popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Update.exe

PDF Suspicious Link Generic Malware Hide_EXE UPX Malicious Library Malicious Packer ftp PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 11, 2024, 7:33 a.m. June 11, 2024, 7:40 a.m.
Size 10.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 99f4956e54717c033294558697b73fc6
SHA256 a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
CRC32 642D3A28
ssdeep 196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • ftp_command - ftp command
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
update.cg100iii.com
A 163.181.22.250
A 163.181.22.243
A 163.181.22.242
CNAME update.cg100iii.com.w.kunlungr.com
A 163.181.22.244
A 163.181.22.249
A 163.181.22.248
A 163.181.22.241
A 163.181.22.206
163.181.22.248
IP Address Status Action
163.181.22.241 Active Moloch
163.181.22.243 Active Moloch
163.181.22.250 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 163.181.22.241:80 -> 192.168.56.103:49172 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49176 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49184 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49188 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49180 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49188 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity
TCP 163.181.22.241:80 -> 192.168.56.103:49192 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49196 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49204 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49208 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49200 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49212 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49237 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49233 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49257 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49281 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49293 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49345 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49212 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity
TCP 163.181.22.241:80 -> 192.168.56.103:49217 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49241 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49277 2015589 ET HUNTING Suspicious Windows Executable CreateRemoteThread Misc activity
TCP 163.181.22.241:80 -> 192.168.56.103:49225 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49277 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49249 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49261 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49289 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49349 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49365 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49309 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49313 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49265 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49265 2015588 ET HUNTING Suspicious Windows Executable WriteProcessMemory Misc activity
TCP 163.181.22.241:80 -> 192.168.56.103:49321 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49273 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49337 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49285 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49369 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49301 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49305 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49317 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49325 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49329 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49385 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49245 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49253 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49297 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49333 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49357 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49373 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49221 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49229 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49269 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49341 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49353 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49361 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49377 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49381 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 163.181.22.241:80 -> 192.168.56.103:49381 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity

Suricata TLS

No Suricata TLS

section .qtmetad
section .gfids
section _RDATA
request GET http://update.cg100iii.com/cg100/update.ini
request GET http://update.cg100iii.com/cg70/update.ini
request GET http://update.cg100iii.com/cg70/CG70.exe
request GET http://update.cg100iii.com/cg70/Qt5Core.dll
request GET http://update.cg100iii.com/cg70/Qt5Gui.dll
request GET http://update.cg100iii.com/cg70/Qt5Network.dll
request GET http://update.cg100iii.com/cg70/Qt5SerialPort.dll
request GET http://update.cg100iii.com/cg70/Qt5Sql.dll
request GET http://update.cg100iii.com/cg70/Qt5Svg.dll
request GET http://update.cg100iii.com/cg70/Qt5Widgets.dll
request GET http://update.cg100iii.com/cg70/Qt5Xml.dll
request GET http://update.cg100iii.com/cg70/Update.exe
request GET http://update.cg100iii.com/cg70/VMProtectSDK32.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-console-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-datetime-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-debug-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-errorhandling-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-file-l1-2-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-file-l2-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-handle-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-heap-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-interlocked-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-libraryloader-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-localization-l1-2-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-memory-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-namedpipe-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-processenvironment-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-processthreads-l1-1-1.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-profile-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-rtlsupport-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-string-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-synch-l1-2-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-sysinfo-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-timezone-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-core-util-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-conio-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-convert-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-environment-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-filesystem-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-heap-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-locale-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-math-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-multibyte-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-private-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-process-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-runtime-l1-1-0.dll
request GET http://update.cg100iii.com/cg70/api-ms-win-crt-stdio-l1-1-0.dll
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00a4c670 size 0x000002a8
name RT_VERSION language LANG_CHINESE filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED offset 0x00a4c670 size 0x000002a8
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\19ABB397CF0DBF4B422A5DFC86DAAA1FFE753310.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C4AAA86A31706DBF817A2BB621829183AA320F24.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1153800A293C31069F19035F07CF674ECFA5B5D6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1ACBA04C7AB704114F004A2FFDC65C231D88DB37.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\AC6B33F0431D31EAE1AAF96D1EA2C813F4B784A2.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\BCE86BF8406299E9A0696683F4C94ED191FC2DA5.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\13CAE78A6E3ED88BD840F186E0D31CCD8CA490B5.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D3D078CD607072A66B644074FAA122D5FEAE5CCB.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\674DDA8F84E07888E074B8F8806F074DD04C695C.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C759DE99FE96FAA0542267CC2E7C6FE42251466A.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D0A04074B4076379CD1BE3C489F056DD17942EC5.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\5F3BA1E4E34BD2BDC769F7E2567C3B6BE329D66C.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\88A145876586977C5F43CD05DC4A48B8EA35FED1.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\73973252C0E0AF5D7C799C451DE42AAC11556A3E.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\50BCB51AE7A02F84E6355AD962D916EE5214418B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\BB7C991100EB8D4FCEA9B8AFCD3C39443F318747.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\06D9F4CD22A98549A4CC9B439FFC6FCE53112175.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1E3E06BB40EE195015E3917492B1F89AA0D5F6F4.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D11D0926086E12485EB232724AEC31BDF50C40CC.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\3EB0E2FE0FB8680E4E146BB02DE499E11DA81AF8.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\DC9ADD730406E6B925780F45068AE2AB543E4B58.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\A9F23689D650EAA20E732FE2E9EB2AD3EDCBA733.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\B96D5CDF66BE32E5F6C81EC8049318C379EFA9D5.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\FCD28506896F21B7E9E84166237457A2CF7D33DE.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\A9C199F555094629126C09EF24859B5FE742124A.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\3FFBC4D7D7C4BD276A66ECADE563894451F5C9A6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\3E1C26ABA565C2BAC093EB70F38B682C10E6DD24.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D4D608526AEA3919FBD13DB7A91F310C0E33000A.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\2380A9E72AF5DCA2B0311562D3B447D8DC65B17E.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\A39B43B3AF06EBEC49B1C93F8AA3B070369330D5.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D54DEDE54A66B846D883792CA766676BBF4EDA8B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\56643F7883CA398DC5A8EC95489916C392F1C90E.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\B5A497DAD43C0F0578E7F6CD7F1BB4790BDBE63A.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\0A6E95DAA685541E7628E07027BC826C750D235E.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\772AB6D2EC9372240F52203202CBED926C79B383.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C00A8177E31F7412FB9068455A54F7EE0FD14ABB.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1BDFA14A0883AC96FFED09237C503C8ACCBBC2BD.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\62AB8977B1956552EB6E53EB6DB0796B1B35B56B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\05A6F5BAF8BF698BAA581139F782E9B33D26B0D1.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\E517E4CBDF4CFDA7A650E12EC0E9FC6BDE80B1D8.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\03E91892B4C23DF04476485E943CD6E8263E00D0.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C0D94BBFAF3A4F7837CA882B8DCCB3E4723E7DD1.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\368293929ADF4C27790FEBA3E4E21DC3E7356AF7.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\2A706504AB956CFABA611E9551111B7B004A0ED6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\612829AAB093EEC25DC2D22C52E8D6ECFC0B2BF9.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1B83A8C4A33CA87E9C15450C6671E935EA863B13.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\16DEBCD1A74F4EBD5991E8E37CBD60AF96D7CBED.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\ECBFA7B25EF21AB9F0A603D837A2EC85AE2CD205.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\79114B4EAC30E643D7CE7E48E811A0886969CAEA.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\DFBF7DEF0FD31A10F8E0C7B45271015ACB7A320B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\F236DFD17C14D27832506BCF1E6820C83EB1F87D.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\128010BC938A6897DBAABBCF286554C035D7DEFB.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\18BEA1A15B72AEF601C954D88B09867097971E5E.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\864EDFAF9C2EEB65D02C70DAB2C3A11F98069A98.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\13CE21193B253ED08C5174BA21BA422980299CE1.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\891BF9E444DC3A2CEA3AABD55AEC2F107F24EFF4.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\BC00832506E78DC88B4BC70F4B8C98D931FA6184.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\72863930B89B8B534F2CB1FBE3B5D01372F15480.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\40AE05C6F6943C35A537DAFC94D9A897F97C24E9.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\2E67EB02B3FB2327D07559B8F71C4080005BB310.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\7BA42498A2EBD61F76FBBB22B0188E5CD22D6B9B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\E6EE5466BA6878074126ACC44CE2224762E796B4.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\EB9ABD70E3979F151BC8886E8BA1C3401305EDFD.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\A9B267D91F7B6D27FA72569FFBD122492568C22C.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\3526F529175B7BEA71FFEA57E94B8554B15A6F53.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\E98A8FA1BBED69C6F0FF2C4142754BB5863F2438.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\74B3B70C6658359982DAB35C050B4843154A5708.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\FE1F2D94AD14AF01FF29BA2F8ED8A5D67415308D.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\3CCC057C9C036905D94CE80A0A0F8CF43519409F.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\732DB1E3EF5AB973B30E5037ECF594DFAA948137.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\293A6A5485AFFD208F40D02E43DF599551B847FF.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D5BFC54CEA2BE3BFEDAC3F6E082EABE09E045251.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\A6A6BC462B22ADA4071310D6D1076F10431C49F6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\4F1A8E20350ADE529BA56C04EEC6D637FE04DCEE.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\F630F72BEAD64482BD3302546310129DB79AD1BC.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D9DFA269EEBAB55C4B69698F256139B56CEE4DD9.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1B429AA66BB734C5EB178FC61B3F26F296363558.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D80C1EBB677E71E05F05E89AE0D344182E9B5D78.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\57FB14F4005BDE2B75B51570AA92F8C49549C266.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C508FFD8FDAACF4C91436B8DE2BAF3EBC7F6D00B.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\66E7550282F46398DF9EA1934F9BB245D1ADA7A0.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\98EDAB295113DFEBFFF9885703033D02230B23A1.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\4E4E5968F077B0C905DFC263511C2DCAFA80DCFD.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\F4BF8EFE9B5718E50813AE6DDB8791CB3B52D658.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\E84F0B632E3CB729958E3C4E2E4AE93841D6E6FE.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\D0868D652D8BABC613D0BF7A8C25F103E32E0E8F.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\296D1E1F047AE9E74452466165C61A3841A82159.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\B6F9801159276F8CC05F59C6B1698342DA223904.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\9E93D0BF4204FF58DDD3891C217493CDBE22E069.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\E8DE15AC43F46CD45A62299304F5446A821582F6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\69A52FCDAA4C441B1B1CA440DB4418AB377B4AF6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\15A17F79505305D03D5DE9FE01E77738E12135F6.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\70E27D89FFECB4BC655E6A34B24A92E7AEAD4C3A.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\1025FB474EFF54ACCB57D71A721B186FB78A7C84.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\DE42A7C06E26B0FE2176C080293E64C495C13515.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\C8CFEB107C38510C8E6717A1C3F278610C973678.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\BA51EBEA0A69DBA328DC10B279EE65F347EA3869.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\F6DB1A5F4FFBF56379DA223ABFBC6FE69EFAC491.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\7EFE1EFA8EEB9D76F502434592E1395902CB12CA.temp
file C:\Users\test22\AppData\Local\Changguang\CG100\cache\61FF8BA46D48E4345E9DA3896AD081062EC25FDD.temp
Bkav W32.Common.BF5C7D94
Lionic Trojan.Win32.Agent.Y!c
Cynet Malicious (score: 99)
CAT-QuickHeal Trojan.Phonzy
Skyhigh BehavesLike.Win32.Dropper.vh
ALYac Trojan.GenericKD.73061524
Cylance Unsafe
VIPRE Trojan.GenericKD.73061524
Sangfor Trojan.Win32.Agent.Vtb2
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Trojan.GenericKD.73061524
K7GW Riskware ( 00584baa1 )
Cybereason malicious.e54717
Arcabit Trojan.Generic.D45AD494
VirIT Trojan.Win32.Genus.VUO
Symantec Trojan.Gen.MBT
Elastic malicious (moderate confidence)
McAfee Artemis!99F4956E5471
Avast Win32:MalwareX-gen [Trj]
Kaspersky UDS:Trojan-Downloader.Win32.Agent.a
MicroWorld-eScan Trojan.GenericKD.73061524
Emsisoft Trojan.GenericKD.73061524 (B)
F-Secure Trojan.TR/Casdet.fivja
TrendMicro TROJ_GEN.R002C0DFA24
McAfeeD ti!A1DC127ADD3A
FireEye Trojan.GenericKD.73061524
Sophos Mal/Generic-S
Ikarus Trojan.Win32.Injector
Google Detected
Avira TR/Casdet.fivja
MAX malware (ai score=87)
Antiy-AVL Trojan/Win32.Agent
Gridinsoft Trojan.Win32.Downloader.sa
Xcitium Malware@#3qsev96ip4746
Microsoft Trojan:Win32/Zusy!MTB
GData Trojan.GenericKD.73061524
Varist W32/ABRisk.ISCT-1709
AhnLab-V3 Malware/Win.Generic.C5586400
DeepInstinct MALICIOUS
Malwarebytes Trojan.Downloader
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002C0DFA24
Fortinet PossibleThreat.MU
AVG Win32:MalwareX-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Win/Zusy.Gen