今天逛毒网区的一个帖子,http://bbs.kafan.cn/thread-2064122-1-1.html 打开毒网后,诺顿IPS 不负众望的拦截了,拦截后的瞬间,我的idm(破解版来自http://bbs.kafan.cn/thread-1627835-1-1.html)被sonar 干掉了!以前idm从来没有被sonar 击杀过,所以我怀疑是idm试图建立毒网的下载任务,而这个毒网被IPS拦截,所以导致sonar认为idm 有危险行为。所以IPS和so纳入有联动?@驭龙
[mw_shl_code=css,true]Filename: idman.exe
Threat name: SONAR.MalTraffic!gen3Full Path: Not Available
____________________________
____________________________
On computers as of
2016/11/6 at 18:41:00
Last Used
2016/11/6 at 18:41:00
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
____________________________
idman.exe Threat name: SONAR.MalTraffic!gen3
Locate
Few Users
Hundreds of users in the Norton Community have used this file.
Mature
This file was released 3 months ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
idman.exe
____________________________
File Actions
File: c:\program files (x86)\internet download manager\ idman.exe Threat Removed
File: c:\users\m\appdata\roaming\idm\ defextmap.dat Threat Removed
File: c:\users\m\appdata\roaming\idm\ urlexclist.dat Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\meta-inf\ zigbert.rsa Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\ chrome.manifest Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\ icon.png Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\ install.js Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\ install.rdf Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\chrome\ idmmzcc.jar Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components\ idmhelper5.js Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components\ iidmhelper5.xpt Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components\ iidmmzcc.xpt Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components2\ idmhelper.js Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components2\ iidmhelper.xpt Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\components2\ iidmmzcc.xpt Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\meta-inf\ manifest.mf Threat Removed
File: c:\users\m\appdata\roaming\idm\idmmzcc5\meta-inf\ zigbert.sf Threat Removed
File: c:\users\m\appdata\roaming\idm\scheduler\ q_1.dt Threat Removed
File: c:\users\m\appdata\roaming\idm\ cnlurllist.dat Threat Removed
Directory: c:\users\m\appdata\roaming\idm\dwnldata\m\ 903-win-x64_444 No Action Required
Directory: c:\users\m\appdata\roaming\idm\dwnldata\m\ 1478428920f1_0 No Action Required
____________________________
Registry Actions
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl1_str:使用 IDM 下载, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlAll_str:使用 IDM 下载全部链接, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlFLV_str:下载最近一次请求的 FLV 视频, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl10FLV_str:从最近十次请求的 FLV 视频中选择, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlppFLV_str:使用 IDM 下载 FLV 视频, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlFLVa_str:使用 IDM 下载最近一次请求的 FLV 视频, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl10FLVa_str:使用 IDM 下载最近十次请求的 FLV 视频, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl1_str:Download with IDM, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlAll_str:Download all links with IDM, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlFLV_str:Download last requested FLV video, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl10FLV_str:Choose from 10 last requested FLV videos, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlppFLV_str:Download FLV video with IDM, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownlFLVa_str:Download last requested FLV video with IDM, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->ffdownl10FLVa_str:Download FLV videos with IDM from 10 last requested, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ 使用 IDM 下载->contexts:243, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->iedownl1_str:使用 IDM 下载, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ 使用 IDM 下载全部链接->contexts:243, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ menuExt->iedownlAll_str:使用 IDM 下载全部链接, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ {E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}->AppName:IDMan.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}->AppPath:C:\Program Files (x86)\ Internet Download Manager, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ {E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}->Policy:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ {1902485B-CE75-42C1-BA2D-57E660793D9A}->AppName:IEMonitor.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}->AppPath:C:\Program Files (x86)\ Internet Download Manager, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ {1902485B-CE75-42C1-BA2D-57E660793D9A}->Policy:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\ {19129CDA-AFC0-4330-99BC-C5A834F89006}->AppName:IDMan.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}->AppPath:C:\Program Files (x86)\ Internet Download Manager, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\ {19129CDA-AFC0-4330-99BC-C5A834F89006}->Policy:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->EnableDriver:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->lastintres:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Mozilla\SeaMonkey\Extensions->mozilla_cc@internetdownloadmanager.com:C:\Users\M\AppData\Roaming\IDM\ idmmzcc5, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Mozilla\SeaMonkey\Extensions->mozilla_cc2@internetdownloadmanager.com:C:\Program Files (x86)\Internet Download Manager\ idmmzcc2.xpi, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager->ExePath:C:\Program Files (x86)\Internet Download Manager\ idman.exe, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->idmvers:v6.25b25 Full, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->radxcnt:152, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->TrayIcon:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 392->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 393->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 394->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 395->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 398->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 399->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 400->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 401->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 402->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 403->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 405->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 406->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 409->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 410->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 411->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 412->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 413->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 415->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 416->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 417->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 418->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 419->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 420->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 421->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 422->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 423->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 426->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 427->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 428->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 429->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 430->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 431->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 432->Status:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 434->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 435->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 436->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 437->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 438->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 439->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 440->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 441->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 442->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 443->Status:3, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->isSSW_OK:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->LargeButtons:1, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->ToolbarStyle:3D Style, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->LargeButtons:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\ DownloadManager->ToolbarStyle, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ maxID->maxID:443, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ Queue->Queue:432, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Tencent\ QQPinyin->SkinGUIDMini:10000000-0000-0000-0000-000000000001, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Tencent\ QQPinyin->SkinFileNameMini, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ Internet Settings->ProxyEnable:0, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ Connections->SavedLegacySettings:..., Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ Content->CachePrefix, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ Cookies->CachePrefix:Cookie:, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ History->CachePrefix:Visited:, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ Queue->Queue:432 444, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\444\ ChList, Registry Hive: 64 bit Repaired
Registry change: HKEY_USERS\S-1-5-21-3354391888-1156723752-2331256929-1001\SOFTWARE\DownloadManager\ 444, Registry Hive: 64 bit Repaired
____________________________
Network Actions
Event: Network activity (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
____________________________
System Settings Actions
Event: Process start (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
(Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components\ idmmzcc.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components12\ idmmzcc.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components12\ idmmzcc64.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components2\ idmmzcc.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components2\ idmmzcc64.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components2\ idmcchandler2.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: PE file creation: c:\Users\M\AppData\Roaming\IDM\idmmzcc5\components2\ idmcchandler2_64.dll (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: Process start: c:\program files (x86)\internet download manager\ iemonitor.exe, PID:8364 (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: Process start: c:\program files (x86)\Tencent\QQPinyin\5.4.3311.400\ qqpyservice.exe, PID:4364 (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
Event: Process start: c:\program files (x86)\Tencent\QQPinyin\5.4.3311.400\ qqpyservice.exe, PID:10824 (Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
____________________________
Suspicious Actions
(Performed by c:\program files (x86)\internet download manager\idman.exe, PID:7100) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
[/mw_shl_code]
查了一下这个SONAR.MalTraffic!gen3报法,好像是和网络行为有关,SONAR.MalTraffic!gen3 is a heuristic detection that is designed to detect variants of known malicious threats based on their network characteristics.
https://us.norton.com/security_r ... 2015-102023-1622-99
|
发表于 2016-11-9 10:19:39
楼主
