-
Notifications
You must be signed in to change notification settings - Fork 0
/
data.txt
1 lines (1 loc) · 44.6 KB
/
data.txt
1
{"vhash": "016056655d5c05509043z8003b7z47z62z3e03dz", "submission_names": ["zoyx_ksp.exe", "/var/www/clean-mx/virusesevidence/output.114883794.txt", "4687dc18332236d206eb401c82fdd1c285f23c04", "zoyx_ksp.exe.bin"], "scan_date": "2019-02-23 23:00:37", "first_seen": "2016-07-15 22:11:43", "total": 66, "additional_info": {"embedded_domains": ["crls1.wosign.com", "nsis.sf.net", "www.wosign.com", "ocsp1.wosign.com", "aia1.wosign.com", "d.wanyouxi7.com", "www.37.com", "mir.37.com"], "exiftool": {"SubsystemVersion": "4.0", "InitializedDataSize": "119808", "ImageVersion": "6.0", "FileVersionNumber": "2.0.0.0", "UninitializedDataSize": "1024", "LanguageCode": "Chinese (Simplified)", "FileFlagsMask": "0x0000", "ImageFileCharacteristics": "No relocs, Executable, No line numbers, No symbols, 32-bit", "CharacterSet": "Windows, Chinese (Simplified)", "LinkerVersion": "6.0", "FileTypeExtension": "exe", "MIMEType": "application/octet-stream", "Subsystem": "Windows GUI", "FileVersion": "2.0.0.0", "TimeStamp": "2009:12:05 23:50:46+01:00", "FileType": "Win32 EXE", "PEType": "PE32", "FileDescription": "install", "OSVersion": "4.0", "FileOS": "Win32", "LegalCopyright": "FLCQ", "MachineType": "Intel 386 or later, and compatibles", "CompanyName": "FLCQ", "CodeSize": "23552", "FileSubtype": "0", "ProductVersionNumber": "2.0.0.0", "EntryPoint": "0x323c", "ObjectFileType": "Executable application"}, "trid": "NSIS - Nullsoft Scriptable Install System (94.6%)\nWin32 Executable MS Visual C++ (generic) (3.4%)\nWin32 Dynamic Link Library (generic) (0.7%)\nWin32 Executable (generic) (0.5%)\nOS/2 Executable (generic) (0.2%)", "pe-imphash": "099c0646ea7282d232219f8807883be0", "pe-overlay": {"chi2": 290.5875549316406, "filetype": "data", "entropy": 7.999864101409912, "offset": 52736, "md5": "f334ad10df8b795aed7373c55b1e7a6f", "size": 1498848}, "pe-resource-langs": {"ENGLISH US": 9, "CHINESE SIMPLIFIED": 1}, "first_seen_itw": "2010-11-20 23:29:33", "positives_delta": 1, "pe-resource-types": {"RT_DIALOG": 5, "RT_ICON": 1, "RT_MANIFEST": 1, "RT_BITMAP": 1, "RT_VERSION": 1, "RT_GROUP_ICON": 1}, "imports": {"VERSION.dll": ["GetFileVersionInfoSizeA", "GetFileVersionInfoA", "VerQueryValueA"], "GDI32.dll": ["GetDeviceCaps", "SetBkMode", "CreateBrushIndirect", "CreateFontIndirectA", "SelectObject", "SetBkColor", "DeleteObject", "SetTextColor"], "ADVAPI32.dll": ["RegDeleteKeyA", "RegCloseKey", "RegQueryValueExA", "RegSetValueExA", "RegEnumValueA", "RegCreateKeyExA", "RegOpenKeyExA", "RegEnumKeyA", "RegDeleteValueA"], "KERNEL32.dll": ["GetLastError", "lstrlenA", "GetFileAttributesA", "GlobalFree", "WaitForSingleObject", "GetExitCodeProcess", "CopyFileA", "ExitProcess", "SetFileTime", "GlobalUnlock", "GetModuleFileNameA", "LoadLibraryA", "GetShortPathNameA", "GetCurrentProcess", "LoadLibraryExA", "CompareFileTime", "GetPrivateProfileStringA", "WritePrivateProfileStringA", "GetFileSize", "lstrcatA", "CreateDirectoryA", "DeleteFileA", "GetWindowsDirectoryA", "SetErrorMode", "MultiByteToWideChar", "GetCommandLineA", "GlobalLock", "SetFileAttributesA", "SetFilePointer", "GetTempPathA", "CreateThread", "lstrcmpiA", "GetModuleHandleA", "lstrcmpA", "ReadFile", "WriteFile", "FindFirstFileA", "CloseHandle", "GetTempFileNameA", "lstrcpynA", "FindNextFileA", "RemoveDirectoryA", "GetSystemDirectoryA", "GetDiskFreeSpaceA", "ExpandEnvironmentStringsA", "GetFullPathNameA", "FreeLibrary", "MoveFileA", "CreateProcessA", "GlobalAlloc", "SearchPathA", "FindClose", "Sleep", "CreateFileA", "GetTickCount", "GetVersion", "GetProcAddress", "SetCurrentDirectoryA", "MulDiv"], "SHELL32.dll": ["SHGetFileInfoA", "SHGetSpecialFolderLocation", "SHBrowseForFolderA", "SHGetPathFromIDListA", "ShellExecuteA", "SHFileOperationA"], "ole32.dll": ["OleUninitialize", "CoTaskMemFree", "OleInitialize", "CoCreateInstance"], "USER32.dll": ["EmptyClipboard", "GetMessagePos", "EndPaint", "CharPrevA", "EndDialog", "BeginPaint", "PostQuitMessage", "DefWindowProcA", "SetWindowTextA", "SetClassLongA", "LoadBitmapA", "SetWindowPos", "GetSystemMetrics", "IsWindow", "AppendMenuA", "GetWindowRect", "DispatchMessageA", "ScreenToClient", "SetDlgItemTextA", "MessageBoxIndirectA", "LoadImageA", "GetDlgItemTextA", "PeekMessageA", "SetWindowLongA", "IsWindowEnabled", "GetSysColor", "CheckDlgButton", "GetDC", "FindWindowExA", "SystemParametersInfoA", "CreatePopupMenu", "wsprintfA", "DialogBoxParamA", "SetClipboardData", "IsWindowVisible", "GetClassInfoA", "SetForegroundWindow", "GetClientRect", "CreateWindowExA", "GetDlgItem", "CreateDialogParamA", "DrawTextA", "EnableMenuItem", "RegisterClassA", "InvalidateRect", "GetWindowLongA", "SendMessageTimeoutA", "SetTimer", "LoadCursorA", "TrackPopupMenu", "SendMessageA", "FillRect", "ShowWindow", "OpenClipboard", "CharNextA", "CallWindowProcA", "GetSystemMenu", "EnableWindow", "CloseClipboard", "DestroyWindow", "ExitWindowsEx", "SetCursor"], "COMCTL32.dll": ["ImageList_Create", "Ord(17)", "ImageList_Destroy", "ImageList_AddMasked"]}, "pe-entry-point": 12860, "sections": [[".text", 4096, 23130, 23552, "6.42", "0bc2ffd32265a08d72b795b18265828d"], [".rdata", 28672, 4496, 4608, "5.18", "f179218a059068529bdb4637ef5fa28e"], [".data", 36864, 110488, 1024, "4.71", "975304d6dd6c4a4f076b15511e2bbbc0"], [".ndata", 147456, 65536, 0, "0.00", "d41d8cd98f00b204e9800998ecf8427e"], [".rsrc", 212992, 22056, 22528, "5.85", "e7ffb1cee8d36e25757e6c03191bc5d1"]], "pe-machine-type": 332, "contacted_urls": ["http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=71f8bb93823f4627acc1c685780c73a9&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190106&runcount=1&curtime=20190106111338&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=ffcb2ce8ccf44fae91ef83fbc48c20bc&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190113&runcount=1&curtime=20190113093228&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=f651581a72ab4f0ea8d8a5b58e07d2cd&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190122&runcount=1&curtime=20190122132809&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=f64560dd4a6744bdb518bb1f8b4b1a00&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190127&runcount=1&curtime=20190127131911&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=89b330a75e3f4b11a7d8783f0b8c1147&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190201&runcount=1&curtime=20190201100603&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=95cec3859a5b448a96f2c5c5ce4f3d3c&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190215&runcount=1&curtime=20190215111756&showlogintype=3®times=1&pagetype=1", "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=2&ext_2=37cs_wd&ext_3=919465&ext_4=63789971d1e04219ab8fd39b5340e60c&ext_5=a6f161840db3ea993633e78b45faa785&ext_6=2&browser_type=3000", "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20190224&runcount=1&curtime=20190224112535&showlogintype=3®times=1&pagetype=1"], "contacted_domains": ["a.clickdata.37wan.com", "gameapp.37.com"], "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit", "sigcheck": {"product": "\u8d85\u9738\u4f20\u5947", "verified": "Signed", "description": "\u8d85\u9738\u4f20\u5947 install", "file version": "2.0.0.0", "signing date": "8:16 AM 7/5/2016", "x509": [{"name": "\u5b89\u5fbd\u5609\u5c1a\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8", "algorithm": "sha256RSA", "valid from": "1:32 PM 2/20/2016", "valid to": "1:32 PM 11/20/2016", "serial number": "4A B5 9C 7F 5C BB 0E DB 0A C5 A7 B5 7B 83 F5 15", "cert issuer": "WoSign Class 3 Code Signing CA G2", "thumbprint": "FF60906E4EC6331B5CB49ADD2B15A5587A391ED1", "valid_usage": "Code Signing, 0.4.1.311.61.1"}, {"name": "WoSign Time Stamping Signer", "algorithm": "sha1RSA", "valid from": "1:00 AM 8/8/2009", "valid to": "1:00 AM 8/8/2024", "serial number": "25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C", "cert issuer": "Certification Authority of WoSign", "thumbprint": "5409B56C89BB1A881DE1A32C950D40FD6B94C74E", "valid_usage": "ff"}, {"name": "WoSign Class 3 Code Signing CA G2", "algorithm": "sha256RSA", "valid from": "12:58 AM 11/8/2014", "valid to": "12:58 AM 11/8/2029", "serial number": "37 A6 0E 92 5F 23 F8 0C FD CD 97 65 92 98 C3 54", "cert issuer": "Certification Authority of WoSign", "thumbprint": "FDF066448E05E060B1B14E542F6DE002B59B0C71", "valid_usage": "Code Signing, 0.4.1.311.2.1"}], "authentihash": "a7f2eb5e0113e01214a965f645da88bbf1e135184a8f0487e5acf712270d8ef1", "signers": "\u5b89\u5fbd\u5609\u5c1a\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8; WoSign Class 3 Code Signing CA G2; WoSign", "counter signers details": [{"status": "Valid", "valid usage": "Timestamp Signing", "name": "WoSign Time Stamping Signer", "algorithm": "sha1RSA", "valid from": "12:00 AM 08/08/2009", "valid to": "12:00 AM 08/08/2024", "serial number": "25 1F 5D 98 81 82 17 2E 3C 41 9E 01 4F B0 40 4C", "cert issuer": "Certification Authority of WoSign", "thumbprint": "5409B56C89BB1A881DE1A32C950D40FD6B94C74E"}, {"status": "Valid", "valid usage": "Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing", "name": "WoSign", "algorithm": "sha1RSA", "valid from": "12:00 AM 08/08/2009", "valid to": "12:00 AM 08/08/2039", "serial number": "5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91", "cert issuer": "Certification Authority of WoSign", "thumbprint": "B94294BF91EA8FB64BE61097C7FB001359B676CB"}], "counter signers": "WoSign Time Stamping Signer; WoSign", "copyright": "FLCQ\u4f20\u5947\u6e38\u620f", "signers details": [{"status": "This certificate or one of the certificates in the certificate chain is not time valid.", "valid usage": "Code Signing, 1.3.6.1.4.1.311.61.1.1", "name": "\u5b89\u5fbd\u5609\u5c1a\u7f51\u7edc\u79d1\u6280\u6709\u9650\u516c\u53f8", "algorithm": "sha256RSA", "valid from": "01:32 PM 02/20/2016", "valid to": "01:32 PM 11/20/2016", "serial number": "4A B5 9C 7F 5C BB 0E DB 0A C5 A7 B5 7B 83 F5 15", "cert issuer": "WoSign Class 3 Code Signing CA G2", "thumbprint": "FF60906E4EC6331B5CB49ADD2B15A5587A391ED1"}, {"status": "Valid", "valid usage": "Code Signing, 1.3.6.1.4.1.311.2.1.22", "name": "WoSign Class 3 Code Signing CA G2", "algorithm": "sha256RSA", "valid from": "12:58 AM 11/08/2014", "valid to": "12:58 AM 11/08/2029", "serial number": "37 A6 0E 92 5F 23 F8 0C FD CD 97 65 92 98 C3 54", "cert issuer": "Certification Authority of WoSign", "thumbprint": "FDF066448E05E060B1B14E542F6DE002B59B0C71"}, {"status": "Valid", "valid usage": "Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing", "name": "WoSign", "algorithm": "sha1RSA", "valid from": "12:00 AM 08/08/2009", "valid to": "12:00 AM 08/08/2039", "serial number": "5E 68 D6 11 71 94 63 50 56 00 68 F3 3E C9 C5 91", "cert issuer": "Certification Authority of WoSign", "thumbprint": "B94294BF91EA8FB64BE61097C7FB001359B676CB"}], "link date": "11:50 PM 12/5/2009"}, "main_icon": {"raw_md5": "8657cac1c290064a6e7703fbeb86279b", "dhash": "9634e5e1c4563b8e"}, "pe-resource-detail": [{"lang": "ENGLISH US", "chi2": 99293.4921875, "filetype": "data", "entropy": 2.826326608657837, "sha256": "0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142", "type": "RT_BITMAP"}, {"lang": "ENGLISH US", "chi2": 325972.875, "filetype": "data", "entropy": 6.133589744567871, "sha256": "65b9bc67a8ee034cf990bd94445fdaaf098e426747e2f4f9a4968a556774a011", "type": "RT_ICON"}, {"lang": "ENGLISH US", "chi2": 17062.392578125, "filetype": "data", "entropy": 2.634467124938965, "sha256": "09b17373dd40b89a1f1b428f387837db95bc729f40d7189dd3774495c34067b6", "type": "RT_DIALOG"}, {"lang": "ENGLISH US", "chi2": 29554.13671875, "filetype": "data", "entropy": 2.6082119941711426, "sha256": "15b8c2802e6200086ef104eade54cf616e59bba1d2aa895e4beb3a6d9de165ae", "type": "RT_DIALOG"}, {"lang": "ENGLISH US", "chi2": 52812.1796875, "filetype": "data", "entropy": 2.6257567405700684, "sha256": "3f0bc1e0fc8d86dee74d2ed2e601ad0dfbd163bd38daeecdb3be5d4dfb00e54b", "type": "RT_DIALOG"}, {"lang": "ENGLISH US", "chi2": 23034.333984375, "filetype": "data", "entropy": 2.866262435913086, "sha256": "1a39a3aabdee2aa68c507c55ff37c38722b05b7f8bde66185a2462792381d8cd", "type": "RT_DIALOG"}, {"lang": "ENGLISH US", "chi2": 20341.841796875, "filetype": "data", "entropy": 2.9304006099700928, "sha256": "a10617b39293152a65ad5c91ca4f35135845c7b785e3a582e58f6c8229045b85", "type": "RT_DIALOG"}, {"lang": "ENGLISH US", "chi2": 1823.2001953125, "filetype": "ASCII text", "entropy": 1.9192407131195068, "sha256": "027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd", "type": "RT_GROUP_ICON"}, {"lang": "CHINESE SIMPLIFIED", "chi2": 39800.5078125, "filetype": "data", "entropy": 3.430593252182007, "sha256": "f64c2b0b18f9287c133409b0a3d465f1b21066b511aa70abd5c7a82252f35540", "type": "RT_VERSION"}, {"lang": "ENGLISH US", "chi2": 7548.03857421875, "filetype": "ASCII text", "entropy": 5.224368572235107, "sha256": "d9cf2eb26a049762b9b85bbb01e3414253e3db904fb25b7b9884c7011c98a0f8", "type": "RT_MANIFEST"}], "behaviour-v1": {"hooking": [{"type": "WH_MOUSE", "method": "SetWindowsHook", "success": true}, {"type": "WH_KEYBOARD", "method": "SetWindowsHook", "success": true}], "network": {"udp": ["<MACHINE_DNS_SERVER>:53"], "http": [{"url": "http://gameapp.37.com/controller/client.php?game_id=275&tpl_type=game4&refer=37cs_wd&uid=919465&version=3000&installtime=20160716&runcount=1&curtime=20160716025436&showlogintype=3®times=1&pagetype=1", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img2.37wanimg.com/2016/06/16182911rfFPw.jpg", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4.css?t=1468662878", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://d.wanyouxi7.com/yx/mir/sqcs/919465/app.ini", "method": "GET", "user-agent": "HTTPDownloader"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/bg3.jpg", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://gameapp.37.com/controller/client.php?action=register&game_id=275&tpl_type=game4", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/rem_on.png", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/logo.png", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/kv-ico.png", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4.css?t=1468662881", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/reg.jpg", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://ptres.37.com/js/sq/lib/sq.core.js?t=20140304", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://ptres.37.com/js/sq/widget/sq.login.js?t=20160519100422", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://ptres.37.com/js/sq/widget/sq.tab.js", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://ptres.37.com/js/sq/widget/sq.statis.js", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://ptres.37.com/js/sq/widget/sq.clientclass2.js?t=1468662881", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/js/client/game.js?t=1468662881", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/input-status.png", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://cm.he2d.com/1/", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://a.clickdata.37wan.com/controller/istat.controller.php?platform=37wan&item=u3tfl5ftfl&game_id=275&sid=&position=1&ext_1=4&ext_2=37cs_wd&ext_3=919465&ext_4=&ext_5=gy&ext_6=&login_account=&browser_type=&user_ip=&refer=37cs_wd&uid=919465&page=4&t=1468662897391", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=275&ext_1=4&ext_2=37cs_wd&ext_3=919465&ext_4=E0DADCE06DD246ED9E8282A6109841E9&ext_5=4a9ae2350eeff765a124a90e9fde01a5&ext_6=2&browser_type=3000", "method": "GET", "user-agent": "HTTPDownloader"}, {"url": "http://cookiem.37.com/sys/?u=cQSKV56z75EBAAAAzJRj&fdata=", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}, {"url": "http://img1.37wanimg.com/mir/css/client/game4/sprite.png", "method": "GET", "user-agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"}], "dns": [{"ip": "14.18.237.128", "hostname": "gameapp.37.com"}, {"ip": "203.130.59.30", "hostname": "img2.37wanimg.com"}, {"ip": "203.130.59.30", "hostname": "img1.37wanimg.com"}, {"ip": "203.130.59.30", "hostname": "d.wanyouxi7.com"}, {"ip": "203.130.59.30", "hostname": "ptres.37.com"}, {"ip": "121.201.25.132", "hostname": "my.37.com"}, {"ip": "183.60.225.49", "hostname": "cm.he2d.com"}, {"ip": "121.201.30.167", "hostname": "a.clickdata.37wan.com"}, {"ip": "117.25.147.86", "hostname": "cookiem.37.com"}], "tcp": ["14.18.237.128:80", "203.130.59.30:80", "121.201.25.132:443", "14.18.238.176:80", "121.201.30.167:80", "117.25.147.86:80"]}, "service": {"controlled": [], "opened": [{"name": "RASMAN", "success": true}, {"name": "AudioSrv", "success": true}], "created": [], "started": [], "opened-managers": [{"machine": "localhost", "success": true, "database": "SERVICES_ACTIVE_DATABASE"}], "deleted": []}, "extra": ["SetWindowsHook"], "process": {"shellcmds": [{"cmd": "(taskbarpin) C:\\Documents and Settings\\<USER>\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnkSW_SHOWNORMAL [C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs]", "success": false}], "terminated": [{"proc": "zoyx_kspd.exe", "success": true}], "tree": [{"pid": 788, "name": "3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a", "children": []}], "injected": [], "created": [{"proc": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\zoyx_kspd.exe\" /setupsucc\"", "success": true}, {"proc": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\zoyx_kspd.exe\" /autorun /setuprun\"", "success": true}, {"proc": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\iconAnimate.exe", "success": false}, {"proc": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\iconTips.exe", "success": false}]}, "hosts_file": null, "windows": {"searched": [{"class": "MS_AutodialMonitor", "name": "(null)"}, {"class": "MS_WebcheckMonitor", "name": "(null)"}]}, "runtime-dlls": [{"file": "shfolder", "success": true}, {"file": "ole32.dll", "success": true}, {"file": "setupapi.dll", "success": true}, {"file": "rpcrt4.dll", "success": true}, {"file": "shell32.dll", "success": true}, {"file": "psapi.dll", "success": true}, {"file": "clbcatq.dll", "success": true}, {"file": "comctl32.dll", "success": true}, {"file": "ntshrui.dll", "success": true}, {"file": "linkinfo.dll", "success": true}, {"file": "userenv.dll", "success": true}, {"file": "netapi32", "success": true}, {"file": "apphelp.dll", "success": true}, {"file": "advapi32.dll", "success": true}, {"file": "secur32.dll", "success": true}, {"file": "config.dll", "success": true}, {"file": "kernel32.dll", "success": true}, {"file": "oleaut32.dll", "success": true}, {"file": "riched20.dll", "success": true}, {"file": "wininet.dll", "success": true}, {"file": "urlmon.dll", "success": true}, {"file": "c:\\windows\\system32\\shdoclc.dll", "success": true}, {"file": "mlang.dll", "success": true}, {"file": "c:\\windows\\system32\\imm32.dll", "success": true}, {"file": "imm32.dll", "success": true}, {"file": "user32.dll", "success": true}, {"file": "wsock32", "success": true}, {"file": "ws2_32", "success": true}, {"file": "c:\\windows\\system32\\mswsock.dll", "success": true}, {"file": "hnetcfg.dll", "success": true}, {"file": "c:\\windows\\system32\\wshtcpip.dll", "success": true}, {"file": "ws2_32.dll", "success": true}, {"file": "rasapi32.dll", "success": true}, {"file": "rtutils.dll", "success": true}, {"file": "sensapi.dll", "success": true}, {"file": "ntdll.dll", "success": true}, {"file": "netapi32.dll", "success": true}, {"file": "dnsapi.dll", "success": true}, {"file": "rasadhlp.dll", "success": true}, {"file": "ole32", "success": true}, {"file": "winmm.dll", "success": true}, {"file": "wdmaud.drv", "success": true}, {"file": "wintrust.dll", "success": true}, {"file": "msacm32.drv", "success": true}, {"file": "midimap.dll", "success": true}, {"file": "uxtheme.dll", "success": true}, {"file": "imgutil.dll", "success": true}, {"file": "mshtml.dll", "success": true}, {"file": "sxs.dll", "success": true}, {"file": "version.dll", "success": true}, {"file": "schannel", "success": true}, {"file": "c:\\windows\\system32\\schannel.dll", "success": true}, {"file": "rsaenh.dll", "success": true}, {"file": "dssenh.dll", "success": true}], "mutex": {"opened": [{"mutex": "ShimCacheMutex", "success": true}, {"mutex": "RasPbFile", "success": true}], "created": [{"mutex": "CTF.LBES.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003", "success": true}, {"mutex": "CTF.Compart.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003", "success": true}, {"mutex": "CTF.Asm.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003", "success": true}, {"mutex": "CTF.Layouts.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003", "success": true}, {"mutex": "CTF.TMD.MutexDefaultS-1-5-21-1275210071-920026266-1060284298-1003", "success": true}, {"mutex": "RasPbFile", "success": false}, {"mutex": "MidiMapper_modLongMessage_RefCnt", "success": true}, {"mutex": "MidiMapper_Configure", "success": true}, {"mutex": "MSIMGSIZECacheMutex", "success": true}]}, "registry": {"deleted": [], "set": []}, "filesystem": {"opened": [{"path": "\\\\.\\PIPE\\lsarpc", "success": true}, {"path": "\\\\.\\MountPointManager", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsy1.tmp", "success": true}, {"path": "C:\\3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsy2.tmp", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\System.dll", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\System.dll", "success": false}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\config.ini", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\FindProcDLL.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\zoyx_kspd.exe", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\config.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\uninst.exe", "success": true}, {"path": "C:\\WINDOWS\\Registration\\R000000000007.clb", "success": true}, {"path": "\\\\.\\PIPE\\srvsvc", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Desktop\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "\\\\.\\PIPE\\wkssvc", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Start Menu\\Programs\\FLCQ\\xb4\\xab\\xc6\\xe6\\xd3\\xce\\xcf\\xb7\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Start Menu\\Programs\\FLCQ\\xb4\\xab\\xc6\\xe6\\xd3\\xce\\xcf\\xb7\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6\\\\xd0\\xb6\\xd4\\xd8\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "\\\\.\\shadow", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\FindProcDLL.dll", "success": false}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\KillProcDLL.dll", "success": true}, {"path": "C:\\Documents", "success": false}, {"path": "C:\\Documents and", "success": false}, {"path": "C:\\Documents and Settings\\<USER>\\Application", "success": false}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\iconAnimate.exe", "success": false}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\iconTips.exe", "success": false}, {"path": "\\\\.\\PhysicalDrive0", "success": true}, {"path": "\\\\.\\PhysicalDrive1", "success": false}, {"path": "\\\\.\\PhysicalDrive2", "success": false}, {"path": "\\\\.\\PhysicalDrive3", "success": false}, {"path": "\\\\.\\PhysicalDrive4", "success": false}, {"path": "\\\\.\\PhysicalDrive5", "success": false}, {"path": "\\\\.\\PhysicalDrive6", "success": false}, {"path": "\\\\.\\PhysicalDrive7", "success": false}, {"path": "\\\\.\\PhysicalDrive8", "success": false}, {"path": "\\\\.\\PhysicalDrive9", "success": false}, {"path": "\\\\.\\PhysicalDrive10", "success": false}, {"path": "\\\\.\\PhysicalDrive11", "success": false}, {"path": "\\\\.\\PhysicalDrive12", "success": false}, {"path": "\\\\.\\PhysicalDrive13", "success": false}, {"path": "\\\\.\\PhysicalDrive14", "success": false}, {"path": "\\\\.\\PhysicalDrive15", "success": false}, {"path": "\\\\.\\Ip", "success": true}, {"path": "C:\\WINDOWS\\system32\\xpsp3res.dll", "success": true}, {"path": "C:\\WINDOWS\\WindowsShell.manifest", "success": true}, {"path": "c:\\autoexec.bat", "success": true}, {"path": "wdmaud.drv", "success": false}, {"path": "C:\\WINDOWS\\system32\\wdmaud.drv", "success": true}, {"path": "\\\\?\\root#system#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}\\{cd171de3-69e5-11d2-b56d-0000f8754380}&{9b365890-165f-11d0-a195-0020afd156e4}", "success": true}, {"path": "C:\\WINDOWS\\media\\Windows XP Start.wav", "success": true}, {"path": "C:\\WINDOWS\\fonts\\ARIAL.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\ARIALBD.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\ARIALBI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\ARIALI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\COUR.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\COURBD.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\COURBI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\COURI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\LUCON.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\L_10646.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\TIMES.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\TIMESBD.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\TIMESBI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\TIMESI.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\WINGDING.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\SYMBOL.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\verdana.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\verdanab.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\verdanai.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\verdanaz.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\ariblk.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\comic.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\comicbd.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\impact.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\georgia.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\georgiab.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\georgiaz.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\georgiai.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\Framd.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\Framdit.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\pala.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\palab.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\palabi.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\palai.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\tahomabd.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\trebuc.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\trebucbd.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\trebucbi.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\trebucit.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\webdings.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\estre.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\gautami.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\latha.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\mangal.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\mvboli.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\raavi.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\shruti.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\tunga.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\sylfaen.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\TAHOMA.TTF", "success": true}, {"path": "C:\\WINDOWS\\fonts\\MICROSS.TTF", "success": true}, {"path": "C:\\WINDOWS\\system32\\en-US\\jscript.dll.mui", "success": false}, {"path": "C:\\WINDOWS\\system32\\mshtml.tlb", "success": true}, {"path": "C:\\WINDOWS\\system32\\msxml3r.dll", "success": true}, {"path": "C:\\WINDOWS\\system32\\msxml3.dll\\1", "success": false}, {"path": "C:\\WINDOWS\\system32\\msxml3.dll", "success": true}, {"path": "C:\\WINDOWS\\system32\\stdole2.tlb", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT", "success": true}, {"path": "C:\\WINDOWS\\system32\\rsaenh.dll", "success": true}, {"path": "C:\\WINDOWS\\system32\\dssenh.dll", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\ActiveStat.tmp", "success": true}], "read": [{"path": "C:\\3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsy2.tmp", "success": true}, {"path": "C:\\WINDOWS\\Registration\\R000000000007.clb", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\zoyx_kspd.exe", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\config.dll", "success": true}, {"path": "c:\\autoexec.bat", "success": true}, {"path": "C:\\WINDOWS\\media\\Windows XP Start.wav", "success": true}, {"path": "C:\\WINDOWS\\system32\\mshtml.tlb", "success": true}, {"path": "C:\\WINDOWS\\system32\\msxml3.dll", "success": true}, {"path": "C:\\WINDOWS\\system32\\stdole2.tlb", "success": true}, {"path": "C:\\WINDOWS\\system32\\rsaenh.dll", "success": true}, {"path": "C:\\WINDOWS\\system32\\dssenh.dll", "success": true}], "moved": [], "downloaded": [], "written": [{"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsy2.tmp", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\System.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\config.ini", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\FindProcDLL.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\zoyx_kspd.exe", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\config.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\flcq_vs\\uninst.exe", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Desktop\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Start Menu\\Programs\\FLCQ\\xb4\\xab\\xc6\\xe6\\xd3\\xce\\xcf\\xb7\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Start Menu\\Programs\\FLCQ\\xb4\\xab\\xc6\\xe6\\xd3\\xce\\xcf\\xb7\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6\\\\xd0\\xb6\\xd4\\xd8\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\\\xb3\\xac\\xb0\\xd4\\xb4\\xab\\xc6\\xe6.lnk", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\KillProcDLL.dll", "success": true}], "replaced": [], "deleted": [{"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsy1.tmp", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\FindProcDLL.dll", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\KillProcDLL.dll", "success": true}, {"path": "C:\\DOCUME~1\\<USER>~1\\LOCALS~1\\Temp\\nsi3.tmp\\System.dll", "success": true}, {"path": "C:\\Documents and Settings\\<USER>\\Application Data\\rx_bykz\\\\Upgrade\\", "success": false}], "copied": []}}, "pe-timestamp": 1260053446, "pe-resource-list": {"65b9bc67a8ee034cf990bd94445fdaaf098e426747e2f4f9a4968a556774a011": "data", "1a39a3aabdee2aa68c507c55ff37c38722b05b7f8bde66185a2462792381d8cd": "data", "09b17373dd40b89a1f1b428f387837db95bc729f40d7189dd3774495c34067b6": "data", "d9cf2eb26a049762b9b85bbb01e3414253e3db904fb25b7b9884c7011c98a0f8": "ASCII text", "0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142": "data", "3f0bc1e0fc8d86dee74d2ed2e601ad0dfbd163bd38daeecdb3be5d4dfb00e54b": "data", "f64c2b0b18f9287c133409b0a3d465f1b21066b511aa70abd5c7a82252f35540": "data", "a10617b39293152a65ad5c91ca4f35135845c7b785e3a582e58f6c8229045b85": "data", "027e12c81d53ebb492d0e1ce8166c0c004e135274105fb79465b6b97bc6c71cd": "ASCII text", "15b8c2802e6200086ef104eade54cf616e59bba1d2aa895e4beb3a6d9de165ae": "data"}, "f-prot-unpacker": "NSIS, appended"}, "size": 1551584, "scan_id": "3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a-1550962837", "times_submitted": 8, "harmless_votes": 0, "verbose_msg": "Scan finished, information embedded", "sha256": "3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a", "type": "Win32 EXE", "scans": {"MicroWorld-eScan": {"detected": false, "version": "14.0.297.0", "result": null, "update": "20190224"}, "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update": "20190223"}, "CAT-QuickHeal": {"detected": true, "version": "14.00", "result": "Application.Agent.ZZ5", "update": "20190223"}, "McAfee": {"detected": true, "version": "6.0.6.653", "result": "Artemis!7BDAD90C27D2", "update": "20190224"}, "Cylance": {"detected": false, "version": "2.3.1.101", "result": null, "update": "20190224"}, "AegisLab": {"detected": false, "version": "4.2", "result": null, "update": "20190224"}, "Trustlook": {"detected": false, "version": "1.0", "result": null, "update": "20190224"}, "BitDefender": {"detected": false, "version": "7.2", "result": null, "update": "20190224"}, "K7GW": {"detected": true, "version": "11.30.30088", "result": "Adware ( 004cad4e1 )", "update": "20190223"}, "K7AntiVirus": {"detected": true, "version": "11.30.30089", "result": "Adware ( 004cad4e1 )", "update": "20190224"}, "Baidu": {"detected": false, "version": "1.0.0.2", "result": null, "update": "20190215"}, "NANO-Antivirus": {"detected": false, "version": "1.0.134.24576", "result": null, "update": "20190224"}, "Cyren": {"detected": true, "version": "6.2.0.1", "result": "W32/GenPua.7BDAD90C!Olympus", "update": "20190224"}, "Symantec": {"detected": true, "version": "1.8.0.0", "result": "ML.Attribute.HighConfidence", "update": "20190223"}, "ESET-NOD32": {"detected": true, "version": "18925", "result": "a variant of Win32/Wews87.B potentially unwanted", "update": "20190223"}, "TheHacker": {"detected": false, "version": "6.8.0.5.4025", "result": null, "update": "20190217"}, "Avast": {"detected": true, "version": "18.4.3895.0", "result": "Win32:Malware-gen", "update": "20190224"}, "ClamAV": {"detected": false, "version": "0.101.1.0", "result": null, "update": "20190223"}, "Kaspersky": {"detected": false, "version": "15.0.1.13", "result": null, "update": "20190224"}, "Alibaba": {"detected": false, "version": "0.1.0.2", "result": null, "update": "20180921"}, "Babable": {"detected": false, "version": "9107201", "result": null, "update": "20180918"}, "ViRobot": {"detected": true, "version": "2014.3.20.0", "result": "Adware.Wews87.1551584", "update": "20190223"}, "Tencent": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20190224"}, "Endgame": {"detected": true, "version": "3.0.3", "result": "malicious (high confidence)", "update": "20190215"}, "Sophos": {"detected": true, "version": "4.98.0", "result": "Generic PUA GJ (PUA)", "update": "20190224"}, "Comodo": {"detected": false, "version": "30475", "result": null, "update": "20190224"}, "F-Secure": {"detected": true, "version": "12.0.86.52", "result": "Adware.ADWARE/Wews87.lsfud", "update": "20190223"}, "DrWeb": {"detected": false, "version": "7.0.34.11020", "result": null, "update": "20190224"}, "VIPRE": {"detected": true, "version": "73294", "result": "Trojan.Win32.Generic!BT", "update": "20190223"}, "Invincea": {"detected": true, "version": "6.3.6.26157", "result": "heuristic", "update": "20181128"}, "McAfee-GW-Edition": {"detected": true, "version": "v2017.3010", "result": "Artemis!PUP", "update": "20190223"}, "Trapmine": {"detected": false, "version": "3.1.40.719", "result": null, "update": "20190123"}, "Emsisoft": {"detected": false, "version": "2018.4.0.1029", "result": null, "update": "20190224"}, "Ikarus": {"detected": true, "version": "0.1.5.2", "result": "PUA.Wews87", "update": "20190223"}, "GData": {"detected": true, "version": "A:25.20811B:25.14456", "result": "Win32.Application.Agent.TPQ8ZA", "update": "20190224"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20190224"}, "Webroot": {"detected": true, "version": "1.0.0.403", "result": "Pua.Gen", "update": "20190224"}, "Avira": {"detected": true, "version": "8.3.3.8", "result": "ADWARE/Wews87.lsfud", "update": "20190223"}, "MAX": {"detected": true, "version": "2018.9.12.1", "result": "malware (ai score=95)", "update": "20190224"}, "Antiy-AVL": {"detected": true, "version": "3.0.0.1", "result": "GrayWare/Win32.YouXun", "update": "20190224"}, "Kingsoft": {"detected": false, "version": "2013.8.14.323", "result": null, "update": "20190224"}, "Microsoft": {"detected": true, "version": "1.1.15700.8", "result": "PUA:Win32/News", "update": "20190224"}, "Arcabit": {"detected": false, "version": "1.0.0.837", "result": null, "update": "20190224"}, "SUPERAntiSpyware": {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20190220"}, "AhnLab-V3": {"detected": false, "version": "3.14.1.22785", "result": null, "update": "20190223"}, "ZoneAlarm": {"detected": false, "version": "1.0", "result": null, "update": "20190224"}, "Avast-Mobile": {"detected": false, "version": "190223-00", "result": null, "update": "20190223"}, "TotalDefense": {"detected": false, "version": "37.1.62.1", "result": null, "update": "20190223"}, "Acronis": {"detected": false, "version": "1.0.1.40", "result": null, "update": "20190222"}, "VBA32": {"detected": false, "version": "3.35.1", "result": null, "update": "20190222"}, "ALYac": {"detected": false, "version": "1.1.1.5", "result": null, "update": "20190224"}, "TACHYON": {"detected": false, "version": "2019-02-24.01", "result": null, "update": "20190224"}, "Ad-Aware": {"detected": false, "version": "3.0.5.370", "result": null, "update": "20190224"}, "Malwarebytes": {"detected": false, "version": "2.1.1.1115", "result": null, "update": "20190224"}, "Panda": {"detected": false, "version": "4.6.4.2", "result": null, "update": "20190223"}, "Zoner": {"detected": false, "version": "1.0", "result": null, "update": "20190224"}, "Rising": {"detected": true, "version": "25.0.0.24", "result": "PUA.Wews87!8.642 (CLOUD)", "update": "20190224"}, "Yandex": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20190222"}, "SentinelOne": {"detected": false, "version": "1.0.23.276", "result": null, "update": "20190203"}, "eGambit": {"detected": false, "version": "v4.3.6", "result": null, "update": "20190224"}, "Fortinet": {"detected": false, "version": "5.4.247.0", "result": null, "update": "20190224"}, "AVG": {"detected": true, "version": "18.4.3895.0", "result": "Win32:Malware-gen", "update": "20190224"}, "Cybereason": {"detected": false, "version": "1.2.27", "result": null, "update": "20190109"}, "Paloalto": {"detected": false, "version": "1.0", "result": null, "update": "20190224"}, "CrowdStrike": {"detected": true, "version": "1.0", "result": "malicious_confidence_60% (D)", "update": "20181023"}, "Qihoo-360": {"detected": true, "version": "1.0.0.1120", "result": "Win32/Virus.Adware.b00", "update": "20190224"}}, "tags": ["nsis", "peexe", "signed", "overlay"], "authentihash": "a7f2eb5e0113e01214a965f645da88bbf1e135184a8f0487e5acf712270d8ef1", "unique_sources": 4, "positives": 26, "ssdeep": "24576:gb8pmdTHDNHf/THFZDyXtxacSGuck+YJWcWuN4p5A1cFTx3Je1GfI9Z6ynOukDZ:gb8KjN/rHFAxXbnuN4CcFx3JzI9jRcZ", "md5": "7bdad90c27d243dc635901de42a5f6e4", "permalink": "https://www.virustotal.com/file/3b29d3509d68cf61fca8cbba488defb6d737a518f05171205893f02f1c37088a/analysis/1550962837/", "sha1": "6902d4dec55a586696ec99a4be7fc8c2e0685524", "resource": "7bdad90c27d243dc635901de42a5f6e4", "response_code": 1, "community_reputation": 0, "malicious_votes": 0, "ITW_urls": ["http://d.gy7n.com/yx/mir/sqcs/919465/zoyx_ksp.exe", "http://d.wanyouxi7.com/yx/mir/sqcs/919465/zoyx_ksp.exe"], "last_seen": "2019-01-31 10:52:35"}