Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 26, 2022, 5:17 p.m. | Aug. 26, 2022, 5:21 p.m. |
-
FamilyTreeMadeSimpleSetup.exe "C:\Users\test22\AppData\Local\Temp\FamilyTreeMadeSimpleSetup.exe"
2316-
FamilyTreeMadeSimpleSetup.tmp "C:\Users\test22\AppData\Local\Temp\is-0IEQD.tmp\FamilyTreeMadeSimpleSetup.tmp" /SL5="$3002C,921146,831488,C:\Users\test22\AppData\Local\Temp\FamilyTreeMadeSimpleSetup.exe"
2392-
installersetup1.exe "C:\Users\test22\AppData\Local\installersetup1.exe" /VERYSILENT /SUPPRESSMSGBOXES
2724-
installersetup1.tmp "C:\Users\test22\AppData\Local\Temp\is-53LRT.tmp\installersetup1.tmp" /SL5="$101FE,1092675,831488,C:\Users\test22\AppData\Local\installersetup1.exe" /VERYSILENT /SUPPRESSMSGBOXES
2768-
sc.exe "C:\Windows\system32\sc.exe" create Telephone404 start= auto DisplayName= "Telephone404" binPath= "C:\Windows\test22-pc\Runtimebroker8.exe"
2876 -
sc.exe "C:\Windows\system32\sc.exe" description Telephone404 "Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."
2940 -
sc.exe "C:\Windows\system32\sc.exe" start Telephone404
3008
-
-
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1236
Name | Response | Post-Analysis Lookup |
---|---|---|
installtracker.cfd | 162.0.229.248 | |
setuppro.xyz | 74.208.236.195 |
Suricata Alerts
Suricata TLS
No Suricata TLS
section | .itext |
section | .didata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://setuppro.xyz/guid.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://setuppro.xyz/express.php?uid=2C43E82A198d1d2 |
request | HEAD http://setuppro.xyz/setup/ultrasetup.exe |
request | GET http://setuppro.xyz/setup/ultrasetup.exe |
request | GET http://setuppro.xyz/iam/ins.php?SMAC=&User=test22<o>PC<q>test22&UUID=2C43E82A-4640-204B-882F-B25EE182DD03&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB67b7ddd6-f198d1d2&Caption=MicrosoftWindows7ProfessionalN&OSArchitectures=64-bit&OSerialNumber=87241-140-7508860-80129&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer |
request | GET http://setuppro.xyz/iam/i.php?mid=2C43E82A198d1d2&mac=&publisherid=installer&company=youk&pubid=0&advid=0 |
request | GET http://setuppro.xyz/guid.php |
request | GET http://setuppro.xyz/express.php?uid=2C43E82A198d1d2 |
file | C:\Users\test22\AppData\Local\installersetup1.exe |
file | C:\Users\test22\AppData\Local\Temp\is-KB2LQ.tmp\idp.dll |
file | C:\Users\test22\AppData\Local\Temp\is-0IEQD.tmp\FamilyTreeMadeSimpleSetup.tmp |
file | C:\Users\test22\AppData\Local\Temp\is-53LRT.tmp\installersetup1.tmp |
file | C:\Users\test22\AppData\Local\installersetup1.exe |
file | C:\Users\test22\AppData\Local\Temp\is-KB2LQ.tmp\idp.dll |
cmdline | "C:\Windows\system32\sc.exe" start Telephone404 |
cmdline | "C:\Windows\system32\sc.exe" description Telephone404 "Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service." |
cmdline | "C:\Windows\system32\sc.exe" create Telephone404 start= auto DisplayName= "Telephone404" binPath= "C:\Windows\test22-pc\Runtimebroker8.exe" |
service_name | Telephone404 | service_path | C:\Windows\test22-pc\Runtimebroker8.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0018.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_002.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Support_Chat_001.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0015.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Support Chat.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_003.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0012.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_008.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_009.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_004.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0011.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_005.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0010.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0017.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_007.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\Support Chat.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0019.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0020.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0013.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0016.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0014.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_006.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_001.exe |
file | C:\Users\test22\AppData\Local\Temp\is-53LRT.tmp\installersetup1.tmp |
Malwarebytes | PUP.Optional.BundleInstaller |
K7AntiVirus | Adware ( 00588bef1 ) |
K7GW | Adware ( 00588bef1 ) |
Elastic | malicious (moderate confidence) |
Kaspersky | UDS:Trojan-Dropper.Win32.Dapato.rbpa |
Cynet | Malicious (score: 100) |
McAfee-GW-Edition | BehavesLike.Win32.Dropper.tc |
Microsoft | Trojan:Win32/Wacatac.B!ml |
McAfee | Artemis!15D662C8C085 |
MaxSecure | Trojan.Malware.300983.susgen |