CrossRider

Por CagedTech em Malware para Mac, Programas potencialmente indesejados

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	1,010
Nível da Ameaça:	10 % (Normal)
Computadores infectados:	702,684

Visto pela Primeira Vez:	August 14, 2013
Visto pela Última Vez:	February 7, 2026
SO (s) Afetados:	Windows

O CrossRider Web Apps é um Programa Potencialmente Indesejado (PUP) que deve ser excluído o mais rápido possível com a colaboração de um forte programa de segurança. Os analistas de malware ouviram usuários de PC que relatam que seus programas de segurança detectaram o CrossRider e indicaram que o CrossRider pode ser problemático. Os PCs afetados pelo CrossRider Web Apps podem ficar mais lentos, travar, congelar e apresentar outros sintomas. Os usuários de computador também podem observar que seu navegador da Web se comporta de maneira anormal e que componentes não reconhecidos estão presentes em seus computadores. Analistas de segurança de PCs observaram que o CrossRider pode interferir com outros complementos de navegador da Web em um computador afetado. Também é notável que o CrossRider possa ser difícil de remover. Os usuários de computador que tentam remover o CrossRider podem encontrar dificuldades se tentarem remover o CrossRider, pois removeriam qualquer outra extensão do navegador da Web. A remoção do CrossRider pode exigir medidas especiais e o uso de um programa de segurança totalmente atualizado.

O CrossRider e os Complementos Problemáticos para os Navegadores da Web Similares

Os filhotes podem não ser tão destrutivos ou graves quanto as ameaças. No entanto, a maioria dos PUPs (incluindo o CrossRider) pode causar sintomas mais associados a ameaças. Por exemplo, o CrossRider pode causar anúncios pop-up, redirecionamentos do navegador da Web e problemas de desempenho nos computadores que o CrossRider afeta. Há muitas maneiras pelas quais os filhotes podem se espalhar, incluindo métodos típicos de distribuição de ameaças. No entanto, a principal maneira pela qual os PUPs como o CrossRider são distribuídos é agrupando-os com outro software. Na maioria dos casos, o CrossRider é fornecido com freeware ou shareware de fontes questionáveis, mas, em alguns casos, o CrossRider pode ser fornecido junto com o software legítimo instalado em um instalador ou fonte diferente.

Problemas Associados ao CrossRider e Outros PUPs

Assim que o CrossRider estiver instalado, o CrossRider poderá fazer alterações nas configurações do seu navegador da Web. Analistas de segurança de PCs observaram que o CrossRider pode causar problemas de desempenho, como travar, desacelerar ou congelar o navegador infectado. PUPs como o CrossRider também podem impedir que outros add-ons instalados no computador afetado funcionem corretamente. Os pesquisadores de malware observaram que o CrossRider pode ser empacotado junto com vários outros filhotes de cachorro que, quando reunidos, podem sobrecarregar bastante os recursos do seu computador. Por esses motivos, os analistas de segurança de PCs recomendam fortemente lidar com o CrossRider e filhotes semelhantes o mais rápido possível.

Como Lidar com o CrossRider

Se o CrossRider estiver instalado no seu computador, os analistas de malware recomendam o uso de um programa de segurança conhecido totalmente atualizado e capaz de remover PUPs. Em muitos casos, o software de segurança pode ser incapaz de detectar PUPs, pois esses programas podem ser direcionados a ameaças mais graves, como worms, cavalos de Troia, vírus e rootkits. Isso significa que muitos desenvolvedores de ameaças aumentaram seus esforços na produção de filhotes como o CrossRider, em vez de infecções por ameaças. Isso pode resultar em lucros substanciais com táticas de publicidade e marketing de afiliados. Na maioria dos casos, os usuários de computador podem achar difícil remover o CrossRider usando o gerenciador de extensão ou complemento do navegador da Web - no entanto, o CrossRider e os PUPs similares podem ser removidos usando a opção Adicionar e remover programas no Painel de controle do Windows. Mas, mesmo após a remoção do CrossRider, pode ser necessário desfazer as alterações indesejadas feitas pelo CrossRider nas configurações do navegador da Web. Por exemplo, os usuários de PC podem ser obrigados a reverter manualmente seu mecanismo de pesquisa e página inicial padrão para o CrossRider. Após a remoção do CrossRider, os analistas de segurança do PC recomendam o uso de um forte programa antimalware totalmente atualizado para executar uma verificação completa do computador afetado. Esta etapa é crucial para garantir que o CrossRider não permita que outros PUPs ou formas mais graves de ameaças entrem e afetem o computador da vítima.

Embora uma parte significativa dos computadores infectados pelo CrossRider esteja sendo executada no Windows, é importante observar que o adware possui uma versão separada para os dispositivos Mac. A versão para o Mac cumpre o mesmo objetivo, mas possui alguns recursos extras que são utilizados para explorar os recursos de segurança do OSX. Essa família de adware também é conhecida sob os pseudônimos Crossrider e SurfBuyer. No entanto, além de servir como adware, o aplicativo CrossRider também pode exibir comportamentos mais suspeitos. A ferramenta CrossRider é capaz de gerar um falso lembrete de login. Os operadores do aplicativo CrossRider usarão esse recurso para coletar as credenciais de login do usuário. Felizmente, os autores da ferramenta CrossRider não usam as credenciais coletadas para realizar uma operação insegura. No entanto, eles utilizam as credenciais coletadas para plantar componentes adicionais no Mac do usuário sem o conhecimento ou consentimento dele. Esse não é um comportamento normal do qual qualquer aplicativo genuíno participaria. No entanto, o adware pode ser modificado para injetar cargas prejudiciais no sistema comprometido, o que o tornará muito mais ameaçador.

Os usuários cujo sistema esteja executando o OSX 10.11 ou superior terão o aplicativo CrossRider exibindo o lembrete de login fraudulento que mencionamos para reunir as suas credenciais de administrador e, em seguida, plantar novos componentes no seu computador. Segundo relatos, entre esses novos componentes está uma cópia falsa do navegador Safari, com diversos add-ons instalados. As extensões de navegador em questão servem para gerar anúncios sempre que o usuário está navegando na Web. Para evitar levantar suspeitas, a variante falsa do navegador Safari substituirá a versão original em todos os menus do sistema. No entanto, os usuários que executam versões do OSX anteriores à 10.10 não verão o lembrete falso. Em vez de gerar o lembrete falso, o aplicativo CrossRider executará um script chamado 'install.sh'. Este script serve para modificar as extensões ativas presentes nos navegadores Safari e Google Chrome. O programa CrossRider fará isso em segundo plano para evitar o alerta. O aplicativo CrossRider pode acabar coletando informações do computador infectado, tais como endereço de IP, versão do SO, versão do navegador da Web, nome de usuário e a lista de aplicativos presentes no Mac do usuário. O programa CrossRider também pode detectar a versão das ferramentas de segurança no Mac.

O aplicativo CrossRider claramente não é apenas um adware comum. Verifique se o seu Mac está protegido por uma ferramenta anti-vírus respeitável que manterá a sua máquina e seus dados em segurança.

Outros Nomes

15 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor	Detecção
AVG	Crossrider.WFB
Panda	Trj/Genetic.gen
Antiy-AVL	Trojan[Downloader:HEUR]/Win32.AGeneric
Fortinet	W32/AppRider.CT
McAfee-GW-Edition	BehavesLike.Win32.ShopperPro.th
Sophos	AppRider (PUA)
Kaspersky	not-a-virus:HEUR:AdWare.Win32.CrossRider.gen
ClamAV	Win.Trojan.Troldesh-2
Symantec	Trojan.Gen.2
F-Prot	W32/S-d60a457c!Eldorado
McAfee	Artemis!DC24DF79A82D
Fortinet	Riskware/CrossRider
McAfee	Artemis!7016A5D74459
AhnLab-V3	PUP/Win32.CrossRider
F-Secure	Gen:Variant.Adware.Mikey

SpyHunter detecta e remove CrossRider

Detalhes Sobre os Arquivos do Sistema

CrossRider pode criar o(s) seguinte(s) arquivo(s):

Expandir todos | Recolher todos

#	Nome do arquivo	MD5	Detecções Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
1.	DCytaiesmt_smtyc_setup.exe	ea0ca98847dc1a403ffec3be116e8b2f	3,135
Nome: DCytaiesmt_smtyc_setup.exe MD5: ea0ca98847dc1a403ffec3be116e8b2f Tamanho: 1.22 MB (1222640 bytes) Detecções: 3,135 Tipo: Executable File Caminho: C:\Users\<username>\AppData\Local\Installer\Install_19591\DCytaiesmt_smtyc_setup.exe Grupo: Arquivo de malware Ultima Atualização: January 3, 2026
2.	2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe	4b9ec41cadd5b9b6def12fbdeb4cb95a	1,579
Nome: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe MD5: 4b9ec41cadd5b9b6def12fbdeb4cb95a Tamanho: 1.41 MB (1413080 bytes) Detecções: 1,579 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2 Grupo: Arquivo de malware Ultima Atualização: May 7, 2020
3.	2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe	fafb2ae235f914d74044af7aa31831f4	1,392
Nome: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe MD5: fafb2ae235f914d74044af7aa31831f4 Tamanho: 1.1 MB (1104856 bytes) Detecções: 1,392 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2 Grupo: Arquivo de malware Ultima Atualização: May 7, 2020
4.	cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe	eadc29cedbb6bf00e84ae866c637f9bf	776
Nome: cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe MD5: eadc29cedbb6bf00e84ae866c637f9bf Tamanho: 1.41 MB (1413080 bytes) Detecções: 776 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\CinemaP-1.8cV05.02 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
5.	w3NjmMN5jwhw9pYvby.exe	3a1d89b89c9d62951957f0839578dd9b	773
Nome: w3NjmMN5jwhw9pYvby.exe MD5: 3a1d89b89c9d62951957f0839578dd9b Tamanho: 1.57 MB (1579520 bytes) Detecções: 773 Tipo: Executable File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\w3NjmMN5jwhw9pYvby.exe Grupo: Arquivo de malware Ultima Atualização: July 18, 2025
6.	4fa2116b-e112-49ed-9d9c-a5989d8ac246-1-6.exe	79d5efe13857da28a0f4ec1738ed002c	642
Nome: 4fa2116b-e112-49ed-9d9c-a5989d8ac246-1-6.exe MD5: 79d5efe13857da28a0f4ec1738ed002c Tamanho: 1.41 MB (1413080 bytes) Detecções: 642 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\enterprise 1.1 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
7.	cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-7.exe	40980117fd3fd681dc6306816eba07db	612
Nome: cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-7.exe MD5: 40980117fd3fd681dc6306816eba07db Tamanho: 1.13 MB (1132504 bytes) Detecções: 612 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\CinemaP-1.8cV05.02 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
8.	2cac6850-ffcf-4e74-a8a7-4b644c0a229f-5.exe	7bf342d7a2fe1f5a1cc03a87e8606f62	538
Nome: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-5.exe MD5: 7bf342d7a2fe1f5a1cc03a87e8606f62 Tamanho: 1.15 MB (1154520 bytes) Detecções: 538 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2 Grupo: Arquivo de malware Ultima Atualização: May 7, 2020
9.	2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe	3f52805670502af0b57a04d1dc9eefc8	534
Nome: 2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe MD5: 3f52805670502af0b57a04d1dc9eefc8 Tamanho: 1.41 MB (1413080 bytes) Detecções: 534 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\HQ Cinema Video 1.9cV09.02 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
10.	2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe	202d0e52dcc36fba2ff8c73d10218c49	532
Nome: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe MD5: 202d0e52dcc36fba2ff8c73d10218c49 Tamanho: 1.42 MB (1420248 bytes) Detecções: 532 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2 Grupo: Arquivo de malware Ultima Atualização: May 7, 2020
11.	2cac6850-ffcf-4e74-a8a7-4b644c0a229f-10.exe	556bf18a659978b748cb5a3404ccac41	505
Nome: 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-10.exe MD5: 556bf18a659978b748cb5a3404ccac41 Tamanho: 1.42 MB (1425880 bytes) Detecções: 505 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\MediaPlayerLtdEd1.2 Grupo: Arquivo de malware Ultima Atualização: May 7, 2020
12.	WMo6KeWiTVRt1VLTZ5v.exe	1bcc1f03714c5734db3e02eaca0e07e6	466
Nome: WMo6KeWiTVRt1VLTZ5v.exe MD5: 1bcc1f03714c5734db3e02eaca0e07e6 Tamanho: 1.57 MB (1577472 bytes) Detecções: 466 Tipo: Executable File Caminho: G:\Master\Backup 08042015\RekaRumah\AppData\Roaming\WMo6KeWiTVRt1VLTZ5v.exe Grupo: Arquivo de malware Ultima Atualização: May 25, 2025
13.	c4YZaBBAZ8u5FRuWDcsj.exe	ab6818a7ff17230a6e5119f6cdd1f85b	333
Nome: c4YZaBBAZ8u5FRuWDcsj.exe MD5: ab6818a7ff17230a6e5119f6cdd1f85b Tamanho: 1.24 MB (1246720 bytes) Detecções: 333 Tipo: Executable File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\c4YZaBBAZ8u5FRuWDcsj.exe Grupo: Arquivo de malware Ultima Atualização: June 8, 2025
14.	j2soiQ34cnwW0	fe8abceb645d8571b81c599d18846ae3	316
Nome: j2soiQ34cnwW0 MD5: fe8abceb645d8571b81c599d18846ae3 Tamanho: 5.87 KB (5872 bytes) Detecções: 316 Caminho: %APPDATA% Grupo: Arquivo de malware Ultima Atualização: February 5, 2024
15.	shopperamaisdabest_helper_service.exe	7057bd7392002f0522aec901d92bcb3d	307
Nome: shopperamaisdabest_helper_service.exe MD5: 7057bd7392002f0522aec901d92bcb3d Tamanho: 191.71 KB (191719 bytes) Detecções: 307 Tipo: Executable File Caminho: C:\Program Files\ShopperamaIsDaBest\shopperamaisdabest_helper_service.exe Grupo: Arquivo de malware Ultima Atualização: December 12, 2023
16.	9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe	69d16d185e7d0abfa4782c37ee51dfbc	199
Nome: 9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe MD5: 69d16d185e7d0abfa4782c37ee51dfbc Tamanho: 1.3 MB (1308752 bytes) Detecções: 199 Tipo: Executable File Caminho: %PROGRAMFILES%\Cinema_Plus_3.1jV07.07 Grupo: Arquivo de malware Ultima Atualização: July 8, 2017
17.	9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe	6a332a302128ad2952bcf760dd0fde8f	193
Nome: 9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe MD5: 6a332a302128ad2952bcf760dd0fde8f Tamanho: 1.47 MB (1470032 bytes) Detecções: 193 Tipo: Executable File Caminho: %PROGRAMFILES%\Cinema_Plus_3.1jV07.07 Grupo: Arquivo de malware Ultima Atualização: July 8, 2017
18.	31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe	2eaada9912138acd7374b8d549cdf295	79
Nome: 31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe MD5: 2eaada9912138acd7374b8d549cdf295 Tamanho: 671.19 KB (671192 bytes) Detecções: 79 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\winservice86 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
19.	ff8b367c-d6dc-48e6-9f3a-ceec62f7c5eb-12.exe	edac749b875141edd94be72f57a444da	70
Nome: ff8b367c-d6dc-48e6-9f3a-ceec62f7c5eb-12.exe MD5: edac749b875141edd94be72f57a444da Tamanho: 698.84 KB (698840 bytes) Detecções: 70 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\winservice86 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
20.	388e1ece-aa85-4c5e-970f-40347719777e-12.exe	ea98a95e48f6ebb77613718875e4d6de	53
Nome: 388e1ece-aa85-4c5e-970f-40347719777e-12.exe MD5: ea98a95e48f6ebb77613718875e4d6de Tamanho: 701.4 KB (701400 bytes) Detecções: 53 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\winservice86 Grupo: Arquivo de malware Ultima Atualização: March 23, 2016
21.	ipMpK2Wj.exe	c6d6a6d0267d124cb8d5076b9672fd28	12
Nome: ipMpK2Wj.exe MD5: c6d6a6d0267d124cb8d5076b9672fd28 Tamanho: 1.57 MB (1579008 bytes) Detecções: 12 Tipo: Executable File Caminho: %APPDATA% Grupo: Arquivo de malware Ultima Atualização: January 5, 2021
22.	JG.exe	05eccfb9cbbd401a115b4b44fa453d92	7
Nome: JG.exe MD5: 05eccfb9cbbd401a115b4b44fa453d92 Tamanho: 1.49 MB (1497560 bytes) Detecções: 7 Tipo: Executable File Caminho: %APPDATA% Grupo: Arquivo de malware Ultima Atualização: March 17, 2016
23.	CCKxnhguMk.exe	c7c516caad688d159d293d439ec5d426	6
Nome: CCKxnhguMk.exe MD5: c7c516caad688d159d293d439ec5d426 Tamanho: 1.22 MB (1225216 bytes) Detecções: 6 Tipo: Executable File Caminho: %APPDATA% Grupo: Arquivo de malware Ultima Atualização: July 25, 2020
24.	DCnsq681F.tmp	d7982f444bbe30ea82a8805d207aa1bd	5
Nome: DCnsq681F.tmp MD5: d7982f444bbe30ea82a8805d207aa1bd Tamanho: 1.12 MB (1128448 bytes) Detecções: 5 Tipo: Temporary File Caminho: %LOCALAPPDATA%\Installer\Install_28087 Grupo: Arquivo de malware Ultima Atualização: March 22, 2022
25.	kong_games_notification_service.exe	b03fb6166e87328e5c8348b7986263e0	2
Nome: kong_games_notification_service.exe MD5: b03fb6166e87328e5c8348b7986263e0 Tamanho: 1.47 MB (1475072 bytes) Detecções: 2 Tipo: Executable File Caminho: %PROGRAMFILES%\kong games Grupo: Arquivo de malware Ultima Atualização: April 10, 2015
26.	kong_games_updating_service.exe	3245cf5a3996ae901336dd286e555d9e	2
Nome: kong_games_updating_service.exe MD5: 3245cf5a3996ae901336dd286e555d9e Tamanho: 154.11 KB (154112 bytes) Detecções: 2 Tipo: Executable File Caminho: %PROGRAMFILES%\kong games Grupo: Arquivo de malware Ultima Atualização: April 10, 2015
27.	hosts-bho.dll	153c17029119f51589baa333e4a4fa1e	2
Nome: hosts-bho.dll MD5: 153c17029119f51589baa333e4a4fa1e Tamanho: 805.88 KB (805888 bytes) Detecções: 2 Tipo: Dynamic link library Caminho: %PROGRAMFILES%\hosts Grupo: Arquivo de malware Ultima Atualização: August 3, 2017
28.	dk.exe	da23bdd9c13d7fae63f720a1185a93b6	1
Nome: dk.exe MD5: da23bdd9c13d7fae63f720a1185a93b6 Tamanho: 1.47 MB (1477072 bytes) Detecções: 1 Tipo: Executable File Caminho: %APPDATA% Grupo: Arquivo de malware Ultima Atualização: March 25, 2016
29.	hosts-bg.exe	33fa2184f8cbe1325a5cc699873d0d45	1
Nome: hosts-bg.exe MD5: 33fa2184f8cbe1325a5cc699873d0d45 Tamanho: 896 KB (896000 bytes) Detecções: 1 Tipo: Executable File Caminho: %PROGRAMFILES%\hosts Grupo: Arquivo de malware Ultima Atualização: August 3, 2017

Arquivos Adicionais

Detalhes sobre o Registro

CrossRider pode criar a seguinte entrada de registro ou entradas de registro:

CLSID

{02A96331-0CA6-40E2-A87D-C224601985EB}

{3278F5CF-48F3-4253-A6BB-004CE84AF492}

{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

{5645E0E7-FC12-43BF-A6E4-F9751942B298}

{577975B8-C40E-43E6-B0DE-4C6B44088B52}

{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}

{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}

{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

File name without path

https_d19tqk5t6qcjac.cloudfront.net_0.localstorage

https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\_CrossriderRegNamePlaceHolder_

SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_

Software\AppDataLow\Software\Crossrider

Software\ArenaHD

SOFTWARE\Cinema_Plus-1.2V21.07

Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

Software\Cr_Installer

Software\Crossrider

SOFTWARE\HD4Good

SOFTWARE\HighDefAction

Software\InstalledBrowserExtensions\215 Apps

Software\InstalledBrowserExtensions\32846

Software\InstalledBrowserExtensions\34087

Software\InstalledBrowserExtensions\App+Service

Software\InstalledBrowserExtensions\BrowserAppSPlus

Software\InstalledBrowserExtensions\Buca Apps

Software\InstalledBrowserExtensions\NewPlayerVideo+

SOFTWARE\MediaPlayRS3

SOFTWARE\MedPlayvidV3.1

SOFTWARE\MyBrowser 1.0.2V31.10

SOFTWARE\OpedBrowsrVersion5-nv

SOFTWARE\OpedBrowsrVersion5-nv-ie

SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider

SOFTWARE\Wow6432Node\ArenaHD

SOFTWARE\Wow6432Node\Cinema_Plus-1.2V21.07

SOFTWARE\Wow6432Node\Crossrider

SOFTWARE\Wow6432Node\HD4Good

SOFTWARE\Wow6432Node\HighDefAction

SOFTWARE\Wow6432Node\InstalledBrowserExtensions\32846

SOFTWARE\Wow6432Node\InstalledBrowserExtensions\34087

SOFTWARE\Wow6432Node\MediaPlayRS3

SOFTWARE\Wow6432Node\MedPlayvidV3.1

SOFTWARE\Wow6432Node\MyBrowser 1.0.2V31.10

SOFTWARE\Wow6432Node\YorkNewCin

Software\YorkNewCin

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Cinema_Plus-1.2V21.07

HD4Good

MediaPlayerVid2.4

MediaPlayRS3

MedPlayvidV3.1

MyBrowser 1.0.2V31.10

Diretórios

CrossRider pode criar o seguinte diretório ou diretórios:

%LOCALAPPDATA%\download balance

%PROGRAMFILES%\48 dresses

%PROGRAMFILES%\BrowsrPlus4

%PROGRAMFILES%\CrossriderWebApps

%PROGRAMFILES%\MedPlayvidV3.1

%PROGRAMFILES%\MyBrowser 1.0.2V31.10

%PROGRAMFILES%\compare for fun

%PROGRAMFILES%\dr games

%PROGRAMFILES%\dress4u

%PROGRAMFILES%\ext coupons

%PROGRAMFILES%\fun coupons

%PROGRAMFILES%\helper king

%PROGRAMFILES%\shopping blast

%PROGRAMFILES%\web disco

%PROGRAMFILES%\winter web

%PROGRAMFILES(X86)%\MedPlayvidV3.1

%PROGRAMFILES(X86)%\MyBrowser 1.0.2V31.10

%PROGRAMFILES(x86)%\48 dresses

%PROGRAMFILES(x86)%\CrossriderWebApps

%PROGRAMFILES(x86)%\HQVidual2y-v2.5V11.11

%PROGRAMFILES(x86)%\compare for fun

%PROGRAMFILES(x86)%\dr games

%PROGRAMFILES(x86)%\dress4u

%PROGRAMFILES(x86)%\ext coupons

%PROGRAMFILES(x86)%\fun coupons

%PROGRAMFILES(x86)%\helper king

%PROGRAMFILES(x86)%\shopping blast

%PROGRAMFILES(x86)%\web disco

%PROGRAMFILES(x86)%\winter web

%programfiles%\OpedBrowsrVersion5

URLs

CrossRider pode chamar os seguintes URLs:

app.gencloudex.com/static

crossriderManifest

crossriderapp

Relatório de análise

Informação geral

Family Name:	PUP.CrossRider
Signature status:	Self Signed

Known Samples

MD5: 75a60fbd2c14ecdc228c5312c744eb29

SHA1: 196e1407a28e9f9463f55922118a74a39b299d40

Tamanho do Arquivo: 4.85 MB, 4845480 bytes

MD5: ee92be5b8acd09c28efaafc42db61323

SHA1: 4f6584f6c8c751b2c4bbaf1d3862d05669aaad2f

Tamanho do Arquivo: 1.93 MB, 1930128 bytes

MD5: 3c3a40d85c52deaf2731dfb970c4addd

SHA1: edca175a2f56273deaa96f0c94c23a567ed1d4dd

Tamanho do Arquivo: 447.66 KB, 447664 bytes

MD5: 4269c1c918de6ab0c40e9f4702c15827

SHA1: 1f50b1d1ea8ae1c9239b338481c21431afe78f68

SHA256: 9F9F6B15604E54388D68A7612AD8BE6B6FE88337DB23B9FCC5D451817AB4CD7D

Tamanho do Arquivo: 1.51 MB, 1509352 bytes

MD5: 9dad17902cd037281af3388f9c213422

SHA1: 451f31b5be3fefd1ce60241785471b8ec7846612

SHA256: 2F8238E13CA3F27D93DABC143CF0B2D48119D2D222B48226CE744005D6EB6672

Tamanho do Arquivo: 8.60 MB, 8596680 bytes

MD5: b1125e88b8f1f8ab502dee8886417810

SHA1: 9307c7f5cb85cd58c911b187a89b05dbabb718d1

SHA256: 3A337E0728A5B38A439108E9A8AD3544FC503876C8460C1003CFA728F8B0D3A6

Tamanho do Arquivo: 5.50 MB, 5497456 bytes

MD5: 07639fa994522806ce788758472cc094

SHA1: 0e8eb7eba180b95c98f48f270263193252db9bdc

SHA256: 7ADB9945597E344E2F5C556E91D53A6C1C4F1B01FD3733E2BC3F7848EFEFEC0A

Tamanho do Arquivo: 942.10 KB, 942096 bytes

MD5: 78c1cfb804029bcf43a60778f3d47011

SHA1: 6fa4acc4ed78ea356f8a19ba6920d1a8fcde9ccd

SHA256: 10FC7DE4AEDD10F232156416FC8D3DF9736574C7BDC5DEC07D71DFDECBD301FC

Tamanho do Arquivo: 8.38 MB, 8381760 bytes

MD5: 5f3aa3af2e0f1e6e44beaa2fd2d716e0

SHA1: aadee76d55da762241766957b215d3d8a97ffc64

SHA256: 8A29030814571A902FDF754542245B00F36C94429A15563CED2F9AC71AEAF468

Tamanho do Arquivo: 193.50 KB, 193496 bytes

MD5: 9bb4f985b026b180e98b903a5b122488

SHA1: 53a73a59517fa5ca0ab56f5ed0904b9b10285dcf

SHA256: 430C56923C78A05D1978F37802E0B0E132F43BE7811FE310112C3BA7507CF65F

Tamanho do Arquivo: 3.72 MB, 3723376 bytes

MD5: acd3f9b0ceafc73b17d71f675231f9bd

SHA1: 5de5122773930eec19d8cde073d630a11415acc4

SHA256: 803124D3CEC399D6EA8217F88B42E14568B9EF91B6798235EF1D2D3543D36D0A

Tamanho do Arquivo: 5.53 MB, 5526008 bytes

MD5: 35257f9d591cd2bdc3146e3033d5af68

SHA1: 32ca1161b68d11fe2227ee429c7f7cbe08eaa925

SHA256: 8F9832C939DD8346B114C3B1BA6E1FFC13C6342B3F0A0CD1579F3C38869DC613

Tamanho do Arquivo: 4.12 MB, 4119376 bytes

MD5: e1af259f4598900647ebcb516f5f5eaf

SHA1: 23f4a604f62c726644245df8ddd8c98d2b43c669

SHA256: F275D6CFE779AAD00FE895FB2EB7311748E115FB000DD0AD067544271AC99C6B

Tamanho do Arquivo: 801.76 KB, 801760 bytes

MD5: be44c52d88bdae4442707dd99dae93c1

SHA1: c3808c33cdf2df9b38f7a723fb6bed17f22fbcbb

SHA256: F885C0B2B995D14BEF1F650849C02FA270DA0D084486AA85E347DFE2B2CEBDD2

Tamanho do Arquivo: 1.15 MB, 1148376 bytes

MD5: 9670d791dc62035e45f928b1e34b3a8a

SHA1: 5c2dfd99c78634be628099bfe6936252333b14ae

SHA256: 1409932038ACA4D2DA55935FBBC398633FF64C2628871BF8E179486448662E35

Tamanho do Arquivo: 87.97 KB, 87968 bytes

MD5: f012720c76b779ee8ddc59caa3d04e56

SHA1: 74a93f8557b0707b68ba6ca4e5cbb92a898362b8

SHA256: 2B59578088583C53F99094139D033B61FEA6270DA2E2E2F7BD0E8336CDEF8F3C

Tamanho do Arquivo: 400.90 KB, 400896 bytes

MD5: 6258afba4d411d9ac89fc2ef235a8229

SHA1: df72b592a3e393ea2ff331ae5b635a8d47542546

SHA256: ACF1B3CE21CA7840BA81D3815E58C1B28D90DD4757314EA373325A4492FDFC56

Tamanho do Arquivo: 131.43 KB, 131432 bytes

MD5: bc50ade845d59c87b665ba09ba16fd83

SHA1: e0240a003c75c4c04195264755ee1c1ce462858b

SHA256: DF8EE128CE6C5A38626A7128C732D9BB4A0CDBB39795913511C859AAF1803C3A

Tamanho do Arquivo: 177.64 KB, 177640 bytes

MD5: 518b27d806a14efcc42271fa6bcdc003

SHA1: b335e0abbd6252b778d7cfb972cd2644a042d72d

SHA256: 4A52AABBE04F0C13677506C5137E6F565BE32FAB555E51F7A63CFC161C43AB1E

Tamanho do Arquivo: 1.35 MB, 1350624 bytes

MD5: 63693b210e8b7cd08783a40f86ca47a9

SHA1: 1389facbac7230ad84e29bc50275100e057ffb8e

SHA256: 578C3C3850C28A2ABD544A6A0F970A751DF4076AAA5766CA5C0B3D1D44561602

Tamanho do Arquivo: 1.16 MB, 1156608 bytes

MD5: 4557ba420cbb5b06daa1e159530e06aa

SHA1: 5a1c16fcc07b22747538079078bb9c3fb22fcce9

SHA256: 348C66F97C2F8F120AAE227083FFD334A8FB62B7D1EBA0809402258E74774CA3

Tamanho do Arquivo: 207.44 KB, 207440 bytes

MD5: f9131a16e26ed856088440ead8370af1

SHA1: a5e446eb734f6dc7b45f526069872e6e1a18b059

SHA256: B57E3A3C9F9E861765710637B72E1E83DC7299465069422F3B431DC41718700E

Tamanho do Arquivo: 531.71 KB, 531712 bytes

MD5: 993e8aef6c2f654f80dd6b9d5f534470

SHA1: 7f797e17f7d47016f14ecdcde486575698c5509b

SHA256: 8FB57DD424E04A5FCD8C7EA62468EEBFC58907FA1C3B679A4DAA367158375B13

Tamanho do Arquivo: 4.85 MB, 4853120 bytes

MD5: bda29c8133583e0adf15e459331c72a2

SHA1: c971ed7e4e95c29b6384a7a85491a9beaf0d298e

SHA256: 4D35CC731D5C5072CAC06F283E09AEDB59EA93189BD73E168F4F5180AA6DF551

Tamanho do Arquivo: 1.94 MB, 1943016 bytes

MD5: 3c4beb34b8e6c3f82469ffc6f52941d0

SHA1: 745c64db0995b6696aff4cf39bd779807226d192

SHA256: 4F01D4588D3D7070DEB40EBDA3808B3662DD4BED964288D26786D1C31233AD5A

Tamanho do Arquivo: 962.04 KB, 962040 bytes

MD5: ebdcdd62bd88b2da770ca7a6d7410638

SHA1: 8bfd23d4a5053c46a70bbf18e5519b515c80ef8b

SHA256: A5BC47E67A4D20F7734138A615EE7230DB53853A29D17F7841D4A0026E8E4604

Tamanho do Arquivo: 1.55 MB, 1554920 bytes

MD5: ca01f66419ebb773b224aa40f4799b93

SHA1: 5514ce5df9c3a3352d20f597f26fdfc2c6f99579

SHA256: 693485D11E57929614581C8422156827F914C8D0AAE2F10579AC08235127FB7B

Tamanho do Arquivo: 1.49 MB, 1488896 bytes

MD5: cde3e10b15e0a72a5607aed66b73d365

SHA1: 731af9fee20a7515658566bcbba5a79206701261

SHA256: 976733271B69C2FEBCAB686FA298001202FC58635F15EC41C3F04FDE423AF963

Tamanho do Arquivo: 1.93 MB, 1934312 bytes

MD5: d36ee43cb27b3f5f5ab20c5d6410ce88

SHA1: 67bfc7ff6e6196c3a2382c6ee674b7f838ef43fc

SHA256: D50F464CECD074DD59B65A2F62118CE9A3CC2653017AD70D4E54A62DFBFA18C3

Tamanho do Arquivo: 1.97 MB, 1973224 bytes

MD5: e2b372c63ea61517a634a0c60a598f4d

SHA1: dd2f3242516755f7371113e2904b3d962d593f11

SHA256: C5E121D75F8488ABDE0BFDAF5F31B0DF1A3D238DDC8B3B68D141983CA3B7568F

Tamanho do Arquivo: 1.35 MB, 1349632 bytes

MD5: 9cb43b57be3b4f208c8f7562959aae4a

SHA1: 6fa91c84b9e12e7c6f5e3bde2f84165cd69501c2

SHA256: 24FE1277341889253F1892804D18F6366C892751B955F66AEC4162F91AC163E7

Tamanho do Arquivo: 174.57 KB, 174568 bytes

MD5: 4ae21dfacc2677f2653dfe9ea65ffe47

SHA1: 189396285207f11306aac0f0edd37aa95d90ef4d

SHA256: 40236C8C1F9596FBDB185F1C507A4710B0635F4983F4AAA525EF1B74ADE23BA5

Tamanho do Arquivo: 120.17 KB, 120168 bytes

MD5: 6f8dbe0da7f126d949c3a94ade5284bc

SHA1: 8072daac716fe64391c203785668b3c78b90f1b5

SHA256: 05EA2CB0F98E9A4F2C5A0367FDD7F129BFC580CA605338222244CA1847964068

Tamanho do Arquivo: 873.95 KB, 873952 bytes

MD5: 703987c2387872a090d3d25196464c4c

SHA1: 1d7cc453257bfd51ff8342c802e37633d7f43b1d

SHA256: 43EC6FAB03714404D8DB9175A09F4A008B9413B2A7A142B9EB5B64D37B2899A8

Tamanho do Arquivo: 10.75 KB, 10752 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome	Valor
Assembly Version	0.0.9492.30569 0.0.9120.28821 0.0.8522.2260
Comments	Open Rails NewYear MG Transport Simulator Open Rails Transport Simulator
Company Name	browser Browser Cinema HDV30.12 Cinema ProV01.01 CinPlusV19.12 DiscountFrenzy Europa Casino HDuality-V2.5V19.12 Hpchq HQ-VideoV25.12 Show More Microsoft Corporation Open Rails Playtech Qwerty Titanbet.it Casino Tpczrxtwlf Webby
File Description	Browser-AppsEd2.2 exe BrowsersApp_Pro_v1.1 exe CinemaHd For Pro 2.4cV01.01 exe CinemaHd For Pro 2.4cV30.12 exe CinPlus-2.4cV19.12 exe Direct3D HLSL Compiler for Redistribution Europa Casino Installer Expekt Poker HDQuality-V2.5V19.12 BHO Hkgtl Show More HQ-Video-Pro-2.1cV25.12 exe I - Cinema exe iWebar BHO Lgjclmruwolhm Open Rails Activity Runner Titanbet.it Casino Installer TornPlusTV_version1.11 exe Xfaggu Zfmevbyelc
File Version	1000.1000.1000.1000 23.4.12.2 14.2.8.9 10.0.20348.1 (WinBuild.160101.0800) 9.4.20.0 1.1.1.35 1.1.1.32 1.1.1.1 1.0.0.0 0.0.9492.30569 Show More 0.0.9120.28821 0.0.8522.2260
Internal Name	Browser-AppsEd2.2 BrowsersApp_Pro_v1.1 CasinoDownloader2 CinemaHd For Pro 2.4cV01.01 CinemaHd For Pro 2.4cV30.12 CinPlus-2.4cV19.12 d3dcompiler_47.dll HDQuality-V2.5V19.12 HQ-Video-Pro-2.1cV25.12 I - Cinema Show More iWebar RunActivity.exe TornPlusTV_version1.11
Legal Copyright	Copyright (C) 2001-2009 Playtech Copyright 2011 Copyright 2014 Copyright 2016 Copyright © 2009 - 2019 Copyright © 2009 - 2022 Copyright © 2009 - 2022 Open Rails Enamdkzkwt Ymqctsy © Microsoft Corporation. All rights reserved.
Original Filename	Browser-AppsEd2.2.exe BrowsersApp_Pro_v1.1.exe CasinoDownloader2.exe CinemaHd For Pro 2.4cV01.01.exe CinemaHd For Pro 2.4cV30.12.exe CinPlus-2.4cV19.12.exe d3dcompiler_47.dll HDQuality-V2.5V19.12.dll HQ-Video-Pro-2.1cV25.12.exe I - Cinema.exe Show More iWebar.dll RunActivity.exe TornPlusTV_version1.11.exe
Product Name	Browser-AppsEd2.2 BrowsersApp_Pro_v1.1 CinemaHd For Pro 2.4cV01.01 CinemaHd For Pro 2.4cV30.12 CinPlus-2.4cV19.12 Europa Casino HDQuality-V2.5V19.12 HQ-Video-Pro-2.1cV25.12 I - Cinema iWebar Show More Microsoft® Windows® Operating System Open Rails Open Rails FR Open Rails NewYear MG Playtech Software Installer Titanbet.it Casino TornPlusTV_version1.11 Wptmtrpoi Ykczvshgaqeeho
Product Version	1000.1000.1000.1000 10.0.20348.1 9.4.20.0 2.0.0.2 0.1.3 0.0.9492.30569+96c68f8244156390b66a220094be59a73f27c627 0.0.9120.28821

Digital Signatures

Signer	Root	Status
Red Sky Sp. z o.o.	DigiCert Assured ID Code Signing CA-1	Hash Mismatch
Playtech PLC	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
Digit Network (Extreme White Limited)	Digit Network (Extreme White Limited)	Self Signed
Microsoft Corporation	Microsoft Code Signing PCA 2010	Self Signed
PLAYTECH LIMITED	PLAYTECH LIMITED	Self Signed

Robokid Technologies	Robokid Technologies	Self Signed
VASSANA KONGSOONGNERN	Thawte Code Signing CA - G2	Self Signed
Airplane Networks (BrightCircle Investments Limited)	UTN-USERFirst-Object	Root Not Trusted
Armageddon Labs (BrightCircle Investments Limited)	UTN-USERFirst-Object	Root Not Trusted
Berta Dress Apps (Bright Circle Investments Ltd)	UTN-USERFirst-Object	Root Not Trusted
ColoColo Apps (Bright Circle Investments Ltd)	UTN-USERFirst-Object	Root Not Trusted
Kimahri Software inc.	UTN-USERFirst-Object	Root Not Trusted
Morgan Enter Mode	UTN-USERFirst-Object	Root Not Trusted
Motoko Group	UTN-USERFirst-Object	Root Not Trusted
Numlock Apps	UTN-USERFirst-Object	Root Not Trusted
PLAYTECH LIMITED	VeriSign Class 3 Code Signing 2004 CA	Root Not Trusted
Playtech PLC	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted

File Traits

.NET
dll
HighEntropy
x64
x86

Block Information

Total Blocks:	34
Potentially Malicious Blocks:	0
Whitelisted Blocks:	17
Unknown Blocks:	17

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

CrossRider.B
CrossRider.C
CrossRider.D
CrossRider.EB
Dofoil.F

Files Modified

File	Attributes
c:\end	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa592e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb5cd7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd5565.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsde94d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse4861.tmp\banner.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4861.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4861.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf58ff.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf594e.tmp\avg.htm	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsf594e.tmp\complist.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\dag	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\inetc3.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\load_0.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\nsprocess.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\fallbackfiles	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_icon.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_icon.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_splash.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_splash.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\stdutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\installerutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\installerutils2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\md5dll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\nsisos.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\userinfo.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\nsislog.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32b.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nshb32c.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\nktwbqcj.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\nktwbqcj.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\ssoys.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\ssoys.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\stdutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\wrapperutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\banner.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\eula.rtf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\nsrichedit.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut1.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut2.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut3.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\slides.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\pntixvfvyr.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\qtmfoybvc.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\banner.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\eula.rtf	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\nsrichedit.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut1.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut2.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut3.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\slides.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso4860.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsp6b5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq68ae.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqbb3a.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr5ce8.tmp\mskrb.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\xngvgtmsqefe.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\nyrlrnmjpfvz.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\wrapperutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\xppiibkbmks.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\fallbackfiles	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_icon.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_icon.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_splash.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_splash.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\stdutils.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsuba7c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsw68cf.tmp\installerutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\nsislog.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx5287.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx5f48.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\plus-hd-1.6installer_1755675007.log	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\plus-hd-1.6installer_1755675007.log	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\plus-hd-4.4installer_1757985976.log	Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value	Dados	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\wow6432node\tempo::	tempo	RegNtPreCreateKey
HKLM\software\classes\appid\{c007dadd-132a-624c-088e-59ee6cf0711f}::id0	%	RegNtPreCreateKey

HKCU\software\1clickdownload::uid	319481074	RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0	1hy	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Idhcbivd\AppData\Local\Temp\nshB32C.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Giupczzc\AppData\Local\Temp\nsf6C6.tmp\	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\currentversion\appcontainer\storage\windows_ie_ac_001\software\hdquality-v2.5v19.12::activeappid	0	RegNtPreCreateKey
HKCU\software\appdatalow\software\hdquality-v2.5v19.12::activeappid	0	RegNtPreCreateKey
HKCU\software\appdatalow\software\allyrics-1\log::74a93f8557b0707b68ba6ca4e5cbb92a898362b8_000040		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\currentversion\appcontainer\storage\windows_ie_ac_001\software\iwebar::activeappid	0	RegNtPreCreateKey
HKCU\software\appdatalow\software\iwebar::activeappid	0	RegNtPreCreateKey

Windows API Usage

Category	API
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile InternetSetOption
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecuteEx
Network Info Queried	GetAdaptersInfo
Network Winhttp	WinHttpOpen
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreateResourceReserve ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation Show More ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleDC 45 additional items are not displayed above.
Network Urlomon	URLDownloadToFile
Encryption Used	BCryptOpenAlgorithmProvider

Shell Command Execution


							"C:\Users\Idhcbivd\AppData\Local\Temp\nshB32C.tmp\Ssoys.exe"


							"C:\Users\Nejebukr\AppData\Local\Temp\nsr5CE8.tmp\Xngvgtmsqefe.exe"


							C:\Users\Giupczzc\AppData\Local\Temp\nsf6C6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe  /baseInstaller='c:/users/user/downloads/0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096' /fallbackfolder='C:/Users/Giupczzc/AppData/Local/Temp/nsf6C6.tmp/fallbackfiles/'


							"C:\Users\Qktvxmaf\AppData\Local\Temp\nsk591F.tmp\Qtmfoybvc.exe"


							"C:\Users\Teacgrni\AppData\Local\Temp\nss52C6.tmp\Nyrlrnmjpfvz.exe"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\32ca1161b68d11fe2227ee429c7f7cbe08eaa925_0004119376.,LiQMAxHB


									open c:\users\user\downloads\utils.exe /parent='5c2dfd99c78634be628099bfe6936252333b14ae_0000087968,sandboxtool.exe,sandboxhandler.exe,cmd.exe,svchost.exe'


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\74a93f8557b0707b68ba6ca4e5cbb92a898362b8_0000400896.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\df72b592a3e393ea2ff331ae5b635a8d47542546_0000131432.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e0240a003c75c4c04195264755ee1c1ce462858b_0000177640.,LiQMAxHB


									C:\Users\Fklrecvy\AppData\Local\Temp\nstE94E.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe  /baseInstaller='c:/users/user/downloads/745c64db0995b6696aff4cf39bd779807226d192_0000962040' /fallbackfolder='C:/Users/Fklrecvy/AppData/Local/Temp/nstE94E.tmp/fallbackfiles/'


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6fa91c84b9e12e7c6f5e3bde2f84165cd69501c2_0000174568.,LiQMAxHB


									open c:\users\user\downloads\utils.exe /parent='189396285207f11306aac0f0edd37aa95d90ef4d_0000120168,sandboxtool.exe,sandboxhandler.exe,cmd.exe,explorer.exe'

CrossRider

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

O CrossRider e os Complementos Problemáticos para os Navegadores da Web Similares

Problemas Associados ao CrossRider e Outros PUPs

Como Lidar com o CrossRider

Outros Nomes

SpyHunter detecta e remove CrossRider

Detalhes Sobre os Arquivos do Sistema

Detalhes sobre o Registro

Diretórios

URLs

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Tendendo

Mais visto