cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.13.258
www.hitmanpro.com

Computer name . . . . : LFS_ULTRA
Windows . . . . . . . : 6.2.0.9200.X64/2
Safe Mode Boot . . . : NETWORK
User name . . . . . . : LFS_ULTRA\Jean-Marie
UAC . . . . . . . . . : Disabled
License . . . . . . . : Free

Scan date . . . . . . : 2016-03-16 11:16:12
Scan mode . . . . . . : EWS
Scan duration . . . . : 15m 9s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 8

Objects scanned . . . : 1 380 621
Files scanned . . . . : 42 073
Remnants scanned . . : 327 657 files / 1 010 891 keys

Suspicious files ____________________________________________________________

C:\Users\Jean-Marie\Desktop\les traçes de ushuaïa\etienne daho - le premier jour du reste de ta vie\FRST64.exe
Size . . . . . . . : 2 374 144 bytes
Age . . . . . . . : 1.3 days (2016-03-15 05:09:36)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 1CB35A93213562911D4E4218EFFCB9FC5A946B6E1A99509BCD2B5C936898D159
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\Jean-Marie\Desktop\les traçes de ushuaïa\etienne daho - le premier jour du reste de ta vie\FRST64.exe
11.3s C:\Users\Jean-Marie\Desktop\les traçes de ushuaïa\etienne daho - le premier jour du reste de ta vie\ZHPDiag3.exe


Early Warning Scoring _______________________________________________________

C:\Windows\system32\drivers\hitmanpro37.sys
Size . . . . . . . : 49 584 bytes
Age . . . . . . . : -0.0 days (2016-03-16 11:16:13)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 969B5FF4E762BC84F9B6588ECC9B08026519E081ACC1182885E163762CC3E21A
Product . . . . . : HitmanPro 3.7
RSA Key Size . . . : 2048
Service . . . . . : hitmanpro37
LanguageID . . . . : 0
Authenticode . . . : Valid
Fuzzy . . . . . . : 6.0
Time indicates that the file appeared recently on this computer.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37\
Forensic Cluster
-4.9s C:\ProgramData\HitmanPro\
-2.0s C:\ProgramData\HitmanPro\Banner.bin
0.0s C:\Windows\System32\Drivers\hitmanpro37.sys
0.8s C:\ProgramData\HitmanPro\Remnants.bin


Cookies _____________________________________________________________________

C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:adnxs.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:doubleclick.net
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:outbrain.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:taboola.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:trc.taboola.com


[/code]

Publicité

Signaler le contenu de ce document

Publicité