Log
- 1. Switches begin
Switches end
Starting v4.2.0.27
FBUserToken: '598684110275847'
FBLocale: 'en_US'
FBAttackId: '899480823436084'
User is Admin: YES
Vista or Higher: NO
IsWow64: NO
GetWorkDir: C:DOCUME~1YAONFA~1LOCALS~1TempFBScanner_760387539
InitReport
SendReport_Init
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
":
"SCANNER_INIT",}&report_sig=BE40D6EE5B9F256F5E45F79F4BD0B156&fwd_ip=127.0.0.1&ve
rsion=4.2.0.27
Response: {"status":true}
# product=FBAV
# version=8
# FBAV_user_token=598684110275847
# FBAV_user_locale=en_US
# FBAV_attack_id=899480823436084
# FBAV_status=0
# flags=2
# ESET.exe=4.3.0.27
# EOSSerial=8ca967428571bf40a1b1a4458d272ca5
# end=init
# utc_time=2015-02-20 03:29:41
# local_time=2015-02-20 11:29:41 (+0800, Taipei Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
INIT report sent to ESET
ExtractEsetsApi OK
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
0,}&report_sig=2B743F651544C758D4C21A49EB3CF23E&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Updating
Update Init
Update Download
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
1,}&report_sig=3DC900E65697E57238D5A919F32752B0&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
3,}&report_sig=3F8375609AB7F90439B42912269A53FD&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
4,}&report_sig=4BFD76DD577F0A652BC5A263F1463DD6&fwd_ip=127.0.0.1&version=4.2.0.2
- 2. 7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
5,}&report_sig=B83D224A31F8D89576CEF0F835090260&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
7,}&report_sig=FBACAFCD06E447A3452AD6479A1B4251&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
8,}&report_sig=41DE667BE4B40B28EB51B069C37E545B&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
9,}&report_sig=4240B5BB56D2736A78A996E9141278B3&fwd_ip=127.0.0.1&version=4.2.0.2
7
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
11,}&report_sig=BCDB4B1E044BB807B717AF2307EE0CF5&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
12,}&report_sig=EBDD954BFD00365A56399C4CE273139A&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
13,}&report_sig=866AF33B0280EA61B17A3A36D3449D78&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
15,}&report_sig=214BAC5B4A2FF8500EE94FF24946FD5C&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
16,}&report_sig=88B6B60B4797206A650127491C5C7B8E&fwd_ip=127.0.0.1&version=4.2.0.
27
- 3. Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
17,}&report_sig=A5A9BE6F2A1A54CB1A36A5DCE822AC6D&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
18,}&report_sig=F03CDC54B63E3A0EDB6743119E6F2AFD&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
19,}&report_sig=A1EE68F783791D7539778E705CD79F6A&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
20,}&report_sig=BCCE58E7B42B5B9894C1B0A33C679EB8&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Update Finalize
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
20,}&report_sig=BCCE58E7B42B5B9894C1B0A33C679EB8&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Updated modules version: 22560
# product=FBAV
# version=8
# FBAV_user_token=598684110275847
# FBAV_user_locale=en_US
# FBAV_attack_id=899480823436084
# FBAV_status=0
# flags=2
# ESET.exe=4.3.0.27
# end=Updated
# utc_time=2015-02-20 03:29:41
# local_time=2015-02-20 11:29:41 (+0800, Taipei Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
UPDATED report sent to ESET
Initialize Scan
Scan
Scanner engine: 22560
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_DATA","event_type": "DETECTED","sample_name": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_id": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_hashes": {"SHA1":
"0000000000000000000000000000000000000000",},}&report_sig=DB37B208EE093B5F211185
74C2B007DE&fwd_ip=127.0.0.1&version=4.2.0.27
Response: {"status":true}
- 4. Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_DATA","event_type": "CLEANUP_SUCCESS","sample_name": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_id": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_hashes": {"SHA1":
"0000000000000000000000000000000000000000",},}&report_sig=74FD3FC527786259CC61C3
4780514087&fwd_ip=127.0.0.1&version=4.2.0.27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
22,}&report_sig=6D15D3E1FF90784432A863B9D218F145&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Scanner engine: 22560
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
27,}&report_sig=6028852688785C2E911B144B006EF253&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
- 5. 27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
28,}&report_sig=683999D8CE197C185692803FAF784D60&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
47,}&report_sig=1C551C5EEA8098D9D2626A4BB51F0FE4&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
47,}&report_sig=1C551C5EEA8098D9D2626A4BB51F0FE4&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_DATA","event_type": "DETECTED","sample_name": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_id": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_hashes": {"SHA1":
- 6. "0641D63D85DA4259B27FA455972E762B6FC04092",},}&report_sig=7BFB1983BB06D5A2FF9E49
F1EAE62B98&fwd_ip=127.0.0.1&version=4.2.0.27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_DATA","event_type": "CLEANUP_SUCCESS","sample_name": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_id": "a variant of
Win32/ELEX.BH potentially unwanted application","sample_hashes": {"SHA1":
"0641D63D85DA4259B27FA455972E762B6FC04092",},}&report_sig=04AA1E1A1EA04AB88B7325
16A5829F9E&fwd_ip=127.0.0.1&version=4.2.0.27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
47,}&report_sig=1C551C5EEA8098D9D2626A4BB51F0FE4&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
- 7. ": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}
Request query: 1443300579261932/malware_scanner
Request body: access_token=1443300579261932|
cfedb1bd1113405e097902a8602d76ed&user_token=598684110275847&report={"report_type
": "SCANNER_PROGRESS","progress":
56,}&report_sig=E90BD11899688B77F684A0AA0FFF07A6&fwd_ip=127.0.0.1&version=4.2.0.
27
Response: {"status":true}