|
|
5/5
|
File System
|
Encrypts content of user files
|
Ransomware
|
|
|
-
Encrypts the content of multiple user files. This is an indicator for ransomware.
|
|
|
5/5
|
Local AV
|
Malicious content was detected by heuristic scan
|
-
|
|
|
-
Local AV match on Sample File for "C:\Users\FD1HVy\Desktop\raEMQ.exe".
|
|
|
-
Local AV match on Memory Dump File for "".
|
|
|
5/5
|
File System
|
Known malicious file
|
Trojan
|
|
|
-
File "C:\Users\FD1HVy\Desktop\raEMQ.exe" is a known malicious file.
|
|
|
4/5
|
Injection
|
Writes into the memory of another running process
|
-
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" modifies memory of "c:\windows\system32\sihost.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" modifies memory of "c:\windows\system32\svchost.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" modifies memory of "c:\windows\system32\runtimebroker.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" modifies memory of "c:\windows\system32\dllhost.exe".
|
|
|
4/5
|
Injection
|
Modifies control flow of another process
|
-
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\sihost.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\svchost.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\taskhostw.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\systemapps\shellexperiencehost_cw5n1h2txyewy\shellexperiencehost.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\runtimebroker.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\program files\microsoft office\root\office16\msoia.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\apphostregistrationverifier.exe".
|
|
|
-
"c:\users\fd1hvy\desktop\raemq.exe" creates thread in "c:\windows\system32\dllhost.exe".
|
|
|
3/5
|
File System
|
Possibly drops ransom note files
|
Ransomware
|
|
|
-
Possibly drops ransom note files (creates 191 instances of the file "RyukReadMe.html" in different locations).
|
|
|
2/5
|
Anti Analysis
|
Resolves APIs dynamically to possibly evade static detection
|
-
|
|
|
-
Resolves an unusually high number of APIs.
|
|
|
2/5
|
Anti Analysis
|
Delays execution
|
-
|
|
|
-
One thread sleeps more than 5 minutes.
|
|
|
2/5
|
Information Stealing
|
Reads sensitive browser data
|
-
|
|
|
-
Trying to read sensitive data of web browser "Internet Explorer / Edge" by file.
|
|
|
1/5
|
Process
|
Creates process with hidden window
|
-
|
|
|
-
The process "net" starts with hidden window.
|
|
|
1/5
|
Process
|
Creates a page with write and execute permissions
|
-
|
|
|
-
Allocates a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
|
|
|
1/5
|
Masquerade
|
Changes folder appearance
|
-
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\application data\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\desktop" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\documents" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\documents\my music" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\documents\my pictures" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\documents\my videos" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\accessories\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\administrative tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\startup" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\all users\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\appdata\roaming\microsoft\internet explorer\quick launch" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\application data\microsoft\internet explorer\quick launch" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\sendto" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\appdata\roaming\microsoft\internet explorer\quick launch" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\start menu\programs\windows powershell" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\application data\microsoft\internet explorer\quick launch" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\sendto" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\start menu\programs\accessibility" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\start menu\programs\accessories" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\start menu\programs\maintenance" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\start menu\programs\system tools" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\default user\start menu\programs\windows powershell" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\fd1hvy\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\history" has a changed appearance.
|
|
|
-
Folder "c:\documents and settings\fd1hvy\appdata\local\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\history" has a changed appearance.
|
|
|
1/5
|
Persistence
|
Installs system startup script or application
|
-
|
|
|
-
Adds "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\application data\microsoft\windows\start menu\programs\startup\ryukreadme.html" to Windows startup folder.
|
|
|
-
Adds "c:\documents and settings\all users\application data\application data\application data\application data\application data\application data\microsoft\windows\start menu\programs\startup\ryukreadme.html" to Windows startup folder.
|
|
|
-
Adds "c:\documents and settings\all users\application data\application data\application data\application data\application data\microsoft\windows\start menu\programs\startup\ryukreadme.html" to Windows startup folder.
|
|
|
-
Adds "c:\documents and settings\all users\application data\application data\application data\application data\microsoft\windows\start menu\programs\startup\ryukreadme.html" to Windows startup folder.
|
|
|
-
Adds "c:\documents and settings\all users\application data\application data\application data\microsoft\windows\start menu\programs\startup\ryukreadme.html" to Windows startup folder.
|
|
|
1/5
|
File System
|
Creates an unusually large number of files
|
-
|
|
|
-
Creates an unusually large number of files.
|
|
|
1/5
|
Static
|
Unparsable sections in file
|
-
|
|
|
-
Static analyzer was unable to completely parse the analyzed file: C:\RyukReadMe.html.
|
|
|
1/5
|
Process
|
Process crashed
|
-
|
|
|
-
Process "c:\windows\system32\sihost.exe" crashed.
|
|
|
-
Process "c:\windows\system32\taskhostw.exe" crashed.
|
|
|
-
Process "c:\windows\system32\svchost.exe" crashed.
|
|
|
0/5
|
Process
|
Enumerates running processes
|
-
|
|
|
-
Enumerates running processes.
|
|
|
