Adware.OpenCandy

By LoneStar in Adware

Threat Scorecard

Popularity Rank:	452
Threat Level:	20 % (Normal)
Infected Computers:	270,675

First Seen:	February 19, 2011
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Adware.OpenCandy is a dangerous adware software package, which proliferates without user's consent and awareness. Adware.OpenCandy typically shouldn’t damage or manipulate the files that you have in your computer, but there are certain process files, which are related to this malware threat. Adware.OpenCandy is able to represent annoying advertising pop-up alerts to trick unaware computer users. Adware.OpenCandy can also collect your private information and send them out to the third parties. Adware.OpenCandy has to be removed immediately before it harms your PC.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
AVG	Generic4.BDCS
Fortinet	Riskware/PUP_z
GData	Win32:Adware-gen
AntiVir	Adware/OpenCandy.A.92
Avast	Win32:Adware-gen [Adw]
Symantec	Trojan.Gen.2
AVG	Skodna.GameHack.BDF
F-Prot	W32/Malware!582e
AVG	Generic20.BOJL
AntiVir	Adware/OpenCandy.A.27
Avast	Win32:Malware-gen
K7AntiVirus	Riskware
McAfee	Artemis!0A0836B90697
AntiVir	Adware/OpenCandy.A.593
Symantec	Suspicious.Cloud.5

SpyHunter Detects & Remove Adware.OpenCandy

File System Details

Adware.OpenCandy may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	photoscape-3-7-multi-win.exe	a0f80b9f04cfa7d05a7bbed895c27450	10,479
Name: photoscape-3-7-multi-win.exe MD5: a0f80b9f04cfa7d05a7bbed895c27450 Size: 21.36 MB (21360800 bytes) Detections: 10,479 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\desktop Group: Malware file Last Updated: February 6, 2026
2.	SetupImgBurn_2.5.8.0.exe	9685e1b00b7d1b31ede436bd9b12be39	2,718
Name: SetupImgBurn_2.5.8.0.exe MD5: 9685e1b00b7d1b31ede436bd9b12be39 Size: 3.46 MB (3469871 bytes) Detections: 2,718 Type: Executable File Path: F:\ARQ_HD\2015\DIVERSOS 2015\IMGBURN\ImgBurn V.2.5.8 Multi disc Burning (32 Bits and 64 Bits)\SetupImgBurn_2.5.8.0.exe Group: Malware file Last Updated: January 27, 2026
3.	OCBrowserHelper_1.0.3.85.dll.vir	e598bc476764127909d94f5fbe9655f9	2,087
Name: OCBrowserHelper_1.0.3.85.dll.vir MD5: e598bc476764127909d94f5fbe9655f9 Size: 432.45 KB (432456 bytes) Detections: 2,087 Path: %SYSTEMDRIVE%\$SysReset\OldOS\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\OpenCandy\D22A75B82A9F4C539B407F79E5AAB08B\OCBrowserHelper_1.0.3.85.dll.vir Group: Malware file Last Updated: February 2, 2026
4.	dlm.exe.vir	1cb3a1365543e07611a90ef9f1c9a3f3	2,049
Name: dlm.exe.vir MD5: 1cb3a1365543e07611a90ef9f1c9a3f3 Size: 302.88 KB (302888 bytes) Detections: 2,049 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\OpenCandy\CA02AB1E46B74E309B9F21012D53833D\dlm.exe.vir Group: Malware file Last Updated: January 31, 2026
5.	daemon-tools-pro-adv-5.2.0-multi.exe	cbec2041f7fba1261772f94d95a3a5b6	1,778
Name: daemon-tools-pro-adv-5.2.0-multi.exe MD5: cbec2041f7fba1261772f94d95a3a5b6 Size: 20.01 MB (20013776 bytes) Detections: 1,778 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\desktop Group: Malware file Last Updated: January 26, 2026
6.	dlm309c.exe	5542cb289a2b671eb3fe776e6ea1b7f9	1,416
Name: dlm309c.exe MD5: 5542cb289a2b671eb3fe776e6ea1b7f9 Size: 306.39 KB (306392 bytes) Detections: 1,416 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\OpenCandy\17F01C46EA9A4D4FA509B37242A7FB1F\dlm309c.exe Group: Malware file Last Updated: October 21, 2024
7.	OCBrowserHelper_1.0.5.112.dll.vir	8fc2e4306b57141d56613e7b0997274b	457
Name: OCBrowserHelper_1.0.5.112.dll.vir MD5: 8fc2e4306b57141d56613e7b0997274b Size: 433.44 KB (433448 bytes) Detections: 457 Path: D:\Daten alte Festplatte\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\OpenCandy\D417BBAA1CD4409C86A65CAE8C0A955D\OCBrowserHelper_1.0.5.112.dll.vir Group: Malware file Last Updated: January 6, 2026
8.	OCBrowserHelper_1.0.4.106.dll	66720645951ca6e8ebb06f7b2cfc23d7	398
Name: OCBrowserHelper_1.0.4.106.dll MD5: 66720645951ca6e8ebb06f7b2cfc23d7 Size: 431.98 KB (431984 bytes) Detections: 398 Type: Dynamic link library Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\NIsNrmwUlN\2FDC0FB6E76249EEB6B7292CED30ABA1\OCBrowserHelper_1.0.4.106.dll Group: Malware file Last Updated: August 24, 2025
9.	vidplayasetup_v2.exe	0d5f3e3ff517f1df693ca90659287dc9	340
Name: vidplayasetup_v2.exe MD5: 0d5f3e3ff517f1df693ca90659287dc9 Size: 32.84 MB (32845784 bytes) Detections: 340 Type: Executable File Path: %SYSTEMDRIVE%\Users\<username>\desktop Group: Malware file Last Updated: November 20, 2025
10.	ServiceHostAppUpdater.exe	10ac9b44f94a57c4ef3f8c9f115cab0f	258
Name: ServiceHostAppUpdater.exe MD5: 10ac9b44f94a57c4ef3f8c9f115cab0f Size: 10.68 MB (10684416 bytes) Detections: 258 Type: Executable File Path: %LOCALAPPDATA%\Pokki\Engine Group: Malware file Last Updated: December 22, 2025
11.	dm.exe	887f05f66fcc6d52caf8af044b15d849	226
Name: dm.exe MD5: 887f05f66fcc6d52caf8af044b15d849 Size: 307.67 KB (307672 bytes) Detections: 226 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\OpenCandy\5295FB3403D74EB58457409739F0FEBF\dm.exe Group: Malware file Last Updated: March 18, 2024
12.	dlm312b.exe.vir	2686621f1408757d79c3dded865ad0b3	147
Name: dlm312b.exe.vir MD5: 2686621f1408757d79c3dded865ad0b3 Size: 307.67 KB (307672 bytes) Detections: 147 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\C\Users\<username>\AppData\Roaming\RHEng\17FA258745404A40AF384D5910439C5A\dlm312b.exe.vir Group: Malware file Last Updated: January 1, 2024
13.	dlm309b.exe	627168cff57d3e8e13ad1a97839582dd	124
Name: dlm309b.exe MD5: 627168cff57d3e8e13ad1a97839582dd Size: 306.39 KB (306392 bytes) Detections: 124 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\RHEng\F348D1601F264C9D8EBDF66F7545B418\dlm309b.exe Group: Malware file Last Updated: July 27, 2025
14.	dlm298c.exe	ef819ca9388f73ddd69571134f2fb01f	49
