Dropped Files | ZeroBOX

Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.16 06:09
epp32.exe
09.16 06:09
epp64.exe
09.16 12:09
com.apple.StreamingUnz...
09.16 12:09
com.apple.StreamingUnz...
09.15 12:09
SearcherBar.lnk
09.14 09:09
Setup.7z
09.13 05:09
vdsn15.exe
09.13 05:09
sgmfd.exe
09.13 05:09
vfdnwe.exe
09.13 05:09
lfndsa.exe

Latest News
09.17 11:09
The Universe as We Kno...
09.17 10:09
Hong Kong Considers Ru...
09.17 10:09
시몬스 침대, 추석 당일 고객 맞이 정상...
09.17 10:09
Barclays Taps Morgan S...
09.17 09:09
D-Link patches 5 vulne...
09.17 09:09
내추럴더마 프로젝트(NDP), 올리브영 ...
09.17 08:09
Raspberry Pi Becomes S...
09.17 08:09
IT Sicherheitsnews tae...
09.17 07:09
Solving the Cybersecur...
09.17 07:09
Malware attack targets...

Dropped Files | ZeroBOX

Name	a331b3c59df83444_htmlagilitypack.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\HtmlAgilityPack.xml
Size	169.1KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`bcd76d744edd5faa1062f7e41b86f467`
SHA1	`f520139a8ccc2c62e8bafb019279a4f37787432c`
SHA256	`a331b3c59df834444f608ac62f9ba4fb9938c7e5f989fe4571c26a30df6074ad`
CRC32	`21E981CB`
ssdeep	`768:k89NigjbzmiP+x9qLcIfinUY6LUznShCEFrs1eZ9t5CRBUmwxYIYusFlQ5DQJFLj:j9NiQuo+xzVymIsFlQ6zBoa0vtgVLu4V`
Yara	None matched
VirusTotal	Search for analysis

Name	f1f01b3474b92d6e_newtonsoft.json.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Newtonsoft.Json.dll
Size	560.9KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`8f81c9520104b730c25d90a9dd511148`
SHA1	`7cf46cb81c3b51965c1f78762840eb5797594778`
SHA256	`f1f01b3474b92d6e1c3d6adfae74ee0ea0eba6e9935565fe2317686d80a2e886`
CRC32	`4C14E598`
ssdeep	`12288:ZzfhypmNGgHA37YyUD1AboTf3xnpJbC8VGSBJjRuz7:ZoI1AbQf3xnpJbC8VLBJjRuz7`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	aaa1e41cf26231cb_autoupdater.net.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\AutoUpdater.NET.pdb
Size	67.5KB
Processes	2552 (kkm.exe)
Type	MSVC program database ver 7.00, 512*135 bytes
MD5	`0fc7a9e0dd8a6a449266723a92df3ada`
SHA1	`c54aebd96d6341face7de7fecf03ef84c6ad3997`
SHA256	`aaa1e41cf26231cbd02a63fc86bca4c68fe9485d156e6556960284ff96ccbc97`
CRC32	`6AF02B2D`
ssdeep	`768:g73QS6r5rBf3/EvSFKHquulZlFHAFPlH1g/dWziK5x4:gbQSaXf39BbqFR1emc`
Yara	None matched
VirusTotal	Search for analysis

Name	7e563cbf11d1fbf8_dualconnector.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\DualConnector.dll
Size	110.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3f58bddae90e15f1fa267fddf7902d99`
SHA1	`0dd80152d5871f73219a54f73fb60321e91bf7a2`
SHA256	`7e563cbf11d1fbf882ef2a26ae34b5029231c129bd32926b9a509ba94d577ebe`
CRC32	`F99A5E7F`
ssdeep	`3072:khRrCH4WItKl+ubqNGp/6Kr4xnRj/LW+YEHQvc6i:AQ4WIMBBpjEzjiZ`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	1efe2fff740d2554_eac_39.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Resources\eac_39.png
Size	162.0B
Processes	2552 (kkm.exe)
Type	PNG image data, 39 x 39, 1-bit colormap, non-interlaced
MD5	`cc811d0b8662be79f86626f13e648054`
SHA1	`3bbce8782bdbc28aef9a8ab6fba98708b628b265`
SHA256	`1efe2fff740d25542a6a1a5b5b482580e6650e8a374184107ca404abd954d08b`
CRC32	`FBB13EC8`
ssdeep	`3:yionv//thPlzT3/iLts7CX9/rIoaIinbBhkx92G1ulsK8GnI2O/GC//sup:6v/lhPB3/iR/BIoaIinFhw26qsK8OjCd`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	9c54927aea030da1_kkmagent.lnk Submit file
Filepath	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avermaster\KKMAgent.lnk
Size	947.0B
Processes	2552 (kkm.exe)
Type	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon May 27 22:40:42 2024, mtime=Sun Jul 14 22:37:51 2024, atime=Mon May 27 22:40:42 2024, length=94720, window=hide
MD5	`f82f2540424fb9f176a73c4ffdfeda97`
SHA1	`054a6927c33f76b454afe9ed78b2302f1cb32e0f`
SHA256	`9c54927aea030da16582d18a19b38b997a7c3622e2fa09fb1c802c6add275fce`
CRC32	`5E020B6B`
ssdeep	`12:8m+95sk64cZCrR8EvSElovSLe/7Xe1IljF9zMj1Y4izCCOLAHfkbjcE+/MJSjNwk:8m+9WkHsERdU0eTl8jEzNmnc0GNwm8a`
Yara	lnk_file_format - Microsoft Windows Shortcut File Format Lnk_Format_Zero - LNK Format
VirusTotal	Search for analysis

Name	0f2b1c726e47166c_autoupdater.net.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\AutoUpdater.NET.dll
Size	416.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`4919c59e98c927eb902a9370a45e71b8`
SHA1	`4c08f77658d33e5aec0c8873f02779a87ed09334`
SHA256	`0f2b1c726e47166cfe30f0edbd0939b3723bf3e63fc4dd9d8d178d85a4bcc72f`
CRC32	`FF895385`
ssdeep	`6144:/P1vaSlxihxLdFyjg6jTdL22hR+AKPQj7EvH7lf3J5iqXPpe:X1vaQiZFb6jTZ2`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	a6892c5e69b8a065_sushkofwin32lib.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\SushkofWin32Lib.dll
Size	114.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`0b9e4c34c99e2f32038ac34dbb96fad6`
SHA1	`74bbf0785188f503ab3eede2e67140557576ae72`
SHA256	`a6892c5e69b8a065ad47331b5397b17be4c39a2a01dd3002db1c5e0cb84407a6`
CRC32	`3625A57B`
ssdeep	`3072:XsbG68F57MShyen3ezvM593MgqBI1t3HhML1SIF7VA:XK4F9R4U598gqWLuSIF7e`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	561acfe4b1a14c83_qrcoder.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\QRCoder.dll
Size	141.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7e189090d52fec41c0c87657bdfc18c3`
SHA1	`8ef2b8f984216a04769bb4f99f936961c46196a5`
SHA256	`561acfe4b1a14c837b189fb9fc5c6d3e82440184bbde61912de723d62d6368b3`
CRC32	`67CE10B1`
ssdeep	`3072:E4wM6OoRu7qywKsqxhDuPr5xJMnOfMAw3TkHjt0QQNOWIkHUsz72ot:E4wZywKn/U5xEwKIk0W`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e748211bf910b584_cliche-jm.png Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Resources\cliche-jm.png
Size	1.8KB
Processes	2552 (kkm.exe)
Type	PNG image data, 164 x 101, 8-bit/color RGBA, non-interlaced
MD5	`d9cda93b45348de09e70fe35dcd8c6e9`
SHA1	`ee391652cd876d45e9413293d0005b8eb9bb4fc6`
SHA256	`e748211bf910b584399c85ed420300b082e3d773e026e5ad305cb092bd9e6818`
CRC32	`F5D3E1C4`
ssdeep	`24:VHKmgEt0mu9yhF7cF7c5q1zTIFY4geLIaJE+5KfDkFeCv1YFOIxz+2ok+FpjtRms:JK7sRnRnF/LISYC9hIwkWTRcLKEw1sy`
Yara	PNG_Format_Zero - PNG Format
VirusTotal	Search for analysis

Name	d3f7acb36193a434_rabbitmq.client.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\RabbitMQ.Client.pdb
Size	209.3KB
Processes	2552 (kkm.exe)
Type	Microsoft Rosyln C# debugging symbols version 1.0
MD5	`53189a14174a80be57908c764612a0c6`
SHA1	`bc2fa4544abd52197bf55f05b42e641cf31aef06`
SHA256	`d3f7acb36193a43420a585cd70d11eff1a03a1a67ba78887d3b3b0a100bc0b84`
CRC32	`15429640`
ssdeep	`3072:feQKNrMrbPn0/W6oBAMq+Bslr8Aa/kKKKDhZz2pz/JpOZcX62x9:feQ8raIWJB59slr8pkKKshZiJ5z`
Yara	None matched
VirusTotal	Search for analysis

Name	95fe9d92512ff231_nsprocess.dll Submit file
Filepath	C:\Users\test22\AppData\Local\Temp\nsgED7D.tmp\nsProcess.dll
Size	4.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`05450face243b3a7472407b999b03a72`
SHA1	`ffd88af2e338ae606c444390f7eaaf5f4aef2cd9`
SHA256	`95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89`
CRC32	`7F5B79E7`
ssdeep	`48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	7ad8aa2d2d4949b8_kkmagent.exe.config Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMAgent.exe.config
Size	6.7KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
MD5	`da144852e42c8d1936c19ec981783fb0`
SHA1	`0557a0f9bbe1ab981d6d39686a4db3e0b3579300`
SHA256	`7ad8aa2d2d4949b8f61c695f4953d3ec3fa06400d36c799ae8541187033924bb`
CRC32	`75EAEC5E`
ssdeep	`192:ur7d7kr0Z/81MGuKYYRhBKS/pv7sJ+J/qJvS:uXd7fNZKYY7SS`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	ba522b6bd6370060_autoupdater.net.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\AutoUpdater.NET.xml
Size	31.2KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`74f97878006f15d754478952d084d1db`
SHA1	`404f76c04916ba154cd1b3dec40d97ff49e62bc2`
SHA256	`ba522b6bd6370060282f86c2b760a04fb763055738e60a7ff452fc820b55730c`
CRC32	`0419FD7A`
ssdeep	`384:m3aS5+mVo0bX9YtT7m/WOQkT5z3KgdQGQcf74uoMulY4:o+eSm/YktsGq`
Yara	ftp_command - ftp command
VirusTotal	Search for analysis

Name	b452180c48ae8db3_kkmagent.exe.manifest Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMAgent.exe.manifest
Size	15.6KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
MD5	`5895b1b70dacf2dc8a78c0f0f690ff5f`
SHA1	`2dc0165302e439edc2c9432e1ddae622f7880d25`
SHA256	`b452180c48ae8db383146b2a091a0ec366dbe6a51b17789d8c9fdc8bfe3fee67`
CRC32	`5B6B8DC3`
ssdeep	`384:sYYc5tuxPnTUe9OJ9McBW2A6LBUQiwpbXR6:dYc5tulDoR6`
Yara	None matched
VirusTotal	Search for analysis

Name	30a224532690853e_microsoft.diagnostics.tracing.eventsource.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Microsoft.Diagnostics.Tracing.EventSource.xml
Size	198.6KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`fef03afb20872134b52dba3174d99a1d`
SHA1	`317e17a2934fc68bec6acd16a3a39205281fa637`
SHA256	`30a224532690853eb416ce1a41b90247f33d969c992db463cc39d3e24a19c103`
CRC32	`9CCD8008`
ssdeep	`1536:6aLUe6tqXtV2K+K5gQGAuLFu8C+cg8jtmTJ/fU:6aLP6tqXHX+KqMuLFuQcg2tmTJ/fU`
Yara	None matched
VirusTotal	Search for analysis

Name	d9b162e86f925e12_dualconnector.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\DualConnector.xml
Size	484.0B
Processes	2552 (kkm.exe)
Type	ASCII text, with CRLF line terminators
MD5	`96af15b3ec960233866b7589c340f890`
SHA1	`de43739c264dec0cd7ff958403ed9492a1cb97bd`
SHA256	`d9b162e86f925e123f6be24c7a66d8649b5956d6310b0f6527fb7687aa6705c4`
CRC32	`79A716D0`
ssdeep	`12:w8IkRKbIhysz01rmN5ggvb1UbaJo9stPt8XFAyae:wHKK5Fh2vbSbgoOtUDf`
Yara	None matched
VirusTotal	Search for analysis

Name	aa474e0e9be665f2_nlog.config Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\NLog.config
Size	887.0B
Processes	2552 (kkm.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	`8c6a2547d1f701d2ea2e717d0e232eb8`
SHA1	`11581190da4311f9174071ad54ad1260e76c008f`
SHA256	`aa474e0e9be665f2c008cb704086e8f712c349b585208be9e9aa6ece05ac6e60`
CRC32	`80622398`
ssdeep	`24:JdNQjY8lcqD9AwKP950vau1rMPNqrM4VHr:3b8i49AwKPW/WN4MaHr`
Yara	None matched
VirusTotal	Search for analysis

Name	9c1d6b531e0ee905_rabbitmq.client.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\RabbitMQ.Client.dll
Size	273.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`5477f26fc30271354c594fd156a6c53f`
SHA1	`e163fec209e3b12df34745f59bbee6f16dc4c0db`
SHA256	`9c1d6b531e0ee905f5a66e792adc7dead9fc46590ad9d9a8cc955fc9d821c678`
CRC32	`314D3E30`
ssdeep	`6144:W7fI1XlicxFJIbYlAdOcY6KtMQA8aDwYYdO4:mfIOctKoM7DF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	2fe820ba1b0706db_kkmagent.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMAgent.pdb
Size	95.5KB
Processes	2552 (kkm.exe)
Type	MSVC program database ver 7.00, 512*191 bytes
MD5	`5df39f86addd347d4893f0580d334c15`
SHA1	`62290601f9dbf0f001429b25e3af9066db0b24e9`
SHA256	`2fe820ba1b0706db77993b4404a5a9226f2441ee1f943755b61ed55ce4c3a978`
CRC32	`16E63D48`
ssdeep	`1536:SKIIVF0/nR7cVctFfDpU3biO/TYst/AMVqC:odRoIoz1ZMC`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	9915eb5ffdeffd6d_managedopenssl.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\ManagedOpenSsl.dll
Size	142.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e74b45510cf9c1beb5563f89c5a48b5c`
SHA1	`442e709ee8903219765f0a769a4de7876b329c8b`
SHA256	`9915eb5ffdeffd6d704f146a6c373f9563968b62b72a3d26afd6babaa605d55c`
CRC32	`CA7C8B3A`
ssdeep	`3072:zFlafpcRurmI1JrOOEL4/wHuheEKY5ok5VODKEMgka/H+:D1I1yM/e5GjEMy`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Generic_Malware_Zero - Generic Malware Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	29d3a32476a25817_nlog.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\NLog.dll
Size	831.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`fdcaf6060e7644dbaa96ecfe59c0eacb`
SHA1	`a8ed5031b70ac682ea850abee07c4f436259cf88`
SHA256	`29d3a32476a25817f80d64d64bed42d9e0eafa1adf2687cbb51dca12c27503f3`
CRC32	`FE2E875D`
ssdeep	`24576:HTXSPAXm3Qn63VZDoW7LMGagBKBxEwdodU59bI:zXSPAXm3Qn63VZtNA59b`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description) OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	3391fbe402f188d0_kkmlib.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMLib.pdb
Size	491.5KB
Processes	2552 (kkm.exe)
Type	MSVC program database ver 7.00, 512*983 bytes
MD5	`bd4216dce8360884a7327344f2f1bc6e`
SHA1	`56143cbaf858ec0b63a67ca4900ce87905553594`
SHA256	`3391fbe402f188d08e1f32230a0e11b2afef37a4096b248045d8a146dcb5e4f6`
CRC32	`E0FAD666`
ssdeep	`6144:owsjw1HCO0Seam4fJmKh/6cD5Qgx1rKyIO6dFjJlO2nqFk9gkSmJYqFk9gc:o9miO0S7s06SQgxJlIOUNJlOMqSJYq`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	2b5e0e7683f0c79f_rabbitmq.client.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\RabbitMQ.Client.xml
Size	345.0KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text
MD5	`d088bf0a35bcafe7cbedd99e96d43174`
SHA1	`77c66674ae59ab1410624f860480fa072e3a2144`
SHA256	`2b5e0e7683f0c79fa1e1b554b74048379a730a0e79c01657848d127fb28fcf9d`
CRC32	`396DDC6F`
ssdeep	`6144:B6htiEpVGrMOCzcQ/9Wsc0ZAHjZ+cirHxZeK65tW5vHz2:QHO`
Yara	None matched
VirusTotal	Search for analysis

Name	830a6ddccd484e62_kkmlib.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMLib.dll
Size	232.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`7d94dbdc67089901fc5dbaf484282a12`
SHA1	`106487fc8102747102f0f9b3f7c517051116af07`
SHA256	`830a6ddccd484e6215931eb03dec1c9e9b3b9b67cbe57732ddc8438edcb27fdf`
CRC32	`1DAC1CEE`
ssdeep	`3072:MnZQRiRO23n6v/2O+l/6bnwRgAmTFMGLmMVs2ZduG0T45q6rOSFpo6qYry67a3:MZQGq32O+d6ZLHmMVs2gsOkX7a`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	53af86ff24ff0cfb_htmlagilitypack.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\HtmlAgilityPack.pdb
Size	315.5KB
Processes	2552 (kkm.exe)
Type	MSVC program database ver 7.00, 512*631 bytes
MD5	`b85a25098d291992af5cc4a5bbfaff98`
SHA1	`48fafbf8a032bff35af481fe213e470f5ba9fe8b`
SHA256	`53af86ff24ff0cfb131ba6aaf96a6ca6fb07985e1e8b4f3d18ff21036e970150`
CRC32	`C9AEC3C1`
ssdeep	`3072:oHKnQvj9FprXjXt09WlZV9Tx3j0FGk6DmGXlwAfU1siX:o5HTLLV99Jk6DmGXlwAfU1si`
Yara	None matched
VirusTotal	Search for analysis

Name	f9836c19b5558343_microsoft.diagnostics.tracing.eventsource.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Microsoft.Diagnostics.Tracing.EventSource.dll
Size	166.8KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`ad9250c9725e55e11729256336accd56`
SHA1	`793fe7f04a7b39aa88ebf77deb9cf896d5136f68`
SHA256	`f9836c19b55583433141cbc1ae4542e65919abb0753e806b29740a732526b685`
CRC32	`8D2CA2B4`
ssdeep	`3072:CV7Uuhwv/apbC9vLBc2Tgy5isJ9hQlINH7LtuVvEvM:85o/apbkvLXgkr7p7ZlM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	deaf74a744649fc0_nlog.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\NLog.xml
Size	1.5MB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`31b584f35999fd7228cc0851ad1b16b8`
SHA1	`3e667b1b49343b997274146214ed66463f9fd6d6`
SHA256	`deaf74a744649fc05445a073b7fcac0637797a89f71ec651753035179046421c`
CRC32	`F448DE5C`
ssdeep	`6144:5bDtZQq9knLoF0g5I4tJegu7awFIQa2cqo/qDhITMpc+Kz+5X:1WLoIIeg2l`
Yara	None matched
VirusTotal	Search for analysis

Name	f1e244a665069c53_managedopenssl.dll.config Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\ManagedOpenSsl.dll.config
Size	291.0B
Processes	2552 (kkm.exe)
Type	ASCII text
MD5	`7b50f9d23ef94b5fa39d614b16c24581`
SHA1	`4ab057f114d2a24d52733b16dc48e7c4e4ad8d91`
SHA256	`f1e244a665069c533e6d69a0f68da2bd5bd6ddb080a2620851ef5aae5ddc5c37`
CRC32	`EBD1FC39`
ssdeep	`6:8IjIGt/pA+k5Oefwt/6dA+kvghfwGJi/pA+k5OyGJi/6dA+kvXdQIjn:dsBjZkctQWjoQhvxj`
Yara	None matched
VirusTotal	Search for analysis

Name	da2ecb43ddb005f2_kkmagent.application Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMAgent.application
Size	2.0KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	`5d5ca0249868c9ca48444262d61c3da5`
SHA1	`bcaaaad00df1b0427e83fb392c81ea7cb7c3af86`
SHA256	`da2ecb43ddb005f2aafae2f97d9afaecaba48fd38d0f4970c062a1bc410090ee`
CRC32	`B87FB57A`
ssdeep	`48:3B9oLwOw8jZcTF2gatb8onTgTFNDgXn6N0kkQdEgzwTw:xWLwO9ZcTatb8oUTTqSk2H`
Yara	None matched
VirusTotal	Search for analysis

Name	9eedeeaa7954bab5_kkmcommon.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMCommon.dll
Size	55.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a7a37d9622898e7e552585941f1b6c49`
SHA1	`81bcc45c19dc53ef47a3c09f9eeec8fd058f71ba`
SHA256	`9eedeeaa7954bab5638f9bf8c3e1b9660ed3fbcd189fa3e1d12c89f283387345`
CRC32	`B85B70F6`
ssdeep	`768:Att4XmlOF7IP76pKRRisEOYeTQlPPPVRo5P5cLOToT07GFFUQFbqcMNnZd:AHiIIuieTQl3UBFET07GFFlFbq7`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	027f7ec40800a851_kkmcommon.dll.config Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMCommon.dll.config
Size	504.0B
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`3ed12dba4aa997ecaa35953979329d53`
SHA1	`bb634bb4b5e4a43634db0b586cfe8bb9e538aedd`
SHA256	`027f7ec40800a85177e044cd4f284c1fc86fc5f0055bf728f7fe7ddf67de4091`
CRC32	`FB78FFEC`
ssdeep	`12:TMHdGzNFF7ap+5Bw/2/vLpFicYoKV7VirSyxm:2duPF7NBq2//9kirO`
Yara	None matched
VirusTotal	Search for analysis

Name	c9dae5e8b3150d4d_pilotntsharp.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\PilotNtSharp.dll
Size	8.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`050f359cbb074e55d505506b4b35bb7d`
SHA1	`e80cd3036c045c90548fef5fe1566aa3d8050289`
SHA256	`c9dae5e8b3150d4d993ced26cfede0c305a5ae6329a3c80f61ffac53185e3b90`
CRC32	`B8B1D299`
ssdeep	`96:mcjZSGfU5GfUlkrQkolGSjM4+rmgTRGmoOuwfX+5zgTCHQB6jyPhjnGpBW:m1GfU5GfUlHb6rjTuzgRB2KjGS`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	d4cf570c7381883b_uninstall.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\uninstall.exe
Size	35.8KB
Processes	2552 (kkm.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`41dbd13a312f2bdf14f7cd8a04bd0434`
SHA1	`f5b490f47c8a56580f1c5e2247876d458f6ab83d`
SHA256	`d4cf570c7381883b1f2aa6e6c1510d634fe5b7b6b8fcbfaaed92ef3014a2d3cc`
CRC32	`DE67071A`
ssdeep	`768:SPLV0/LMvOdZLTU+hjO2ei2fr5iZ+uhc9GdtOuI7d4cKJRn6bW7/:SmQWjTU+leyZz/dWicPb6/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file
VirusTotal	Search for analysis

Name	2c256383dfa73645_htmlagilitypack.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\HtmlAgilityPack.dll
Size	166.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b1f442802185d272aa4ad63a59702675`
SHA1	`78911e2dca636a2568c43f53cb80d0230b691ccb`
SHA256	`2c256383dfa736459a1880734de625e7b181f3c9cd46ea072e692b57133f5a8a`
CRC32	`42C7BB06`
ssdeep	`3072:1TAQW7ZBlGNJBrWNs0eDI1j60DXCYWFLZeQW+wFZTa:S5ZONJB/cV60WGVt`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	e3b0c44298fc1c14_nsgECE0.tmp Empty file or file not found
Filepath	C:\Users\test22\AppData\Local\Temp\nsgECE0.tmp
Size	0.0B
Type	empty
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
CRC32	`00000000`
ssdeep	`3::`
Yara	None matched
VirusTotal	Search for analysis

Name	7fdd0170e0eb5bf8_tsclib.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\TSCLIB.dll
Size	134.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`f39f9be47afbf58a1b92c6652025cc5d`
SHA1	`31ef30bfbfa135ce76b118ac274d00253685c101`
SHA256	`7fdd0170e0eb5bf884aaa1db6b6d07dd06c2d05cc2956c318ceb9c765868b9f9`
CRC32	`D5607F75`
ssdeep	`1536:6nkijL9xH9nJMoCjFbM7OqPc4yTMEtODZLtUkt4inATk8OaLX7lY7PoXKBkXKLjx:axH9KtBTM6kpU84a+nJL5YmK/Lj8L8`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check
VirusTotal	Search for analysis

Name	0437af85d893f1d4_fabsettings.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\FABSettings.xml
Size	901.0B
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with CRLF line terminators
MD5	`c998a54779c8e2c7194705ffad143166`
SHA1	`530f2ce34abeb9c5f94993237dd6bef13bf3aa28`
SHA256	`0437af85d893f1d4ad1e07b261a98f6337b5112af04936eb51a153317d0a29fc`
CRC32	`6F61D385`
ssdeep	`12:TMb0sO+X5BIyo8V4LbazxNYOHoeA+Y/D0MyRDNWcqKmW198p5SA2AKN6K2+WOuQ0:q0SXPrTuxAoh+W1KhqKES3NR2kmYKa8`
Yara	None matched
VirusTotal	Search for analysis

Name	7424421b2a805f5e_kkmagent.exe Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMAgent.exe
Size	92.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`88e66c7e4276c4dace9d55d4e3727f4a`
SHA1	`73009c6da6b86c76959df9decf46f6289df1ad2c`
SHA256	`7424421b2a805f5ecdd94a970fe6597ecc713c2da71b2b79d73719a5c3585cdd`
CRC32	`345C023E`
ssdeep	`1536:sQiLHfqMiWn0Alu/myKJlba0N3HsGekij7rQ4PR2aAiwjGB07dQ48:svHfqMiWn6IbpsGekijPQ4Z3KicQ48`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)
VirusTotal	Search for analysis

Name	e2bf4f2f1a55e0c6_kkmcommon.pdb Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\KKMCommon.pdb
Size	165.5KB
Processes	2552 (kkm.exe)
Type	MSVC program database ver 7.00, 512*331 bytes
MD5	`64046f512d6b0d596a3112c68b246fd9`
SHA1	`285bf755db98d85327ce58057f7ddce75588aa0a`
SHA256	`e2bf4f2f1a55e0c679794263a090cb5b8ebe51acc85c1e5759abed9bcc102d52`
CRC32	`409DF711`
ssdeep	`1536:uJI2zR7ygDFO7UgE+LMtJasOFAyT4v0s8+ULPW+OFOd0Lk3bPv40XCZ0weNhpq9T:0PDg7Ug1AjhwcO33D4NZ0wefpq9o`
Yara	Malicious_Library_Zero - Malicious_Library
VirusTotal	Search for analysis

Name	d0f9b82de64219e3_atol.drivers10.fptr.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Atol.Drivers10.Fptr.dll
Size	78.0KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`3c46c36b845b1da2c2bd9e0667df0f60`
SHA1	`570dcc02f0cfb97c352363943285212c833229fe`
SHA256	`d0f9b82de64219e37556834fb2a7491468d2cbe1d324880c23a3bda8851b9e5c`
CRC32	`72762C9B`
ssdeep	`768:niBRRkTSSrfbbMOCA5rLBdMkynic6MYnhtX4WYdv0+9fhGQ/Yh1ltJ28lp3Aqob4:IRR7IjbMg5Gj6nRKvPB/U1XAq0Qn`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	9963d40abdaa5c03_barcodelib.dll Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\BarcodeLib.dll
Size	105.5KB
Processes	2552 (kkm.exe)
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b44f8d102da1a8bea10674b2ed905114`
SHA1	`32e80ba45066e43b516ec4b178e0ed77bd1be2de`
SHA256	`9963d40abdaa5c03e34d9b2fe8280b1ae1d16002742e4caf36004c4b35309827`
CRC32	`9A4A74E1`
ssdeep	`3072:G7F2D+XFMx2d225/gOnanSSbVmMPhPPmeuPeuUV9oLXvIUP/SqlPB5sqBTxvNeER:jI2xo`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE32 - (no description) Is_DotNET_DLL - (no description)
VirusTotal	Search for analysis

Name	39f6a4db1be658d6_newtonsoft.json.xml Submit file
Filepath	C:\Users\test22\AppData\Roaming\KkmAgent\Newtonsoft.Json.xml
Size	548.3KB
Processes	2552 (kkm.exe)
Type	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
MD5	`928ed37db61c1e98a2831c8c01f6157c`
SHA1	`98103c2133ebda28be78bfe3e2d81d41924a23ee`
SHA256	`39f6a4db1be658d6baff643fa05aae7809139d9665475bfca10d37dca3384f21`
CRC32	`E789A214`
ssdeep	`6144:XqqUmk/Rik2rH6dl0/IaHNpOVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QyMYFLse:DUK`
Yara	None matched
VirusTotal	Search for analysis