System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files
The following files were analyzed:
85da022b0171b2072867e95c6752b662.exe
 | The following files have been added to the system: |
| - %TEMP%\TeamViewer\Version7\tvinfo.ini
- %PROGRAMFILES%\symen\enativ\apps\STV.exe
- %TEMP%\TeamViewer\Version7\tv_w32.dll
- %PROGRAMFILES%\symen\enativ\update.log
- %TEMP%\TeamViewer\Version7\x86\TVMonitor.inf
- %TEMP%\TeamViewer\Version7\tv_x64.dll
- %TEMP%\TeamViewer\Version7\TeamViewer_StaticRes.dll
- %TEMP%\7ZipSfx.000\dsfVorbisDecoder.dll
- %TEMP%\7ZipSfx.000\config.txt
- %TEMP%\TeamViewer\Version7\TeamViewer_Service.exe
- %TEMP%\7ZipSfx.000\branding.ini
- %TEMP%\7ZipSfx.000\vp8encoder.dll
- %PROGRAMFILES%\symen\enativ\autoupdate.exe
- %TEMP%\TeamViewer\Version7\x86\tvmonitor.cat
- %TEMP%\7ZipSfx.000\install.cmd
- %TEMP%\7ZipSfx.000\Hebrew.lg
- %TEMP%\TeamViewer\Version7\TeamViewer_Desktop.exe
- %TEMP%\7ZipSfx.000\RWLN.dll
- %TEMP%\7ZipSfx.000\dsfVorbisEncoder.dll
- %TEMP%\7ZipSfx.000\msvcr90.dll
- %TEMP%\7ZipSfx.000\Microsoft.VC90.CRT.manifest
- %TEMP%\TeamViewer\Version7\TeamViewer.exe
- %TEMP%\7ZipSfx.000\rfusclient.exe
- %PROGRAMFILES%\symen\enativ\apps\QAgent.exe
- %TEMP%\7ZipSfx.000\RIPCServer.dll
- %TEMP%\7ZipSfx.000\settings.dat
- %TEMP%\7ZipSfx.000\gdiplus.dll
- %TEMP%\TeamViewer\Version7\TeamViewer.ini
- %TEMP%\7ZipSfx.000\msvcp90.dll
- %TEMP%\7ZipSfx.000\logo.png
- %TEMP%\TeamViewer\Version7\x86\TVMonitor.sy_
- %TEMP%\7ZipSfx.000\Logs\rms_log_2012-07.html
- %PROGRAMFILES%\symen\enativ\apps\RemoteNativ.exe
- %TEMP%\TeamViewer\Version7\tv_x64.exe
- %TEMP%\TeamViewer\Version7\tv_w32.exe
- %TEMP%\7ZipSfx.000\vp8decoder.dll
- %TEMP%\TeamViewer\Version7\TeamViewer_Resource_en.dll
- %TEMP%\7ZipSfx.000\English.lg
- %TEMP%\7ZipSfx.000\rutserv.exe
- %TEMP%\7ZipSfx.000\EULA.rtf
- %ALLUSERSPROFILE%\Desktop\ .lnk
|
| The following files were temporarily written to disk then later removed: |
| - %TEMP%\TeamViewer\Version7\tvqsfiles.7z
- %TEMP%\nsgF.tmp\System.dll
- %TEMP%\nsgF.tmp\ReadCustomerData.dll
- %TEMP%\nsgF.tmp\nsis7z.dll
- %TEMP%\TeamViewer\Version7\tvqsfilesx86.7z
- %TEMP%\TeamViewer\Version7\TeamViewer98.ini
- %TEMP%\nsgF.tmp\TvGetVersion.dll
- %TEMP%\TeamViewer\Version7\custom.7z
|
 | The following registry elements have been created: |
| - HKEY_CURRENT_USER\SOFTWARE\ENATIV\
- HKEY_CURRENT_USER\SOFTWARE\ENATIV\STV\
- HKEY_CURRENT_USER\SOFTWARE\USORIS\
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\
|
| The following registry elements have been changed: |
| - HKEY_CURRENT_USER\SOFTWARE\ENATIV\STV\TEMPFULLPATH
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\CALENDARRECORDSETTINGS = [binary data]
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\CALLBACKSETTINGS = FF-FE
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\FUSCLIENTPATH = %TEMP%\7ZipSfx.000\rfusclient.exe
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\NOTIFICATION = [binary data]
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\OPTIONS = [binary data]
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\PASSWORD = DB5B36CED7624D82EE0DD85374A3390D198638503D80DC16BECFB8CB284B3709E020B14CE61DBE0990647C99B6BA34FCA8F3027CF528351FC5B6A59C19048A04
- HKEY_CURRENT_USER\SOFTWARE\USORIS\REMOTE UTILITIES\SERVER\PARAMETERS\USERACCESS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%TEMP%\nsgF.tmp\
|
 | The applications attempted the following network connection(s): |
| - hxxp://www.enativ.com/downloads/*****
|
אין תגובות:
הוסף רשומת תגובה