popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name 958ec4f9bcd48a3b_0a1fd5f707cd16ea89afd3d6db52b2da58214a6c
Submit file
Filepath C:\Users\Default\0a1fd5f707cd16ea89afd3d6db52b2da58214a6c
Size 715.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 ae4d2408218df19c678070febc92b976
SHA1 89a99ccbbc83424e93fd302aa9df7f78da73df07
SHA256 958ec4f9bcd48a3b266c423b15fba1571a5a1cf5a70b1f8396ab8e97c39b4184
CRC32 DF2682AB
ssdeep 12:x/VGFwCVOhsnRkwjfgdKdqPa+rv2IDK1KAAPs6ik7bs1LGVuD8BGYRMghupcNafZ:xcentGMKdqTj2iuKAAPskP5c8BGYRfhY
Yara None matched
VirusTotal Search for analysis
Name 18265c4d9d27ef8c_24dbde2999530ef5fd907494bc374d663924116c
Submit file
Filepath C:\Recovery\ab7d780a-0706-11e8-9512-b992fd7a33be\24dbde2999530ef5fd907494bc374d663924116c
Size 732.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 6f4484be3d5a05f384055bc6038f9218
SHA1 b67cf14d4aaa2c981e3969749d8c95cc778fb154
SHA256 18265c4d9d27ef8c2cfc08612c7dfac96ab7050e498c8c77136425781bbe74a6
CRC32 EF91C243
ssdeep 12:iGnKNsbUVgqoY7ooC35aNIGHv5PhLXZnESXRbCosh1Cohwqy/Lzfun:iGn9UdoolNjv5PhLXZn+oshIiqC
Yara None matched
VirusTotal Search for analysis
Name 609863e68b3ee95b_ac060f29f1654c96f6e16e6373765aaf20047ca1
Submit file
Filepath C:\Windows\SysWOW64\mf3216\ac060f29f1654c96f6e16e6373765aaf20047ca1
Size 483.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 77b5fd2017c6a413f38c08aa9d74d3ca
SHA1 05821ddb0ea3f3d94739dc2e735d77dc9947d96e
SHA256 609863e68b3ee95bc4d7cf31030450661adba58a088ad7ad0c7f6d3cd6e89fd4
CRC32 5877F79E
ssdeep 12:VvcXdIwTJ4mQtookoxhZOxltsV6iwyd5vAWU57:VvcXPDuookorI6wmM57
Yara None matched
VirusTotal Search for analysis
Name c999522100ad1935_69ddcba757bf72f7d36c464c71f42baab150b2b9
Submit file
Filepath C:\Users\69ddcba757bf72f7d36c464c71f42baab150b2b9
Size 963.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 f4494d9819dbb0a5507a228ee34f5acc
SHA1 fb5cfeaca50e8fb3444fa2fca401db1379921adb
SHA256 c999522100ad1935c60d08c51d8b0a3bbfb9343f08934dafdfd43b40ca46791e
CRC32 539ABA1A
ssdeep 24:cdG+wql5HrYfDGGBzr6AowVqmXwYvQ9SA7KYjAyUHUtd8h:cd/lvroyG4CxCdKvHydM
Yara None matched
VirusTotal Search for analysis
Name 1990df3d6b76752c_b75386f1303e64d8139363b71e44ac16341adf4e
Submit file
Filepath C:\Windows\System32\NlsLexicons0026\b75386f1303e64d8139363b71e44ac16341adf4e
Size 10.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with no line terminators
MD5 cedddc97ae1dc4edcab107ad939374d3
SHA1 165cff4dca56c50e4b954bf0f6bf741630d68c9f
SHA256 1990df3d6b76752cf422a982281c7c227d0e15642f3f91d26ceb7c793e502bb3
CRC32 C056711C
ssdeep 3:iT7:iH
Yara None matched
VirusTotal Search for analysis
Name 074f5eb66a80a067_uwe3bhtnvatekstfn0cpppafawk.vbe
Submit file
Filepath C:\FontWinintohostNet\UWE3BhTNVatEksTFn0CppPafAWK.vbe
Size 221.0B
Processes 7092 (12.exe)
Type data
MD5 86710fee15b005a08d849b43a257e1f9
SHA1 9a82a845285a61868092451f86cc6e2651295b59
SHA256 074f5eb66a80a067c3017ac07985076cc44aa4c88836d9b434b269c5e8881c6a
CRC32 276EB275
ssdeep 6:G5kgwqK+NkLzWbHY08nZNDd3RL1wQJRoR2QGs1:G6BMCzWLY04d3XBJ2MQN
Yara None matched
VirusTotal Search for analysis
Name a9defc97319ca159_XB2Ym8KU2J.bat
Submit file
Filepath C:\FontWinintohostNet\XB2Ym8KU2J.bat
Size 176.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe) 9016 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 0bf46944cac3d20bf2915c0f4178db21
SHA1 d4eed69f5ac612b054eac3bdac3d047381a76375
SHA256 a9defc97319ca1598923a3280f281c399fb07f8920f379277ea27e1469ededc1
CRC32 041AEA44
ssdeep 3:mKDDVNGvTVLqFvEROre3LsVU+Oizn9mqdlH1MARm5XIvBktKcKZGlLsVUVnXjuiO:hCRLqFcROrrVvTEqdEARm54vKOZG6VUC
Yara None matched
VirusTotal Search for analysis
Name 506da8914f48baa4_ad905248ae8915310f4f54ea4fdbd093383798d1
Submit file
Filepath C:\Python27\LICENSE\ad905248ae8915310f4f54ea4fdbd093383798d1
Size 243.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with no line terminators
MD5 9c6a0784c3cf1da82f59191102539983
SHA1 e839b042402c4e57b3438ce0c4f0e5144eba5906
SHA256 506da8914f48baa4fa84503101be9481f759f469f5287f3b4e00ee3d69fc96a8
CRC32 D0A6D449
ssdeep 6:EgZ16mmeHQJd2XEe1Qq2sGraqp6WbcsLsk+BFJ:EgZyOQJdvq2sSp6LqkBFJ
Yara None matched
VirusTotal Search for analysis
Name 764f079ed396e414_u8hvppfkr4yik505gpamovaapm.bat
Submit file
Filepath C:\FontWinintohostNet\u8hVPpfkR4YIk505GPamOvaaPm.bat
Size 56.0B
Processes 7092 (12.exe)
Type ASCII text, with no line terminators
MD5 ddc597ffafbf33db7998e7f8488e29eb
SHA1 14cce6b80008ca515c27957b51c0f6474c33b705
SHA256 764f079ed396e4142509b67fb219dd650830e9e52cf2706f27b5e0ff0b3c8409
CRC32 8AD8CDD1
ssdeep 3:I52+LsVULEwLsVUhDUxdAH:IoXVK0VMDUxdAH
Yara None matched
VirusTotal Search for analysis
Name 39e10a9f8e4cfdb3_617403385cfa5793a54cc4029c1bf0ecc358174e
Submit file
Filepath C:\Windows\System32\AxInstSv\617403385cfa5793a54cc4029c1bf0ecc358174e
Size 161.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with no line terminators
MD5 c00466bdcb929d83df54759cdcdf45d4
SHA1 4e47fffa8c186b03ca2f3b3650064d2f13b7f82f
SHA256 39e10a9f8e4cfdb3fba3e78c6b1a8fd0f2b62fd7bbbdd087cc38539041dfe738
CRC32 3E931BEB
ssdeep 3:bIso1icBTmlUc9O0QC6CQLVz8oeBQq/WS1jOWPK3XqGndW3b8:sZd6icDrQLioC9p5PyRC8
Yara None matched
VirusTotal Search for analysis
Name 47d21c09b16ecdc2_4a1145983886ca6e83e0c602fdf4d92ac60ad979
Submit file
Filepath C:\Users\4a1145983886ca6e83e0c602fdf4d92ac60ad979
Size 548.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 7591aa3de4ea58d3b8feaff0a595ed26
SHA1 f70976401650f5c582b6d3f238d4f4f1860717ff
SHA256 47d21c09b16ecdc255a4a4da3e9908237c364f41b6b984e65011edbf72404f5e
CRC32 2623A277
ssdeep 12:IX23RwcmGVGiB3QOucG+vnhWKup+cKGcUK1GiTqMKBKV:IX6RhVGbvavnhWKuIcKHUIGOqS
Yara None matched
VirusTotal Search for analysis
Name c7faa10f2b732c39_ad905248ae8915310f4f54ea4fdbd093383798d1
Submit file
Filepath C:\Python27\README\ad905248ae8915310f4f54ea4fdbd093383798d1
Size 490.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 6175a5b73b9fb01fd5a886d88a58c0cd
SHA1 ba4317a95dd31f943be3d5b491ff41cfbb7690cf
SHA256 c7faa10f2b732c39032b0bb0d4a50529e12d12ed64b02c838f545cd73c0d37f4
CRC32 B4A19547
ssdeep 12:AUsAnnV1emTUf4z3KLaHOg1PToW8w3/yxrSjPmmD:Aanz/Te4Ow9kHw3/tmW
Yara None matched
VirusTotal Search for analysis
Name efbd6c2ea93e85c6_fontwinintohostnetrefperfsvc.exe
Submit file
Filepath C:\FontWinintohostNet\FontWinintohostNetrefperfsvc.exe
Size 690.0KB
Processes 7092 (12.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 29dfb99b4a7de6abc52bd344dfa905cf
SHA1 bee1afec0a99d2b37cde1a4df311e414599f8724
SHA256 efbd6c2ea93e85c6f9b739453685a726e99f7527cfe9f5826d87d2f9f2632199
CRC32 A0161773
ssdeep 12288:ztFXmSr8maohJIPEVQjYiv7itFmsuICcqn:zvdD7hJIPuy2tkshCc+
Yara
  • NPKI_Zero - File included NPKI
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 96f22bc80551960f_WYJZutkemb
Submit file
Filepath C:\FontWinintohostNet\WYJZutkemb
Size 25.0B
Processes 8620 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with no line terminators
MD5 fd5efee8406a3505050d6f0acfdd236c
SHA1 010e02c9e24e4005162be06f4392667735edf7c3
SHA256 96f22bc80551960f12e490ea484a47049a5ced9fd0ca72372d744821b0418395
CRC32 182857F4
ssdeep 3:XGBhAUrRTI:XOAsI
Yara None matched
VirusTotal Search for analysis
Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_43065765
Empty file or file not found
Filepath C:\FontWinintohostNet\__tmp_rar_sfx_access_check_43065765
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis