Vittalia Downloader

Categoria: Adware e PUA Opzioni di protezione ora disponibili:04 feb 2014 23:18:56 (GMT)
Tipo: Adware Ultimo aggiornamento:23 lug 2014 12:15:31 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Vittalia Downloader include:

Example 1

File Information

Size
4.7M
SHA-1
001cb3c0a375bc7c2b966ed8f2edbc463c5cbbf4
MD5
c57e9fb8b2124deffd29c0267401df4d
CRC-32
24b28470
File type
application/x-ms-dos-executable
First seen
2014-04-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdo_terms.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8Installer.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8Installer.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    2d38eb401d54cbddf252be1f20d73e79d0835bdf
    MD5
    3340e09dc1685d3e0c0a3f78dc3a619b
    CRC-32
    7b6aca05
    File type
    Windows executable
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\4da8fondo.bmp
    Size
    207K
    SHA-1
    c325859bfc43c725f4d53ed0ee3374c5a6cd19b9
    MD5
    6f860948f38cfc250b61b52dcfad946d
    CRC-32
    5ffad4f0
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-12
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
    Size
    303K
    SHA-1
    fa61636765719f3b576e66c3978f0ccb88541191
    MD5
    fc4f1a36459d576430e9c51045e4e9c9
    CRC-32
    b78165ed
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    769K
    SHA-1
    abd9e0ebf6741fb7070d2a487787cd5826b14000
    MD5
    4c95a2aecde38d1431b04289f44f55cd
    CRC-32
    95b15dc9
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-25
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\nsy3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_baseflash.bmp
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    68503265
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller\versions\674616
    LogoUrl
    http://media.sftvit.com/icoinstall/programs/Ares%20copia.png
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\4da8installer.exe
HTTP Requests
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.eebbvt.eu/cmd/api.php
  • http://xmlinstcp.eebbvt.eu/cmd/geo.php
  • http://xmlinstcp.eebbvt.eu/cmd/log.php
  • http://xmlinstcp.eebbvt.eu/cmd/report.php
DNS Requests
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.eebbvt.eu

Example 2

File Information

Size
4.9M
SHA-1
00200a78edc5df1d88dee459edca2d209027eed0
MD5
ec4c007f43192240dc96e9c5e3efdc5c
CRC-32
51ae59eb
File type
Windows executable
First seen
2014-05-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\square_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\d65dInstaller.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdo_terms.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    769K
    SHA-1
    abd9e0ebf6741fb7070d2a487787cd5826b14000
    MD5
    4c95a2aecde38d1431b04289f44f55cd
    CRC-32
    95b15dc9
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-25
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\d65dheader.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\d65dInstaller.exe
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\d65dfondo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_baseflash.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_driverscanner.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nss3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    2d38eb401d54cbddf252be1f20d73e79d0835bdf
    MD5
    3340e09dc1685d3e0c0a3f78dc3a619b
    CRC-32
    7b6aca05
    File type
    Windows executable
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    68997692
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\d65dinstaller.exe
HTTP Requests
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.eebbvt.eu/cmd/api.php
  • http://xmlinstcp.eebbvt.eu/cmd/geo.php
  • http://xmlinstcp.eebbvt.eu/cmd/log.php
  • http://xmlinstcp.eebbvt.eu/cmd/report.php
DNS Requests
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.eebbvt.eu

Example 3

File Information

Size
4.7M
SHA-1
006949a9764b0e3843944b2b41fc452d92c502aa
MD5
785144af447fdc3b7bed066161e64322
CRC-32
0f5fd5b9
File type
Windows executable
First seen
2014-04-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\logo_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_sample.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_it.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\systemspeedup_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_aartemis.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_boxore_tp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\tubedimmer_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\hao123_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\lollipop_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_name.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_tubedimmer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_sharpsavings.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw5.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\0fa0Installer.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\3dboxes_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_msie_firefox_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ajax_loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\richtext1.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pl.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_freesofttoday.bmp
    Size
    2.4K
    SHA-1
    0678bf2c2209c04a78a1e8b01c6542b6372cb7e1
    MD5
    ac70f12c9d1b66ba1a647a15f68b969e
    CRC-32
    64aff1d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-02-05
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_jp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_fr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\searchprotect_whitesmoke_text.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\square_mypcbackup.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\0fa0Installer.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\falcon_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\0fa0header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\bubbledock_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-kingbrowse.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_pt.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\snapdo_terms.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\ExecDos.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_es.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcspeedup.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\instloffer.exe
    Size
    769K
    SHA-1
    abd9e0ebf6741fb7070d2a487787cd5826b14000
    MD5
    4c95a2aecde38d1431b04289f44f55cd
    CRC-32
    95b15dc9
    File type
    application/x-ms-dos-executable
    First seen
    2014-04-25
  • c:\Documents and Settings\test user\Local Settings\Temp\license.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pcfaster_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\moreinfo_boxore.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mockup_softwareupdater.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricemeter_image.bmp
    Size
    303K
    SHA-1
    dd9dd6d163a30e424347304c8d526e71f45dd0f4
    MD5
    dcbea225dec3b0f563daedea1b6354d4
    CRC-32
    385b80d6
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\mypcbackup_title.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\irobinhood_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_bubbledock.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_webstroller_softpublisher.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\sharpsavings_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\costmin_moreinfo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\BgWorker.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\square_passwidget.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nse7.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\tb_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_weatherapp.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_utilsbar.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker_developer.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vbates.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_lollipop.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\config.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\square_falcon.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\nsURL.dll
    Size
    278K
    SHA-1
    2d38eb401d54cbddf252be1f20d73e79d0835bdf
    MD5
    3340e09dc1685d3e0c0a3f78dc3a619b
    CRC-32
    7b6aca05
    File type
    Windows executable
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\passwidget_image3.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\mysearchdial_chrome_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_offerbox.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\optimizerpro_image1.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_optimizerpro.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pcfaster.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_tr.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\freesofttoday_image1_en.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\buenosearch_image.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_saveclicker.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\pricepeep_logo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_vuupc.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw5.tmp\nsURL.dll
    Size
    278K
    SHA-1
    2d38eb401d54cbddf252be1f20d73e79d0835bdf
    MD5
    3340e09dc1685d3e0c0a3f78dc3a619b
    CRC-32
    7b6aca05
    File type
    Windows executable
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\square_pricepeep.bmp
  • c:\Documents and Settings\test user\Local Settings\Application Data\temp\0fa0fondo.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_irobinhood.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\square_baseflash.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\nsMath.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\version.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\searchprotect_conduit_text.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw5.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\tkDecript.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn3.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\logo-highliteapp.bmp
    Size
    37K
    SHA-1
    75592ddaa0bdfaf8a21da0d12479c2c00dfeee3f
    MD5
    c4b15f2513eb8cf5b1507c6891bef5fb
    CRC-32
    c9020ea4
    File type
    Device-independent bitmap (DIB) file
    First seen
    2014-04-03
Registry Keys Created
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller
    enduser_id
    68589895
  • HKLM\SOFTWARE\Vittalia\AxtanInstaller\versions\665307
    LogoUrl
    http://media.sftvit.com/icoinstall/programs/whatsapp.png
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\temp\0fa0installer.exe
HTTP Requests
  • http://app.bestdriverget.net/28/tmps.g23,http://app.bardatafree.net/28/tmps.g23,http://app.applicationdir.net/28/tmps.g23
  • http://app.bluefilelifemy.net/28
  • http://app.bluefilelifemy.net/28/
  • http://app.bluefilelifemy.net/28/scstmp.exe
  • http://app.bluefilelifemy.net/28/tmps.g23
  • http://counter.d.adapd.com/blank.gif
  • http://d.adapd.com/widget/render/hash/5afe7be23f2928d3811f7f81da6c9335
  • http://dld.baseflash.com/ProtectbaseflashSetup.exe
  • http://download.saveclickersoft.info/
  • http://media.vitkvitk.com/xmlstatic/ads/afterdownload/seo_progress_bar.html
  • http://media.vitkvitk.com/xmlstatic/installers/software/updater/softwareupdater.exe
  • http://support.saveclickersoft.info/
  • http://www.uplstatsone.com/cmd/api.php
  • http://www.uplstatsone.com/cmd/report.php
  • http://xmlinstcp.ddbbvt.eu/cmd/precompiled.html
  • http://xmlinstcp.eebbvt.eu/cmd/api.php
  • http://xmlinstcp.eebbvt.eu/cmd/geo.php
  • http://xmlinstcp.eebbvt.eu/cmd/log.php
  • http://xmlinstcp.eebbvt.eu/cmd/report.php
DNS Requests
  • app.bestdriverget.net
  • app.bluefilelifemy.net
  • counter.d.adapd.com
  • d.adapd.com
  • dld.baseflash.com
  • download.saveclickersoft.info
  • media.vitkvitk.com
  • pf.dlcvit.com
  • sts.baseflash.com
  • support.saveclickersoft.info
  • www.uplstatsone.com
  • xmlinstcp.ddbbvt.eu
  • xmlinstcp.eebbvt.eu

scarica Prova gratuita dei prodotti Sophos
Scarica subito