Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Malicious"
- * MalScore: 10.0
- * File Name: "Exes_771014073ec8cd39daac28b1ce95b474.exe"
- * File Size: 317440
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed"
- * SHA256: "3bd9107fac52bc69d0bb5dce1fa4ff060c4a0a4c324e78d182f141ccb7998bd3"
- * MD5: "771014073ec8cd39daac28b1ce95b474"
- * SHA1: "4423e3ff7390caa04991404e2c03e893aba618a1"
- * SHA512: "e494477ac089e72654cbc3fa30a6aac05055d91f980ba77a7c8e65a73dac4f4c940c1cec91ff22da57271d2de9f0c8c183173952e05381bc5e68f32c0e1ec26a"
- * CRC32: "A3E8AA70"
- * SSDEEP: "3072:L92gkM1dTnzUJuwSQQrtIQPaE3i5cKvtxQa0HDNqknIgx2UpsIkTpg:LsgkM1dLzCjcvby6Kvte9Rqoc7T"
- * Process Execution:
- "Exes_771014073ec8cd39daac28b1ce95b474.exe",
- "Exes_771014073ec8cd39daac28b1ce95b474.exe",
- "services.exe",
- "lsass.exe",
- "taskhost.exe",
- "sc.exe",
- "svchost.exe",
- "svchost.exe",
- "WerFault.exe",
- "wermgr.exe"
- * Executed Commands:
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_771014073ec8cd39daac28b1ce95b474.exe\"",
- "C:\\Windows\\system32\\lsass.exe",
- "taskhost.exe $(Arg0)",
- "C:\\Windows\\system32\\sc.exe start w32time task_started",
- "C:\\Windows\\system32\\svchost.exe -k LocalService",
- "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
- "C:\\Windows\\system32\\WerFault.exe -u -p 2396 -s 288",
- "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\""
- * Signatures Detected:
- "Description": "At least one process apparently crashed during execution",
- "Details":
- "Description": "Attempts to connect to a dead IP:Port (1 unique times)",
- "Details":
- "IP": "151.139.128.14:80"
- "Description": "Creates RWX memory",
- "Details":
- "Description": "A process created a hidden window",
- "Details":
- "Process": "Exes_771014073ec8cd39daac28b1ce95b474.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_771014073ec8cd39daac28b1ce95b474.exe"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- "url": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY"
- "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSTufqHinruS%2FP9Wi1XSjRRzoTLfAQUfgNaZUFrp34K4bidCOodjh1qx2UCEC4BJRXilBJzt%2BjULTDTeVo%3D"
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: UPX1, entropy: 7.94, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00024200, virtual_size: 0x00025000"
- "Description": "The executable is compressed using UPX",
- "Details":
- "section": "name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x00057000"
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details":
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 11150935 times"
- "Description": "Steals private information from local Internet browsers",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@doubleclick1.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@advertising1.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.bing2.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@media2.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.google1.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google5.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google4.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google3.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@google1.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@c.msn2.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@msn1.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@www.msn2.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@3lift1.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@bing2.txt"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@scorecardresearch2.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\user@atwola2.txt"
- "Description": "Collects information about installed applications",
- "Details":
- "Program": "Google Update Helper"
- "Program": "Microsoft Excel MUI 2013"
- "Program": "Microsoft Outlook MUI 2013"
- "Program": "Google Chrome"
- "Program": "Adobe Flash Player 29 NPAPI"
- "Program": "Adobe Flash Player 29 ActiveX"
- "Program": "Microsoft DCF MUI 2013"
- "Program": "Microsoft Access MUI 2013"
- "Program": "Microsoft Office Proofing Tools 2013 - English"
- "Program": "Adobe Acrobat Reader DC"
- "Program": "Microsoft Publisher MUI 2013"
- "Program": "Microsoft Office Shared MUI 2013"
- "Program": "Microsoft Office OSM MUI 2013"
- "Program": "Microsoft InfoPath MUI 2013"
- "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
- "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
- "Program": "Microsoft Word MUI 2013"
- "Program": "Microsoft OneDrive"
- "Program": "Microsoft Groove MUI 2013"
- "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
- "Program": "Microsoft Access Setup Metadata MUI 2013"
- "Program": "Microsoft Office OSM UX MUI 2013"
- "Program": "Java Auto Updater"
- "Program": "Microsoft PowerPoint MUI 2013"
- "Program": "Microsoft Office Professional Plus 2013"
- "Program": "Adobe Refresh Manager"
- "Program": "Microsoft Office Proofing 2013"
- "Program": "Microsoft Lync MUI 2013"
- "Program": "Microsoft OneNote MUI 2013"
- "Description": "File has been identified by 23 Antiviruses on VirusTotal as malicious",
- "Details":
- "FireEye": "Generic.mg.771014073ec8cd39"
- "McAfee": "GenericRXHY-XS!C6619D8DF1A4"
- "Cylance": "Unsafe"
- "K7GW": "Trojan ( 005530f21 )"
- "K7AntiVirus": "Trojan ( 005530f21 )"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "Endgame": "malicious (moderate confidence)"
- "F-Secure": "Trojan.TR/Crypt.ULPM.Gen"
- "DrWeb": "Trojan.PWS.Siggen2.23585"
- "Invincea": "heuristic"
- "Trapmine": "malicious.moderate.ml.score"
- "CMC": "Trojan.Win32.Swizzor.1!O"
- "Avira": "TR/Crypt.ULPM.Gen"
- "Microsoft": "Trojan:Win32/Fuerboos.C!cl"
- "Acronis": "suspicious"
- "ESET-NOD32": "a variant of Win32/GenKryptik.DNZI"
- "SentinelOne": "DFI - Malicious PE"
- "eGambit": "Unsafe.AI_Score_92%"
- "Fortinet": "W32/Kryptik.GUPZ!tr"
- "Cybereason": "malicious.f7390c"
- "CrowdStrike": "win/malicious_confidence_70% (D)"
- "Qihoo-360": "HEUR/QVM11.1.B195.Malware.Gen"
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details":
- "Description": "Checks the system manufacturer, likely for anti-virtualization",
- "Details":
- "Description": "Attempts to access Bitcoin/ALTCoin wallets",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Adobe\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Sun\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Identities\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Macromedia\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Notepad++\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\wallet.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\*"
