Snap.do

Por GoldSparrow em Sequestradores de Navegador

Traduzir Para:

Cartão de pontuação de ameaças

Popularity Rank:	458
Nível da Ameaça:	50 % (Médio)
Computadores infectados:	1,985,981

Visto pela Primeira Vez:	October 12, 2012
Visto pela Última Vez:	February 7, 2026
SO (s) Afetados:	Windows

Snap.do Image

O site Snap.do está associado à barra de ferramentas Smartbar do seu navegador. Esta barra de ferramentas é na verdade um componente de adware. Embora o Snap.do afirme que o Snap.do pode simplificar a maneira como você acessa seus sites favoritos, este site e sua barra de ferramentas associada têm vários comportamentos indesejados que estão mais associados a infecções por malware conhecidas do que a aplicativos legítimos. Na maioria das vezes, a barra de ferramentas Snap.do vem junto com programas freeware, incluídos no processo de instalação.

Lendo a descrição 'oficial' do Snap.do, seria difícil adivinhar que este site está vinculado a malware. As pessoas por trás do Snap.do afirmam que a visão deste site é se tornar um líder da indústria no fornecimento de soluções web simples e inteligentes para seus clientes, bem como programas complementares que melhorem a eficiência do navegador e tornem a navegação simples com interfaces e tecnologias que os usuários de computador já usam. utilizar. No entanto, esta visão não corresponde bem à realidade, uma vez que os produtos associados ao Snap.do possuem vários componentes que são mais comumente associados ao adware. Existem três razões pelas quais os produtos associados ao Snap.do são considerados inseguros para o seu computador:

Os produtos associados ao Snap.do podem ter recursos de spyware. Ou seja, este site e software associado ao Snap.do coletarão seus dados pessoais e os distribuirão a terceiros sem sua autorização.
O site Snap.do e o software associado ao Snap.do também podem ser considerados adware. Isso ocorre porque o Snap.do foi projetado para fornecer anúncios intrusivos com base em dados privados coletados sobre seus comportamentos de navegação. Esses anúncios podem aparecer como janelas pop-up ou incorporados em páginas da web.
Snap.do também está vinculado a sequestradores de navegador. Esses tipos de componentes são projetados para alterar as configurações do navegador da Web, afetando quais sites você pode visitar e alteram a maneira como você navega na Internet.

Embora muitos sites associados a sequestradores de navegador possam, por si só, ser perfeitamente seguros, esse não é o caso do Snap.do e do software associado a este site. Devido aos seus componentes de adware e sequestrador de navegador, qualquer contato com o site Snap.do ou com software associado ao Snap.do deve ser seguido por uma verificação completa de sua máquina com um aplicativo anti-malware capaz.

Índice

Outros Nomes

2 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor	Detecção
Symantec	Bloodhound.MalPE
AhnLab-V3	PUP/Win32.Toolbar

SpyHunter detecta e remove Snap.do

Detalhes Sobre os Arquivos do Sistema

Snap.do pode criar o(s) seguinte(s) arquivo(s):

Expandir todos | Recolher todos

#	Nome do arquivo	MD5	Detecções Detecções: O número de casos confirmados e suspeitos de uma determinada ameaça detectada nos computadores infectados conforme relatado pelo SpyHunter.
1.	cloudprinter.dat	cecec73094ba3e1b7abe788ae5a5204a	271,577
Nome: cloudprinter.dat MD5: cecec73094ba3e1b7abe788ae5a5204a Tamanho: 54.27 KB (54272 bytes) Detecções: 271,577 Tipo: Data file Caminho: %ALLUSERSPROFILE%\cloudprinter Grupo: Arquivo de malware Ultima Atualização: January 27, 2026
2.	gravefresh.dat	09eab69315e00b74dfa2ca27a5542829	145,225
Nome: gravefresh.dat MD5: 09eab69315e00b74dfa2ca27a5542829 Tamanho: 252.92 KB (252928 bytes) Detecções: 145,225 Tipo: Data file Caminho: %ALLUSERSPROFILE%\lamzap Grupo: Arquivo de malware Ultima Atualização: February 6, 2026
3.	uninstall.ico	f0629844b82419eb727a3858f31dc85a	1,891
Nome: uninstall.ico MD5: f0629844b82419eb727a3858f31dc85a Tamanho: 1.15 KB (1150 bytes) Detecções: 1,891 Grupo: Arquivo de malware Ultima Atualização: September 24, 2025
4.	uninstall.dat	6c5cac85dbc1df3ced89e3ea8645bc32	1,154
Nome: uninstall.dat MD5: 6c5cac85dbc1df3ced89e3ea8645bc32 Tamanho: 140.8 KB (140800 bytes) Detecções: 1,154 Tipo: Data file Caminho: %COMMONPROGRAMFILES(x86)%\viatip Grupo: Arquivo de malware Ultima Atualização: September 9, 2024
5.	Opentip.bin	aea5b44ab1e57f40069461bcf0dbc303	601
Nome: Opentip.bin MD5: aea5b44ab1e57f40069461bcf0dbc303 Tamanho: 1.93 MB (1932216 bytes) Detecções: 601 Tipo: Binary File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Opentip.bin Grupo: Arquivo de malware Ultima Atualização: January 27, 2026
6.	Topfax.bin	e7feae9f793d93682572c065c3379626	197
Nome: Topfax.bin MD5: e7feae9f793d93682572c065c3379626 Tamanho: 76.56 KB (76565 bytes) Detecções: 197 Tipo: Binary File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Topfax.bin Grupo: Arquivo de malware Ultima Atualização: March 12, 2025
7.	Vivafax.bin	fa780e83ab291186670cfe6b879f7085	158
Nome: Vivafax.bin MD5: fa780e83ab291186670cfe6b879f7085 Tamanho: 400.44 KB (400445 bytes) Detecções: 158 Tipo: Binary File Caminho: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Vivafax.bin Grupo: Arquivo de malware Ultima Atualização: January 4, 2026
8.	AppdnifmiN.exe	24a74f120eccbec5942ce9c627c31db4	69
Nome: AppdnifmiN.exe MD5: 24a74f120eccbec5942ce9c627c31db4 Tamanho: 400.89 KB (400896 bytes) Detecções: 69 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\AppdnifmiN Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
9.	ocep.exe	2cf641c23d296a503827f6d409e0435d	50
Nome: ocep.exe MD5: 2cf641c23d296a503827f6d409e0435d Tamanho: 400.89 KB (400896 bytes) Detecções: 50 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\ocep Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
10.	CloudPrinter.exe	f79bbfd2beea6c3494bc65b638af5969	49
Nome: CloudPrinter.exe MD5: f79bbfd2beea6c3494bc65b638af5969 Tamanho: 692.73 KB (692736 bytes) Detecções: 49 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\CloudPrinter Grupo: Arquivo de malware Ultima Atualização: May 21, 2020
11.	Affenpinscher.exe	8abe1277924bdf91880a0394a4cc18d8	43
Nome: Affenpinscher.exe MD5: 8abe1277924bdf91880a0394a4cc18d8 Tamanho: 400.89 KB (400896 bytes) Detecções: 43 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\Affenpinscher Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
12.	gld.exe	c5ea20f32c1ad46670b6a6442ddd04d6	38
Nome: gld.exe MD5: c5ea20f32c1ad46670b6a6442ddd04d6 Tamanho: 61.1 KB (61103 bytes) Detecções: 38 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\Gorny\gld.exe Grupo: Arquivo de malware Ultima Atualização: June 27, 2020
13.	emphasising.exe	25034e95214d42e20e9383a353c125f6	37
Nome: emphasising.exe MD5: 25034e95214d42e20e9383a353c125f6 Tamanho: 37.75 KB (37758 bytes) Detecções: 37 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\basque\emphasising.exe Grupo: Arquivo de malware Ultima Atualização: June 27, 2020
14.	uninstall.exe	75e0ecad5d00e8407e32506361b93f98	35
Nome: uninstall.exe MD5: 75e0ecad5d00e8407e32506361b93f98 Tamanho: 984.57 KB (984576 bytes) Detecções: 35 Tipo: Executable File Caminho: %COMMONPROGRAMFILES(x86)%\ZotRemnix Grupo: Arquivo de malware Ultima Atualização: June 30, 2016
15.	patience.exe	069ad9a7445f11563b2919a5f006979c	32
Nome: patience.exe MD5: 069ad9a7445f11563b2919a5f006979c Tamanho: 9.21 KB (9216 bytes) Detecções: 32 Tipo: Executable File Caminho: %PROGRAMFILES(x86)%\patience\patience.exe Grupo: Arquivo de malware Ultima Atualização: June 27, 2020
16.	Medotity.exe	a761ce1d6bc4eec1c527324584e9ddd8	28
Nome: Medotity.exe MD5: a761ce1d6bc4eec1c527324584e9ddd8 Tamanho: 692.73 KB (692736 bytes) Detecções: 28 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\Medotity Grupo: Arquivo de malware Ultima Atualização: November 24, 2016
17.	AppgnirtspmaT.exe	a674955ee5b9cf795d74aec1a3bdea46	25
Nome: AppgnirtspmaT.exe MD5: a674955ee5b9cf795d74aec1a3bdea46 Tamanho: 400.89 KB (400896 bytes) Detecções: 25 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\AppgnirtspmaT Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
18.	xifs.exe	5f8cde8ed5585c50102a06981f1c9d7a	24
Nome: xifs.exe MD5: 5f8cde8ed5585c50102a06981f1c9d7a Tamanho: 400.89 KB (400896 bytes) Detecções: 24 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\xifs Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
19.	AppxeetouQ.exe	68e27e78779d9780d2daef4d6c2148e4	24
Nome: AppxeetouQ.exe MD5: 68e27e78779d9780d2daef4d6c2148e4 Tamanho: 400.89 KB (400896 bytes) Detecções: 24 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\AppxeetouQ Grupo: Arquivo de malware Ultima Atualização: November 30, 2016
20.	ApppazmaL.exe	be67210e37a467cf02375d7ab03270c6	23
Nome: ApppazmaL.exe MD5: be67210e37a467cf02375d7ab03270c6 Tamanho: 392.7 KB (392704 bytes) Detecções: 23 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\ApppazmaL Grupo: Arquivo de malware Ultima Atualização: May 26, 2017
21.	idna.exe	543de71ba6de1353cd397c89a0951663	18
Nome: idna.exe MD5: 543de71ba6de1353cd397c89a0951663 Tamanho: 692.73 KB (692736 bytes) Detecções: 18 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\idna Grupo: Arquivo de malware Ultima Atualização: November 24, 2016
22.	AppmatdloH.exe	d0f9b6fec63f8cb1ddeaa0cac2512aa5	16
Nome: AppmatdloH.exe MD5: d0f9b6fec63f8cb1ddeaa0cac2512aa5 Tamanho: 692.73 KB (692736 bytes) Detecções: 16 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\AppmatdloH Grupo: Arquivo de malware Ultima Atualização: November 24, 2016
23.	Utatity.exe	711203f1378abf0a39822f473287c8d8	15
Nome: Utatity.exe MD5: 711203f1378abf0a39822f473287c8d8 Tamanho: 692.73 KB (692736 bytes) Detecções: 15 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\Utatity Grupo: Arquivo de malware Ultima Atualização: November 24, 2016
24.	set.exe	96a99a6e8b367ffa84b5f5b0bb2a4dc9	14
Nome: set.exe MD5: 96a99a6e8b367ffa84b5f5b0bb2a4dc9 Tamanho: 3.78 MB (3786752 bytes) Detecções: 14 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\Logic Handler Grupo: Arquivo de malware Ultima Atualização: March 3, 2017
25.	Nettrans.exe	56e23c8a026f980555a286c1ed873ec3	13
Nome: Nettrans.exe MD5: 56e23c8a026f980555a286c1ed873ec3 Tamanho: 43.52 KB (43520 bytes) Detecções: 13 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\NetworkPacketManitor Grupo: Arquivo de malware Ultima Atualização: March 3, 2017
26.	crambo.exe	7ce53c9cc3d30ab0df7d0e0849c9a7bf	1
Nome: crambo.exe MD5: 7ce53c9cc3d30ab0df7d0e0849c9a7bf Tamanho: 2.92 MB (2927912 bytes) Detecções: 1 Tipo: Executable File Caminho: %ALLUSERSPROFILE%\NetworkPacketManitor Grupo: Arquivo de malware Ultima Atualização: October 1, 2016

Arquivos Adicionais

Detalhes sobre o Registro

Snap.do pode criar a seguinte entrada de registro ou entradas de registro:

File name without path

Alphatax.exe

Alphatop.exe

Bam-Phase.exe

Daltla.exe

DanFix.exe

Domnimdex.exe

Doublelax.exe

Fasecore.exe

FaseSaostock.exe

Laquonix.exe

OpeZamjob.exe

SailLatsing.exe

Salttrax.exe

StrongDonlab.exe

TonRaning.exe

Trueex.exe

Unodex.exe

Viawarm.exe

Yearkeysing.exe

ZerCom.exe

ZumDubflex.exe

Zunlotlight.exe

Regexp file mask

%appdata%\agent.dat

%appdata%\giftbag.db

%appdata%\installationconfiguration.xml

%appdata%\noah.dat

%appdata%\uninstall_temp.ico

%localappdata%\agent.dat

%LOCALAPPDATA%\dongls.exe

%localappdata%\freshlab.exe

%localappdata%\funzap.exe

%localappdata%\giftbag.db

%LOCALAPPDATA%\Greenjob.[RANDOM CHARACTERS]

%localappdata%\hatcof.exe

%localappdata%\installationconfiguration.xml

%LOCALAPPDATA%\JobSilsing.exe

%localappdata%\main.dat

%localappdata%\newstatdex.exe

%localappdata%\noah.dat

%localappdata%\qvotop.exe

%localappdata%\relam.exe

%localappdata%\saoeco.exe

%LOCALAPPDATA%\sha.db

%localappdata%\sham.db

%localappdata%\silverity.exe

%localappdata%\silversanair.exe

%localappdata%\yearfix.exe

%localappdata%\zamron.exe

%userprofile%\local settings\application data\funzap.exe

%userprofile%\local settings\application data\hatcof.exe

%UserProfile%\Local Settings\Application Data\sha.db

%userprofile%\local settings\application data\yearfix.exe

%windir%\system32\config\systemprofile\appdata\local\agent.dat

%windir%\system32\config\systemprofile\appdata\local\applicationhosting.dat

%windir%\system32\config\systemprofile\appdata\local\config.xml

%windir%\system32\config\systemprofile\appdata\local\lobby.dat

%windir%\system32\config\systemprofile\appdata\local\main.dat

%windir%\system32\config\systemprofile\appdata\local\md.xml

%windir%\system32\config\systemprofile\appdata\local\noah.dat

%WINDIR%\System32\config\systemprofile\AppData\Local\sha.db

%windir%\system32\config\systemprofile\appdata\local\sham.db

%windir%\system32\config\systemprofile\appdata\local\uninstall_temp.ico

%windir%\syswow64\config\systemprofile\appdata\local\agent.dat

%windir%\syswow64\config\systemprofile\appdata\local\applicationhosting.dat

%windir%\syswow64\config\systemprofile\appdata\local\config.xml

%windir%\syswow64\config\systemprofile\appdata\local\lobby.dat

%windir%\syswow64\config\systemprofile\appdata\local\main.dat

%windir%\syswow64\config\systemprofile\appdata\local\md.xml

%WINDIR%\SysWOW64\config\systemprofile\AppData\Local\sha.db

%windir%\syswow64\config\systemprofile\appdata\local\sham.db

%windir%\syswow64\config\systemprofile\appdata\local\uninstall_temp.ico

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Microsoft\Tracing\appmallosayov_RASAPI32

SOFTWARE\Microsoft\Tracing\appmallosayov_RASMANCS

SOFTWARE\Microsoft\Tracing\AppoxinloK_RASAPI32

SOFTWARE\Microsoft\Tracing\AppoxinloK_RASMANCS

SOFTWARE\Microsoft\Tracing\AppxeetouQ_RASAPI32

SOFTWARE\Microsoft\Tracing\AppxeetouQ_RASMANCS

SOFTWARE\Microsoft\Tracing\Hotfresh_RASAPI32

SOFTWARE\Microsoft\Tracing\Hotfresh_RASMANCS

SOFTWARE\Microsoft\Tracing\Kipolam_RASAPI32

SOFTWARE\Microsoft\Tracing\Kipolam_RASMANCS

SOFTWARE\Microsoft\Tracing\Kolnixo_RASAPI32

SOFTWARE\Microsoft\Tracing\Kolnixo_RASMANCS

SOFTWARE\Microsoft\Tracing\locep_RASAPI32

SOFTWARE\Microsoft\Tracing\locep_RASMANCS

SOFTWARE\Microsoft\Tracing\mbappert_RASAPI32

SOFTWARE\Microsoft\Tracing\mbappert_RASMANCS

SOFTWARE\Microsoft\Tracing\Pangoc_RASAPI32

SOFTWARE\Microsoft\Tracing\Pangoc_RASMANCS

SOFTWARE\Microsoft\Tracing\Pluslax_RASAPI32

SOFTWARE\Microsoft\Tracing\Pluslax_RASMANCS

SOFTWARE\Microsoft\Tracing\Polygen_RASAPI32

SOFTWARE\Microsoft\Tracing\Polygen_RASMANCS

SOFTWARE\Microsoft\Tracing\snorler_RASAPI32

SOFTWARE\Microsoft\Tracing\snorler_RASMANCS

SOFTWARE\Microsoft\Tracing\Tolnix_RASAPI32

SOFTWARE\Microsoft\Tracing\Tolnix_RASMANCS

SOFTWARE\Microsoft\Tracing\Voyasollam_RASAPI32

SOFTWARE\Microsoft\Tracing\Voyasollam_RASMANCS

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appmallosayov.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppoxinloK.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppxeetouQ.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kipolam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kolnixo.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\locep.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbappert.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pangoc.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pitachok.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pluslax.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Polygen.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snorler.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tolnix.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Voyasollam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\appmallosayov.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppoxinloK.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppxeetouQ.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Hotfresh.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kipolam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kolnixo.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\locep.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\mbappert.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pangoc.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pluslax.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Polygen.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\snorler.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Tolnix.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Voyasollam.exe

SOFTWARE\mtappmallosayov

SOFTWARE\mtAppoxinloK

SOFTWARE\mtAppxeetouQ

SOFTWARE\mtHotfresh

Software\mtKolnixo

SOFTWARE\mtlocep

SOFTWARE\mtmbappert

SOFTWARE\mtPangoc

SOFTWARE\mtPitachok

SOFTWARE\mtPluslax

SOFTWARE\mtPolygen

SOFTWARE\mtTolnix

SOFTWARE\WOW6432Node\Microsoft\Tracing\appmallosayov_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\appmallosayov_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\AppoxinloK_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\AppoxinloK_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\AppxeetouQ_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\AppxeetouQ_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Hotfresh_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Hotfresh_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kipolam_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kipolam_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kolnixo_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kolnixo_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\locep_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\locep_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\mbappert_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\mbappert_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\Pangoc_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Pangoc_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pitachok_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pitachok_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pluslax_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pluslax_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Polygen_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Polygen_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\snorler_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\snorler_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\Tolnix_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Tolnix_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Voyasollam_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Voyasollam_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appmallosayov.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppoxinloK.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppxeetouQ.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kipolam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kolnixo.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\locep.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbappert.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pangoc.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pitachok.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pluslax.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Polygen.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snorler.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tolnix.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Voyasollam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\appmallosayov.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppoxinloK.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppxeetouQ.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Hotfresh.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kipolam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kolnixo.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\locep.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\mbappert.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pangoc.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pitachok.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pluslax.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Polygen.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\snorler.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Tolnix.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Voyasollam.exe

SOFTWARE\Wow6432Node\mtappmallosayov

SOFTWARE\Wow6432Node\mtAppoxinloK

SOFTWARE\Wow6432Node\mtAppxeetouQ

SOFTWARE\Wow6432Node\mtHotfresh

Software\WOW6432Node\mtKolnixo

SOFTWARE\Wow6432Node\mtlocep

SOFTWARE\Wow6432Node\mtmbappert

SOFTWARE\Wow6432Node\mtPangoc

SOFTWARE\Wow6432Node\mtPitachok

SOFTWARE\Wow6432Node\mtPluslax

SOFTWARE\Wow6432Node\mtPolygen

SOFTWARE\Wow6432Node\mtTolnix

SYSTEM\ControlSet001\services\appmallosayov

SYSTEM\ControlSet001\services\AppxeetouQ

SYSTEM\ControlSet001\services\Quoteex

SYSTEM\ControlSet001\services\Voyasollam

SYSTEM\ControlSet002\services\appmallosayov

SYSTEM\ControlSet002\services\AppxeetouQ

SYSTEM\ControlSet002\services\Quoteex

SYSTEM\ControlSet002\services\Voyasollam

SYSTEM\CurrentControlSet\services\appmallosayov

SYSTEM\CurrentControlSet\services\AppxeetouQ

SYSTEM\CurrentControlSet\services\Quoteex

SYSTEM\CurrentControlSet\services\Voyasollam

Diretórios

Snap.do pode criar o seguinte diretório ou diretórios:

%ALLUSERSPROFILE%\Anwendungsdaten\Logic Cramble

%ALLUSERSPROFILE%\Application Data\AppoxinloK

%ALLUSERSPROFILE%\Application Data\Graveairs

%ALLUSERSPROFILE%\Application Data\Zonsoft

%ALLUSERSPROFILE%\Application Data\Zonsofts

%ALLUSERSPROFILE%\Application Data\apptreppabm

%ALLUSERSPROFILE%\Application Data\apptreppabms

%ALLUSERSPROFILE%\Application Data\appxafmads

%ALLUSERSPROFILE%\Application Data\kipolam

%ALLUSERSPROFILE%\Application Data\mbappert

%ALLUSERSPROFILE%\Application Data\mbapperts

%ALLUSERSPROFILE%\Application Data\pangoc

%ALLUSERSPROFILE%\Application Data\pangocs

%ALLUSERSPROFILE%\Application Data\tolnix

%ALLUSERSPROFILE%\Application Data\tolnixs

%ALLUSERSPROFILE%\AppnegyloP

%ALLUSERSPROFILE%\AppnorriA

%ALLUSERSPROFILE%\AppnorriAs

%ALLUSERSPROFILE%\AppoxinloK

%ALLUSERSPROFILE%\AppoxinloKs

%ALLUSERSPROFILE%\ApppotriA

%ALLUSERSPROFILE%\ApppotriAs

%ALLUSERSPROFILE%\AppthgildeMs

%ALLUSERSPROFILE%\AppxelosknoK

%ALLUSERSPROFILE%\BluetoothPoint

%ALLUSERSPROFILE%\BluetoothPoints

%ALLUSERSPROFILE%\Dados de aplicativos\Logic Cramble

%ALLUSERSPROFILE%\Daltit

%ALLUSERSPROFILE%\Daltits

%ALLUSERSPROFILE%\Dane aplikacji\Logic Cramble

%ALLUSERSPROFILE%\Dati applicazioni\Logic Cramble

%ALLUSERSPROFILE%\Datos de programa\Logic Cramble

%ALLUSERSPROFILE%\Graveairs

%ALLUSERSPROFILE%\Hotfreshs

%ALLUSERSPROFILE%\Pitachoks

%ALLUSERSPROFILE%\Polygen

%ALLUSERSPROFILE%\Polygens

%ALLUSERSPROFILE%\Silsolis

%ALLUSERSPROFILE%\Silsoliss

%ALLUSERSPROFILE%\Singdaxs

%ALLUSERSPROFILE%\Trioflex

%ALLUSERSPROFILE%\Trioflexs

%ALLUSERSPROFILE%\Viaair

%ALLUSERSPROFILE%\Viaairs

%ALLUSERSPROFILE%\Zonsoft

%ALLUSERSPROFILE%\Zonsofts

%ALLUSERSPROFILE%\appcognap

%ALLUSERSPROFILE%\apppitsirt

%ALLUSERSPROFILE%\apprelrons

%ALLUSERSPROFILE%\apprelronss

%ALLUSERSPROFILE%\apptreppabm

%ALLUSERSPROFILE%\apptreppabms

%ALLUSERSPROFILE%\appxafmads

%ALLUSERSPROFILE%\appxinlot

%ALLUSERSPROFILE%\ecivreSevaS

%ALLUSERSPROFILE%\ecivreSevaSs

%ALLUSERSPROFILE%\iretadpUMGRs

%ALLUSERSPROFILE%\kipolam

%ALLUSERSPROFILE%\loceps

%ALLUSERSPROFILE%\mbappert

%ALLUSERSPROFILE%\mbapperts

%ALLUSERSPROFILE%\ohnuze

%ALLUSERSPROFILE%\ohnuzes

%ALLUSERSPROFILE%\pangoc

%ALLUSERSPROFILE%\pangocs

%ALLUSERSPROFILE%\tolnix

%ALLUSERSPROFILE%\tolnixs

%ALLUSERSPROFILE%\xifss

%COMMONPROGRAMFILES%\AlphaString

%COMMONPROGRAMFILES%\Alphafan

%COMMONPROGRAMFILES%\Alphait

%COMMONPROGRAMFILES%\Alphatone

%COMMONPROGRAMFILES%\Apsing

%COMMONPROGRAMFILES%\Betastrong

%COMMONPROGRAMFILES%\Bio-Com

%COMMONPROGRAMFILES%\Biolight

%COMMONPROGRAMFILES%\Confind

%COMMONPROGRAMFILES%\Doublelab

%COMMONPROGRAMFILES%\Ecojob

%COMMONPROGRAMFILES%\Finphase

%COMMONPROGRAMFILES%\Fixfax

%COMMONPROGRAMFILES%\Goodlex

%COMMONPROGRAMFILES%\GrooveTax

%COMMONPROGRAMFILES%\Groovecof

%COMMONPROGRAMFILES%\HatTrax

%COMMONPROGRAMFILES%\Hometough

%COMMONPROGRAMFILES%\Icetech

%COMMONPROGRAMFILES%\Inchstrong

%COMMONPROGRAMFILES%\IndigoNix

%COMMONPROGRAMFILES%\Joy-Com

%COMMONPROGRAMFILES%\Kanla

%COMMONPROGRAMFILES%\Key-Soft

%COMMONPROGRAMFILES%\KinDom

%COMMONPROGRAMFILES%\Kinin

%COMMONPROGRAMFILES%\Labzap

%COMMONPROGRAMFILES%\Lamcof

%COMMONPROGRAMFILES%\Lamity

%COMMONPROGRAMFILES%\Ontofan

%COMMONPROGRAMFILES%\OpenOvedom

%COMMONPROGRAMFILES%\OverLab

%COMMONPROGRAMFILES%\Ozercom

%COMMONPROGRAMFILES%\Physlab

%COMMONPROGRAMFILES%\Quojob

%COMMONPROGRAMFILES%\Quotelux

%COMMONPROGRAMFILES%\Qvoity

%COMMONPROGRAMFILES%\Ranfresh

%COMMONPROGRAMFILES%\Rantax

%COMMONPROGRAMFILES%\Rantip

%COMMONPROGRAMFILES%\Runtax

%COMMONPROGRAMFILES%\Soling

%COMMONPROGRAMFILES%\Stockphase

%COMMONPROGRAMFILES%\Strongtech

%COMMONPROGRAMFILES%\Strongtip

%COMMONPROGRAMFILES%\Subsoft

%COMMONPROGRAMFILES%\Tanity

%COMMONPROGRAMFILES%\Tipeco

%COMMONPROGRAMFILES%\ToughHold

%COMMONPROGRAMFILES%\Trusting

%COMMONPROGRAMFILES%\Truststring

%COMMONPROGRAMFILES%\Ventodex

%COMMONPROGRAMFILES%\Ventotone

%COMMONPROGRAMFILES%\Vilaflex

%COMMONPROGRAMFILES%\Villabam

%COMMONPROGRAMFILES%\VolCore

%COMMONPROGRAMFILES%\Voya-Strong

%COMMONPROGRAMFILES%\Zonlex

%COMMONPROGRAMFILES%\Zoomtip

%COMMONPROGRAMFILES%\Zoteco

%COMMONPROGRAMFILES%\Zuntough

%COMMONPROGRAMFILES%\biojob

%COMMONPROGRAMFILES%\dentozimeco

%COMMONPROGRAMFILES%\kanis

%COMMONPROGRAMFILES%\kay-dax

%COMMONPROGRAMFILES%\kinzuncom

%COMMONPROGRAMFILES%\vialax

%COMMONPROGRAMFILES%\zaamtom

%COMMONPROGRAMFILES%\zunfax

%COMMONPROGRAMFILES(x86)%\AlphaString

%COMMONPROGRAMFILES(x86)%\Alphafan

%COMMONPROGRAMFILES(x86)%\Alphait

%COMMONPROGRAMFILES(x86)%\Alphatone

%COMMONPROGRAMFILES(x86)%\Apsing

%COMMONPROGRAMFILES(x86)%\BigHotis

%COMMONPROGRAMFILES(x86)%\Bio-Com

%COMMONPROGRAMFILES(x86)%\Biodonkix

%COMMONPROGRAMFILES(x86)%\Biolight

%COMMONPROGRAMFILES(x86)%\Cofgohold

%COMMONPROGRAMFILES(x86)%\Confind

%COMMONPROGRAMFILES(x86)%\Donsillax

%COMMONPROGRAMFILES(x86)%\Doublelab

%COMMONPROGRAMFILES(x86)%\Ecojob

%COMMONPROGRAMFILES(x86)%\FaseQuoit

%COMMONPROGRAMFILES(x86)%\Finphase

%COMMONPROGRAMFILES(x86)%\Fix-Fan

%COMMONPROGRAMFILES(x86)%\Fixfax

%COMMONPROGRAMFILES(x86)%\FreshReddax

%COMMONPROGRAMFILES(x86)%\Freshlatlex

%COMMONPROGRAMFILES(x86)%\Goodlex

%COMMONPROGRAMFILES(x86)%\GrooveTax

%COMMONPROGRAMFILES(x86)%\Groovecof

%COMMONPROGRAMFILES(x86)%\HatTrax

%COMMONPROGRAMFILES(x86)%\Hometough

%COMMONPROGRAMFILES(x86)%\Icetech

%COMMONPROGRAMFILES(x86)%\Inchstrong

%COMMONPROGRAMFILES(x86)%\IndigoNix

%COMMONPROGRAMFILES(x86)%\Jobwarm

%COMMONPROGRAMFILES(x86)%\Joy-Com

%COMMONPROGRAMFILES(x86)%\Kanla

%COMMONPROGRAMFILES(x86)%\KinDom

%COMMONPROGRAMFILES(x86)%\Kinin

%COMMONPROGRAMFILES(x86)%\KonkDondax

%COMMONPROGRAMFILES(x86)%\Konksailnix

%COMMONPROGRAMFILES(x86)%\Labzap

%COMMONPROGRAMFILES(x86)%\Lamcof

%COMMONPROGRAMFILES(x86)%\Lamity

%COMMONPROGRAMFILES(x86)%\Math-Tax

%COMMONPROGRAMFILES(x86)%\Ontofan

%COMMONPROGRAMFILES(x86)%\OpeHotcom

%COMMONPROGRAMFILES(x86)%\OpenOvedom

%COMMONPROGRAMFILES(x86)%\OverLab

%COMMONPROGRAMFILES(x86)%\Overron

%COMMONPROGRAMFILES(x86)%\Ozercom

%COMMONPROGRAMFILES(x86)%\Physlab

%COMMONPROGRAMFILES(x86)%\Quojob

%COMMONPROGRAMFILES(x86)%\Quotelux

%COMMONPROGRAMFILES(x86)%\Qvoity

%COMMONPROGRAMFILES(x86)%\Ranfresh

%COMMONPROGRAMFILES(x86)%\Rantax

%COMMONPROGRAMFILES(x86)%\Rantip

%COMMONPROGRAMFILES(x86)%\Runtax

%COMMONPROGRAMFILES(x86)%\S-tax

%COMMONPROGRAMFILES(x86)%\Sailsaobam

%COMMONPROGRAMFILES(x86)%\Soling

%COMMONPROGRAMFILES(x86)%\Statphase

%COMMONPROGRAMFILES(x86)%\Stockphase

%COMMONPROGRAMFILES(x86)%\Strongtech

%COMMONPROGRAMFILES(x86)%\Strongtip

%COMMONPROGRAMFILES(x86)%\Subsoft

%COMMONPROGRAMFILES(x86)%\SumLax

%COMMONPROGRAMFILES(x86)%\Sunlam

%COMMONPROGRAMFILES(x86)%\Tanity

%COMMONPROGRAMFILES(x86)%\Tinfresh

%COMMONPROGRAMFILES(x86)%\Tipeco

%COMMONPROGRAMFILES(x86)%\Top-Sing

%COMMONPROGRAMFILES(x86)%\ToughHold

%COMMONPROGRAMFILES(x86)%\Tresstring

%COMMONPROGRAMFILES(x86)%\Trippletantip

%COMMONPROGRAMFILES(x86)%\Trisla

%COMMONPROGRAMFILES(x86)%\Trusting

%COMMONPROGRAMFILES(x86)%\Truststring

%COMMONPROGRAMFILES(x86)%\Vento-Zap

%COMMONPROGRAMFILES(x86)%\Ventodex

%COMMONPROGRAMFILES(x86)%\Ventotone

%COMMONPROGRAMFILES(x86)%\Ventotop

%COMMONPROGRAMFILES(x86)%\Vilaflex

%COMMONPROGRAMFILES(x86)%\Villabam

%COMMONPROGRAMFILES(x86)%\VolCore

%COMMONPROGRAMFILES(x86)%\Voya-Strong

%COMMONPROGRAMFILES(x86)%\Xxx-Ransoft

%COMMONPROGRAMFILES(x86)%\Y--Tex

%COMMONPROGRAMFILES(x86)%\Zerex

%COMMONPROGRAMFILES(x86)%\Zonlex

%COMMONPROGRAMFILES(x86)%\ZooSiltam

%COMMONPROGRAMFILES(x86)%\Zoomstock

%COMMONPROGRAMFILES(x86)%\Zoomtip

%COMMONPROGRAMFILES(x86)%\Zoteco

%COMMONPROGRAMFILES(x86)%\Zuntough

%COMMONPROGRAMFILES(x86)%\biojob

%COMMONPROGRAMFILES(x86)%\dentozimeco

%COMMONPROGRAMFILES(x86)%\fixcom

%COMMONPROGRAMFILES(x86)%\freshhome

%COMMONPROGRAMFILES(x86)%\kanis

%COMMONPROGRAMFILES(x86)%\math-plus

%COMMONPROGRAMFILES(x86)%\vialax

%COMMONPROGRAMFILES(x86)%\zaamtom

%COMMONPROGRAMFILES(x86)%\zunfax

%PROGRAMFILES%\drÅÀÌ

%PROGRAMFILES%\eakzaihjajkuc

%PROGRAMFILES%\eauknrbnwrpu2

%PROGRAMFILES%\owdbzuqlndefnbhfezr

%PROGRAMFILES%\patience

%PROGRAMFILES%\rfwjmjnpstqu2

%PROGRAMFILES(x86)%\eakzaihjajkuc

%PROGRAMFILES(x86)%\eauknrbnwrpu2

%PROGRAMFILES(x86)%\owdbzuqlndefnbhfezr

%PROGRAMFILES(x86)%\patience

%PROGRAMFILES(x86)%\rfwjmjnpstqu2

%TEMP%\eakzaihjajkuc

%TEMP%\eauknrbnwrpu2

%TEMP%\owdbzuqlndefnbhfezr

%TEMP%\rfwjmjnpstqu2

Biscoitos

The following cookies may be associated with Snap.do:

feed.snap.do

URLs

Snap.do pode chamar os seguintes URLs:

anysearchmanager.com

feed.24-stream.com

feed.amazingtab.com

feed.any-templates.com

feed.cryptoverto.com

feed.ebooks-club.com

feed.free-converterz.com

feed.funkystreams.com

feed.game-jungle.com

feed.getlive.news

feed.giph-it.com

feed.live-streaming.online

feed.runspeedcheck.com

feed.salahweb.com

feed.sound-hd.com

feed.streamingworldcup.com

moviebox-online.com

pixel.pxcollect.com

protected-search.com

searchfrit.com

videoconverterz.com

Relatório de análise

Informação geral

Family Name:	Snap.do
Signature status:	No Signature

Known Samples

MD5: 17d9801dce7b2dc7c46fdd26acc0ba2c

SHA1: 8545820d072de65afcc10387b4c332f1e97a9f94

Tamanho do Arquivo: 1.90 MB, 1895383 bytes

MD5: 5255c259aea306dc85d02632088eb2f6

SHA1: 968991d2fae12d9590273f73a34ac27a9ce897d3

SHA256: 388CC75558DCD9EA17F7E5375D1B8210C459AB80FBA52858298C15E4CD983A90

Tamanho do Arquivo: 1.09 MB, 1085448 bytes

MD5: 50537fe7850cc6bc1543831aaaefcd8b

SHA1: 555f9c5f06cfda575a47c4823d34ff7d64e41c69

SHA256: 5CE4D65B4516C87D3570409A9A5653AC5082332A9BEC0E57656B34DDCDE01598

Tamanho do Arquivo: 1.78 MB, 1784582 bytes

MD5: 08564401d98ca3aef076f5bcff6fd92b

SHA1: 87491142ca85ee8c43697811d714a45b4feaf8f3

SHA256: 94344C9883EC50E7EFB8F4A659E7DF27EB45D29ECD77E966965904C2C1E9BA78

Tamanho do Arquivo: 46.08 KB, 46080 bytes

MD5: 5b9a59e587e521a340a0f67fc8cf9c42

SHA1: 178941db8e34e3796d6f614c4734e8d50eac0f81

SHA256: FC4D59C280A1600138EA6751200C41409FAA9743F56DDB2DA426DC03741094F4

Tamanho do Arquivo: 28.67 KB, 28672 bytes

MD5: 0a310c5fe82ee582182b13670904f3db

SHA1: 6cfdcfde9260096f676d0f291855f0ef4a4b69cd

SHA256: 9DC6F63F89D57DFB55CBDB0961141A16C79AD81191B6FE5F16DD8FC06D812752

Tamanho do Arquivo: 143.36 KB, 143360 bytes

MD5: be818539582ce5a7e1cb02131337c86c

SHA1: 0866adf752e61a32111a3b5873a353b455faaa91

SHA256: 807B1D5B01F4A00A6042B7FCC65166878A664D4217B6F20334403BF6E6FA7A32

Tamanho do Arquivo: 1.90 MB, 1895380 bytes

MD5: 3bf1f473ad29a813a7ee57758227399b

SHA1: 5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8

SHA256: 908BF77A1649EF5B6D392A085BD390109DE634BBDDBC32735B376EF312EAC23F

Tamanho do Arquivo: 278.51 KB, 278509 bytes

MD5: 930ac080f1d1a9c28206693393ac14c8

SHA1: 58bf542fda7b4ceb31a4380c5af4f4581fe7c40e

SHA256: 8A01C22729651C8A690242ADBEB20BF4FEB88F94F16B072EA9971867404CB0EE

Tamanho do Arquivo: 278.51 KB, 278511 bytes

MD5: 3823bd64dc7bab0fbbbdee49126ac939

SHA1: 786ada42d0f88ac5be1ce5667be4cc13283289ec

SHA256: 1F70AAD5E8FF7B0C70E97370A11F214AE1291A1503EEA8FD16485D587F938844

Tamanho do Arquivo: 278.52 KB, 278518 bytes

MD5: eb3102f5aa56414121b5b606c6b96bbf

SHA1: d9226e505ea4dd21a3fbcf843280489c1f04cf64

SHA256: 81C963787897B391D38520C9C70CDCCE6E6888E20071EB918354D8A81055026D

Tamanho do Arquivo: 1.90 MB, 1895383 bytes

MD5: 5179732733e1692e6dd203798a9209ff

SHA1: fbf87847dc4e35b728b05038fe9454e6e0de4053

SHA256: 3652266AE06A904C64131AC62246DE3BC1418D248C180BAFFF9BA384F5E4E894

Tamanho do Arquivo: 352.86 KB, 352855 bytes

MD5: a4406a102105a87d3fa1a7cf0afe8521

SHA1: c5a253b7c27b1f02910cc4977659a25fc6d73330

SHA256: C024E8A4FBA1F6890D1C4B56EAC302644377949FD18D232BEA603312AA862011

Tamanho do Arquivo: 350.54 KB, 350544 bytes

MD5: 67473d7d1837c6f36b4c234dd418ea1c

SHA1: 6a84ee99b5ebc4d9d13c1b92ff453b4af97964c4

SHA256: 0C5F77732629EB72073D852906AB55809FF3C5BC405AD8E3A9B9629E1DCCFA14

Tamanho do Arquivo: 1.90 MB, 1895382 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Nome	Valor
Assembly Version	1.0.0.0 0.8.0.0
Comments	Shopping Helper Smartbar
File Description	Shopping Helper Smartbar Smartbar.Resources.LanguageSettings TrotiNet
File Version	1.0.0.0 0.8.0.0
Internal Name	Smartbar.Resources.LanguageSettings.resources.dll SmartbarInternetExplorerBHO.dll TrotiNet.dll
Legal Copyright	Copyright © 2012 Copyright © TrotiNet Team 2011-2013
Original Filename	Smartbar.Resources.LanguageSettings.resources.dll SmartbarInternetExplorerBHO.dll TrotiNet.dll
Product Name	Shopping Helper Smartbar Smartbar.Resources.LanguageSettings TrotiNet
Product Version	1.0.0.0 0.8.0.0

Digital Signatures

Signer	Root	Status
MY POP SHOP LTD	UTN-USERFirst-Object	Root Not Trusted
ReSoft LTD.	UTN-USERFirst-Object	Hash Mismatch

File Traits

.NET
Acronis Installer
dll
HighEntropy
Installer Manifest
No Version Info
RAR (In Overlay)
RARinO
WinRAR SFX
WinZip SFX

WRARSFX
x64
x86
ZIP (In Overlay)
ZIPinO

Files Modified

File	Attributes
c:\programdata\logic cramble\set.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\set.exe.config	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\system.data.sqlite.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.linq.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.xml	Generic Write,Read Attributes
c:\programdata\logic cramble\x64\sqlite.interop.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\x86\sqlite.interop.dll	Generic Write,Read Attributes
c:\programdata\networkpacketmanitor	Synchronize,Write Attributes
c:\programdata\networkpacketmanitor\__tmp_rar_sfx_access_check_13199750	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\networkpacketmanitor\nettrans.exe	Generic Write,Read Attributes

c:\programdata\networkpacketmanitor\nettrans.exe	Synchronize,Write Attributes
c:\programdata\networkpacketmanitor\nettrans.exe.config	Generic Write,Read Attributes
c:\programdata\networkpacketmanitor\nettrans.exe.config	Synchronize,Write Attributes
c:\programdata\prefssecure	Synchronize,Write Attributes
c:\programdata\prefssecure\__tmp_rar_sfx_access_check_153473046	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\prefssecure\__tmp_rar_sfx_access_check_928656	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\prefssecure\nettrans.exe	Generic Write,Read Attributes
c:\programdata\prefssecure\nettrans.exe	Synchronize,Write Attributes
c:\programdata\prefssecure\nettrans.exe.config	Generic Write,Read Attributes
c:\programdata\prefssecure\nettrans.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2145625	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2146234	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_22828	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926062	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_3318750	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_443312	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.linq.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.linq.dll	Synchronize,Write Attributes

Registry Modifications

Key::Value	Dados	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	얈딡Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꋨ娪䴞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	됫菒屑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	驘叶橘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	튵㿈茝ǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Keyboard Access	GetKeyState
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Service Control	OpenSCManager
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC 68 additional items are not displayed above.
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory

Shell Command Execution


							(NULL) C:\Users\Dexqkvmh\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\8545820d072de65afcc10387b4c332f1e97a9f94_0001895383.exe"


							"C:\Users\Dexqkvmh\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


							"cmd.exe" /c sc create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


							C:\WINDOWS\system32\sc.exe sc  create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


							WriteConsole: [SC] CreateServi


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\178941db8e34e3796d6f614c4734e8d50eac0f81_0000028672.,LiQMAxHB


									(NULL) C:\Users\Suuzwzuw\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\0866adf752e61a32111a3b5873a353b455faaa91_0001895380"


									"C:\Users\Suuzwzuw\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


									WriteConsole: [SC] ChangeServi


									(NULL) C:\ProgramData\PrefsSecure\Nettrans.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe "c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509"" DisplayName= "Prefs Secure" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509" DisplayName= "Prefs Secure" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509" DisplayName= "Prefs Secure" start= auto


									(NULL) C:\ProgramData\PrefsSecure\Nettrans.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe "c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511"" DisplayName= "Prefs Secure" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511" DisplayName= "Prefs Secure" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511" DisplayName= "Prefs Secure" start= auto


									(NULL) C:\ProgramData\NetworkPacketManitor\Nettrans.exe create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe "c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518"" DisplayName= "Network Packet Manitor" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518" DisplayName= "Network Packet Manitor" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518" DisplayName= "Network Packet Manitor" start= auto


									(NULL) C:\Users\Bfviuslq\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\d9226e505ea4dd21a3fbcf843280489c1f04cf64_0001895383"


									"C:\Users\Bfviuslq\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


									(NULL) C:\Users\Mdlgqdel\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\6a84ee99b5ebc4d9d13c1b92ff453b4af97964c4_0001895382"


									"C:\Users\Mdlgqdel\AppData\Local\Temp\RarSFX0\LogicHandler.exe"

Snap.do

Cartão de pontuação de ameaças

EnigmaSoft Threat Scorecard

Outros Nomes

SpyHunter detecta e remove Snap.do

Detalhes Sobre os Arquivos do Sistema

Detalhes sobre o Registro

Diretórios

Biscoitos

URLs

Relatório de análise

Informação geral

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Enviar o Comentário

Tendendo

Mais visto