cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.20.286
www.hitmanpro.com

Computer name . . . . : HASSAN-PC
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : hassan-PC\hassan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2017-05-28 00:10:59
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 11s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 51

Objects scanned . . . : 534 494
Files scanned . . . . : 10 638
Remnants scanned . . : 99 751 files / 424 105 keys

Malware _____________________________________________________________________

C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\EmbratoriaG7.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 16.5 days (2017-05-11 12:30:54)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 709479009AB2017FCD7377E1479AC1554EB6633999BD5C504D3B6C0D30E4712A
Needs elevation . : Yes
Product . . . . . : LuncherG6
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 107.0
Forensic Cluster
-0.1s C:\Users\hassan\Desktop\EmbratoriaG7\
-0.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\
-0.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Bunifu_UI_v1.52.dll
0.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\EmbratoriaG7.exe
0.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Geckofx-Core.dll
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Geckofx-Winforms.dll
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\helper.dll
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Ionic.Zip.dll
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\AccessibleMarshal.dll
0.1s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\breakpadinjector.dll
0.2s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\d3dcompiler_47.dll
0.3s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\freebl3.dll
0.3s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\icudt56.dll
0.7s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\icuin56.dll
0.8s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\icuuc56.dll
0.9s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\lgpllibs.dll
0.9s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\libEGL.dll
0.9s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\libGLESv2.dll
1.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\mozglue.dll
1.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\nss3.dll
1.2s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\nssckbi.dll
1.2s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\nssdbm3.dll
1.2s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\omni.ja
1.8s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\plugin-container.exe
1.9s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\plugin-hang-ui.exe
1.9s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\sandboxbroker.dll
2.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\softokn3.dll
2.0s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\Libs\xul.dll
4.2s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\libs.exe
4.7s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\theme\
4.7s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\theme\bein-over.png
4.7s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\BeinSave\
4.7s C:\Users\hassan\Desktop\EmbratoriaG7\EmbratoriaG7\theme\G7_BG.png


Suspicious files ____________________________________________________________

C:\$RECYCLE.BIN\S-1-5-21-1796275782-4292205373-2313263118-1001\$ROS5OVO.exe
Size . . . . . . . : 1 770 496 bytes
Age . . . . . . . : 0.6 days (2017-05-27 09:36:57)
Entropy . . . . . : 7.6
SHA-256 . . . . . : B73A0AB4FB6A1DE2C45EBFAD0D6277AC6A95F6EEA1F8256894A6E1906F5776CD
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom)
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom)
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFEKRNL\ (NationZoom)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom)

Cookies _____________________________________________________________________

C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kiosked.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adscale.de
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:delivery.swid.switchads.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:effectivemeasure.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ibeu2.mookie1.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ih.adscale.de
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:swid.switchads.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sync.go.sonobi.com
C:\Users\hassan\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com


[/code]

Publicité

Signaler le contenu de ce document

Publicité