cjoint

Publicité


Publicité

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.20.286
www.hitmanpro.com

Computer name . . . . : YOUNES-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : YOUNES-PC\YOUNES
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free

Scan date . . . . . . : 2017-07-17 17:51:34
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 32s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 18
Traces . . . . . . . : 151

Objects scanned . . . : 1 342 317
Files scanned . . . . : 36 876
Remnants scanned . . : 269 309 files / 1 036 132 keys

Malware _____________________________________________________________________

C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Size . . . . . . . : 8 976 672 bytes
Age . . . . . . . : 98.9 days (2017-04-09 19:42:26)
Entropy . . . . . : 7.1
SHA-256 . . . . . : 0B05EA08028F239B11F8C30249B0F0AA86966EE4974D03B01BAE2EE88BEFBBEB
Needs elevation . : Yes
Product . . . . . : KMSAuto Net
Publisher . . . . : MSFree Inc.
Description . . . : KMSAuto Net
Version . . . . . : 1.5.0
RSA Key Size . . . : 1024
LanguageID . . . . : 0
Authenticode . . . : Self-signed
> Kaspersky . . . . : not-a-virus:HEUR:RiskTool.MSIL.HackKMS.gen
> HitmanPro . . . . : App/KMSActiv-H
Fuzzy . . . . . . : 116.0
Startup
C:\Windows\system32\Tasks\KMSAutoNet

C:\TempFldr\main\Activator.exe
Size . . . . . . . : 689 664 bytes
Age . . . . . . . : 68.0 days (2017-05-10 18:22:48)
Entropy . . . . . : 5.5
SHA-256 . . . . . : 5E22EBAC5E72F9BD7D4799F4F16681CA0145624182A23D01D563F8D715DB5C79
Needs elevation . : Yes
Product . . . . . : Activator
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.Symmi.72411
> HitmanPro . . . . : Mal/Generic-S
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\TempFldr\main\Activator.exe

C:\Users\YOUNES\AppData\Roaming\Smadav\Update-Smadav.exe
Size . . . . . . . : 1 427 480 bytes
Age . . . . . . . : 90.3 days (2017-04-18 11:45:05)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 47A5DCFEE94525AD0454FAE5E887CB8F3D37E0E0EA4E5C233B98C379EA5B5209
> Bitdefender . . . : Trojan.GenericKD.5428887
Fuzzy . . . . . . : 107.0

C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.4.9_43295.exe
Size . . . . . . . : 2 143 936 bytes
Age . . . . . . . : 165.3 days (2017-02-02 11:38:50)
Entropy . . . . . : 8.0
SHA-256 . . . . . : B80EFB7F8A27C16C014A4EFA41AE362E4B26E508C57F09F294FD4E0A4C7D740D
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.4.9.43295
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 101.0

C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.4.9_43388.exe
Size . . . . . . . : 2 147 520 bytes
Age . . . . . . . : 125.3 days (2017-03-14 09:32:49)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 89722873520E16F57A6381C5AD01498F19FB35B1C89BC7DA9874D381C33AB62B
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.4.9.43388
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 101.0

C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe
Size . . . . . . . : 2 144 448 bytes
Age . . . . . . . : 101.3 days (2017-04-07 09:34:28)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 2BDD1B4013349975B1CF4FBC764E4D5ED7C01B39D9B0D5A20BE0A742634AE1D3
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.5.0.43580
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 101.0

C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.5.0_43804.exe
Size . . . . . . . : 1 980 608 bytes
Age . . . . . . . : 55.4 days (2017-05-23 08:09:56)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 1BBC80380F6A0BA78F13EFD6EEB99DA53ABC543B384F9FEBAFA9D40DD12A9EE5
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.5.0.43804
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 101.0

C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe
Size . . . . . . . : 2 146 496 bytes
Age . . . . . . . : 14.3 days (2017-07-03 11:14:15)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 238477D0EAE8335116894BBB7B0FB258B9010689624B9851EB6A925E6FD79561
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.5.0.43916
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 102.0
Forensic Cluster
0.0s C:\Users\YOUNES\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe
0.3s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
0.3s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
3.9s C:\Windows\Prefetch\LPKSETUP.EXE-62381863.pf

C:\Users\YOUNES\AppData\Roaming\uTorrent\uTorrent.exe
Size . . . . . . . : 2 146 496 bytes
Age . . . . . . . : 211.9 days (2016-12-17 19:59:38)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 238477D0EAE8335116894BBB7B0FB258B9010689624B9851EB6A925E6FD79561
Product . . . . . : µTorrent
Publisher . . . . : BitTorrent Inc.
Description . . . : µTorrent
Version . . . . . : 3.5.0.43916
Copyright . . . . : ©2016 BitTorrent, Inc. All Rights Reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 106.0
Startup
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent
References
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
C:\Users\YOUNES\Desktop\µTorrent.lnk
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\YOUNES\AppData\Roaming\uTorrent\uTorrent.exe

C:\Users\YOUNES\Desktop\EmbratoriaG7\EmbratoriaG7.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 4.8 days (2017-07-12 21:32:38)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 709479009AB2017FCD7377E1479AC1554EB6633999BD5C504D3B6C0D30E4712A
Needs elevation . : Yes
Product . . . . . : LuncherG6
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 108.0
References
C:\Users\YOUNES\Desktop\EmbratoriaG7.1.1.lnk
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\YOUNES\Desktop\EmbratoriaG7\EmbratoriaG7.exe
Forensic Cluster
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Bunifu_UI_v1.52.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\EmbratoriaG7.exe
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Geckofx-Core.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Geckofx-Winforms.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\helper.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Ionic.Zip.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\libs.exe
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\AccessibleMarshal.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\breakpadinjector.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\d3dcompiler_47.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\freebl3.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icudt56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icuin56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icuuc56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\lgpllibs.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\libEGL.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\libGLESv2.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\mozglue.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nss3.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nssckbi.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nssdbm3.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\omni.ja
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\plugin-container.exe
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\plugin-hang-ui.exe
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\sandboxbroker.dll
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\softokn3.dll
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\xul.dll
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\bein-over.png
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\G7_BG.png

C:\Users\YOUNES\Desktop\EmbratoriaG7\libs.exe
Size . . . . . . . : 7 090 688 bytes
Age . . . . . . . : 4.8 days (2017-07-12 21:32:38)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 2572A7C781D9AB3EAD6C76766FF9D59693F442C4F18164592C620FF2A2836E37
Product . . . . . : Embracore
Publisher . . . . : Embratoria
Description . . . : Embracore
Version . . . . . : 7.1.1.0
LanguageID . . . . : 0
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 105.0
Forensic Cluster
-0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\
-0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Bunifu_UI_v1.52.dll
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\EmbratoriaG7.exe
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Geckofx-Core.dll
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Geckofx-Winforms.dll
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\helper.dll
-0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Ionic.Zip.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\libs.exe
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\AccessibleMarshal.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\breakpadinjector.dll
0.0s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\d3dcompiler_47.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\freebl3.dll
0.1s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icudt56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icuin56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\icuuc56.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\lgpllibs.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\libEGL.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\libGLESv2.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\mozglue.dll
0.2s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nss3.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nssckbi.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\nssdbm3.dll
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\omni.ja
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\plugin-container.exe
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\plugin-hang-ui.exe
0.3s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\sandboxbroker.dll
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\softokn3.dll
0.4s C:\Users\YOUNES\Desktop\EmbratoriaG7\Libs\xul.dll
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\bein-over.png
0.7s C:\Users\YOUNES\Desktop\EmbratoriaG7\theme\G7_BG.png

C:\Users\YOUNES\Downloads\Compressed\AFLamHQ.Co_KMSAuto.Net_2016.1.5.0_Portable\KMSAuto Net.exe
Size . . . . . . . : 8 976 672 bytes
Age . . . . . . . : 98.9 days (2017-04-09 19:42:46)
Entropy . . . . . : 7.1
SHA-256 . . . . . : 0B05EA08028F239B11F8C30249B0F0AA86966EE4974D03B01BAE2EE88BEFBBEB
Needs elevation . : Yes
Product . . . . . : KMSAuto Net
Publisher . . . . : MSFree Inc.
Description . . . : KMSAuto Net
Version . . . . . : 1.5.0
RSA Key Size . . . : 1024
LanguageID . . . . : 0
Authenticode . . . : Self-signed
> Kaspersky . . . . : not-a-virus:HEUR:RiskTool.MSIL.HackKMS.gen
> HitmanPro . . . . : App/KMSActiv-H
Fuzzy . . . . . . : 105.0

C:\Users\YOUNES\Downloads\Programs\rkill-unsigned.exe
Size . . . . . . . : 2 107 392 bytes
Age . . . . . . . : 0.9 days (2017-07-16 20:28:49)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 0BBA9176C9B6844BCA861FBC8F443B9C2874E5595ED0A4D21B8A758720AD8994
Product . . . . . : Rkill
Publisher . . . . : Bleeping Computer, LLC
Description . . . : Terminates malware processes so that you can run your normal security programs.
Version . . . . . : 2.9.0BETA
Copyright . . . . : © BleepingComputer.com. All rights reserved.
LanguageID . . . . : 1033
> Kaspersky . . . . : Trojan.Win32.Droma.abdb
Fuzzy . . . . . . : 102.0
Forensic Cluster
-34.8s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_759F52BFC52DD1CD83F3CEA6EDBB5A05
-34.8s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_759F52BFC52DD1CD83F3CEA6EDBB5A05
-25.2s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BB09BEEC155258835C193A7AA85AA5B_43C47E83D9759203A117D940601E62BD
-25.2s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BB09BEEC155258835C193A7AA85AA5B_43C47E83D9759203A117D940601E62BD
-18.0s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_CB0B8912F53E4695013BA39B9C9CE495
-18.0s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_CB0B8912F53E4695013BA39B9C9CE495
-3.8s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A9E4F776657345B52012CE8E279D314C_2AD794661BEAE20CFBDD7634A0EF382F
-3.8s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9E4F776657345B52012CE8E279D314C_2AD794661BEAE20CFBDD7634A0EF382F
-2.2s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
-2.2s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
0.0s C:\Users\YOUNES\Downloads\Programs\rkill-unsigned.exe
4.3s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1D9A9E1521CA469E8D3913ECDB71C18C
4.3s C:\Users\YOUNES\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1D9A9E1521CA469E8D3913ECDB71C18C

D:\embratoria\EmbratoriaG6.5.1\EmbratoriaG6.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 166.2 days (2017-02-01 13:13:01)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 7F557F727D966C95C318549EEACFCED912C417D938C7E55193C4ED9E9262D288
Needs elevation . : Yes
Product . . . . . : LuncherG6
Publisher
Description . . . : LuncherG6
Version . . . . . : 1.0.0.0
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 103.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\embratoria\EmbratoriaG6.5.1\EmbratoriaG6.exe

D:\embratoria\EmbratoriaG6.5.1\libs.exe
Size . . . . . . . : 4 795 904 bytes
Age . . . . . . . : 127.1 days (2017-03-12 14:29:12)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 2B5D9475A72E4CFAC74F462DEE9FC0F9931D976D6CC494DFE9451A4F5E7A2587
Product . . . . . : Embracore
Publisher . . . . : Embratoria
Description . . . : Embracore
Version . . . . . : 6.5.2.0
LanguageID . . . . : 0
> HitmanPro . . . . : Malware
Fuzzy . . . . . . : 103.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\embratoria\EmbratoriaG6.5.1\libs.exe

D:\embratoria\EmbratoriaG6.5\EmbratoriaG6.5.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 166.3 days (2017-02-01 10:23:36)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 7F557F727D966C95C318549EEACFCED912C417D938C7E55193C4ED9E9262D288
Needs elevation . : Yes
Product . . . . . : LuncherG6
Publisher
Description . . . : LuncherG6
Version . . . . . : 1.0.0.0
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 103.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\embratoria\EmbratoriaG6.5\EmbratoriaG6.5.exe

D:\embratoria\EmbratoriaG7.1\EmbratoriaG7.1.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 34.1 days (2017-06-13 14:54:42)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 709479009AB2017FCD7377E1479AC1554EB6633999BD5C504D3B6C0D30E4712A
Needs elevation . : Yes
Product . . . . . : LuncherG6
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\embratoria\EmbratoriaG7.1\EmbratoriaG7.1.exe

D:\embratoria\EmbratoriaG7\EmbratoriaG7.exe
Size . . . . . . . : 756 736 bytes
Age . . . . . . . : 84.9 days (2017-04-23 19:19:08)
Entropy . . . . . : 2.4
SHA-256 . . . . . : 709479009AB2017FCD7377E1479AC1554EB6633999BD5C504D3B6C0D30E4712A
Needs elevation . : Yes
Product . . . . . : LuncherG6
LanguageID . . . . : 0
> Bitdefender . . . : Gen:Variant.MSILPerseus.96877
Fuzzy . . . . . . : 106.0
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\embratoria\EmbratoriaG7\EmbratoriaG7.exe


Suspicious files ____________________________________________________________

C:\Users\YOUNES\Desktop\STEAMPUNKS\Core\Activation64.dll
Size . . . . . . . : 980 488 bytes
Age . . . . . . . : 3.9 days (2017-07-13 20:28:41)
Entropy . . . . . : 6.4
SHA-256 . . . . . : B175608E3BF3DD868EC3B6BFFEBB72B88F042028CDF0CCE9C1407CB77E8A8704
Product . . . . . : EA DRM
Publisher . . . . : Electronic Arts, Inc.
Description . . . : EA DRM Helper
Version . . . . . : 4,11,03,17
Copyright . . . . : (c) Electronic Arts, Inc. 2013 All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\Core\
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\Core\Activation64.dll
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\fifaconfig.exe
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-origin_emu.dll
0.1s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-origin_emu.ini
0.1s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-selector.exe
0.7s C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf

C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\fifaconfig.exe
Size . . . . . . . : 320 944 bytes
Age . . . . . . . : 3.9 days (2017-07-13 20:28:41)
Entropy . . . . . : 5.4
SHA-256 . . . . . : F06A614E52F92250FC9EFB9E2100E8C47A5FA6B808172D874208D99A70D027E0
Needs elevation . : Yes
Product . . . . . : FIFA Launcher
Publisher . . . . : Electronic Arts
Description . . . : FIFA Launcher
Version . . . . . : 1.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\fifaconfig.exe
Forensic Cluster
-0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\
-0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\Core\
-0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\Core\Activation64.dll
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\FIFASetup\fifaconfig.exe
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-origin_emu.dll
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-origin_emu.ini
0.0s C:\Users\YOUNES\Desktop\STEAMPUNKS\stp-selector.exe
0.7s C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf

C:\Users\YOUNES\Documents\MEGAsync Downloads\Condor_MTK_SP_Downlad_Tool_V5.1524.000\Condor_MTK_SP_Downlad_Tool_V5.1524.000\flash_tool.exe
Size . . . . . . . : 8 446 024 bytes
Age . . . . . . . : 34.1 days (2017-06-13 14:49:20)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 5A5F9D9E60784870699EEFAC1C61FF618AE7AF20F15B919E5681CB0BEE89AA4B
RSA Key Size . . . : 2048
Authenticode . . . : Invalid
Fuzzy . . . . . . : 29.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.

D:\fifa17\FIFA 17\FIFASetup\fifaconfig.exe
Size . . . . . . . : 320 944 bytes
Age . . . . . . . : 3.4 days (2017-07-14 09:02:19)
Entropy . . . . . : 5.4
SHA-256 . . . . . : F06A614E52F92250FC9EFB9E2100E8C47A5FA6B808172D874208D99A70D027E0
Needs elevation . : Yes
Product . . . . . : FIFA Launcher
Publisher . . . . : Electronic Arts
Description . . . : FIFA Launcher
Version . . . . . : 1.0.0.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 22.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-2805990368-2511600513-3500651280-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\fifa17\FIFA 17\FIFASetup\fifaconfig.exe


Cookies _____________________________________________________________________

C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:2201792135.log.optimizely.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:4177821143.log.optimizely.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:default.atemda.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:erne.co
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotpicsex.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:m6r.eu
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixxxels.org
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:playpornx.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornpics.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.eternalhealthylife.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.friendsheart.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.eporner.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornpics.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\YOUNES\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@adnxs[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@adsrvr[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@adtechus[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@bidswitch[1].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@casalemedia[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@dotomi[1].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@dotomi[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@doubleclick[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@mathtag[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@rfihub[1].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@scorecardresearch[2].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@taboola[1].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@trc.taboola[1].txt
C:\Users\YOUNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\younes@turn[2].txt
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:addthis.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:agkn.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:atdmt.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:bidswitch.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:bluekai.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:crwdcntrl.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:demdex.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:doubleclick.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:dpm.demdex.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:krxd.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:mookie1.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:outbrain.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:owneriq.net
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:rlcdn.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:scorecardresearch.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:taboola.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:trc.taboola.com
C:\Users\YOUNES\AppData\Roaming\Mozilla\Firefox\Profiles\8q0tiomk.default\cookies.sqlite:xiti.com


[/code]

Publicité


Signaler le contenu de ce document

Publicité