Adware Helpers

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank:	2
Threat Level:	20 % (Normal)
Infected Computers:	13,868,824

First Seen:	January 4, 2013
Last Seen:	November 14, 2025
OS(es) Affected:	Windows

Adware Helpers is an adware infection that affects computers running the Windows OS and is poorly protected from Potentially Unwanted Programs. There are several ways in which Adware Helpers may enter a computer automatically. Once installed, Adware Helpers may make various potentially unsafe changes to the affected computer, changing its settings and attempting to expose the computer user to low quality marketing or advertising material. Once Adware Helpers is installed, Adware Helpers may make the affected computer nearly impossible to use due to the many intrusive symptoms and myriad of problems that may be associated with Adware Helpers and similar adware threats. Because of this, computer users should get the partnership of a meritorious anti-malware tool to remove Adware Helpers immediately from the affected computer.

Adware Helpers May Make Unwanted Changes to Your PC Settings

There are several problems associated with Adware Helpers. Adware Helpers is considered much more harmful than other adware infections due to the level of the symptoms associated with this adware infection. Adware Helpers uses an inordinately high number of files to install itself on the affected computer and, at the moment of this writing, is distributed globally, affecting computers in countries all around the world. Malware experts found several symptoms that may be caused by an Adware Helpers infection:

Adware Helpers may cause unwanted changes to a computer's settings.
Adware Helpers may cause severe performance problems on the affected computer. Computers affected by Adware Helpers can get stuck frequently or freeze. In some cases, Adware Helpers may damage to the affected computer's boot sector which may be linked to Adware Helpers or to other threat that is also associated with this adware infection.
Adware Helpers may change your Web browser settings, decreasing your security and making it more vulnerable to other forms of threats.
Adware Helpers may change your Web browser's homepage and default search engine, exposing computer users to unwanted websites and advertising material as soon as they launch their Web browser.
Adware Helpers may redirect search results and other browser activity, forcing computer users to visit websites associated with Adware Helpers repeatedly.
Adware Helpers may cause your Web browser to display pop-up advertisements, suspicious error messages, fake system alerts and pop-up windows containing potentially unsafe websites or online content that may expose your computer to other types of threats.

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Fortinet	VBS/Agent.NSW!tr.dldr
AVG	Pakes2_c.BIVB
Fortinet	Adware/Linkury
Ikarus	PUA.MSIL.Toolbar
Sophos	Generic PUA AO (PUA)
F-Secure	Gen:Variant.Adware.Linkury
McAfee	RDN/Generic.dx
Fortinet	Riskware/GameBox
Ikarus	PUA.GameBox
Antiy-AVL	GrayWare[AdWare]/Win32.BrowseFox.bz
McAfee	Artemis!1E27FB144AEC
AVG	Generic_r.TZ
GData	Win32.Adware.Graftor.B
Kaspersky	not-a-virus:RiskTool.Win32.GlobalUpdate.dd
AVG	Generic6.ADBF

SpyHunter Detects & Remove Adware Helpers

File System Details

Adware Helpers may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	apnmcp.exe	7a7397d866f7b3654dc279f612f7915b	15,115
Name: apnmcp.exe MD5: 7a7397d866f7b3654dc279f612f7915b Size: 194.63 KB (194632 bytes) Detections: 15,115 Type: Executable File Path: %PROGRAMFILES%\askpartnernetwork\toolbar\apnmcp.exe Group: Malware file Last Updated: November 12, 2025
2.	smappscontroller.exe	0737725ccaf3e39321a07f699b092c16	10,743
Name: smappscontroller.exe MD5: 0737725ccaf3e39321a07f699b092c16 Size: 9.68 MB (9682688 bytes) Detections: 10,743 Type: Executable File Path: %PROGRAMFILES(x86)%\Smart Application Controller\smappscontroller.exe Group: Malware file Last Updated: October 24, 2025
3.	he92324.exe	43154f0af9b3d690e6562c16141944e5	7,436
Name: he92324.exe MD5: 43154f0af9b3d690e6562c16141944e5 Size: 636.92 KB (636921 bytes) Detections: 7,436 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\prunld5404\he92324.exe Group: Malware file Last Updated: October 15, 2023
4.	rgAm6.exe	39b3f88b49546d163a04900f625138b9	7,222
Name: rgAm6.exe MD5: 39b3f88b49546d163a04900f625138b9 Size: 6.61 MB (6610989 bytes) Detections: 7,222 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\Temp\tsNcuJulM\rgAm6.exe Group: Malware file Last Updated: December 16, 2023
5.	passport.dll	668702acdfab101d36c168d817720b20	4,242
Name: passport.dll MD5: 668702acdfab101d36c168d817720b20 Size: 10.82 KB (10824 bytes) Detections: 4,242 Type: Dynamic link library Path: %PROGRAMFILES%\askpartnernetwork\toolbar\ars2-tmg\passport.dll Group: Malware file Last Updated: August 6, 2025
6.	vlc-updater.exe	6312dbb5b688c3a9e6ffa2f8b76c0de5	2,550
Name: vlc-updater.exe MD5: 6312dbb5b688c3a9e6ffa2f8b76c0de5 Size: 360.78 KB (360784 bytes) Detections: 2,550 Type: Executable File Path: %PROGRAMFILES(x86)%\vlc updater\vlc-updater.exe Group: Malware file Last Updated: May 11, 2025
7.	check-update.exe	95cdac39d14fb5a33dae199cc414c36c	2,176
Name: check-update.exe MD5: 95cdac39d14fb5a33dae199cc414c36c Size: 635.56 KB (635568 bytes) Detections: 2,176 Type: Executable File Path: %ALLUSERSPROFILE%\updater\check-update.exe Group: Malware file Last Updated: September 7, 2024
8.	woehptunafhkdu.boehp	7121d807de3d9bd0ab0b11f07cb88b6c	1,104
Name: woehptunafhkdu.boehp MD5: 7121d807de3d9bd0ab0b11f07cb88b6c Size: 736.76 KB (736768 bytes) Detections: 1,104 Path: %WINDIR%\woehptunafhkdu.boehp Group: Malware file Last Updated: July 18, 2023
9.	alphapassive.msi	ddf9bf09f6aa5a7726863448c53d5c14	564
Name: alphapassive.msi MD5: ddf9bf09f6aa5a7726863448c53d5c14 Size: 249.85 KB (249856 bytes) Detections: 564 Type: Windows Installer Package Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\microsoft\windows\office\documents\365\alphapassive.msi Group: Malware file Last Updated: May 19, 2024
10.	tpyx55wl4yl.exe	cf50771b0c37efb1b18b932c5e6de455	418
Name: tpyx55wl4yl.exe MD5: cf50771b0c37efb1b18b932c5e6de455 Size: 504.94 KB (504943 bytes) Detections: 418 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\e0vjqp0vu4q\tpyx55wl4yl.exe Group: Malware file Last Updated: May 30, 2024
11.	cugigwbq3n3.exe	1f6a196c13f56a297645eec5b68e8e90	415
Name: cugigwbq3n3.exe MD5: 1f6a196c13f56a297645eec5b68e8e90 Size: 575.99 KB (575998 bytes) Detections: 415 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\f2wsdxcva3b\cugigwbq3n3.exe Group: Malware file Last Updated: February 18, 2024
12.	crmsvc.exe	1b738db8087a83d31afce54d3ddfa746	325
Name: crmsvc.exe MD5: 1b738db8087a83d31afce54d3ddfa746 Size: 1.41 MB (1411584 bytes) Detections: 325 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\appdata\roaming\crmsvc\crmsvc.exe Group: Malware file Last Updated: June 26, 2020
13.	9180135.exe	51181fc0f1d99d95c5bffc0f0aa22378	298
Name: 9180135.exe MD5: 51181fc0f1d99d95c5bffc0f0aa22378 Size: 1.02 MB (1024000 bytes) Detections: 298 Type: Executable File Path: %PROGRAMFILES(x86)%\name\9180135.exe Group: Malware file Last Updated: April 8, 2024
14.	em43zsg40.exe	4fb6e7664f0495d7abf9dc2bfc4b6ce2	227
Name: em43zsg40.exe MD5: 4fb6e7664f0495d7abf9dc2bfc4b6ce2 Size: 856.57 KB (856576 bytes) Detections: 227 Type: Executable File Path: %PROGRAMFILES%\em43zsg403\em43zsg40.exe Group: Malware file Last Updated: October 8, 2020
15.	LWR.exe	864f9b8a42f237540d2a7212db86e66f	225
Name: LWR.exe MD5: 864f9b8a42f237540d2a7212db86e66f Size: 502.71 KB (502715 bytes) Detections: 225 Type: Executable File Path: C:\Program Files (x86)\xka0i1tlxty\LWR.exe Group: Malware file Last Updated: October 24, 2025
16.	CCleaner.v6.00.9727.exe_Olv7N.exe	51528a04f8f0d12ddb74aa2bd62889fb	194
Name: CCleaner.v6.00.9727.exe_Olv7N.exe MD5: 51528a04f8f0d12ddb74aa2bd62889fb Size: 31.82 MB (31820450 bytes) Detections: 194 Type: Executable File Path: C:\ProgramData Group: Malware file Last Updated: January 3, 2025
17.	file.exe	de664e163fea047ca91ded1b31f7568e	90
Name: file.exe MD5: de664e163fea047ca91ded1b31f7568e Size: 155.13 KB (155136 bytes) Detections: 90 Type: Executable File Group: Malware file Last Updated: January 14, 2021
18.	243124d579b30a70cae52a7ca1d43b0d.dll	697b339a848572dd37ad98c9e01d5f5a	58
Name: 243124d579b30a70cae52a7ca1d43b0d.dll MD5: 697b339a848572dd37ad98c9e01d5f5a Size: 1.15 MB (1150464 bytes) Detections: 58 Type: Dynamic link library Path: %WINDIR%\243124d579b30a70cae52a7ca1d43b0d.dll Group: Malware file Last Updated: June 26, 2020
19.	update.exe	b2855436b37111d6b0e64d4221e7b48a	45
Name: update.exe MD5: b2855436b37111d6b0e64d4221e7b48a Size: 8.31 MB (8314791 bytes) Detections: 45 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\wjm2C1E.tmp Group: Malware file Last Updated: November 10, 2021
20.	DhYimEoQU.exe	1492f048f848431fd781fbd14a452916	42
Name: DhYimEoQU.exe MD5: 1492f048f848431fd781fbd14a452916 Size: 959.47 KB (959472 bytes) Detections: 42 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\DhYimEoQU Group: Malware file Last Updated: June 3, 2020
21.	YzA4ZDlhNTBjOTRkN.exe	3ee6b3c07c13d026288a2774770b658a	39
Name: YzA4ZDlhNTBjOTRkN.exe MD5: 3ee6b3c07c13d026288a2774770b658a Size: 1.95 MB (1952768 bytes) Detections: 39 Type: Executable File Path: C:\Windows\YzA4ZDlhNTBjOTRkN.exe Group: Malware file Last Updated: June 2, 2022
22.	wxkYiwjjA.exe	2bf25ffa3ca8fad7cb506b274db42b59	38
Name: wxkYiwjjA.exe MD5: 2bf25ffa3ca8fad7cb506b274db42b59 Size: 633.64 KB (633642 bytes) Detections: 38 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\wxkYiwjjA Group: Malware file Last Updated: October 16, 2018
23.	Y2E0NWI1ZGVlMTE1Z.exe	8a19ba332898c8eea92763628d7f1210	22
Name: Y2E0NWI1ZGVlMTE1Z.exe MD5: 8a19ba332898c8eea92763628d7f1210 Size: 1.16 MB (1163776 bytes) Detections: 22 Type: Executable File Path: C:\Program Files\YTgxM2Y5MTQ1ZDV\Y2E0NWI1ZGVlMTE1Z.exe Group: Malware file Last Updated: June 2, 2022
24.	257596.exe	9a82e5d731f3a07c1493d806b5ed74ae	21
Name: 257596.exe MD5: 9a82e5d731f3a07c1493d806b5ed74ae Size: 671.23 KB (671232 bytes) Detections: 21 Type: Executable File Path: C:\Program Files (x86)\C++\257596.exe Group: Malware file Last Updated: January 14, 2023
25.	k7s7v5bgfdhnycw.exe	6b7748e77ad639f16b9dfb7e74553d4a	19
Name: k7s7v5bgfdhnycw.exe MD5: 6b7748e77ad639f16b9dfb7e74553d4a Size: 253.95 KB (253952 bytes) Detections: 19 Type: Executable File Path: %PROGRAMFILES(x86)%\c4d2xusnkts\k7s7v5bgfdhnycw.exe Group: Malware file Last Updated: June 26, 2020
26.	CpuHeatMapping.exe	e87815880b57f0c24aae7618d126b9fa	13
Name: CpuHeatMapping.exe MD5: e87815880b57f0c24aae7618d126b9fa Size: 14.84 KB (14848 bytes) Detections: 13 Type: Executable File Path: C:\WINDOWS\SysWOW64\CpuHeatMapping\161011\CpuHeatMapping.exe Group: Malware file Last Updated: February 6, 2022
27.	instloffer.exe	619efdbf4c7ef6147551a50d1bd40e69	1
Name: instloffer.exe MD5: 619efdbf4c7ef6147551a50d1bd40e69 Size: 781.96 KB (781963 bytes) Detections: 1 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp Group: Malware file Last Updated: October 24, 2018

