Linkury Smartbar

By ESGI Advisor in Browser Plugins

Threat Scorecard

Popularity Rank:	5,096
Threat Level:	20 % (Normal)
Infected Computers:	251,845

First Seen:	March 7, 2013
Last Seen:	January 29, 2026
OS(es) Affected:	Windows

Linkury Smartbar is an adware program, developed by Linkury Inc. that comes in the form of a browser add-on. It covers all of the biggest browsers - Google Chrome, Mozilla Firefox and Internet Explorer. Linkury SmartBar may turn out to be difficult to remove and all in all it is pretty useless, so it is classified as a Potentially Unwanted Program (PUP). The official definition of the Linkury SmartBar is a "content engagement tool". This means that it gains access to your search details, visited sites and cookies and, based on them, shows you advertisements you may find attractive. Despite its issues, the creators of Linkury SmartBar recommend it as a browser enhancing tool, this statement appears to be misleading.

How Do You Get Linkury SmartBar?

As most of the adware programs, Linkury SmartBar comes bundled with a free software such as CD burning software that you downloaded and installed. Many people skip the details of the installation process, so they miss the additional programs (in this case, Linkury SmartBar) that come along with their desired software. In order to avoid such unnecessary applications, we recommend always to choose the 'Custom' installation option and carefully read the information in each stage of the process. This way you will not be misled into installing something you don't want to.

How Does Linkury SmartBar Function?

Linkury SmartBar replaces your default homepage with " search.snapdo.com" and your primary search engine with Feed.helperbar.com with the sole purpose of connecting you to various retailers. Some of the advertisements appear in the shape of constant and irritating pop-up messages. As the Linkury SmartBar refers you to third-party sites, they earn a referral commission. Because they want to maximize their revenues, you may find yourself flooded with advertisements and spam.

The real danger, however, stands in the fact that Linkury SmartBar is associated with suspicious activities and may sometimes redirect you to possibly harmful sites. Linkury SmartBar uses your computer resources and so many users report that following the installation of this adware they find their browsers slower than usual. Browser crashes are often observed as well, and you may find these side effects quite annoying.

Manual uninstallation may not be effective against the Linkury SmartBar. For this reason, specialists recommend using a specially designed anti-malware program. This automatic method is simple and reliable. Apart from finding and deleting all files associated with the Linkury SmartBar, the anti-malware software will help you avoid such complications and many others infiltrations in the future.

Aliases

6 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Panda	PUP/LinkUry
Comodo	ApplicUnwnt
Ikarus	not-a-virus:AdWare.MSIL
Fortinet	Adware/MSIL_Agent
Kaspersky	not-a-virus:AdWare.MSIL.Agent.af
Symantec	WS.Reputation.1

