Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Report
- Timeline
- Machine TimeZone Europe/Paris (GMT+2)
- Mail exchange
- From Attilus (att.ker.1n@gmail.com)
- To Viky (v1c.t1m.m3r@gmail.com)
- Found in 02-FLASH-USB-Image01
- 2018-03-26 14:28:54 UTC
- Talks about CCleaner and transfer via WeTransfer
- From Viky (v1c.t1m.m3r@gmail.com)
- To Attilus (att.ker.1n@gmail.com)
- Found in 02-FLASH-USB-Image01
- 2018-03-27 14:00:22 UTC
- Response, file ccleaner given doesn't work
- From Viky (v1c.t1m.m3r@gmail.com)
- To Attilus (att.ker.1n@gmail.com)
- Found in 02-FLASH-USB-Image01
- 2018-03-27 14:18:05 UTC
- Executable not working
- From Attilus (att.ker.1n@gmail.com)
- To Viky (v1c.t1m.m3r@gmail.com)
- Found in 02-FLASH-USB-Image01
- 2018-03-28 10:14:41 UTC
- SanityCheck and sanitycheck.cpp
- sanitycheck.cpp does ddos attack all over the network (Users/IEUser/Documents/Tools/SanityCheck)
- was exec between 2018-03-28 09:41:40 UTC and 2018-03-28
- found in 01-FLASH-USB-Image01
- Talks again of the CCleaner program
- SanDisk Corp. 4C532000060223105221 2018-03-28 12:35:16
- Found in Downloads
- 7z file with password : password1 (found in mails)
- extract at 13:00:02
- exe at 13:00:22
- ccsetup509.exe seems to be a malware (tested by virus total)
- connects to host IP: **.168.1.**:80, SOCKET = 0x00000100
- explains the multiple local area networks in network
- suppose it deletes the \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
- \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
- so it blocks automatic report to the vendor so no-one can notice its passag
- From Viky (v1c.t1m.m3r@gmail.com)
- To Attilus (att.ker.1n@gmail.com)
- Found in 02-FLASH-USB-Image01
- 2018-03-28 13:02:37 UTC
- Install the tools but doesn't work
- Alcor Micro Corp. B1264914 2018-03-28 13:34:34
- Silicon Motion, Inc. - Taiwan (formerly Feiya Technology Corp.) SCY0000000014664 2018-03-28 13:55:46
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement