Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | April 8, 2021, 9:15 a.m. | April 8, 2021, 9:37 a.m. |
-
-
sd3672.exe "C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\sd3672.exe" /ShowDeskTop
2552 -
sd3672.exe "C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\sd3672.exe" /setupsucc
2672
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
a.clickdata.37wan.com | 183.60.123.113 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
section | .ndata |
request | GET http://a.clickdata.37wan.com/controller/istat.controller.php?item=8133tay6p9&platform=37wan&game_id=237&ext_1=2&ext_2=37wancom&ext_3=sd3672&ext_4=C2E2596C4C464D049761EA216CC6557D&ext_5=bc117b1625961482d7217427f2af8340&ext_6=2&browser_type=3003 |
name | RT_VERSION | language | LANG_CHINESE | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00039358 | size | 0x00000210 |
file | C:\Users\test22\Desktop\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\sd3672.exe |
file | C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\uninst.exe |
file | C:\Users\test22\AppData\Local\Temp\nsf6155.tmp\System.dll |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\жÔØÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ÍøÒ³ÓÎÏ·.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\жÔØÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴 사전.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\жÔØÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴오피스 한글 2010.lnk |
file | C:\Users\test22\Desktop\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ\ÍøÒ³ÓÎÏ·\ÍøÒ³ÓÎÏ·.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÍøÒ³ÓÎÏ·.lnk |
file | C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\sd3672.exe |
file | C:\Users\test22\AppData\Local\Temp\nsf6155.tmp\System.dll |
file | C:\Users\test22\AppData\Roaming\ÓÎÏ·\sd3672\uninst.exe |
cmdline | C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÍøÒ³ÓÎÏ·.lnk SW_SHOWNORMAL |
Bkav | W32.HfsAdware.AFDF |
CAT-QuickHeal | Application.Agent.ZZ5 |
VIPRE | Adware.Win32.Wews87 |
K7GW | Unwanted-Program ( 0050eb4a1 ) |
K7AntiVirus | Unwanted-Program ( 0050eb4a1 ) |
NANO-Antivirus | Riskware.Win32.FileFinder.eyvluu |
Symantec | ML.Attribute.HighConfidence |
Kaspersky | not-a-virus:AdWare.Win32.FileFinder.gen |
AegisLab | Troj.Downloader.Nsis!c |
Sophos | Generic PUA EG (PUA) |
Comodo | Application.Win32.Wews87.B |
Zillya | Dropper.AgentCRTD.Win32.7861 |
Cyren | W32/GenPua.3478322E!Olympus |
Jiangmin | AdWare.Wews87.g |
Fortinet | Adware/Wews87 |
Antiy-AVL | GrayWare[AdWare]/Win32.Wews87 |
Endgame | malicious (moderate confidence) |
ZoneAlarm | not-a-virus:AdWare.Win32.FileFinder.gen |
Microsoft | PUA:Win32/Youxun |
AVware | Adware.Win32.Wews87 |
VBA32 | AdWare.Wews87 |
ESET-NOD32 | a variant of Win32/Wews87.A potentially unwanted |
Yandex | PUA.Wews87! |
Ikarus | PUA.Wews87 |