Name: dlm298c.exe MD5: ef819ca9388f73ddd69571134f2fb01f Size: 304.34 KB (304344 bytes) Detections: 49 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\OpenCandy\7D658E5F75BD4E2681571E86FD325594\dlm298c.exe Group: Malware file Last Updated: November 29, 2021
15.	dlm312h.exe	702fad0195ab09e975d7c20ed3783597	49
Name: dlm312h.exe MD5: 702fad0195ab09e975d7c20ed3783597 Size: 307.67 KB (307672 bytes) Detections: 49 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\OpenCandy\1DADB2D9AC0A4454A557D02457256A76\dlm312h.exe Group: Malware file Last Updated: July 2, 2023
16.	dlm298b.exe	1f1a3379c2d537de505a1d7aff23314c	45
Name: dlm298b.exe MD5: 1f1a3379c2d537de505a1d7aff23314c Size: 304.34 KB (304344 bytes) Detections: 45 Type: Executable File Path: C:\Documents and Settings\<username>\Datos de programa\OpenCandy\B455C68E27A24DDE94D3109FC67851B8\dlm298b.exe Group: Malware file Last Updated: March 15, 2022
17.	dlm299c.exe	4fceec07402f09783f2701bcc5f721bb	43
Name: dlm299c.exe MD5: 4fceec07402f09783f2701bcc5f721bb Size: 304.34 KB (304344 bytes) Detections: 43 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\OpenCandy\91CDBF321C14497EA19D4D7D1D68C567\dlm299c.exe Group: Malware file Last Updated: July 3, 2021
18.	dlm313i.exe	424f1ab2618e433f700d3264a34be463	39
Name: dlm313i.exe MD5: 424f1ab2618e433f700d3264a34be463 Size: 307.67 KB (307672 bytes) Detections: 39 Type: Executable File Path: C:\Windows.old.000\Users\<username>\AppData\Roaming\OpenCandy\OpenCandy_FE3E356FB1D7466C904E79FBBBAD647A\dlm313i.exe Group: Malware file Last Updated: September 30, 2024
19.	OCBrowserHelper_1.0.3.81.dll	c36aec05cb73f25a36ac1755fea9edd7	35
Name: OCBrowserHelper_1.0.3.81.dll MD5: c36aec05cb73f25a36ac1755fea9edd7 Size: 429.89 KB (429896 bytes) Detections: 35 Type: Dynamic link library Path: F:\Users\<username>\AppData\Roaming\OpenCandy\A31C6DC87F954739B68DD48A235BA987\OCBrowserHelper_1.0.3.81.dll Group: Malware file Last Updated: March 31, 2025
20.	dlm309a.exe	2de9a2162ec37ea6f1eaaaca7a67f89c	29
Name: dlm309a.exe MD5: 2de9a2162ec37ea6f1eaaaca7a67f89c Size: 307.68 KB (307680 bytes) Detections: 29 Type: Executable File Path: %APPDATA%\OpenCandy\1D9E685F7E5640CDB30861875B26A370 Group: Malware file Last Updated: January 8, 2024
21.	dlm309e.exe#E78C44F675EEB862	eaa0b6db9be4ae8283f81a030a512cca	27
Name: dlm309e.exe#E78C44F675EEB862 MD5: eaa0b6db9be4ae8283f81a030a512cca Size: 307.68 KB (307680 bytes) Detections: 27 Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\v1\20190108.160741\35\RHEng\6FC7401FB23247B09786481CB58ED343\dlm309e.exe#E78C44F675EEB862 Group: Malware file Last Updated: September 29, 2024
22.	dlm312g.exe	31603f2b9d8ced835f1950b09530b2a1	18
Name: dlm312g.exe MD5: 31603f2b9d8ced835f1950b09530b2a1 Size: 307.67 KB (307672 bytes) Detections: 18 Type: Executable File Path: %APPDATA%\OpenCandy\2C01B39B818D47049EDCD5BDD4ED7032 Group: Malware file Last Updated: May 15, 2020
23.	OCBrowserHelper_1.0.2.66.dll	f950ea5b529181901a2238c2288f77ef	16
Name: OCBrowserHelper_1.0.2.66.dll MD5: f950ea5b529181901a2238c2288f77ef Size: 834.88 KB (834888 bytes) Detections: 16 Type: Dynamic link library Path: C:\Users\<username>\AppData\Roaming\OpenCandy\OpenCandy_4DC5E886E71D4E2FACBFBD7E8070DCAB\OCBrowserHelper_1.0.2.66.dll Group: Malware file Last Updated: April 28, 2023
24.	OCBrowserHelper_1.0.6.125.exe	3d87c21434fad47f90f5740f40c676f7	4
Name: OCBrowserHelper_1.0.6.125.exe MD5: 3d87c21434fad47f90f5740f40c676f7 Size: 433.44 KB (433448 bytes) Detections: 4 Type: Executable File Path: %APPDATA%\OpenCandy\BE4583E3055A4A43B8ECAB44ED3A4D71 Group: Malware file Last Updated: March 25, 2016
25.	dh.exe	1f1113d526eea3af882e4dc2d0bb0349	4
Name: dh.exe MD5: 1f1113d526eea3af882e4dc2d0bb0349 Size: 199.64 KB (199648 bytes) Detections: 4 Type: Executable File Path: %APPDATA%\OpenCandy\3482529A2F82476683B5B79EFB337FC9 Group: Malware file Last Updated: August 19, 2020
26.	dlm.exe	76548fe2316590f800d0dcee025a1883	2
Name: dlm.exe MD5: 76548fe2316590f800d0dcee025a1883 Size: 306.44 KB (306440 bytes) Detections: 2 Type: Executable File Path: %APPDATA%\OpenCandy\42DF308604A84DFE8245CA9B31E6D5F5 Group: Malware file Last Updated: April 22, 2020
27.	vnod9r9rxxwd.exe	6152ac8ddb5f939daba1c9a42b6095ff	2
Name: vnod9r9rxxwd.exe MD5: 6152ac8ddb5f939daba1c9a42b6095ff Size: 260.68 KB (260683 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES(x86)%\Hblqdk6z\vnod9r9rxxwd.exe Group: Malware file Last Updated: June 26, 2020
28.	LatestDLMgr.exe	41c19d74296b30cdeda698c5de6495c0	1
Name: LatestDLMgr.exe MD5: 41c19d74296b30cdeda698c5de6495c0 Size: 302.88 KB (302888 bytes) Detections: 1 Type: Executable File Path: %APPDATA% Group: Malware file Last Updated: March 25, 2016

More files

Directories

Adware.OpenCandy may create the following directory or directories:

%APPDATA%\How Inc

%APPDATA%\RHEng

%APPDATA%\RPEng

%APPDATA%\RecLib

%APPDATA%\mp3rocket

%AppData%\OpenCandy

Analysis Report

General information

Family Name:	Adware.OpenCandy
Signature status:	No Signature

Known Samples

MD5: ab1815c68d4389f04b9b1efb74641017

SHA1: bb75610a8b2bd03f191e057361cf48379558fe48

File Size: 1.77 MB, 1768983 bytes

MD5: ebd667b59218f69c00881512687a2630

SHA1: 5da5d479ab4ec354a67f568d382419fb642b0db6

File Size: 428.12 KB, 428120 bytes

MD5: 7492504a9b2d9521ea4af9b69224f5c5

SHA1: 868405ce77aeb32559c02d292ea2a42c8aac3aa5

File Size: 79.87 KB, 79872 bytes

MD5: caf0b8fa02ea790884ca1344412ad4d7

SHA1: 6a00e391f6ff7be667733bf18ae14deb2b08b9c4

SHA256: 68B7B329D811A295542D0D5A9A38BA17B9CA52C01DEF6397C7B1AEED0E5EF2C2

File Size: 343.77 KB, 343774 bytes

MD5: 08d1ba204600210cf6a6cc1775700c8b

SHA1: 9d323ab3b1ec55d78c68e22e08c794c2e8c3e00f

SHA256: E9941A15FCC342E349E9FAF13FBB908B0009F240F07FF70C0FEFE9F3479F04D1

File Size: 218.74 KB, 218736 bytes

MD5: dbddef5c48befec77b5147d6c3c6fa5a

SHA1: f4af0a4e249e4c64d1a2a8a367cd5ae756d15c68

SHA256: 1204B71CB9AAC46A6F0210BC701936D95E94AA2131E5A5C1AFA1957FADA50A0F

File Size: 344.15 KB, 344151 bytes

MD5: cf81db3373b19ef9a379717c6406432b

SHA1: 586b495976356bce6bd81a8b166bfe9a03b1bfbb

SHA256: 929036669A1E666920772FC40B1290215C53B6D78C18082D29EB4BC25B11C7A9

File Size: 715.78 KB, 715776 bytes

MD5: ca34909d70a168bd7d03d9f33ddf5e4f

SHA1: 68b70b8c19d00e51a8b2e11781aae78ad004fa7c

SHA256: ED4E2CA44420B7FDC84F4762BACD113D70A011E58B42AF0F15A3365D8DDC2579

File Size: 57.12 KB, 57115 bytes

MD5: 27fca95621091f4e1881eff2e1a474e9

SHA1: 961cb4002386f5c11bfda79ad604dd9a873105a9

SHA256: B99F051F9E6D6833C5D762E44CD832097526CA67DB29FFF8BCBF638D61D8877A

File Size: 343.77 KB, 343768 bytes

MD5: d5442d83e76ffb631766a7d8b55f0f6d

SHA1: 93e1ecfab9636fa7e158dff88ffb77a2202c53a4

SHA256: AFF066AA4787CCEA75EDA0C5758F5581B2901EF11960F96EEC380758A18C882E

File Size: 451.37 KB, 451368 bytes

MD5: 23db01934dbe3b0541d5142399c137f9

SHA1: 2bad5fbb32881a6243f3cd9cf82e5beb07b16eab

SHA256: A8482522B9A87CC9AEFADAF10029CFF7EE76AB5CA9649207EC27306651843687

File Size: 343.55 KB, 343547 bytes

MD5: 41f3d966dbcd8a4de531ec7cf9caa8c2

SHA1: 58cc8319aa301e9466fa79be6794868c35c8b2a4

SHA256: 67DB5ACCDAD783B684083755BFF1F30A0860B34539EE3336628ECB3C78F77A1C

File Size: 9.00 MB, 8999120 bytes

MD5: 460bd2a6f704f31793dd8f1eb2a2617d

SHA1: eead97d0a8327958d589846a3d7f527718b70b3f

SHA256: 454C6F9FFE804221A7052E52D51A5A87C36B2C792E8D95660DCE03F8464522C6

File Size: 8.36 MB, 8364864 bytes

MD5: 55026f9e2abf4e179fe70775ceb2d0b6

SHA1: 7ce13009240cd4a5fad97c97e9b2daab1f289a25

SHA256: C1795C76824219E8611F700D1FF49E5D77E23B69A98A3E7A591FB300A8C09CC7

File Size: 1.37 MB, 1368056 bytes

MD5: f8aaac0457deae07eeaceff39188e705

SHA1: 5f3335f3c74f5f3d3db546c15f71bd22f892c371

SHA256: D4DD91E3ED363A0C8F826F20BD44270CAC2B122D6C92DE7A08AA4E76592C2506

File Size: 55.64 KB, 55644 bytes

MD5: a9a083c4d83e0064d2c4d14786887bab

SHA1: 965bebdde786d3254a643f830a18fb393391f466

SHA256: B290ACF2AA947E81E920F8C053F81F6EE1505208C604F7AF5BF7C2FCF2C96115

File Size: 7.96 MB, 7957272 bytes

MD5: e613c71d7d685ede66b6751d58d6f97d

SHA1: 2d33a816d90573ad378c0043a5e59c1a898475a8

SHA256: 1798F44CA1C842B9C4E4E66DE33A2EEF5C255DE2998E788F58380E18A521715C

File Size: 1.13 MB, 1126912 bytes

MD5: f25f6c92023f0477b8cedb8ad6179e7e

SHA1: 16da7015fb17552771cab85680d0ed12a7dce823

SHA256: C0CB966DCEB2C998C72A3FAA859EEC7EADF3BEC22CA1BF18810473687DD490C1

File Size: 235.00 KB, 234995 bytes

MD5: 4c7767875a9c32762e9a2888468eecaa

SHA1: f1635c069e9f0edc22f934f0883e53b363547d2d

SHA256: 672869C95D1B3BEC8AE7B86AD024F223FC25F8F70D79BF1EB060CF57CF278D7A

File Size: 1.39 MB, 1389408 bytes

MD5: 17e7b7a0ddd12a69a32cf504be7dc898

SHA1: 7cf15072cc2140c9a98da5b7d926693c620e5b48

SHA256: F14ED33E1C84D447144E1AEB8318CE025DB782AE7256BEA640AF153B2121A59D

File Size: 1.02 MB, 1023626 bytes

MD5: dea2ce893f51416aca909fb9273adbc0

SHA1: 9eb7ce9430898174736a430baa48bc0888e7b34c

SHA256: 5D617609E074A49F1B4040852507B89BE567B5FD7DA813F0B7E6FC14DF6422E0

File Size: 1.78 MB, 1775968 bytes

MD5: 0252f9e72c79617c65c3c5782f67101b

SHA1: 7ace4aa37242d1dd4dc9916beb256e77fbc8da35

SHA256: 77EBD50DA6314EA30FEC5C840977251E541BAAB9C145051ED9AF195E8FBBF0A6

File Size: 357.80 KB, 357800 bytes

MD5: 74b84e83c229b56378c59390f4b24a89

SHA1: 2f2d56162e7a3042b96bccb298eed85b0a84556b

SHA256: E6A0D5C6AA1BC2EBB194F5471A7529CD460165EED95B328B6AA29D0636C07696

File Size: 7.46 MB, 7458096 bytes

MD5: b86fed68e35e4a84aa17563f861fd278

SHA1: 9df328bd65180f9b6953a95004ac66dd70679868

SHA256: 8BE5019A281B5B3314F83BF002FC1ADBE0957495AE45AE3062F892AA78D239B6

File Size: 456.55 KB, 456549 bytes

MD5: db2277fdcc3ea39d0e7ad101b8f58972

SHA1: 88bb024af5d1654677985d24ddba4f004aaacbc8

SHA256: 63CC102D4AFC4E434B1C1D581C707456D9A2528F5FAE8F4D5B3F1D7FDD5DE97C

File Size: 133.85 KB, 133848 bytes

MD5: fdacfc04097bfac2b97a2fec70f268f1

SHA1: 2f6b1a1be8d0b2e6e3a8d44f95a10c6dceb29ec9

SHA256: 3989A32D0D06A26AE26967DDA39D43636F6FA5CD8C539125396F8CA97F56C577

File Size: 1.01 MB, 1012680 bytes

MD5: cae4527195725df845435b5a20760b56

SHA1: 3c9a7840794037c913ee61129cff859e90a77e93

SHA256: 886610208124B7922FB84886B2ADA351AD7F263955590C1EDD179F9AC17EC6D7

File Size: 234.98 KB, 234984 bytes

MD5: a39dfdc1e876c54134199844ef103f1e

SHA1: 4d9f408da23e89cb4c8701e63899cd957a712df1

SHA256: 76E2A8C8177135A21B9AEF15408C60AC8E56E37729AFC5D2C1D6E67D210D1C3D

File Size: 1.01 MB, 1012488 bytes

MD5: a76f1f79f9a00e0f089317049ea6b860

SHA1: 42a21c54bf059221d7d616b0c05332135e051162

SHA256: 1F006D9026AB3D82FC1FB2F2C08FD0EA1C607588644F654670284E3EFD229ED5

File Size: 387.87 KB, 387866 bytes

MD5: 9d49965598cd36c8248c840b1d3ee53b

SHA1: b7ccc75eb013689bd64aa8756d557348999f5bd1

SHA256: 8C04CE96B4CAADC9640063797AEBCE7481D4E3919A0B61C9A8285FA0B896C9CF

File Size: 55.61 KB, 55606 bytes

MD5: dd80a9f26221f32d90330142fd2f9807

SHA1: 6968e80656fd05ea0670387a464353c3eec85916

SHA256: E19E244997D2F24A2DB42D657802C94955AE79FF3E5D11F1DA6D74F75E1C7FB6

File Size: 343.71 KB, 343711 bytes

MD5: 372a994bc2b680bc838501487b9ec2f7

SHA1: bd593d623c0838c5bd0c5b48dcdf5edf95376781

SHA256: 5003F8F634D3A17A279DC9EDAEE5E46213883E033C478FF45E0C6A39FEE382F9

File Size: 1.26 MB, 1260144 bytes

MD5: bd300f6de223304498d9d2e6edaa7653

SHA1: 675c58076e34d568c63278d10c8e02ebb5e4cc83

SHA256: 3F4FD8553EC580FD5D4F66FB94CB31BB9897CE0DB92AE994164E3804C939AE7A

File Size: 4.75 MB, 4746360 bytes

MD5: 576e5167cc39a08dba048c958e3dda66

SHA1: 2198e0f1d64205c9f787592534a30ee6326c413e

SHA256: B78FECD3E7E8D7CFE68BF6D263BDA85EF71D9FB15FB03074F4F006EE3D8ADC65

File Size: 343.55 KB, 343554 bytes

MD5: 52a02a2b6b9180e77954b844a7dcad8d

SHA1: 26ce033ace3d46e338ffce79fea67c9a7ea8e5e0

SHA256: 3255EB333B6FAC2B5F25CDE51898D7D7089DF2E0A2ECCA755D11FFF2DA16B71E

File Size: 4.55 MB, 4551944 bytes

MD5: ef89f5fbfa198f154ba1295f1eef2d0a

SHA1: 15ea03acc4c9f25707ec1afe941602f5a7d8ae4b

SHA256: FA90B1BCFC62DDA03A02C1723E469CBF8F25B7622B59D6F97B458ADFDC5E7D0D

File Size: 1.27 MB, 1266288 bytes

MD5: 2c52d9f7749e09c69123a3ed77b6a642

SHA1: e7f70612c0397004586aafe1897f8a96feb8ece8

SHA256: 218ADC0B411115AB1D44A50300EB500B67DE911BEF75CCA0DD475CA894F99E58

File Size: 342.00 KB, 341997 bytes

MD5: 7f34579166b0b47f196270a9cdf6d10b

SHA1: 0c38b098d6649d2d02d383bf93bc1cd3d2101678

SHA256: 4BA342A73389F92358B31DFDC2BDF12C26196C32C89E8A8A53F42E674C63A787

File Size: 343.75 KB, 343751 bytes

MD5: aa199f77d295383639c252de050fd5bc

SHA1: cbcef247e8c17a558c2d7a5d130b73155862fd1c

SHA256: B2A1C186385906FBD9E583F40F30AF1E1CFD6A70C70286A3855209E4975E8DEB

File Size: 343.78 KB, 343777 bytes

MD5: e6c01572d35ca32b9c699280b7a336eb

SHA1: e4e983bf29aed9643f7e6a901fb47867ed76bcc3

SHA256: 200AF419FF148953D301CC57D9208938566387B0016A01628A94B7B70B27F8C7

File Size: 7.06 MB, 7058144 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application

File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

63 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Browser	Firefox
Comments	Application download and setup manager This installation was built with Inno Setup. Visit http://www.winamp.com/ for updates.
Company Name	BitTorrent Inc. Burnaware Connectify Ellora Assets Corporation Mediatronic Pty Ltd mIRC Co. Ltd. Mixbyte Inc. Nullsoft, Inc. OpenCandy, Inc OpenCandy, Inc. Show More Winamp SA
File Description	BitTorrent BurnAware Free Installation Connectify DLMgr Application Freemake Video Converter Setup mIRC Setup/Uninstall SPlayer Installer TryIt Installer Winamp Installer Show More WinDjView µTorrent 射手影音播放器安装文件
File Version	51.1052.0.0 8.8.0.0 7.15 7.8.2.30265 7.3.2.30404 5.92.0.10042 5.7.0.3416 5.6.6.3507 5.6.5.3438 5.6.4.3418 Show More 5.6.3.3235 5.6.2.3199 5.6.2.3173 5.6.2.3161 5.6.1.3133 5.5.8.2985 4.1.11.49 4.1.10.8 4.1.10.3 3.6.0.1721 3.4.2.34727 1.00 1.0.12.6 1.0.0.163 1.0.0.0
Internal Name	mIRC
Internal Name	BitTorrent.exe DLMgr SPlayerSetup.exe TJprojMain TryIt Installer uTorrent.exe
Legal Copyright	(C)2013-14 Mediatronic Pty Ltd Copyright (C) 2008 Copyright (c) 2008 - 2014 OpenCandy, Inc. Copyright © 1995-2010 mIRC Co. Ltd. Copyright © 1997-2010, Nullsoft, Inc. Copyright © 1997-2011, Nullsoft, Inc. Copyright © 1997-2012, Nullsoft, Inc. Copyright © 1997-2013, Nullsoft, Inc. Copyright © 1997-2023 Winamp SA Copyright © 2016 Burnaware. Show More Sagittarius Technology Co. Ltd. splayer.org ©2013 BitTorrent, Inc. All Rights Reserved. ©2014 BitTorrent, Inc. All Rights Reserved. © 2014 Connectify
Legal Trademarks	MediaCoder mIRC® is a Registered Trademark of mIRC Co. Ltd. Nullsoft and Winamp are trademarks of Nullsoft, Inc. Nullsoft and Winamp are trademarks of Winamp SA
Original File Name	mirc715.exe
Original Filename	BitTorrent.exe DLMgr.exe TJprojMain.exe TryItInstaller.exe uTorrent.exe
Product Name	BitTorrent BurnAware Free Connectify DLMgr Application Freemake Video Converter MediaCoder Installer mIRC Project1 SPlayer TryIt Installer Show More Winamp Installer WinDjView µTorrent 射手影音播放器
Product Version	8.8.0.0 7.15 7.8.2.30265 7.3.2.30404 5.92.0 Build 10042 5.70 Build 3416 5.66 Build 3507 5.65 Build 3438 5.64 Build 3418 5.63 Build 3235 Show More 5.62 Build 3199 5.62 Build 3173 5.62 Build 3161 5.61 Build 3133 5.58 Build 2985 4.1.11 4.1.10 3.4.2.34727 1.00 1.0.0.163 1.0.0.1
Segment	GTR
Special Build	full full Beta full bundle lite stable34 stable

Digital Signatures

Signer	Root	Status
Nullsoft Inc.	AOL Member CA	Self Signed
Bonjoy Software	COMODO RSA Certification Authority	Root Not Trusted
Burnaware	COMODO RSA Code Signing CA	Self Signed
Ellora Assets Corp	GlobalSign CodeSigning CA - SHA256 - G3	Self Signed
Mixbyte Inc	GlobalSign Extended Validation CodeSigning CA - SHA256 - G3	Hash Mismatch

Sagittarius Technology Co.Ltd	Sagittarius Technology Co.Ltd	Self Signed
RICH MEDIA SYSTEMS INC.	Symantec Class 3 SHA256 Code Signing CA	Self Signed
RealNetworks, Inc.	Thawte Code Signing CA - G2	Self Signed
mIRC Co. Ltd.	Thawte Code Signing CA - G2	Self Signed
The Scone Company, LLC	The Scone Company, LLC	Self Signed
Soft Integrator Ltd.	UTN-USERFirst-Object	Root Not Trusted
BitTorrent Inc	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
Connectify	VeriSign Class 3 Code Signing 2010 CA	Self Signed
OpenCandy Inc.	VeriSign Class 3 Code Signing 2010 CA	Self Signed

File Traits

.UPX
2+ executable sections
big overlay
HighEntropy
Installer Version
packed
upx
UPX!
x86

Block Information

Similar Families

Dropper.Delf.CD
OpenCandy
OpenSUpdater.GF

Files Modified

File	Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Attributes
c:\sandbox_live\injected-win32.dll	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.dat	Synchronize,Write Data
c:\sandbox_live\injected-win32.dll.tmp	Generic Write,Read Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Attributes
c:\sandbox_live\shsandbox32.exe	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.dat	Synchronize,Write Data
c:\sandbox_live\shsandbox32.exe.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\092edccd_rar\42a21c54bf059221d7d616b0c05332135e051162_0000387866	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\092edccd_rar\42a21c54bf059221d7d616b0c05332135e051162_0000387866	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\092ede82_rar\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\092ede82_rar\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\connectify\c\analytics.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectify.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectify.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifyd.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifyd.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifygopher.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifygopher.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifynat.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifynat.l4c	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifynetservices.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifyservice.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifyshutdown.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifystartup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifystartup.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifysupportcenter.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\connectifysupportcenter.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\cookcomputing.xmlrpcserverv2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\cookcomputing.xmlrpcv2.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\credits.html	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\dispatchui.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\dispatchui.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\driverswitcher.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\globalatomtable.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\hardwarehelperlib.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\libdispatch.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\connectify\c\nativelibrary.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1am4f.tmp\4d9f408da23e89cb4c8701e63899cd957a712df1_0001012488.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-1bngb.tmp\speedupmypcru.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-22ghn.tmp\7cf15072cc2140c9a98da5b7d926693c620e5b48_0001023626.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-46gr6.tmp\2f6b1a1be8d0b2e6e3a8d44f95a10c6dceb29ec9_0001012680.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-a67ol.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-a67ol.tmp\_isetup\_shfoldr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-a67ol.tmp\installerextensions.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-a67ol.tmp\notcertified.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-h07st.tmp\965bebdde786d3254a643f830a18fb393391f466_0007957272.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa3ee4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsa61b2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsbd43f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsbfc79.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nscfcc9.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsd7a1.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd8537.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse47c4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf61d2.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf9691.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsfdea3.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg4c19.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsg4cf5.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5cf7.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsgbe16.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsgfbae.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsha719.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nshd549.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi544c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj7521.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nskc34f.tmp\button.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskc34f.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskc34f.tmp\ocsetuphlp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskc34f.tmp\skinnedbutton.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskc34f.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl54eb.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsm3eb2.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsmbf21.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsmfa1d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsmfaf8.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsn3f9e.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn54aa.tmp\md5dll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn54aa.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn54aa.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn54aa.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn54aa.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn7e0.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso5555.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso8613.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp489f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsp7542.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspdd0d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq3dbc.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq3ef5.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq4ce4.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq550b.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsqbe06.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr23d7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr23d8.tmp\iospecial.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsr23d8.tmp\iospecial.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr23d8.tmp\mirc.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr23d8.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr23d8.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr23d8.tmp\uac.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5c99.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr5f5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr6df.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr6e0.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu48bf.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsv59ab.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsv95b7.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsv96a2.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbced.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvc33f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvdeb4.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvdeb4.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvdeb4.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvdeb4.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvdeb4.tmp\nsis_chklist.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvdeb4.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw230c.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswbe27.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswbf10.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswd559.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx3f8d.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx697.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsxa72a.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa72a.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxfb38.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\modern-header.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\modern-wizard.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\modern-wizard.bmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\nsdialogs.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\ocsetuphlp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy4756.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsy8602.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsyc5a6.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsyc5a6.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyc5a6.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsz7447.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_83125	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_915093	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\bstrapinstall.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\bstrapinstall.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\gameinstaller.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\gameinstaller.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\gcapi_dll.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\gcapi_dll.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\gchrome.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\gchrome.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\gtapi_signed.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\gtapi_signed.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\gtbcom.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\gtbcom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\installerdlg.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\installerdlg.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\lua50.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\lua50.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\luacom.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\luacom.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\ocsetuphlp.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\ocsetuphlp.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\rainstallerpaths.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\rainstallerpaths.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\rasymccisglue.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\rasymccisglue.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\servertransaction.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\servertransaction.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\symccis.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\symccis.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\unrar.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\unrar.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\bin\unrar.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\bin\unrar.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\blank.html	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\blank.html	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\blob	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\blob	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\compat-5.1.lua	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\compat-5.1.lua	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\config.lua	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\config.lua	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\extensions	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallchrome.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallchrome.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallcomcastgamestoolbar.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallcomcastgamestoolbar.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallgoogletoolbar.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstallgoogletoolbar.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstalltwcdesktopweather.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\extensions\checkinstalltwcdesktopweather.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\installermain.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\installermain.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\mrclean.clf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\mrclean.clf	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\resources	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\resources\zylom	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\resources\zylom\back_z_syn_atr.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\resources\zylom\back_z_syn_atr.jpg	Synchronize,Write Attributes

83 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f67f4c79-31e0-4b8b-a631-c0d1d83b23b1}::uid	6B4E00D9-C4F6-4428-A909-0BD9F7F22E2D	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Sxtaepxd\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Sxtaepxd\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Sxtaepxd\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\software\classes\amibs.installer.1::	Installer Class	RegNtPreCreateKey
HKLM\software\classes\amibs.installer.1\clsid::	{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}	RegNtPreCreateKey
HKLM\software\classes\amibs.installer::	Installer Class	RegNtPreCreateKey
HKLM\software\classes\amibs.installer\curver::	AmiBs.Installer.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}::	Installer Class	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\progid::	AmiBs.Installer.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\versionindependentprogid::	AmiBs.Installer	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\localserver32::	"c:\users\user\downloads\setup__759.exe"	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\localserver32::serverexecutable	c:\users\user\downloads\setup__759.exe	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\typelib::	{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{a6feed89-3bcd-4d19-9dc2-3e613a80a2a4}\version::	1.0	RegNtPreCreateKey
HKLM\software\classes\typelib\{1c1356da-1e98-4810-a9f6-18d89bd1c0c0}\1.0::	InstallerLib	RegNtPreCreateKey
HKLM\software\classes\typelib\{1c1356da-1e98-4810-a9f6-18d89bd1c0c0}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{1c1356da-1e98-4810-a9f6-18d89bd1c0c0}\1.0\0\win32::	c:\users\user\downloads\setup__759.exe	RegNtPreCreateKey
HKLM\software\classes\typelib\{1c1356da-1e98-4810-a9f6-18d89bd1c0c0}\1.0\helpdir::	c:\users\user\downloads	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}::	IBoot	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\typelib::	{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}::	IBoot	RegNtPreCreateKey
HKLM\software\classes\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\typelib::	{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}	RegNtPreCreateKey
HKLM\software\classes\interface\{d54c859c-6066-4f31-8fe0-2aaedcae67d7}\typelib::version	1.0	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pevihdce\AppData\Local\Temp\nsyC5A6.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hmpsqvee\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hmpsqvee\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Hmpsqvee\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Rweidgbw\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Rweidgbw\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Rweidgbw\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cboutkla\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Cboutkla\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Cboutkla\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lguymdli\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Lguymdli\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Lguymdli\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Giflggxm\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Giflggxm\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Giflggxm\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::displayicon	\BitTorrent.exe,0	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::displayname	BitTorrent	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::displayversion	7.8.2.30265	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::uninstallstring	"\BitTorrent.exe" /UNINSTALL	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::installlocation		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::versionmajor		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::majorversion		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::versionminor		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::minorversion		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::nomodify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::norepair		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::urlinfoabout	http://www.bittorrent.com	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::publisher	BitTorrent Inc.	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\uninstall\bittorrent::helplink	http://www.bittorrent.com/btusers/guides	RegNtPreCreateKey
HKCU\falconbetaaccount::remote_access_client_id	gH4&	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Xpcibdqt\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Xpcibdqt\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Xpcibdqt\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKLM\software\classes\installerdlg.installdlgctl::	CInstallDlgCtl Object	RegNtPreCreateKey
HKLM\software\classes\installerdlg.installdlgctl\clsid::	{7B5C103F-DAAF-425E-B3A9-DEDE61F3A6F4}	RegNtPreCreateKey
HKLM\software\classes\installerdlg.installdlgctl\curver::	InstallerDlg.InstallDlgCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}::	CInstallDlgCtl Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}\progid::	InstallerDlg.InstallDlgCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}\versionindependentprogid::	InstallerDlg.InstallDlgCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{7b5c103f-daaf-425e-b3a9-dede61f3a6f4}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.shellctl.1::	CShellCtl Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.shellctl.1\clsid::	{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.shellctl::	CShellCtl Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.shellctl\clsid::	{80AB3FB6-9660-416C-BE8D-0E2E8AC3138B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.shellctl\curver::	StubbyUtil.ShellCtl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}::	CShellCtl Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}\progid::	StubbyUtil.ShellCtl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}\versionindependentprogid::	StubbyUtil.ShellCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{80ab3fb6-9660-416c-be8d-0e2e8ac3138b}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.processmgr.1::	CProcessMgr Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.processmgr.1\clsid::	{5818813E-D53D-47A5-ABBB-37E2A07056B5}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.processmgr::	CProcessMgr Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.processmgr\clsid::	{5818813E-D53D-47A5-ABBB-37E2A07056B5}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.processmgr\curver::	StubbyUtil.ProcessMgr.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}::	CProcessMgr Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}\progid::	StubbyUtil.ProcessMgr.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}\versionindependentprogid::	StubbyUtil.ProcessMgr	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{5818813e-d53d-47a5-abbb-37e2a07056b5}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\racinstaller.statectrl.1::	CSlideState Object	RegNtPreCreateKey
HKLM\software\classes\racinstaller.statectrl.1\clsid::	{C8F76629-E4F4-4646-AFC0-665082D167B1}	RegNtPreCreateKey
HKLM\software\classes\racinstaller.statectrl::	CSlideState Object	RegNtPreCreateKey
HKLM\software\classes\racinstaller.statectrl\clsid::	{C8F76629-E4F4-4646-AFC0-665082D167B1}	RegNtPreCreateKey
HKLM\software\classes\racinstaller.statectrl\curver::	RACInstaller.StateCtrl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}::	CSlideState Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}\progid::	RACInstaller.StateCtrl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}\versionindependentprogid::	RACInstaller.StateCtrl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c8f76629-e4f4-4646-afc0-665082d167b1}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.regaccess.1::	CRegAccess Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.regaccess.1\clsid::	{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.regaccess::	CRegAccess Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.regaccess\clsid::	{102A897A-FC92-4F8B-A7D5-7DE434FE7D3E}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.regaccess\curver::	StubbyUtil.RegAccess.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}::	CRegAccess Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}\progid::	StubbyUtil.RegAccess.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}\versionindependentprogid::	StubbyUtil.RegAccess	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{102a897a-fc92-4f8b-a7d5-7de434fe7d3e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.cookiectl.1::	CCookieCtl Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.cookiectl.1\clsid::	{748744E8-6812-4F07-9F57-5F40395BDE65}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.cookiectl::	CCookieCtl Object	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.cookiectl\clsid::	{748744E8-6812-4F07-9F57-5F40395BDE65}	RegNtPreCreateKey
HKLM\software\classes\stubbyutil.cookiectl\curver::	StubbyUtil.CookieCtl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}::	CCookieCtl Object	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}\progid::	StubbyUtil.CookieCtl.1	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}\versionindependentprogid::	StubbyUtil.CookieCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}\inprocserver32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}\inprocserver32::threadingmodel	both	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}::appid		RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{748744e8-6812-4f07-9f57-5f40395bde65}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\typelib\{12631f96-f37e-4975-81d5-16e871ee557b}\1.0::	InstallerDlg 1.0 Type Library	RegNtPreCreateKey
HKLM\software\classes\typelib\{12631f96-f37e-4975-81d5-16e871ee557b}\1.0\flags::	0	RegNtPreCreateKey
HKLM\software\classes\typelib\{12631f96-f37e-4975-81d5-16e871ee557b}\1.0\0\win32::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\InstallerDlg.dll	RegNtPreCreateKey
HKLM\software\classes\typelib\{12631f96-f37e-4975-81d5-16e871ee557b}\1.0\helpdir::	C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}::	IShellCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}::	IShellCtl	RegNtPreCreateKey
HKLM\software\classes\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{0d60a064-2009-4623-8fc1-f99cac01037e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{12de7cac-9f64-48fa-9526-212043df0aae}::	IInstallDlgCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{12de7cac-9f64-48fa-9526-212043df0aae}::	IInstallDlgCtl	RegNtPreCreateKey
HKLM\software\classes\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{12de7cac-9f64-48fa-9526-212043df0aae}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}::	_ISlideStateEvents	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\proxystubclsid32::	{00020420-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}::	_ISlideStateEvents	RegNtPreCreateKey
HKLM\software\classes\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\proxystubclsid32::	{00020420-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{48d11e12-e33e-40a7-a78d-2eafd88906dc}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}::	ISlideState	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}::	ISlideState	RegNtPreCreateKey
HKLM\software\classes\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{c7e480b1-78d1-4d43-8b94-0d32dd109899}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}::	_IProcessMgrEvents	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\proxystubclsid32::	{00020420-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}::	_IProcessMgrEvents	RegNtPreCreateKey
HKLM\software\classes\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\proxystubclsid32::	{00020420-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{d991aaa3-6ceb-47cd-9a34-08e0c9d0959e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{860450db-79c1-44e4-96e0-c89144e4b444}::	IProcessMgr	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{860450db-79c1-44e4-96e0-c89144e4b444}::	IProcessMgr	RegNtPreCreateKey
HKLM\software\classes\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{860450db-79c1-44e4-96e0-c89144e4b444}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}::	IRegAccess	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}::	IRegAccess	RegNtPreCreateKey
HKLM\software\classes\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\interface\{29f023b2-b05f-4613-a60f-2a0094df3017}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f5609bfb-ac99-4f0c-aa90-5ba58c1e382e}::	ICookieCtl	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f5609bfb-ac99-4f0c-aa90-5ba58c1e382e}\proxystubclsid32::	{00020424-0000-0000-C000-000000000046}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f5609bfb-ac99-4f0c-aa90-5ba58c1e382e}\typelib::	{12631F96-F37E-4975-81D5-16E871EE557B}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{f5609bfb-ac99-4f0c-aa90-5ba58c1e382e}\typelib::version	1.0	RegNtPreCreateKey
HKLM\software\classes\interface\{f5609bfb-ac99-4f0c-aa90-5ba58c1e382e}::	ICookieCtl	RegNtPreCreateKey

84 additional registry modifications are not displayed above.

Windows API Usage

Category	API
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Winhttp	WinHttpOpen
Network Winsock2	WSAStartup WSAttemptAutodialName
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetUserObjectInformation
Cert Store Read	CertOpenStore
Cert Store Write	CertAddCertificateContextToStore
Network Winsock	freeaddrinfo getaddrinfo
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen
Process Shell Execute	CreateProcess ShellExecuteEx
Network Info Queried	GetAdaptersAddresses
Keyboard Access	GetKeyState

Shell Command Execution


							RunDll32.exe "C:\Users\Vudjnrct\AppData\Local\Temp\nskC34F.tmp\OCSetupHlp.dll",_RLID994RecLib2@16 3564,E8826152A9824AA980E635BCEF40E5DC,DFC5B859BC2D4FF7B75E3C45D81F8E9B,9B00752B6EFF44238910796E20755E1F


							"C:\Users\Sxtaepxd\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							"c:\users\user\downloads\setup__759.exe" /t


							"c:\users\user\downloads\setup__759.exe" /S /x_t_b_home_page_search /x_t_b_donotrevert /xupdater /u http://www.bestofdownload.com/index.php /ta


							"C:\Users\Hmpsqvee\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Rweidgbw\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Cboutkla\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									RunDll32.exe "C:\Users\Dnbfcgkl\AppData\Local\Temp\nsy4756.tmp\OCSetupHlp.dll",_OCPRD737RunOpenCandyDLL@16 4620


									"C:\Users\Lguymdli\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"c:\Users\user\downloads\speedupmypcRU.exe" /verysilent /sp-


									"C:\Users\Jtgalbds\AppData\Local\Temp\is-1BNGB.tmp\speedupmypcRU.tmp" /SL5="$40040,785293,542208,c:\Users\user\downloads\speedupmypcRU.exe" /verysilent /sp-


									"C:\Users\Giflggxm\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Syppbkao\AppData\Local\Temp\is-H07ST.tmp\965bebdde786d3254a643f830a18fb393391f466_0007957272.tmp" /SL5="$30042,7389853,187904,c:\users\user\downloads\965bebdde786d3254a643f830a18fb393391f466_0007957272"


									"C:\Users\Xpcibdqt\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									(NULL) C:\Users\Jtjobrsz\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe


									C:\WINDOWS\system32\regsvr32 /s .\bin\InstallerDlg.dll


									.\bin\gameinstaller.exe installerMain.clf


									"C:\Users\Rzivkuay\AppData\Local\Temp\is-22GHN.tmp\7cf15072cc2140c9a98da5b7d926693c620e5b48_0001023626.tmp" /SL5="$501E4,492651,402432,c:\users\user\downloads\7cf15072cc2140c9a98da5b7d926693c620e5b48_0001023626"


									(NULL) C:\Users\Nmpapuyj\AppData\Local\Temp\RarSFX0\bin\bstrapInstall.exe


									"C:\Users\Aywgmzyn\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Wxjdyluq\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Grsjxspe\AppData\Local\Temp\is-46GR6.tmp\2f6b1a1be8d0b2e6e3a8d44f95a10c6dceb29ec9_0001012680.tmp" /SL5="$5020E,492681,402432,c:\users\user\downloads\2f6b1a1be8d0b2e6e3a8d44f95a10c6dceb29ec9_0001012680"


									"C:\Users\Rwwvlzbe\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Krbjokdz\AppData\Local\Temp\is-1AM4F.tmp\4d9f408da23e89cb4c8701e63899cd957a712df1_0001012488.tmp" /SL5="$9030E,492643,402432,c:\users\user\downloads\4d9f408da23e89cb4c8701e63899cd957a712df1_0001012488"


									"C:\Users\Mgikgfde\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									"C:\Users\Aqzoxmia\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Zvwigjez\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Gndweisa\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Sdxophsc\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Srscpgpq\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Eaxhqfbs\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\

Adware.OpenCandy

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Adware.OpenCandy

File System Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed