Multi-License Discount Quote

Change Region

English
Threat Database Adware Adware.DownloadGuide

Adware.DownloadGuide

By CagedTech in Adware

Threat Scorecard

Popularity Rank: 4,387
Threat Level: 20 % (Normal)
Infected Computers: 23,775
First Seen: January 18, 2013
Last Seen: April 13, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Adware.DownloadGuide
Signature status: Modified signature

Known Samples

MD5: 86f5fb3a59e0d9b9a7e0a8238947e55c
SHA1: 99c7c6692a7907b805718de1824c11d0b1c25e93
File Size: 560.61 KB, 560608 bytes
MD5: ad9a77b5bd01b5ba38be024cd4978e0e
SHA1: 2bf9a07b3787954589461e6cda9d20f45786f9a1
File Size: 560.63 KB, 560632 bytes
MD5: 0f21e2bdd862ccfc30b416c1b2cf595b
SHA1: 37aebae09991701165feeb5f540223ae0340bf9a
File Size: 560.58 KB, 560584 bytes
MD5: c89c3e6f79094350405da4cdcabc25bd
SHA1: 789c0ae8c527b60a68d97aa4f3d9c202df959370
File Size: 560.66 KB, 560664 bytes
MD5: d93a210a1350bbc6c8510128358b1b99
SHA1: 3cc9a265aeaec23a64b42e85f2be1ff2f95413a9
File Size: 560.55 KB, 560552 bytes
Show More
MD5: 5a13fc30bf719553f4f5871cf71ca8f0
SHA1: e5f1fa3cffe5d2639e93fc2edf2f5b6953aaf25c
File Size: 560.75 KB, 560752 bytes
MD5: 4a71696e71e2f3f9e10d813ba866e874
SHA1: 102bcfcfa7cfa8d08d51bb5a91ee9f7260cce464
File Size: 1.00 MB, 1004616 bytes
MD5: 5758c7b19f97ae8a368b08bc8a39f884
SHA1: 8fc5528a9385156a72d17400d26b3471cfea76f1
SHA256: A650BF66E0EFA8EF591EAEA893C50DBD19B5A015571FD4EE1209C670034BC31A
File Size: 553.02 KB, 553024 bytes
MD5: 4f45a0dbf09b047946a5b337f536aca6
SHA1: 417f6ea5fbd9952ab3a9826b2de448ae1f1d14a3
SHA256: 4E60980A6E297AA809A51E1AC5F9507C1511979B83FAAC433BCCE4EE88D66D2F
File Size: 560.63 KB, 560632 bytes
MD5: b4e8e7cde69a6f8a46cb9387fc310351
SHA1: 3329bb0b6b648ad84679ca576a6735dda0a4952c
SHA256: CED93FFF98F55B414CB783B18744C099DDD26D41170B21819E3EABED54BAD9BA
File Size: 851.97 KB, 851968 bytes
MD5: 9ce9bc35c5776babae94fbc0bc0bbc46
SHA1: 79ce06e93a54945b75208932d753ab7fe39930b3
SHA256: 5ABE3542519FE92B77DFD9AFCC6A92F08AA54695C26B4FF1792D0240D022FD7A
File Size: 617.31 KB, 617312 bytes
MD5: 2881c58a857569fb713ae9041f8bc27d
SHA1: 4e7ef96190d3b68f04593deb3e098b476b8f1df4
SHA256: 96BE302E08DF07FEE0968F30427585A7075CBB4A53C238DCAFBE2A35558862D3
File Size: 1.31 MB, 1312352 bytes
MD5: c3096b2cbce9958f5553eae9f87c01d5
SHA1: def1c4afb04e34cdbc3a38ad3d3aa591bf9bb7db
SHA256: B3A698FA3CE24C49597858AAA3B5041A3DFE273C6F3981E4D40CD9C01E6EB662
File Size: 580.45 KB, 580448 bytes
MD5: c48a0f06dfa29c955570b603d709eec2
SHA1: 0036274a03f473cee8cfa0d8d8467c3c779d047f
SHA256: D845E2F7E061AF9E9F843DC11D3E020F3B0144BA23F5B12A2BEC1525CDC77232
File Size: 560.65 KB, 560648 bytes
MD5: b3c04eb926842275ed38fdb5cf2dc3bf
SHA1: 7822d750d2ba64fee8af89eb5c5a878ba214739f
SHA256: 90DF8C8B472D4F7A46D2F30822DE94EC7B0424492CEC676D5A38779712A0A3AC
File Size: 560.66 KB, 560664 bytes
MD5: 132e7f62216215e48ce9cb2299af474e
SHA1: c9561262a886a154959e319b0a37b41db54e8068
SHA256: 0D657E47DB813EF100518513DF1390B1446261717BF39F06ADFE97F5AB209FD7
File Size: 560.56 KB, 560560 bytes
MD5: 3d083db53d555eb293de8f9d22df2d62
SHA1: 98cf0f8f0fac88eae3a7a29e3c36187558450bdd
SHA256: 35050EC5CB96FDD13D2D6A4F56A6643F047E4CDBD22EB76E62C558A3C5755A93
File Size: 563.86 KB, 563856 bytes
MD5: cc798fb056af98fed512f5f3035c6b35
