Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Bar

PUP.Bar

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 131
Threat Level: 10 % (Normal)
Infected Computers: 123,301
First Seen: April 7, 2022
Last Seen: February 7, 2026
OS(es) Affected: Windows

Registry Details

PUP.Bar may create the following registry entry or registry entries:
CLSID
{00000000-6E41-4FD3-8538-502F5495E5FC}
{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
{6C434537-053E-486D-B62A-160059D9D456}
{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
{D4027C7F-154A-4066-A1AD-4243D8127440}
File name without path
ask_image.bmp
toolbar@ask.com
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\APN
SOFTWARE\Ask.com
SOFTWARE\AskToolbar
SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
{79A765E1-C399-405B-85AF-466F52E918B0}

Directories

PUP.Bar may create the following directory or directories:

%ALLUSERSPROFILE%\APN
%ALLUSERSPROFILE%\AskPartnerNetwork
%ALLUSERSPROFILE%\AskToolbar
%programfiles%\ask.com
%temp%\APN-Stub
%temp%\APNLogs
%temp%\AskSearch

Analysis Report

General information

Family Name: PUP.Bar
Packers: PECompact v2.20
Signature status: No Signature

Known Samples

MD5: 1053189c2dadbfcf6080493c52f74209
SHA1: 1e3044b2792337c1abb32ae396f30bd111f6b79e
File Size: 3.33 MB, 3328728 bytes
MD5: aca1cd6dbd98b870df8b0c50a936957d
SHA1: 0e4e2f7b3a46ec671315be3ab266f685c24703b1
File Size: 874.78 KB, 874780 bytes
MD5: 79ab2525a50e6ba406aee49a0899a9a6
SHA1: b8dad21e222427ad2c22a23cce26d6c77228e4b6
File Size: 482.82 KB, 482816 bytes
MD5: 9159dd0d116dea6a2715b6be128411ac
SHA1: 027df205c27c0f1b0f0aef535865ebb60a51e364
File Size: 2.34 MB, 2342648 bytes
MD5: 0d0bebad17b06087ac0055399355823f
SHA1: cb8fb7e5cdb59630bde59252a602866f8930615a
File Size: 7.99 MB, 7986551 bytes
Show More
MD5: 7f8b1574df7bbaf21e078bc257033fc6
SHA1: 7f67193cdd97f60caeeb6fbd2debfc125f29a4fb
File Size: 524.29 KB, 524288 bytes
MD5: c96edc923b0c7411f99fc7fb93a0a9b6
SHA1: 3ee8fea1d0c8c8072937656d87ea217953d30819
File Size: 4.71 MB, 4709861 bytes
MD5: 8043dec07386e28e53c7179bd5fed5fc
SHA1: 0c088ab05cdc21fafce8973185df004af215b1a7
SHA256: FE0E423DBEE414F32FF08D44ABCDC083332F5068D3F7B41CB6F6112824BE4CEE
File Size: 3.60 MB, 3597656 bytes
MD5: dccc388b691ab23a1c582fe402931f94
SHA1: d124d770a66c631873c99d209536bef67e7a7902
SHA256: 92D814A552F60C74F13296EBCAE7064F4E00D1651F6E660277C45651FB7EB7FA
File Size: 7.66 MB, 7658952 bytes
MD5: f684cbd51051704a739b4a618dc8cdec
SHA1: bec50700056cd6019c478f3dd68600aa9e23a769
SHA256: CD40DAC9E677D716E73ABDB36487955FBB1A17883E44E109CA427745FACCF60B
File Size: 2.31 MB, 2305392 bytes
MD5: 0f4e061b8d043334dfe06fac9889bc38
SHA1: 17cd2a6b8afc9cffddf1f41cc9e00ac79145250f
SHA256: 4DE6A9C0B82E52A06CFF689F2E9CAD5C85E85A3C029EC026EE0C85FBE0CFF75A
File Size: 8.59 MB, 8585216 bytes
MD5: 5359339ef3336cc673c3aac12c3e5a35
SHA1: 322cd3b05adcf62bdf9744eea1dc2b3b9de4ba29
SHA256: 716601DDCA2AC43123D9FD1A49BEFBC8EB8CEC6408BB917FF652CE5AB565DD04
File Size: 4.87 MB, 4870833 bytes
MD5: e7028ac7bb7dce0c2c1462101075fb18
SHA1: 712ec6403b43ba54c443fb9ae86ca0e030169589
SHA256: F89DDD1401CFB85D912D4506DCAA83D317B2EB4EB93AABE4B06C4120906E0B13
File Size: 734.79 KB, 734792 bytes
MD5: c27accd3f20e2dde3a6616f7dd6f23ff
SHA1: f86af564adbc6600aeb76917de3c9f7198de0080
SHA256: 4705B9AD67952233DDB8F50EE82FEEB4F036ABE66ACF8BE7D953F70C6F370358
File Size: 4.11 MB, 4109504 bytes
MD5: bfd29d6879366a7d4a8e5502669e9047
SHA1: b7484dad7249e6906a08b9d950c047db572fc0dc
SHA256: 91C4895F3FD0A0D1B1A8827C93C752E675FDD5DA8DD70C587506B9C31E36CB48
File Size: 7.79 MB, 7785695 bytes
MD5: fdd95ee9068859f45bc37e114097de1f
SHA1: 7bb348a158ba6e61b7eefdbe27b88a1e2754a5ae
SHA256: 3BFB947058D87E7F2023C8FD28C2C8583AF796606830611C10C49C224BBBA2B9
File Size: 7.78 MB, 7781488 bytes
MD5: 6681f01eb9e958a24110ac300f66a502
SHA1: e3dd9ae500e751ad702e1eaee52496191cb63f1f
SHA256: DA2541717C31258F905BC5B47D0CEFDAD56E3188E7B1C192F4E3D10A217441D4
File Size: 214.31 KB, 214312 bytes
MD5: 78f2ede8f1f4b4130214a9c2ffb007ee
SHA1: 3acf41c1828aedb2c72064978bc9c3b58d6ba63c
SHA256: CE078A7539F44FE3725EC73D6447EFB1A1292B8EE3D9D53D254A757E9FBC58CC
File Size: 8.56 MB, 8560944 bytes
MD5: 5e572e24542e19408ac42d09c7aee74f
SHA1: 1fede0b87a61ff83cd81566a2958f37b777a5d25
SHA256: 8209A2E25CDA88C62C754F08078C8A8503BD81EC45F56F36A4372E0077E10DF0
File Size: 5.10 MB, 5100744 bytes
MD5: d9905e2ef1256aee2d44554265301a58
SHA1: e6a57662fb7849a21465786e0284b27746ee6f97
SHA256: 26A799CEB76ECAC7A34FF58638E69BE68ED507A41EEB04377B1FBA3D51713CEA
File Size: 1.04 MB, 1044944 bytes
MD5: ebed5169714811f87249b3f96719d675
SHA1: b2d20afbb6f4c47b1cbd8420efd05bf2c8dd7c1c
SHA256: 24F1B079FEA8A215E8297A5C1D7C2AC94B443E75A5886468E65E958117282BD5
File Size: 2.33 MB, 2325176 bytes
MD5: 054067cf0eeff225c8b101ae25e0dcc6
SHA1: 622ee963a2ef850fa4b182d91a53327d0e294dd9
SHA256: 075195DB6C6BFD359A74FEF7C84CB4E85364E0E48C899C881185AF28C74E82AF
File Size: 4.71 MB, 4705280 bytes
MD5: 21b48d2a13d2f7a73c0341ac053fd11b
SHA1: 96d2853274fb80b0e47b368135b1d4d17e0650d9
SHA256: 0DF51B0FAB15DEB5CAE28E8E6368FBFD1A3B58AB1CB14671102E809B5AC7C09D
File Size: 2.60 MB, 2599080 bytes
MD5: 44d6c528c95b79b43fe32d2d0c5ecd2e
SHA1: 8e4caeb2ce4a709fcc40e8843c1df70ea3cbc345
SHA256: EC3EACE4C845875380C99C56F1B165DD4990DFF91A0A08637DCF70547FDC2AB1
File Size: 889.66 KB, 889664 bytes
MD5: 68c5b5564e9735dc4f2170e15f8bbf6b
SHA1: 291c733c46a2a395491b8e46f69f7d77e462a986
SHA256: 2ED034F4EACDFF4262FA1617FEBF533AE89DE84051477C18C402CD27BB65C0DE
File Size: 2.00 MB, 1996656 bytes
MD5: 0e67b816b74f6abf9d5c08f769566d7e
SHA1: 6cb024fce12f27ed12678adf4df7d1b0fd83ac43
SHA256: 9835DE06A21EE40E0508C8DB014FB5B10D91848846E997076490C92EB7FE20AE
File Size: 4.35 MB, 4350512 bytes
MD5: 2b940646b1fae5a0f610bb604db50463
SHA1: 08f458bbe0497d13802a28e7122fcfe7bc67910b
SHA256: 0A627A683A95FED27CFD2E749270AADD47B6B4AF8829D155D49A4E3BDFD52F1A
File Size: 794.02 KB, 794016 bytes
MD5: 755e10147ac1dbddb89b13abbaca0f27
SHA1: 3dc7906143eb99886b1b068af9e00ba5366e03b7
SHA256: 658674C1D9C4D4017E9A4D709D095E533A3D9D45791D795F8704F29FBDB7FAE6
File Size: 7.77 MB, 7774104 bytes
MD5: f44a10573fcc06554c0e2318ac806326
SHA1: c42685635390e25f4090b91a3575772c4d020601
SHA256: D7FED22AF939AE3C798EF406E7666C79B6DF33D5D4B10956E24D45ABD9E7A89E
File Size: 245.93 KB, 245928 bytes
MD5: 5928d0a2c7b808b3b63b44fc90c5fc1c
SHA1: 81d834f3d60008987766942f5fcaf34b31d25279
SHA256: 1184A4FDC7E2316B38A37B7582675A23BE64E4693E35176BB85711680315B793
File Size: 2.24 MB, 2243624 bytes
MD5: ecda13c0ee015f70fb5631f12df1678d
SHA1: 2a3ad4bcb647de2e7cb44838a5e4564c167da434
SHA256: 228F439762456F21B6FDA5CDBFE5D553F9B2A7DB98D3EA47B7F9060B9BA1736E
File Size: 9.39 MB, 9393736 bytes
MD5: ee2b82567a01dfb084e22621fe323e7e
SHA1: 2d25dd68ae93dd6e3510b38ab5970f97c58df137
SHA256: 62F8B804A66C840D75A69C8487136BFAA1D84BA6087CD5834BC7E213C1FD3D80
File Size: 6.62 MB, 6621784 bytes
MD5: 45a6b5c1289459bd912b95c838b3b4f1
SHA1: d8e7a54a6a634d85743d512d71ac62d5cdef6bd7
SHA256: 5D851FDC85284C3305F42D6F491A8AEBFCB411C95AB1E56C11E55C37A60F2B37
File Size: 168.52 KB, 168520 bytes
MD5: 6fcd69b681af392a2c83c0237d7e47c6
SHA1: 3363c4a3014d7c40d83063bd72c074a610f3f868
SHA256: 9036DF6216FD65E4BEB5201A6C71E3EADDA5CB8DD633F80A3A986021471E4905
File Size: 870.82 KB, 870816 bytes
MD5: 25bc1e23cfb7822956104e7e5cb428e3
SHA1: c439aa92bda6db673574e7f0dd623b84f1fd2d4c
SHA256: 97E7792BACDE8E825C2843069915590C789F6E876E7D8B3A16FD09A3DEAF9E58
File Size: 140.95 KB, 140952 bytes
MD5: 72d1739bfa23eb35a8ad866167bc3ac7
SHA1: 8afa78663fd593ba74a8bae88f3b660d150aaeed
SHA256: C8FCE144D9FB6B039262FA0494AF36EBD55068DAAA05CFC5BA8C7054751E4479
File Size: 166.98 KB, 166984 bytes
MD5: 9c3438c23f0840323742fe1148515758
SHA1: f1fdd04d600bedbe51ebc849ebc627244a363923
SHA256: 170FA266397C6E8FEF513BADC4EBD81118E5CF6CBDA7E69618516240DACB65AF
File Size: 4.14 MB, 4140728 bytes
MD5: b96203c8024687a9bd7f28c44ff5c032
SHA1: f01cbfb73f57adef287b9990797ec226f36c3450
SHA256: D16A776EEE5C3B7F4EDB473D407972B197BCD54DB5DDF2F9D110A90F6E9C28E5
File Size: 207.12 KB, 207120 bytes
MD5: 4b6c454b0d7edb699fe03ef5cd6ac830
SHA1: f013fc4032dc08547bf056e4bcbed4ab3e428f61
SHA256: ABAA2A9A28493A617CF1467B54672DEE8D0CCC24C7A37734C9FB6185FADAA4D9
File Size: 1.77 MB, 1769496 bytes
MD5: d11c47bd6f98d115a4fd567dca12805a
SHA1: 7b79ef5a7f043632527c3645428319ff29a4ec64
SHA256: 22F086BFD270EA78F4849AB70488829068D96C3033174C3E59FBDE8D6D025066
File Size: 2.09 MB, 2091688 bytes
MD5: ba9444e279d6b01d4dc2aa0c1bca530b
SHA1: 9db99417c42123d6f19deae89c6bfabe5cdd8bad
SHA256: 107287D40364A1594A103587E4C41AD01A10B2B59DC6346EB8A42B7C7A4356E4
File Size: 4.45 MB, 4450624 bytes
MD5: 281b1b899109c1f1d2668487d547331d
SHA1: afe55d859ec2682138e99d0c6496bd6a63ed0724
SHA256: 40C7874F79EEFC667A3AF002ADB9DE435F1ACE14AC663CB0051AB6BE754F9140
File Size: 7.50 MB, 7503672 bytes
MD5: 3731af70dbb31dfb7706c579129f0fee
SHA1: cd3b96c83b78d26666e6be916be1a7011554cb0d
SHA256: 4FAD4E42EAACAC44C269234E5183BC5C02699DB3E63E32125A31BAE63BF6636E
File Size: 8.45 MB, 8445381 bytes
MD5: 95309c429cf53bebd139c908457ed8c0
SHA1: 971249d4b0d35b289ae65c80965a98e8de220597
SHA256: A886F32D42502BB769861A2E4B27EFA7B5F694AB9664ACC69F65E06D3351DFB0
File Size: 2.60 MB, 2596008 bytes
MD5: 738ce55bf58276661ebb735297b6db63
SHA1: 307bcce178487c605fb026d2339baaf28f883047
SHA256: FE48E9438C77169E6C0EAC83440E671052BE4486A6D386909470787051FB9234
File Size: 1.13 MB, 1130885 bytes
MD5: 12eb7e13d3bb7de8c809bc0737d0be61
SHA1: 244ed1cfc7011b1a5063814118789a250c54c24e
SHA256: 03C415D279D9937F957C031B87550BCB2F42A12A08F8D98E96360F4760AC66D9
File Size: 9.94 MB, 9942603 bytes
MD5: b96fc381d89b6ba74e9ff3fe0865b96f
SHA1: 247c5fe1b351d14ccadfd2eedf4208c689a1a94a
SHA256: EC40E4AC079052734C4C729806C92F21BC3E158F8A4A06A1D78829E8EF2ED84E
File Size: 3.00 MB, 2998043 bytes
MD5: 0818479e0abe253492816b9bf0fd1179
SHA1: ee79032fda0d7ecac55e0a637d0155d8a4a0c415
SHA256: AA6D8F986CEEC600076D29FF1EAC1ED037C6B42EBCC992E9CB27DC4AAFC03AF9
File Size: 4.61 MB, 4610648 bytes
MD5: e26d27f41d2cc4b72c82336de4e489a8
SHA1: 81ab2d917b7fd0cb92b01bf7b24ef55afb7b7907
SHA256: 01ECC6FF0F12E692E793888C9F82A51D9F1226671358B5D998BFBC0D719C24FA
File Size: 1.89 MB, 1886384 bytes
MD5: 01b80fb1fde61bec716e928401adb169
SHA1: f4d5029f4dc384e606bb8e9cd71f3a72be6f8eb9
SHA256: 19AD7E54CE23A80F1E7F2711DBF592340720D55AFB690DAB5936FB96E639A765
File Size: 807.33 KB, 807328 bytes
MD5: a2a0e9a53687aaceb3fed3fec6fd654b
SHA1: e319d041df62b98179d326663a63995c86648384
SHA256: A88D1EAB9474089C2CA83CA49B0934BF9714B0EF379A098C6FA43456F1AD0540
File Size: 1.89 MB, 1886384 bytes
MD5: bb82540648a717c60cf41dafeee8273f
SHA1: 938956108c60927cfc5a8c2a007294457c90b565
SHA256: 2601867577E30CD14C146B70EF88E5388196C50FE1CE7816D1E0D24FBF88A48E
File Size: 1.02 MB, 1020512 bytes
MD5: 10ada1f8e52da6a519006588fa897a5d
SHA1: f650e0d947aa5bb2147716e457016be087b837eb
SHA256: 2BC5298734780414A6A4FCEF4F77B49D23A125F2323FBD51F0BBB00A68DE50DD
File Size: 537.04 KB, 537040 bytes
MD5: 99811b8de047198d707d01b30bc7ba2a
SHA1: 7d2b2213d120c6a4874396adb35bc5ea0ac9ec77
SHA256: EC88D82084303FE031BD69F6063027073326E2D820291C0056D004E6BB60806B
File Size: 13.78 KB, 13776 bytes
MD5: 77413db5e2cb347f4c039eb8f232ce5d
SHA1: ade3b150e4ca33822897a6c0e6030424c029beec
SHA256: 906F6A96AD21273112CCD51389240F7B693B5702D81D31D204B2388AF2DB680E
File Size: 807.33 KB, 807328 bytes
MD5: 1efe0e9b738d625683890ab96a83ec0e
SHA1: 8427e508f6b3d4ff1e2cf5da9bdaef74659b19f0
SHA256: D29833AF4D7390DBD9DBCE4C1E24622E8B877E7995F75D44B563D7929802FAF9
File Size: 473.42 KB, 473423 bytes
MD5: 1b95fec499bece21cbbc38db52ea54d7
SHA1: 9c34c4c032fa99cf3b85ad3d69f55ad434a960ab
SHA256: B527A5551E2E36CE0BD7F3CB6A9BD72C7B4F043DADD822E0EB78E616F5E95629
File Size: 1.89 MB, 1887408 bytes
MD5: b4a33fc1b3891606d24113aefca4b2ec
SHA1: 542e988af93ed56e63c213f40cb2ef780576c388
SHA256: 1D2DF2775A978B3F9D032043D4BDEB188B5DF259E234F49ACC59552586188961
File Size: 80.38 KB, 80375 bytes
MD5: 1bab9a2813596da9f61643020ae8cd12
SHA1: ae317d57b55903cf7dce7d2d59463254f1288a8b
SHA256: 92C78D402B3185666E792EDDDB3E8192FE33AE0AFA9EF24D3EEFDF9ED4CE37CC
File Size: 4.09 MB, 4094992 bytes
MD5: 2a3a9f0051249025cdc799928124fbb4
SHA1: f828288d7f5464112faaee452f454a66a6f0bfc3
SHA256: 53FBECDAC5B8F566447682E7EC02A43F9FA1E661AEE3DED427709948742D4635
File Size: 7.79 MB, 7786320 bytes
MD5: 23de5897bc524a59d57fd4e6f0284b0a
SHA1: 7db04eb4962827d0d9b3c4773c66a1748c6c1f67
SHA256: A009E1E4FED28DA79F8E20763A5DE1C419A32492A2BD8A9037CBE52CB9EE1C21
File Size: 3.59 MB, 3593968 bytes
MD5: fd1e6e44c87112b6ec37e7937ecfd201
SHA1: 4cb248f41b0c4e9b52355e5644e6d0ec79034731
SHA256: F6D59F67B759897E56B641C4CDC585ADB68823B5146414E17E528E1122FC5C3C
File Size: 5.00 MB, 4995400 bytes
MD5: 0e4bd76246decb127b07b092013c28b6
SHA1: f5a6b631da2ef49e8b522d2f0e4b184fa83dfa21
SHA256: 1FE217F70D4203BA6805FF5045E44AE9C7058D0D7EAD2C210892073BACAAB7F1
File Size: 12.36 KB, 12360 bytes
MD5: 67fa69df267099551d61d4a80d372838
SHA1: c2fbbe3d0ee53b66ab411a072ef2caaeb22a1424
SHA256: 4E53359D30D38FF8A2D6635B6E8C23735CF46FEF2D64690A6D088AD2C731AF82
File Size: 5.98 MB, 5978384 bytes
MD5: 667bca9709fa611d92d73a2c1be2e3be
SHA1: 7a4795b1610994c2125be45ff2489944a21bfe94
SHA256: 49BFD2FAC8D636CA8D32690B473A70320AC5CE2F65CEBFCC614DEE4704AC2C80
File Size: 3.86 MB, 3860122 bytes
MD5: c3bf37e9a29251d549695bccb502ffb0
SHA1: 9b2122a82a529c5293aeb6bf8241409fca2b1b6c
SHA256: E9DB10D6EC523AEB5661A680B2C2F001CD3EDC7F806447D788C978447C91BF8C
File Size: 7.03 MB, 7027768 bytes
MD5: cb188f982a8830bff01f24bcbf24336e
SHA1: f6512ccc2edf9c1b1fba4363fd06f6c2a02c56ec
SHA256: EE72E700ED367844A03D88A0AD323BE236FE708DF8DFC2CE944BA2495FD7BB13
File Size: 2.76 MB, 2755184 bytes
MD5: 5940b7a95908bfd2feb6603f6ce1b085
SHA1: e989fcc104a36e0a2b5a108503eef32af169b469
SHA256: 57EADACE724E4783394BC6AE4C4A419F6848305CA2340E48417A531524D66E9B
File Size: 979.88 KB, 979880 bytes
MD5: 36cb0c7e23f609d46567ea942a07efc5
SHA1: 6ed9d76046b069cd90f5a263ce81bf275907e428
SHA256: F5C3FB278BF9F5596DABC3B461FA3A98BAB7E74219FF9A69788AA0AD75FC3028
File Size: 93.65 KB, 93648 bytes
MD5: 4a7347c2dcb60f9be1af60596a67d68a
SHA1: 524fc40f3c45368c3bda16febc251b95710c4f6f
SHA256: 9E9DC3D0D76BDF1B07C7DEDD97632DF9F4FAD1EC281E2DD2A11260A00E0EF899
File Size: 1.53 MB, 1527808 bytes
MD5: 5e04d0f46a0bfd47d71bfc4dc7e13e3d
SHA1: c5d7c0edbf4af7436ca6eee020d5726b0e4e1812
SHA256: 88BA395348CD01B06E1D960777422892DD757AAB1D68A6E2AA91355956571B91
File Size: 202.14 KB, 202136 bytes
MD5: 263bc5ca74c2b440b3ca26d728892913
SHA1: 563afb06f9b46d957c21f96d826551324e0346c6
SHA256: 72E885B3A96E0F73D1C6BA2FBECE8194E138B3F2150AFC5A5697EFB19B10967D
File Size: 2.38 MB, 2376408 bytes
MD5: 50dd1fc815ca6218897c3b8aa03eb0b4
SHA1: 14b18260b9bce4a02b6ff70c9947e76b440aedf1
SHA256: 5D50C43755A8BC8DA988D3C763B4CF2D15B3E8C412E7720D04141341FE9F23B2
File Size: 6.58 MB, 6582600 bytes
MD5: 82915014e180ee97ca0f0f25c094e6d1
SHA1: 2134c0aab78eb9333ee828e2c6420d7d9f00050d
SHA256: 641A9D51291BDD4242213A3851BDE72485D1DF585FF466986864ABD6C2050CFD
File Size: 6.11 MB, 6109560 bytes
MD5: eb64777702acffc4966eda8ac0606874
SHA1: 1a2a196130c25f4bf18a71e8822f5ff94c1cde9e
SHA256: D2E9978DB60A1F632037B79B5F6E1587875218A448FB59577E5FD9D48DB74B7E
File Size: 2.23 MB, 2225896 bytes
MD5: 26f3dcb48d8da06a67165c7f0738c531
SHA1: a89c388e9ace283e2a7bbc10d979938e2c9bdc69
SHA256: AD06850F91F557113132551212BD4985E23FC0AAC4097C2824D378AD44BFBEC5
File Size: 7.98 MB, 7983806 bytes
MD5: 28221dc87378c28d1f7d39166f1d17f9
SHA1: 64733a1c8ca046a7b8364f7bf6fccbab202098cc
SHA256: D8319E2E1B49637A1B7C08AEFD490156BD44EE55C90EC26EDF144EE6D7904CED
File Size: 3.31 MB, 3311152 bytes
MD5: 6d705b68255210a4d54c7237d645e1b7
SHA1: 0eacf043326947f4c9dc23ec38e154e3c41b61f2
SHA256: AADBFEB5B9402848B76820616E35225680320FC225B37B186E0DF21EF44D29D5
File Size: 116.10 KB, 116104 bytes
MD5: 4f18c5bd5ee6fe4a69a34e8173d4c996
SHA1: 9e90077d7ff8e1d00a28f8c08325be8d8320c8d2
SHA256: CD20B9FD54574B69FBE884ECDC056291EECC51C70970C2444A0571F70DCB22FD
File Size: 6.07 MB, 6067224 bytes
MD5: dd5f54d3571974253f545d0eafc40f6e
SHA1: c50bee4a539b2f4a7401142b9b861ab28cd9350d
SHA256: B16FFC182424C440E7CB4DAC98D3D43989ADFADA7DE9A6867B18644B60CED004
File Size: 829.44 KB, 829440 bytes
MD5: 5000014bd695cb5fb032ec437adc25cb
SHA1: f412c3294bd305e41302490bffd1588b375e926f
SHA256: F0F03CE1A7925E8A3A55BCA890BB848AEF0761A42895B66711A44DE74D413E11
File Size: 1.08 MB, 1076544 bytes
MD5: b79e78d2a61644817ffdc8853ab98cd5
SHA1: 2131f604289bed9d6bfa2eb722b0dec644af38ca
SHA256: 61376AD6C6EE6B50331E27BBF44705A99B534678FA0CA3CB7A43581EA40176E6
File Size: 298.50 KB, 298496 bytes
MD5: 71f08bf8c6d6bee413db92665d6b3e78
SHA1: 7880888f538530eaa58b185effdf024092c67bbc
SHA256: 6DF3B99E60208EE25F752F1397E76018C52DFD1B159B0C9694F9D850F3F97F9E
File Size: 272.91 KB, 272911 bytes
MD5: 39d9a170718cb20c29e0bc91684c566a
SHA1: 20adfae70ab2eaf90046eb7c363790b3122b2e5a
SHA256: B9D91C26BA8869638A698C99E519D9241EF0FA0A2155073AAEF9EFE945A4B48F
File Size: 4.67 MB, 4673280 bytes
MD5: fd9e11ca1d796e24e026c8eefd4b5e3e
SHA1: af79c19260c839940260c292d5b72bfd2d268d31
SHA256: 5F77AB6220644A1B735ED4A6116B1A24C47A82EE211EE84F8D3A2462AC0578AB
File Size: 9.42 MB, 9416592 bytes
MD5: 4c17f2868343064e185df0fced9f6a3d
SHA1: 75f1525225b7c6e7927fbdb4f178402092dcf74f
SHA256: 5135F8C1474A701B48C37F064D3AC5ADC07D4AC6DC6E36E487C1B7AC684F4F2D
File Size: 1.55 MB, 1552376 bytes
MD5: e0ca132258a6a3f1c04a0543a4846804
SHA1: a4b9a4400b8731ed5e351b650c779a6a93c7c07c
SHA256: 255F65FC0F3D93691C52AD1AEE7DDC31F1028C4F1C0CEB434936BC4A2D41DF53
File Size: 722.79 KB, 722792 bytes
MD5: 524067f66a6360185f771877552d5916
SHA1: c8a69bd1b7c2ed745500964010e752e461e10423
SHA256: 2C13256FB30B480B53DFC1AA2E8870436421EC663A8F9550EA524D61BD27033C
File Size: 9.66 MB, 9660736 bytes
MD5: d2e0352ddd7abcffb1cff71c428b5e59
SHA1: fe167c61896ab0ef11ce539b1175b78bdbe7ba42
SHA256: 2988BB22BCCB75E354A25F8EA1E1659E16E0D64275FCB5AE5A1D4D301A4DEEEB
File Size: 2.09 MB, 2091688 bytes
MD5: 461124e5692924804eed8189b518035f
SHA1: 7dd230725a36c2ee749b16b455fff68526135ee2
SHA256: 00B3CE925D5DBC288011FC9D8D7E2D03962BAF0F9D62FEC7C7C015CD19C2909F
File Size: 1.89 MB, 1887408 bytes
MD5: 2c4714786946c2f804631589bde0e7a3
SHA1: 70f32b2c1000b1010b264636b30c1459254c3188
SHA256: 367186C4C400789F48A084673526A9F2E73308FF142BEF849081B44BFF14B701
File Size: 2.60 MB, 2599080 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

140 additional icons are not displayed above.

Windows PE Version Information

Name Value
Comments
  • Alexa Toolbar version 11.0
  • BitTorrent so simple.
  • CutePDF Setup
  • Developed by iYogi
  • The KMPlayer Comments
  • This installation was built with Inno Setup.
  • Written by Gary Hodgson
Company Name
  • Acro Software Inc.
  • Alexa.com
  • APN LLC.
  • arvato digital services llc
  • Ask
  • Ask.com
  • Ask.com
  • Ask Partner Network
  • Astroburn.com
  • AVM Software Inc.
Show More
  • Burnaware Technologies
  • Camshare Inc.
  • Disc Soft Ltd
  • DsNET Corp
  • DT Soft Ltd.
  • DT Soft Ltd.RePack by andreyonohov
  • DVD Video Soft Limited.
  • DVDVideoSoft Ltd.
  • FrostWire Team
  • Google Inc.
  • Gretech Corporation
  • iYogi
  • MAGIX AG
  • PandoraTV
Company Website http://atube-catcher.dsnetwb.com
File Description
  • APN Native Messaging Host
  • APN Updater
  • Ask Popup Blocker
  • Ask Search Assistant
  • Ask Toolbar Partner Cobranding
  • Ask Toolbar Setup
  • Ask Updater
  • AstroBurn Pro Setup
  • BurnAware Free Installation
  • Camfrog Video Chat Setup
Show More
  • Collection of utilities provided by iYogi for identifying various PC related problems
  • CutePDF Writer Setup
  • DAEMON Tools Lite
  • DAEMON Tools Lite Setup
  • DeskBar
  • Download Assistant
  • DVS Video Downloader Addon for Internet Explorer Setup
  • Free 3GP Video Converter 3.1 Setup
  • GOM Player Setup File (2010-07-08 오전 9:47:50)
  • Google Toolbar Broker
  • Google Toolbar Installer
  • IDC Loader
  • MAGIX Video deluxe MX Premium Versión para descargar (es-ES)
  • Offercast - APN Install Manager
  • Paltalk Setup
  • Passport
  • Reporter Application
  • Setup Launcher
  • Stub Installer
  • The Fastest File Sharing Application on Earth
  • The KMPlayer Setup/Install
File Version
  • 31.19.1.2516
  • 21.27.0.148
  • 21.6.0.4088
  • 11.0.2013.1018
  • 11.0.1.4
  • 10.8.0.0405.0
  • 7.8.0.3
  • 7.2.1.1
  • 7, 5, 5111, 1712
  • 7, 5, 4413, 1752
Show More
  • 7, 3, 2710, 138
  • 7, 2, 2318, 1946
  • 7, 0, 1710, 2246
  • 6, 6, 1015, 36
  • 6, 5, 621, 1538
  • 6, 4, 1321, 1732
  • 6, 4, 1208, 1530
  • 6, 3, 911, 1819
  • 6, 1, 1715, 1442
  • 6, 1, 1518, 856
  • 6, 0, 1411, 1512
  • 6,0,75,1270
  • 5.12.5.17700
  • 5.8
  • 5.5.0.0
  • 5.3.5.0
  • 4.45.4.0316
  • 4.35.6.0091.0
  • 4.30.4.0027.0
  • 4.5.0.0
  • 3.42.0.26168
  • 3.42.0.25251
  • 3.20.0.21682
  • 3.10.0.18770
  • 3.9.1.131
  • 3.8.7943
  • 3.7.0.17293
  • 3.4.10.15057
  • 3.4.7.12645
  • 3.4.6.12645
  • 3.1.2.1
  • 3.1.0.1
  • 3.0.0.2
  • 2.9.1347
  • 2.9.1.0
  • 2.4.0.61
  • 2.1
  • 1.5.1.11
  • 1.4.3.0
  • 1.4.0.580
  • 1.0.14.910
  • 1.0.2
  • 1.0.0.16749
  • 1,0,8,768
  • 1, 0, 2, 2
  • 1, 0, 0, 1
Internal Build Number 77018
Internal Name
  • APNInstaller.exe
  • APNMCP.exe
  • APNNativeMsgHost.exe
  • ApnSetup.exe
  • AskInstaller.dll
  • AskInstaller.exe
  • AskPartnerCobrandingTool
  • askPopupBlocker
  • DAEMONSetup4.30.4.0027.exe
  • DAEMONSetup4.35.6.0091.exe
Show More
  • DAEMON Tools Lite10.8.0.0405.exe
  • DeskBar
  • DownloadAssistant.exe
  • DTLite4453-0297.exe
  • FrostWire 5
  • GOM Player
  • GoogleToolbarInstaller
  • GoogleToolbarUser
  • IdcLdr.exe
  • KMPlayer_3.9.1.131.exe
  • Passport.dll
  • Reporter
  • Setup
  • Updater.exe
Legal Copyright
  • (c) 2003-2011 Camshare Inc.
  • (c) APN LLC. All rights reserved.
  • (c) Ask. All rights reserved.
  • (c) Ask 2009. All rights reserved.
  • 2010 (c) Ask.com. All rights reserved.
  • 2010: (c) Ask.com. All rights reserved.
  • Copyright (C) 2000-2018
  • Copyright(C) 2003-2010
  • Copyright (C) 2004-2008
  • Copyright (C) 2004-2009
Show More
  • Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
  • Copyright (C) 2008-2012
  • Copyright (C) 2012 iYogi
  • Copyright 1999 - 2016
  • Copyright PandoraTV 2013.
  • Copyright © 2000-2008
  • Copyright © 2000-2010
  • Copyright © 2000-2011
  • Copyright © 2000-2012
  • Copyright © 2000-2013
  • Copyright © 2000-2014
  • Copyright © 2008 Ask.com
  • Copyright © 2012 Burnaware Technologies.
  • Copyright © 2013 Ask Partner Network
  • Copyright © 2013 Ask Partner Network. All rights reserved.
  • Copyright © MAGIX AG
  • FrostWire Team 2008
  • © 2010 arvato digital services llc
  • © 2010-2017 arvato digital services llc
  • © 2013 Alexa.com
  • © 2018 APN, LLC. All Rights Reserved.
  • © Ask.com
Legal Trademarks
  • ${FILE_PRODUCT_LEGALTRADEMARKS}
  • Ask Search Assistant is a trademark of Ask.com
  • Freeware
M X_ Culture es-ES
M X_ Stub Version 1.1.0.53
Original Filename
  • APNInstaller.exe
  • APNMCP.exe
  • APNNativeMsgHost.exe
  • ApnSetup.exe
  • AskInstaller.dll
  • AskInstaller.exe
  • AskPartnerCobrandingTool
  • askPopupBlocker.dll
  • camfrog.exe
  • DAEMONSetup4.30.4.0027.exe
Show More
  • DAEMONSetup4.35.6.0091.exe
  • DAEMON Tools Lite10.8.0.0405.exe
  • DeskBar.exe
  • DownloadAssistant.exe
  • DTLite4453-0297.exe
  • frostwire-5.3.5.windows.exe
  • frostwire-5.5.0.windows.exe
  • GoogleToolbarInstaller.exe
  • GoogleToolbarUser.exe
  • IdcLdr.exe
  • KMPlayer_3.9.1.131.exe
  • PaltalkSetup.exe
  • Passport.dll
  • Reporter.exe
  • Setup.exe
  • Updater.exe
Private Build
  • 0.0.0.0
  • Avgust 28, 2012
  • Private build
Product Name
  • Alexa Toolbar
  • APN Native Messaging Host
  • APN Updater
  • Ask Popup Blocker
  • Ask Search Assistant
  • Ask Toolbar
  • Ask Toolbar
  • AstroBurn Pro
  • aTube Catcher
  • BurnAware Free
Show More
  • Camfrog Video Chat Setup
  • CutePDF Writer
  • DAEMON Tools Lite
  • DeskBar
  • Download Assistant
  • DVS Video Downloader Addon for Internet Explorer
  • Free 3GP Video Converter 3.1
  • FrostWire 5
  • GOM Player
  • Google Toolbar for Internet Explorer
  • Google Toolbar Installer
  • Hotspot Shield
  • IDC
  • MAGIX Video deluxe MX Premium Versión para descargar (es-ES)
  • Offercast - APN Install Manager
  • Paltalk Setup
  • Partner Cobranding
  • Passport
  • Reporter Application
  • Stub Installer
  • Support Dock
  • The KMPlayer
  • Updater
Product Version
  • 31.19.1.2516
  • 21.27.0.148
  • 21.6.0.4088
  • 11.0.1.4
  • 11.0
  • 10.8.0.0405.0
  • 7.8.0.3
  • 7.2.1.1
  • 7, 5, 5111, 1712
  • 7, 5, 4413, 1752
Show More
  • 7, 3, 2710, 138
  • 7, 2, 2318, 1946
  • 7, 0, 1710, 2246
  • 6, 6, 1015, 36
  • 6, 5, 621, 1538
  • 6, 4, 1321, 1732
  • 6, 4, 1208, 1530
  • 6, 3, 911, 1819
  • 6, 1, 1715, 1442
  • 6, 1, 1518, 856
  • 6, 0, 1411, 1512
  • 6,0,75,1270
  • 5.12.5.17700
  • 5.5.0.0
  • 5.3.5.0
  • 4.45.4.0316
  • 4.35.6.0091.0
  • 4.30.4.0027.0
  • 4.5.0.0
  • 3.10.0.18770
  • 3.9
  • 3.8.7943
  • 3.7.0.17293
  • 3.4.10.15057
  • 3.4.7.12645
  • 3.4.6.12645
  • 3.1.2.1
  • 3.1.0.1
  • 3.0.0.1
  • 2.9.1347
  • 2.9.1.0
  • 2.4.0.61
  • 2.2.0.111
  • 2.1.26.5021
  • 2, 0, 2, 0
  • 1.5.1.11
  • 1.4.3.0
  • 1.4.0.580
  • 1.0.14.910
  • 1.0.0.16749
  • 1,0,8,768
  • 1, 0, 0, 1
Special Build
  • 0.0.0.0
  • Special build

Digital Signatures

Signer Root Status
Portforward, LLC COMODO Code Signing CA 2 Self Signed
AVB Disc Soft, SIA COMODO RSA Code Signing CA Self Signed
DVDVideoSoft Ltd. GlobalSign CodeSigning CA - G2 Self Signed
ARVATO DIGITAL SERVICES LLC Go Daddy Class 2 Certification Authority Root Not Trusted
Acro Software Inc Go Daddy Class 2 Certification Authority Hash Mismatch
Show More
ARVATO DIGITAL SERVICES LLC Go Daddy Root Certificate Authority - G2 Root Not Trusted
Shanghai Comet Network Technology Shanghai Comet Network Technology Self Signed
APN LLC Symantec Class 3 SHA256 Code Signing CA Hash Mismatch
APN LLC Symantec Class 3 SHA256 Code Signing CA Self Signed
Paltalk.com Symantec Class 3 SHA256 Code Signing CA Self Signed
Frostwire, LLC Thawte Code Signing CA - G2 Self Signed
Alexa Internet UTN-USERFirst-Object Root Not Trusted
Burnaware UTN-USERFirst-Object Root Not Trusted
Ask.com VeriSign Class 3 Code Signing 2004 CA Hash Mismatch
Ask.com VeriSign Class 3 Code Signing 2004 CA Self Signed
Comet Network Technology Co Ltd. VeriSign Class 3 Code Signing 2004 CA Self Signed
Camshare L C VeriSign Class 3 Code Signing 2009-2 CA Self Signed
APN LLC VeriSign Class 3 Code Signing 2010 CA Hash Mismatch
APN LLC VeriSign Class 3 Code Signing 2010 CA Self Signed
Alawar Entertainment Inc VeriSign Class 3 Code Signing 2010 CA Self Signed
AnchorFree Inc VeriSign Class 3 Code Signing 2010 CA Self Signed
Ask.com VeriSign Class 3 Code Signing 2010 CA Hash Mismatch
Ask.com VeriSign Class 3 Code Signing 2010 CA Self Signed
Ask.com VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
iYogi Inc. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
iWin, Inc thawte Primary Root CA Root Not Trusted

File Traits

  • 2+ executable sections
  • HighEntropy
  • Installer Version
  • No Version Info
  • packed
  • PECompact v2.20
  • x86

Block Information

Total Blocks: 23,744
Potentially Malicious Blocks: 4
Whitelisted Blocks: 21,076
Unknown Blocks: 2,664

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 1 1 ? ? ? 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 0 ? 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 2 3 1 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 ? 0 0 0 1 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 ? 0 0 ? ? 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 ? 0 0 0 0 ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 ? 0 ? 0 ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AdGazelle.A
  • Agent.AG
  • Agent.DFGH
  • Agent.M
  • Agent.MI
Show More
  • Agent.MU
  • Agent.WO
  • Crack.K
  • Delf.VJB
  • FakeAV.AU
  • Heinote.A
  • KuwanBar.B
  • Makoob.A
  • Mobogenie
  • Parite.F
  • Redline.FAG
  • Trojan.Downloader.Gen.BQ

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ask search assistant\install.asa.log Read Attributes,Synchronize,Append data
c:\program files (x86)\ask search assistant\install.asa.log Read Attributes,Synchronize,Write Data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\google\google toolbar\component\fastsearch_c5284cc30ab3000e.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.6.3.911.1819.manifest.xml Generic Write,Read Attributes
Show More
c:\program files (x86)\google\google toolbar\component\googletoolbar.6.4.1321.1732.manifest.xml Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.0.1710.2246.manifest.xml Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.3.2710.138.manifest.xml Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_14dffe986686707c.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_78340b645538be5a.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_788d2431a6ffbd5a.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_d22497b1230df65b.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_17695c964715481c.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_2f821985c9445066.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_78f32466e61f1eec.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_7f0f61d2161f8678.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_6934f32e05f1abdc.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_6ce5017f567343ca.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_803138dce93649e4.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_b12ca2cbe40dd1a2.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_b8026b92987a22b1.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_e85cde7661a53a6a.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_f91d44faa5479127.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_7397bbd21492baa9.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_824283bbafaabb6c.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_ca551d1a255ea456.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_ec9625f032be677b.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdaterservice_5898fabcfa121c11.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdatesetup_0002b5aeb6c5b612.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_3cefec1f9bb6f303.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_60bf91fc421232d7.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_6d3db93e7883dbbb.exe Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_86d23231a3a85f4a.exe Generic Write,Read Attributes
c:\program files (x86)\paltalk\install.log Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\programdata\protexis\shared_settings.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\internet explorer\msimgsiz.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\protexis\usersettings.xml Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3582-490\712ec6403b43ba54c443fb9ae86ca0e030169589_0000734792 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is5554.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is6301.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is6341.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is63a0.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is63cf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is63ff.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is642f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is647e.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is64cd.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_is652c.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_msi5166._is Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn-stub\web\stb64d90428-87cd-4263-9cc3-9acea9d9a2d5.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\json.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\loadingscreen.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\objectmodel.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\orchestrator.html Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\rules.js Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\sattb.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\apn_pip_local\tb.png Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\askinstallchecker.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\captura.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\googletoolbarinstaller2.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\asktoolbar.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\bingdsmsnhpoffer.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\checkaskpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssfinishpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hsssafesearchwelcomepage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssslideshow.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssslideshowstep1.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssslideshowstep2.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssslideshowstep3.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hssslideshowstep4.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\hsswelcomepage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\ask_toolbar.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\bingheaderoption1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\bingnextbutton.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\bingnextbutton_jpn.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\bingnextbuttonbckg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\conduit_toolbar.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\hsslogo.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\logo_grey.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\msgradbckg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\msinstallbtn.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\msinstallonff.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\msinstallonie.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\mspoweredbyask.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrdesc.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrheader.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrheader_bonus.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrsubheader.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrsubheader_bonus_ff.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\rrsubheader_bonus_ie.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\img\safesearch_toolbar.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\lang\english.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\lang\internationalization.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\lang\japanese.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\msofferpage.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\msofferpage_bonus.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\asktoolbar.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\bingdsmsnhpoffer.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\checkaskpage.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\common.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\hssfinishpage.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\hsssafesearchwelcomepage.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\hsswelcomepage.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\msofferpage.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\msofferpage_bonus.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\nsidefs.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\nsidefs.js Synchronize,Write Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\searchprotect.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\toolbars.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\unclosebrowsers.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\scripts\ununinstallfiles.js Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\searchprotect.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\bg.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s1.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s2.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s3.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s4.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\img\s_icons.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\slider\index.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\asktoolbar.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\bing.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\hssfinishpage.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\hsssafesearchwelcomepage.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\hsswelcomepage.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\ms.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\searchprotect.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hotspot shield\html\styles\styles.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hssinst.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\hssinst.dll Synchronize,Write Data
c:\users\user\appdata\local\temp\hssinst64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hssinstaller.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hssinstaller.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\hssinstaller.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hssinstaller64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hssinstaller64.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\is-4rcqh.tmp\291c733c46a2a395491b8e46f69f7d77e462a986_0001996656.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-4rfqg.tmp\7db04eb4962827d0d9b3c4773c66a1748c6c1f67_0003593968.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-hcgpt.tmp\cb8fb7e5cdb59630bde59252a602866f8930615a_0007986551.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-mvmp3.tmp\1e3044b2792337c1abb32ae396f30bd111f6b79e_0003328728.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-sergj.tmp\ee79032fda0d7ecac55e0a637d0155d8a4a0c415_0004610648.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-tgj3m.tmp\bec50700056cd6019c478f3dd68600aa9e23a769_0002305392.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-u6stm.tmp\3ee8fea1d0c8c8072937656d87ea217953d30819_0004709861.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsab48b.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\insttype_page.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsabc23.tmp\insttype_page.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\modern-wizard.bmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\nsispcre.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\shortcut_page.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsabc23.tmp\shortcut_page.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsabc23.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsadea.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsb1a47.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb1a47.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb1a47.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb1a47.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb1a47.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb1a47.tmp\pantallatoolbar Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb1a47.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_lavasoft.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_options_bottom.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_options_header.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_process.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_welcome.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\bg_welcome_bottom.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\button_blue.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\button_normal.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_0.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_0_.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_1.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_1_.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_2.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_2_.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_3.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\install_3_.jpg Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\license.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\list.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\paltalk-logo.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\paltalk.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\privacy.html Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\skinnedcontrols.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\style.css Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79b1.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79c5.tmp\askinstallchecker.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79c5.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb79c5.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsb79c5.tmp\iospecial.ini Generic Write,Read Attributes

924 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command:: C:\WINDOWS\svchost.com "%1" %* RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix Cookie: RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix Visited: RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\time.dll RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\time.dll\??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\ RegNtPreCreateKey
Show More
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp RegNtPreCreateKey
HKCU\software\disc soft\daemon tools lite::installkey 91D4C1A9-F8CA-41E3-BFD7-C0DCD18B52DB RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage es RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\branding::sin RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\branding::ein  RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test 11339 RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments GNOT,GSBB,POSI RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 묍歭⛅ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᰔ殏⛅ǜ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage pt-BR RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test A RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments QSBC RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ଚ澙䐒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᴛ濋䐒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ᤆ瀉䐒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 摬灕䐒ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 誏䝨ǜ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG\??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps  RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps  RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps ă RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps ċ RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섋 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섋 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섋 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섋N RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섋Î RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 솋Î RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 녟摮刦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﷭撛刦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 쀩擞刦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 涬攭刦ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 獴裖桋ǜ RegNtPreCreateKey
HKCU\software\apn pip\hip::pip_exit_code 50002 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps  RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps Ă RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps Ċ RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섊 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섊 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섊 RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps 섊N RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::ocerrors RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test 14050 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}\treatas:: {571715D7-3395-4DF0-B43C-784836209E60} RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage fr RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments HTOL RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess
  • ShellExecute
Other Suspicious
  • SetWindowsHookEx
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW

68 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
  • OutputDebugString
User Data Access
  • GetComputerNameEx
  • GetUserName
  • GetUserObjectInformation
Network Winsock2
  • WSAStartup
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetOpenUrl
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Process Terminate
  • TerminateProcess
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReadData
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Keyboard Access
  • GetKeyState
Network Winsock
  • closesocket
  • connect
  • freeaddrinfo
  • getaddrinfo
  • gethostbyaddr
  • gethostbyname
  • inet_addr
  • recv
  • send
  • setsockopt
Show More
  • socket
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Urlomon
  • URLDownloadToFile
Service Control
  • StartServiceCtrlDispatcher
Network Info Queried
  • GetAdaptersInfo

Shell Command Execution

"C:\Users\Jrmhrlak\AppData\Local\Temp\is-MVMP3.tmp\1e3044b2792337c1abb32ae396f30bd111f6b79e_0003328728.tmp" /SL5="$A0052,3043011,101888,c:\users\user\downloads\1e3044b2792337c1abb32ae396f30bd111f6b79e_0003328728.exe"
"C:\Users\Lujdnitq\AppData\Local\Temp\is-HCGPT.tmp\cb8fb7e5cdb59630bde59252a602866f8930615a_0007986551.tmp" /SL5="$20272,7746887,53248,c:\users\user\downloads\cb8fb7e5cdb59630bde59252a602866f8930615a_0007986551.exe"
"C:\Users\Iyqcubmo\AppData\Local\Temp\is-U6STM.tmp\3ee8fea1d0c8c8072937656d87ea217953d30819_0004709861.tmp" /SL5="$300BA,4398154,223232,c:\users\user\downloads\3ee8fea1d0c8c8072937656d87ea217953d30819_0004709861"
"C:\Users\Kycsjqss\AppData\Local\Temp\is-TGJ3M.tmp\bec50700056cd6019c478f3dd68600aa9e23a769_0002305392.tmp" /SL5="$60054,2018269,109568,c:\users\user\downloads\bec50700056cd6019c478f3dd68600aa9e23a769_0002305392"
open C:\Users\Ztjavhcs\AppData\Local\Temp\3582-490\712ec6403b43ba54c443fb9ae86ca0e030169589_0000734792
Show More
"C:\Users\Bbsfjlhe\AppData\Local\Temp\nsb79C5.tmp\AskInstallChecker.exe" PTF
"C:\Users\Yijmmtpb\AppData\Local\Temp\nst5612.tmp\PIPInstallerBundle_FWV5_.exe" -b -wui
"C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=c:\users\user\downloads\
"C:\Users\Vclurjrp\AppData\Local\Temp\is-4RCQH.tmp\291c733c46a2a395491b8e46f69f7d77e462a986_0001996656.tmp" /SL5="$20138,1684479,54272,c:\users\user\downloads\291c733c46a2a395491b8e46f69f7d77e462a986_0001996656"
"C:\Users\Mtzxnwvw\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe" -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=702&state=initiated"
"C:\Users\Mtzxnwvw\AppData\Local\Temp\HssInstaller.exe" -iswow64
"C:\Users\Mtzxnwvw\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6
C:\Users\Rohxkckf\AppData\Local\Temp\nsy55E2.tmp\camfrog_stat_params.exe
"C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
"C:\Users\Pmqrznye\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe" -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.20&ch=550&state=initiated"
"C:\Users\Pmqrznye\AppData\Local\Temp\HssInstaller.exe" -iswow64
"C:\Users\Pmqrznye\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6
C:\Users\Pmqrznye\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe -H hash -O -T it -o 7 -u http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.20&ch=550&state=initiated
"C:\Users\Plapepdj\AppData\Local\Temp\AskInstallChecker.exe" MP3P2
"C:\Users\Osonkved\AppData\Local\Temp\is-SERGJ.tmp\ee79032fda0d7ecac55e0a637d0155d8a4a0c415_0004610648.tmp" /SL5="$6004E,4230396,122880,c:\users\user\downloads\ee79032fda0d7ecac55e0a637d0155d8a4a0c415_0004610648"
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f650e0d947aa5bb2147716e457016be087b837eb_0000537040.,LiQMAxHB
"C:\Users\Tjdcrtpa\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe" -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=438&state=initiated"
"C:\Users\Tjdcrtpa\AppData\Local\Temp\HssInstaller.exe" -iswow64
"C:\Users\Tjdcrtpa\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6
C:\Users\Tjdcrtpa\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe -H hash -O -T it -o 7 -u http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=438&state=initiated
"C:\Users\Qzadbaxe\AppData\Local\Temp\is-4RFQG.tmp\7db04eb4962827d0d9b3c4773c66a1748c6c1f67_0003593968.tmp" /SL5="$F0384,3078230,119296,c:\users\user\downloads\7db04eb4962827d0d9b3c4773c66a1748c6c1f67_0003593968"
"C:\Users\Yyoscjwv\AppData\Local\Temp\AskInstallChecker.exe" MP3P2
"C:\Users\Sriehzez\AppData\Local\Temp\nsr5289.tmp\InstGameInfoHelperPDGC.exe"
"C:\Users\Gtsbldtx\AppData\Local\Temp\nss9FD.tmp\PIPInstaller_HIP_.exe" -b -pid HIP
"C:\Users\Gtsbldtx\AppData\Local\Temp\nss9FD.tmp\PIPInstaller_HIP_.exe" -b -pid HIP -se -ppd 6504
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c5d7c0edbf4af7436ca6eee020d5726b0e4e1812_0000202136.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0eacf043326947f4c9dc23ec38e154e3c41b61f2_0000116104.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f412c3294bd305e41302490bffd1588b375e926f_0001076544.,LiQMAxHB

Related Posts

Trending

Most Viewed

Loading...