Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Vbkrypt"
- * MalScore: 10.0
- * File Name: "Exes_c3427f441aa4ea0555f8dd60545c040a.exe"
- * File Size: 1576960
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "0c83d37a54f3bdd77f7a60851d40f6c13e25c682e961a6fc46af06956f48b477"
- * MD5: "c3427f441aa4ea0555f8dd60545c040a"
- * SHA1: "05724f23c908a6a294d9f2fc1bc4675072b019c4"
- * SHA512: "5f500089851b464c1a256f0ef9581913a40456bd722ab2cb305ae3da9027700f28cd20a45c8cdbe13f6a818285dc13478bef5d0194b61ad0224ed982299abed9"
- * CRC32: "59974FE5"
- * SSDEEP: "24576:AcCT67wHqWis4l+jIACFr5hqjiLDpSJDN93pqb6W8cU4gLQzA:tCpn8t74iA3qb6W8cU4u"
- * Process Execution:
- "Exes_c3427f441aa4ea0555f8dd60545c040a.exe",
- "Exes_c3427f441aa4ea0555f8dd60545c040a.exe"
- * Executed Commands:
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_c3427f441aa4ea0555f8dd60545c040a.exe\""
- * Signatures Detected:
- "Description": "Creates RWX memory",
- "Details":
- "Description": "Reads data out of its own binary image",
- "Details":
- "self_read": "process: Exes_c3427f441aa4ea0555f8dd60545c040a.exe, pid: 1628, offset: 0x00000000, length: 0x00181000"
- "self_read": "process: Exes_c3427f441aa4ea0555f8dd60545c040a.exe, pid: 1624, offset: 0x00000000, length: 0x0000c800"
- "Description": "Creates an autorun.inf file",
- "Details":
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details":
- "Injection": "Exes_c3427f441aa4ea0555f8dd60545c040a.exe(1628) -> Exes_c3427f441aa4ea0555f8dd60545c040a.exe(1624)"
- "Description": "Checks for the presence of known windows from debuggers and forensic tools",
- "Details":
- "Window": "TfrmMain"
- "Description": "Installs itself for autorun at Windows startup",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Paint.lnk"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Paint.lnk"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs"
- "Description": "Exhibits possible ransomware file modification behavior",
- "Details":
- "file_modifications": "Performs 75 file moves indicative of a potential file encryption process"
- "Description": "Creates a hidden or system file",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Paint.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vuninst.exe"
- "file": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vCMigrate.exe"
- "file": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vMSOXMLED.EXE"
- "file": "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\vOSPPSVC.EXE"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjabswitch.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava-rmi.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavacpl.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaw.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaws.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjjs.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjp2launcher.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkeytool.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkinit.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vklist.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vktab.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vorbd.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpack200.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpolicytool.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmid.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmiregistry.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vservertool.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vssvagent.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vtnameserv.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vunpack200.exe"
- "file": "C:\\Program Files\\Microsoft Office\\Office15\\vAppSharingHookController64.exe"
- "file": "C:\\Program Files\\Microsoft Office\\Office15\\vMSOHTMED.EXE"
- "file": "C:\\Program Files\\Microsoft Office\\Office15\\vmsoia.exe"
- "file": "C:\\Program Files\\Notepad++\\vnotepad++.exe"
- "file": "C:\\Program Files\\Notepad++\\vuninstall.exe"
- "file": "C:\\Program Files\\Notepad++\\updater\\vGUP.exe"
- "file": "C:\\Users\\user\\vDevManView.exe"
- "file": "C:\\autorun.inf"
- "file": "C:\\Paint"
- "Description": "File has been identified by 54 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Trojan.Agent.DXTX"
- "FireEye": "Generic.mg.c3427f441aa4ea05"
- "McAfee": "DistTrack!C3427F441AA4"
- "Malwarebytes": "Spyware.Pony"
- "SUPERAntiSpyware": "Trojan.Agent/Gen-PonyStealer"
- "K7AntiVirus": "Trojan ( 00502b1a1 )"
- "K7GW": "Trojan ( 00502b1a1 )"
- "Cybereason": "malicious.41aa4e"
- "Arcabit": "Trojan.Agent.DXTX"
- "TrendMicro": "TSPY_HPFAREIT.SME"
- "Cyren": "W32/Injector.YKAB-2853"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "Paloalto": "generic.ml"
- "ClamAV": "Win.Packed.Ponystealer-6733035-0"
- "Kaspersky": "Trojan.Win32.VBKrypt.xupa"
- "BitDefender": "Trojan.Agent.DXTX"
- "NANO-Antivirus": "Trojan.Win32.VBKrypt.ewdbrj"
- "Endgame": "malicious (high confidence)"
- "Emsisoft": "Trojan.Agent.DXTX (B)"
- "Comodo": "TrojWare.Win32.Fareit.RGY@7qlz41"
- "F-Secure": "Heuristic.HEUR/AGEN.1038848"
- "DrWeb": "Trojan.Siggen6.55368"
- "Zillya": "Trojan.VBKrypt.Win32.302131"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "BehavesLike.Win32.DistTrack.tm"
- "Sophos": "Mal/FareitVB-I"
- "Ikarus": "Worm.Win32.AutoRun"
- "F-Prot": "W32/Injector.GRK"
- "Jiangmin": "Trojan.VBKrypt.cgtc"
- "eGambit": "Unsafe.AI_Score_77%"
- "Avira": "HEUR/AGEN.1038848"
- "Antiy-AVL": "Trojan/Win32.VBKrypt"
- "Microsoft": "Trojan:Win32/Fuery.B!cl"
- "ViRobot": "Trojan.Win32.Agent.1576960.B"
- "ZoneAlarm": "Trojan.Win32.VBKrypt.xupa"
- "TACHYON": "Trojan/W32.VB-VBKrypt.1576960.B"
- "AhnLab-V3": "Win-Trojan/VBKrypt.RP"
- "Acronis": "suspicious"
- "VBA32": "Trojan.VBKrypt"
- "ALYac": "Trojan.Agent.DXTX"
- "MAX": "malware (ai score=82)"
- "Ad-Aware": "Trojan.Agent.DXTX"
- "ESET-NOD32": "Win32/AutoRun.Delf.LV"
- "TrendMicro-HouseCall": "TSPY_HPFAREIT.SME"
- "Rising": "Trojan.Injector!1.B459 (CLASSIC)"
- "Yandex": "Trojan.VBKrypt!33gSRp54MaQ"
- "SentinelOne": "DFI - Malicious PE"
- "MaxSecure": "Trojan.Malware.11806882.susgen"
- "GData": "Trojan.Agent.DXTX"
- "Webroot": "W32.Gen.Bt"
- "Panda": "Trj/Genetic.gen"
- "CrowdStrike": "win/malicious_confidence_100% (D)"
- "Qihoo-360": "HEUR/QVM03.0.2E4E.Malware.Gen"
- "Description": "Detects VirtualBox through the presence of a file",
- "Details":
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxControl.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxControl.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxTray.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxDrvInst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxDrvInst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxWHQLFake.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxWHQLFake.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vVBoxControl.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\uninst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxDrvInst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vVBoxWHQLFake.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vVBoxDrvInst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vninst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxWHQLFake.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxDrvInst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxTray.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vVBoxTray.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxControl.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxControl.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vuninst.exe"
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vBoxWHQLFake.exe"
- "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
- "Details":
- "target": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:0c83d37a54f3bdd77f7a60851d40f6c13e25c682e961a6fc46af06956f48b477, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:dc741a96f1e417006136b05710b5d56237d71561cde63e107315cd730ad279dd , guest_paths:C:\\Program Files\\Notepad++\\notepad++.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:68678651df38360ec7d6d0dee614d92e5e9d242c3d3ac1f85a0935f331722239 , guest_paths:C:\\Users\\user\\AppData\\Local\\Temp\\subfolder\\filename.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:081a951dae804021193503b571fc5c94bd82e040082331d0e2ccd7124ebcdf03 , guest_paths:C:\\Program Files\\Notepad++\\uninstall.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:87f7f2d7aa49e28827e26e87288fb48e25cab662969dddc2058e582526a4ab60 , guest_paths:C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSOXMLED.EXE, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:495cbcb590434b7e8e59870c16fd029765f7da9ec63c4055ac08c9af1468a272 , guest_paths:C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java.exe*C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javacpl.exe*C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaw.exe*C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaws.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:988aa172da29f1cb0cdbabb19e8b20c02beabcb3c7c277319f7195abc19f9c50 , guest_paths:C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\uninst.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "dropped": "clamav:Win.Packed.Ponystealer-6733035-0, sha256:22cadbb276a7c733238a94e2cd8d191a9f8246c9623162b0ab566a38e85a411c , guest_paths:C:\\Users\\user\\DevManView.exe, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "Description": "Creates a copy of itself",
- "Details":
- "copy": "C:\\Users\\user\\AppData\\Roaming\\Paint.exe"
- "copy": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\CMigrate.exe"
- "copy": "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jabswitch.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java-rmi.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jjs.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jp2launcher.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\keytool.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\kinit.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\klist.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ktab.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\orbd.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\pack200.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\policytool.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmid.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmiregistry.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\servertool.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ssvagent.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\tnameserv.exe"
- "copy": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\unpack200.exe"
- "copy": "C:\\Program Files\\Microsoft Office\\Office15\\AppSharingHookController64.exe"
- "copy": "C:\\Program Files\\Microsoft Office\\Office15\\MSOHTMED.EXE"
- "copy": "C:\\Program Files\\Microsoft Office\\Office15\\msoia.exe"
- "copy": "C:\\Program Files\\Notepad++\\updater\\GUP.exe"
- "copy": "C:\\Paint"
- "Description": "Creates a slightly modified copy of itself",
- "Details":
- "file": "C:\\Program Files\\Notepad++\\notepad++.exe"
- "percent_match": 99
- "file": "C:\\Users\\user\\AppData\\Local\\Temp\\subfolder\\filename.exe"
- "percent_match": 99
- "file": "C:\\Program Files\\Notepad++\\uninstall.exe"
- "percent_match": 99
- "file": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSOXMLED.EXE"
- "percent_match": 99
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javacpl.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaw.exe"
- "file": "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaws.exe"
- "percent_match": 99
- "percent_match": 99
- "file": "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\uninst.exe"
- "percent_match": 99
- "file": "C:\\Users\\user\\DevManView.exe"
- "percent_match": 99
- "percent_match": 99