SpyHunter Detects & Remove Linkury Smartbar

File System Details

Linkury Smartbar may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	uninstall.exe	5b5380b129110f1ca8fe26b57543ffec	6,062
Name: uninstall.exe MD5: 5b5380b129110f1ca8fe26b57543ffec Size: 3.62 MB (3622912 bytes) Detections: 6,062 Type: Executable File Path: %COMMONPROGRAMFILES%\light-lab\uninstall.exe Group: Malware file Last Updated: February 22, 2024
2.	Smartbar.exe	1135b0ba618108cd838c0250a779d38b	2,218
Name: Smartbar.exe MD5: 1135b0ba618108cd838c0250a779d38b Size: 28.96 KB (28968 bytes) Detections: 2,218 Type: Executable File Path: C:\Users\<username>\Desktop\dati salvati\AppData\Local\Smartbar\Application\Smartbar.exe Group: Malware file Last Updated: August 9, 2023
3.	Warmdom.exe.vir	5770b1beabdc8aa2eef68cff0420d5f0	957
Name: Warmdom.exe.vir MD5: 5770b1beabdc8aa2eef68cff0420d5f0 Size: 138.75 KB (138752 bytes) Detections: 957 Path: %SYSTEMDRIVE%\AdwCleaner\FileQuarantine\C\ProgramData\Quoteex\Warmdom.exe.vir Group: Malware file Last Updated: January 24, 2026
4.	ServiceInstall.exe	db2b2ab65f30a17e8e1b271ede182186	622
Name: ServiceInstall.exe MD5: db2b2ab65f30a17e8e1b271ede182186 Size: 35.84 KB (35840 bytes) Detections: 622 Type: Executable File Path: C:\ProgramData\Packer\Files\ServiceInstall\ServiceInstall.exe Group: Malware file Last Updated: August 19, 2022
5.	A0049269.rbf	68ff76cbe08d4b6adfda07147c75f8cb	615
Name: A0049269.rbf MD5: 68ff76cbe08d4b6adfda07147c75f8cb Size: 19.27 KB (19272 bytes) Detections: 615 Path: C:\System Volume Information\_restore{49B9E8D2-06D2-4587-8F1A-61FA2C4D43C3}\RP241\A0049269.rbf Group: Malware file Last Updated: July 10, 2025
6.	Linkury.exe	bee18a2821f6fffd15ed9e51f2adcbb8	598
Name: Linkury.exe MD5: bee18a2821f6fffd15ed9e51f2adcbb8 Size: 13.82 KB (13824 bytes) Detections: 598 Type: Executable File Path: %LOCALAPPDATA%\Smartbar\Application Group: Malware file Last Updated: July 16, 2021
7.	A0048337.rbf	784dc8d8bdc929c928b39a1cd123cfcc	338
Name: A0048337.rbf MD5: 784dc8d8bdc929c928b39a1cd123cfcc Size: 19.27 KB (19272 bytes) Detections: 338 Path: C:\System Volume Information\_restore{49B9E8D2-06D2-4587-8F1A-61FA2C4D43C3}\RP235\A0048337.rbf Group: Malware file Last Updated: July 10, 2025
8.	WhiteSmoke.exe	3642d100e0e1cd5f9936b5bff40fb5d7	124
Name: WhiteSmoke.exe MD5: 3642d100e0e1cd5f9936b5bff40fb5d7 Size: 13.31 KB (13312 bytes) Detections: 124 Type: Executable File Path: %LOCALAPPDATA%\Smartbar\Application Group: Malware file Last Updated: March 14, 2014
9.	Luckysave.exe	490c0bcd71a7ef5118a5ab18f6cd768f	117
Name: Luckysave.exe MD5: 490c0bcd71a7ef5118a5ab18f6cd768f Size: 13.82 KB (13824 bytes) Detections: 117 Type: Executable File Path: %LOCALAPPDATA%\Smartbar\Application Group: Malware file Last Updated: April 8, 2014
10.	SnapDo.exe	bcc5abf0b510dfd0d77bd5680db8f175	70
Name: SnapDo.exe MD5: bcc5abf0b510dfd0d77bd5680db8f175 Size: 21.53 KB (21536 bytes) Detections: 70 Type: Executable File Path: %LOCALAPPDATA%\Smartbar\Application Group: Malware file Last Updated: September 27, 2025
11.	A0118661.exe	68eb124634a8e03d0d49320abf6f90be	59
Name: A0118661.exe MD5: 68eb124634a8e03d0d49320abf6f90be Size: 20.27 KB (20272 bytes) Detections: 59 Type: Executable File Path: C:\System Volume Information\_restore{7B9D3E36-6E9B-4FF9-BDD9-C28116800B95}\RP316\A0118661.exe Group: Malware file Last Updated: August 28, 2023
12.	QuickShare.exe	aa53e382caee48ef696c37e1f01a7787	1
Name: QuickShare.exe MD5: aa53e382caee48ef696c37e1f01a7787 Size: 20.24 KB (20248 bytes) Detections: 1 Type: Executable File Path: %LOCALAPPDATA%\Smartbar\Application Group: Malware file Last Updated: October 28, 2013

More files

Registry Details

Linkury Smartbar may create the following registry entry or registry entries:

CLSID

{0ED2C1F5-0D52-3528-8D19-2B3810844C64}

{48791EE8-18B0-3225-94A7-2E912681434F}

{C0525F65-37A6-3CB1-B930-D0AD83655FCD}

{F149A3F1-9BED-3E8D-886C-AC801394E432}

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\LinkurySmartBar.BandObjectAttribute

SOFTWARE\Classes\LinkurySmartBar.DockingPanel

SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm

SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject

Software\Linkury

Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Linkury.exe

SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper

SOFTWARE\Microsoft\Tracing\Linkury_RASAPI32

SOFTWARE\Microsoft\Tracing\Linkury_RASMANCS

SOFTWARE\Microsoft\Tracing\Mntz_Installer_RASAPI32

SOFTWARE\Microsoft\Tracing\Mntz_Installer_RASMANCS

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Linkury Chrome Smartbar

SOFTWARE\mtPlusdax

SOFTWARE\mtSnorler

SOFTWARE\Wow6432Node\Microsoft\Tracing\Linkury_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Linkury_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\Mntz_Installer_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Mntz_Installer_RASMANCS

SOFTWARE\Wow6432Node\mtPlusdax

SOFTWARE\Wow6432Node\mtSnorler

SYSTEM\CurrentControlSet\services\sulpnar

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{4E732E5D-E577-451A-9BB1-CBE64A2CBC2F}

{D96EBFC0-C680-4463-B4F0-299E48771819}

Directories

Linkury Smartbar may create the following directory or directories:

%ALLUSERSPROFILE%\Linkury

%ALLUSERSPROFILE%\MachineHelper

%ALLUSERSPROFILE%\Snorler

%ALLUSERSPROFILE%\Snorlers

%ALLUSERSPROFILE%\afoir

%ALLUSERSPROFILE%\sulpnar

%COMMONPROGRAMFILES%\Doubleplus

%COMMONPROGRAMFILES%\Graveity

%COMMONPROGRAMFILES%\Nimlam

%COMMONPROGRAMFILES%\Sanstring

%COMMONPROGRAMFILES%\StanAir

%COMMONPROGRAMFILES%\Trippletop

%COMMONPROGRAMFILES%\Truejob

%COMMONPROGRAMFILES%\Vilalex

%COMMONPROGRAMFILES%\Vivatax

%COMMONPROGRAMFILES%\Zennix

%COMMONPROGRAMFILES(X86)%\Lightfan

%COMMONPROGRAMFILES(x86)%\Doubleplus

%COMMONPROGRAMFILES(x86)%\Graveity

%COMMONPROGRAMFILES(x86)%\Nimlam

%COMMONPROGRAMFILES(x86)%\Sanstring

%COMMONPROGRAMFILES(x86)%\StanAir

%COMMONPROGRAMFILES(x86)%\Trippletop

%COMMONPROGRAMFILES(x86)%\Truejob

%COMMONPROGRAMFILES(x86)%\Vilalex

%COMMONPROGRAMFILES(x86)%\Vivatax

%COMMONPROGRAMFILES(x86)%\Zennix

%COMMONPROGRAMFILES(x86)%\light-lab

%LOCALAPPDATA%\Linkury

%PROGRAMFILES%\Linkury

%PROGRAMFILES%\Stpro

%PROGRAMFILES(x86)%\Linkury

%PROGRAMFILES(x86)%\Stpro

%Temp%\Shuka

URLs

Linkury Smartbar may call the following URLs:

Linkury Smartbar

Analysis Report

General information

Family Name:	Linkury Smartbar
Signature status:	No Signature

Known Samples

MD5: 6d525804bc88092e51e6e3d904237d07

SHA1: bfb3111d7e2b5c263f399fea296ce00592d3a03b

SHA256: B2165C24859532EB4DB9124157159B5B8456A58CAA1E53C8EF6D684073AA24CA

File Size: 1.90 MB, 1895383 bytes

MD5: cd19ee383e8376d44c0c547ea6b04545

SHA1: 978686de85af863f36f0f7c5cb87cdeaf5f8658e

SHA256: 6F2B53F01E5AE104141C935C5528DA82AD8347A88BC0F5065284D8DA1AF8F18A

File Size: 20.27 KB, 20272 bytes

MD5: 0eb8595554ccddcb4030e6cdd95bfcf8

SHA1: 020c601dfc63e57faed87a6dafb04d0b4c512291

SHA256: DECB9DB846ED39721E3F57C43B8644230C7C1E4F44BCBDEDE1F0056AE2A24153

File Size: 4.84 MB, 4842392 bytes

MD5: 683c492cf16227a2074c7ff8355c0c65

SHA1: cd7362736e4049d253396331e492acb2b9baaf59

SHA256: E1647F11A2AAD248AB2F72AC637D86D1821669ED16213515DB0969FFE4B1CCAE

File Size: 171.21 KB, 171212 bytes

MD5: aa5b746ce339fd0d64730dbcf1ab235a

SHA1: 8d1ee935f3a6589f421c22e9b828fa6da84c80b2

SHA256: 50F693CCABEAA800ADC83B602A3133AF51A05008347881D048A331C816EC4F43

File Size: 171.27 KB, 171268 bytes

MD5: 196b78f15f612b72d9d67a96d157a476

SHA1: eab2353b6053ca68eaa40fb580b7c58632ce3193

SHA256: 1AECE2EE53B282724ACF76F1E5A105A17CC7E823996C6436213014E60A1CB941

File Size: 1.90 MB, 1895382 bytes

MD5: 2cfec9feb70244ff0deca0bafd53f52d

SHA1: 3f891ee76083a48588f27aed62cef66b8c75f788

SHA256: CCA39143B30EF61686CC79155960072E9CAE49ECE1B7C34D4C654CEE73963F30

File Size: 7.50 MB, 7495560 bytes

MD5: 7115df92429aef6bcddf518a4440d6f6

SHA1: 7cefc4a37d9a3a514115dd499556532c52b35a00

SHA256: E2B4E29E795747AEE65201F87359C38A37BB8404047B6AFA29CBBD1596AB0D16

File Size: 4.67 MB, 4668312 bytes

MD5: 235e8b3dd147b3907dbd0450c8ad305e

SHA1: d857dd8d290c03c51b72660f6e0bc0548226a69d

SHA256: 16AC12F6E6AADD281D1BCD329C5D4082D2977703B7F1CA558DE8F800220E98AF

File Size: 1.81 MB, 1808360 bytes

MD5: 1a3441111f3bdff1535ae3b711cde804

SHA1: cfb3bc9bdb14c001d3c24dedbe358719fd63993f

SHA256: 7C0E9F062DEFBDE518B17138E3096E32057A4641A3D491F5DC54C71FCC4881DE

File Size: 4.26 MB, 4261888 bytes

MD5: 55455cc400b5be32ac56b7a553838e0f

SHA1: a8160a50423903941841cbc8c50f272f92b0f36c

SHA256: CF6FFF0624B932105F26562102832DF5A7D136BF9EB18AA32702CC109BA06190

File Size: 1.90 MB, 1895382 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File is .NET application
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.2.0.0 1.0.0.0
Company Name	Microsoft Corporation Yuna Software
File Description	BrowserHelper DTF Self-Extracting Custom Action Messenger Plus! Live Setup Setup of Messenger Plus! 5 Smartbar.Installer.CustomActions
File Version	5.02.0.712 4, 85, 1, 386 4, 85, 0, 386 3.5.2519.0 1.2.0.0 1.0.0.0
Internal Name	BrowserHelper.exe Messenger Plus! MsgPlusLive SfxCA Smartbar.Installer.CustomActions.dll
Legal Copyright	Copyright (C) 2001-2010 Yuna Software Copyright (C) 2001-2011 Yuna Software Copyright (c) Microsoft Corporation. All rights reserved.
Legal Trademarks1	Microsoft® is a registered trademark of Microsoft Corporation.
Legal Trademarks2	Windows® is a registered trademark of Microsoft Corporation.
Original Filename	BrowserHelper.exe Setup.exe SfxCA.dll Smartbar.Installer.CustomActions.dll
Product Name	.Installer.CustomActions BrowserHelper Messenger Plus! 5 Messenger Plus! Live Windows Installer XML
Product Version	5.02.0.712 4, 85, 1, 386 4, 85, 0, 386 3.5.2519.0 1.2.0.0 1.0.0.0

Digital Signatures

Signer	Root	Status
Yuna Software Limited	Class 3 Public Primary Certification Authority	Root Not Trusted
Veristaff.com Inc	DigiCert Assured ID Code Signing CA-1	Self Signed
Yuna Software Limited	VeriSign Class 3 Code Signing 2009-2 CA	Root Not Trusted
Yuna Software Limited	VeriSign Class 3 Code Signing 2009-2 CA	Hash Mismatch
Yuna Software Limited	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

.NET
HighEntropy
x86

Block Information

Similar Families

Crack.K
Trojan.Agent.Gen.DE

Files Modified

File	Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\logic cramble\set.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\set.exe.config	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\system.data.sqlite.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.linq.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.xml	Generic Write,Read Attributes
c:\programdata\logic cramble\x64\sqlite.interop.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\x86\sqlite.interop.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_3a6e.tmp\msgplussetup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_3a6e.tmp\msgplussetup.exe	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\msgpl_3a6e.tmp\plusplussetup.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\languages.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_arabic.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_arabic.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_chinesesimplified.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_chinesesimplified.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_chinesetraditional.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_chinesetraditional.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_danish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_danish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_default.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_default.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_dutch.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_dutch.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_estonian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_estonian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_finnish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_finnish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_french.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_french.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_german.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_german.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_greek.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_greek.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_hebrew.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_hebrew.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_hungarian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_hungarian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_italian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_italian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_japanese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_japanese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_norwegian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_norwegian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_portuguese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_portuguese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_spanish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_spanish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_swedish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_swedish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_thai.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_thai.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_turkish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_ab65.tmp\lng_turkish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\languages.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_arabic.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_arabic.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_chinesesimplified.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_chinesesimplified.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_chinesetraditional.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_chinesetraditional.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_danish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_danish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_default.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_default.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_dutch.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_dutch.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_estonian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_estonian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_finnish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_finnish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_french.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_french.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_german.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_german.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_hebrew.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_hebrew.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_italian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_italian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_japanese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_japanese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_norwegian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_norwegian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_portuguese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_portuguese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_russian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_russian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_spanish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_spanish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_swedish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_swedish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_thai.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_thai.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_turkish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_b9dd.tmp\lng_turkish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\languages.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_arabic.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_arabic.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_chinesesimplified.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_chinesesimplified.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_chinesetraditional.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_chinesetraditional.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_danish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_danish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_default.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_default.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_dutch.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_dutch.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_estonian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_estonian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_finnish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_finnish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_french.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_french.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_german.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_german.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_greek.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_greek.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_hebrew.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_hebrew.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_hungarian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_hungarian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_italian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_italian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_japanese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_japanese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_norwegian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_norwegian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_portuguese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_portuguese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_spanish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_spanish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_swedish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_swedish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_thai.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_thai.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_turkish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_cecb.tmp\lng_turkish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\languages.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_arabic.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_arabic.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_chinesesimplified.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_chinesesimplified.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_chinesetraditional.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_chinesetraditional.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_danish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_danish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_default.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_default.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_dutch.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_dutch.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_estonian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_estonian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_finnish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_finnish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_french.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_french.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_german.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_german.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_greek.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_greek.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_hebrew.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_hebrew.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_hungarian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_hungarian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_italian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_italian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_japanese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_japanese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_norwegian.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_norwegian.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_portuguese.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_portuguese.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_spanish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_spanish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_swedish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_swedish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_thai.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_thai.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_turkish.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\msgpl_d7b3.tmp\lng_turkish.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\custom.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\custom.xml_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\langdll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\price_logo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\price_logo.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_iminent_logo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_iminent_logo.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_mixidj_logo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_mixidj_logo.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_mypcbackup_logo.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc80b4.tmp\toolbar_mypcbackup_logo.bmp	Synchronize,Write Attributes

40 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::failed_count		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes	(NULL)	RegNtPreCreateKey
HKCU\software\microsoft\edge\thirdparty::statuscodes		RegNtPreCreateKey
HKCU\software\microsoft\edge\blbeacon::state		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475	ㇹȁ䜪龡^ˤ紘Çɣ獖}ɯ⦘·˷좟Êh,֢	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Yxveiput\AppData\Local\Temp\nsy5536.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Itjhwioi\AppData\Local\Temp\nsc80B4.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	徕娂䴞ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\edge\elfbeacon::version	142.0.3595.53	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Keyboard Access	GetKeyState
Process Shell Execute	CreateProcess ShellExecute ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent Show More ntdll.dll!NtCreateFile ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeleteValueKey ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetValueKey ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW 71 additional items are not displayed above.
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Service Control	OpenSCManager

Shell Command Execution


							(NULL) C:\Users\Crcrzrwf\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\bfb3111d7e2b5c263f399fea296ce00592d3a03b_0001895383"


							"C:\Users\Crcrzrwf\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


							C:\WINDOWS\system32\sc.exe sc  create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


							WriteConsole: [SC] CreateServi


							WriteConsole: [SC] ChangeServi


									open C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe http://software.msgpluslive.net/getlive.php?src=setup


									(NULL) C:\Users\Ukkhsvmi\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\eab2353b6053ca68eaa40fb580b7c58632ce3193_0001895382"


									"C:\Users\Ukkhsvmi\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


									"cmd.exe" /c sc create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


									open "C:\Users\Sufzkmeg\AppData\Local\Temp\msgpl_3a6e.tmp\MsgPlusSetup.exe" /SetupWrapper


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d857dd8d290c03c51b72660f6e0bc0548226a69d_0001808360.,LiQMAxHB


									(NULL) C:\Users\Cauvlfmp\AppData\Local\Temp\RarSFX0\MsgPlusLive484.exe /Silent

Linkury Smartbar

Threat Scorecard

EnigmaSoft Threat Scorecard

How Do You Get Linkury SmartBar?

How Does Linkury SmartBar Function?

Aliases

SpyHunter Detects & Remove Linkury Smartbar

File System Details

Registry Details

Directories

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed