Preventivo sconto multi-licenza
Database delle minacce Programmi potenzialmente indesiderati MediaArena

MediaArena

Entro Mezo nel Programmi potenzialmente indesiderati, Pubblicità, Dirottatori del browser
Traduci in:

Cartoncino segnapunti di minaccia

Popularity Rank: 10,316
Livello di minaccia: 10 % (Normale)
Computer infetti: 831
Visto per la prima volta: April 28, 2023
Ultima visualizzazione: March 4, 2026
Sistemi operativi interessati: Windows

PUA:Win32/MediaArena è un programma intrusivo che mira a installarsi su un computer ed eseguire varie azioni indesiderate. MediaArena potrebbe assumere il controllo del browser Internet dell'utente o fornire pubblicità dubbie sul sistema. MediaArena potrebbe essere rilevato come un programma autonomo o un'estensione del browser generalmente installata sul computer all'insaputa o all'autorizzazione dell'utente. Una volta attivato, questo PUP (programma potenzialmente indesiderato) può iniziare a visualizzare annunci pubblicitari pop-up e reindirizzare l'utente a diversi siti Web quando rileva che l'utente sta navigando in Internet. Ciò può interrompere l'intera esperienza di navigazione e, soprattutto, portare gli utenti verso destinazioni non sicure.

Inoltre, PUA:Win32/MediaArena può raccogliere informazioni personali e cronologia di navigazione dell'utente, che potrebbero essere utilizzate per scopi fraudolenti, come furto di identità o pubblicità mirata. Questo PUP deve essere rimosso il prima possibile per proteggere la privacy e la sicurezza dell'utente.

È improbabile che gli utenti installino MediaArena consapevolmente

La distribuzione di PUP come MediaArena comporta spesso tattiche dubbie che mirano a ingannare e manipolare gli utenti affinché installino software indesiderato sui loro dispositivi. Una di queste tattiche è il raggruppamento, in cui i PUP vengono impacchettati insieme a software legittimo e installati all'insaputa o al consenso dell'utente. Questo viene spesso fatto nascondendo il PUP nel processo di installazione e utilizzando un linguaggio confuso o fuorviante nei prompt di installazione.

Un'altra tattica è la pubblicità ingannevole, in cui i PUP vengono pubblicizzati come software legittimo o come strumenti preziosi che miglioreranno l'esperienza dell'utente. In realtà, questi programmi eseguono spesso azioni indesiderate come la visualizzazione di annunci pubblicitari, il reindirizzamento del browser dell'utente o la raccolta di informazioni sensibili.

Inoltre, alcuni PUP possono utilizzare tattiche di ingegneria sociale, come avvisi o avvisi di sicurezza falsi, per convincere gli utenti a scaricare e installare il software indesiderato. Questo può indurre gli utenti a pensare che i loro dispositivi siano infetti da malware o che la loro privacy sia a rischio, portandoli a installare il PUP nel tentativo di risolvere il problema.

Inoltre, alcuni PUP possono utilizzare metodi manipolativi per impedire agli utenti di disinstallarli, come nascondere i propri file e processi o creare più voci nel registro del dispositivo. Ciò può rendere difficile per gli utenti di PC rimuovere il software indesiderato e riprendere il controllo dei propri dispositivi.

Nel complesso, la distribuzione di PUP comporta una serie di tattiche dubbie che possono danneggiare gli utenti compromettendo la loro privacy, sicurezza ed esperienza complessiva con i loro dispositivi. È fondamentale che gli utenti siano cauti e vigili durante il download e l'installazione del software e leggano sempre i termini e le condizioni prima di accettare di installare qualsiasi programma.

Rapporto di analisi

Informazione Generale

Family Name: PUP.MSIL.MediaArena.A
Signature status: Root Not Trusted

Known Samples

MD5: 83fb0a86a3845edcdeb7f65511840514
SHA1: 11b8d0e313a200cf8e78ada1dfabe43c1d0098c4
Dimensione del file: 5.08 MB, 5076168 bytes
MD5: 0160d22c9f4954bcc793df96842112e9
SHA1: b71feb22c1e16d6e2af0245397de3fd4ec933639
Dimensione del file: 1.13 MB, 1129256 bytes
MD5: 6595d937af13ceba5c2501bae4e1fbda
SHA1: b804e025dc0eb31ed62f6bd27968b761a53a4d60
Dimensione del file: 8.09 MB, 8086728 bytes
MD5: 0dd8680503ead8fb01af9c784f85af5a
SHA1: 1077fe05962a392e62cfe1cee86de7239a7e7a66
Dimensione del file: 5.09 MB, 5085904 bytes
MD5: ce7bc74e84d7abfe7001f235a6635c31
SHA1: eee7dcf28b9a9fc9b783beb653e3e5214fbcbce9
SHA256: A999BF5510CD2C84535F7EA66A3EFD4A8662B2BA5831171955246FB013E4A2DB
Dimensione del file: 5.14 MB, 5143760 bytes
Show More
MD5: b256bf137ff3d258cce6b3f740dff749
SHA1: ee42851109e6217578d072eb4464f18d9283fe8b
SHA256: D01F4DA2A3F1EAEA0867C201D27AE18D9C892E37AEDFDA779828F4350F5E4364
Dimensione del file: 1.07 MB, 1068744 bytes
MD5: 8186602fae208e37c948ea456ec337ed
SHA1: 827d47c449d8a4198a3e91d0a0bee838db063d44
SHA256: 51286ED430AC1F061BD01C6A7127BE2B0C3BBC01A7AF8EF4D00BA5E35687B279
Dimensione del file: 2.73 MB, 2726848 bytes
MD5: f6fd206a287157fa51e3008dceb0f4cc
SHA1: 794fc64b51eb7b0b33b9bbc21aa2e5354aac4182
SHA256: FA06715B49252CF98E70A19949726F65A92D8C112BEEDC191DBEECDD77CC759A
Dimensione del file: 4.40 MB, 4399312 bytes
MD5: 3383b63b7f56ee792a0d4ae2d572a334
SHA1: 00c3f7f233a31178092bea3d8e6ddd871c72b8f5
SHA256: 8EEEBFF49329456FDF6C7AD7A2E3F1D0D6D8441653D4C07EBB038755ECB74111
Dimensione del file: 5.38 MB, 5382352 bytes
MD5: 7184f52a1e3b998cd8a858d03c291be1
SHA1: 7971c05fe5ecc115d012c62bafe6676b22790c8b
SHA256: 88003BEE57CB07236582FE9983C0FF6E85272522681BEC39413623BC40BBDD97
Dimensione del file: 1.35 MB, 1346856 bytes
MD5: 8104e595f2013aaf74471ed651b91d84
SHA1: 1a1d04910602ac317e9df6851fbaa50dac3f1d07
SHA256: F402850745EA36C9FD28CB0EA5D96261FE62270FAF72DEF308B8BBCD774ECBAC
Dimensione del file: 5.08 MB, 5075656 bytes
MD5: 6cad849b9fabe8b0f2f6205290ffe5aa
SHA1: b55d27c9477f9240e8752a24fd7d904ed3d1b3c1
SHA256: 389AB7C9BDEBD797E51B6223497840F2D2BE5EBD6E5F48D5F83C31F5CBD09958
Dimensione del file: 7.28 MB, 7284936 bytes
MD5: 6513aaa52dd92b9c6228ad8d82da4786
SHA1: 6410b4a2411f67314956367d877b7c0f5be4e698
SHA256: 8BDBA432B8F4BBBEEAAEB045DB1646E85BDD51C6225AD00D6A5405AC546D3650
Dimensione del file: 1.07 MB, 1068752 bytes
MD5: 2e0952558d1eb7e11c2987b3a02d02a1
SHA1: a47eff71349a8debffe21731e50c7bcf9af6e3ce
SHA256: 7C89AD43F68E9C0E34844D357C8D68FB0A9FD5971337D265E755E74EF5F9A883
Dimensione del file: 4.91 MB, 4913600 bytes
MD5: 7419f4e564b18475b3d43b9768667b75
SHA1: 92829618c0958ab0a81f320b6a3e001c15a93c15
SHA256: 12E5CDE575D93923CC8EBB2CF9C37B01FDE560546E59299E76CC4E36786EB541
Dimensione del file: 4.40 MB, 4399312 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome Valore
Assembly Version
  • 1.3.5.0
  • 1.3.2.0
  • 1.3.1.0
  • 1.3.0.0
  • 1.2.3.0
  • 1.1.7.0
  • 1.1.4.0
  • 1.1.0.0
  • 1.0.4.0
  • 1.0.1.0
Show More
  • 1.0.0.3
Comments
  • EDUp
  • PDFConverty
  • PDFdoconline
  • PDF SuperHero
  • PdfToDocPro
  • ZipRoar
File Description
  • PDFCastle
  • PDFConverty
  • PDFdoconline
  • PDF SuperHero
  • PdfToDocPro
  • ZipRoar
File Version
  • 1.3.5
  • 1.3.2
  • 1.3.1
  • 1.3.0
  • 1.2.3.0
  • 1.1.7.0
  • 1.1.4.0
  • 1.1.4
  • 1.1.0
  • 1.0.4
Show More
  • 1.0.1.0
  • 1.0.0.3
Internal Name
  • EdUpte.exe
  • PDFCastle.exe
  • PDFConvertyexe.exe
  • PDFdoconlineexe.exe
  • PDFexe.exe
  • PDFSuperHero.exe
  • PDFtoDocExe.exe
  • ZipRoarexe.exe
Legal Copyright
  • Copyright © 2021
  • Copyright © 2022
  • Copyright © 2023
  • Copyright © 2024
Original Filename
  • EdUpte.exe
  • PDFCastle.exe
  • PDFConvertyexe.exe
  • PDFdoconlineexe.exe
  • PDFexe.exe
  • PDFSuperHero.exe
  • PDFtoDocExe.exe
  • ZipRoarexe.exe
Product Name
  • PDFCastle
  • PDFConverty
  • PDFdoconline
  • PDF SuperHero
  • PdfToDocPro
  • ZipRoar
Product Version
  • 1.3.5
  • 1.3.2
  • 1.3.1
  • 1.3.0
  • 1.2.3.0
  • 1.1.7.0
  • 1.1.4.0
  • 1.1.4
  • 1.1.0
  • 1.0.4
Show More
  • 1.0.1.0
  • 1.0.0.3

Digital Signatures

Signer Root Status
STANIS LTD GlobalSign Code Signing Root R45 Root Not Trusted
VIEWBIX LTD GlobalSign Code Signing Root R45 Root Not Trusted
RESOFT LTD. GlobalSign GCC R45 EV CodeSigning CA 2020 Self Signed

Block Information

Total Blocks: 3,054
Potentially Malicious Blocks: 13
Whitelisted Blocks: 2,942
Unknown Blocks: 99

Visual Map

0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 x ? ? ? ? x 0 ? x ? 0 ? ? ? ? ? ? x ? ? ? 0 ? ? 0 ? ? ? 0 0 ? 0 ? x 0 0 0 x ? 0 x 0 ? x 0 ? ? 0 x 0 x ? ? ? 0 ? 0 x x ? 0 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 ? ? ? ? ? ? ? 0 0 x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.DFAY
  • MSIL.AsyncRAT.AR
  • MSIL.Downloader.AFE
  • MSIL.Krypt.ABTPHE
  • MSIL.Krypt.EAI
Show More
  • MSIL.Krypt.EAIA
  • MSIL.Krypt.ECPA
  • MSIL.Mardom.LJ
  • MSIL.Mardom.TB
  • MSIL.Mardom.TI
  • MSIL.MediaArena.B
  • MSIL.MediaArena.X
  • Marsilia.D
  • Ymacco.O

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\dav rpc service Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\pshost.133977152550516330.4988.defaultappdomain.b804e025dc0eb31ed62f6bd27968b761a53a4d60_0008086728 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.133978914206746551.640.defaultappdomain.1077fe05962a392e62cfe1cee86de7239a7e7a66_0005085904 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134003805850133026.5988.defaultappdomain.eee7dcf28b9a9fc9b783beb653e3e5214fbcbce9_0005143760 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134076064135536806.8112.defaultappdomain.00c3f7f233a31178092bea3d8e6ddd871c72b8f5_0005382352 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134084429275605227.6708.defaultappdomain.794fc64b51eb7b0b33b9bbc21aa2e5354aac4182_0004399312 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134102786144714767.6664.defaultappdomain.7971c05fe5ecc115d012c62bafe6676b22790c8b_0001346856 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134139690800102792.3452.defaultappdomain.1a1d04910602ac317e9df6851fbaa50dac3f1d07_0005075656 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
Show More
\device\namedpipe\pshost.134162038589349638.4184.defaultappdomain.a47eff71349a8debffe21731e50c7bcf9af6e3ce_0004913600 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134164401831645532.5312.defaultappdomain.b55d27c9477f9240e8752a24fd7d904ed3d1b3c1_0007284936 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pshost.134171578281298452.4012.defaultappdomain.92829618c0958ab0a81f320b6a3e001c15a93c15_0004399312 Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\it-searches\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\krembosearch\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\mambosearch\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfcastle\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfconverty\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\bc.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\arrow-right.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\background.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\check-circle.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\close-icon.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\logo.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\pattern.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\images\pattern2.svg Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\index.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\js\script.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\logo.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfdoconline\resources\logo.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdfsuperhero\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\pdftodocpro\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\promisearch\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\searchazak\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\searchbazak\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\__psscriptpolicytest_0micz41t.fby.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_4csz4htk.gm4.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ad0yvjoc.vs1.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_akqu41kc.wkr.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_aqzczxy1.xf1.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_beusauym.xdq.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_bfq0glza.evm.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ia5okpih.ksd.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_lbt3i3o1.n5z.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_mdf2dukg.cgb.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_ncpotg1u.15m.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_nuduxoad.cfy.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_t54qk5aa.41w.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_uka010kv.cq4.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_volbwdnw.1rq.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wgcdy0lx.ran.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_wpidh4rn.ts0.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_yvay5vz4.olv.ps1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zgznrkqz.dy3.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\__psscriptpolicytest_zudps1kf.0ps.psm1 Generic Write,Read Attributes
c:\users\user\appdata\local\tenbasearch\icon.ico Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\ziproar\temp.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\357f04ad41bcf5fe18fcb69f60c6680f_693295acb6e73cf3f5565bfd4931c89f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\9cb4373a4252de8d2212929836304ec5_1ab74aa2e3a56e1b8ad8d3fec287554e Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b039fea45cb4cc4bbacfc013c7c55604_50385f8eb1f713e33924a830d7a2a41c Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\f59a01a8b782d93ea6991bc172ceffb1 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\357f04ad41bcf5fe18fcb69f60c6680f_693295acb6e73cf3f5565bfd4931c89f Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\9cb4373a4252de8d2212929836304ec5_1ab74aa2e3a56e1b8ad8d3fec287554e Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b039fea45cb4cc4bbacfc013c7c55604_50385f8eb1f713e33924a830d7a2a41c Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\f59a01a8b782d93ea6991bc172ceffb1 Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Dati API Name
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob 캇笋สI壡魱꠷犓쩭큛켍༜瀲퍙뉴ꚜ엣ꘊS@㸰ἰआ虠ňﶆɬ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 4㈰ࠆثԁ܅ȃࠆثԁ܅̃ࠆثԁ܅Ѓࠆثԁ܅ăࠆثԁ܅ࠃb 逾떙币䢏lᆝ﨡㖺襚槟Ṗ옽尲 RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4efc31460c619ecae59c1bce2c008036d94c84b8::blob RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 鄋﯂崓ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ඎ轡轖ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 挏஬ꗐǜ RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\ddfb16cd4931c973a2037d3fc83a4d7d775d05e4::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob  ⥒ᖺ᮳漌쩌슉冘靷❃뛑ꎉ㖹붠喗꼲ꬢ T到ࠆثԁ܅ȃࠆثԁ܅̃ਆثЁ舁਷Ѓࠆثԁ܅Ѓࠆثԁ܅؃ࠆثԁ܅܃ࠆثԁ܅ăࠆثԁ܅ࠃS@㸰ἰआثЁꀁIJ、〒ؐ⬊ĆĄ㞂ļ́ダ؛朅ಁ́ሰူਆثЁ舁㰷āȃ쀀 0GlobalSign Roo RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\d69b561148f01c77c54578c10926df5b856976ad::blob RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
User Data Access
  • GetComputerName
  • GetUserDefaultLocaleName
  • GetUserName
  • GetUserNameEx
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Other Suspicious
  • AdjustTokenPrivileges
Network Winsock2
  • WSAConnect
  • WSASocket
  • WSAStartup
  • WSAttemptAutodialName
Network Winsock
  • closesocket
  • freeaddrinfo
  • getaddrinfo
  • recv
  • send
  • setsockopt
Network Winhttp
  • WinHttpOpen
Network Info Queried
  • GetAdaptersAddresses
  • GetNetworkParams
Encryption Used
  • BCryptOpenAlgorithmProvider
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExcludeClipRect
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtSelectClipRgn
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW

100 additional items are not displayed above.

Shell Command Execution

C:\WINDOWS\system32\fondue.exe "C:\WINDOWS\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
"C:\WINDOWS\system32\systeminfo.exe" /fo LIST

Tendenza

I più visti

Caricamento in corso...