cjoint

Publicité


Publicité

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

Computer name . . . . : MAHMOUD-PC
Windows . . . . . . . : 6.1.1.7601.X86/1
User name . . . . . . : mahmoud-PC\mahmoud
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2016-07-10 22:26:30
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 3

Objects scanned . . . : 674,806
Files scanned . . . . : 41,003
Remnants scanned . . : 152,535 files / 481,268 keys

Suspicious files ____________________________________________________________

C:\Users\mahmoud\Desktop\FRST.exe
Size . . . . . . . : 1,740,288 bytes
Age . . . . . . . : 1.0 days (2016-07-09 22:14:06)
Entropy . . . . . : 7.6
SHA-256 . . . . . : D7F8856D466D6B41826467515841AEEB4AE34A603ACD8E89CD5781FF0DE1A9B1
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-453311672-2777936180-2027923614-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\mahmoud\Desktop\FRST.exe
Forensic Cluster
-1.1s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
-1.1s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
-0.8s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
-0.8s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
-0.6s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD93EFAA98C44CFDF0C0461C0035283C_522D80A7B1474F1D292BDD8D27E44430
-0.6s C:\Users\mahmoud\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD93EFAA98C44CFDF0C0461C0035283C_522D80A7B1474F1D292BDD8D27E44430
0.0s C:\Users\mahmoud\Desktop\FRST.exe

C:\Users\mahmoud\Downloads\FRST.exe
Size . . . . . . . : 1,740,288 bytes
Age . . . . . . . : 3.7 days (2016-07-07 05:34:09)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 8A598513BAA5A7400F655A8A93948B861015CBC65D675640A6245CE3935AC09D
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.



[/code]

Publicité


Signaler le contenu de ce document

Publicité