Cotação de desconto para licenças múltiplas

Mudar de região

English Português
Banco de Dados de Ameaças Malware para Mac CrossRider

CrossRider

Por CagedTech em Malware para Mac, Programas potencialmente indesejados
Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank: 1,010
Nível da Ameaça: 10 % (Normal)
Computadores infectados: 702,633
Visto pela Primeira Vez: August 14, 2013
Visto pela Última Vez: February 2, 2026
SO (s) Afetados: Windows

O CrossRider Web Apps é um Programa Potencialmente Indesejado (PUP) que deve ser excluído o mais rápido possível com a colaboração de um forte programa de segurança. Os analistas de malware ouviram usuários de PC que relatam que seus programas de segurança detectaram o CrossRider e indicaram que o CrossRider pode ser problemático. Os PCs afetados pelo CrossRider Web Apps podem ficar mais lentos, travar, congelar e apresentar outros sintomas. Os usuários de computador também podem observar que seu navegador da Web se comporta de maneira anormal e que componentes não reconhecidos estão presentes em seus computadores. Analistas de segurança de PCs observaram que o CrossRider pode interferir com outros complementos de navegador da Web em um computador afetado. Também é notável que o CrossRider possa ser difícil de remover. Os usuários de computador que tentam remover o CrossRider podem encontrar dificuldades se tentarem remover o CrossRider, pois removeriam qualquer outra extensão do navegador da Web. A remoção do CrossRider pode exigir medidas especiais e o uso de um programa de segurança totalmente atualizado.

O CrossRider e os Complementos Problemáticos para os Navegadores da Web Similares

Os filhotes podem não ser tão destrutivos ou graves quanto as ameaças. No entanto, a maioria dos PUPs (incluindo o CrossRider) pode causar sintomas mais associados a ameaças. Por exemplo, o CrossRider pode causar anúncios pop-up, redirecionamentos do navegador da Web e problemas de desempenho nos computadores que o CrossRider afeta. Há muitas maneiras pelas quais os filhotes podem se espalhar, incluindo métodos típicos de distribuição de ameaças. No entanto, a principal maneira pela qual os PUPs como o CrossRider são distribuídos é agrupando-os com outro software. Na maioria dos casos, o CrossRider é fornecido com freeware ou shareware de fontes questionáveis, mas, em alguns casos, o CrossRider pode ser fornecido junto com o software legítimo instalado em um instalador ou fonte diferente.

Problemas Associados ao CrossRider e Outros PUPs

Assim que o CrossRider estiver instalado, o CrossRider poderá fazer alterações nas configurações do seu navegador da Web. Analistas de segurança de PCs observaram que o CrossRider pode causar problemas de desempenho, como travar, desacelerar ou congelar o navegador infectado. PUPs como o CrossRider também podem impedir que outros add-ons instalados no computador afetado funcionem corretamente. Os pesquisadores de malware observaram que o CrossRider pode ser empacotado junto com vários outros filhotes de cachorro que, quando reunidos, podem sobrecarregar bastante os recursos do seu computador. Por esses motivos, os analistas de segurança de PCs recomendam fortemente lidar com o CrossRider e filhotes semelhantes o mais rápido possível.

Como Lidar com o CrossRider

Se o CrossRider estiver instalado no seu computador, os analistas de malware recomendam o uso de um programa de segurança conhecido totalmente atualizado e capaz de remover PUPs. Em muitos casos, o software de segurança pode ser incapaz de detectar PUPs, pois esses programas podem ser direcionados a ameaças mais graves, como worms, cavalos de Troia, vírus e rootkits. Isso significa que muitos desenvolvedores de ameaças aumentaram seus esforços na produção de filhotes como o CrossRider, em vez de infecções por ameaças. Isso pode resultar em lucros substanciais com táticas de publicidade e marketing de afiliados. Na maioria dos casos, os usuários de computador podem achar difícil remover o CrossRider usando o gerenciador de extensão ou complemento do navegador da Web - no entanto, o CrossRider e os PUPs similares podem ser removidos usando a opção Adicionar e remover programas no Painel de controle do Windows. Mas, mesmo após a remoção do CrossRider, pode ser necessário desfazer as alterações indesejadas feitas pelo CrossRider nas configurações do navegador da Web. Por exemplo, os usuários de PC podem ser obrigados a reverter manualmente seu mecanismo de pesquisa e página inicial padrão para o CrossRider. Após a remoção do CrossRider, os analistas de segurança do PC recomendam o uso de um forte programa antimalware totalmente atualizado para executar uma verificação completa do computador afetado. Esta etapa é crucial para garantir que o CrossRider não permita que outros PUPs ou formas mais graves de ameaças entrem e afetem o computador da vítima.

Embora uma parte significativa dos computadores infectados pelo CrossRider esteja sendo executada no Windows, é importante observar que o adware possui uma versão separada para os dispositivos Mac. A versão para o Mac cumpre o mesmo objetivo, mas possui alguns recursos extras que são utilizados para explorar os recursos de segurança do OSX. Essa família de adware também é conhecida sob os pseudônimos Crossrider e SurfBuyer. No entanto, além de servir como adware, o aplicativo CrossRider também pode exibir comportamentos mais suspeitos. A ferramenta CrossRider é capaz de gerar um falso lembrete de login. Os operadores do aplicativo CrossRider usarão esse recurso para coletar as credenciais de login do usuário. Felizmente, os autores da ferramenta CrossRider não usam as credenciais coletadas para realizar uma operação insegura. No entanto, eles utilizam as credenciais coletadas para plantar componentes adicionais no Mac do usuário sem o conhecimento ou consentimento dele. Esse não é um comportamento normal do qual qualquer aplicativo genuíno participaria. No entanto, o adware pode ser modificado para injetar cargas prejudiciais no sistema comprometido, o que o tornará muito mais ameaçador.

Os usuários cujo sistema esteja executando o OSX 10.11 ou superior terão o aplicativo CrossRider exibindo o lembrete de login fraudulento que mencionamos para reunir as suas credenciais de administrador e, em seguida, plantar novos componentes no seu computador. Segundo relatos, entre esses novos componentes está uma cópia falsa do navegador Safari, com diversos add-ons instalados. As extensões de navegador em questão servem para gerar anúncios sempre que o usuário está navegando na Web. Para evitar levantar suspeitas, a variante falsa do navegador Safari substituirá a versão original em todos os menus do sistema. No entanto, os usuários que executam versões do OSX anteriores à 10.10 não verão o lembrete falso. Em vez de gerar o lembrete falso, o aplicativo CrossRider executará um script chamado 'install.sh'. Este script serve para modificar as extensões ativas presentes nos navegadores Safari e Google Chrome. O programa CrossRider fará isso em segundo plano para evitar o alerta. O aplicativo CrossRider pode acabar coletando informações do computador infectado, tais como endereço de IP, versão do SO, versão do navegador da Web, nome de usuário e a lista de aplicativos presentes no Mac do usuário. O programa CrossRider também pode detectar a versão das ferramentas de segurança no Mac.

O aplicativo CrossRider claramente não é apenas um adware comum. Verifique se o seu Mac está protegido por uma ferramenta anti-vírus respeitável que manterá a sua máquina e seus dados em segurança.

Outros Nomes

15 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor Detecção
AVG Crossrider.WFB
Panda Trj/Genetic.gen
Antiy-AVL Trojan[Downloader:HEUR]/Win32.AGeneric
Fortinet W32/AppRider.CT
McAfee-GW-Edition BehavesLike.Win32.ShopperPro.th
Sophos AppRider (PUA)
Kaspersky not-a-virus:HEUR:AdWare.Win32.CrossRider.gen
ClamAV Win.Trojan.Troldesh-2
Symantec Trojan.Gen.2
F-Prot W32/S-d60a457c!Eldorado
McAfee Artemis!DC24DF79A82D
Fortinet Riskware/CrossRider
McAfee Artemis!7016A5D74459
AhnLab-V3 PUP/Win32.CrossRider
F-Secure Gen:Variant.Adware.Mikey

SpyHunter detecta e remove CrossRider

Detalhes Sobre os Arquivos do Sistema

CrossRider pode criar o(s) seguinte(s) arquivo(s):
Expandir todos | Recolher todos
# Nome do arquivo MD5 Detecções
1. DCytaiesmt_smtyc_setup.exe ea0ca98847dc1a403ffec3be116e8b2f 3,135
2. 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe 4b9ec41cadd5b9b6def12fbdeb4cb95a 1,579
3. 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe fafb2ae235f914d74044af7aa31831f4 1,392
4. cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe eadc29cedbb6bf00e84ae866c637f9bf 776
5. w3NjmMN5jwhw9pYvby.exe 3a1d89b89c9d62951957f0839578dd9b 773
6. 4fa2116b-e112-49ed-9d9c-a5989d8ac246-1-6.exe 79d5efe13857da28a0f4ec1738ed002c 642
7. cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-7.exe 40980117fd3fd681dc6306816eba07db 612
8. 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-5.exe 7bf342d7a2fe1f5a1cc03a87e8606f62 538
9. 2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe 3f52805670502af0b57a04d1dc9eefc8 534
10. 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe 202d0e52dcc36fba2ff8c73d10218c49 532
11. 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-10.exe 556bf18a659978b748cb5a3404ccac41 505
12. WMo6KeWiTVRt1VLTZ5v.exe 1bcc1f03714c5734db3e02eaca0e07e6 466
13. c4YZaBBAZ8u5FRuWDcsj.exe ab6818a7ff17230a6e5119f6cdd1f85b 333
14. j2soiQ34cnwW0 fe8abceb645d8571b81c599d18846ae3 316
15. shopperamaisdabest_helper_service.exe 7057bd7392002f0522aec901d92bcb3d 307
16. 9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe 69d16d185e7d0abfa4782c37ee51dfbc 199
17. 9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe 6a332a302128ad2952bcf760dd0fde8f 193
18. 31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe 2eaada9912138acd7374b8d549cdf295 79
19. ff8b367c-d6dc-48e6-9f3a-ceec62f7c5eb-12.exe edac749b875141edd94be72f57a444da 70
20. 388e1ece-aa85-4c5e-970f-40347719777e-12.exe ea98a95e48f6ebb77613718875e4d6de 53
21. ipMpK2Wj.exe c6d6a6d0267d124cb8d5076b9672fd28 12
22. JG.exe 05eccfb9cbbd401a115b4b44fa453d92 7
23. CCKxnhguMk.exe c7c516caad688d159d293d439ec5d426 6
24. DCnsq681F.tmp d7982f444bbe30ea82a8805d207aa1bd 5
25. kong_games_notification_service.exe b03fb6166e87328e5c8348b7986263e0 2
26. kong_games_updating_service.exe 3245cf5a3996ae901336dd286e555d9e 2
27. hosts-bho.dll 153c17029119f51589baa333e4a4fa1e 2
28. dk.exe da23bdd9c13d7fae63f720a1185a93b6 1
29. hosts-bg.exe 33fa2184f8cbe1325a5cc699873d0d45 1
Arquivos Adicionais

Detalhes sobre o Registro

CrossRider pode criar a seguinte entrada de registro ou entradas de registro:
CLSID
{02A96331-0CA6-40E2-A87D-C224601985EB}
{3278F5CF-48F3-4253-A6BB-004CE84AF492}
{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
{5645E0E7-FC12-43BF-A6E4-F9751942B298}
{577975B8-C40E-43E6-B0DE-4C6B44088B52}
{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
File name without path
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\_CrossriderRegNamePlaceHolder_
SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Software\AppDataLow\Software\Crossrider
Software\ArenaHD
SOFTWARE\Cinema_Plus-1.2V21.07
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Software\Cr_Installer
Software\Crossrider
SOFTWARE\HD4Good
SOFTWARE\HighDefAction
Software\InstalledBrowserExtensions\215 Apps
Software\InstalledBrowserExtensions\32846
Software\InstalledBrowserExtensions\34087
Software\InstalledBrowserExtensions\App+Service
Software\InstalledBrowserExtensions\BrowserAppSPlus
Software\InstalledBrowserExtensions\Buca Apps
Software\InstalledBrowserExtensions\NewPlayerVideo+
SOFTWARE\MediaPlayRS3
SOFTWARE\MedPlayvidV3.1
SOFTWARE\MyBrowser 1.0.2V31.10
SOFTWARE\OpedBrowsrVersion5-nv
SOFTWARE\OpedBrowsrVersion5-nv-ie
SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider
SOFTWARE\Wow6432Node\ArenaHD
SOFTWARE\Wow6432Node\Cinema_Plus-1.2V21.07
SOFTWARE\Wow6432Node\Crossrider
SOFTWARE\Wow6432Node\HD4Good
SOFTWARE\Wow6432Node\HighDefAction
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\32846
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\34087
SOFTWARE\Wow6432Node\MediaPlayRS3
SOFTWARE\Wow6432Node\MedPlayvidV3.1
SOFTWARE\Wow6432Node\MyBrowser 1.0.2V31.10
SOFTWARE\Wow6432Node\YorkNewCin
Software\YorkNewCin
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
Cinema_Plus-1.2V21.07
HD4Good
MediaPlayerVid2.4
MediaPlayRS3
MedPlayvidV3.1
MyBrowser 1.0.2V31.10

Diretórios

CrossRider pode criar o seguinte diretório ou diretórios:

%LOCALAPPDATA%\download balance
%PROGRAMFILES%\48 dresses
%PROGRAMFILES%\BrowsrPlus4
%PROGRAMFILES%\CrossriderWebApps
%PROGRAMFILES%\MedPlayvidV3.1
%PROGRAMFILES%\MyBrowser 1.0.2V31.10
%PROGRAMFILES%\compare for fun
%PROGRAMFILES%\dr games
%PROGRAMFILES%\dress4u
%PROGRAMFILES%\ext coupons
%PROGRAMFILES%\fun coupons
%PROGRAMFILES%\helper king
%PROGRAMFILES%\shopping blast
%PROGRAMFILES%\web disco
%PROGRAMFILES%\winter web
%PROGRAMFILES(X86)%\MedPlayvidV3.1
%PROGRAMFILES(X86)%\MyBrowser 1.0.2V31.10
%PROGRAMFILES(x86)%\48 dresses
%PROGRAMFILES(x86)%\CrossriderWebApps
%PROGRAMFILES(x86)%\HQVidual2y-v2.5V11.11
%PROGRAMFILES(x86)%\compare for fun
%PROGRAMFILES(x86)%\dr games
%PROGRAMFILES(x86)%\dress4u
%PROGRAMFILES(x86)%\ext coupons
%PROGRAMFILES(x86)%\fun coupons
%PROGRAMFILES(x86)%\helper king
%PROGRAMFILES(x86)%\shopping blast
%PROGRAMFILES(x86)%\web disco
%PROGRAMFILES(x86)%\winter web
%programfiles%\OpedBrowsrVersion5

URLs

CrossRider pode chamar os seguintes URLs:

app.gencloudex.com/static
crossriderManifest
crossriderapp

Relatório de análise

Informação geral

Family Name: PUP.CrossRider
Signature status: Self Signed

Known Samples

MD5: 75a60fbd2c14ecdc228c5312c744eb29
SHA1: 196e1407a28e9f9463f55922118a74a39b299d40
Tamanho do Arquivo: 4.85 MB, 4845480 bytes
MD5: ee92be5b8acd09c28efaafc42db61323
SHA1: 4f6584f6c8c751b2c4bbaf1d3862d05669aaad2f
Tamanho do Arquivo: 1.93 MB, 1930128 bytes
MD5: 3c3a40d85c52deaf2731dfb970c4addd
SHA1: edca175a2f56273deaa96f0c94c23a567ed1d4dd
Tamanho do Arquivo: 447.66 KB, 447664 bytes
MD5: 4269c1c918de6ab0c40e9f4702c15827
SHA1: 1f50b1d1ea8ae1c9239b338481c21431afe78f68
SHA256: 9F9F6B15604E54388D68A7612AD8BE6B6FE88337DB23B9FCC5D451817AB4CD7D
Tamanho do Arquivo: 1.51 MB, 1509352 bytes
MD5: 9dad17902cd037281af3388f9c213422
SHA1: 451f31b5be3fefd1ce60241785471b8ec7846612
SHA256: 2F8238E13CA3F27D93DABC143CF0B2D48119D2D222B48226CE744005D6EB6672
Tamanho do Arquivo: 8.60 MB, 8596680 bytes
Show More
MD5: b1125e88b8f1f8ab502dee8886417810
SHA1: 9307c7f5cb85cd58c911b187a89b05dbabb718d1
SHA256: 3A337E0728A5B38A439108E9A8AD3544FC503876C8460C1003CFA728F8B0D3A6
Tamanho do Arquivo: 5.50 MB, 5497456 bytes
MD5: 07639fa994522806ce788758472cc094
SHA1: 0e8eb7eba180b95c98f48f270263193252db9bdc
SHA256: 7ADB9945597E344E2F5C556E91D53A6C1C4F1B01FD3733E2BC3F7848EFEFEC0A
Tamanho do Arquivo: 942.10 KB, 942096 bytes
MD5: 78c1cfb804029bcf43a60778f3d47011
SHA1: 6fa4acc4ed78ea356f8a19ba6920d1a8fcde9ccd
SHA256: 10FC7DE4AEDD10F232156416FC8D3DF9736574C7BDC5DEC07D71DFDECBD301FC
Tamanho do Arquivo: 8.38 MB, 8381760 bytes
MD5: 5f3aa3af2e0f1e6e44beaa2fd2d716e0
SHA1: aadee76d55da762241766957b215d3d8a97ffc64
SHA256: 8A29030814571A902FDF754542245B00F36C94429A15563CED2F9AC71AEAF468
Tamanho do Arquivo: 193.50 KB, 193496 bytes
MD5: 9bb4f985b026b180e98b903a5b122488
SHA1: 53a73a59517fa5ca0ab56f5ed0904b9b10285dcf
SHA256: 430C56923C78A05D1978F37802E0B0E132F43BE7811FE310112C3BA7507CF65F
Tamanho do Arquivo: 3.72 MB, 3723376 bytes
MD5: acd3f9b0ceafc73b17d71f675231f9bd
SHA1: 5de5122773930eec19d8cde073d630a11415acc4
SHA256: 803124D3CEC399D6EA8217F88B42E14568B9EF91B6798235EF1D2D3543D36D0A
Tamanho do Arquivo: 5.53 MB, 5526008 bytes
MD5: 35257f9d591cd2bdc3146e3033d5af68
SHA1: 32ca1161b68d11fe2227ee429c7f7cbe08eaa925
SHA256: 8F9832C939DD8346B114C3B1BA6E1FFC13C6342B3F0A0CD1579F3C38869DC613
Tamanho do Arquivo: 4.12 MB, 4119376 bytes
MD5: e1af259f4598900647ebcb516f5f5eaf
SHA1: 23f4a604f62c726644245df8ddd8c98d2b43c669
SHA256: F275D6CFE779AAD00FE895FB2EB7311748E115FB000DD0AD067544271AC99C6B
Tamanho do Arquivo: 801.76 KB, 801760 bytes
MD5: be44c52d88bdae4442707dd99dae93c1
SHA1: c3808c33cdf2df9b38f7a723fb6bed17f22fbcbb
SHA256: F885C0B2B995D14BEF1F650849C02FA270DA0D084486AA85E347DFE2B2CEBDD2
Tamanho do Arquivo: 1.15 MB, 1148376 bytes
MD5: 9670d791dc62035e45f928b1e34b3a8a
SHA1: 5c2dfd99c78634be628099bfe6936252333b14ae
SHA256: 1409932038ACA4D2DA55935FBBC398633FF64C2628871BF8E179486448662E35
Tamanho do Arquivo: 87.97 KB, 87968 bytes
MD5: f012720c76b779ee8ddc59caa3d04e56
SHA1: 74a93f8557b0707b68ba6ca4e5cbb92a898362b8
SHA256: 2B59578088583C53F99094139D033B61FEA6270DA2E2E2F7BD0E8336CDEF8F3C
Tamanho do Arquivo: 400.90 KB, 400896 bytes
MD5: 6258afba4d411d9ac89fc2ef235a8229
SHA1: df72b592a3e393ea2ff331ae5b635a8d47542546
SHA256: ACF1B3CE21CA7840BA81D3815E58C1B28D90DD4757314EA373325A4492FDFC56
Tamanho do Arquivo: 131.43 KB, 131432 bytes
MD5: bc50ade845d59c87b665ba09ba16fd83
SHA1: e0240a003c75c4c04195264755ee1c1ce462858b
SHA256: DF8EE128CE6C5A38626A7128C732D9BB4A0CDBB39795913511C859AAF1803C3A
Tamanho do Arquivo: 177.64 KB, 177640 bytes
MD5: 518b27d806a14efcc42271fa6bcdc003
SHA1: b335e0abbd6252b778d7cfb972cd2644a042d72d
SHA256: 4A52AABBE04F0C13677506C5137E6F565BE32FAB555E51F7A63CFC161C43AB1E
Tamanho do Arquivo: 1.35 MB, 1350624 bytes
MD5: 63693b210e8b7cd08783a40f86ca47a9
SHA1: 1389facbac7230ad84e29bc50275100e057ffb8e
SHA256: 578C3C3850C28A2ABD544A6A0F970A751DF4076AAA5766CA5C0B3D1D44561602
Tamanho do Arquivo: 1.16 MB, 1156608 bytes
MD5: 4557ba420cbb5b06daa1e159530e06aa
SHA1: 5a1c16fcc07b22747538079078bb9c3fb22fcce9
SHA256: 348C66F97C2F8F120AAE227083FFD334A8FB62B7D1EBA0809402258E74774CA3
Tamanho do Arquivo: 207.44 KB, 207440 bytes
MD5: f9131a16e26ed856088440ead8370af1
SHA1: a5e446eb734f6dc7b45f526069872e6e1a18b059
SHA256: B57E3A3C9F9E861765710637B72E1E83DC7299465069422F3B431DC41718700E
Tamanho do Arquivo: 531.71 KB, 531712 bytes
MD5: 993e8aef6c2f654f80dd6b9d5f534470
SHA1: 7f797e17f7d47016f14ecdcde486575698c5509b
SHA256: 8FB57DD424E04A5FCD8C7EA62468EEBFC58907FA1C3B679A4DAA367158375B13
Tamanho do Arquivo: 4.85 MB, 4853120 bytes
MD5: bda29c8133583e0adf15e459331c72a2
SHA1: c971ed7e4e95c29b6384a7a85491a9beaf0d298e
SHA256: 4D35CC731D5C5072CAC06F283E09AEDB59EA93189BD73E168F4F5180AA6DF551
Tamanho do Arquivo: 1.94 MB, 1943016 bytes
MD5: 3c4beb34b8e6c3f82469ffc6f52941d0
SHA1: 745c64db0995b6696aff4cf39bd779807226d192
SHA256: 4F01D4588D3D7070DEB40EBDA3808B3662DD4BED964288D26786D1C31233AD5A
Tamanho do Arquivo: 962.04 KB, 962040 bytes
MD5: ebdcdd62bd88b2da770ca7a6d7410638
SHA1: 8bfd23d4a5053c46a70bbf18e5519b515c80ef8b
SHA256: A5BC47E67A4D20F7734138A615EE7230DB53853A29D17F7841D4A0026E8E4604
Tamanho do Arquivo: 1.55 MB, 1554920 bytes
MD5: ca01f66419ebb773b224aa40f4799b93
SHA1: 5514ce5df9c3a3352d20f597f26fdfc2c6f99579
SHA256: 693485D11E57929614581C8422156827F914C8D0AAE2F10579AC08235127FB7B
Tamanho do Arquivo: 1.49 MB, 1488896 bytes
MD5: cde3e10b15e0a72a5607aed66b73d365
SHA1: 731af9fee20a7515658566bcbba5a79206701261
SHA256: 976733271B69C2FEBCAB686FA298001202FC58635F15EC41C3F04FDE423AF963
Tamanho do Arquivo: 1.93 MB, 1934312 bytes
MD5: d36ee43cb27b3f5f5ab20c5d6410ce88
SHA1: 67bfc7ff6e6196c3a2382c6ee674b7f838ef43fc
SHA256: D50F464CECD074DD59B65A2F62118CE9A3CC2653017AD70D4E54A62DFBFA18C3
Tamanho do Arquivo: 1.97 MB, 1973224 bytes
MD5: e2b372c63ea61517a634a0c60a598f4d
SHA1: dd2f3242516755f7371113e2904b3d962d593f11
SHA256: C5E121D75F8488ABDE0BFDAF5F31B0DF1A3D238DDC8B3B68D141983CA3B7568F
Tamanho do Arquivo: 1.35 MB, 1349632 bytes
MD5: 9cb43b57be3b4f208c8f7562959aae4a
SHA1: 6fa91c84b9e12e7c6f5e3bde2f84165cd69501c2
SHA256: 24FE1277341889253F1892804D18F6366C892751B955F66AEC4162F91AC163E7
Tamanho do Arquivo: 174.57 KB, 174568 bytes
MD5: 4ae21dfacc2677f2653dfe9ea65ffe47
SHA1: 189396285207f11306aac0f0edd37aa95d90ef4d
SHA256: 40236C8C1F9596FBDB185F1C507A4710B0635F4983F4AAA525EF1B74ADE23BA5
Tamanho do Arquivo: 120.17 KB, 120168 bytes
MD5: 6f8dbe0da7f126d949c3a94ade5284bc
SHA1: 8072daac716fe64391c203785668b3c78b90f1b5
SHA256: 05EA2CB0F98E9A4F2C5A0367FDD7F129BFC580CA605338222244CA1847964068
Tamanho do Arquivo: 873.95 KB, 873952 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
Show More
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome Valor
Assembly Version
  • 0.0.9492.30569
  • 0.0.9120.28821
  • 0.0.8522.2260
Comments
  • Open Rails NewYear MG Transport Simulator
  • Open Rails Transport Simulator
Company Name
  • browser
  • Browser
  • Cinema HDV30.12
  • Cinema ProV01.01
  • CinPlusV19.12
  • DiscountFrenzy
  • Europa Casino
  • HDuality-V2.5V19.12
  • Hpchq
  • HQ-VideoV25.12
Show More
  • Microsoft Corporation
  • Open Rails
  • Playtech
  • Qwerty
  • Titanbet.it Casino
  • Tpczrxtwlf
  • Webby
File Description
  • Browser-AppsEd2.2 exe
  • BrowsersApp_Pro_v1.1 exe
  • CinemaHd For Pro 2.4cV01.01 exe
  • CinemaHd For Pro 2.4cV30.12 exe
  • CinPlus-2.4cV19.12 exe
  • Direct3D HLSL Compiler for Redistribution
  • Europa Casino Installer
  • Expekt Poker
  • HDQuality-V2.5V19.12 BHO
  • Hkgtl
Show More
  • HQ-Video-Pro-2.1cV25.12 exe
  • I - Cinema exe
  • iWebar BHO
  • Lgjclmruwolhm
  • Open Rails Activity Runner
  • Titanbet.it Casino Installer
  • TornPlusTV_version1.11 exe
  • Xfaggu
  • Zfmevbyelc
File Version
  • 1000.1000.1000.1000
  • 23.4.12.2
  • 14.2.8.9
  • 10.0.20348.1 (WinBuild.160101.0800)
  • 9.4.20.0
  • 1.1.1.35
  • 1.1.1.32
  • 1.1.1.1
  • 1.0.0.0
  • 0.0.9492.30569
Show More
  • 0.0.9120.28821
  • 0.0.8522.2260
Internal Name
  • Browser-AppsEd2.2
  • BrowsersApp_Pro_v1.1
  • CasinoDownloader2
  • CinemaHd For Pro 2.4cV01.01
  • CinemaHd For Pro 2.4cV30.12
  • CinPlus-2.4cV19.12
  • d3dcompiler_47.dll
  • HDQuality-V2.5V19.12
  • HQ-Video-Pro-2.1cV25.12
  • I - Cinema
Show More
  • iWebar
  • RunActivity.exe
  • TornPlusTV_version1.11
Legal Copyright
  • Copyright (C) 2001-2009 Playtech
  • Copyright 2011
  • Copyright 2014
  • Copyright 2016
  • Copyright © 2009 - 2019
  • Copyright © 2009 - 2022
  • Copyright © 2009 - 2022 Open Rails
  • Enamdkzkwt
  • Ymqctsy
  • © Microsoft Corporation. All rights reserved.
Original Filename
  • Browser-AppsEd2.2.exe
  • BrowsersApp_Pro_v1.1.exe
  • CasinoDownloader2.exe
  • CinemaHd For Pro 2.4cV01.01.exe
  • CinemaHd For Pro 2.4cV30.12.exe
  • CinPlus-2.4cV19.12.exe
  • d3dcompiler_47.dll
  • HDQuality-V2.5V19.12.dll
  • HQ-Video-Pro-2.1cV25.12.exe
  • I - Cinema.exe
Show More
  • iWebar.dll
  • RunActivity.exe
  • TornPlusTV_version1.11.exe
Product Name
  • Browser-AppsEd2.2
  • BrowsersApp_Pro_v1.1
  • CinemaHd For Pro 2.4cV01.01
  • CinemaHd For Pro 2.4cV30.12
  • CinPlus-2.4cV19.12
  • Europa Casino
  • HDQuality-V2.5V19.12
  • HQ-Video-Pro-2.1cV25.12
  • I - Cinema
  • iWebar
Show More
  • Microsoft® Windows® Operating System
  • Open Rails
  • Open Rails FR
  • Open Rails NewYear MG
  • Playtech Software Installer
  • Titanbet.it Casino
  • TornPlusTV_version1.11
  • Wptmtrpoi
  • Ykczvshgaqeeho
Product Version
  • 1000.1000.1000.1000
  • 10.0.20348.1
  • 9.4.20.0
  • 2.0.0.2
  • 0.1.3
  • 0.0.9492.30569+96c68f8244156390b66a220094be59a73f27c627
  • 0.0.9120.28821

Digital Signatures

Signer Root Status
Red Sky Sp. z o.o. DigiCert Assured ID Code Signing CA-1 Hash Mismatch
Playtech PLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Digit Network (Extreme White Limited) Digit Network (Extreme White Limited) Self Signed
Microsoft Corporation Microsoft Code Signing PCA 2010 Self Signed
PLAYTECH LIMITED PLAYTECH LIMITED Self Signed
Show More
Robokid Technologies Robokid Technologies Self Signed
VASSANA KONGSOONGNERN Thawte Code Signing CA - G2 Self Signed
Airplane Networks (BrightCircle Investments Limited) UTN-USERFirst-Object Root Not Trusted
Armageddon Labs (BrightCircle Investments Limited) UTN-USERFirst-Object Root Not Trusted
Berta Dress Apps (Bright Circle Investments Ltd) UTN-USERFirst-Object Root Not Trusted
ColoColo Apps (Bright Circle Investments Ltd) UTN-USERFirst-Object Root Not Trusted
Kimahri Software inc. UTN-USERFirst-Object Root Not Trusted
Morgan Enter Mode UTN-USERFirst-Object Root Not Trusted
Motoko Group UTN-USERFirst-Object Root Not Trusted
Numlock Apps UTN-USERFirst-Object Root Not Trusted
PLAYTECH LIMITED VeriSign Class 3 Code Signing 2004 CA Root Not Trusted
Playtech PLC VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted

File Traits

  • .NET
  • dll
  • HighEntropy
  • x64
  • x86

Block Information

Total Blocks: 3,009
Potentially Malicious Blocks: 871
Whitelisted Blocks: 1,686
Unknown Blocks: 452

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? 0 0 ? ? 0 x ? 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x x x x x x 0 x 0 x x x x ? 0 x ? x x x ? x x x 0 ? ? ? x x 0 x ? 0 x ? 1 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x 0 x x ? 0 0 x ? ? ? ? 0 1 x 0 0 0 ? ? 0 x x x 0 0 ? ? x x x x ? ? ? 0 ? ? ? 0 x x 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 x x ? ? 0 x ? ? ? ? ? x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x ? ? x x ? 0 ? 1 x 0 0 0 0 ? ? ? 0 ? 0 0 ? ? ? 0 ? 0 0 0 0 ? ? 0 0 0 0 1 x ? ? ? ? ? ? ? ? 0 ? 0 ? ? ? ? ? ? ? x x x x x ? x ? 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 ? 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 ? 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 x 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 x ? x ? 0 0 0 0 0 0 0 x ? ? ? ? ? 0 x x 0 x 0 0 ? ? 0 0 ? ? ? x ? ? x ? x 0 0 0 0 0 0 0 0 1 x ? 0 ? x 0 ? ? ? ? x 0 0 ? x ? x x 0 0 ? ? ? 0 ? ? ? ? x x ? ? x x ? x 0 0 ? x ? x x x x ? x 0 0 0 0 0 x 0 0 ? ? x ? 0 0 0 0 0 1 0 0 0 ? ? ? 0 ? 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 ? ? ? ? ? ? 0 ? x ? 1 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 ? 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 x 0 0 0 0 ? 0 ? 0 ? ? ? ? ? x x x 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? x ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 ? 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? 0 0 0 ? 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 1 ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 x ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? 0 0 0 0 0 0 x 0 ? ? ? ? ? ? ? 0 ? ? 0 0 0 0 0 ? 0 ? ? ? 0 ? ? ? ? 0 ? ? ? 0 ? ? 0 ? ? ? ? ? ? 0 x 0 ? 0 x ? 0 0 ? ? x ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? 0 0 ? ? 0 0 ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x ? ? x ? x x x x x x 0 0 ? 0 0 0 ? 0 0 ? 1 ? ? ? ? ? x ? 0 0 0 ? ? ? 0 0 ? x ? ? ? ? ? 0 0 x ? ? ? ? 0 ? ? ? ? x ? ? ? ? ? ? ? ? 0 0 0 0 ? 0 0 ? ? ? ? ? ? ? 0 x ? x ? x ? ? ? ? ? ? ? 0 ? ? 0 0 ? ? x x ? x 0 0 ? ? 0 0 ? 0 0 0 ? 0 0 ? 0 ? 0 ? 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? 0 ? ? ? x x x x x x x x x x x x x x x ? ? ? 0 0 x ? ? 0 ? ? ? 0 ? ? ? 0 ? 0 ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? x ? x 0 x x x ? ? ? x ? x x ? ? ? x x ? ? ? ? x ? ? ? ? ? x ? ? ? ? ? 0 ? ? x x 0 ? ? ? x ? ? x ? 0 x x 0 ? x x x x ? 0 ? 0 ? 0 ? x ? x ? x ? ? ? ? ? ? x x ? ? x x x x ? x ? ? ? ? ? ? ? x 0 ? x ? ? 0 ? ? ? ? ? ? x ? ? ? ? x x ? ? ? x x 0 ? x x ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? x ? ? 0 x 0 0 ? x x x x x x x x ? x ? x 0 ? 0 ? ? ? ? ? x ? x x x 0 0 x x ? ? ? ? ? ? ? ? ? 0 ? x ? x x x ? x x ? 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • CrossRider.B
  • CrossRider.C
  • CrossRider.D
  • CrossRider.EB
  • Dofoil.F

Files Modified

File Attributes
c:\end Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa592e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb5cd7.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsd5565.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsde94d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nse4861.tmp\banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4861.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse4861.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf58ff.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsf594e.tmp\avg.htm Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsf594e.tmp\complist.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\dag Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\inetc3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\load_0.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf594e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\fallbackfiles Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_splash.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096_splash.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf6c6.tmp\stdutils.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\installerutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\installerutils2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\md5dll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\nsisos.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfbb5a.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\nsislog.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh5f68.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nshb32c.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\nktwbqcj.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\nktwbqcj.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\ssoys.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\ssoys.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\stdutils.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\wrapperutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshb32c.tmp\wrapperutils.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\eula.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\nsrichedit.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut2.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\installer_screen_cut3.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\slides\slides.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5576.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\pntixvfvyr.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\qtmfoybvc.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk591f.tmp\wrapperutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\eula.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\nsrichedit.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut2.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\installer_screen_cut3.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\slides\slides.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskba8d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nso4860.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsp6b5.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq68ae.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsqbb3a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsr5ce8.tmp\mskrb.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\wrapperutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsr5ce8.tmp\xngvgtmsqefe.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\nyrlrnmjpfvz.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\wrapperutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss52c6.tmp\xppiibkbmks.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\fallbackfiles Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_icon.ico Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_splash.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040_splash.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nste94e.tmp\stdutils.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsuba7c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsw68cf.tmp\installerutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\nsislog.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\stdutils.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw68cf.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx5287.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsx5f48.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\plus-hd-1.6installer_1755675007.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\plus-hd-1.6installer_1755675007.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\plus-hd-4.4installer_1757985976.log Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Dados API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\tempo:: tempo RegNtPreCreateKey
HKLM\software\classes\appid\{c007dadd-132a-624c-088e-59ee6cf0711f}::id0  % RegNtPreCreateKey
Show More
HKCU\software\1clickdownload::uid 319481074 RegNtPreCreateKey
HKCU\software\1clickdownload::lastinstall0 1hy RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Idhcbivd\AppData\Local\Temp\nshB32C.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Giupczzc\AppData\Local\Temp\nsf6C6.tmp\ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\currentversion\appcontainer\storage\windows_ie_ac_001\software\hdquality-v2.5v19.12::activeappid 0 RegNtPreCreateKey
HKCU\software\appdatalow\software\hdquality-v2.5v19.12::activeappid 0 RegNtPreCreateKey
HKCU\software\appdatalow\software\allyrics-1\log::74a93f8557b0707b68ba6ca4e5cbb92a898362b8_000040 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\currentversion\appcontainer\storage\windows_ie_ac_001\software\iwebar::activeappid 0 RegNtPreCreateKey
HKCU\software\appdatalow\software\iwebar::activeappid 0 RegNtPreCreateKey

Windows API Usage

Category API
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Network Info Queried
  • GetAdaptersInfo
Network Winhttp
  • WinHttpOpen
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
Show More
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC

45 additional items are not displayed above.

Network Urlomon
  • URLDownloadToFile
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

"C:\Users\Idhcbivd\AppData\Local\Temp\nshB32C.tmp\Ssoys.exe"
"C:\Users\Nejebukr\AppData\Local\Temp\nsr5CE8.tmp\Xngvgtmsqefe.exe"
C:\Users\Giupczzc\AppData\Local\Temp\nsf6C6.tmp\internal0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096.exe /baseInstaller='c:/users/user/downloads/0e8eb7eba180b95c98f48f270263193252db9bdc_0000942096' /fallbackfolder='C:/Users/Giupczzc/AppData/Local/Temp/nsf6C6.tmp/fallbackfiles/'
"C:\Users\Qktvxmaf\AppData\Local\Temp\nsk591F.tmp\Qtmfoybvc.exe"
"C:\Users\Teacgrni\AppData\Local\Temp\nss52C6.tmp\Nyrlrnmjpfvz.exe"
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\32ca1161b68d11fe2227ee429c7f7cbe08eaa925_0004119376.,LiQMAxHB
open c:\users\user\downloads\utils.exe /parent='5c2dfd99c78634be628099bfe6936252333b14ae_0000087968,sandboxtool.exe,sandboxhandler.exe,cmd.exe,svchost.exe'
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\74a93f8557b0707b68ba6ca4e5cbb92a898362b8_0000400896.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\df72b592a3e393ea2ff331ae5b635a8d47542546_0000131432.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e0240a003c75c4c04195264755ee1c1ce462858b_0000177640.,LiQMAxHB
C:\Users\Fklrecvy\AppData\Local\Temp\nstE94E.tmp\internal745c64db0995b6696aff4cf39bd779807226d192_0000962040.exe /baseInstaller='c:/users/user/downloads/745c64db0995b6696aff4cf39bd779807226d192_0000962040' /fallbackfolder='C:/Users/Fklrecvy/AppData/Local/Temp/nstE94E.tmp/fallbackfiles/'
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\6fa91c84b9e12e7c6f5e3bde2f84165cd69501c2_0000174568.,LiQMAxHB
open c:\users\user\downloads\utils.exe /parent='189396285207f11306aac0f0edd37aa95d90ef4d_0000120168,sandboxtool.exe,sandboxhandler.exe,cmd.exe,explorer.exe'

Tendendo

Mais visto

Carregando...