Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.13 04:11
hello.exe
11.13 03:11
espsemhvcioff.exe
11.13 02:11
Geek_se.exe
11.13 02:11
cred64.dll
11.13 02:11
svhost.exe
11.13 02:11
nb.exe
11.13 02:11
svcyr.exe
11.13 02:11
Ghost_1.5.11.5.exe
11.13 02:11
PowderGpl.exe
11.13 02:11
goodlabel%E6%89%93%E5%...

Latest News
11.14 01:11
Bengal cat lovers in A...
11.14 12:11
RCE intrusions likely ...
11.14 12:11
Permiso releases 3 ope...
11.14 12:11
Impersonation attacks ...
11.14 12:11
Half a dozen HPE Aruba...
11.14 12:11
Broadcom unveils priva...
11.14 12:11
Broadcom introduces Ve...
11.14 12:11
Tesla Recalls Cybertru...
11.14 12:11
Altman-Backed Oklo Ink...
11.14 12:11
Amazon Aims at Temu Wi...

Dropped Files | ZeroBOX

Name	5f0b44b35da75886_chrD799.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD799.tmp
Size	2.4KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`33a7501738a71e8e7e45731218732fc4`
SHA1	`1ad17299dbf2ab859ed3cb745a9b063c53b08d36`
SHA256	`5f0b44b35da75886afddb41aaf42c810584a97637ea3e0f3b1fd85bef63ba7f8`
CRC32	`1ED7A662`
ssdeep	`48:QByX1eIljO50NnM6UI5gV5nXA695ZwFKD+jNBz2nz0btTEaXh:QByFHZu6f+lwKwdN12nzQtgaXh`
Yara	None matched
VirusTotal	Search for analysis

Name	63bc2ca795da615c_Veduto.vsd Submit file
Filepath	C:\Users\test22\AppData\Roaming\mbxeFARwrUfNuQPTuPG\Veduto.vsd
Size	332.0KB
Processes	7960 (ya.exe) 6596 (Agli.exe.com)
Type	data
MD5	`b4b043fbda464d018ef01cea7cee7303`
SHA1	`2b21f85669e9ee021a0805a1d802760993f86957`
SHA256	`63bc2ca795da615cdfe6a0dcd3d65944632fe0013d452cafc3016165a762bf2a`
CRC32	`DE5C4AF2`
ssdeep	`6144:9Y1gdVDxnSxQBbHnCXQGRW5XYyM+8Rfc34BuH7FKaKW53vya5XU1:9NvDxnSIqQsmYyN/oBm7FKtw3M1`
Yara	None matched
VirusTotal	Search for analysis

Name	68fd610897e28361_chrD96F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD96F.tmp
Size	1.8KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`833bae0c7c43649735cd175b59d15741`
SHA1	`535222cb9c7faed62acbb365d8984cfcb87b8f62`
SHA256	`68fd610897e2836121af1e6741bbbc59aa4953124ba40317fa1ecfd205ab7e8d`
CRC32	`AD95F7A7`
ssdeep	`48:Dtg3GFlGgubtybmAEJP9a/E3pGaDPFgPSk0MYaxj:Dtg2ODcL7E3saDda07yj`
Yara	None matched
VirusTotal	Search for analysis

Name	a03efc783af05bf2_chrD6BC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6BC.tmp
Size	124.0KB
Type	SQLite 3.x database, last written using SQLite version 3033000
MD5	`34ba22854187bddccd102bcd583ffdaa`
SHA1	`b91c27b467a6d973b9c7fb2f8f4edb1178bd5292`
SHA256	`a03efc783af05bf262f3adfec44f22d55db1fd48ebf8fc322a5388b492dfdc51`
CRC32	`36EF9003`
ssdeep	`192:yprQTQdwRXLdUdmkdSTd6zn1fVAujU+YsTn0qw/dId6p:kkLRAz1hjMsTn0np`
Yara	None matched
VirusTotal	Search for analysis

