General Info

File name

fa0fd2f44c5220e17b7a5c167ce36440.exe

Full analysis
https://app.any.run/tasks/fb5b0278-0f51-4c60-809f-c3df7cd3bbf7
Verdict
Malicious activity
Analysis date
11/8/2019, 14:26:24
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
MD5

fa0fd2f44c5220e17b7a5c167ce36440

SHA1

9adaabec174bb407e2a08587f5c1e87039a03037

SHA256

38f98cb9a85bcad6178c62faf2cf433e400603b81632a77a0f99fa57a39d8793

SSDEEP

3072:o7TQlatyYePxiFVj7TQlatyYePxiFVD7TQlatyYePxiFVV7TQlatyYePxiFVh:aTQt8XTQt83TQt8FTQt8h

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
UAC/LUA settings modification
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Changes the login/logoff helper path in the registry
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Changes the autorun value in the registry
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Reads Internet Cache Settings
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Executable content was dropped or overwritten
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Changes the desktop background image
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Writes to a desktop.ini file (may be used to cloak folders)
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)
Modifies the open verb of a shell class
  • fa0fd2f44c5220e17b7a5c167ce36440.exe (PID: 3000)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic Win/DOS Executable (50%)
.exe
|   DOS Executable Generic (49.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2008:01:12 15:58:39+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
110592
InitializedDataSize:
16384
UninitializedDataSize:
null
EntryPoint:
0x118c
OSVersion:
4
ImageVersion:
6.1
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
6.1.0.2008
ProductVersionNumber:
6.1.0.2008
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
Comments:
http:/www.narutogames.com
ProductName:
Gaara The Kazekage By : Paraysutki VM Community
Mission:
Destroy HokageFile, KSpoold, AutoitV3, Autoruner, BlueFantasi, Sys, VBSvir, PornFile, and Kick Anbu-Team-Sampit
FileVersion:
06.01.2008 (A) Update
ProductVersion:
06.01.2008 (A) Update
InternalName:
Kazekage Was Here
FileDescription:
Kazekage Games Action
LegalCopyright:
© Kota Cantik - Paray City
OriginalFileName:
Kazekage of the Sand
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
12-Jan-2008 14:58:39
Detected languages
English - United States
Comments:
http:/www.narutogames.com
FileDescription:
Kazekage Games Action
ProductName:
Gaara The Kazekage By : Paraysutki VM Community
Mission:
Destroy HokageFile, KSpoold, AutoitV3, Autoruner, BlueFantasi, Sys, VBSvir, PornFile, and Kick Anbu-Team-Sampit
FileVersion:
06.01.2008 (A) Update
ProductVersion:
06.01.2008 (A) Update
InternalName:
Kazekage Was Here
LegalCopyright:
© Kota Cantik - Paray City
OriginalFilename:
Kazekage of the Sand
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000B8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
2
Time date stamp:
12-Jan-2008 14:58:39
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0001F000 0x00009E00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.98081
.rsrc 0x00020000 0x00004000 0x00003A00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.10791
Resources
1

Imports
    kernel32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
51
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start fa0fd2f44c5220e17b7a5c167ce36440.exe ping.exe no specs ping.exe no specs ping.exe no specs ping.exe no specs ping.exe no specs ping.exe no specs ping.exe no specs ping.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3000
CMD
"C:\Users\admin\Desktop\fa0fd2f44c5220e17b7a5c167ce36440.exe"
Path
C:\Users\admin\Desktop\fa0fd2f44c5220e17b7a5c167ce36440.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Kazekage-Games-Action
Version
06.01.2008 (A) Update
Modules
Image
c:\users\admin\desktop\fa0fd2f44c5220e17b7a5c167ce36440.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\version.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\apphelp.dll

PID
2364
CMD
ping -a -l www.rasasayang.com.my 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

PID
2300
CMD
ping -a -l www.duniasex.com 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll

PID
2580
CMD
ping -a -l www.rasasayang.com.my 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

PID
932
CMD
ping -a -l www.duniasex.com 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll

PID
2360
CMD
ping -a -l www.rasasayang.com.my 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

PID
2376
CMD
ping -a -l www.duniasex.com 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll

PID
3140
CMD
ping -a -l www.rasasayang.com.my 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll

PID
3036
CMD
ping -a -l www.duniasex.com 65500
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
fa0fd2f44c5220e17b7a5c167ce36440.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221225786
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll

Registry activity

Total events
1345
Read events
26
Write events
1319
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
ConvertedWallpaper
C:\Windows\Fonts\The Kazekage.jpg
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
Wallpaper
C:\Windows\Fonts\The Kazekage.jpg
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
WallpaperStyle
2
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
ConvertedWallpaper
Fonts\The Kazekage.jpg
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
SCRNSAVE.EXE
ssmarque.scr
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
ScreenSaveTimeOut
400
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
BackgroundColor
0 0 0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
Font
Blackadder ITC
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
Mode.EXE
1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
Size
72
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
Speed
4
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
Text
Gaara The Kazekage ( Warning : don't save any porn stuffs files in this computer )
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Control Panel\Screen Saver.Marquee
TextColor
255 0 0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window Title
!!! Hello HokageFile (AnbuTeam-Sampit), Is this my places, Wanna start a War !!!
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DesertSand
Fonts\admin 8 - 11 - 2019\smss.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
FreeAV
Fonts\admin 8 - 11 - 2019\Gaara.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
644r4
8-11-2019.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SystemRun
drivers\csrss.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe, drivers\csrss.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
userinit.exe,drivers\system32.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
SuperHidden
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
FullPathAddress
1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
FullPath
1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type
²~†Œ
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder
Type
²~†Œ
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductId
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
RegisteredOrganization
Paraysutki VM Community
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
RegisteredOwner
Gaara The Kazekage
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
DefCompany
Hacker_Anti_Malingsia and Hacker_Anti_Pornografi
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
DefName
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Gaara-The-Kazekage
Dedicated
Paray @ Hacker™
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Gaara-The-Kazekage
Developer
Paraysutki VM Community
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Gaara-The-Kazekage
Mission
Destroyed KSpoold & HokageFile (HokageFile.exe, Rin.exe, Obito.exe, HOKAGE4.exe, KakashiHatake.exe) and Kick (Anbu Team Sampit)
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Gaara-The-Kazekage
From
Kota Cantik
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Gaara-The-Kazekage
Codename
Win32.Kazekage.Gaara
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command
calc.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command
calc.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command
calc.exe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\inffile\shell\Install\command
shutdown -r -f -t 0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
EnableFileTracing
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
EnableConsoleTracing
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
FileTracingMask
4294901760
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
ConsoleTracingMask
4294901760
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
MaxFileSize
1048576
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASAPI32
FileDirectory
%windir%\tracing
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
EnableFileTracing
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
EnableConsoleTracing
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
FileTracingMask
4294901760
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
ConsoleTracingMask
4294901760
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
MaxFileSize
1048576
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fa0fd2f44c5220e17b7a5c167ce36440_RASMANCS
FileDirectory
%windir%\tracing
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
22
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Gaara go to Kazekage.exe
executable
MD5: eef8df1e862a04c748ef05b59c02d2c8
SHA256: b24ca3ea03639ac21cc8d49b1873c7628af630f07fcc21ba7a26c53b1a108eb6
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Kazekage VS Hokage.exe
executable
MD5: 1a6dda010eae02f8d4fbbdfa82298b3b
SHA256: a9d26fa2364fa250fae8122f4eefac0c9da4382a200afa85e93956f9a3afd878
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Gaara go to Kazekage.exe
executable
MD5: 498728b1b22db59cc4615033c14a8082
SHA256: 3b469ce4ead8622c37eacff5db62ee7abe7700abbcc47b121281d887c6af22de
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Kazekage.exe
executable
MD5: 1ebe469148bb325aa53b2617585133b5
SHA256: be9693e5b20cad92294df28c55bb4f32c101a0a6a9e87c66c9511f6c2402b7d1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Naruto games.exe
executable
MD5: f817e0afa911c3d40a27a08efd6311e9
SHA256: 5308b5b7662200f8117aeeae41213324d3b01a1aa54f29cf2eb86a9a7a71d94a
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Hokage-Sampit (Nothing).exe
executable
MD5: bd028d4f2fffdac4ecba06e6cbea06d0
SHA256: c002242191d71de2b43f40765ca527005e27445a58bfe427fd844a116fb3b0a1
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Gaara go to Kazekage.exe
executable
MD5: 5f5c425325892a9a5b473247a68aad82
SHA256: 03039775993177d2735bfee7c3947394604af90d5c346c4432c8aa56c31912fe
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\Users\admin\Desktop\Gaara The Kazekage.exe
executable
MD5: b9b537f47c3efffbeaafc3b50f287e83
SHA256: 650de0e1f363961326cfe1fdf92c16c68802b340f1a8bff6f415aa8b1f628af2
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Kazekage.exe
executable
MD5: 446118f23384932494112d19f6893509
SHA256: b07c96181a8e38023ca5dbd064cef22b98376343756778682c3875da8a9db119
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Kazekage VS Hokage.exe
executable
MD5: ef1bdf3dd072dc74a052120248649ee7
SHA256: 3e2c345b02a510b76c58e9cf292f6711167083ed401feb295d7cf7828585ee63
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\admin Games\Readme.txt
text
MD5: bb5d6abdf8d0948ac6895ce7fdfbc151
SHA256: 5db2e0915b5464d32e83484f8ae5e3c73d2c78f238fde5f58f9b40dbb5322de8
3000
fa0fd2f44c5220e17b7a5c167ce36440.exe
C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\desktop.ini
ini
MD5: 64acfa7e03b01f48294cf30d201a0026
SHA256: ba8159d865d106e7b4d0043007a63d1541e1de455dc8d7ff0edd3013bd425c62

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
2
Threats
0

HTTP requests

No HTTP requests.

Connections

No connections.

DNS requests

Domain IP Reputation
220.255.0.0.in-addr.arpa No response unknown

Threats

No threats detected.

Debug output strings

No debug info.