API tools faq
paste
Advertisement
paladin316

Exes_330917c38844616fce7e601533a91ab7_exe_2019-08-14_19_30.txt

paladin316
Aug 14th, 2019
1,515
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.98 KB | None | 0 0
raw download clone embed print report
  1.  
  2. * MalFamily: "Barys"
  3.  
  4. * MalScore: 10.0
  5.  
  6. * File Name: "Exes_330917c38844616fce7e601533a91ab7.exe"
  7. * File Size: 2369282
  8. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive"
  9. * SHA256: "de5bd6ec3d7dd3b9133d7e576fa7c36f1040766e9a1151a78aa8d50210a28c04"
  10. * MD5: "330917c38844616fce7e601533a91ab7"
  11. * SHA1: "23302a6300f85966dc079ced4f5027b0813e2c6a"
  12. * SHA512: "e7455560aa2f05a102c9aa68b43aae858a9a48b576d1f789f906556e6f4a520a4bc701227a175186bbd1c433fd2190e18a1ab18d3ab7a350cb27d2c7c8544c80"
  13. * CRC32: "1C52CB8B"
  14. * SSDEEP: "49152:iFHRzkpdur4+11DlneyFO7INDGIKHDZzPzka8HuLe8D:iFtAduUob3OswIKHDZzbrKu1"
  15.  
  16. * Process Execution:
  17. "Exes_330917c38844616fce7e601533a91ab7.exe"
  18.  
  19.  
  20. * Executed Commands:
  21.  
  22. * Signatures Detected:
  23.  
  24. "Description": "Reads data out of its own binary image",
  25. "Details":
  26.  
  27. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000000, length: 0x00000007"
  28.  
  29.  
  30. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000000, length: 0x00002000"
  31.  
  32.  
  33. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00000007, length: 0x000ffff0"
  34.  
  35.  
  36. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00001ff0, length: 0x00002000"
  37.  
  38.  
  39. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00003fe0, length: 0x00002000"
  40.  
  41.  
  42. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00005fd0, length: 0x00002000"
  43.  
  44.  
  45. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00007fc0, length: 0x00002000"
  46.  
  47.  
  48. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00009fb0, length: 0x00002000"
  49.  
  50.  
  51. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000bfa0, length: 0x00002000"
  52.  
  53.  
  54. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000df90, length: 0x00002000"
  55.  
  56.  
  57. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0000ff80, length: 0x00002000"
  58.  
  59.  
  60. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00011f70, length: 0x00002000"
  61.  
  62.  
  63. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00013f60, length: 0x00002000"
  64.  
  65.  
  66. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00015f50, length: 0x00002000"
  67.  
  68.  
  69. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00017f40, length: 0x00002000"
  70.  
  71.  
  72. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00019f30, length: 0x00002000"
  73.  
  74.  
  75. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001bf20, length: 0x00002000"
  76.  
  77.  
  78. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001df10, length: 0x00002000"
  79.  
  80.  
  81. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0001ff00, length: 0x00002000"
  82.  
  83.  
  84. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00021ef0, length: 0x00002000"
  85.  
  86.  
  87. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00023ee0, length: 0x00002000"
  88.  
  89.  
  90. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00025ed0, length: 0x00002000"
  91.  
  92.  
  93. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00027ec0, length: 0x00002000"
  94.  
  95.  
  96. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00029eb0, length: 0x00002000"
  97.  
  98.  
  99. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002bea0, length: 0x00002000"
  100.  
  101.  
  102. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002de90, length: 0x00002000"
  103.  
  104.  
  105. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0002fe80, length: 0x00002000"
  106.  
  107.  
  108. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00031e70, length: 0x00002000"
  109.  
  110.  
  111. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00033a00, length: 0x00000031"
  112.  
  113.  
  114. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00033a19, length: 0x001e5000"
  115.  
  116.  
  117. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00220088, length: 0x00000044"
  118.  
  119.  
  120. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0022fcfb, length: 0x0000004a"
  121.  
  122.  
  123. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002301cc, length: 0x00000048"
  124.  
  125.  
  126. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002302b4, length: 0x0000004e"
  127.  
  128.  
  129. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023049b, length: 0x0000004c"
  130.  
  131.  
  132. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002305a4, length: 0x00000040"
  133.  
  134.  
  135. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002305f5, length: 0x00000058"
  136.  
  137.  
  138. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002308c0, length: 0x0000004a"
  139.  
  140.  
  141. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230a00, length: 0x0000004b"
  142.  
  143.  
  144. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230af4, length: 0x00000043"
  145.  
  146.  
  147. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00230b54, length: 0x0000005d"
  148.  
  149.  
  150. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231172, length: 0x0000005d"
  151.  
  152.  
  153. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231402, length: 0x0000005d"
  154.  
  155.  
  156. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023147e, length: 0x0000005d"
  157.  
  158.  
  159. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002314fd, length: 0x0000005d"
  160.  
  161.  
  162. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00231579, length: 0x00000058"
  163.  
  164.  
  165. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002315eb, length: 0x0000005a"
  166.  
  167.  
  168. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232337, length: 0x0000005a"
  169.  
  170.  
  171. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023273e, length: 0x00000058"
  172.  
  173.  
  174. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002327a6, length: 0x0000005a"
  175.  
  176.  
  177. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023291b, length: 0x0000005a"
  178.  
  179.  
  180. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232995, length: 0x0000005a"
  181.  
  182.  
  183. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232a34, length: 0x0000005a"
  184.  
  185.  
  186. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232a9b, length: 0x0000005a"
  187.  
  188.  
  189. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232b02, length: 0x0000005a"
  190.  
  191.  
  192. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00232b69, length: 0x00000051"
  193.  
  194.  
  195. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x002342a9, length: 0x0000004e"
  196.  
  197.  
  198. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023488c, length: 0x00000054"
  199.  
  200.  
  201. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00234929, length: 0x00000058"
  202.  
  203.  
  204. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00236169, length: 0x0000004f"
  205.  
  206.  
  207. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x0023f0fa, length: 0x00000058"
  208.  
  209.  
  210. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00240ba5, length: 0x0000004b"
  211.  
  212.  
  213. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00240dd0, length: 0x00000051"
  214.  
  215.  
  216. "self_read": "process: Exes_330917c38844616fce7e601533a91ab7.exe, pid: 1908, offset: 0x00241be1, length: 0x0000032a"
  217.  
  218.  
  219.  
  220.  
  221. "Description": "File has been identified by 21 Antiviruses on VirusTotal as malicious",
  222. "Details":
  223.  
  224. "MicroWorld-eScan": "Gen:Variant.Barys.2200"
  225.  
  226.  
  227. "McAfee": "Artemis!330917C38844"
  228.  
  229.  
  230. "Cylance": "Unsafe"
  231.  
  232.  
  233. "BitDefender": "Gen:Variant.Barys.2200"
  234.  
  235.  
  236. "Arcabit": "Trojan.Barys.D898"
  237.  
  238.  
  239. "Cyren": "W32/Trojan.ELYK-9138"
  240.  
  241.  
  242. "TrendMicro-HouseCall": "TROJ_GE.B1AB6E63"
  243.  
  244.  
  245. "GData": "Gen:Variant.Barys.2200"
  246.  
  247.  
  248. "Avast": "Win32:Malware-gen"
  249.  
  250.  
  251. "F-Secure": "Gen:Variant.Barys.2200"
  252.  
  253.  
  254. "Invincea": "heuristic"
  255.  
  256.  
  257. "McAfee-GW-Edition": "BehavesLike.Win32.Dropper.vc"
  258.  
  259.  
  260. "Emsisoft": "Gen:Variant.Barys.2200 (B)"
  261.  
  262.  
  263. "Avira": "TR/Dropper.Gen"
  264.  
  265.  
  266. "MAX": "malware (ai score=96)"
  267.  
  268.  
  269. "AegisLab": "Gen.Variant.Ursu!c"
  270.  
  271.  
  272. "Ikarus": "Trojan.Dropper"
  273.  
  274.  
  275. "AVG": "Win32:Malware-gen"
  276.  
  277.  
  278. "Cybereason": "malicious.388446"
  279.  
  280.  
  281. "CrowdStrike": "malicious_confidence_70% (D)"
  282.  
  283.  
  284. "Qihoo-360": "Win32/Trojan.500"
  285.  
  286.  
  287.  
  288.  
  289.  
  290. * Started Service:
  291.  
  292. * Mutexes:
  293. "DefaultTabtip-MainUI",
  294. "CicLoadWinStaWinSta0",
  295. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
  296.  
  297.  
  298. * Modified Files:
  299. "C:\\Users\\user\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_8255140",
  300. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Logo.dll",
  301. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\MikrotikLogUtils.dll",
  302. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\NppShell_04.dll",
  303. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\SciLexer.dll",
  304. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SendStat.dll",
  305. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SpcLoadExt.dll",
  306. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Unpack.dll",
  307. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Update.dll",
  308. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Wait.dll",
  309. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\NppDump.dmp",
  310. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils.exe",
  311. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\notepad++.exe",
  312. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\nppIExplorerShell.exe",
  313. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\regsvr32.exe",
  314. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\SpcLoadExt.inf",
  315. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\comdlg32.oca",
  316. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mscomctl.oca",
  317. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Msinet.oca",
  318. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\comdlg32.ocx",
  319. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mscomctl.ocx",
  320. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Msinet.ocx",
  321. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Mswinsck.ocx",
  322. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Tabctl32.ocx",
  323. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Log On Email.script",
  324. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Log On FTP.script",
  325. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Traffic On Email.script",
  326. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\BackUp Traffic On FTP.script",
  327. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Clean LOG.script",
  328. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Download and apply Black List all.script",
  329. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Send About On Email.script",
  330. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Send Update On Email.script",
  331. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts\\Update Check.script",
  332. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_1.txt",
  333. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_2.txt",
  334. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_3.txt",
  335. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_4.txt",
  336. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter\\MikroTik_Filters_LOG_5.txt",
  337. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_1.txt",
  338. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_2.txt",
  339. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_3.txt",
  340. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_4.txt",
  341. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject\\MikroTik_LOG_Eject_5.txt",
  342. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_1.txt",
  343. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_2.txt",
  344. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_3.txt",
  345. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_4.txt",
  346. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff\\MikroTik_Traffic_LOG_5.txt",
  347. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\themes\\Bespin.xml",
  348. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\config.model.xml",
  349. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\contextMenu.backup.xml",
  350. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization\\english.xml",
  351. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\langs.model.xml",
  352. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization\\russian.xml",
  353. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\shortcuts.xml",
  354. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\stylers.model.xml",
  355. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\localization",
  356. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\plugins",
  357. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\themes",
  358. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\updater",
  359. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad\\user.manual",
  360. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll\\Notepad",
  361. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Eject",
  362. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Filter",
  363. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files\\TMP_LOG_Traff",
  364. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_Dll",
  365. "C:\\Users\\user\\AppData\\Local\\Temp\\MikrotikLogUtils_System",
  366. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_LOG_Files",
  367. "C:\\Users\\user\\AppData\\Local\\Temp\\Sample_Scripts"
  368.  
  369.  
  370. * Deleted Files:
  371. "C:\\Users\\user\\AppData\\Local\\Temp\\__tmp_rar_sfx_access_check_8255140"
  372.  
  373.  
  374. * Modified Registry Keys:
  375.  
  376. * Deleted Registry Keys:
  377.  
  378. * DNS Communications:
  379.  
  380. * Domains:
  381.  
  382. * Network Communication - ICMP:
  383.  
  384. * Network Communication - HTTP:
  385.  
  386. * Network Communication - SMTP:
  387.  
  388. * Network Communication - Hosts:
  389.  
  390. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!