- "Description": "Anomalous binary characteristics",
- "Details":
- "anomaly": "Actual checksum does not match that reported in PE header"
- * Started Service:
- * Mutexes:
- "Paint"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\subfolder\\filename.exe",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs",
- "C:\\Users\\user\\AppData\\Roaming\\Paint.exe",
- "\\??\\PIPE\\srvsvc",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Paint.lnk",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\uninst.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vuninst.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vuninst.ico",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\RCXB82A.tmp",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxControl.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxDrvInst.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxTray.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\VBoxWHQLFake.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickLearningWizard.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InkWatson.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InputPersonalization.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\mip.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ShapeCollector.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\TabTip.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\FlickLearningWizard.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\ShapeCollector.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\CMigrate.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vCMigrate.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vCMigrate.ico",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSOXMLED.EXE",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vMSOXMLED.EXE",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vMSOXMLED.ico",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\RCXC4FC.tmp",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\vOSPPSVC.EXE",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\vOSPPSVC.ico",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.exe",
- "C:\\Program Files\\Internet Explorer\\ieinstal.exe",
- "C:\\Program Files\\Internet Explorer\\ielowutil.exe",
- "C:\\Program Files\\Internet Explorer\\iexplore.exe",
- "C:\\Program Files\\Internet Explorer\\en-US\\ieinstal.exe.mui",
- "C:\\Program Files\\Internet Explorer\\en-US\\ielowutil.exe.mui",
- "C:\\Program Files\\Internet Explorer\\en-US\\iexplore.exe.mui",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jabswitch.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjabswitch.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjabswitch.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java-rmi.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava-rmi.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava-rmi.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXDCBB.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javacpl.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavacpl.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavacpl.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXE305.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaw.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaw.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaw.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXE95F.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaws.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaws.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaws.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXEF8B.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jjs.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjjs.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjjs.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jp2launcher.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjp2launcher.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjp2launcher.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\keytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkeytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkeytool.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\kinit.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkinit.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vkinit.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\klist.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vklist.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vklist.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ktab.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vktab.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vktab.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\orbd.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vorbd.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vorbd.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\pack200.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpack200.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpack200.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\policytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpolicytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vpolicytool.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmid.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmid.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmid.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmiregistry.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmiregistry.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vrmiregistry.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\servertool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vservertool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vservertool.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ssvagent.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vssvagent.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vssvagent.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\tnameserv.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vtnameserv.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vtnameserv.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\unpack200.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vunpack200.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vunpack200.ico",
- "C:\\Program Files\\Microsoft Office\\Office15\\AppSharingHookController64.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\vAppSharingHookController64.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\vAppSharingHookController64.ico",
- "C:\\Program Files\\Microsoft Office\\Office15\\MSOHTMED.EXE",
- "C:\\Program Files\\Microsoft Office\\Office15\\vMSOHTMED.EXE",
- "C:\\Program Files\\Microsoft Office\\Office15\\vMSOHTMED.ico",
- "C:\\Program Files\\Microsoft Office\\Office15\\msoia.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\vmsoia.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\vmsoia.ico",
- "C:\\Program Files\\Notepad++\\notepad++.exe",
- "C:\\Program Files\\Notepad++\\vnotepad++.exe",
- "C:\\Program Files\\Notepad++\\vnotepad++.ico",
- "C:\\Program Files\\Notepad++\\RCX61ED.tmp",
- "C:\\Program Files\\Notepad++\\uninstall.exe",
- "C:\\Program Files\\Notepad++\\vuninstall.exe",
- "C:\\Program Files\\Notepad++\\vuninstall.ico",
- "C:\\Program Files\\Notepad++\\RCX67D9.tmp",
- "C:\\Program Files\\Notepad++\\updater\\GUP.exe",
- "C:\\Program Files\\Notepad++\\updater\\vGUP.exe",
- "C:\\Program Files\\Notepad++\\updater\\vGUP.ico",
- "C:\\Program Files\\Windows Defender\\MpCmdRun.exe",
- "C:\\Program Files\\Windows Defender\\MSASCui.exe",
- "C:\\Program Files\\Windows Journal\\Journal.exe",
- "C:\\Program Files\\Windows Journal\\PDIALOG.exe",
- "C:\\Program Files\\Windows Journal\\en-US\\Journal.exe.mui",
- "C:\\Program Files\\Windows Journal\\en-US\\PDIALOG.exe.mui",
- "C:\\Program Files\\Windows Mail\\wab.exe",
- "C:\\Program Files\\Windows Mail\\wabmig.exe",
- "C:\\Program Files\\Windows Mail\\WinMail.exe",
- "C:\\Program Files\\Windows Mail\\en-US\\WinMail.exe.mui",
- "C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe",
- "C:\\Program Files\\Windows NT\\Accessories\\en-US\\wordpad.exe.mui",
- "C:\\Program Files\\Windows Photo Viewer\\ImagingDevices.exe",
- "C:\\Program Files\\Windows Photo Viewer\\en-US\\ImagingDevices.exe.mui",
- "C:\\Program Files\\Windows Sidebar\\sidebar.exe",
- "C:\\Program Files\\Windows Sidebar\\en-US\\Sidebar.exe.mui",
- "C:\\Users\\user\\DevManView.exe",
- "C:\\Users\\user\\vDevManView.exe",
- "C:\\Users\\user\\vDevManView.ico",
- "C:\\Users\\user\\RCX30B.tmp",
- "C:\\Users\\user\\Volumeid.exe",
- "C:\\Windows\\bfsvc.exe",
- "C:\\Windows\\explorer.exe",
- "C:\\Windows\\fveupdate.exe",
- "C:\\hold.inf",
- "C:\\autorun.inf",
- "C:\\Paint"
- * Deleted Files:
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\uninst.exe",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\RCXB82A.tmp",
- "C:\\Program Files\\BLAOracle\\VirtualBox Guest Additions\\vuninst.ico",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\CMigrate.exe",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSOXMLED.EXE",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\RCXC4FC.tmp",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\vMSOXMLED.ico",
- "C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jabswitch.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java-rmi.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\java.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXDCBB.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjava.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javacpl.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXE305.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavacpl.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaw.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXE95F.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaw.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\javaws.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\RCXEF8B.tmp",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\vjavaws.ico",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jjs.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\jp2launcher.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\keytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\kinit.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\klist.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ktab.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\orbd.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\pack200.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\policytool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmid.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\rmiregistry.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\servertool.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\ssvagent.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\tnameserv.exe",
- "C:\\Program Files\\Java\\jre1.8.0_201\\bin\\unpack200.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\AppSharingHookController64.exe",
- "C:\\Program Files\\Microsoft Office\\Office15\\MSOHTMED.EXE",
- "C:\\Program Files\\Microsoft Office\\Office15\\msoia.exe",
- "C:\\Program Files\\Notepad++\\notepad++.exe",
- "C:\\Program Files\\Notepad++\\RCX61ED.tmp",
- "C:\\Program Files\\Notepad++\\vnotepad++.ico",
- "C:\\Program Files\\Notepad++\\uninstall.exe",
- "C:\\Program Files\\Notepad++\\RCX67D9.tmp",
- "C:\\Program Files\\Notepad++\\vuninstall.ico",
- "C:\\Program Files\\Notepad++\\updater\\GUP.exe",
- "C:\\Users\\user\\DevManView.exe",
- "C:\\Users\\user\\RCX30B.tmp",
- "C:\\Users\\user\\vDevManView.ico",
- "C:\\hold.inf"
- * Modified Registry Keys:
- * Deleted Registry Keys:
- * DNS Communications:
- * Domains:
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement