VdwkY7yCrPsKyo7PXLTxYfhRGzI36WpGFIEIhC:7wkXOEo7PXLqJ4zIppG/eC`
Yara	None matched
VirusTotal	Search for analysis

Name	d2b22797a960880b_mapinfo.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\mapinfo.enc
Size	3.5KB
Processes	2860 (update.exe)
Type	data
MD5	`0a4a8cb4b2575fffe95d59a10da86939`
SHA1	`7c70c5a34e5740fc10dbd22757a2b84063a6846a`
SHA256	`d2b22797a960880be83238b470e08c38c7bc9f374bc2e50cdb50dfd38ea873d0`
CRC32	`CE91B66C`
ssdeep	`96:OgBaK6/yFtKO88Wa84NKvPvqkPCf/5ly/2N:OTsHKqO4YXVPCf/5Q2N`
Yara	None matched
VirusTotal	Search for analysis

Name	0c886309b000b7bd_1_105.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_105.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`04a869dbdb996b6aefaf7a889de05a99`
SHA1	`631d96ec2db8832ccdb282e489b12e2b96a73899`
SHA256	`0c886309b000b7bd304b854d8af398c52cc6ff0d86763347100ebe85817809c6`
CRC32	`68CAF4B6`
ssdeep	`12:PlxHtwLl15iiHGUYKcE5EiSGnK/qB9zmLzvmo:PlC1i9UYKNUMK/WCvm`
Yara	None matched
VirusTotal	Search for analysis

Name	f65d5932a5930f5a_1_167.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_167.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`17d6bf2b0d4c1a4dec71d099e30f7a1c`
SHA1	`587ac3bf12d52690ea6b0c5c5acd4dffe50b108c`
SHA256	`f65d5932a5930f5ab8c3f1def32d09e15a04da5f236c2fb48030e3e0ebbaf1f8`
CRC32	`E22A5639`
ssdeep	`6:2nl+8wiTPUv1cZCUzTHZqcXYpInyNHP+K1P6Zy4HHgU6:2lllstMCqtqcXYpnvj16Mog`
Yara	None matched
VirusTotal	Search for analysis

Name	dfe652dfc0a20541_1_27.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_27.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`8a07b6fe6ffbfcf132678b27496057c4`
SHA1	`3acda51d416d8f70b3405547e43cc1b833dde647`
SHA256	`dfe652dfc0a2054134512035eb3e38360f0ae8ff0606c1bc4bb16493d731bd61`
CRC32	`A7E668B6`
ssdeep	`12:V9lT5TcIn+MtbgblmYySyX2w/m0qBCvUXDjpD4VzuzFJlhzu16fglI:VnTdBn3tbwmY0XR/NvMDAzuzFpoVl`
Yara	None matched
VirusTotal	Search for analysis

Name	ee53bbf74bab5965_1_149.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_149.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`416130ed8dbfd8e20832ac19a8371220`
SHA1	`f11ada76bdc54fed01331a959671cf592e7672dc`
SHA256	`ee53bbf74bab59653032de704962abf6fdf90e94cdb05c21ca770c9c907d3600`
CRC32	`48FED311`
ssdeep	`12:0lllxHtwALvfxvrOXGvyMoBNz4P8gk9BVjRsPKM4clhfaCFNU/:cllbvf5KXGqMoBNz49k9BVj2PPfaC7U`
Yara	None matched
VirusTotal	Search for analysis

Name	f97deb662f9aeca7_1_246.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_246.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`2c50acc68952e8a5d7bd533b476b1c5b`
SHA1	`11a973d10303497b6548ea30b10408e3e4793b4f`
SHA256	`f97deb662f9aeca76ff70745a1278cc101f53ccfc61988cf122306c08e9cdd2f`
CRC32	`7E7CB3BF`
ssdeep	`6:jW8wiTPUv1cZlhkZwVGvef7xYeVE/VwXOruHNYWunfZA2ZOl1:jNlstMlhDGveftz6VutMf62ZO/`
Yara	None matched
VirusTotal	Search for analysis

Name	cf7c1d0467e2363f_1_193.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_193.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`019ca666d9fc9b4c28ffcf81246de0f7`
SHA1	`fdc6d03ef190203315d0f521cd7aa7050b07f111`
SHA256	`cf7c1d0467e2363fb17b0a131599189384334f032ea7f964e5fb764d46911f5f`
CRC32	`4417EDD4`
ssdeep	`12:GlxHtwYP0i4fXtBBsIsIAwbMwqZ9qhHOL1DWsTHc7:GlKxyIsIAkXhHO9/Hc`
Yara	None matched
VirusTotal	Search for analysis

Name	1371f2e297ed2476_1_12.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_12.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`a70665b2c6fa2b8bb40c2232253f40c8`
SHA1	`75a7499a0bf74baf956a96d3c0916af795d9a1f9`
SHA256	`1371f2e297ed247641dec8a676c8ce7e6f357e8b7bed810020a5e1dadbcdc711`
CRC32	`39F60B91`
ssdeep	`12:2lxHtwWQnX4u3TTEKmWbg3/fxmYAmo8iPD8jfTwg86:2lz8EnWbg3/fxmZmo8iP4jfF`
Yara	None matched
VirusTotal	Search for analysis

Name	b747893b2e6e6541_caz.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\caz.enc
Size	2.0KB
Processes	2860 (update.exe)
Type	data
MD5	`d82d85ac633a1e56007108ee63a7862d`
SHA1	`b642ce0f770064692b235b04435f64dc1d15888d`
SHA256	`b747893b2e6e65414e75eaa48b4867ef877c237f90e84c2cc93f15c328ffd454`
CRC32	`A3BD6FE3`
ssdeep	`48:wL6Pl/op555VJGov0kKiex95WgWALg6aM8orkiCx6jZBznLv4w2+:wWRq555aov0xi6knALg6jexEBznLQz+`
Yara	None matched
VirusTotal	Search for analysis

Name	996a7dfa200c652e_market.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\market.enc
Size	11.2KB
Processes	2860 (update.exe)
Type	data
MD5	`9f6ca6a00dcc263d352fdc732d3f80c8`
SHA1	`23fa20b6bc43d8da51d307974d884f896c7dbd86`
SHA256	`996a7dfa200c652ee9b6d89117901c13b9ced3286ec889ff9375d4a693aba816`
CRC32	`C075935A`
ssdeep	`192:TF6Sil5QrY8gADkIBRDNTk78T+R+GkMEmeJngkSaxp/f0frGGWIpa/xuN/VVlap:1ilKU0DkKlNTkc+R+GkMEmeCkhV0qGWh`
Yara	None matched
VirusTotal	Search for analysis

Name	b34d5fd83eb06c2c_1_31.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_31.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`7036eff9dbe8affe9458b79e5655ee35`
SHA1	`4223005576cad6f8dd0f8a8570eed9c7345690dd`
SHA256	`b34d5fd83eb06c2c8d1c6ef72289dd4fa65320d9ff07986e95e69239cb065007`
CRC32	`F241FF7B`
ssdeep	`6:R9+8wiTPUv1cZ0++XpOVJ7HA90RIW8csfvE38su0HYxN:R9llstM0++XpOVNH3+pcsk15HqN`
Yara	None matched
VirusTotal	Search for analysis

Name	6ac0ce60bc21d383_1_1.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_1.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`033ab254c163458453a94a621a61c9e7`
SHA1	`8ee6588a9e23bd7741b73b444585dc533367c18e`
SHA256	`6ac0ce60bc21d38308bcae53d1574dc3057830789b08e7296faf45b97a2878d4`
CRC32	`62B75D5F`
ssdeep	`12:nlZHtwnej2u2FnNGsK7PrKub7eK9SRvw+VEHCepzL:nlvj2TNGsKX2A0vwS3epz`
Yara	None matched
VirusTotal	Search for analysis

Name	2ec4129eb6311a43_1_219.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_219.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`68f66f4fe5d0e47d544d6ebc232e7119`
SHA1	`e41b50e46d5863b2f368f93f2fd8c438d54734bc`
SHA256	`2ec4129eb6311a43de6b093d64782a3b1c1cdbc81a4f303d0f60424bf5f9320c`
CRC32	`9F20A24C`
ssdeep	`12:anlxHtw1bHfXjLtlRpT76whFA4cjn8idOlzL0b:anlIJlRpf6ynM8iCo`
Yara	None matched
VirusTotal	Search for analysis

Name	9eb713031608a624_cabalmain.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cabalmain.exe
Size	14.0MB
Processes	2860 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3f27f89a1536e225cab60a6a7c19ba93`
SHA1	`ff10108b5a699969c5ee82d9e6ff820dbaaf19f1`
SHA256	`caef9b4f0df52e789fc686b763a7d9e6d2568356a322231a29b62fd30424cf5b`
CRC32	`52C8869A`
ssdeep	`98304:XSEun+CgH08FenkKOKfiJnfXdvPt5xftZUCIxCE6S5tAI9pWa1xYWF3WVikEnbuF:un+nPJtZP3ERNtFkEnbkv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Network_Downloader - File Downloader anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	a85588254befc719_1_91.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_91.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`78db2f6a420c4774ccda6abbb27625ea`
SHA1	`6580bf0234af395cf14c25687a69e2f767a996a0`
SHA256	`a85588254befc719b08d06c37486dd184ce8beec73075ec4e303192e6c02db2a`
CRC32	`ABAE98C2`
ssdeep	`12:9lxHtwAtDEIcuQ78dTuauMtgqf438pbFtboqG9XaQcabD:9l5RcuQWTufWFf438pb7UlaQ`
Yara	None matched
VirusTotal	Search for analysis

Name	102b8eb41c2cbfbd_1_50.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_50.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`9582df1c1f896ad2186987949f3bc466`
SHA1	`d21559882936da39aef8e2126e6e11e808b9dd46`
SHA256	`102b8eb41c2cbfbde98217a1d1a41bac7a9e87eb11d25c807b9555af9f4c137d`
CRC32	`6016739C`
ssdeep	`12:4lxHtw+VSLClHAFl5X9GRVqSX+92aurL4nCTLmtMoh:4ltSLCpAf/GRVqS9rLHLcMo`
Yara	None matched
VirusTotal	Search for analysis

Name	e5f6ed0c70d8e2e1_mainex.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\mainEX.dat
Size	285.0B
Processes	2860 (update.exe)
Type	data
MD5	`242b66f61d075f06316774148ed7b361`
SHA1	`ee9f46a214cf07be556f91ae755ed3f0d69e0878`
SHA256	`e5f6ed0c70d8e2e172f0decd93ceec55341dc6d0dc910308129f364645f64180`
CRC32	`7718D350`
ssdeep	`6:TwHzdt1t191qNWWWWWWWWWWWStg1WW1tWpslXd1:UBH3qUoEXX`
Yara	None matched
VirusTotal	Search for analysis

Name	6897772232b71991_1_62.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_62.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`cd5c1235d1c22a7b751a3562e00f4a0f`
SHA1	`d1ee930908374bd3e2a2ed46814c5853fb7ab9a2`
SHA256	`6897772232b71991aad6a3de714f9fe361e33752bef3574b9bb58a71390a56a8`
CRC32	`305A2558`
ssdeep	`12:ElxHtwDqdbZ9E4n8UYykPlJR0DStiQEjvOt:ElUqdLEJURktJR0DStiQEjvO`
Yara	None matched
VirusTotal	Search for analysis

Name	2dd55194e99a61b8_1_230.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_230.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`ea11413dbcce3ce5e9d256f8efd9b79b`
SHA1	`443a9c81a30245e5b3ecd19d5737c5a6ad042b8d`
SHA256	`2dd55194e99a61b83263664c29b8e05f1390d598be914594cc6ed026b00df85c`
CRC32	`787232D9`
ssdeep	`12:JlxHtwwhTSp7umdAeDF9CN1CnPqGcOnXUHvvf64PE7gDr:JlUp7uUhCYbc7f74g`
Yara	None matched
VirusTotal	Search for analysis

Name	55bd9ab64a2ca747_1_30.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_30.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`68249cfb0bc23e050d6552921d03890b`
SHA1	`cce43b749c56872cdda05b3dea5564ba00b83a7a`
SHA256	`55bd9ab64a2ca747951cf60f6fd6366a39328e7d4f3c9a9b03bd4d96865794e8`
CRC32	`C9864E1F`
ssdeep	`12:klxHtw3m9HYOTh6Ax0NHqWLXdMemZK9w3lerXZqv8UT:klAmNYOTrq7LtfvwcJS8UT`
Yara	None matched
VirusTotal	Search for analysis

Name	e2a2850b894a4a68_1_135.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_135.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`a201563b2ccb94395a33c5c5a0fee052`
SHA1	`ecb6cb16bdf77e223859961db3696af0f2b0d933`
SHA256	`e2a2850b894a4a68483b443f3176a45dc611aab073d1f6eb27ab84fde4682d15`
CRC32	`8EB05229`
ssdeep	`12:W9llxHtwj9t4NIaYxoIEoHRUR9Lvt6KEgV8DCxgRAC:8lC9tFaDQ69LvkKE28D4KT`
Yara	None matched
VirusTotal	Search for analysis

Name	92576de5802173fd_1_51.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_51.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`57a320d48bc32558939e1d5f4023cf77`
SHA1	`7d41c13b5122054182a0b06f88e1928be946a3ec`
SHA256	`92576de5802173fda46411557f2c8c375e9d032635c0250a89597e1e158b4196`
CRC32	`E10C313E`
ssdeep	`6:u8wiTPUv1cZyeWcwVSVEKelrmlPS+zgpYkqumnUFNdt:VlstM3WcwVSWKzPS+Omydt`
Yara	None matched
VirusTotal	Search for analysis

Name	80554f949bdeb3fa_1_202.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_202.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`9dc904c662e8a72dff140676f43496c8`
SHA1	`4a34ea8c48f1de2c944caec72c216a0fd157e103`
SHA256	`80554f949bdeb3fa528c21013491c5fc099ad51acc6ccf2396f29f22a24342eb`
CRC32	`8259ED10`
ssdeep	`6:fW8wiTPUv1cZL4dVic9rV+yQtGvweyIT+t:fNlstML4d7+yrvwo+t`
Yara	None matched
VirusTotal	Search for analysis

Name	f83fd1aa330fecf3_1_103.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_103.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`cd92b546904580d995a1f53ff223735f`
SHA1	`892d7bd5c4cd6c72877cbca94496a7f7a6998dee`
SHA256	`f83fd1aa330fecf366ebd3fb56a2457944380578f2b592aca935769a97df4636`
CRC32	`0A7798D7`
ssdeep	`12:59llxHtwgUCA8HW63fbHD0q15mN7B2rwX2HeBqQV/If2xrp:jllsf8Htf/0Y54IMX2eBN/If2xr`
Yara	None matched
VirusTotal	Search for analysis

Name	0d46b5402a427421_1_184.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_184.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`108e6b4c58776cc651d27e43c3afaf09`
SHA1	`88731c5415c207173c193c4ac261129d1db8e705`
SHA256	`0d46b5402a42742145059569781bf5ac8ac1a1248d6f02fadddd27a2c1e14d20`
CRC32	`C9845D48`
ssdeep	`12:7lxHtw60XwiU4VyUsoIf0gtFwx43uvQ3Iu5dq:7l30LyUs3f0WlgY`
Yara	None matched
VirusTotal	Search for analysis

Name	9d9afc6eca118051_ui.dat Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\ui.dat
Size	1.3MB
Processes	2860 (update.exe)
Type	data
MD5	`db2bca626df876d44b7f791b38c96528`
SHA1	`fb11e71783cfcdff5d5032fe85c425c3130462ee`
SHA256	`9d9afc6eca118051a3ba85fe83057a434eaca6f121e777d271fe646a5494bb24`
CRC32	`82FF11DF`
ssdeep	`12288:YCx/DdqBeZg8ZEJ8Ry6Ja4qP1gX4gAx0l3WeWradkxrEFR66YiRW62hzz+jdRi5s:ldqBeZC1xrE2TB8IG8`
Yara	None matched
VirusTotal	Search for analysis

Name	e99d16596bd316d0_1_106.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_106.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`0d0f3536b4c53e199fdc9e84368266f8`
SHA1	`66e64d2f52e3c597aca6b9900171e13cd74a1a88`
SHA256	`e99d16596bd316d0407e446f3871c07e2e891fb479df584868f765c45f876e83`
CRC32	`0F0883EF`
ssdeep	`12:wlxHtwwj7UJgCMqa9awGfdBqwK5O0BRwxEZ9wmX:wlP70gyzfdXKk0BRYEbwmX`
Yara	None matched
VirusTotal	Search for analysis

Name	2901385e22ca11ca_achievement_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\achievement_msg.enc
Size	31.6KB
Processes	2860 (update.exe)
Type	data
MD5	`0c865a2f25737f47ed25c6b3229d6343`
SHA1	`ac55d05b2b07a598795d901b6edde6f178475ca6`
SHA256	`2901385e22ca11ca59eac70dab7f033acd0fe02da0cc14379692276a3e538251`
CRC32	`8819F038`
ssdeep	`768:6PR575nwr0Qt5/TEmFbYf4ym5U9W5Hexr2OXnyQq:6TvQt5wmyUlexrbnLq`
Yara	None matched
VirusTotal	Search for analysis

Name	73d545e70fff169e_cabalmain.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cabalmain.exe
Size	13.9MB
Processes	2860 (update.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bafbcf7b57b3e23f03be1be419517ddf`
SHA1	`ab32954de44bf60d82e15a05bce199573454c5e4`
SHA256	`73d545e70fff169e2d1c3e0c7606d41ec3d17815d45c2b2bffc26c916048ea84`
CRC32	`EEA986B2`
ssdeep	`98304:XSEun+CgH08FenkKOKfiJnfXdvPt5xftZUCIxCE6S5tAI9pWa1xYWF3WVikEnbuF:un+nPJtZP3ERNtFkEnbkv`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Network_Downloader - File Downloader anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	933f298cc5916559_mob.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\mob.enc
Size	85.9KB
Processes	2860 (update.exe)
Type	data
MD5	`89f2c3a796c82645f249734da51cde2c`
SHA1	`b6993076306506907bc4fd32eb7b0a2dec6f9833`
SHA256	`933f298cc591655907c41633813f0b1f49277ebd36100dfa016c4ab4b2a10fe3`
CRC32	`06D1548E`
ssdeep	`1536:J1h5ZYy/5NQbhr0aeI0E8mJxZ5UyRiqb+/IkTXLbwa1qEFPpN:p+hQPIJLUyPy/IKXQHIPpN`
Yara	None matched
VirusTotal	Search for analysis

Name	a1e1d1f0fff4fccc_7z.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\7z.dll
Size	893.0KB
Processes	2636 (cabal.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`04ad4b80880b32c94be8d0886482c774`
SHA1	`344faf61c3eb76f4a2fb6452e83ed16c9cce73e0`
SHA256	`a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338`
CRC32	`C034F035`
ssdeep	`24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) Microsoft_Office_File_Zero - Microsoft Office File CAB_file_format - CAB archive file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2d0942eadefa98a8_skill266.dds Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\UI\Icon\skill266.dds
Size	21.5KB
Processes	2860 (update.exe)
Type	Microsoft DirectDraw Surface (DDS), 64 x 64,
MD5	`292b5d31090b3fb40ad27110622ba402`
SHA1	`8901edc134bffdb162539dc89195e01eee324f97`
SHA256	`2d0942eadefa98a8864167752c31927b294e3e3f611d7bee2419608a83ad5b2c`
CRC32	`02768F6B`
ssdeep	`96:GZ+x0pnSc39vIb23rg5eUTjWAzYBfwiFc20urwztb5GvWwBkUGZO3pThrZKFo:AH3FIbg34ZzYBDFcHztMvWykX0BBZEo`
Yara	None matched
VirusTotal	Search for analysis

Name	3389ae2634025968_1_3.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_3.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`290d27b398edbfddb3661a946f19aca6`
SHA1	`bfb1d3181a6f4906631049828bbecf84318c8881`
SHA256	`3389ae2634025968e080ba419c5f147fafe373da91d51bc1892b2faf5acec821`
CRC32	`1DC29152`
ssdeep	`12:llxHtwAIDUst46FzpQ4H4ZmAM+GxhF1AFuUTyJ:llP6rQNMAM+GxhAFfe`
Yara	None matched
VirusTotal	Search for analysis

Name	d7571f5dc1f04c01_update.exe Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\update.exe
Size	6.2MB
Processes	2636 (cabal.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d4318770944feebcb959c1318304be0f`
SHA1	`52e368d03d786e2af931d03037f9219711b23c96`
SHA256	`d7571f5dc1f04c01454a218f802adab6c1afe23beaebcf0e45fd05cb11189c2d`
CRC32	`98FB6B14`
ssdeep	`196608:688mbmIklyu9YIk1Ig7Hl+6Dj9estYwba:Ww0hkXV7tdb`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	bcc61afb85a1f75a_1_8.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_8.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`0b2548c94847f29ca12b70ee4c4bf6d1`
SHA1	`08d994b5d5d48e4df58bc0d575ac4de2333753b4`
SHA256	`bcc61afb85a1f75afa514043952782301af4b60d461ca418be3231ebaa6c09d8`
CRC32	`362A4A7C`
ssdeep	`12:j8lxHtwAW8g//IoNr3sDS//9oaeyvRyB:j8lmZZNqBaeG`
Yara	None matched
VirusTotal	Search for analysis

Name	c7defa99e679f2a6_1_166.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_166.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`c1e2317e87796e208e35e29342b0ea9a`
SHA1	`e7f6a6040ca5dbf4438c61b715bc625a56d8748c`
SHA256	`c7defa99e679f2a6f6538ef94e7e2d9914ec2f0d84621b98731fc52a0364f517`
CRC32	`FE942BD7`
ssdeep	`12:zNlxHtwAZdlzMKpzr4lpKVpg3+0dUTrEaEdkNRhAssn4Tnt:zNl1gKpX4lpOpg3+0dUTgx0047`
Yara	None matched
VirusTotal	Search for analysis

Name	7629999957a37afd_1_232.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_232.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`11ebd74f81d2a61775d511cbd84e5d11`
SHA1	`84697e5b139668349360afebd3f1ab7ce104e85e`
SHA256	`7629999957a37afd9e86288a3c758a21b47be0b1464b875baf6d9e5774c9308b`
CRC32	`F6291571`
ssdeep	`12:B/llxHtwwfAaN50WYKi4L7quGsfS0WoW2zKAeI3Dv5+/jKwQSmFf:rloaN50J98uu5RoBkDRgjKwHyf`
Yara	None matched
VirusTotal	Search for analysis

Name	4d5ed5732cfd63a6_1_227.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_227.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`de2c4dd25e6db69d8cf5589ba0eea5d1`
SHA1	`2375bdaafde2c5385105925548b780cc8ad9111a`
SHA256	`4d5ed5732cfd63a62875fdc27828d24563e2ad70943e73fc3775f0b23f21f6e8`
CRC32	`3BE65DB7`
ssdeep	`12:illlxHtwFTDKH4XinfTqtbPSk3dsKxo6FyAs0UcpVKKWKxsxkTL:illlYTDcLfTAZdsKxm50bIKxuo`
Yara	None matched
VirusTotal	Search for analysis

Name	98a22ad05beaaf22_1_40.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_40.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`4e25921f923e73ea150bfa036d8148bd`
SHA1	`d61e8db45fa57ae4429c1391fce978e0df78c96e`
SHA256	`98a22ad05beaaf2263fde99245fc6a89c6a21cc1b1337e94863d7ac9aaa58351`
CRC32	`F9218C70`
ssdeep	`12:ilxHtwV1u2OibZTHoYvTGp2YIimj6u83RwtH:ilq1POgZDjv6p2lidu83GtH`
Yara	None matched
VirusTotal	Search for analysis

Name	a449ee3446829302_ui.dts Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\ui.dts
Size	48.4KB
Processes	2860 (update.exe)
Type	ASCII text, with CRLF line terminators
MD5	`812b2cce3ff47d425f70df8f43003da6`
SHA1	`1548bf61592e17c57f2e96e915037d4369fc4180`
SHA256	`a449ee3446829302ad3a4992605ff157885d2c255293a45c60827883dc8decc0`
CRC32	`3B38FB34`
ssdeep	`768:1wl+vlvx85ONLAOsxonLlPW8+ylCBoUvrMm/ey:S+9vxgONM9xoLlPW8xCBoUv/Gy`
Yara	None matched
VirusTotal	Search for analysis

Name	aa5175bc6c18d2d4_cabal.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\cabal.enc
Size	398.8KB
Processes	2860 (update.exe)
Type	data
MD5	`0aeec1028e60be3d8212cae298fcbb89`
SHA1	`7aa67eb7a2b943962a9f9072b4c42ea429ff8321`
SHA256	`aa5175bc6c18d2d4da9e7e6e5bb9072a180bdf5f78d337bca2de1f83832667a2`
CRC32	`F0BBDBBC`
ssdeep	`6144:T8m8S0NFXXJdJip+g9B7FaXVmw0snSnzjcOJtmjd0+vq6Z4vYKxWDPnMiV:T8m8jjXopR9PaDnSXcOLZ+nw/WTnMiV`
Yara	None matched
VirusTotal	Search for analysis

Name	0796650764c8539c_1_16.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_16.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`a90af17c0b35c7dffb48a3ae15e4901e`
SHA1	`9c1ecda09415638395d590aaa1c55dc3fd58e71d`
SHA256	`0796650764c8539ceafff71ad02c85737be2df0fe6a3579d8a7d14ca1921f173`
CRC32	`CF26C3C8`
ssdeep	`12:78lZHtwDdiv0Z6+kgVVbJxNN9wEWwS+audLaUEygLmQt:78l228zN7wzYpQ`
Yara	None matched
VirusTotal	Search for analysis

Name	83f907be9481b3ad_1_186.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_186.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`23961d829ca743ef76852f57cad8cfb5`
SHA1	`94e68ea98437608fc5d6bf636eab4c7e1a1c3140`
SHA256	`83f907be9481b3ad35363536f082e578f6cbe4b162ce751960e3009ff76a8fdd`
CRC32	`1C896CA0`
ssdeep	`12:vNlxHtw5LRMMSGrtvzWWnGGqJrHVJD7nEi5ZVUyP2F/y:vNl+KGBvnnGZr1ZnEghw/`
Yara	None matched
VirusTotal	Search for analysis

Name	93f3b745b918a594_1_14.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_14.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`83767d699d4fa6586a0591fa6ba8ffcf`
SHA1	`16e6f421d3ba448cf32279c18c7d538046e1312a`
SHA256	`93f3b745b918a59446ca86c931e0714c61d505715bfaad5d9c11394d49a08b07`
CRC32	`BFC5C2EC`
ssdeep	`6:ea8wiT0v1cZwsdtbCrwVe7tuxC4wi1nTzJfAa9g072G:V8l0tMwsXbCrQn5nfusg07H`
Yara	None matched
VirusTotal	Search for analysis

Name	fe12caa33d6bd7d7_1_37.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_37.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`3d8201fe91f0c7c43db9f8763613a1ce`
SHA1	`afc72b03697bfa731c6228fe6cf0949bafb07bf7`
SHA256	`fe12caa33d6bd7d77591a5109017d7b1b24b9d422350141a2b288c2e1488ddf8`
CRC32	`A3E12C99`
ssdeep	`6:5+8wiTPUv1cZ/pS17KKbYwnHUYb/vs622IVx3IcNN4V7waEhLxYl:blstMM7KKb3U0/32bVx4cP4GaE8`
Yara	None matched
VirusTotal	Search for analysis

Name	431d90dc16465cbe_1_143.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_143.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`98abb0abc82cff5d8e5abfb5038cc246`
SHA1	`5e47b4264069bee8eae6a04a0c792aef40e167ba`
SHA256	`431d90dc16465cbe69cffa136e59ef1910ae4f45c213a3509b02003e13fde5d4`
CRC32	`E13D8730`
ssdeep	`12:+nlxHtwQWCK1HnXoO6/7ysN4iwAFtCQ3F:0llHaHnr6/usN9D`
Yara	None matched
VirusTotal	Search for analysis

Name	85ae8f2aa4d3cd29_1_18.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_18.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`1e9484c204c00f9bd7e1ae35f5e8e9a0`
SHA1	`6b0cd22dabf0492983aafb69e037005b1ead5c78`
SHA256	`85ae8f2aa4d3cd2934420a1c8bdc20261310cacd509a2a6222e273853948e6a4`
CRC32	`5833168B`
ssdeep	`12:YlxHtwAm0zskvfDFy4/ODi7PM9bxT4pfAFmtrv:YlHv7Fr/SxT4hAQx`
Yara	None matched
VirusTotal	Search for analysis

Name	9fe343ec43ac788b_1_23.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_23.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`fc43da15967e4013e651ca784c936f07`
SHA1	`12a23b3057f27e450dacbb01d0ae53de60b9da15`
SHA256	`9fe343ec43ac788bbd2182df063df7ac9667b23361af6e5135a3643b37adc442`
CRC32	`202A0888`
ssdeep	`12:08lxHtwyX19L6Qrg4gPMM1liV4HddynKRA4eqjb1n0:08ldl4QdgHiVIUsgqH1n`
Yara	None matched
VirusTotal	Search for analysis

Name	d71d5a27213931de_1_66.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_66.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`eaeb8acaace9c3278ae71cb81323b9e9`
SHA1	`5dc3d0cf44d167a53873c8c388d8b067e6e01ba1`
SHA256	`d71d5a27213931dee93c5f71c5976312dadb745678212b85e8545ac59c13cd56`
CRC32	`67808776`
ssdeep	`12:IlxHtw3Ls/wzL3HGKvOT/eDpcTUo3ySW29m:IlZwzL3HGKDKgo3yU`
Yara	None matched
VirusTotal	Search for analysis

Name	9abad2ca033b1616_1_19.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_19.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`5f9a99e792331d83ad954ad50547dedb`
SHA1	`f8c72962c63a59846143791ddda87b4f2da76e5a`
SHA256	`9abad2ca033b1616bbe18591409a423b517978dfab57694b93f603186ffe9b61`
CRC32	`A0DBDC38`
ssdeep	`12:I8lxHtwpLCVj8WgGt9Nm/TUcHQDaIk4w9Kt:I8lq0DgGt9NGfH2SK`
Yara	None matched
VirusTotal	Search for analysis

Name	20fd1e7ec73ddb2a_1_5.gld Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Guild\1_5.gld
Size	1.1KB
Processes	2860 (update.exe)
Type	data
MD5	`47a320c990d1ea02803929a0ace1ca0e`
SHA1	`9a2fc9c795adaede5bbaa98f47d7b80997904651`
SHA256	`20fd1e7ec73ddb2a45aa71df5aa64c6592f9c7665dca675a44ddc05376fffe17`
CRC32	`FDC75930`
ssdeep	`12:G8lxHtwAPYerrHW2AuqKzP5+BntMsuttn2559H:G8lfZ2phBtMsYnC5l`
Yara	None matched
VirusTotal	Search for analysis

Name	6ad497aa9491e175_caz_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\caz_msg.enc
Size	2.2KB
Processes	2860 (update.exe)
Type	data
MD5	`aaa976e03eeaf3da31e92bcbc5857cbb`
SHA1	`9d9f8085b020d5964dfe4d0f8183c066c692f0ce`
SHA256	`6ad497aa9491e17532c13aded4df295655f4f39218d091981eca8d5abbab0c72`
CRC32	`55D47D63`
ssdeep	`48:7Hnsh7Q8/apCXMQBdQHtIsxBIGdXiu46HAxm8b3tSY/ZEpPJJt:7HsV/ACcQ3QNhnzexm4dS8eP/t`
Yara	None matched
VirusTotal	Search for analysis

Name	5e7886723993a3ac_xdata.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\xdata.enc
Size	25.9KB
Processes	2860 (update.exe)
Type	data
MD5	`e454cbf65ea9764d09553c41385ee2b4`
SHA1	`bd5dff42218d9e1a64ccc33bf9b75061e4508555`
SHA256	`5e7886723993a3ac3324915d982664440a3b14a5f86fdc157a10884e1b644f71`
CRC32	`6C1A9529`
ssdeep	`384:2J+s8B3nt5zw52K7lP9v5gZE90nXLSF1G8iIAGE9d32KUZDWfsKJ4XnNWXtF8iO0:3B3t5+99uNLF8lEvuQ0nNWDQjG`
Yara	None matched
VirusTotal	Search for analysis

Name	fcb7bdabd28c123d_item.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\item.enc
Size	167.8KB
Processes	2860 (update.exe)
Type	data
MD5	`30b8cc6078a601f9b093069b86bc747a`
SHA1	`542f8134adb8bacdb7c4bace908f4e0ec8f5cfa6`
SHA256	`fcb7bdabd28c123d6d8ff208defbda1f6bae7da44aea2571625ce9ce90535fb7`
CRC32	`31EDB667`
ssdeep	`3072:wxvmRRYK6p+8v/OcPvU7IgIp29Vnq84b5W4Rh0cyaXSu11U5pMrtkNsjFsnguFxj:wdmRRYKNcPvUshp2rR85W43SH50taHRz`
Yara	None matched
VirusTotal	Search for analysis

Name	51a1ea883be84977_cabal_msg.enc Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\Data\Language\English\cabal_msg.enc
Size	571.3KB
Processes	2860 (update.exe)
Type	data
MD5	`0643eb22a87773c9473a21d93901cffa`
SHA1	`729b4c5eb655c8275ab72c78c4299f7b51f75f69`
SHA256	`51a1ea883be84977d97aca0c67d9caa6b027d52fb65305bb35fb9226879399f2`
CRC32	`881AF05B`
ssdeep	`12288:uW3Zvx2kGCvjdWHe5r/t30TXOLgYJl5F+gNFR8l1m6eVOp:f9RWHe5rWPA5BfeyOp`
Yara	None matched
VirusTotal	Search for analysis