SHA1: 7ba1c4d1a730cf136415ca78970adb238c8f85a0
SHA256: 9E001AE0DB2006427102BF18210947581EE013D3008966CF97A6CE2F3404379A
File Size: 8.77 MB, 8772576 bytes
MD5: e051347a1482e356e8943534adb243f6
SHA1: 0a8c19d343185e8d866ef0aa7c24a06e64c98884
SHA256: 994845DC0643160CD1CC793E0969D32DE7C640C7D3D6F64C4DD2BDA9AC5F6C7F
File Size: 362.97 KB, 362968 bytes
MD5: ea0fc8194264c34bd93cb3c9877a895e
SHA1: bed1fc1e83c73432d2fd1e902c8f027a0abe1783
SHA256: BE292EF69E9791ED81E36C6B5D53A86A1FF0F875C9E6D970D9B23CE22ABDE9B5
File Size: 560.54 KB, 560536 bytes
MD5: 603de775d359b15aaee7d4f770b4d02c
SHA1: 986a25c4774057eb32b76927fc8fbdbd702a8e1b
SHA256: C9D656C30D2B8671BEC5748D3293A09B0345A95CE85A7A1B5409BAD3C487D2F0
File Size: 540.07 KB, 540072 bytes
MD5: c2188085df9177e70efe956c3aaa49d1
SHA1: ecbaa0791f7dd778f1972787fc8747661acfd9b4
SHA256: 5CEF3A59C8281B52E753D3CB0E2E63F6EA85953830E6046FFAADAB66CCEB5529
File Size: 559.78 KB, 559784 bytes
MD5: d0c7ceeb7035a39ffcd842d8cc46f6ec
SHA1: 1b9dafd13691727ca70be6b865eaf7a3997597ef
SHA256: B780080ED48DBE5CEE4EF81E89C224EF6EA672C2CCA8A50A74D85A018EC30AAA
File Size: 560.94 KB, 560944 bytes
MD5: 6a13325ab2483d1c635392503d3529eb
SHA1: 85a037e1c5db94f840b46775ec25c1d984b85a9a
SHA256: 1305676325054380BA54723BBA6F427550492721913FCF5ED4AD356746696783
File Size: 558.72 KB, 558720 bytes
MD5: 5612b881d9ecd8b0cb08e1287c347fa7
SHA1: 147e6c15c8d9fbc345be9bd459bda99cf7b263ed
SHA256: C26CFE0FDD258AA1F4513142ACEA157D42983AAABECDDB8376CA8AED462BE38D
File Size: 560.62 KB, 560616 bytes
MD5: a4551a5aa452ee64144e26345b13d0bd
SHA1: f364e3ca13a4d611f55912445c4612b25246b451
SHA256: 0A959C02F5BDD5F5E3A00325A913AA2A36D5862A668E4E307C9E5F4688F3F768
File Size: 560.67 KB, 560672 bytes
MD5: 7e86f743c367e6ceb9307fdc97c6d53c
SHA1: 057b8c8564a6a62d110b24dfb26f38c406e2a679
SHA256: 227CECA8E58BC7AAE891E3AF62E5CBEECFB318AF12CB26CE263B8A7A8BD55485
File Size: 560.69 KB, 560688 bytes
MD5: 63ec6992f6b2c3d5025dc24352e86622
SHA1: 12f9754d5a84092eeede08dd73465c9e0a241d9a
SHA256: 97B0ADC4951639E89415042C2A652CD428C7D198B4DE809B218363E80341E72D
File Size: 624.12 KB, 624120 bytes
MD5: 8311c59ea5c07f5c27c1326b83fe3e9f
SHA1: be69935b2716bca92d45b43246239a7545d4099a
SHA256: 6C9729999FFA9086FA8B22FF26563891AFEC0BCB76DBA13F7274D2D96490C229
File Size: 560.64 KB, 560640 bytes
MD5: a0705d5f5ca14328b536764b10561ef2
SHA1: 48e2c4cf6b0c6182aa402f7b4a977d70b9b9ecb5
SHA256: 0EFC4BC7C928F1C11D459597F5EB2EFBEDC703CC4C839762AC1661B6DBD44AEB
File Size: 560.52 KB, 560520 bytes
MD5: d209093d6215b5482213aac55cb718af
SHA1: ca409f927df9cb4fa715e0e0387eeb4e891b0df3
SHA256: C0CE34FB8C7FD0160125348745471A2998480B2C67E95CDFF680761D011C3E11
File Size: 560.68 KB, 560680 bytes
MD5: 7333d58050f7d1dbc7005ce02872bd4e
SHA1: f872f2ab48a605db3e4322fbe57f886c589f6594
SHA256: 2F91F792BF6E8F5A1F16BF3FD8907903DA0BCA6CB90D76A7542B5FABBFA69D5D
File Size: 560.75 KB, 560752 bytes
MD5: bf02c8c4c915a55ea6b65c2ace49cd99
SHA1: 53b35d68895fa505c6ab52cd2d8c9339b62e661f
SHA256: 6B41ED92C0E827C50E49DD0E980538E7E3C7A547CBA1590EE7ABDFC8945CCF17
File Size: 1.69 MB, 1689008 bytes
MD5: 2835f2d6cf3456db6d6f7e6a742fe2b1
SHA1: 393a2109dcdc3dde7675b69973443d3850861d7a
SHA256: 9F11E91893C61F0C1B157CF0AF16FC0A52ED6D927374039F41EAEC9639C64881
File Size: 559.85 KB, 559848 bytes
MD5: 0a2bd3dec38b0466b2d8a9fd23ea17a3
SHA1: 04a2b94aae60b969f43798ceaeff942d7fc78bc0
SHA256: EA69F66F1557871CA1E776FD0323C5DCC1A82F61EE85D2E4927CFC8BA5FCAE96
File Size: 1.17 MB, 1168816 bytes
MD5: 701dabd9fb68d0b874fa644d326c94bc
SHA1: b716186c94dec570b51d560627cc23faeb8e4e5e
SHA256: 3C84D59B0709371118C2C3293254CBE15EC01ED436B25ABEC797C0298DF182B1
File Size: 543.40 KB, 543400 bytes
MD5: 6897b7b9d0ae6122dcca17277ed77d94
SHA1: 33c3ebea9e1855a57657aaec0e04d5288ea5eceb
SHA256: 6B9E7843C277268E02AA90ACEA9F2994ED6AC3526314F805E16858BC2399C365
File Size: 560.68 KB, 560680 bytes
MD5: 2b172fd6624e1c4f17112b598f68e729
SHA1: caf63e79b567ff6e93383cff5e772b9b5ee62c3d
SHA256: C0B9F102ED5E4A83636B8281C78CA70C28DAF9BF49E80132C787EAA1114BCC77
File Size: 580.66 KB, 580656 bytes
MD5: 1920e428dbe0a4b7a7558f763da1d485
SHA1: a5ba1e4e0896859dcb3f9ffcdf4e2b593b9fd9df
SHA256: 64EC80FB5D3AD3181F7DBE28D0DF1E128928E8D5E1A53C1A487A49136572979A
File Size: 560.72 KB, 560720 bytes
MD5: d5ac083fb30ccc2cc76ffecb37430519
SHA1: 2fac2e009a1e051d7d09081f679eb53ef056dc1f
SHA256: 4AF422E8E6C627FFD6D59DF5B9868A463A41BF982CF917A65BB958EBA1CF8F17
File Size: 565.34 KB, 565344 bytes
MD5: 6607a4aa3b69beff8ea6a3528aaf141b
SHA1: f7659d53e1834034c1e66128311ca3a0ee08a52d
SHA256: CBD9941963E7547FA5E0A011F89AEE69C89279DF93F4F3F2176343AD852DBEC4
File Size: 6.62 MB, 6618008 bytes
MD5: a1c2bd3f621ce71cad34af251a8ec2e8
SHA1: 213a1ef0254418fd10692095d37fbd9b52585a87
SHA256: 51D80A64793E1266DF2CC31DCDC6A1AC2E055CFF342AFC10620F56D6FFA1B693
File Size: 5.32 MB, 5319376 bytes
MD5: 7fe3ec88dcba9ebbc75a79f6e0667a14
SHA1: 20f549b2fc03180eb4c483510c77e006ba31aa8b
SHA256: 92190B7D74357F904F4E43B88DF78B0CB475E6316A756AC0A6B7B3B0C903B52C
File Size: 818.00 KB, 818001 bytes
MD5: 29745a0eb6924c8b61d353acb8647212
SHA1: 2cf420d943e567c818a21ffa35c6389056d069d1
SHA256: 98EA6AAB96A22331EF84EEC7F28B33F5B0EBD74E5179986F023F965C4ADBF1DC
File Size: 1.14 MB, 1140400 bytes
MD5: 8aa2387f3f034d781e34b701cbb5e9b1
SHA1: f50b302222550725ad3f6961b3329a9ac8651abd
SHA256: 2F72A80BEFFC4C022C8C064E4FF901E5CE570F232926D4D8EF57C50DF293C4BC
File Size: 5.09 MB, 5085992 bytes
MD5: cd8b48234331ee015eb53176ec76628b
SHA1: f5011364dbbf7609e76a1433fceed7451e8f2cdc
SHA256: 9EEC08119D8882B7F7E51F0776B5FCDE9707462C6A1F6DDEDBCFFFDC2FDB15A3
File Size: 557.63 KB, 557632 bytes
MD5: 3599e6dc13a1d5c51f5a0e5b37e03cf3
SHA1: 7cd8547eb0aebc98ce2c32fb26feac5e95a13f60
SHA256: 3FC1655D326CBA1EA99643CAF227B6E5740E4F459EA6DD165443B3FF0DD12D96
File Size: 560.68 KB, 560680 bytes
MD5: a4640c2e41472fbea40b8723a582a46d
SHA1: ada98df9596831ff8280e7d1c61aa90691aac955
SHA256: 6F107646440A9B920CA4CD31751285AB12C7AB4E9E6A83905126786259B9C2C6
File Size: 560.63 KB, 560632 bytes
MD5: 1d1a662283e7a8b42450e50b71d9eb06
SHA1: a2ee98f95405d698249db94d8e763401c06ac0e7
SHA256: 3B7B61D6CFF05701C61FD81122D9F91729FF8852437F55C9F38BCFE11E33B08F
File Size: 606.29 KB, 606288 bytes
MD5: 5b9f801a0c0e984e8c82311e91b9d88f
SHA1: 9b8b9e04962aa732d346621339a410801e1172b6
SHA256: B5A5B4D86024847B64DEFD1D987191F036A099F5EBCD38F7BE5A7643684D3F9C
File Size: 1.02 MB, 1020304 bytes
MD5: e74dc57e8e9d74f21e75dc79b8bbad87
SHA1: d011d6d1aa16434a70f29b455c83e484ba61bd9a
SHA256: 6FDDD06DB1763327978F9F67DD309ED2D8A754A8C53BE41F6CF69BB8DA1ACA35
File Size: 53.86 KB, 53856 bytes
MD5: f4931ea6d76a62a0f839a1bbc84cb6fd
SHA1: 32b060ccf5525dcd9da27694da8e42eb32955452
SHA256: 048B7CD4125FA0FB38CA599DDF6A7F827D8F8514A901C5CDD248BF6A4F5A0F81
File Size: 581.99 KB, 581992 bytes
MD5: a8626d68fc60a2c95b5fcf4e0baa4bf1
SHA1: 5f61748830ce5b2a814c9732309186fa51ca1b4b
SHA256: 863D78FA9194BB3AC0D4F6F61B3B8E5E0AF31E0FF1892DD7728780E79E5B0EDD
File Size: 560.70 KB, 560704 bytes
MD5: 5abfe9c080227c95ac835fcb80ba884e
SHA1: b5a53b9135da036a48058c2b0044967b940a5bb9
SHA256: DABC2D69C25A9BCC12CFFD131B6054A35F7403C404FA54614983AADA5DC7A4ED
File Size: 1.18 MB, 1183896 bytes
MD5: edd474ac49295ca9f383180727f14b37
SHA1: 058fdf9b13765e2cf9eea136a96560873107d5d1
SHA256: 98884E2E157C8F771EE04FE57CA58F8B9320831F666682AB5BA7CEB27165F70E
File Size: 560.56 KB, 560560 bytes
MD5: cb268e721ecf269c5334f5f450c35f88
SHA1: d51b1160453c12e70de11884bb7fdad6c3eee82d
SHA256: 4E57EFD2733AEFD9B99A85F4A24E1D8EC5779CB1BBC59D273C18C9E0AD473360
File Size: 617.31 KB, 617312 bytes
MD5: 37ac3f9b4e4a2fca3517bbe87c0ad748
SHA1: 218572dc82a727d0ec2b31813361cc0c8f162ec5
SHA256: A6DDF8A2746139EC8C28EAD88638DE46900674A4CD3E975E1C4BE166167CF6E0
File Size: 1.31 MB, 1313856 bytes
MD5: 621cbb014666e9cd1cdf02d3d171d160
SHA1: 657f15b5c0558f9dd7bdb1c87da8d244958bb191
SHA256: 81313BCDC4EA80076DC021FA3687C356CE4FFC6E2E72FAAD27F8942B27CAA717
File Size: 560.02 KB, 560024 bytes
MD5: e3b1d34d432efd0187079b48da54b34b
SHA1: 2ee52e5817d9952527e58a9c07996e5d51c230a7
SHA256: 1D756EE6F3D0D4CD6BEF8BAB1F754FCE93D94164567244555DFA492B8BF3D3AE
File Size: 1.27 MB, 1267768 bytes
MD5: 03a6137b6eee6623e2d7e5a1f32f8a47
SHA1: f5d0caf109130fa308ccdc2293f6a7aa75aee2d6
SHA256: 8D8DE35E1296440ACBE3AE59E2E8F093A7938E09A4E95416DBA947FDBD9CD93E
File Size: 559.70 KB, 559696 bytes
MD5: 9b6741f2dc4a41a10ef1e428199c6070
SHA1: b39af9ccabd89261447f3bff0ed17f391837d200
SHA256: F28577EB94D0C278343631517DBA9E92B0605953DFF1AC78C6D9E03F26F5E819
File Size: 560.54 KB, 560544 bytes
MD5: 3cef026b0d97f13c6a53600e787a476a
SHA1: 998a7d0fcd44a4ea71b4b59f673a4261ee7b71e3
SHA256: DA6E14ADC6BE75644A6945D5EEF0057839EEDA69C15434CDBC2C6133BB04000E
File Size: 582.22 KB, 582216 bytes
MD5: a06d605679574a6e9233b49f34716ce2
SHA1: 9dbfc3ddb1af938802780f7d452f37209501d3bf
SHA256: C78637928057B2B059EF406F8F2FFB5068B42D27C6ADD548C71161AE87724F09
File Size: 558.70 KB, 558696 bytes
MD5: 20db99ccda5e7d4562a6e2a3fe2b9819
SHA1: 7884af9002b36be632a465cef1e63258d40ec133
SHA256: 63D3C236AE6252238BB08F31719E8DB7B5B8DC0D59FB7B23C1823B175BFEA320
File Size: 559.90 KB, 559896 bytes
MD5: f8318f7fd5abcfdac47c4a1689eabddf
SHA1: a62e962b18b1d0c43ef6ed61551d1a8b86949640
SHA256: 1A3D5F57BCBC7C1727206BF2C88371A7789FC2B363DE3AEF8F1CE3CAE9BC9687
File Size: 709.35 KB, 709352 bytes
MD5: 22fc3992e4ef1bcdc73c4fe3c8f628d8
SHA1: 235c80cf8669bb3717ec62b0a1e8fb5104c60d1e
SHA256: 28A61C8E061E50B4149EA99740FB34CA8299E9F4E9B13A791FB790220BF71FE9
File Size: 560.94 KB, 560944 bytes
MD5: 13d5308c0a32b3bde7d6b2243c1f7c4d
SHA1: 2ea5670b6b746d98611bf9942014cdf0a0946e8b
SHA256: 172DD035E088C629987DBF43A4CE92F30C8EDB0F3E3AE231B366929B65DC47D9
File Size: 560.70 KB, 560696 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

34 additional icons are not displayed above.

Windows PE Version Information

Name Value
Comments
  • OCSClient v5.0
  • This installation was built with Inno Setup.
Company Name
  • AB-Tools.com
  • AnubisP2P LLC
  • CodecPerformer
  • Download Assistant
  • GoodKatShare LLC
  • Igor Pavlov
  • ProNetSharing LLC
  • Shareware.de
  • UltraBoosters LLC
  • VideoPerformer
Show More
  • WebSpeeders LLC
  • www.download-sponsor.de
File Description
  • 7z SFX
  • Anubis P2P
  • Ares Galaxy Turbo Accelerator
  • BearShare MP3 Downloader
  • CodecPerformer
  • ImgBurn
  • Kat MP3 Recorder
  • LimeWire Music
  • Setup
  • Shareware.de Download Manager Setup
Show More
  • UltraBooster BT
  • VideoPerformer
File Version
  • 14.6.20.7
  • 14.6.18.22
  • 9.20
  • 5.9.0.0
  • 5.0.0.0
  • 4.2.0.0
  • 4.0.8.0
  • 3.9.0.0
  • 3.1.0.201
  • 3.1.0.200
Show More
  • 3.0.0.154
  • 1.9.0.0
  • 1.00
  • 1.0.3
  • 1.0.1
  • 1.0.0.2
  • 1,18,0,2719
Internal Name
  • 7z.sfx
  • CodecPerformer
  • ocsclient
  • VideoPerformer
Legal Copyright
  • (c) Download Assistant
  • Copyright (c) 1999-2010 Igor Pavlov
  • Copyright (C) 2016
  • Copyright 2014
  • Copyright @ www.download-sponsor.de
  • Copyright © 2010 by Andreas Breitschopp
  • Copyright © 2012
  • © GoodKatShare LLC
  • © UltraBoosters LLC
  • © WebSpeeders LLC
Show More
  • � AnubisP2P LLC
  • � ProNetSharing LLC
Original Filename
  • 7z.sfx.exe
  • CodecPerformerSetup.exe
  • ocsclient.exe
  • VideoPerformerSetup.exe
Product Name
  • 7-Zip
  • Anubis P2P
  • Ares Galaxy Turbo Accelerator
  • BearShare MP3 Downloader
  • CodecPerformer
  • ImgBurn
  • Kat MP3 Recorder
  • LimeWire Music
  • OCSClient
  • Setup
Show More
  • Shareware.de Download Manager
  • UltraBooster BT
  • VideoPerformer
Product Version
  • 14.6.20.7
  • 14.6.18.22
  • 9.20
  • 3.0.0.154
  • 1.00
  • 1.0.3
  • 1.0.1
  • 1.0.0.2
  • 1,18,0,2719

Digital Signatures

Signer Root Status
COMPUTER BILD Digital GmbH AAA Certificate Services Root Not Trusted
Computer BILD Digital GmbH AAA Certificate Services Root Not Trusted
Persistence GmbH AAA Certificate Services Root Not Trusted
Veleo GmbH AAA Certificate Services Root Not Trusted
WeQ Influencers GmbH AAA Certificate Services Root Not Trusted
Show More
AB-Tools.com AB-Tools.com Self Signed
Freemium GmbH AddTrust External CA Root Root Not Trusted
Gutscheincodes.de Media GmbH AddTrust External CA Root Root Not Trusted
Persistence GmbH AddTrust External CA Root Root Not Trusted
freemium GmbH AddTrust External CA Root Root Not Trusted
Prospera Software, Inc. COMODO RSA Certification Authority Root Not Trusted
APPS CENTRE LP COMODO RSA Code Signing CA Self Signed
R2D2 Tech Software LLC Go Daddy Class 2 Certification Authority Root Not Trusted
Freemium GmbH Go Daddy Root Certificate Authority - G2 Root Not Trusted
ThinkLABs Ltd. & Co. KG Thawte Code Signing CA - G2 Self Signed
Download Assistant VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Prospera Software, Inc. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
COMPUTER BILD Digital GmbH thawte Primary Root CA Root Not Trusted
Free-mium GmbH thawte Primary Root CA Root Not Trusted
SPRING Axel Springer Digital News Media GmbH & Co. KG thawte Primary Root CA Root Not Trusted

File Traits

  • HighEntropy
  • Installer Manifest
  • Installer Version
  • x86

Block Information

Total Blocks: 1,406
Potentially Malicious Blocks: 425
Whitelisted Blocks: 981
Unknown Blocks: 0

Visual Map

x x x x x x x x x x x 1 x x x x x x x 0 x 0 x x 0 0 x 0 0 0 x 0 0 x x 0 0 x 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 x 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 1 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 x 0 0 0 1 x 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 x x x x 0 0 x x 0 0 0 1 0 0 0 x 0 1 1 1 0 0 0 0 0 x 0 0 x 0 x 0 0 x 0 0 0 0 x 0 x 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 x 0 0 0 1 x 0 x x x x x 0 x 0 x 0 x 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 x 0 0 x 0 0 0 1 x 0 0 0 1 0 0 0 0 0 0 1 x x x x x 0 x 0 x x 0 0 0 0 x 0 0 0 0 0 x 0 1 x 0 0 0 0 0 1 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 1 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 2 0 0 0 0 0 1 2 2 0 1 0 0 0 0 1 0 0 0 0 0 0 0 2 0 1 1 0 1 0 1 0 0 0 0 1 1 0 1 1 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 1 0 1 0 2 3 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 2 2 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 1 x 0 0 x x 0 0 x 0 x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x 0 x x x x x 0 x x x x x x x x x 0 x x x x x 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x 0 x 0 0 0 x x 0 x x x x x x x 0 0 x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 2 2 x x 2 2 x 0 2 2 0 0 x x 0 0 x 0 2 0 x 0 x x x 0 2 0 0 0 x x 0 x 0 0 x x x x x 0 0 0 0 0 0 x x x x 0 0 0 x 0 0 0 x 0 0 0 x 0 0 x x 0 x x 0 x x 0 0 x 0 x x x x 0 0 x x x x 0 0 0 x 0 0 0 x x 0 0 x 0 x 0 0 0 0 x 0 0 0 0 x 0 x 0 0 x 0 x 0 0 0 x x 0 0 x 0 x x 0 0 0 0 0 0 0 0 x 0 x x 0 x x x x x 0 x x x x x x x x 0 0 0 0 0 x x 0 0 x x x 0 0 x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 0 3 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AdjProg.A
  • Babar.AE
  • Bestafera.A
  • BitWall.A
  • DownloadGuide.A
Show More
  • InstallBrain.A
  • OpenInstall.A
  • Tenga.B
  • Zegost.AQ

Files Modified

File Attributes
c:\end Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\binsischeck654.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bitool.xxx Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ct1269415\ism.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg2036.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg209a.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg2897.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg3e9b.tmp Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\dlg40d6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg4293.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg42e1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg4581.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg4f64.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg5407.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg5afa.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg69c6.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg74d1.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg7586.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg8249.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg82da.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg84ab.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlg85f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlga0fb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgad43.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgbc43.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgbf8.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgc5ad.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgd555.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgd87f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgdb7f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgdf32.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgeb3c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgfa0d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dlgfa49.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\luoyllsqpf\tmppack.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc162f.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc162f.tmp\mism.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc162f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc5249.tmp\mism.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsc5249.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4908.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nse4908.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4908.tmp\inetc.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nse4908.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4908.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\mobilewitchacpro.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5dc3.tmp\temp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi4752.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj5575.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5575.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl31f5.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl31f5.tmp\pw001.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl31f5.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl31f5.tmp\temp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm161e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsm5238.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq9bb0.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5d83.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nss5950.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nstb8a7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxa729.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa729.tmp\cabsetup.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa729.tmp\cabsetup.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\conduitinstaller.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\dummy.htm Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\mism.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\p2p-toolbar-screenshot.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\savvysuggestorsetup-silent.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\setup.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsy4763.tmp\setup.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\temp.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4763.tmp\vcredist_x86.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\banner.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\math.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\md5dll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\searchprotect.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nszb8c8.tmp\valueapps.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ocs\gwslekozqrtiwmdz.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ocs\icsharpcode.sharpziplib.dll Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ocs\lqljasbbqaujlqgg.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ocs\ocs_v6y.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ocs\ocs_v7d.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\ocs\xvcqrmhwwlgqoqge.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\oic518c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\temhglkvarda\tmppack.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~df15ba234b5c7aaec6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df31fc5629b746612a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df8c33033fc92b4bb2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\ocs\ocs\1.0.0.0\ocs_v7d.log Generic Write,Read Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve.log1 Read Data,Write Data
c:\windows\appcompat\programs\amcache.hve.log2 Read Data,Write Data
c:\windows\temp\0f7d-b345-a8f4-d599.exe Generic Write,Read Attributes
c:\windows\temp\2af3-5df1-5f59-f1b5.exe Generic Write,Read Attributes
c:\windows\temp\540e-c57f-fccf-d061.exe Generic Write,Read Attributes
c:\windows\temp\5c35-e1b5-ab6b-a010.exe Generic Write,Read Attributes
c:\windows\temp\988b-26e4-2a74-278d.exe Generic Write,Read Attributes
c:\windows\temp\c20b-ed2a-f5b1-0425.exe Generic Write,Read Attributes
c:\windows\temp\d6f4-39dd-e177-684d.exe Generic Write,Read Attributes
c:\windows\temp\dd1f-ee08-d19e-d1f8.exe Generic Write,Read Attributes
c:\windows\temp\e794-a8cb-415e-24fd.exe Generic Write,Read Attributes
c:\windows\temp\edad-ad04-e710-6b2f.exe Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\jscript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\jscript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\livescript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\livescript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.1:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.1\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.2:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.2\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
Show More
HKLM\software\classes\javascript1.3:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.3\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\ecmascript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\ecmascript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\jscript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\jscript.compact author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\jscript.compact author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\livescript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\livescript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.1 author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript1.1 author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.2 authorjavascript1.3 author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript1.2 authorjavascript1.3 author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\ecmascript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\ecmascript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript Author RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript.encode:: JScript Language Encoding RegNtPreCreateKey
HKLM\software\classes\jscript.encode\clsid:: {f414c262-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language Encoding RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript.Encode RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript.compact:: JScript Compact Profile (ECMA 327) RegNtPreCreateKey
HKLM\software\classes\jscript.compact\clsid:: {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}:: JScript Compact Profile (ECMA 327) RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\progid:: JScript.Compact RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings::jitdebug RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\99c7c6692a7907b805718de1824c11d0b1c25e93_0000560608.exe::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\2bf9a07b3787954589461e6cda9d20f45786f9a1_0000560632.exe::jscriptsetscriptstatestarted 䋠 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\37aebae09991701165feeb5f540223ae0340bf9a_0000560584.exe::jscriptsetscriptstatestarted ࡎ RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\789c0ae8c527b60a68d97aa4f3d9c202df959370_0000560664.exe::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\3cc9a265aeaec23a64b42e85f2be1ff2f95413a9_0000560552.exe::jscriptsetscriptstatestarted 當 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\e5f1fa3cffe5d2639e93fc2edf2f5b6953aaf25c_0000560752.exe::jscriptsetscriptstatestarted ௷$ RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\8fc5528a9385156a72d17400d26b3471cfea76f1_0000553024::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\417f6ea5fbd9952ab3a9826b2de448ae1f1d14a3_0000560632::jscriptsetscriptstatestarted ‥ RegNtPreCreateKey
HKCU\software\ocs::cid 942a5258-edeb-43dc-aa63-67c08967902b RegNtPreCreateKey
HKCU\software\ocs::pid dcu RegNtPreCreateKey
HKCU\software\ocs::lastpid dcu RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 귌ꚵጐǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\0036274a03f473cee8cfa0d8d8467c3c779d047f_0000560648::jscriptsetscriptstatestarted 蒪 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\7822d750d2ba64fee8af89eb5c5a878ba214739f_0000560664::jscriptsetscriptstatestarted 필 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\c9561262a886a154959e319b0a37b41db54e8068_0000560560::jscriptsetscriptstatestarted 䕰 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\98cf0f8f0fac88eae3a7a29e3c36187558450bdd_0000563856::jscriptsetscriptstatestarted 䊂 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\bed1fc1e83c73432d2fd1e902c8f027a0abe1783_0000560536::jscriptsetscriptstatestarted 㺚 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\986a25c4774057eb32b76927fc8fbdbd702a8e1b_0000540072::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\ecbaa0791f7dd778f1972787fc8747661acfd9b4_0000559784::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\1b9dafd13691727ca70be6b865eaf7a3997597ef_0000560944::jscriptsetscriptstatestarted 䃕A RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\85a037e1c5db94f840b46775ec25c1d984b85a9a_0000558720::jscriptsetscriptstatestarted 苙? RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\147e6c15c8d9fbc345be9bd459bda99cf7b263ed_0000560616::jscriptsetscriptstatestarted . RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\f364e3ca13a4d611f55912445c4612b25246b451_0000560672::jscriptsetscriptstatestarted ₉ RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\057b8c8564a6a62d110b24dfb26f38c406e2a679_0000560688::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\be69935b2716bca92d45b43246239a7545d4099a_0000560640::jscriptsetscriptstatestarted 밲 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\48e2c4cf6b0c6182aa402f7b4a977d70b9b9ecb5_0000560520::jscriptsetscriptstatestarted 舸) RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\ca409f927df9cb4fa715e0e0387eeb4e891b0df3_0000560680::jscriptsetscriptstatestarted 兀 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\f872f2ab48a605db3e4322fbe57f886c589f6594_0000560752::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\393a2109dcdc3dde7675b69973443d3850861d7a_0000559848::jscriptsetscriptstatestarted 体 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\b716186c94dec570b51d560627cc23faeb8e4e5e_0000543400::jscriptsetscriptstatestarted 吆 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\33c3ebea9e1855a57657aaec0e04d5288ea5eceb_0000560680::jscriptsetscriptstatestarted ꃪ RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\caf63e79b567ff6e93383cff5e772b9b5ee62c3d_0000580656::jscriptsetscriptstatestarted 瓐 RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\a5ba1e4e0896859dcb3f9ffcdf4e2b593b9fd9df_0000560720::jscriptsetscriptstatestarted RegNtPreCreateKey
HKCU\software\microsoft\windows script\settings\telemetry\2fac2e009a1e051d7d09081f679eb53ef056dc1f_0000565344::jscriptsetscriptstatestarted 嫙ࢗ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Windows\SystemTemp\a9dd6c3f-d641-4292-855a-e9c09c1b694b.tmp\??\C:\Windows\SystemTemp\85968c61-a19d-4e7b-a80f-d2a1fc3c08 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKCU\software\ocs::cid 198a4902-081b-4d0f-a505-d9d28713c65f RegNtPreCreateKey
HKCU\software\ocs::pid chipdeextra RegNtPreCreateKey
HKCU\software\ocs::lastpid chipdeextra RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 䲅ქ锛ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetComputerName
  • GetUserObjectInformation
Other Suspicious
  • SetWindowsHookEx
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSetValueKey
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory

101 additional items are not displayed above.

Process Terminate
  • TerminateProcess
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Network Info Queried
  • GetAdaptersInfo
Network Winsock2
  • WSAStartup
Network Winsock
  • getaddrinfo
Network Urlomon
  • URLDownloadToFile

Shell Command Execution

C:\Users\Hpptyiaw\AppData\Local\Temp\OCS\ocs_v7d.exe -install -166019 -dcu -6cc996e1f86e4564bbe8b54d5bf29b5e - -pl -xvcqrmhwwlgqoqge -131276
open C:\Users\Uqrdowxw\AppData\Local\Temp\LUOYLLSQPF\tmppack.exe -y
C:\Users\Npmmlzhw\AppData\Local\Temp\OCS\ocs_v6y.exe -install -134112 -dcu -dd7a7f4040064340925195af6366bcc2 - -cs -lqljasbbqaujlqgg
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 768
C:\Users\Llezzqom\AppData\Local\Temp\nsc5249.tmp\mism.exe -ctid=CT1269415
Show More
C:\Users\Ptduquln\AppData\Local\Temp\nsy4763.tmp\mism.exe -ctid=CT1269415
C:\Users\Gpyylajp\AppData\Local\Temp\OCS\ocs_v7d.exe -install -54419682 -chipdeextra -90948783a46c43ad9c5cc99486e5c2b8 - - -gwslekozqrtiwmdz -721474
open C:\Users\Zwszvwsd\AppData\Local\Temp\TEMHGLKVARDA\tmppack.exe -y

Trending

Most Viewed

Loading...