Name	7a8df890ef513144_cab_1388_2 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cab_1388_2
Size	1.7KB
Processes	1388 (makecab.exe)
Type	data
MD5	`5b74e3bd5f5f370616244e19bd57b940`
SHA1	`7d76bc15e917fdb4372774e34c5955e23cc7ae74`
SHA256	`7a8df890ef5131445e2e8f9cabbe440eabaaf57932baa4b26e2680eaf4fc601f`
CRC32	`46D0713A`
ssdeep	`48:PuGaru3cr3g96QkdEEofcy81BiNqACZt44b7QARE:WGaruME94qCy81BiNqAsFPBW`
Yara	None matched
VirusTotal	Search for analysis

Name	0a8d5f8ca831a2f2_chrD799.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD799.tmp
Size	2.4KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`d52feb98b1e65ba1a8fecaffa22e7c5d`
SHA1	`41fff4249b719dce41cf7091a5697c11d66ff3db`
SHA256	`0a8d5f8ca831a2f2f0834298153566b263875b7402349c0d7290b7f538528ea2`
CRC32	`CF7147D3`
ssdeep	`48:KGDF1lYFFGDyJTzd8IQmZvXquu66Dgj5Q7+x2PWAztk+HiIx:KGpnyJTzWIQmVa8Q+M7ztnnx`
Yara	None matched
VirusTotal	Search for analysis

Name	7256a787646b9bde_chrD799.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD799.tmp
Size	2.4KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`87e165dc41071562adb6726387e3110b`
SHA1	`75561985097f658372cafa9e7bf6694d70a7e89c`
SHA256	`7256a787646b9bde688fea3cf0550cbe7329cb829dda9b6e57042f91a160f42a`
CRC32	`45483277`
ssdeep	`48:c/rUKaELEWxgbw3poGNvdgF0V+LbXMMr2R3y5o00agUYXe7g:c/r7aQgw1EaCMM61XraAXe8`
Yara	None matched
VirusTotal	Search for analysis

Name	950d9895a1d9818b_cab_1388_3 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cab_1388_3
Size	57.0B
Processes	1388 (makecab.exe)
Type	data
MD5	`e79816cec745fb6da734fb4621e70fe0`
SHA1	`4eb5958eb1b709f502cbc118edce2b8af3cf2c3b`
SHA256	`950d9895a1d9818b37fb9c72b7fb379d35b8574213990e1f68e8cabb57adfb25`
CRC32	`474E4E7C`
ssdeep	`3:dpuZsQGcSlAnFEnlp:dA+TlAnqlp`
Yara	None matched
VirusTotal	Search for analysis

Name	00024c2308fae2fe_chrD6BC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6BC.tmp
Size	124.0KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`1a7574ab95cb97a0af6da605999ae058`
SHA1	`e4f7d7f26962e012d0ba53311720cfbbadd8e13e`
SHA256	`00024c2308fae2fee629d08e6d0de48fc9eb5a20a08e515edad23ddc74e0b544`
CRC32	`410638FF`
ssdeep	`3072:ySWUdh1Hp3ws3vyLESnnXPzr5lk4S2ytGBSpq99b4L:ySLh1J7qLESnJmlfYH2`
Yara	None matched
VirusTotal	Search for analysis

Name	668bd5e271645361_chrD6EC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6EC.tmp
Size	40.0B
Processes	5352 (Agli.exe.com)
Type	data
MD5	`b07f674498f628eb3fe32c44a2d0cc17`
SHA1	`8c965c78c66d980bbadd6da2584fd07806a4d525`
SHA256	`668bd5e2716453616e2f93ba3211c16e6b53fa3d7e064386f1af74a26ec3d7f1`
CRC32	`A3B58B64`
ssdeep	`3:42tf8A/vSrrgEtz:4KfWrgEtz`
Yara	None matched
VirusTotal	Search for analysis

Name	5c786be97059374e_chrD6EC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6EC.tmp
Size	40.0B
Processes	5352 (Agli.exe.com)
Type	data
MD5	`250e279dea94be95c2b4ac79de19f6cc`
SHA1	`6be3cfb5079bb115cbed57a31712d71a419b7c77`
SHA256	`5c786be97059374e1c7abae804a836c5004441896bfc23b112fceb00493aa5d0`
CRC32	`131B378E`
ssdeep	`3:pK0RbRMoHXZhq:PbVJhq`
Yara	None matched
VirusTotal	Search for analysis

Name	548e87e6b13cdda8_che.vsd Submit file
Filepath	C:\Users\test22\AppData\Roaming\mbxeFARwrUfNuQPTuPG\Che.vsd
Size	921.8KB
Processes	7960 (ya.exe)
Type	data
MD5	`a7ddd4d4067d7e404d579ae32dc91542`
SHA1	`4203587509050293e0d1c8f833545230bb3355b0`
SHA256	`548e87e6b13cdda866ccc0a125b4eeab7879c2ae0fcac20073ac953d2f682729`
CRC32	`235DDDE3`
ssdeep	`24576:/Js7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:/C7hGOSPT/PxebaiO`
Yara	inject_thread - Code injection with CreateRemoteThread in a remote process network_http - Communications over HTTP escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration Str_Win32_Wininet_Library - Match Windows Inet API library declaration Str_Win32_Internet_API - Match Windows Inet API call Str_Win32_Http_API - Match Windows Http API call OS_Processor_Check_Zero - OS Processor Check Signature Zero AutoIt - www.autoitscript.com/site/autoit/
VirusTotal	Search for analysis

Name	4887e5c7bfea20f9_chrD6BC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6BC.tmp
Size	124.0KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`25da42cf1c2f7d0800b48ec0692e40be`
SHA1	`4a1494f35645be37319735b6f8c259d55f44898d`
SHA256	`4887e5c7bfea20f921e22b2dbaada9d825f9f847a6cf8d7e24d4ae6e9350fb03`
CRC32	`954780B3`
ssdeep	`3072:nJ8cMiEVmV5ewRcIvnlykx9d4kfTHvTNVnhO/q3yrv:nJ8cMVaFcKRxTVr/heCyb`
Yara	None matched
VirusTotal	Search for analysis

Name	2392619f397925a1_cab_1388_6 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cab_1388_6
Size	8.0B
Processes	1388 (makecab.exe)
Type	data
MD5	`7b5b6c7bf41e6055abd4e74476e08575`
SHA1	`5c05d3a68f69258d236f6d9677cc0a42e399e7cc`
SHA256	`2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f`
CRC32	`C485894D`
ssdeep	`3:P:P`
Yara	None matched
VirusTotal	Search for analysis

Name	6d7b2247e5c6c7b4_5e65aaa67ea5c920748e191e17645c6a932f8796 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5e65aaa67ea5c920748e191e17645c6a932f8796
Size	5.5KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`05362bf64ef196fde846e4a24b261546`
SHA1	`237656a4cbd68acaf70674afd6454ebae3cbc3ac`
SHA256	`6d7b2247e5c6c7b434331e9cfa1fba1245105f8db42bb3861c842e0403d725ca`
CRC32	`0547559B`
ssdeep	`96:BTaDITeFzWz9bBrlLLvootZ4w/3mv0Ms/tlb92CXOX1TnC4IcS09PXUC3N7x8Wb:B0NW9b3LAoXz/3msMs/TpDOXo4IcZ9PV`
Yara	None matched
VirusTotal	Search for analysis

Name	292bf366a534157e_chrD6EC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6EC.tmp
Size	40.0B
Type	ASCII text, with CRLF line terminators
MD5	`082f2e97e670228e3b323c6a3a874f40`
SHA1	`e50760edb5e88385449a44818f5726e5beed7aab`
SHA256	`292bf366a534157e5414f344218c9df828e2f211617fc84352f3ab2564050941`
CRC32	`6AA3673D`
ssdeep	`3:73KRjyM1KW28HULP:73uj1a8HSP`
Yara	None matched
VirusTotal	Search for analysis

Name	1c1b365d23de6657_wayzqhgyeodcyu.js Submit file
Filepath	C:\Users\test22\AppData\Roaming\WhAnoTHmid\wAYZqHgYEOdcYU.js
Size	278.0B
Processes	6596 (Agli.exe.com)
Type	ASCII text, with no line terminators
MD5	`37f79d13bc56e8036f58be6a97c454a2`
SHA1	`864abd9b796066d74f8aaf2d101065f7ec9c0750`
SHA256	`1c1b365d23de6657844186f35243e817794b23e362697360698fff02d571cd08`
CRC32	`A4A90787`
ssdeep	`6:5AKIH8CYM2h2sUS4tRZDbRXp+NI5Mx6K4i9wNbRXp+NI5Mx6F9FWDbRXp+NI5MxM:5zS6R4t7vVMx6q9w9VMx6EvVMx6/`
Yara	None matched
VirusTotal	Search for analysis

Name	492b7c595d67aa23_cab_1388_4 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\cab_1388_4
Size	1.7KB
Processes	1388 (makecab.exe)
Type	data
MD5	`308a4d0611573c2ddf0a48f7b0dc1a90`
SHA1	`4b694ecfb33af3bae186c919be3d57403ce719f6`
SHA256	`492b7c595d67aa23ef4ff6b5d60fe6b22a0d9cf5c3277ecdd77ca02d7743636a`
CRC32	`F826A4FB`
ssdeep	`48:luGaru3cr3g96QkdEEofcy81BiNqACZt44b7QARE:cGaruME94qCy81BiNqAsFPBW`
Yara	None matched
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_cab_1388_7 Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\cab_1388_7
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	9f4201891641938e_chrD96F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD96F.tmp
Size	1.8KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`89c02e5583584a8b564a29e19290f1ea`
SHA1	`1dbf1c1f684722efc680d473fc835027dbe5948b`
SHA256	`9f4201891641938e9724da0247da6325f584d379bad8c5f78d6a36c957a85263`
CRC32	`C2BB06DE`
ssdeep	`48:O3TsnNaDIQ5jzNUgW0N2+I5tvTXvCBfE1NJfJqQx7tJ:s4nNa/5jzNUgz2+I5dbKhSNJRq67b`
Yara	None matched
VirusTotal	Search for analysis

Name	81312406cbe97350_chrD96F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD96F.tmp
Size	1.8KB
Processes	1388 (makecab.exe) 5352 (Agli.exe.com)
Type	Microsoft Cabinet archive data, 1824 bytes, 1 file
MD5	`5837ca7345de9936a4320025cd85adf3`
SHA1	`cd75a991cf28473a570cb9bfb1046f696e7cb9fd`
SHA256	`81312406cbe973506b8d66c62e9f89daee3fe84059d030fb63c310766a7e66a8`
CRC32	`9D965638`
ssdeep	`48:CuGaru3cr3g96QkdEEofcy81BiNqACZt44b7QARE:fGaruME94qCy81BiNqAsFPBW`
Yara	None matched
VirusTotal	Search for analysis

Name	05d8cf394190f3a7_rbzuozjpqt.exe.com Submit file
Filepath	C:\Users\test22\AppData\Roaming\WhAnoTHmid\RbzUOZJPQt.exe.com
Size	921.7KB
Processes	6596 (Agli.exe.com)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`78ba0653a340bac5ff152b21a83626cc`
SHA1	`b12da9cb5d024555405040e65ad89d16ae749502`
SHA256	`05d8cf394190f3a707abfb25fb44d7da9d5f533d7d2063b23c00cc11253c8be7`
CRC32	`DE918CC3`
ssdeep	`24576:FJs7DlG83U/hcSO3UTyYPeuZtxY+8aiB8ea:FC7hGOSPT/PxebaiO`
Yara	inject_thread - Code injection with CreateRemoteThread in a remote process network_http - Communications over HTTP escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger win_registry - Affect system registries win_token - Affect system token win_files_operation - Affect private profile Str_Win32_Winsock2_Library - Match Winsock 2 API library declaration Str_Win32_Wininet_Library - Match Windows Inet API library declaration Str_Win32_Internet_API - Match Windows Inet API call Str_Win32_Http_API - Match Windows Http API call PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) HasOverlay - Overlay Check HasDebugData - DebugData Check HasRichSignature - Rich Signature Check AutoIt - www.autoitscript.com/site/autoit/
VirusTotal	Search for analysis

Name	a642d9a813c85d53_5e65aaa67ea5c920748e191e17645c6a932f8796 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5e65aaa67ea5c920748e191e17645c6a932f8796
Size	5.5KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`cad101e39ace7e4ead89f0c1fb3209d4`
SHA1	`6373da8ea0c8de6ce895615c091795bb2a0ef583`
SHA256	`a642d9a813c85d533327b11fe52fa1c90b7d1d49fbace298accfbe827e88d2b7`
CRC32	`C29C7E4A`
ssdeep	`96:T/pYFu/viyYiw2fzH2dZc4pRduPIpBmLbkrcsl0xor5ezW94Z0ZF9FASuvllKHvN:TCE/KyYaH2DcEY8BsIrt+xAtocholkvN`
Yara	None matched
VirusTotal	Search for analysis

Name	8aad09d17ec0d9f2_D Submit file
Filepath	C:\Users\test22\AppData\Roaming\mbxeFARwrUfNuQPTuPG\D
Size	961.8KB
Type	ASCII text, with very long lines, with CRLF, CR, LF line terminators
MD5	`6ca6d46f3fba9e7f22f6489f155ffb64`
SHA1	`a1d0d6373ff6df021f0da93d2fbd8d0270f1f2e0`
SHA256	`8aad09d17ec0d9f2929e88f898f3ad5b4e2c7f8d1fa39ba39ca03e665e87b674`
CRC32	`0F7E7A00`
ssdeep	`12288:kiARjzwTC6Njxd250VPyykCveAmpIQiXT4y/Yn6uHNjUDn:BSzwTCojxw50UAOIQiXT4y/m4`
Yara	None matched
VirusTotal	Search for analysis

Name	02f73f3ee6322043_rbzuozjpqt.url Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RbzUOZJPQt.url
Size	174.0B
Processes	6596 (Agli.exe.com)
Type	MS Windows 95 Internet shortcut text (URL=<"C:\Users\test22\AppData\Roaming\WhAnoTHmid\wAYZqHgYEOdcYU.js>), Little-endian UTF-16 Unicode text, with CRLF line terminators
MD5	`9ef6666b3e263cd56726a05ba9bcd299`
SHA1	`bebc90b397d39c01eb83819501ba68595ce43065`
SHA256	`02f73f3ee632204380f85147b3eb0257e734f51f8d15997ebcbb106ed711c1c6`
CRC32	`97F0F6F3`
ssdeep	`3:Q+2lRQuRkiglZlo14tEIduhOEjl3QlMIolCl7holW+XFQLlPK:Q+2lJglZyKm/UEZglJPZV+X+w`
Yara	None matched
VirusTotal	Search for analysis

Name	fc6ce8bb2d544909_chrD799.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD799.tmp
Size	2.4KB
Type	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5	`496f3da5dc50a9bbb8ec5d2e477f60c9`
SHA1	`475e1e25c5c697239fd6c7362e363a8fb6e705b0`
SHA256	`fc6ce8bb2d544909ff2a5875ce226a448126339900ff3b99c2833a89534f07a8`
CRC32	`537BA813`
ssdeep	`24:QXs0kWg9jKF8SF8LPhmPmEfymDuuuuuuukfuuXbI2Cbu2rhMMokGO5b5bevGuIyk:qV3AEz3KDoRBJl9U`
Yara	None matched
VirusTotal	Search for analysis

Name	fdd8db7226db5524_5e65aaa67ea5c920748e191e17645c6a932f8796 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5e65aaa67ea5c920748e191e17645c6a932f8796
Size	5.5KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`872a6b1af1833370e0c0ce6a768b27e8`
SHA1	`1624c78e3c4c795147ea96d4f48105a7a576b8bb`
SHA256	`fdd8db7226db5524bc4097a33338c116fe8f136941efb414ef2f72c70f49551d`
CRC32	`4DFF98A7`
ssdeep	`96:dWq8/JBfTbcio7Y/jlVWj8//IiGceM4McMbQM2gMIMoaM2M2datgj/0s+h9jYpcm:deJlfGczd5bl2VNo3b2bym2XOwndhtu`
Yara	None matched
VirusTotal	Search for analysis

Name	6fd3f0f59579df80_chrD6BC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6BC.tmp
Size	124.0KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`a402980f9590c0e3cbdc118e782c33e5`
SHA1	`87cfdb3b1fdd5f5aea8a7358579a5048fb98bca5`
SHA256	`6fd3f0f59579df80ddd04c6a7f3e3f85d676f1bcd89e431298aec8bf89b0c54a`
CRC32	`EAC8D64A`
ssdeep	`3072:1fhRNbzI4pNJ4KiwoT+olaj5645C6lIrydL0tQf8Rgpfj:1ffNPISi7Naj5ng6erydYtQfBpL`
Yara	None matched
VirusTotal	Search for analysis

Name	d75cd2573e9d4a85_5e65aaa67ea5c920748e191e17645c6a932f8796 Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\5e65aaa67ea5c920748e191e17645c6a932f8796
Size	5.5KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`3960e38fe9d65c54fd0517f8885392ec`
SHA1	`0dfc4f65b575d1b7a5f4b26def16418b0f1efc7e`
SHA256	`d75cd2573e9d4a8532a7dc7ef734b7925368344b1300eaeb29711a291d40f23f`
CRC32	`06708B8B`
ssdeep	`96:0sx3RdCknRU8oO3e22NSdCB2druGS3BJu4o3AzmDxJ8jXcNEqjf:H3RTU8oO4NXB1xJnzzwJacG6f`
Yara	None matched
VirusTotal	Search for analysis

Name	bb832cf3d538d628_chrD6EC.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD6EC.tmp
Size	40.0B
Processes	5352 (Agli.exe.com)
Type	data
MD5	`c4a81613b4215d04591bc2cb18225181`
SHA1	`3e0d312ddbc664b906947c2dba3fe71336f9fc11`
SHA256	`bb832cf3d538d628a1291b9aa6cb8900ef668cedaf49f508f653d7e0760313a8`
CRC32	`2B9AAFA3`
ssdeep	`3:WooLPtl6m:WooLVl6m`
Yara	None matched
VirusTotal	Search for analysis

Name	979d3f1dc9417d0c_poi.vsd Submit file
Filepath	C:\Users\test22\AppData\Roaming\mbxeFARwrUfNuQPTuPG\Poi.vsd
Size	116.8KB
Processes	7960 (ya.exe)
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`1cc05843eb402695e2aea3de852b754f`
SHA1	`14035ca106ac2c8877e3084571a894dbb2abc75f`
SHA256	`979d3f1dc9417d0c462941af909aaf41e12d3d75ba1053e452402887273d10da`
CRC32	`078101A2`
ssdeep	`1536:hXzy7L+YUHbqe4VaygKydtazOXX49lWbH5X5JTzIWUlHqf0JLdN//FSrFIw6vjZA:Y7L+YUHmbMXb5d7WqfoH3FQFIfbZuHUC`
Yara	None matched
VirusTotal	Search for analysis

Name	7fcc820accc21c4d_chrD96F.tmp Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\chrD96F.tmp
Size	1.8KB
Processes	5352 (Agli.exe.com)
Type	data
MD5	`125358680c8fe68e592fb02f32ca8d22`
SHA1	`03536ff99b2bb33e0360826b03741ff80317b51b`
SHA256	`7fcc820accc21c4d60290fbbce18047c2d2a09dc4b45028429159207c1b310e6`
CRC32	`7B4B8005`
ssdeep	`48:6spdLoiR+v/RrNQmjJcL80dT5dSnx05LpObnAABFR:vPdANQmtyZ57O71R`
Yara	None matched
VirusTotal	Search for analysis