- "Description": "Harvests credentials from local FTP client softwares",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\filezilla\\recentservers.xml"
- "Description": "Harvests information related to installed instant messenger clients",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
- "Description": "Harvests information related to installed mail clients",
- "Details":
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
- "Description": "Collects information to fingerprint the system",
- "Details":
- * Started Service:
- "VaultSvc",
- "WerSvc",
- "W32Time"
- * Mutexes:
- "A81FB8C6-0BBE6E18-6FC9B5DB-536DA455-933946726",
- "Local\\WERReportingForProcess2396",
- "Global\\\\xe5\\x88\\x90\\xc2\\xa0",
- "Global\\\\xed\\x95\\xb0\\xc7\\x9b",
- "WERUI_BEX64-928a3992b7bed7284823981773aca329ad5b54d"
- * Modified Files:
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0255CEC2C51D081EFF40366512890989_CFBE135C1EB4E34EEEA2C1CB8DC92D8B",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0255CEC2C51D081EFF40366512890989_CFBE135C1EB4E34EEEA2C1CB8DC92D8B",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\135662341384565854071147.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136175626668354943421455.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\13617625760319523058928.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136176566904652965936176.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136177036187809389259254.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4ea3e899-a35a-4b2c-8309-21adf5344aca",
- "\\??\\PIPE\\lsarpc",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA00B.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA423.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA453.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAF02.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\WERA00B.tmp.appcompat.txt",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\WERA423.tmp.WERInternalMetadata.xml",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\WERA453.tmp.hdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\WERAF02.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\Report.wer",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\Report.wer.tmp"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\135662341384565854071147.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136175626668354943421455.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\13617625760319523058928.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136176566904652965936176.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\136177036187809389259254.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\curbuf.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-console-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-datetime-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-debug-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-file-l2-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-handle-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-heap-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-interlocked-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-localization-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-memory-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-processthreads-l1-1-1.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-profile-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-string-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-synch-l1-2-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-timezone-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-core-util-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-conio-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-convert-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-environment-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-heap-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-locale-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-math-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-private-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-process-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-runtime-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-stdio-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-string-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-time-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\api-ms-win-crt-utility-l1-1-0.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\freebl3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\mozglue.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\msvcp140.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nss3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\nssdbm3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\softokn3.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\ucrtbase.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\vcruntime140.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\2fda\\",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA00B.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA00B.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA423.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA423.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA453.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERA453.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAF02.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERAF02.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_928a3992b7bed7284823981773aca329ad5b54d_cab_065b9e59\\Report.wer.tmp"
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "sukaponic.com",
- "answers":
- "data": "103.229.72.62",
- "type": "A"
- * Domains:
- "ip": "103.229.72.62",
- "domain": "sukaponic.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY",
- "data": "GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEQDwHUvue3yjezwFZqwFlyRY HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSTufqHinruS%2FP9Wi1XSjRRzoTLfAQUfgNaZUFrp34K4bidCOodjh1qx2UCEC4BJRXilBJzt%2BjULTDTeVo%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSTufqHinruS%2FP9Wi1XSjRRzoTLfAQUfgNaZUFrp34K4bidCOodjh1qx2UCEC4BJRXilBJzt%2BjULTDTeVo%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSTufqHinruS%2FP9Wi1XSjRRzoTLfAQUfgNaZUFrp34K4bidCOodjh1qx2UCEC4BJRXilBJzt%2BjULTDTeVo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement