Loading.... 152e49412f1ecb077d047784e7e1374df18c9853
Date: 02/07/2018
Type: Demande
UID: *********
Unpacked: SBOX_92481976.EXE



winsvc.exe
Microsoft Windows Services
%ls:Zone.Identifier
%windir%
%userprofile%
%temp%
%ls\T-449505056674060607
%ls\%ls
%ls:*:Enabled:%s
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Software\Microsoft\Windows\CurrentVersion\Run\
SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\
SOFTWARE\Policies\Microsoft\Windows Defender\
DisableAntiSpyware
DisableAntiSpyware
%appdata%
%ls\winmgr.txt
\public_html
\htdocs
\httpdocs
\wwwroot
\ftproot
\share
\income
\upload
Recycle.Bin
%temp%
%ls\%d%d%d.exe
%windir%\system32\cmd.exe
/c start _ & _\DeviceManager.exe & exit
%ls\%s.lnk
%ls.lnk
%ls\_\DeviceManager.exe
%ls\_\DeviceConfigManager.exe
shell32.dll
shell32.dll
autorun.inf
%ls\%s
%ls\%s
%s\_\%ls
/c rmdir /q /s "%ls"
cmd.exe
/c move /y "%ls", "%ls"
cmd.exe
%temp%
%ls\%d%d%d.exe
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
%ls:Zone.Identifier
%ls\%d%d%d.exe


:--tLdr--:
http://92.63.197.60/
http://92.63.197.112/
http://soghorgohhsourgru.ru/
http://rohoaouaehohehehg.ru/
http://oehghauehfoeoufhx.ru/
http://soghouoenoadeubfg.ru/
http://oaeofabueobezfzdi.ru/
http://goufaefeufgagfuxs.ru/
http://aiizzeezzezefhsrd.ru/
http://looolualolalolals.ru/
http://laalooolaualaoalw.ru/
http://muhaaahoooohaierz.ru/
http://soghorgohhsourgru.su/
http://rohoaouaehohehehg.su/
http://oehghauehfoeoufhx.su/
http://soghouoenoadeubfg.su/
http://oaeofabueobezfzdi.su/
http://goufaefeufgagfuxs.su/
http://aiizzeezzezefhsrd.su/
http://looolualolalolals.su/
http://laalooolaualaoalw.su/
http://muhaaahoooohaierz.su/
http://soghorgohhsourgru.in/
http://rohoaouaehohehehg.in/
http://oehghauehfoeoufhx.in/
http://soghouoenoadeubfg.in/
http://oaeofabueobezfzdi.in/
http://goufaefeufgagfuxs.in/
http://aiizzeezzezefhsrd.in/
http://looolualolalolals.in/
http://laalooolaualaoalw.in/
http://muhaaahoooohaierz.in/
http://soghorgohhsourgru.tr/
http://rohoaouaehohehehg.tr/
http://oehghauehfoeoufhx.tr/
http://soghouoenoadeubfg.tr/
http://oaeofabueobezfzdi.tr/
http://goufaefeufgagfuxs.tr/
http://aiizzeezzezefhsrd.tr/
http://looolualolalolals.tr/
http://laalooolaualaoalw.tr/
http://muhaaahoooohaierz.tr/
http://soghorgohhsourgru.fr/
http://rohoaouaehohehehg.fr/
http://oehghauehfoeoufhx.fr/
http://soghouoenoadeubfg.fr/
http://oaeofabueobezfzdi.fr/
http://goufaefeufgagfuxs.fr/
http://aiizzeezzezefhsrd.fr/
http://looolualolalolals.fr/
http://laalooolaualaoalw.fr/
http://muhaaahoooohaierz.fr/
http://soghorgohhsourgru.it/
http://rohoaouaehohehehg.it/
http://oehghauehfoeoufhx.it/
http://soghouoenoadeubfg.it/
http://oaeofabueobezfzdi.it/
http://goufaefeufgagfuxs.it/
http://aiizzeezzezefhsrd.it/
http://looolualolalolals.it/
http://laalooolaualaoalw.it/
http://muhaaahoooohaierz.it/
http://soghorgohhsourgru.com/
http://rohoaouaehohehehg.com/
http://oehghauehfoeoufhx.com/
http://soghouoenoadeubfg.com/
http://oaeofabueobezfzdi.com/
http://goufaefeufgagfuxs.com/
http://aiizzeezzezefhsrd.com/
http://looolualolalolals.com/
http://laalooolaualaoalw.com/
http://muhaaahoooohaierz.com/
http://soghorgohhsourgru.net/
http://rohoaouaehohehehg.net/
http://oehghauehfoeoufhx.net/
http://soghouoenoadeubfg.net/
http://oaeofabueobezfzdi.net/
http://goufaefeufgagfuxs.net/
http://aiizzeezzezefhsrd.net/
http://looolualolalolals.net/
http://laalooolaualaoalw.net/
http://muhaaahoooohaierz.net/
http://soghorgohhsourgru.biz/
http://rohoaouaehohehehg.biz/
http://oehghauehfoeoufhx.biz/
http://soghouoenoadeubfg.biz/
http://oaeofabueobezfzdi.biz/
http://goufaefeufgagfuxs.biz/
http://aiizzeezzezefhsrd.biz/
http://looolualolalolals.biz/
http://laalooolaualaoalw.biz/
http://muhaaahoooohaierz.biz/
http://soghorgohhsourgru.info/
http://rohoaouaehohehehg.info/
http://oehghauehfoeoufhx.info/
http://soghouoenoadeubfg.info/
http://oaeofabueobezfzdi.info/
http://goufaefeufgagfuxs.info/
http://aiizzeezzezefhsrd.info/
http://looolualolalolals.info/
http://laalooolaualaoalw.info/
http://muhaaahoooohaierz.info/
http://112.126.94.107/
http://172.104.40.92/
http://123.56.228.49/
%st.php?new=1
%st.php?on=1
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Microsoft Archive Manager.exe
1C2SvtsUu8YZVUBbha4KiBGYRW5dwtrRvd
BCedWttszcCs9uThQJBdJeEvi83vQgxrAa
228Urw5BHKCiikBcGe37AYVNjJKA6xb4L9RepZ76KasQSSTg1DeertgFr6MNqj3PGR4PGXzCGYQw7UemxRoRxCC97qdga22
XxZ274qGCfFyEi2HRS5G1215vEX331Mhc1
D78VANgC5hQ3n4BSnon6aq6qnQSViyAmLv
EZyjJj7M9gP6bnhw3q5N1gAMyQSVXNh533
0xff0d45f3e2ec83de3b2e069300974732ba1c5d30
Lh8F5u2USRj779tQDy6LMYUM6dgPwH3qoP
4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQrhbkDviv3H6fUaKia
PWGChwvPpdCHyLmURsPgtYCAsqwDAzAsvZ
AH2GAaJtWdQqsSJCS14tVUTKivzD7B67fP
RaqJaa3iWaRkHvDkDcnfkhFJjSvzHLjuBk
rL2zzcnUrDsqPfH6bmbGNG93QYQkDkJ6QV
t1MH943MSkvEcaXiDQJ4GQk9GPaSTkhDh4r
G18431620
U17032720
E18406200
python.exe
pythonw.exe
prl_cc.exe
prl_tools.exe
vmsrvc.exe
vmusrvc.exe
xenservice.exe
vboxservice.exe
vboxtray.exe
vboxcontrol.exe
vmwareservice.exe
vmwaretray.exe
tpautoconnsvc.exe
vmtoolsd.exe
vmwareuser.exe
sbiedll.dll
sbiedllx.dll
dir_watch.dll
wpespy.dll
kernel32.dll
wine_get_unix_file_name
isalpha
isdigit
_snwprintf
_wfopen
wcsstr
fclose
_snprintf
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
WININET.dll
URLDownloadToFileW
urlmon.dll
PathFileExistsW
PathFindFileNameW
PathFindFileNameA
SHLWAPI.dll
ExitProcess
GetProcAddress
GetModuleHandleA
GlobalLock
GlobalAlloc
ExitThread
GlobalUnlock
GetTickCount
WriteFile
CreateFileW
CloseHandle
DeleteFileW
ExpandEnvironmentStringsW
FindFirstFileW
GetDriveTypeW
SetErrorMode
GetLogicalDriveStringsW
CreateDirectoryW
CopyFileW
GetFileAttributesW
GetModuleFileNameW
FindClose
FindNextFileW
SetFileAttributesW
GetVolumeInformationW
GetFullPathNameW
SetCurrentDirectoryW
CreateProcessW
Process32First
GetLastError
Process32Next
CreateToolhelp32Snapshot
GetFileSize
SetFilePointer
lstrlenA
MapViewOfFile
UnmapViewOfFile
GlobalFree
CreateFileMappingA
CreateMutexA
CreateThread
GetStartupInfoA
KERNEL32.dll
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
CloseClipboard
CharLowerW
CharLowerA
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
CoCreateInstance
CoInitialize
ole32.dll
memset
memcpy