Analysis Date2016-02-05 00:03:47
MD53cd665af55a74aa9749ea8481c4fd327
SHA1a3fbb78aba04f33812ce5f4dd0447c742780cd37

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 27d05c8376b30df25f484ae1b067b308 sha1: 5537208d7c8258b98a249ee79b3abd5e21627814 size: 1837056
Section.rdata md5: ca984e625a464fcf7bf7656b129fe844 sha1: 36b04694d2c959913a402420f070a280806d9e11 size: 512
Section.data md5: 9f4a9c16e026eee6ebca16a29c2b64ad sha1: 3d2ae98d30251f81bf231b4816f919d41063bf31 size: 512
Section.rsrc md5: bd8d11eadde57d7d259f60db46f9f3b2 sha1: fbd8b1276808d7f74981799e0d47994f6c206706 size: 4608
Timestamp2015-01-06 00:36:08
PEhash8e3b89bd6d94def08f559b86281471606b42d943
IMPhash383e4e27323c83b420c950510691c503
AVCA (E-Trust Ino)Win32/Nabucur.C
AVRisingTrojan.Win32.PolyRansom.a
AVMcafeeW32/VirRansom.b
AVAvira (antivir)TR/Crypt.ZPACK.Gen
AVTwisterW32.PolyRansom.b.brnk.mg
AVAd-AwareWin32.Virlock.Gen.1
AVAlwil (avast)VirLock-B [Trj]
AVEset (nod32)Win32/Virlock.D virus
AVGrisoft (avg)Generic_r.EKW
AVSymantecW32.Ransomlock.AO!inf4
AVFortinetW32/Zegost.ATDB!tr
AVBitDefenderWin32.Virlock.Gen.1
AVK7Trojan ( 0040f9f31 )
AVMicrosoft Security EssentialsVirus:Win32/Nabucur.C
AVMicroWorld (escan)Win32.Virlock.Gen.1
AVMalwareBytesTrojan.VirLock
AVAuthentiumW32/S-7d685898!Eldorado
AVEmsisoftWin32.Virlock.Gen.1
AVFrisk (f-prot)No Virus
AVIkarusVirus.Win32.Virlock
AVZillya!Virus.Virlock.Win32.1
AVKasperskyVirus.Win32.PolyRansom.b
AVTrend MicroPE_VIRLOCK.D
AVVirusBlokAda (vba32)Virus.VirLock
AVCAT (quickheal)Ransom.VirLock.A2
AVBullGuardWin32.Virlock.Gen.1
AVArcabit (arcavir)Win32.Virlock.Gen.1
AVClamAVNo Virus
AVDr. WebWin32.VirLock.10
AVF-SecureWin32.Virlock.Gen.1

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit ➝
C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe,
RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\ZAMwgwkU.bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\KiEwoEkE.bat
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FileC:\a3fbb78aba04f33812ce5f4dd0447c742780cd37
Creates FilePIPE\samr
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\ZAMwgwkU.bat
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\KiEwoEkE.bat" "C:\malware.exe""
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates Process"C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37"
Creates ProcessC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates ProcessC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 1824 -e 1892 -g

Process
↳ "C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37"

Creates ProcessC:\a3fbb78aba04f33812ce5f4dd0447c742780cd37

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\XuAMEMUA.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\XuAMEMUA.bat
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37

Creates FilePIPE\samr
Creates FileC:\a3fbb78aba04f33812ce5f4dd0447c742780cd37
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\xeUUYIkY.bat
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\XuAMEMUA.bat
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\xeUUYIkY.bat
Creates Processreg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
Creates Process"C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37"
Creates Process""C:\Documents and Settings\Administrator\Local Settings\Temp\XuAMEMUA.bat" "C:\malware.exe""
Creates Processreg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden ➝
2

Process
↳ ""C:\Documents and Settings\Administrator\Local Settings\Temp\KiEwoEkE.bat" "C:\malware.exe""

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\file.vbs
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\KiEwoEkE.bat
Deletes FileC:\malware.exe
Creates Processcscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Process
↳ reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ➝
NULL

Process
↳ "C:\a3fbb78aba04f33812ce5f4dd0447c742780cd37"

Creates ProcessC:\a3fbb78aba04f33812ce5f4dd0447c742780cd37

Process
↳ reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt ➝
1

Process
↳ C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe

RegistryHKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\HUEcIEkg.exe ➝
C:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp.exe
Creates FileQqoM.ico
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp.exe
Creates FileC:\RCX15.tmp
Creates FileC:\RCX14.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp.exe
Creates FileC:\RCX2.tmp
Creates FileOgAw.ico
Creates FileAmws.ico
Creates FileC:\Documents and Settings\All Users\ICUk.txt
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp.exe
Creates FileQSUI.ico
Creates FilegoEY.ico
Creates FilesEAE.exe
Creates FilexMsw.exe
Creates FileC:\RCX5.tmp
Creates FileSaUk.ico
Creates FilesUAo.ico
Creates FileISsA.ico
Creates FileQqkw.ico
Creates FileC:\RCX3.tmp
Creates FileAGgw.ico
Creates FilewoMe.exe
Creates FileC:\RCX10.tmp
Creates FileC:\RCXB.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp.exe
Creates FilesYks.exe
Creates FileC:\RCXF.tmp
Creates FileC:\RCX12.tmp
Creates FilecEEc.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp.exe
Creates FileQukc.ico
Creates FileC:\RCXD.tmp
Creates FilewikI.ico
Creates FilewccC.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp.exe
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FileAIwY.ico
Creates FileC:\RCX18.tmp
Creates FileysIM.exe
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\RCX1.tmp
Creates FilekIgY.exe
Creates FilecQIs.exe
Creates FileC:\RCX6.tmp
Creates FilecwAU.ico
Creates FileC:\RCXE.tmp
Creates FileC:\RCXA.tmp
Creates FileC:\RCX13.tmp
Creates FileC:\RCX11.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp.exe
Creates FileqYcU.exe
Creates FileC:\RCXC.tmp
Creates FileC:\RCX19.tmp
Creates FilecgQc.exe
Creates FilesEMU.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Reader 9.3\Setup Files\Setup.exe
Creates FileC:\RCX1C.tmp
Creates FileMUYQ.exe
Creates FileoMsa.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\install.bmp.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileUIwa.exe
Creates FileC:\RCX9.tmp
Creates FilegOcM.ico
Creates FilekKEQ.ico
Creates FileC:\RCX1A.tmp
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp.exe
Creates FileAcQC.exe
Creates FileMkYA.exe
Creates FileiCgg.ico
Creates FileC:\RCX8.tmp
Creates FileUMcQ.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp.exe
Creates FilecQUg.exe
Creates FileIQcO.exe
Creates FileQCQo.ico
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp.exe
Creates FileEEoM.ico
Creates FileUSMo.ico
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp.exe
Creates FileQgUC.exe
Creates FilegyQE.ico
Creates FileMoAA.ico
Creates FileC:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Creates FilegoEy.exe
Creates FileC:\RCX16.tmp
Creates FileC:\RCX1B.tmp
Creates FileC:\RCX7.tmp
Creates FileEEss.ico
Creates FileC:\RCX17.tmp
Creates Filesgok.exe
Creates FileC:\RCX4.tmp
Creates FileEUgE.exe
Creates FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp.exe
Creates FileVmoo.ico
Creates FileMYAU.ico
Creates FileYyog.ico
Creates FilewosK.exe
Creates FilegEUm.exe
Creates FileASsU.ico
Creates FilesAYo.exe
Creates FileQOQE.ico
Creates FilewQUe.exe
Deletes FileQqoM.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\palm tree.bmp
Deletes FileOgAw.ico
Deletes FileAmws.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\ball.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\cat.bmp
Deletes FileQSUI.ico
Deletes FilegoEY.ico
Deletes FilesEAE.exe
Deletes FilexMsw.exe
Deletes FileSaUk.ico
Deletes FilesUAo.ico
Deletes FileISsA.ico
Deletes FileQqkw.ico
Deletes FileAGgw.ico
Deletes FilewoMe.exe
Deletes FilesYks.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\red flower.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\beach.bmp
Deletes FilecEEc.exe
Deletes FileQukc.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\fish.bmp
Deletes FilewikI.ico
Deletes FilewccC.exe
Deletes FileAIwY.ico
Deletes FileysIM.exe
Deletes FilekIgY.exe
Deletes FilecQIs.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\drip.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dog.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\airplane.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\dirt bike.bmp
Deletes FileqYcU.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\butterfly.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\install.bmp
Deletes FilecgQc.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\horses.bmp
Deletes FilesEMU.exe
Deletes FileMUYQ.exe
Deletes FileoMsa.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\duck.bmp
Deletes FileUIwa.exe
Deletes FilegOcM.ico
Deletes FilekKEQ.ico
Deletes FileAcQC.exe
Deletes FileMkYA.exe
Deletes FileiCgg.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\chess.bmp
Deletes FileUMcQ.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\pink flower.bmp
Deletes FileIQcO.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\guitar.bmp
Deletes FilecQUg.exe
Deletes FileQCQo.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\astronaut.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\guest.bmp
Deletes FileUSMo.ico
Deletes FileEEoM.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\skater.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\frog.bmp
Deletes FilegyQE.ico
Deletes FileQgUC.exe
Deletes FileMoAA.ico
Deletes FilegoEy.exe
Deletes FileEEss.ico
Deletes Filesgok.exe
Deletes FileEUgE.exe
Deletes FileVmoo.ico
Deletes FileMYAU.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\snowflake.bmp
Deletes FileYyog.ico
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\car.bmp
Deletes FilewosK.exe
Deletes FilegEUm.exe
Deletes FileQOQE.ico
Deletes FilesAYo.exe
Deletes FileASsU.ico
Deletes FilewQUe.exe
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\kick.bmp
Deletes FileC:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\lift-off.bmp
Creates Mutex\\xc3\\xb00@
Creates Mutex\\xc3\\xb80@
Creates Mutex\\x081@
Creates MutexnwYEEQIw0
Creates Mutex\\xc3\\xa80@
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA
Creates ServiceBgMMsMHT - C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe
Starts ServiceBgMMsMHT

Process
↳ C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates FileC:\Documents and Settings\Administrator\sckowYEM\HUEcIEkg
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates Mutex\\xc3\\xb00@
Creates Mutex\\xc3\\xb80@
Creates Mutex\\x081@
Creates MutexnwYEEQIw0
Creates Mutex\\xc3\\xa80@
Creates MutexrIwsEEEo0
Creates MutexScUMMMcQ
Creates MutexvWcsggUA

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 1824 -e 1892 -g

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Creates FilePIPE\lsarpc

Process
↳ cscript C:\Documents and Settings\Administrator\Local Settings\Temp/file.vbs

Creates FilePIPE\lsarpc

Process
↳ C:\Documents and Settings\All Users\BGIwEQog\wAYUMkIw.exe

RegistryHKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\igEsYooY.exe ➝
C:\Documents and Settings\All Users\jGgMgwwU\igEsYooY.exe
Creates Filepipe\net\NtControlPipe10
Creates FileC:\Documents and Settings\All Users\jGgMgwwU\igEsYooY
Creates FilePIPE\lsarpc
Creates FileC:\Documents and Settings\LocalService\sckowYEM\HUEcIEkg
Creates MutexvWcsggUA
Creates MutexScUMMMcQ

Process
↳ C:\WINDOWS\system32\svchost.exe

Process
↳ Pid 812

Process
↳ Pid 860

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1216

Process
↳ C:\WINDOWS\system32\spoolsv.exe

RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\BeepEnabled ➝
NULL
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Print\TypesSupported ➝
7
RegistryHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\SymbolicLinkValue ➝
NULL
RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\DefaultSpoolDirectory ➝
C:\WINDOWS\System32\spool\PRINTERS\\x00
RegistryHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LogonTime ➝
NULL
Creates FileWMIDataDevice

Process
↳ Pid 1864

Process
↳ Pid 1152

Network Details:

DNSgoogle.com
Type: A
64.233.185.102
DNSgoogle.com
Type: A
64.233.185.113
DNSgoogle.com
Type: A
64.233.185.138
DNSgoogle.com
Type: A
64.233.185.139
DNSgoogle.com
Type: A
64.233.185.100
DNSgoogle.com
Type: A
64.233.185.101
HTTP GEThttp://google.com/
User-Agent:
HTTP GEThttp://google.com/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 64.233.185.102:80
Flows TCP192.168.1.1:1032 ➝ 64.233.185.102:80

Raw Pcap

Strings