popup
Dropped Files | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Dropped Files

Name e3b0c44298fc1c14___tmp_rar_sfx_access_check_33465640
Empty file or file not found
Filepath C:\FontWinintohostNet\__tmp_rar_sfx_access_check_33465640
Size 0.0B
Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
ssdeep 3::
Yara None matched
VirusTotal Search for analysis
Name 074f5eb66a80a067_uwe3bhtnvatekstfn0cpppafawk.vbe
Submit file
Filepath C:\FontWinintohostNet\UWE3BhTNVatEksTFn0CppPafAWK.vbe
Size 221.0B
Processes 4656 (12.exe)
Type data
MD5 86710fee15b005a08d849b43a257e1f9
SHA1 9a82a845285a61868092451f86cc6e2651295b59
SHA256 074f5eb66a80a067c3017ac07985076cc44aa4c88836d9b434b269c5e8881c6a
CRC32 276EB275
ssdeep 6:G5kgwqK+NkLzWbHY08nZNDd3RL1wQJRoR2QGs1:G6BMCzWLY04d3XBJ2MQN
Yara None matched
VirusTotal Search for analysis
Name cd1e3c448c93c2ae_886983d96e3d3e31032c679b2d4ea91b6c05afef
Submit file
Filepath C:\Sandbox\test22\DefaultBox\user\all\Microsoft\Windows\Caches\886983d96e3d3e31032c679b2d4ea91b6c05afef
Size 976.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 d46b82163f91aa19a86166989d350f75
SHA1 da247f4515cb8abfce67eef54c20c000d3e62161
SHA256 cd1e3c448c93c2aeee93f8e66a811f4e3a9222c6afda4538c01cee9d2ae98be8
CRC32 B8D1B619
ssdeep 24:5DwSWoueXi8p0LBQY+vsjKDEZrbctDFUwy7rRxEQ8bhOLrwAMnnwl:5DwDoXXi8eS1XDuvcFFUfrRxEQ8by8AD
Yara None matched
VirusTotal Search for analysis
Name 8ea76766e0e73912_x3Qx5PZNrd
Submit file
Filepath C:\FontWinintohostNet\x3Qx5PZNrd
Size 25.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with no line terminators
MD5 c9325d474a660ce06d03f41eded566c1
SHA1 75e2574a7088c61bfd265c3447e6f0812e3c4f33
SHA256 8ea76766e0e73912adf51c8f701c91bcdd4d28572a37a69148b4542854935902
CRC32 3C04F697
ssdeep 3:W7t9LTumA:W7t9nuN
Yara None matched
VirusTotal Search for analysis
Name 764f079ed396e414_u8hvppfkr4yik505gpamovaapm.bat
Submit file
Filepath C:\FontWinintohostNet\u8hVPpfkR4YIk505GPamOvaaPm.bat
Size 56.0B
Processes 4656 (12.exe)
Type ASCII text, with no line terminators
MD5 ddc597ffafbf33db7998e7f8488e29eb
SHA1 14cce6b80008ca515c27957b51c0f6474c33b705
SHA256 764f079ed396e4142509b67fb219dd650830e9e52cf2706f27b5e0ff0b3c8409
CRC32 8AD8CDD1
ssdeep 3:I52+LsVULEwLsVUhDUxdAH:IoXVK0VMDUxdAH
Yara None matched
VirusTotal Search for analysis
Name 0774e911a87d4718_24dbde2999530ef5fd907494bc374d663924116c
Submit file
Filepath C:\Program Files (x86)\Common Files\Services\24dbde2999530ef5fd907494bc374d663924116c
Size 318.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 760e8c6a3d59a92ee0f85176555d444a
SHA1 0b0ffd11b3ae7f62f2fa626bb36733b5ddddb12d
SHA256 0774e911a87d471835ae0b0b45a14dc5ff34f7e2d0466d4aebe33d949c03063c
CRC32 8700819B
ssdeep 6:bk9dhiLZXC96dLxfBaHEcHcBP7wsPkePJqU6W/JDXFc3H0Mj:bkkxz3fBmHcNbH6WFFcX0o
Yara None matched
VirusTotal Search for analysis
Name c583b46c1a825aca_8MzrE1G1pe.bat
Submit file
Filepath C:\FontWinintohostNet\8MzrE1G1pe.bat
Size 208.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe) 4440 (cmd.exe)
Type DOS batch file, ASCII text, with CRLF line terminators
MD5 2cf797061f9623db983a27ae7fb2159b
SHA1 4b3d0387846025fb573ec817ad016b86226191cd
SHA256 c583b46c1a825aca74515a3ae886e46f6801dedfd2c8d777e6640d054d86583c
CRC32 93D2C180
ssdeep 6:hCRLqFcROrrVvTE7ZdO+4KOZG6V0oozKn:CqFcRO9vTE7jOV0on
Yara None matched
VirusTotal Search for analysis
Name 2385bf6f5cb747b3_560854153607923c4c5f107085a7db67be01f252
Submit file
Filepath C:\tmpzdcjvb\bin\560854153607923c4c5f107085a7db67be01f252
Size 596.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 fdda2d5a5ba5af475cb15c97d6f2acdb
SHA1 b3ef9ca0f0666f8ff0dd2ee0e68247cc4527a417
SHA256 2385bf6f5cb747b30c62ab75287b499b89f7d436dcf04d5832dc3934be4c4094
CRC32 7CB684C3
ssdeep 12:f1pV4oiChIVjkTxbCl8qQO+O0B0K71Pe0PeRfqA4Yi8HKOWzLJnYw5Ivp+4:dnGlT9+OwPe0P1zYi8qOWv6nvN
Yara None matched
VirusTotal Search for analysis
Name efbd6c2ea93e85c6_fontwinintohostnetrefperfsvc.exe
Submit file
Filepath C:\FontWinintohostNet\FontWinintohostNetrefperfsvc.exe
Size 690.0KB
Processes 4656 (12.exe)
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 29dfb99b4a7de6abc52bd344dfa905cf
SHA1 bee1afec0a99d2b37cde1a4df311e414599f8724
SHA256 efbd6c2ea93e85c6f9b739453685a726e99f7527cfe9f5826d87d2f9f2632199
CRC32 A0161773
ssdeep 12288:ztFXmSr8maohJIPEVQjYiv7itFmsuICcqn:zvdD7hJIPuy2tkshCc+
Yara
  • NPKI_Zero - File included NPKI
  • Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT
  • PE_Header_Zero - PE File Signature
  • Is_DotNET_EXE - (no description)
  • IsPE32 - (no description)
VirusTotal Search for analysis
Name 8243085784fc38ff_ebf1f9fa8afd6d1932bd65bc4cc3af89a4c8e228
Submit file
Filepath C:\Windows\SysWOW64\osk\ebf1f9fa8afd6d1932bd65bc4cc3af89a4c8e228
Size 949.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 5b39b881901ca31b8d38d64079f1344f
SHA1 ceafc7897b6463f1e4f6414fb36f920ece9e0d10
SHA256 8243085784fc38ff9caeef4d54444e8caa28acf2ede2bb6a54b1f1c3b7adc231
CRC32 10E94F8C
ssdeep 24:eMfZ9F9WV5idGkXkdnIqrdO+gkgiHxUAWRiQnueeotM6e:TffF9WV5iPonIQdrfxUAWR9uhZ
Yara None matched
VirusTotal Search for analysis
Name a40313bf53fc13be_4a1145983886ca6e83e0c602fdf4d92ac60ad979
Submit file
Filepath C:\Recovery\ab7d780a-0706-11e8-9512-b992fd7a33be\4a1145983886ca6e83e0c602fdf4d92ac60ad979
Size 569.0B
Processes 6952 (FontWinintohostNetrefperfsvc.exe)
Type ASCII text, with very long lines, with no line terminators
MD5 adcbbc3d6df52e6da691012d1da459a6
SHA1 3d3079bd543ec47164e2ab82e68bb04392d2fb70
SHA256 a40313bf53fc13beb3f7330f73154a917ffc4f3676ceb611b7993d3836d65ba7
CRC32 186F3E09
ssdeep 12:kb/USCCPd4x6RMWLCyHb1vqgxh1mlej/kbF5K8MeRB6V:A/GCNRMKHbxt2leCFUBV
Yara None matched
VirusTotal Search for analysis