Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | March 9, 2021, 11:05 a.m. | March 9, 2021, 11:07 a.m. |
-
idman623build12_ws1032687615.exe "C:\Users\test22\AppData\Local\Temp\idman623build12_ws1032687615.exe"
1016-
IDM1.tmp "C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\"
2764-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
3024-
regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
2832
-
-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
1976-
regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
1224
-
-
regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
2660-
regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
1884
-
-
idmBroker.exe "C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
2384 -
IDMan.exe "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr
1408
-
-
-
taskhost.exe "taskhost.exe"
1284 -
dwm.exe "C:\Windows\system32\Dwm.exe"
1496 -
explorer.exe C:\Windows\Explorer.EXE
1848 -
SearchProtocolHost.exe "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3832866432-4053218753-3017428901-10012_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3832866432-4053218753-3017428901-10012 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
2120 -
mobsync.exe C:\Windows\System32\mobsync.exe -Embedding
844
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome |
registry | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm |
file | C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey |
registry | HKEY_CURRENT_USER\Software\Opera Software |
registry | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk |
file | C:\Users\test22\Desktop\Internet Download Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk |
file | C:\Users\test22\Desktop\Internet Download Manager.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴 사전.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\한컴오피스 한글 2010.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll" |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll" |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll" |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM40.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM46.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM49.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM35.tmp |
file | C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM7.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM106.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM52.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM53.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM5.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM8.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM39.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM36.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM100.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM3.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM45.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM94.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM72.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM88.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM92.tmp |
section | {u'size_of_data': u'0x00014800', u'virtual_address': u'0x00007000', u'entropy': 7.923799265592882, u'name': u'.rsrc', u'virtual_size': u'0x00015000'} | entropy | 7.92379926559 | description | A section with a high entropy has been found | |||||||||
entropy | 0.788461538462 | description | Overall entropy of this PE file is high |
url | http://crl.comodo.net/TrustedCertificateServices.crl0 |
url | http://users.ocsp.d-trust.net03 |
url | http://crl.ssc.lt/root-b/cacrl.crl0 |
url | http://crl.securetrust.com/STCA.crl0 |
url | http://crl.securetrust.com/SGCA.crl0 |
url | http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0= |
url | http://www.ssc.lt/cps03 |
url | http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0 |
url | http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0 |
url | http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0 |
url | http://www.microsoft.com/pki/certs/TrustListPCA.crt0 |
url | https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0 |
url | http://www.pkioverheid.nl/policies/root-policy0 |
url | http://cps.chambersign.org/cps/chambersroot.html0 |
url | http://www.e-szigno.hu/SZSZ/0 |
url | http://www.entrust.net/CRL/Client1.crl0 |
url | http://crl.chambersign.org/publicnotaryroot.crl0 |
url | http://crl.comodo.net/AAACertificateServices.crl0 |
url | http://www.certplus.com/CRL/class3.crl0 |
url | http://logo.verisign.com/vslogo.gif0 |
url | http://www.acabogacia.org/doc0 |
url | http://www.disig.sk/ca/crl/ca_disig.crl0 |
url | https://www.catcert.net/verarrel |
url | http://www.sk.ee/cps/0 |
url | http://www.quovadis.bm0 |
url | https://www.catcert.net/verarrel05 |
url | http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0 |
url | http://crl.chambersign.org/chambersroot.crl0 |
url | http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0 |
url | http://crl.globalsign.net/root-r2.crl0 |
url | http://certificates.starfieldtech.com/repository/1604 |
url | http://www.d-trust.net0 |
url | http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0 |
url | http://crl.ssc.lt/root-a/cacrl.crl0 |
url | http://crl.usertrust.com/UTN-DATACorpSGC.crl0 |
url | http://www.certicamara.com/certicamaraca.crl0 |
url | http://www.d-trust.net/crl/d-trust_root_class_2_ca_2007.crl0 |
url | http://crl.usertrust.com/UTN-USERFirst-Object.crl0) |
url | http://www.post.trust.ie/reposit/cps.html0 |
url | http://qual.ocsp.d-trust.net0 |
url | http://www2.public-trust.com/crl/ct/ctroot.crl0 |
url | http://www.certicamara.com0 |
url | http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0 |
url | http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0 |
url | http://www.comsign.co.il/cps0 |
url | http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0 |
url | http://www.microsoft.com/pki/crl/products/TrustListPCA.crl |
url | http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0 |
url | http://www.signatur.rtr.at/de/directory/cps.html0 |
url | http://www.globaltrust.info0 |
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Create a COM server | rule | create_com_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen | ||||||
description | Communications over P2P network | rule | network_p2p_win | ||||||
description | Communications over HTTP | rule | network_http | ||||||
description | File downloader/dropper | rule | network_dropper | ||||||
description | Communications over FTP | rule | network_ftp | ||||||
description | Communications over RAW socket | rule | network_tcp_socket | ||||||
description | Communications use DNS | rule | network_dns | ||||||
description | Communication using dga | rule | network_dga | ||||||
description | Escalade priviledges | rule | escalate_priv | ||||||
description | Take screenshot | rule | screenshot | ||||||
description | Run a keylogger | rule | keylogger | ||||||
description | Steal credential | rule | cred_local | ||||||
description | Record Audio | rule | sniff_audio | ||||||
description | APC queue tasks migration | rule | migrate_apc | ||||||
description | Malware can spread east-west file | rule | spreading_file | ||||||
description | Malware can spread east-west using share drive | rule | spreading_share | ||||||
description | Create or check mutex | rule | win_mutex | ||||||
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_private_profile | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | Match Winsock 2 API library declaration | rule | Str_Win32_Winsock2_Library | ||||||
description | Match Windows Inet API library declaration | rule | Str_Win32_Wininet_Library | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Bypass DEP | rule | disable_dep | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Code injection with CreateRemoteThread in a remote process | rule | inject_thread | ||||||
description | Hijack network configuration | rule | hijack_network | ||||||
description | Create a windows service | rule | create_service | ||||||
description | Create a COM server | rule | create_com_service | ||||||
description | Communications over UDP network | rule | network_udp_sock | ||||||
description | Listen for incoming communication | rule | network_tcp_listen | ||||||
description | Communications over P2P network | rule | network_p2p_win |
cmdline | /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll" |
cmdline | "C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll" |
cmdline | "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr |
cmdline | /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll" |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll" |
cmdline | regsvr32.exe /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll" |
cmdline | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll" |
cmdline | /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll" |
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll | ||||||
reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\(Default) | reg_value | C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll | ||||||
file | C:\Windows\system.ini |
registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile |
bho_regkey | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) |
bho_regkey | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) |
bho_regkey | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer |
bho_regkey | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\UpdatesDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\AntiVirusOverride |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\FirewallOverride |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\UacDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\AntiVirusDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc\FirewallDisableNotify |
url | http://203.146.43.35/logo.gif |
url | http://89.119.67.154/testo5/ |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM5.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM63.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM35.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM85.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM72.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM67.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM29.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM56.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM24.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM87.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM17.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM88.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM92.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM77.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM21.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM3.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM54.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM65.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM9.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM50.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM57.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM33.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM4.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM20.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM45.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM106.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM95.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM93.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM83.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM48.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM64.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM103.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM60.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM89.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM34.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM14.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM53.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM16.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM25.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM79.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM105.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM44.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM59.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM102.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM80.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM68.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM99.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM71.tmp |
file | C:\Users\test22\AppData\Local\Temp\IDM_Setup_Temp\IDM6.tmp |
description | attempts to disable user access control | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | ||||||
description | attempts to disable antivirus notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride | ||||||
description | attempts to disable antivirus notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify | ||||||
description | attempts to disable firewall notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify | ||||||
description | attempts to disable firewall notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride | ||||||
description | attempts to disable windows update notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify | ||||||
description | disables user access control notifications | registry | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify | ||||||
description | attempts to disable windows firewall | registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall | ||||||
description | attempts to disable firewall exceptions | registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions | ||||||
description | attempts to disable firewall notifications | registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications |
Bkav | W32.Sality.PE |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Win32.Sality.3 |
FireEye | Generic.mg.14ad7cf3de11bae5 |
CAT-QuickHeal | W32.Sality.U |
Malwarebytes | Malware.Heuristic.1001 |
VIPRE | Virus.Win32.Sality.at (v) |
Sangfor | Virus_Suspicious.Win32.Sality.bh |
K7AntiVirus | Virus ( f10001071 ) |
Alibaba | Virus:Win32/Sality.66849c1c |
K7GW | Virus ( f10001071 ) |
CrowdStrike | win/malicious_confidence_100% (D) |
Baidu | Win32.Virus.Sality.gen |
Cyren | W32/Sality.gen2 |
Symantec | W32.Sality.AE |
TotalDefense | Win32/Sality.AA |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | Virus.Win32.Sality.gen |
BitDefender | Win32.Sality.3 |
NANO-Antivirus | Virus.Win32.Sality.beygb |
ViRobot | Win32.Sality.Gen.A |
Avast | Win32:SaliCode [Inf] |
Rising | Virus.Sality!1.A5BD (CLASSIC) |
Ad-Aware | Win32.Sality.3 |
Emsisoft | Win32.Sality.3 (B) |
Comodo | Virus.Win32.Sality.gen@1egj5j |
F-Secure | Malware.W32/Sality.AT |
DrWeb | Win32.Sector.30 |
Zillya | Virus.Sality.Win32.25 |
TrendMicro | PE_SALITY.RL |
McAfee-GW-Edition | W32/Sality.gen.z |
Sophos | Mal/Generic-R + Mal/Sality-D |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | Win32/HLLP.Kuku.poly2 |
Avira | W32/Sality.AT |
MAX | malware (ai score=100) |
Antiy-AVL | Virus/Win32.Sality.gen |
Arcabit | Win32.Sality.3 |
AegisLab | Virus.Win32.Sality.v!c |
ZoneAlarm | Virus.Win32.Sality.gen |
GData | Win32.Sality.3 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Win32/Kashu.E |
Acronis | suspicious |
McAfee | W32/Sality.gen.z |
TACHYON | Virus/W32.Sality.D |
VBA32 | Virus.Win32.Sality.bakc |
ESET-NOD32 | Win32/Sality.NBA |
TrendMicro-HouseCall | PE_SALITY.RL |