Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.PoisonIvy.Q

Trojan.PoisonIvy.Q

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 2,497
Threat Level: 80 % (High)
Infected Computers: 2,992
First Seen: August 29, 2021
Last Seen: May 26, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.PoisonIvy.Q
Signature status: Self Signed

Known Samples

MD5: eef4edb42062301b211f309e2165cedf
SHA1: 2aa123987d1c47e5c4a352e9db74c44b8c3b36bb
SHA256: 3F8695305ACC126A3FAC3164CAA5867E5764B47082D06AE3C29390FD6AC575D6
File Size: 9.23 MB, 9231224 bytes
MD5: fc4ce0786f75ea081502b51212d6f87f
SHA1: 571beeb87fcce53e43e57a8b5f71dd6f8d031384
SHA256: 50D66DA5F6F4EFB9C331665BD21DC97D375F44591820212B11514CDF479A0C1F
File Size: 7.94 MB, 7940952 bytes
MD5: 6c05f1ecbfabc1fd09e9a09f726c74d5
SHA1: d14d95895c699662dfa43ef089607d16117ac83b
SHA256: 6904B626D865B1638FD7FC3166A82C44EC19066C152AAF6BC0FAF4CA931B5F59
File Size: 9.06 MB, 9057144 bytes
MD5: 58e25855b64f8811211ec5ff1691c4b9
SHA1: 65748fea174e31028b0912cd6b428ece0fc723a8
SHA256: 0EC613E6BED6707782A0D440C8FB56C0A713EE0BB24E986273F58C9FA7A4819E
File Size: 8.19 MB, 8190248 bytes
MD5: 22970ad5564ff0a65556f2f5cfaa9d43
SHA1: f7940f209d5f1080a32a1ed685fafa54b6efaa52
SHA256: 660C0F810B8FE1C5F78BCF50BCD90DD57AF07846442759C6D5C424FE1940F21B
File Size: 9.06 MB, 9056704 bytes
Show More
MD5: 476ced6a5961275f549f8429afe8d20d
SHA1: 64cefdb69051ceee0da1368408caf139196d36ca
SHA256: 6013BFEA83212FF04B7C490809E4AC65756F98DE0E4B37E0FEE32BBFC283C3BF
File Size: 7.90 MB, 7904784 bytes
MD5: 1974d54a454617298cdbf2cb5bb83dfd
SHA1: d550dc57f2e7506dbf9de63476523155142c6f44
SHA256: 25D6C94D3C4C6A7616987DE0DAA28092E43C42D09287C53EA3D1702CAA68AE72
File Size: 9.28 MB, 9283440 bytes
MD5: 4edd056932b0d10b46dfacafb6dcb93f
SHA1: eababe9e8f7fa3184b0fb488deb0eab467b5c0da
SHA256: 090AFB7CCBB3D60FC2E9DE8EE617B3FD4410EA93FDFF61825EFA41FA7E6EE461
File Size: 7.92 MB, 7917832 bytes
MD5: fee15f9734a493ab7771878b970b30cc
SHA1: b966e479d0d15f1815c826162bde0891c0e38c27
SHA256: E14413EBE5A19F2F5C811040EC463C566D17B4697739F4B4ED4B8ECB50036AC4
File Size: 8.85 MB, 8854960 bytes
MD5: 71b332eb780fc02f5a6678007cefb954
SHA1: 21a0e252df8bf92540b2a3de24da487a816d476e
SHA256: 47EB528FFA05EE631ADDB82A002C278C4708E00F5FD74B4F16C661BA2BD8D17D
File Size: 8.16 MB, 8157168 bytes
MD5: b16f4fde456cdb6ff340baf4a747bf9d
SHA1: 6e61aebf6c0d986c75d859e7010840a9a36dfeb5
SHA256: F73213A1C2DD6D5541786A65C45C5802C74523305658C7364C0D7C432E575D3E
File Size: 114.69 KB, 114688 bytes
MD5: 644b3e7264d3a9fc6a90d0c6dd6e9b95
SHA1: 643ae730268d29335522110ff45649852e500650
SHA256: D76839C06E234F44124546E0BB140A2816BD9F972E7BDECA2639CC8F2A43DD4B
File Size: 7.94 MB, 7942440 bytes
MD5: 2552a93b2c660cb94c93c854f12b5eda
SHA1: faae589546df52b1d620fd93f4e10664c05a6fb4
SHA256: D8A5EB65901698CA208D5389FB863AC46CF02DC8DA230BD380FD4C3CAF1535ED
File Size: 8.08 MB, 8079776 bytes
MD5: ac1c5796ab110bc07f57593df00d499f
SHA1: 16da43809229dfc4c581f0590bc80556cdfd500d
SHA256: 5168A580BACA814A7AFCB20A8756283A6E080B5D3883B9A815A994EE0AD21EF7
File Size: 7.59 MB, 7594936 bytes
MD5: 04ba6b27d0d137280b6d460381d73a76
SHA1: e08161764b8ba741ba039b9e85d198d64bb527f4
SHA256: 1D453F1797FBC2AC1ADAADB7DA78B2C13BB98771F844D6A6F2570427C811BBD0
File Size: 7.36 MB, 7363848 bytes
MD5: 824b7a2e11b566ecd137e143fd369b88
SHA1: b55918d086b1b5bd7108eb0c4b6d3abd76211505
SHA256: C11CE1D7F8B09A71DF3F3E54645534959E4E5FFA7A158E1E04C3739FFC3AFC1D
File Size: 8.20 MB, 8203144 bytes
MD5: 13ee3748de55ea8ca9cc77db40642441
SHA1: e6d0395a8cc00214dd0bb1f685ae7da9e0c72a64
SHA256: D5AC1B79A03A0FCA31091CD1510BD7302631FF948516FE0CEB39101D5396173F
File Size: 8.17 MB, 8171336 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Build I D 20090624013405
Comments
  • For additional details, visit PortableApps.com
Company Name
  • Mozilla
  • Mozilla Foundation
  • PortableApps.com
File Description
  • Firefox
  • Mozilla Firefox, Portable Edition
  • Mozilla Firefox, Portable Edition (Test)
File Version
  • 4.42
  • 3.5.19.0
  • 3.5.1.0
  • 2.9.9.6
  • 1.9.1
Internal Name
  • 7zS.sfx
  • Mozilla Firefox, Portable Edition
  • Mozilla Firefox, Portable Edition (Test)
Legal Copyright
  • License: MPL 1.1/GPL 2.0/LGPL 2.1
  • Mozilla
  • PortableApps.com and contributors
  • PortableApps.com Installer Copyright 2007-2009 PortableApps.com.
  • PortableApps.com Installer Copyright 2007-2010 PortableApps.com.
Legal Trademarks
  • Firefox is a Trademark of The Mozilla Foundation. PortableApps.com is a Trademark of Rare Ideas, LLC.
  • Mozilla
  • PortableApps.com is a registered trademark of Rare Ideas, LLC.
Original Filename
  • 7zS.sfx.exe
  • crashreporter.exe
  • FirefoxPortableLegacy35_3.5.19_Spanish.paf.exe
  • FirefoxPortable_3.5.1_English.paf.exe
  • Firefox_Portable_3.0_Beta_4_en-us.paf.exe
Portable Apps.com App I D FirefoxPortableLegacy35
Portable Apps.com Format Version 2.0
Portable Apps.com Installer Version
  • 2.0.8.0
  • 0.91.7.0
  • 0.9.9.0
Product Name
  • Firefox
  • Mozilla Firefox, Portable Edition
  • Mozilla Firefox, Portable Edition (Test)
Product Version
  • 4.42
  • 3.5.19.0
  • 3.5.1.0
  • 2.9.9.6
  • 1.9.1

Digital Signatures

Signer Root Status
Rare Ideas, LLC Rare Ideas, LLC Self Signed
Mozilla Corporation Thawte Premium Server CA Root Not Trusted

File Traits

  • x86

Block Information

Similar Families

  • Agent.AAFA
  • PoisonIvy.Q

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\browserconfig.properties Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\browserconfig.properties Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\chrome Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\chrome\es-ar.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\chrome\es-ar.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\chrome\es-ar.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\chrome\es-ar.manifest Synchronize,Write Attributes
Show More
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\crashreporter-override.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\crashreporter-override.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\crashreporter.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\crashreporter.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\pref Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\pref\firefox-l10n.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\pref\firefox-l10n.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\bookmarks.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\bookmarks.html Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\chrome Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\chrome\userchrome-example.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\chrome\userchrome-example.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\chrome\usercontent-example.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\chrome\usercontent-example.css Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\localstore.rdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\localstore.rdf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\mimetypes.rdf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\defaults\profile\mimetypes.rdf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\old-homepage-default.properties Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\old-homepage-default.properties Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\readme.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\readme.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\amazondotcom.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\amazondotcom.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\creativecommons.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\creativecommons.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\drae.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\drae.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\google.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\google.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\mercadolibre-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\mercadolibre-ar.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\wikipedia-es.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\wikipedia-es.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\yahoo-ar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\searchplugins\yahoo-ar.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\uninstall Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\uninstall\helper.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\uninstall\helper.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\updater.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\localized\updater.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\accessiblemarshal.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\accessiblemarshal.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\application.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\application.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\blocklist.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\blocklist.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\browser.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\browser.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\browser.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\browser.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\classic.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\classic.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\classic.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\classic.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\comm.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\comm.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\comm.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\comm.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\pippki.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\pippki.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\pippki.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\pippki.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\reporter.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\reporter.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\reporter.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\reporter.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\toolkit.jar Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\toolkit.jar Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\toolkit.manifest Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\chrome\toolkit.manifest Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\aboutrights.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\aboutrights.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\aboutrobots.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\aboutrobots.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\browser.xpt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\browser.xpt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\browserdirprovider.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\browserdirprovider.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\brwsrcmp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\brwsrcmp.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedconverter.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedconverter.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedprocessor.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedprocessor.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedwriter.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\feedwriter.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\fuelapplication.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\fuelapplication.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\jsconsole-clhandler.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\jsconsole-clhandler.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsaddonrepository.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsaddonrepository.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbadcerthandler.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbadcerthandler.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsblocklistservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsblocklistservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbrowsercontenthandler.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbrowsercontenthandler.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbrowserglue.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsbrowserglue.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nscontentdispatchchooser.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nscontentdispatchchooser.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nscontentprefservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nscontentprefservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsdefaultclh.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsdefaultclh.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsdownloadmanagerui.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsdownloadmanagerui.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsextensionmanager.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsextensionmanager.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nshandlerservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nshandlerservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nshelperappdlg.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nshelperappdlg.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nslivemarkservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nslivemarkservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nslogininfo.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nslogininfo.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsloginmanager.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsloginmanager.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsloginmanagerprompter.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsloginmanagerprompter.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsmicrosummaryservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsmicrosummaryservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsplacestransactionsservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsplacestransactionsservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nspostupdatewin.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nspostupdatewin.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsproxyautoconfig.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsproxyautoconfig.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssafebrowsingapplication.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssafebrowsingapplication.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssearchservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssearchservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssearchsuggestions.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssearchsuggestions.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssessionstartup.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssessionstartup.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssessionstore.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssessionstore.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssetdefaultbrowser.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssetdefaultbrowser.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssidebar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nssidebar.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nstaggingservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nstaggingservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nstrytoclose.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nstrytoclose.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsupdateservice.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsupdateservice.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlclassifierlib.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlclassifierlib.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlclassifierlistmanager.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlclassifierlistmanager.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlformatter.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nsurlformatter.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nswebhandlerapp.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\nswebhandlerapp.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\pluginglue.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\pluginglue.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\storage-legacy.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\storage-legacy.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\txexsltregexfunctions.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\txexsltregexfunctions.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\webcontentconverter.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\components\webcontentconverter.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter-override.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter-override.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\crashreporter.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\autoconfig Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\autoconfig\platform.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\autoconfig\platform.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\autoconfig\prefcalls.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\autoconfig\prefcalls.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\pref Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\pref\channel-prefs.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\pref\channel-prefs.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\pref\firefox-branding.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs3481.tmp\nonlocalized\defaults\pref\firefox-branding.js Synchronize,Write Attributes

4837 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKLM\software\wow6432node\mozilla::firefoxinstallertest Write Test RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ª RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ĉ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://intercomplustula.ru/logo.gifhttp://gocekmanti.com/imag RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 㑞㗊 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 RegNtPreCreateKey
HKCU\software\apcr::u2_1 泺牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 ༾脦 RegNtPreCreateKey
HKCU\software\apcr::u2_2 앟 RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 ㌣儵 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䌆地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 ᝦ쩾 RegNtPreCreateKey
HKCU\software\apcr::u2_4 헋즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 ഄ汎 RegNtPreCreateKey
HKCU\software\apcr::u2_5 慄㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 ꐆ RegNtPreCreateKey
HKCU\software\apcr::u2_6 钴깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 뷻 RegNtPreCreateKey
HKCU\software\apcr::u2_7 ヾ⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 룾긲 RegNtPreCreateKey
HKCU\software\apcr::u2_8 軡錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 꽧ﲳ RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᖃ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 귋삚 RegNtPreCreateKey
HKCU\software\apcr::u2_10 齥矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 았瑫 RegNtPreCreateKey
HKCU\software\apcr::u2_11 폍 RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation

Shell Command Execution

.\setup.exe

Trending

Most Viewed

Loading...