More files

Registry Details

Adware Helpers may create the following registry entry or registry entries:

CLSID

{01F45309-5DDE-36CD-B0E6-C9B4BED4752B}

{4DA424B1-5AD8-3EA8-B023-96DAB08B716B}

{4E22700E-7CA9-30A1-9687-4CC130BB6388}

{87E1A3FC-FED3-3FF7-A11C-8443C6251976}

File name without path

wnzipservice.exe

Regexp file mask

%ALLUSERSPROFILE%\Application Data\beleza.exe

%ALLUSERSPROFILE%\beleza.exe

%ALLUSERSPROFILE%\updater\check-update.exe

%APPDATA%\ServiceControl\svcctl.exe

%LOCALAPPDATA%\dsisetup[NUMBERS].exe

%LOCALAPPDATA%\updt.js

%TEMP%\AmazonShoppingAssistant.exe

%TEMP%\UuU.uUu

%TEMP%\XxX.xXx

%USERPROFILE%\Downloads\This computer is BLOCKED[RANDOM CHARACTERS]

%USERPROFILE%\Local Settings\Application Data\dsisetup[NUMBERS].exe

%WINDIR%\System32\Tasks\ShopMore[NUMBERS]

HKEY..\..\..\..{RegistryKeys}

Software\GamesLOL AiTemp

Software\MagicSearch

SOFTWARE\REALISTIC MEDIA INC.

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Amazon assistant 1.0

Ebayssistant 1.0

Look Picture Tool

MagicSearch

telezilla

Yahooassistant 1.0

{27097E83-0712-446C-821A-C2DBB0C1CDE1}

{2C1A121C-292F-460D-BA62-3B9886D0DE46}_is1

{6C044E1B-C2BD-4B47-9913-40407FA5854E}

{DFAA6F11-C27B-4EC0-83AE-3AC5B124A899}

Directories

Adware Helpers may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\QuestBrwSearch

%ALLUSERSPROFILE%\Application Data\bzughXCIBIxiSQVB

%ALLUSERSPROFILE%\Application Data\xpekMjRorgkcLnVB

%ALLUSERSPROFILE%\Pader

%ALLUSERSPROFILE%\QuestBrwSearch

%ALLUSERSPROFILE%\bzughXCIBIxiSQVB

%ALLUSERSPROFILE%\devnull

%ALLUSERSPROFILE%\sigmatechrvp

%ALLUSERSPROFILE%\xpekMjRorgkcLnVB

%APPDATA%\Fusion_ld

%APPDATA%\Fusion_ld2

%APPDATA%\PotPlayerFus

%APPDATA%\SchedTaskSetup

%APPDATA%\spi

%COMMONPROGRAMFILES(x86)%\alphalabtle

%COMMONPROGRAMFILES(x86)%\womanhydafo

%LOCALAPPDATA%\whiteclick llc

%PROGRAMFILES%\EatPizza

%PROGRAMFILES%\NbbDohHftPUn

%PROGRAMFILES%\QuestBrwSearch

%PROGRAMFILES%\ZDE5YjFmMGQxMDdkNz

%PROGRAMFILES%\awda

%PROGRAMFILES%\clipandbuy

%PROGRAMFILES%\fileassociationmanager

%PROGRAMFILES%\name

%PROGRAMFILES%\rZdaClXBU

%PROGRAMFILES%\wannenginput

%PROGRAMFILES%\wannengzip

%PROGRAMFILES%\zaabzoubi

%PROGRAMFILES(x86)%\EatPizza

%PROGRAMFILES(x86)%\NbbDohHftPUn

%PROGRAMFILES(x86)%\QuestBrwSearch

%PROGRAMFILES(x86)%\awda

%PROGRAMFILES(x86)%\clipandbuy

%PROGRAMFILES(x86)%\fileassociationmanager

%PROGRAMFILES(x86)%\name

%PROGRAMFILES(x86)%\oPKmscYuxO

%PROGRAMFILES(x86)%\rZdaClXBU

%PROGRAMFILES(x86)%\smartinline

%PROGRAMFILES(x86)%\wannenginput

%PROGRAMFILES(x86)%\wannengzip

%PROGRAMFILES(x86)%\zaabzoubi

%TEMP%\Fusion_ld

%TEMP%\Fusion_ld2

%TEMP%\PotPlayerFus

%USERPROFILE%\Configuración local\Datos de programa\OneClick

%USERPROFILE%\Configurações Locais\Dados de aplicativos\OneClick

%WINDIR%\system32\config\systemprofile\appdata\local\WhiteClick

%WINDIR%\syswow64\config\systemprofile\appdata\local\WhiteClick

%appdata%\MagicSearch

%appdata%\browser assistant

%appdata%\direct game uni installer

%appdata%\valerie

%appdata%\wssvchost

%programfiles%\PriceKiteke

%programfiles%\dataflow

%programfiles(x86)%\dataflow

Cookies

The following cookies may be associated with Adware Helpers:

.adfox.ruluid1

.docplayer.ru

Fexchange.bitcoin.com

get-express-vpn.com

upaidonlinesites.comfonline

ww7.greefl.com

URLs

Adware Helpers may call the following URLs:

"author": "Krasnaya Ploshchad"

-emoney.com

-incoming.email

-top.com

.ahdrold.com

.airtraya.com

.bar:443

.best:443

.biz:443

.cam:443

.cidedwithin.info

.click:443

.club:443

.cybermylife.info

.dadmariseds.info

.fun:443

.gofesm.com

.live:443

.lplesindiv.info

.maroceffects.com

.mp3bars.com

.news-back.com

.newsfacce.com

.online:443

.premiumpushnotification.com

.pushworldtool.com

.putlockerfree.sc

.today:443

.top:443

.tw:443

.usinesmycete.info

.work:443

.xxx:443

//settting.com

/int.special-offers.online/

/speed-open2-com.replyalert.net

/websnewsdate.com

50style.lt

actshydid.site

admntrk.com

adsnapy.com

adteacbarbe.info

ailkeyair.com

alballaim.com

allhugenews.com

allowandgo.com

allowedgutleton.info

app.news

arbrotherujik.info

arisedsore.info

artnewsupdate.info

arwartortleer.com

asinartisationy.info

atchmygf.to

balanceformoon.com

banianspaddi.info

becausaldevel.info/

beeaimaid.com

beretrabinci.info

beriacroft.com

bestdealfor10.life

bestflowingstuff.co

boyughaye.com

budnetoil.com

califiesrease.info

caningsingothen.pro

cc:443

cityskyscraper.com

click.dialog.support

click.unfurlable.com

cloudinguru.com

cnewvi.com

coolestmedia.net

creasonsau.info

cudalbapt.com

cultassoc.info

dailynotifications.com

ddyuei.com

defpush.com

delivesinve.info

dengelmeg.com

dimlitroom.com

directorio-w.com

drecentreshu.info

ecleneue.com

eddorsedepa.info

elfpetsic.com

enninghahanspa.info

ersoncur.info

ertyunbelie.info

ettotropsinhi.info

exclusivenotifications.com

favor1t.com

fiaharam.net

findprivate.online/results.php

findyourpleasure3.life

fitedlamaso.info

funnwebs.com

gamenaps.com

gamesearcher.pro

gelacrabuld.info

gerspriorate.info

gichelfactice.info

girls-datings.com

gleemsomto.com

gleguidat.info

got-a-message.com

gpretarydimin.info

hamtitwet.com

healthinfo7.com

hedincipat.info

hellopushworld.com

heroesofrpg.com

hersinhishowlet.info

horizonprize.com

hourseryangove.info

http://14nuzznszbdp.com/

http://lktoday.ru/

http://seargoo.com

http://wwnc.xyz/

http://www.getmedia.online/

https://alcreasalcon.info

https://api.myhappyads.com

https://banalbjar.com

https://belighterservice.com

https://bikereddint.info

https://blickmelbourne.com

https://blooks.info

https://bodicidealin.info

https://bosspush.com

https://calelderlyi.info

https://check-you-robot.site

https://checksuefriends.info

https://checkvd.com

https://chepotabakam.com

https://cocketexercine.info

https://confirmeo.com

https://crossiblesp.info

https://deal4yousite.com

https://downhindingref.info

https://dragonforwardknife.com

https://easecalcula.info

https://edhappearer.info

https://ertdistakereces.info

https://etablerun.info

https://evengsitolightont.info

https://extremecartoongames.com

https://ficepationals.info

https://findyourpleasure7.life

https://fuckswpe.securelandinglink.com

https://fukizi.com

https://furthelessp.info

https://get.classicgift.download

https://getcontent24.com

https://googleextension.com

https://gottedrableftevent.info

https://guesstimateds.com

https://hdesignegroupco.info

https://herdailylife.com

https://hichesassa.info

https://hiroje.com

https://histleolderlandch.info

https://housinesfoughamne.info

https://investing-reviews.com

https://jugjetwok.com

https://junioneruytew.info

https://lbenjamiemai.info

https://liansatrickth.info

https://liveads.net

https://lyflexicalcl.info

https://mattempts.info

https://metanewssubspush.info

https://metaphyc.info

https://minently.com

https://my.mobitraff.com

https://myceterparagr.info

https://mystemsrespo.info

https://narutogaming.com

https://ncourseac.info

https://neutharefleha.info

https://newlifestylejournal.com

https://notifygear.com

https://offers.weads32.com

https://oidyourseschoose.info

https://ondeletrofi.info

https://opensivepartme.info

https://ousseventi.info

https://outtemportm.info

https://oxinteriorit.info

https://ozsummarun.info

https://phereacades.info

https://play.go2game.co

https://poxaharap.com

https://prostometod.com

https://qubscribe.com

https://rightmovies.icu

https://rseschoosema.info

https://rtionwritty.info

https://rz.push-free.com

https://salregation.info

https://sinwasrechenhes.info

https://sionsrathet.info

https://sisewepod.com

https://skidrowcpy.os.tc

https://skidrowreloade.os.tc

https://sonumal.com/

https://spartertrenhersen.info

https://squasainte.info

https://startrafficc.com

https://stewaysef.info

https://stories-gate.ru

https://streamteam.monster

https://superinterestinginfo.info

https://tedsaliesdirekt.info

https://thathatsparroptont.info

https://thatrussiangirl.com

https://thegoodcaster.com/redirect/

https://thiocarbamylife.info

https://ticcopioidyou.info

https://tiktok-labs.com

https://tranzistor-harakteristiki.ru

https://trendopportunityfollow.ga

https://ularlywednese.info

https://ularunicalr.info

https://uluswozzel.info

https://univerexplo.info

https://up-date.to

https://urancspitte.info

https://urchrevening.info

https://ustinctsretio.info

https://welsworn.info

https://westnews24.com

https://wiohj.com

https://www.fulltv.nl

https://www.krepsinis.net

https://www.viralupdatestoday.com

https://www1.be-notified.com

https://xilbalar.com/imp/

https://yeskapchabest.info

https://younwild.com

https://zpredir1.com

icyyapemu.com

ind1cate.com

initiatefresh.com

insertcoinage.com

instantfwding.com

investment-guides.com

investment-rules.com

irkerecue.com

jooikestreet.com

keterrehepren.info

leefmylife.info

lesindingretne.info

leveryone.info

loading-wsite.com

ltenhalefre.info

markably.info

mediavideo.website

message-alert.center

metedbuenge.info

metouchpush.info

modamania.es

moneymorning.com

moocauby.com

moreinfo.support

motheremutand.info

mychromesearch.com

myhealthyvibe.com

mynewswire.co

n1cely.com

ndextraincomi.info

netedaninghiga.info

news-back.com

news-fbe.com

news-gg.com

news-good.net

news-top1.com

newsfacce.com

newsmagic.net

newsredir.com

newsupdatesky.info

newswe.org

noredwilliont.com

notify-monad.com

nsbacking.com

ntioninstand.info

nythatspartaund.info

oakpyxyea.com

oawhaursaith.com

offersnewurl.com

oksmi.site

onehergotwitran.info

onlinepromotionsusa.com

onlybestpushnews.com

onrussia.info

oraronerethet.info

ouo.io

ouo.press

overiesarticu.info

paymentnotifyfriends.info

pc-torrent.ru

place-web.com

plsppushme.com

pog0da.com

pornohirsch.com

postyourlife.com

predicalflo.info

premiumstory.net

princessmovies.org

prioritynotifications.com

pro-news.net

product.directpower.download

promodayz.com

propu.sh

ptinouth.com

pushark.info

pushisback.com

pushishere.com

pushnotificationtest.com

pushtoday.icu

pushtouchme.info

quallyfounda.info

rameattot.com

randysnaps.com

redfunchicken.com

rednews7.com

renropsitto.info

rephartertonelin.info

revercecaptcha.com

ribngh.com

ricultwitho.info

rinexpende.info

rivilistsp.info

rnewsr.com

robotcaptcha6.info

roboticeretaser.info

routgveriprt.com

rpgbunker.com

rpgmasteronline.com

rsecompa.info

rutadzbeg.site

ryoneropling.info

ryseconomi.info

saturalcorre.info

sbroughhig.info

scansear.com

scientificnewsforyou.com

searchnotifyfriends.info

send-news.net

services.fast-push.com

shebaasot.com

shijacketsqua.info

shlega.com

simparentlydisco.com

solicencers.info

stixeepou.com

strialdeather.info

substand.info

sunlitez.ru

supernewsplus.com

systemalerts.xyz

systemsoft.com

tadchenmujahe.info

talbeinhecrof.info

tantiterhalac.info

technologieairflow.com/extensionInstaller

technotology.com

tert1ary.com

theactualnewz.com

thefaceduck.com

thehypenewz.com

thewowfeed.com

thofandew.com

ticeroftertal.info

tii.ai

tiktok-max.com

time-for-investment.com

tinuntoldrelac.info

tionsnewsupdate.info/

toberlegisti.info

tofideventresfa.info

top10news.review

topviralnewz.com

touchmethen.info

tparticultwestme.info

tyfabricalislat.info

uctbettesvaricaof.info

udderfitteesp.info

uitabletublis.info

unclaimed-moneysearch.com

undoclosetab.info

vakogid.com

vitalfinancemedia.com

vlwcmgb48.ecfwg.xyz

w.ninja

wascorithedin.info

wasterestinfor.info

wea4her.com

wheedran.com

whobabsaim.com

winyourprize36.com

wonfigfig.com

worldtriviacenter.com

www.4club.com

www.redneckrepairs.com

xplaintsatiyab.info

xyz:443

youjamnag.site

Analysis Report

General information

Family Name:	Adware Helpers
Signature status:	Self Signed

Known Samples

MD5: 3f8004916accf8f6e70ca470d9b9acdb

SHA1: 514f7470fa7c0ee9b5bcf0afd98e093086d42a7b

File Size: 1.83 MB, 1831584 bytes

MD5: ec480f79469aaf5dc264dd6ccc98e737

SHA1: eeed5ec6430b2a9eebdecd40c51002af32297de0

File Size: 2.51 MB, 2513624 bytes

MD5: 23100f8e2da471726e302cd086d15205

SHA1: d3343bb5b57b4779c31e483564a11ea6ce268998

File Size: 2.20 MB, 2195288 bytes

MD5: c92165d6f72e4905caf06e38903697d2

SHA1: 20813fef9510f0b97dc8352c561ae6121ac3d597

File Size: 2.44 MB, 2438776 bytes

MD5: eff8009c08b897a0493c669e099dcb96

SHA1: 30af930a35c193dc09c60da30202d2d7bafa4774

File Size: 2.20 MB, 2195288 bytes

MD5: 24b053334f5027ec42b857ba55aef126

SHA1: ee7f1074f1345b2543a91192214f99d7d9ad7e69

File Size: 2.18 MB, 2175328 bytes

MD5: 7124133793e3cf993a413389dafc150e

SHA1: 81ec7833706cdf9797dc03730a6a0b2c6cc5daab

File Size: 2.52 MB, 2517411 bytes

MD5: c7f1d9f9abfae6dece6d82d7a12ae75f

SHA1: 00599deb40a2577a229534434ec190ff5212639d

File Size: 149.66 KB, 149664 bytes

MD5: 66b79a9bb1ea880e1975102adcd8528d

SHA1: 7575cd484fa1ff7986c066c53e052490786dea53

File Size: 2.07 MB, 2065648 bytes

MD5: 09ce7726a4503f495d95b51651b0c642

SHA1: fb70031728ea57de374d46be5965d8587e7f398e

File Size: 416.78 KB, 416784 bytes

MD5: e0d2517cbfd73c8e1963913431c12d47

SHA1: 855ce2ad2eab248109036e1a0e6ec74a1069a96b

File Size: 2.20 MB, 2202312 bytes

MD5: 575e86d091702ef69dd7893b7a5cbf66

SHA1: aaa36f92e21fb0648b4977d308423f6f1a6c1159

SHA256: D0475FBD0571E3A8FA5F89E0A1E67920A86BCE17A5FF7DF00C0DA223674F8BB3

File Size: 2.20 MB, 2195288 bytes

MD5: 35a32a1262271559c57a1bb8b30f8569

SHA1: 36268f3b16f08e417110a7eed632fdc11a515f04

SHA256: 60133B03BF1E932ACA46B233416BF32BE83BC2B79F7E4567BF702A645B7524A7

File Size: 3.40 MB, 3401360 bytes

MD5: 9966eb0fd51bd4527657b46cbacf8bf9

SHA1: a1e2068b6b71c682f5ea8d3b3e7d1152a1288326

SHA256: F3A504EDC77110018C428EDB535BBE1F75032401B8AD4AF89430984E9551EFB4

File Size: 16.53 KB, 16528 bytes

MD5: ee7f012b284648faf1d290f271fdb396

SHA1: 6daaaaecd3a35c0ac149faf7069f9e10301b4a8e

SHA256: 962A32E9852D5F39E465CB07D50C6E0F8859BF9629FD48715A90BB4843648FDF

File Size: 426.59 KB, 426592 bytes

MD5: ebc898228dcfa1dd5596937d9e98bf6e

SHA1: 50bc573af1a5d4d4e48590b84f3c4d16dc4667a6

SHA256: 76BCF5D514DB8A5A7F3ADD2CC7B0D73A04D97425F601865D169762952F729AE6

File Size: 1.32 MB, 1321408 bytes

MD5: abd3d9dad48e0649d765c80faa6aedfc

SHA1: 3bced3664dd2a4f185efd6e99de2d23af7240564

SHA256: 235395CCCD722D77F21E41AFA4A6B23CA717CF3B9EC2B8A75AF4351E9C326C55

File Size: 9.75 MB, 9746752 bytes

MD5: 5078c283981114b64abcfd6269ac9295

SHA1: 1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3

SHA256: D7AE866C0959D92F5AEF9D720A28E0FC9C8FC563C6836AC3BE1237B39FE2E058

File Size: 2.20 MB, 2202312 bytes

MD5: 6525f6e5c9acb28190733bf3c49f05bf

SHA1: 0b95d606ab9ed28f6b8a6edea69db2b8412b4202

SHA256: 54902F145E35C5CA8C074A5CDD6D4720D96AC140516701ED7BA2717BB26966B7

File Size: 3.06 MB, 3063272 bytes

MD5: 48d718a9a197b9278040554e5b59043a

SHA1: b627cc3f488d157041872c0950b92241bb12c8b5

SHA256: 130E9FF5BDE39567BBFD03A0798303118B288F5D322D1C3F46CA4FBBD872DD39

File Size: 5.11 MB, 5113488 bytes

MD5: 8cddb3fd8fb63986b3b476bfdc353432

SHA1: afaa259fefc60ef288cf56240f30713567ad15d3

SHA256: 5EDCCD3683560ED52B3E9953D5E149B6B6B866103F4AFF823F6473CED9F6CD06

File Size: 2.20 MB, 2195288 bytes

MD5: 10b4321a75082846d59808c5edf1f703

SHA1: 8cd3008c75c34383a48e184846bad9ae1447b018

SHA256: 164E8C203642A4193C1BAABD6DFF555A625B6D768EC6695C12730EFE5F418262

File Size: 255.46 KB, 255464 bytes

MD5: 6d25f89424f6b5edb2d6d44a80e2513b

SHA1: 805d9e6ca223257028a5f761a7932e7ffa909bc3

SHA256: 5AC75525242C4154B486BEB4537349CC7780787F554A7788BF57E74D4A7EE4F1

File Size: 16.53 KB, 16528 bytes

MD5: af0100bc84269bd1cecd0b34297817a7

SHA1: b61876b64edc6dc30ef79e300b47310574cbce3a

SHA256: 9416F55CFBCD20A05FCE8996D1D54821CEA0FCF457D668F32BC6A4CC0B88DBD9

File Size: 16.94 KB, 16944 bytes

MD5: 07ae039b4acc26f086c94a83f93cb5b5

SHA1: 5aae1ed5cfc20d9e121c4e9b8ba6794789a8f12f

SHA256: E5A057FECA8D7D01C8A8995196FF76911208F017921CA868BDC7F110C8AB33AF

File Size: 272.36 KB, 272360 bytes

MD5: 3a0e3909b1d74b9adb8ce1cea9b7952d

SHA1: 0da3c8e358a525a25653af00e0704d517f9b71a6

SHA256: FA33F0E29D79ADEE55AC5F6922A7B987C9196DF78A6518E0BE93D40A2A28B95C

File Size: 766.04 KB, 766040 bytes

MD5: 3ddf6d4d0c88d100eeb1826bfb5974f8

SHA1: af13de9e02b4581ba5dda5500fa45d5047707ccd

SHA256: 0CB4047FA087DAADD6DB6280D45772189873353D0AF2B2BDEA41963D17E9824A

File Size: 3.03 MB, 3025312 bytes

MD5: a3c476024392fd17b4fbd428eb19036d

SHA1: 0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931

SHA256: 48AB3BE733D9465BDF6C979560064DF18A2A37255E1BF1731329293DDE519A52

File Size: 2.52 MB, 2522252 bytes

MD5: 0c6a48faa6b1bc49f18448beedf90040

SHA1: c40b54954ad66b14682bc481e3e860f4c7ca3664

SHA256: AF54112C7C4EECBDF2F857354CDD6AF03A20FD1C77AE59B71081F0EC2EF32B93

File Size: 2.20 MB, 2195288 bytes

MD5: 7e4e6da62a463eca52f74bc5e146946c

SHA1: 171da62ecdb8bca3651b16b896a7bb77f87940c1

SHA256: 49FB2E886BF64BD9338216188B1708F48EB96C76B3F291E6C610074B65C024BD

File Size: 5.00 MB, 4996240 bytes

MD5: 727281e834d0252ec2b1d44454528863

SHA1: 99e5623744350d78c4f3e090589ae151018323c8

SHA256: CB1A73230353F03081703E2B511BF85A852F97D5E8891F3B7A3472E9201381D4

File Size: 2.50 MB, 2503712 bytes

MD5: a0df7a3661f41c306689447a9907ec3b

SHA1: 4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2

SHA256: F8CF6E1342E6875B6C5E493236588E9106BDCF114EB2A2EF0FA5603E0D897871

File Size: 2.20 MB, 2195288 bytes

MD5: 8dca10dfdb87821121a54d8890c82494

SHA1: a7a4042a7eb203b663a5b7cf8b72a71f17443610

SHA256: 65FF6D75403B034CCF54BC0B990FC3987F2C1963AC4252FB0C9944AD0AE6790A

File Size: 2.20 MB, 2195288 bytes

MD5: 305a09940b0d90ac6545ef70e8d83abb

SHA1: 54bdf794c7692a562a73b5ed3bffd824fb0106e2

SHA256: BCEF83259BEB4C32D4CBC13EA3B38F806A6938B8FF84415865F2BCC9ACD18A7C

File Size: 3.05 MB, 3052520 bytes

MD5: 2b94924855cb2faa5428d2392a223c9c

SHA1: e0fcee0fadbd0e0407f5b2e21cecd180445f19e8

SHA256: 3929F40A5C5F7DED4C2FD50E48CC27CB38305B220FEFCE559C31F10BC6F0B1E1

File Size: 2.50 MB, 2503712 bytes

MD5: caf43163024476cdd12ea56acd84baba

SHA1: 359094876ad5f521525d327ef249965b18c3e560

SHA256: 7342C49696534D777BC85429F2751ECE85B8B9D765E2FBBDEE24905BE5B251EC

File Size: 1.33 MB, 1329600 bytes

MD5: 82869dd939c4ba4d9d9f985845662267

SHA1: 356665e68a30f96a1105e483efd0236f958ebbe8

SHA256: 84E33A019042DC4EA6B5948D64F782D61EEEFF608CEC8A184980E89084703BDF

File Size: 8.27 MB, 8266144 bytes

MD5: 4cee2953a479f9d06236da6e2802a698

SHA1: 2c709ab7e2c88f60da02deebaf438b7ce6a51c2b

SHA256: D9547236AE4D52F0D1B381035FB4A389EEA375E937CBB2F20951F0BF180EA70A

File Size: 2.20 MB, 2195288 bytes

MD5: 46338fcd02684a3533993a898b1fcf38

SHA1: b0af2b2f67e4a582736fc2abe4c2b917f8c3d866

SHA256: F11AF5291CBBE28D2549EDBE206C459FE2F275F55A9CF31F76D89BE8C61C7762

File Size: 3.62 MB, 3622624 bytes

MD5: e8cd1e0164d7e91ea707be379326976b

SHA1: cae4f5cec46704e2de7ce8d0d17ebe252132d2f6

SHA256: 94EA7085943CD4F7C187A4D81E65DA7D4E4E637251D886C0DA23B2EFF1397962

File Size: 1.51 MB, 1505016 bytes

MD5: 0ff00a5172b85ebc2562dfe25cf9630a

SHA1: c38cc9607c5e223be16e2cf5d6f4158be16a0f1e

SHA256: 5443A0BBE8F79562D4369BCD4F12D7A67D23F89128B01D284BFB4555331FD9D9

File Size: 2.01 MB, 2009768 bytes

MD5: b4b10e3527d078862c39cd41c01c6c0e

SHA1: 4d5a9db391371a92827043d0bea65a8436fc05c5

SHA256: DB51736E5C75EBA2DBF12C1396E06CFB9DE2FA607676E9593540B926F2FA2D8D

File Size: 2.20 MB, 2195288 bytes

MD5: b4038b405350651c178dc355fe4053b2

SHA1: 50180d02475bd5b59d89fa32a4ef8d3ea4e836da

SHA256: 9C9E872223D502E0118C1A6865D525CBA5F524B470235D5F3E72EDD0E527F1D2

File Size: 8.44 MB, 8438216 bytes

MD5: 8a378168dcf800ff3b2df7546b6d81db

SHA1: 9f07fe02e70100502c7c44f6521b337ea02670c4

SHA256: D585EFDF61F3040FD699A0C9242B8BEA2BC30F7F936ADB16CB6AE48C3ADE4AA3

File Size: 8.96 MB, 8963904 bytes

MD5: 7abf1f6558d0403957f286fb5fc83775

SHA1: c26b52ab6b219a11bd078186a3c10aee36aecc8f

SHA256: ECA22F92C45EAC13730C0F4B2A6861AABF4DB12167CC9AFD21485900F89E32C0

File Size: 2.20 MB, 2202312 bytes

MD5: 918d7f6356837b5d9c99d1fce4bd12c9

SHA1: df096931ac839c472713a382b36b441804379de6

SHA256: 729CA2BC7C43E709E04BFF39B87F430C2A6DEE9CF411B095A130F1EC64BE263A

File Size: 1.25 MB, 1246328 bytes

MD5: bcf04181cdf7e63af2e83fa3e77debd5

SHA1: 77e48795c7baecd91773cb7b2eadcc0c6c5d31d8

SHA256: 42E22901B3BDB4EA36EC43A08D1FF090C99924A9EAA1C9543334875C3D3E3260

File Size: 1.25 MB, 1252984 bytes

MD5: 7edf1a2dbca228e04f98be37470558b7

SHA1: c474b728bbd72808323860831bbded1a5f49458e

SHA256: 109343E8EF8D708E4DF785D6D28D1AD86DD775C38B8A9B9E9398DE7E594402E4

File Size: 195.33 KB, 195330 bytes

MD5: 4cfe571ccfbb53a4f88d79124c46e228

SHA1: e1fbb6b572e0b8680d6f0846c3e63714df5b8f1a

SHA256: CC766AFB3451AF2990054D60AD95D23C03F217CB1A8C8B6A69B5D97028A9CFC2

File Size: 1.25 MB, 1251960 bytes

MD5: 0379176ae0a99336ba9fbb34d9131c08

SHA1: c69643e59e2fa34ceefe989a75385b75913efba3

SHA256: 0637A87CF5B9CBD49403916983A7EB2A3898635D13DAD53B0015921318659331

File Size: 1.25 MB, 1252984 bytes

MD5: e221748f4eee0cbe813c2c59ee7dc92c

SHA1: 2c55c55f2520bd7ee0abe76b7aac9addbb6940e6

SHA256: BD1F9D1342DEA40D4B497EE26C031E8DC23990AB74F9C3AF6D6881E882E775DC

File Size: 1.25 MB, 1252984 bytes

MD5: c0d26d4af9f05e93ff16d1b77b0021f5

SHA1: a98eb46fa37c5c074abf600bc852160750e02b85

SHA256: 856C74E109EEAF49503F791D44BBF62E307A39383CAC75CBB46999DE728206E7

File Size: 1.40 MB, 1400816 bytes

MD5: ba0cc3ab34c53e1694b14490360982c2

SHA1: 7c7762dad8e08ba9f9482ec8663e53590c750f7d

SHA256: 30495F743A05DE050C133B74888C20F8C21711FF11D847C49F3EEB17358AC538

File Size: 3.04 MB, 3039488 bytes

MD5: 790b24aadae6e17f7ce650d23dffb726

SHA1: c5e40f0538956b768a07f812bf70505362437a5b

SHA256: D540F1C8094704B9138CA7FAA572AE08730C4A21D0C40B2B88EBBB67CAAB70A0

File Size: 6.54 MB, 6540744 bytes

MD5: 53a847e32987e5bcc2b93d2301aef234

SHA1: 8c7c419f40ce8989aa1af2c57a4cb185bc8bee3d

SHA256: C1341D022011F21009FC21B4E7DD03C234FCAA450BB0DE88351366CF91E91BDC

File Size: 1.25 MB, 1254008 bytes

MD5: 04bca9d27cd53e9c528b74cd2caf4566

SHA1: 07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78

SHA256: 7FA57D34FECFD0ADEA983D2DC8DDD8D18FC0F0C8F319ADFCEFF62368A232C0B3

File Size: 2.20 MB, 2195288 bytes

MD5: 67db9cb488eb8b81ea803bd45829c8c5

SHA1: e5074881453cbb88d4fad8f968632ef84f661bcf

SHA256: F903E9A194961F84BCBB5483BC57F42C8F74082576E22292F4A2A77B9FEF9BC6

File Size: 5.27 MB, 5265084 bytes

MD5: 9b6df849dc768c2325d8793d859eb618

SHA1: fb17883aa9f53824485529e25c0e8986a3f642f9

SHA256: CC17A5A5C449E67D4B13C71B37E59D3F197F505178569EFFE9A5337D65652480

File Size: 1.26 MB, 1257080 bytes

MD5: 6892814e6a4c98913bdbf24b5741ddd4

SHA1: a9a91635de77f36b374b6b495eb71720936e45ba

SHA256: 6FC6BE0E41A7E75E6CD23B7F23227EA2D79B07471FA5C49FB1F0660E848B512E

File Size: 1.31 MB, 1310720 bytes

MD5: ddafe3a3fa87bd1c1afddcf6056dd5ca

SHA1: d8f902ab75066be91aa2e65a9d455b1264ccbd3f

SHA256: 7D16799846B929063AC82BEAB909938E680FAA9262BFDE8A4FD6F4B3816426CE

File Size: 1.25 MB, 1249912 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	5.0.0.111 1.92.5.9159 1.92.4.9130 1.92.4.8949 1.0.1.0
Comments	Helps to download updates for the main app. ScreenSaverGift.com This installation was built with Inno Setup. Wirtualna Polska Media SA
Company Name	adaware Bits Department LLC Burnbytes v0.1 Caphyon LTD CD010_Web c Lavasoft Limited. All Rights Reserved. EPI Software Giant Box decision LLC UK Usadba Pertinent Install Show More RealTimeGaming Software Relk Install ScreenSaverGift.com template Your Company Name
Company Short Name	EPI Software
File Description	AppWizard Installer Beach Babes Screensaver Burnbytes Setup DobreProgramy Installer DownloadHelperTray EpiBrowser EpiBrowser Installer FilePlanet Installer File that launches another file Giant Box Show More GOMPlayerGlobal Setup File Installer Install Program Outbyte Driver Updater Setup Pertinent Install Relk Install Rufus Setup Setup/Uninstall SoftCatalog Downloader Software Installation template uTorrent Setup Wirtualna Polska Media SA Your Application Description
File Version	136.0.7103.85 132.0.6834.200 132.0.6834.122 130.0.6723.144 130.0.6723.143 130.0.6723.142 128.0.6613.139 51.1052.0.0 21.9.0.0 21.0.1.0 Show More 16.8.1.378 14.18.14.16 13.1.7-RTG 5.0.0.111 3.7.7 3.5.2 3.3.3 2.4.0.9052 2.2.174.2916 2.0.0.383 2.0.0.0 1.92.5.9159 1.92.4.9130 1.92.4.8949 1.4.2.1 1.1.1.1 1.0.1.3543 1.0.1.0 1.0.0.3056 1.0.0.1 1.0.0.0 0.1.0
I S Internal Description	Setup Launcher Unicode
I S Internal Version	17.0.714
Internal Build Number	99584
Internal Name	Beach Babes Screensaver.exe dobreprogramy.pl.exe DotSetup.dll DownloadHelperTray.exe epibrowser_proxy eventlog_provider_dll installer.exe Install Program Pertinent Install Relk Install Show More setup Setup SoftCatalog_Packaged.exe Template.exe viewer.exe YourApp.exe
Last Change	17e1317f6960e3a0bf9dcc371613c98a6d7db701 4153a898b5edfa6b96867a2143e3dcf674821e80
Legal Copyright	(c) Caphyon LTD. All rights reserved. Bits Department LLC, 2020 c Lavasoft Limited. All Rights Reserved. Copyright Copyright (c) 2012 Real-Time Gaming Copyright (c) 2013 ScreenSaverGift.com Copyright (C) 2014 Copyright (c) 2022 Giant Box decision Copyright 2024 Copyright 2024 EPI Software . All rights reserved. Show More Copyright 2025 Copyright 2025 Copyright © 2020 Copyright © 2024 Copyright © Adaware 2020 LegalCopyright "Â© adaware" string Â© adaware LLC UK Usadba Pertinent Install(c). Copyrighted 2020 Relk Install(c). Copyrighted 2020 Wirtualna Polska Media SA
Legal Trademarks	Copyright (c) 2013 ScreenSaverGift.com
Official Build	1
Original Filename	Beach Babes Screensaver.exe dobreprogramy.pl.exe DotSetup.dll DownloadHelperTray.exe epibrowser_proxy.exe eventlog_provider.dll GiantBoxApplication.exe installer.exe InstallShield Setup.exe Pertinent.exe Show More RelkI.exe sdk.dll SoftCatalog Downloader Template.exe viewer.exe YourApp.exe
Product Name	Advanced Installer AppWizard Beach Babes Screensaver Burnbytes CD010_Web's Installer DobreProgramy DotSetup DownloadHelperTray EpiBrowser EpiBrowser Installer Show More FilePlanet Giant Box GOMPlayerGlobal Grand Parker Casino MicrogamingInstall Outbyte Driver Updater Pertinent Install Relk Install Rufus SoftCatalog Downloader template uTorrent Wirtualna Polska Media SA Your Product Name
Product Short Name	EpiBrowser EpiBrowser Installer
Product Version	136.0.7103.85 132.0.6834.200 132.0.6834.122 130.0.6723.144 130.0.6723.143 130.0.6723.142 128.0.6613.139 21.9.0.0 21.0.1.0 16.8.1 Show More 14.18.14.16 13.1.7-RTG 5.0.0.111 4.6 3.6 2.4.0.9052 2.3.0.23191 2.2.174.2916 2.0.0.383 2.0.0.0 1.92.5.9159 1.92.4.9130 1.92.4.8949 1.4.2.1 1.1.1.1 1.0.1.3543 1.0.1.0 1.0.0.3056 1.0.0.0 1.0.0.0 0.1.0

Digital Signatures

Signer	Root	Status
Bits Department LLC	AAA Certificate Services	Root Not Trusted
Bit Wise Publishing, LLC	Bit Wise Publishing, LLC	Self Signed
Byte Media Sdn. Bhd.	Certum Extended Validation Code Signing 2021 CA	Self Signed
NEXITEK LTD	Certum Extended Validation Code Signing 2021 CA	Self Signed
Hastings International B.V.	DigiCert Assured ID Code Signing CA-1	Self Signed

Lavasoft Software Canada	GlobalSign CodeSigning CA - G3	Self Signed
Byte Media Sdn. Bhd.	GlobalSign GCC R45 EV CodeSigning CA 2020	Self Signed
H.B. Leopard Technology Co., Ltd	GlobalSign GCC R45 EV CodeSigning CA 2020	Self Signed
LLC UK USADBA	LLC UK USADBA	Self Signed
LLC UK USADBA	LLC UK USADBA	Self Signed
Astral Media Inc	SSL.com EV Code Signing Intermediate CA RSA R3	Self Signed
SmileMotion PTE. LTD.	SSL.com EV Root Certification Authority RSA R2	Root Not Trusted
Byte Media Sdn Bhd	Sectigo Public Code Signing Root R46	Root Not Trusted
Invenivia	Sectigo Public Code Signing Root R46	Root Not Trusted
Invenivia	Sectigo Public Code Signing Root R46	Hash Mismatch
WIRTUALNA POLSKA MEDIA SA	Sectigo Public Code Signing Root R46	Root Not Trusted
WIRTUALNA POLSKA MEDIA SA	Sectigo Public Code Signing Root R46	Hash Mismatch
Audit.digital s.r.o.	USERTrust RSA Certification Authority	Root Not Trusted
Projektas 25, MB	USERTrust RSA Certification Authority	Root Not Trusted

File Traits

Installer Manifest
Installer Version
x86

Block Information

Total Blocks:	97
Potentially Malicious Blocks:	1
Whitelisted Blocks:	68
Unknown Blocks:	28

Visual Map

? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 ? ? ? ? x ? ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.M
Agent.MH
Agent.MI
Agent.MU
Autorun.LA

Deyma.G
DotSetupIo.A
FakeAV.AU
FakeInstaller.A
FakeInstaller.B
Injector.AK
Keylogger.KC
Keylogger.KD
Kryptik.XXBA
Lumma.GFD
MSIL.Kryptik.SA
MSIL.Remcos.LFA
Rugmi.IA
Sheloader.A
StartSurf.AD
Stealer.KF
Stealer.UHA
Stealer.UHBB
Stealer.UHBE
Stealer.UHRA
Stealer.UHRC
WindowsExpertConsole.A

Files Modified

File	Attributes
\device\namedpipe\crashpad_288_clavrgjygststilq	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_288_clavrgjygststilq	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4424_gzodmkpwrzkeavab	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4424_gzodmkpwrzkeavab	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\crashpad_4432_nmyvifebndvtdsdu	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\crashpad_4432_nmyvifebndvtdsdu	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
\device\namedpipe\pdftoolswebpipe	Generic Read,Write Data,Write Attributes,Write extended,Append data,LEFT 524288
c:\program files	Read Attributes,Synchronize,Write Data
c:\program files\burnbytes\burnbytes.exe	Synchronize,Write Data
c:\program files\burnbytes\burnbytes.exe.config	Synchronize,Write Data

c:\program files\burnbytes\burnbytes.pdb	Synchronize,Write Data
c:\program files\burnbytes\burnbytesupdate.bat	Generic Write,Read Attributes
c:\program files\burnbytes\de\burnbytes.resources.dll	Synchronize,Write Data
c:\program files\burnbytes\de\is-4fepb.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-alun1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-anhuu.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-i4fv9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-p56ql.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-ratou.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\de\is-rc5gc.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-10m50.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-1uaqu.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-4gua8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-6tee9.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-8q8cg.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-8rbqp.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9bcci.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9cbpd.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-9djgj.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-ao83g.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-au9mj.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-av6eu.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-b3g9s.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-bv719.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cmisv.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cov3u.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-cq39s.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-fc2ea.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-fsh2i.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-hf3l7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-ia1jf.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-j8l7v.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-jg582.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-k7vfh.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-lvj0l.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-m6v9n.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-m78g6.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-o10au.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-oaaps.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-p2n5j.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-pbsi1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-pdu7h.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-q7ilk.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-qb99t.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-sc7d5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-tkvnl.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-u2j45.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-uckl1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\is-uhbe3.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files\burnbytes\newtonsoft.json.dll	Synchronize,Write Data
c:\program files\burnbytes\newtonsoft.json.xml	Synchronize,Write Data
c:\users\user\appdata\local\episoftware\epibrowser\user data\crashpad\settings.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7z2301-x64.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\2025.11.03_18.28.45.468914_installer_pid=4220.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\2025.11.03_18.28.45.468914_installer_pid=4220.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\app.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\app.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\bundleconfig.json	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\bundleconfig.json	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\de\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.services.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\devlib.services.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\dynactsbll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\dynactsbll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\en\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\es\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\fr\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\genericsetup.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\h2osciter.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\h2osciter.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\htmlagilitypack.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\htmlagilitypack.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\installer.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\installer.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\it\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\microsoft.win32.taskscheduler.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\microsoft.win32.taskscheduler.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.core.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.core.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.extension.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\mydownloader.extension.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\newtonsoft.json.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\newtonsoft.json.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicebll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicebll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicesdk.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\offerservicesdk.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\pt\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\downloadpage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\downloadpage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\header-panel.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\header-panel.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\laptop.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\laptop.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\loader.gif	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\loader.gif	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\warning48x48.png	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\images\warning48x48.png	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\installingpage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\installingpage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\launchcarrierpage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\launchcarrierpage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\offerpage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\offerpage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\style.css	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\style.css	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\suitepage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\suitepage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\config.tis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\config.tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\eventhandler.tis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\eventhandler.tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\log.tis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\log.tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\translateoffertemplate.tis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\translateoffertemplate.tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\viewstateloader.tis	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\tis\viewstateloader.tis	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\welcomepage.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\resources\welcomepage.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\ru\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\sciter32.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\sciter32.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\shared.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\shared.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\7zs0ea0e3e7\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\2025.10.02_04.32.27.721389_installer_pid=1880.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\app.ico	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\app.ico	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\bundleconfig.json	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\bundleconfig.json	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\carrier.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\carrier.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\de	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\de	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\de\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\de\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\devlib.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\devlib.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\devlib.services.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\devlib.services.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\en	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\en	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\en\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\en\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\es	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\es	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\es\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\es\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\externalresource.xml	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\externalresource.xml	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\fr	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\fr	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\fr\devlib.resources.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\fr\devlib.resources.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\7zs805d8840\genericsetup.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\7zs805d8840\h2osciter.dll	Generic Write,Read Attributes

157 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey

HKLM\software\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\50bc573af1a5d4d4e48590b84f3c4d16dc4667a6_0001321408::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo	vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\359094876ad5f521525d327ef249965b18c3e560_0001329600::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\de\devlib.resources.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\de\devlib.resources.dll\??\C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D88	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasmancs::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKCU\software\appwizard::hid	FAAD358E-AA7B-442F-893C-251C2902E295	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\df096931ac839c472713a382b36b441804379de6_0001246328::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\e1fbb6b572e0b8680d6f0846c3e63714df5b8f1a_0001251960::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\c69643e59e2fa34ceefe989a75385b75913efba3_0001252984::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3E7\de\devlib.resources.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3E7\de\devlib.resources.dll\??\C:\Users\Dfotipyp\AppData\Local\Temp\7zS0EA0E3	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\8c7c419f40ce8989aa1af2c57a4cb185bc8bee3d_0001254008::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\a9a91635de77f36b374b6b495eb71720936e45ba_0001310720::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey
HKLM\system\controlset001\services\eventlog\application\d8f902ab75066be91aa2e65a9d455b1264ccbd3f_0001249912::eventmessagefile	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll	RegNtPreCreateKey

Windows API Usage

Category	API
Process Shell Execute	CreateProcess ShellExecuteEx
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Keyboard Access	GetKeyState
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAdjustPrivilegesToken ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcCreatePortSection ntdll.dll!NtAlpcCreateSectionView ntdll.dll!NtAlpcCreateSecurityContext ntdll.dll!NtAlpcDeleteSecurityContext ntdll.dll!NtAlpcQueryInformation Show More ntdll.dll!NtAlpcQueryInformationMessage ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtAlpcSetInformation ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateKey ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFlushKey ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetCompleteWnfStateSubscription ntdll.dll!NtGetWriteWatch ntdll.dll!NtLockFile ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtPowerInformation ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryEvent ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtQueueApcThread ntdll.dll!NtQueueApcThreadEx2 ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReadVirtualMemory ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRemoveIoCompletion ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResetWriteWatch ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey 73 additional items are not displayed above.
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
Other Suspicious	AdjustTokenPrivileges
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winsock2	WSAConnect WSASend WSASocket WSAStartup WSAttemptAutodialName
Network Winsock	closesocket connect freeaddrinfo getaddrinfo recv send setsockopt socket
Network Winhttp	WinHttpOpen
Network Info Queried	GetAdaptersAddresses GetNetworkParams
Network Wininet	HttpOpenRequest HttpSendRequest InternetConnect InternetOpen InternetQueryOption InternetSetOption

Shell Command Execution


							"C:\Users\Yfabavah\AppData\Local\Temp\is-ECR6U.tmp\514f7470fa7c0ee9b5bcf0afd98e093086d42a7b_0001831584.tmp" /SL5="$1025A,834279,798208,c:\users\user\downloads\514f7470fa7c0ee9b5bcf0afd98e093086d42a7b_0001831584.exe"


							"C:\Users\Artqpyvm\AppData\Local\Temp\is-DOB5N.tmp\eeed5ec6430b2a9eebdecd40c51002af32297de0_0002513624.tmp" /SL5="$30140,1583588,832512,c:\users\user\downloads\eeed5ec6430b2a9eebdecd40c51002af32297de0_0002513624.exe"


							"C:\Users\Bhccpnyn\AppData\Local\Temp\is-AKIUP.tmp\d3343bb5b57b4779c31e483564a11ea6ce268998_0002195288.tmp" /SL5="$20246,1218980,902656,c:\users\user\downloads\d3343bb5b57b4779c31e483564a11ea6ce268998_0002195288.exe"


							"C:\Users\Hybxmfyu\AppData\Local\Temp\is-DNN6J.tmp\20813fef9510f0b97dc8352c561ae6121ac3d597_0002438776.tmp" /SL5="$10252,1532632,780800,c:\users\user\downloads\20813fef9510f0b97dc8352c561ae6121ac3d597_0002438776.exe"


							"C:\Users\Qkcskoez\AppData\Local\Temp\is-OAUIP.tmp\30af930a35c193dc09c60da30202d2d7bafa4774_0002195288.tmp" /SL5="$10262,1218980,902656,c:\users\user\downloads\30af930a35c193dc09c60da30202d2d7bafa4774_0002195288.exe"


									"C:\Users\Nodcykgj\AppData\Local\Temp\is-FTDVS.tmp\81ec7833706cdf9797dc03730a6a0b2c6cc5daab_0002517411.tmp" /SL5="$30278,1583588,832512,c:\users\user\downloads\81ec7833706cdf9797dc03730a6a0b2c6cc5daab_0002517411.exe"


									"C:\Users\Jouxsmkg\AppData\Local\Temp\is-FCMUK.tmp\7575cd484fa1ff7986c066c53e052490786dea53_0002065648.tmp" /SL5="$301E2,1012762,868864,c:\users\user\downloads\7575cd484fa1ff7986c066c53e052490786dea53_0002065648.exe"


									"C:\Users\Nybrejmw\AppData\Local\Temp\is-URDVT.tmp\855ce2ad2eab248109036e1a0e6ec74a1069a96b_0002202312.tmp" /SL5="$30228,1226096,902656,c:\users\user\downloads\855ce2ad2eab248109036e1a0e6ec74a1069a96b_0002202312"


									"C:\Users\Mjjitbxj\AppData\Local\Temp\is-GVPNM.tmp\aaa36f92e21fb0648b4977d308423f6f1a6c1159_0002195288.tmp" /SL5="$401E4,1218980,902656,c:\users\user\downloads\aaa36f92e21fb0648b4977d308423f6f1a6c1159_0002195288"


									c:\users\user\downloads\36268f3b16f08e417110a7eed632fdc11a515f04_0003401360 c:\users\user\downloads\36268f3b16f08e417110a7eed632fdc11a515f04_0003401360 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Iyxnkyzt\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=128.0.6613.139 --initial-client-data=0x244,0x250,0x25c,0x254,0x280,0x7ff630497970,0x7ff63049797c,0x7ff630497988


									"C:\Users\Jcqddcnm\AppData\Local\Temp\is-LU7LB.tmp\1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3_0002202312.tmp" /SL5="$30232,1226096,902656,c:\users\user\downloads\1811327cb7e09d84f02d4f3b5e4ab6a4fbd2cca3_0002202312"


									c:\users\user\downloads\b627cc3f488d157041872c0950b92241bb12c8b5_0005113488 c:\users\user\downloads\b627cc3f488d157041872c0950b92241bb12c8b5_0005113488 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Aetfchzn\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=132.0.6834.122 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff6ad4fd2e8,0x7ff6ad4fd2f4,0x7ff6ad4fd300


									"C:\Users\Lagznwqf\AppData\Local\Temp\is-LA8IC.tmp\afaa259fefc60ef288cf56240f30713567ad15d3_0002195288.tmp" /SL5="$4020E,1218980,902656,c:\users\user\downloads\afaa259fefc60ef288cf56240f30713567ad15d3_0002195288"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\5aae1ed5cfc20d9e121c4e9b8ba6794789a8f12f_0000272360.,LiQMAxHB


									"C:\Users\Fuoacynh\AppData\Local\Temp\is-TIB0L.tmp\0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931_0002522252.tmp" /SL5="$20270,1583588,832512,c:\users\user\downloads\0be5dbc2a70db3364a64c1ed9f8aa472cd0e6931_0002522252"


									"C:\Users\Ayhsuzew\AppData\Local\Temp\is-NAJD5.tmp\c40b54954ad66b14682bc481e3e860f4c7ca3664_0002195288.tmp" /SL5="$10276,1218980,902656,c:\users\user\downloads\c40b54954ad66b14682bc481e3e860f4c7ca3664_0002195288"


									c:\users\user\downloads\171da62ecdb8bca3651b16b896a7bb77f87940c1_0004996240 c:\users\user\downloads\171da62ecdb8bca3651b16b896a7bb77f87940c1_0004996240 --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Afeulupc\AppData\Local\EPISoftware\EpiBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=EpiBrowser --annotation=ver=130.0.6723.143 --initial-client-data=0x28c,0x250,0x294,0x290,0x298,0x7ff69a17c0e8,0x7ff69a17c0f4,0x7ff69a17c100


									"C:\Users\Ummuxzpw\AppData\Local\Temp\is-5NM64.tmp\99e5623744350d78c4f3e090589ae151018323c8_0002503712.tmp" /SL5="$A003E,1573616,832512,c:\users\user\downloads\99e5623744350d78c4f3e090589ae151018323c8_0002503712"


									"C:\Users\Yzaesmhx\AppData\Local\Temp\is-P8NFT.tmp\4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2_0002195288.tmp" /SL5="$10250,1218980,902656,c:\users\user\downloads\4cda6e882d6a7f0af0c4fb3407fc0c25dcf5dda2_0002195288"


									"C:\Users\Ovfpuzje\AppData\Local\Temp\is-M4IGL.tmp\a7a4042a7eb203b663a5b7cf8b72a71f17443610_0002195288.tmp" /SL5="$4005E,1218980,902656,c:\users\user\downloads\a7a4042a7eb203b663a5b7cf8b72a71f17443610_0002195288"


									"C:\Users\Oworkdhm\AppData\Local\Temp\is-KO7K9.tmp\e0fcee0fadbd0e0407f5b2e21cecd180445f19e8_0002503712.tmp" /SL5="$2017C,1573616,832512,c:\users\user\downloads\e0fcee0fadbd0e0407f5b2e21cecd180445f19e8_0002503712"


									"C:\Users\Bhwnwswk\AppData\Local\Temp\is-L5V48.tmp\2c709ab7e2c88f60da02deebaf438b7ce6a51c2b_0002195288.tmp" /SL5="$30214,1218980,902656,c:\users\user\downloads\2c709ab7e2c88f60da02deebaf438b7ce6a51c2b_0002195288"


									.\installer.exe


									runas C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\GenericSetup.exe C:\Users\Jyjpcgpi\AppData\Local\Temp\7zS805D8840\GenericSetup.exe


									"C:\Users\Wlcrucyu\AppData\Local\Temp\is-VLUAR.tmp\c38cc9607c5e223be16e2cf5d6f4158be16a0f1e_0002009768.tmp" /SL5="$2024A,900883,868864,c:\users\user\downloads\c38cc9607c5e223be16e2cf5d6f4158be16a0f1e_0002009768"


									"C:\Users\Hffyzfjh\AppData\Local\Temp\is-NHJM9.tmp\4d5a9db391371a92827043d0bea65a8436fc05c5_0002195288.tmp" /SL5="$8004E,1218980,902656,c:\users\user\downloads\4d5a9db391371a92827043d0bea65a8436fc05c5_0002195288"


									"C:\Users\Khkuplpw\AppData\Local\Temp\is-1FUIG.tmp\50180d02475bd5b59d89fa32a4ef8d3ea4e836da_0008438216.tmp" /SL5="$20250,7687825,757248,c:\users\user\downloads\50180d02475bd5b59d89fa32a4ef8d3ea4e836da_0008438216"


									"C:\Users\Fknovjbo\AppData\Local\Temp\is-D0GNV.tmp\c26b52ab6b219a11bd078186a3c10aee36aecc8f_0002202312.tmp" /SL5="$60210,1226096,902656,c:\users\user\downloads\c26b52ab6b219a11bd078186a3c10aee36aecc8f_0002202312"


									"C:\Users\Vfnureac\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									C:\Users\Pcqbskqi\AppData\Local\Temp\~oxtqcw72xs.tmp (NULL)


									"C:\Users\Fmvopnec\AppData\Local\Temp\is-5TD48.tmp\07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78_0002195288.tmp" /SL5="$401F4,1218980,902656,c:\users\user\downloads\07e5ba2d4339cf0d34e3405c0938bc2c08c5ee78_0002195288"

Adware Helpers

Threat Scorecard

EnigmaSoft Threat Scorecard

Adware Helpers May Make Unwanted Changes to Your PC Settings

Aliases

SpyHunter Detects & Remove Adware Helpers

File System Details

Registry Details

Directories

Cookies

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

1 Comment

Submit Comment

Trending

Most Viewed