ClickPotato Installer

Categoría: Programas no deseados Protección disponible desde:14 feb 2011 05:36:58 (GMT)
Tipo: Adware Última actualización:10 jun 2013 17:18:51 (GMT)

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of ClickPotato Installer include:

Example 1

File Information

Size
174K
SHA-1
000279f82fcf3ad79b26a290b3dcdc0a8170e1c8
MD5
23a8c72685e19ec07581c8d789d4d3cf
CRC-32
de830ca3
File type
application/x-ms-dos-executable
First seen
2011-03-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\30ee81c7-7267-4724-b9a5-25c296c00669
    Size
    388
    SHA-1
    e2ce0c2b400c8f0796a6157f01b110c127b017dc
    MD5
    021f58eb5a268c4b7b20e83f2614ffeb
    CRC-32
    ea3e441f
    File type
    application/octet-stream
    First seen
    2011-03-09
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\f87e26db85ab04461d0f241563b72a42_26c19984-2a01-45b5-a7b3-a568af60c200
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
    • Changed the file contents
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011030920110310
    CacheRepair
    0x00000000
HTTP Requests
  • http://CSC3-2004-crl.verisign.com/CSC3-2004.crl
  • http://DOwnloads.Pinballcorp.com/downloads/valueadd/ping/ping.htm
  • http://crl.verisign.com/pca3.crl
  • http://ics.shopperreports.com/InstallUI/SrSGatewayFallback01/89/index.htm
DNS Requests
  • DOwnloads.Pinballcorp.com
  • config.shopperreports.com
  • crl.verisign.com
  • csc3-2004-crl.verisign.com
  • ics.shopperreports.com
  • te.shopperreports.com

Example 2

File Information

Size
342K
SHA-1
00037a772db5abdc62f130968d0a4039d75afb17
MD5
5bf5b4affe51bab74775a067a95d200d
CRC-32
d6f74869
File type
Windows executable
First seen
2007-08-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
    Size
    533
    SHA-1
    79b4c17e557a88690e4d78ded1b3c49ec1149fdb
    MD5
    88e238c40034e498e5dcf4ae646f260a
    CRC-32
    34fc18ad
    File type
    Encoded certificate
    First seen
    2012-12-15
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    48K
    SHA-1
    c9d6a3815f63d8079424120a54cb67703f6d6813
    MD5
    34ebbf981dcc94a964aabd260b0d14b6
    CRC-32
    0441efaa
    File type
    Microsoft CAB archive
    First seen
    2012-11-19
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    124
    SHA-1
    5b042cc95af83987d8ad0e1519b25a20ebe35e16
    MD5
    967d98eee6976bb981481cdb56249414
    CRC-32
    da62ec63
    File type
    Unspecified binary - probably data
    First seen
    2013-03-17
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    b775aa241be26b66f718ddae53acc68bcb3c362f
    MD5
    56fc1f7974fbe98fcf36726a9c23c4e0
    CRC-32
    82519ad9
    File type
    Unspecified binary - probably data
    First seen
    2013-03-17
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    93K
    SHA-1
    24d113da896904533ee56c9198c1ef202b0c6e63
    MD5
    e0516dee9b743894773ed4e3f097616c
    CRC-32
    3cc132ca
    File type
    application/octet-stream
    First seen
    2013-03-16
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
    Size
    100
    SHA-1
    9af92d46aea5be1e1dab0e8c28bc506f2516fa8e
    MD5
    d49b111fdcb38b594c2f7e4e2b35434c
    CRC-32
    62bfb694
    File type
    Unspecified binary - probably data
    First seen
    2013-03-17
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\2ef0192446d663cf6cab70018f1f5511_26c19984-2a01-45b5-a7b3-a568af60c200
    Size
    62
    SHA-1
    e5ee192310838de566bf346ccff580e2802225c2
    MD5
    c6851bf35c3976efc49612efa061526a
    CRC-32
    7687221b
    File type
    Unspecified binary - probably data
    First seen
    2011-09-08
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\3896ccf0-9bec-49e7-9ed4-60a7df17eb69
    Size
    388
    SHA-1
    b409b95c982d5dcccb76db4596a08d9a9fef38c6
    MD5
    870fa60369255d1d8e2ea0054a747108
    CRC-32
    ef434b40
    File type
    Unspecified binary - probably data
    First seen
    2013-03-17
  • c:\Documents and Settings\test user\Local Settings\Temp\apb4.tmp
    Size
    342K
    SHA-1
    81aeb20c555c7af70f3556d0704736fe917cb380
    MD5
    7af745b4d81822568579651e316df667
    CRC-32
    053ee1d0
    File type
    Windows executable
    First seen
    2013-03-14
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013031720130318
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□□□□□□□□□□□6□@h□ □□P□□ □□ □□□7□0□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0□□□□□□□□□□□□□□□□□□□□p□□□g□□□□□□□PW□0□□□□□□ □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□ [... 1404 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    apb4.tmp
Processes Created
  • c:\docume~1\support\locals~1\temp\apb4.tmp
  • c:\docume~1\support\locals~1\temp\rpchecker.exe
HTTP Requests
  • http://a.dallasafterdusk.com/IC/GPLAppBundler95/45330/0/6764ae7b-1d54-49e5-bbf8-d5976ca54366/XvidSetup.exe
  • http://cache-download.real.com/free/windows/mrkt/log.txt
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://img.skyactivate.com/uci/software/bg.jpg
  • http://img.skyactivate.com/uci/software/bt_cancel.png
  • http://img.skyactivate.com/uci/software/bt_next.png
  • http://img.skyactivate.com/uci/software/dialog-system.gif
  • http://img.skyactivate.com/uci/software/logo/xvid.jpg
  • http://img.skyactivate.com/uci/software/ravenbleu.png
  • http://install.skyactivate.com/installer/session/software/1931344/1315332/
  • http://install.skyactivate.com/logger/software/hit/1931344/1315332/
  • http://js.skyactivate.com/uci/jquery.js
  • http://js.skyactivate.com/uci/software.js
  • http://s.liteflames.com/InstallUI/AppBundlerIndirect_FMF/222/index.htm
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • a.dallasafterdusk.com
  • b.liteflames.com
  • cache-download.real.com
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • img.skyactivate.com
  • install.skyactivate.com
  • js.skyactivate.com
  • s.liteflames.com
  • uci.onlinedl.info
  • www.download.windowsupdate.com

Example 3

File Information

Size
341K
SHA-1
0003bde96320f62e402eba7e5641ea5257c55be8
MD5
b87e45081163122884b7622b9c5260be
CRC-32
8fbf3fb5
File type
Windows executable
First seen
2013-03-29

Runtime Analysis

HTTP Requests
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
DNS Requests
  • b.liteflames.com
  • www.download.windowsupdate.com

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita