Adware.ConvertAd

By CagedTech in Adware

Threat Scorecard

Popularity Rank:	8,531
Threat Level:	20 % (Normal)
Infected Computers:	156,452

First Seen:	February 17, 2014
Last Seen:	February 4, 2026
OS(es) Affected:	Windows

Adware.ConvertAd is adware that may display unwanted pop-up ads on the PC when the computer user is visiting online shopping and social networking websites or any other websites. If the PC user clicks on the pop-up ads displayed by Adware.ConvertAd, it may forcibly reroute him to unreliable websites that may be commercial ones. Adware.ConvertAd may be added into the Web browsers such as Internet Explorer, Mozilla Firefox and Google Chrome while the PC user is installing free software from unprotected download websites. Once installed on the PC, Adware.ConvertAd may make modifications to the default browser settings and substitute the default start page and search engine or a new tab page with an unknown website. When the computer user attempts to look for anything on the Internet in any major search provider, Adware.ConvertAd may show the relevant toolbar on the Web browser that may deliver a variety of pop-up ads carrying sponsored links pertaining to the computer user's browsing routine.

Table of Contents

Aliases

10 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic6.AZMY
Fortinet	Riskware/ConvertAd
McAfee-GW-Edition	Artemis!PUP
Avast	Win32:Adware-gen [Adw]
Symantec	Trojan.Gen.2
McAfee	RDN/Generic PUP.x!cxr
McAfee	Artemis!818A1109EFF6
McAfee-GW-Edition	Artemis
Panda	Trj/Genetic.gen
Kaspersky	UDS:DangerousObject.Multi.Generic

SpyHunter Detects & Remove Adware.ConvertAd

File System Details

Adware.ConvertAd may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	kns90fdad7d-10c6-434d-b82a-ca5f94a01187.tmpfs	9851dc8220696a7c5045dcef8d7b7117	130
Name: kns90fdad7d-10c6-434d-b82a-ca5f94a01187.tmpfs MD5: 9851dc8220696a7c5045dcef8d7b7117 Size: 387.58 KB (387584 bytes) Detections: 130 Path: %PROGRAMFILES%\90fdad7d-10c6-434d-b82a-ca5f94a011871488622560 Group: Malware file Last Updated: August 5, 2017
2.	kns57.tmp	a28b9370844d23488be1edb68826e713	42
Name: kns57.tmp MD5: a28b9370844d23488be1edb68826e713 Size: 451.58 KB (451584 bytes) Detections: 42 Type: Temporary File Path: %PROGRAMFILES(x86)%\21340460-1473955649-11DD-9488-7824AF3CEADF Group: Malware file Last Updated: September 23, 2017
3.	prot7f8e1817-3fff-4e65-b89c-1052fd85f050.tmpfs	f10e3ddf2ee41bba95111a228aa3eef2	18
Name: prot7f8e1817-3fff-4e65-b89c-1052fd85f050.tmpfs MD5: f10e3ddf2ee41bba95111a228aa3eef2 Size: 256.51 KB (256512 bytes) Detections: 18 Path: %PROGRAMFILES(x86)%\7f8e1817-3fff-4e65-b89c-1052fd85f0501484592955 Group: Malware file Last Updated: August 5, 2017
4.	kns894.tmp	8d8a7111649c6af16b429fdbdfcbbab8	16
Name: kns894.tmp MD5: 8d8a7111649c6af16b429fdbdfcbbab8 Size: 408.57 KB (408576 bytes) Detections: 16 Type: Temporary File Path: %PROGRAMFILES(x86)%\4B1A74DD-1482894632-11E2-BFC4-4888BF0C9076 Group: Malware file Last Updated: September 23, 2017
5.	kns7f8e1817-3fff-4e65-b89c-1052fd85f050.tmpfs	fa75ea63cb525f86aee39543eca18021	16
Name: kns7f8e1817-3fff-4e65-b89c-1052fd85f050.tmpfs MD5: fa75ea63cb525f86aee39543eca18021 Size: 465.92 KB (465920 bytes) Detections: 16 Path: %PROGRAMFILES(x86)%\7f8e1817-3fff-4e65-b89c-1052fd85f0501484592955 Group: Malware file Last Updated: August 5, 2017
6.	knsA03.tmp	85eaaab3b34954882ba76aa6dc99fe3f	15
Name: knsA03.tmp MD5: 85eaaab3b34954882ba76aa6dc99fe3f Size: 382.97 KB (382976 bytes) Detections: 15 Type: Temporary File Path: %PROGRAMFILES(x86)%\00000000-1480964000-0000-0000-D8CB8A3B0F14 Group: Malware file Last Updated: September 23, 2017
7.	knsn9C5A.tmpfs	0cee03c69240ed2189f73b13ba3b6585	13
Name: knsn9C5A.tmpfs MD5: 0cee03c69240ed2189f73b13ba3b6585 Size: 698.36 KB (698368 bytes) Detections: 13 Path: %PROGRAMFILES%\03000200-1479681699-0500-0006-000700080009 Group: Malware file Last Updated: August 5, 2017
8.	knse7ec5858-562f-4371-8e83-58341b04fb5e.tmpfs	16bda2ec7ecd31adad1e8ff884eeb71b	13
Name: knse7ec5858-562f-4371-8e83-58341b04fb5e.tmpfs MD5: 16bda2ec7ecd31adad1e8ff884eeb71b Size: 419.32 KB (419328 bytes) Detections: 13 Path: %PROGRAMFILES(x86)%\e7ec5858-562f-4371-8e83-58341b04fb5e1485121181 Group: Malware file Last Updated: August 5, 2017
9.	kns1c467019-f83d-4727-9eb5-9868f9755c8e.tmpfs	9a01949eee6d6c2e91e548646bf2f491	12
Name: kns1c467019-f83d-4727-9eb5-9868f9755c8e.tmpfs MD5: 9a01949eee6d6c2e91e548646bf2f491 Size: 423.42 KB (423424 bytes) Detections: 12 Path: %PROGRAMFILES%\1c467019-f83d-4727-9eb5-9868f9755c8e1485963173 Group: Malware file Last Updated: August 5, 2017
10.	kns74498612-c276-4e56-807d-cd71d05b1f96.tmpfs	f947888209cfc229287df0f97af70fe0	11
Name: kns74498612-c276-4e56-807d-cd71d05b1f96.tmpfs MD5: f947888209cfc229287df0f97af70fe0 Size: 435.71 KB (435712 bytes) Detections: 11 Path: %PROGRAMFILES%\74498612-c276-4e56-807d-cd71d05b1f961483731102 Group: Malware file Last Updated: August 5, 2017
11.	knsb666101b-38d6-4f29-9eaa-17a90ea9a872.tmpfs	2d4400dde8187a7e5a79842e8df572e8	11
Name: knsb666101b-38d6-4f29-9eaa-17a90ea9a872.tmpfs MD5: 2d4400dde8187a7e5a79842e8df572e8 Size: 444.41 KB (444416 bytes) Detections: 11 Path: %PROGRAMFILES%\b666101b-38d6-4f29-9eaa-17a90ea9a8721486534473 Group: Malware file Last Updated: August 5, 2017
12.	knsc1B2.tmpfs	f99ebf278ebe0bd70583a6dcf8bbe04b	10
Name: knsc1B2.tmpfs MD5: f99ebf278ebe0bd70583a6dcf8bbe04b Size: 416.25 KB (416256 bytes) Detections: 10 Path: %PROGRAMFILES%\050C7CDD--1848-A982-4EAC1DE24B3A Group: Malware file Last Updated: August 5, 2017
13.	kns7a04456f-d56a-491d-8a04-59b66721829d.tmpfs	ad9dcb43ea49388fea23fef7f66bf3d4	10
Name: kns7a04456f-d56a-491d-8a04-59b66721829d.tmpfs MD5: ad9dcb43ea49388fea23fef7f66bf3d4 Size: 516.09 KB (516096 bytes) Detections: 10 Path: %PROGRAMFILES%\7a04456f-d56a-491d-8a04-59b66721829d1483485515 Group: Malware file Last Updated: March 12, 2020
14.	knsef68ade1-6975-45b5-9fba-08bb1a1a9fc5.tmpfs	0d9a6ddefe57c2944fc836fd5380076c	9
Name: knsef68ade1-6975-45b5-9fba-08bb1a1a9fc5.tmpfs MD5: 0d9a6ddefe57c2944fc836fd5380076c Size: 408.06 KB (408064 bytes) Detections: 9 Path: %PROGRAMFILES%\ef68ade1-6975-45b5-9fba-08bb1a1a9fc51483803071 Group: Malware file Last Updated: August 5, 2017
15.	kns44973763-5bc9-481a-9d90-baf3d0063b1e.tmpfs	1d126324559192faf81a66c7e7ef4812	9
Name: kns44973763-5bc9-481a-9d90-baf3d0063b1e.tmpfs MD5: 1d126324559192faf81a66c7e7ef4812 Size: 461.82 KB (461824 bytes) Detections: 9 Path: %PROGRAMFILES%\44973763-5bc9-481a-9d90-baf3d0063b1e1484428075 Group: Malware file Last Updated: August 5, 2017
16.	prot0b39545c-bb10-4f60-9c79-494e87878e7a.tmpfs	2e7cf795f223e7c91fc218856b7340ab	9
Name: prot0b39545c-bb10-4f60-9c79-494e87878e7a.tmpfs MD5: 2e7cf795f223e7c91fc218856b7340ab Size: 273.92 KB (273920 bytes) Detections: 9 Path: %PROGRAMFILES%\0b39545c-bb10-4f60-9c79-494e87878e7a1484592062 Group: Malware file Last Updated: August 5, 2017
17.	prot8999f45c-8c55-4138-8360-2f30ed82ebcc.tmpfs	b14fd4e363ca43608a448e79cae9571c	9
Name: prot8999f45c-8c55-4138-8360-2f30ed82ebcc.tmpfs MD5: b14fd4e363ca43608a448e79cae9571c Size: 299.52 KB (299520 bytes) Detections: 9 Path: %PROGRAMFILES%\8999f45c-8c55-4138-8360-2f30ed82ebcc1484612757 Group: Malware file Last Updated: August 5, 2017
18.	knsb0930e23-a479-48b3-afc7-92d17a5aabaa.tmpfs	6c6b83f5885101fd2c6ea3fe3c504cf0	8
Name: knsb0930e23-a479-48b3-afc7-92d17a5aabaa.tmpfs MD5: 6c6b83f5885101fd2c6ea3fe3c504cf0 Size: 470.52 KB (470528 bytes) Detections: 8 Path: %PROGRAMFILES(x86)%\b0930e23-a479-48b3-afc7-92d17a5aabaa1483732518 Group: Malware file Last Updated: September 23, 2017
19.	kns42bb99cd-2435-4950-b740-4fcf0b60e655.tmpfs	7892319978cde29a88b392510133576a	8
Name: kns42bb99cd-2435-4950-b740-4fcf0b60e655.tmpfs MD5: 7892319978cde29a88b392510133576a Size: 490.49 KB (490496 bytes) Detections: 8 Path: %PROGRAMFILES%\42bb99cd-2435-4950-b740-4fcf0b60e6551483942089 Group: Malware file Last Updated: August 5, 2017
20.	kns8bfd0e7f-ea9a-4b03-9a4e-84fcea8fa4dd.tmpfs	2fed3a282ce968fbbf260ac5b7f219d7	8
Name: kns8bfd0e7f-ea9a-4b03-9a4e-84fcea8fa4dd.tmpfs MD5: 2fed3a282ce968fbbf260ac5b7f219d7 Size: 451.07 KB (451072 bytes) Detections: 8 Path: %PROGRAMFILES(x86)%\8bfd0e7f-ea9a-4b03-9a4e-84fcea8fa4dd1484212401 Group: Malware file Last Updated: August 5, 2017
21.	prot9f5a8939-f3c1-4a5f-a38e-92f54a8783e3.tmpfs	a188298e070b11a93cf7bbdc91bc1d28	8
Name: prot9f5a8939-f3c1-4a5f-a38e-92f54a8783e3.tmpfs MD5: a188298e070b11a93cf7bbdc91bc1d28 Size: 239.61 KB (239616 bytes) Detections: 8 Path: %PROGRAMFILES(x86)%\9f5a8939-f3c1-4a5f-a38e-92f54a8783e31484759721 Group: Malware file Last Updated: August 5, 2017
22.	kns15bfe828-271a-475b-bb04-cf1fb22b6b3f.tmpfs	09bb9765282cb61e2c55aa0b84dcd8e5	8
Name: kns15bfe828-271a-475b-bb04-cf1fb22b6b3f.tmpfs MD5: 09bb9765282cb61e2c55aa0b84dcd8e5 Size: 399.36 KB (399360 bytes) Detections: 8 Path: %PROGRAMFILES(x86)%\15bfe828-271a-475b-bb04-cf1fb22b6b3f1485065070 Group: Malware file Last Updated: August 5, 2017
23.	knsa66ec34f-6bf6-4ddb-85fa-66b24a7b1978.tmpfs	cbd56a8711a331a9bdca7ea74437ddbf	8
Name: knsa66ec34f-6bf6-4ddb-85fa-66b24a7b1978.tmpfs MD5: cbd56a8711a331a9bdca7ea74437ddbf Size: 541.18 KB (541184 bytes) Detections: 8 Path: %PROGRAMFILES%\a66ec34f-6bf6-4ddb-85fa-66b24a7b19781489270291 Group: Malware file Last Updated: August 5, 2017
24.	IGSrv.exe	ef8ef39706d2997607ed7970fa6a7455	2
Name: IGSrv.exe MD5: ef8ef39706d2997607ed7970fa6a7455 Size: 120.32 KB (120320 bytes) Detections: 2 Type: Executable File Path: %USERPROFILE%\Local Settings\Application Data\igs Group: Malware file Last Updated: October 13, 2017
25.	file.exe	c7273a3f8ddbf11c5d6041f30edeba21	0
Name: file.exe MD5: c7273a3f8ddbf11c5d6041f30edeba21 Size: 414.2 KB (414208 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: January 30, 2017

More files

Registry Details

Adware.ConvertAd may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Windows\CurrentVersion\Run\SearchmeToolbarST

Software\SearchmeToolbarST

SYSTEM\ControlSet001\Services\ginoquci

SYSTEM\ControlSet002\Services\ginoquci

SYSTEM\CurrentControlSet\Services\ginoquci

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

CA Research

ConvertAd

PopupProduct

Directories

Adware.ConvertAd may create the following directory or directories:

%APPDATA%\SearchmeToolbar

%LOCALAPPDATA%\CA Research

%LOCALAPPDATA%\ConvertAd

%LOCALAPPDATA%\igs

%PROGRAMFILES%\Programc

%USERPROFILE%\Local Settings\Application Data\ConvertAd

%USERPROFILE%\Local Settings\Application Data\igs

%WINDIR%\System32\config\systemprofile\AppData\Local\ConvertAd

Analysis Report

General information

Family Name:	Adware.ConvertAd
Signature status:	No Signature

Known Samples

MD5: eeea3662d8aa2ce5daaef6c3e6a19a30

SHA1: 3131412c31a3b15be8bcb57e1883675e14ea5e50

File Size: 93.47 KB, 93472 bytes

MD5: d350cd5d36b4871b8601e4e85663eeee

SHA1: ca7bf28784e224203ceaae4f36b7039630e13c3c

File Size: 80.64 KB, 80641 bytes

MD5: 24503352fc4511c7a4a1b1d5352f323a

SHA1: 2d6171766a0dac2ca119229177c108606e5290f5

File Size: 86.90 KB, 86899 bytes

MD5: 64927067e659777b641fdfe150866656

SHA1: f594a5bfa12bac8948a78f60de6eea576def16f9

File Size: 1.11 MB, 1114843 bytes

MD5: 5fe625d8f01c13457ec474f3b74bc038

SHA1: be15bcb5dd1ed7b3d94b01c4bb6d2770ffd23549

File Size: 66.71 KB, 66712 bytes

MD5: 3d1e193b93fbce21b18d3b3f3ff42758

SHA1: 011b42548b6f491f3c0fbf3b272a284e39054e4c

File Size: 87.03 KB, 87032 bytes

MD5: 0b768a936dd9b1dd1d156c017f5192be

SHA1: cb94058a6a0fff884288a38e6f6c69583f1b1618

SHA256: 410BD1F2803D6D5396E0959A25185A6F706FD794A67884D44B1F59462B32BCAB

File Size: 65.97 KB, 65965 bytes

MD5: 92d8d390c2277a7ab32de256f5ce4d22

SHA1: c31cadeb03370b141d608d21d13e630f5af16b0b

SHA256: 6197939385B9036D5CF7E8228B84FC0C6FB17380000FD3945D7118BEB1929E4C

File Size: 344.81 KB, 344813 bytes

MD5: 571ff48ac12ee6e34db21a99d0a819ba

SHA1: 3caef3705c91898d866927263e9984ddbb87494a

SHA256: 719B67675B0EC1602CDE66AFA0FB81B3F3AA02694E132CAADD701207B1C7BB7A

File Size: 1.07 MB, 1073158 bytes

MD5: 3243d95cc89e1cfa63d06bb31f4f52f3

SHA1: 77f9a999ebca22248249f3b9052167fc450415ee

SHA256: ADD5FC44179E62C27A8376E482D1144C3632699D87CEFAA8D04146B5453CA7E6

File Size: 339.42 KB, 339420 bytes

MD5: 5a043757da8a06bfd84c430d85a61161

SHA1: afb2b9f278709e2e141273d87388372dc5a8f567

SHA256: 6E86C145A69399D3FB9EC359018DAC8A73330BAAE97A2139F0754B5F84BA9B5A

File Size: 65.28 KB, 65285 bytes

MD5: 0401728c4705fe29505244f6fd5493df

SHA1: 59bf4a24fdecca11c38d08123eb63fe085de9db1

SHA256: 2938FA7242028DE1273EAA0D5DE34DF012E27F5BBC5393040824525C6DC6E2DD

File Size: 87.16 KB, 87159 bytes

MD5: bf3672408e474368c4762e043fd44e05

SHA1: 112558a769e473e15e0fa1ae7557234117e9a763

SHA256: 3E0ADA0F43C1633D220F6248D3C2257EC6906A0A6B99169EB153DCC959FC3A71

File Size: 861.81 KB, 861813 bytes

MD5: cbdf2ba86ff0c2271571a3781b9009cd

SHA1: 32a39fac69ae46d5fd547ed46cde32639e5a712a

SHA256: 20B75D036CCAA04948DCD23BFA98E69EE9687D6B1E3FFA0AC851F2E78A7D2771

File Size: 318.32 KB, 318318 bytes

MD5: 26e26f5d291388c2ac96913fbfb6487a

SHA1: 64f533191c4843598712a1ba652ee9c92c0fd802

SHA256: 710C397B3DB8E1C1DBADAFABA65F2D8A328578D3FC579D7A45DC635BD32A0B1A

File Size: 92.26 KB, 92261 bytes

MD5: d9b2561d40901be1e704d156a2bdccfa

SHA1: 2aac0577add46c4211d29fe5507c4ac4afada074

SHA256: 67F714218D51464D44CA18E6A593B823B4067697DEB04DB2D3DA985A36E75377

File Size: 64.64 KB, 64641 bytes

MD5: 0fc5ff284ab8347b2e4bcb8bbdd32e98

SHA1: d5c5f175dc2308ae11ca717f33426149c9cfed91

SHA256: 2C0AC0AA6D014ECBA4628DA897B684BAE6A836CD1B7F2CA58768F04197F30893

File Size: 359.16 KB, 359160 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
File Description	Fozzy Printer install
File Version	1.0.0.0
Legal Copyright	(c) 2014
Product Version	1.0.0.0

File Traits

Installer Manifest
Installer Version
nosig nsis
x86

Block Information

Similar Families

AdGazelle.A
Downloader.Agent.TJ
Mobogenie
SearchSuite.C
Zusy.CA

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nsa592e.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5b39.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa5b39.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa5b39.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb5d83.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsc2e44.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd3e9d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsdd2af.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsec5e8.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec5e8.tmp\inetc.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsec5e8.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsed39b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf445d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsff5f7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi4bb2.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsi4bb2.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi4bb2.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj330a.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk5843.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5b90.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5bed.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsl61f1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsla479.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd99.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsn2e84.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn2e84.tmp\wmiinspector.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsnbf61.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso3192.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso55e2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsp64b8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp6507.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq2463.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq2463.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq2463.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq5b60.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq6135.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsrbea3.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nss6790.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss6790.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss6790.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nstc337.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu4382.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsuc5a9.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv2442.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv595e.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv595e.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv595e.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsv5b19.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvf6f2.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4b72.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6770.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyc357.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyc357.tmp\inetc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyc357.tmp\inetc.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsz5759.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads	Synchronize,Write Attributes
c:\users\user\downloads\2aac0577add46c4211d29fe5507c4ac4afada074_0000064641	Synchronize,Write Attributes
c:\users\user\downloads\2d6171766a0dac2ca119229177c108606e5290f5_0000086899.exe	Synchronize,Write Attributes
c:\users\user\downloads\59bf4a24fdecca11c38d08123eb63fe085de9db1_0000087159	Synchronize,Write Attributes
c:\users\user\downloads\64f533191c4843598712a1ba652ee9c92c0fd802_0000092261	Synchronize,Write Attributes
c:\users\user\downloads\afb2b9f278709e2e141273d87388372dc5a8f567_0000065285	Synchronize,Write Attributes
c:\users\user\downloads\be15bcb5dd1ed7b3d94b01c4bb6d2770ffd23549_0000066712.exe	Synchronize,Write Attributes
c:\users\user\downloads\cb94058a6a0fff884288a38e6f6c69583f1b1618_0000065965	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Suzbnvfy\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Suzbnvfy\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Suzbnvfy\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Vzqhvwcc\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Vzqhvwcc\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Vzqhvwcc\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp\??\C:\Users\Mfnkr	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp\??\C:\Users\Emtdf	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Yfcipuan\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Yfcipuan\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Yfcipuan\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp\??\C:\Users\Naagr	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::proxyenable		RegNtPreCreateKey
HKLM\system\controlset001\services\nlasvc\parameters\internet\manualproxies::		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetReadFile

Shell Command Execution


							"C:\Users\Suzbnvfy\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							"C:\Users\Vzqhvwcc\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							"C:\Users\Mfnkrwlp\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							c:\users\user\downloads\VOsrv.exe remove


							"C:\Users\Emtdfqct\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Yfcipuan\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Naagrnco\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Iztngbop\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Cpfdojws\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									proxy_remove_cmd_xp


									proxy_remove_cmd_win7


									"C:\Users\Ylrizhkn\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Vicgqnrq\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\

Adware.ConvertAd

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Adware.ConvertAd

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed