PUP.Bar

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	154
Threat Level:	10 % (Normal)
Infected Computers:	124,836

First Seen:	April 7, 2022
Last Seen:	April 13, 2026
OS(es) Affected:	Windows

Table of Contents

Registry Details

PUP.Bar may create the following registry entry or registry entries:

CLSID

{00000000-6E41-4FD3-8538-502F5495E5FC}

{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

{6C434537-053E-486D-B62A-160059D9D456}

{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

{D4027C7F-154A-4066-A1AD-4243D8127440}

File name without path

ask_image.bmp

toolbar@ask.com

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\APN

SOFTWARE\Ask.com

SOFTWARE\AskToolbar

SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

{79A765E1-C399-405B-85AF-466F52E918B0}

Directories

PUP.Bar may create the following directory or directories:

%ALLUSERSPROFILE%\APN

%ALLUSERSPROFILE%\AskPartnerNetwork

%ALLUSERSPROFILE%\AskToolbar

%programfiles%\ask.com

%temp%\APN-Stub

%temp%\APNLogs

%temp%\AskSearch

Analysis Report

General information

Family Name:	PUP.Bar
Signature status:	No Signature

Known Samples

MD5: 1053189c2dadbfcf6080493c52f74209

SHA1: 1e3044b2792337c1abb32ae396f30bd111f6b79e

File Size: 3.33 MB, 3328728 bytes

MD5: aca1cd6dbd98b870df8b0c50a936957d

SHA1: 0e4e2f7b3a46ec671315be3ab266f685c24703b1

File Size: 874.78 KB, 874780 bytes

MD5: 79ab2525a50e6ba406aee49a0899a9a6

SHA1: b8dad21e222427ad2c22a23cce26d6c77228e4b6

File Size: 482.82 KB, 482816 bytes

MD5: 9159dd0d116dea6a2715b6be128411ac

SHA1: 027df205c27c0f1b0f0aef535865ebb60a51e364

File Size: 2.34 MB, 2342648 bytes

MD5: 0d0bebad17b06087ac0055399355823f

SHA1: cb8fb7e5cdb59630bde59252a602866f8930615a

File Size: 7.99 MB, 7986551 bytes

MD5: 7f8b1574df7bbaf21e078bc257033fc6

SHA1: 7f67193cdd97f60caeeb6fbd2debfc125f29a4fb

File Size: 524.29 KB, 524288 bytes

MD5: c96edc923b0c7411f99fc7fb93a0a9b6

SHA1: 3ee8fea1d0c8c8072937656d87ea217953d30819

File Size: 4.71 MB, 4709861 bytes

MD5: 8043dec07386e28e53c7179bd5fed5fc

SHA1: 0c088ab05cdc21fafce8973185df004af215b1a7

SHA256: FE0E423DBEE414F32FF08D44ABCDC083332F5068D3F7B41CB6F6112824BE4CEE

File Size: 3.60 MB, 3597656 bytes

MD5: dccc388b691ab23a1c582fe402931f94

SHA1: d124d770a66c631873c99d209536bef67e7a7902

SHA256: 92D814A552F60C74F13296EBCAE7064F4E00D1651F6E660277C45651FB7EB7FA

File Size: 7.66 MB, 7658952 bytes

MD5: f684cbd51051704a739b4a618dc8cdec

SHA1: bec50700056cd6019c478f3dd68600aa9e23a769

SHA256: CD40DAC9E677D716E73ABDB36487955FBB1A17883E44E109CA427745FACCF60B

File Size: 2.31 MB, 2305392 bytes

MD5: 0f4e061b8d043334dfe06fac9889bc38

SHA1: 17cd2a6b8afc9cffddf1f41cc9e00ac79145250f

SHA256: 4DE6A9C0B82E52A06CFF689F2E9CAD5C85E85A3C029EC026EE0C85FBE0CFF75A

File Size: 8.59 MB, 8585216 bytes

MD5: 5359339ef3336cc673c3aac12c3e5a35

SHA1: 322cd3b05adcf62bdf9744eea1dc2b3b9de4ba29

SHA256: 716601DDCA2AC43123D9FD1A49BEFBC8EB8CEC6408BB917FF652CE5AB565DD04

File Size: 4.87 MB, 4870833 bytes

MD5: e7028ac7bb7dce0c2c1462101075fb18

SHA1: 712ec6403b43ba54c443fb9ae86ca0e030169589

SHA256: F89DDD1401CFB85D912D4506DCAA83D317B2EB4EB93AABE4B06C4120906E0B13

File Size: 734.79 KB, 734792 bytes

MD5: c27accd3f20e2dde3a6616f7dd6f23ff

SHA1: f86af564adbc6600aeb76917de3c9f7198de0080

SHA256: 4705B9AD67952233DDB8F50EE82FEEB4F036ABE66ACF8BE7D953F70C6F370358

File Size: 4.11 MB, 4109504 bytes

MD5: bfd29d6879366a7d4a8e5502669e9047

SHA1: b7484dad7249e6906a08b9d950c047db572fc0dc

SHA256: 91C4895F3FD0A0D1B1A8827C93C752E675FDD5DA8DD70C587506B9C31E36CB48

File Size: 7.79 MB, 7785695 bytes

MD5: fdd95ee9068859f45bc37e114097de1f

SHA1: 7bb348a158ba6e61b7eefdbe27b88a1e2754a5ae

SHA256: 3BFB947058D87E7F2023C8FD28C2C8583AF796606830611C10C49C224BBBA2B9

File Size: 7.78 MB, 7781488 bytes

MD5: 6681f01eb9e958a24110ac300f66a502

SHA1: e3dd9ae500e751ad702e1eaee52496191cb63f1f

SHA256: DA2541717C31258F905BC5B47D0CEFDAD56E3188E7B1C192F4E3D10A217441D4

File Size: 214.31 KB, 214312 bytes

MD5: 78f2ede8f1f4b4130214a9c2ffb007ee

SHA1: 3acf41c1828aedb2c72064978bc9c3b58d6ba63c

SHA256: CE078A7539F44FE3725EC73D6447EFB1A1292B8EE3D9D53D254A757E9FBC58CC

File Size: 8.56 MB, 8560944 bytes

MD5: 5e572e24542e19408ac42d09c7aee74f

SHA1: 1fede0b87a61ff83cd81566a2958f37b777a5d25

SHA256: 8209A2E25CDA88C62C754F08078C8A8503BD81EC45F56F36A4372E0077E10DF0

File Size: 5.10 MB, 5100744 bytes

MD5: d9905e2ef1256aee2d44554265301a58

SHA1: e6a57662fb7849a21465786e0284b27746ee6f97

SHA256: 26A799CEB76ECAC7A34FF58638E69BE68ED507A41EEB04377B1FBA3D51713CEA

File Size: 1.04 MB, 1044944 bytes

MD5: ebed5169714811f87249b3f96719d675

SHA1: b2d20afbb6f4c47b1cbd8420efd05bf2c8dd7c1c

SHA256: 24F1B079FEA8A215E8297A5C1D7C2AC94B443E75A5886468E65E958117282BD5

File Size: 2.33 MB, 2325176 bytes

MD5: 054067cf0eeff225c8b101ae25e0dcc6

SHA1: 622ee963a2ef850fa4b182d91a53327d0e294dd9

SHA256: 075195DB6C6BFD359A74FEF7C84CB4E85364E0E48C899C881185AF28C74E82AF

File Size: 4.71 MB, 4705280 bytes

MD5: 21b48d2a13d2f7a73c0341ac053fd11b

SHA1: 96d2853274fb80b0e47b368135b1d4d17e0650d9

SHA256: 0DF51B0FAB15DEB5CAE28E8E6368FBFD1A3B58AB1CB14671102E809B5AC7C09D

File Size: 2.60 MB, 2599080 bytes

MD5: 44d6c528c95b79b43fe32d2d0c5ecd2e

SHA1: 8e4caeb2ce4a709fcc40e8843c1df70ea3cbc345

SHA256: EC3EACE4C845875380C99C56F1B165DD4990DFF91A0A08637DCF70547FDC2AB1

File Size: 889.66 KB, 889664 bytes

MD5: 68c5b5564e9735dc4f2170e15f8bbf6b

SHA1: 291c733c46a2a395491b8e46f69f7d77e462a986

SHA256: 2ED034F4EACDFF4262FA1617FEBF533AE89DE84051477C18C402CD27BB65C0DE

File Size: 2.00 MB, 1996656 bytes

MD5: 0e67b816b74f6abf9d5c08f769566d7e

SHA1: 6cb024fce12f27ed12678adf4df7d1b0fd83ac43

SHA256: 9835DE06A21EE40E0508C8DB014FB5B10D91848846E997076490C92EB7FE20AE

File Size: 4.35 MB, 4350512 bytes

MD5: 2b940646b1fae5a0f610bb604db50463

SHA1: 08f458bbe0497d13802a28e7122fcfe7bc67910b

SHA256: 0A627A683A95FED27CFD2E749270AADD47B6B4AF8829D155D49A4E3BDFD52F1A

File Size: 794.02 KB, 794016 bytes

MD5: 755e10147ac1dbddb89b13abbaca0f27

SHA1: 3dc7906143eb99886b1b068af9e00ba5366e03b7

SHA256: 658674C1D9C4D4017E9A4D709D095E533A3D9D45791D795F8704F29FBDB7FAE6

File Size: 7.77 MB, 7774104 bytes

MD5: f44a10573fcc06554c0e2318ac806326

SHA1: c42685635390e25f4090b91a3575772c4d020601

SHA256: D7FED22AF939AE3C798EF406E7666C79B6DF33D5D4B10956E24D45ABD9E7A89E

File Size: 245.93 KB, 245928 bytes

MD5: 5928d0a2c7b808b3b63b44fc90c5fc1c

SHA1: 81d834f3d60008987766942f5fcaf34b31d25279

SHA256: 1184A4FDC7E2316B38A37B7582675A23BE64E4693E35176BB85711680315B793

File Size: 2.24 MB, 2243624 bytes

MD5: ecda13c0ee015f70fb5631f12df1678d

SHA1: 2a3ad4bcb647de2e7cb44838a5e4564c167da434

SHA256: 228F439762456F21B6FDA5CDBFE5D553F9B2A7DB98D3EA47B7F9060B9BA1736E

File Size: 9.39 MB, 9393736 bytes

MD5: ee2b82567a01dfb084e22621fe323e7e

SHA1: 2d25dd68ae93dd6e3510b38ab5970f97c58df137

SHA256: 62F8B804A66C840D75A69C8487136BFAA1D84BA6087CD5834BC7E213C1FD3D80

File Size: 6.62 MB, 6621784 bytes

MD5: 45a6b5c1289459bd912b95c838b3b4f1

SHA1: d8e7a54a6a634d85743d512d71ac62d5cdef6bd7

SHA256: 5D851FDC85284C3305F42D6F491A8AEBFCB411C95AB1E56C11E55C37A60F2B37

File Size: 168.52 KB, 168520 bytes

MD5: 6fcd69b681af392a2c83c0237d7e47c6

SHA1: 3363c4a3014d7c40d83063bd72c074a610f3f868

SHA256: 9036DF6216FD65E4BEB5201A6C71E3EADDA5CB8DD633F80A3A986021471E4905

File Size: 870.82 KB, 870816 bytes

MD5: 25bc1e23cfb7822956104e7e5cb428e3

SHA1: c439aa92bda6db673574e7f0dd623b84f1fd2d4c

SHA256: 97E7792BACDE8E825C2843069915590C789F6E876E7D8B3A16FD09A3DEAF9E58

File Size: 140.95 KB, 140952 bytes

MD5: 72d1739bfa23eb35a8ad866167bc3ac7

SHA1: 8afa78663fd593ba74a8bae88f3b660d150aaeed

SHA256: C8FCE144D9FB6B039262FA0494AF36EBD55068DAAA05CFC5BA8C7054751E4479

File Size: 166.98 KB, 166984 bytes

MD5: 9c3438c23f0840323742fe1148515758

SHA1: f1fdd04d600bedbe51ebc849ebc627244a363923

SHA256: 170FA266397C6E8FEF513BADC4EBD81118E5CF6CBDA7E69618516240DACB65AF

File Size: 4.14 MB, 4140728 bytes

MD5: b96203c8024687a9bd7f28c44ff5c032

SHA1: f01cbfb73f57adef287b9990797ec226f36c3450

SHA256: D16A776EEE5C3B7F4EDB473D407972B197BCD54DB5DDF2F9D110A90F6E9C28E5

File Size: 207.12 KB, 207120 bytes

MD5: 4b6c454b0d7edb699fe03ef5cd6ac830

SHA1: f013fc4032dc08547bf056e4bcbed4ab3e428f61

SHA256: ABAA2A9A28493A617CF1467B54672DEE8D0CCC24C7A37734C9FB6185FADAA4D9

File Size: 1.77 MB, 1769496 bytes

MD5: d11c47bd6f98d115a4fd567dca12805a

SHA1: 7b79ef5a7f043632527c3645428319ff29a4ec64

SHA256: 22F086BFD270EA78F4849AB70488829068D96C3033174C3E59FBDE8D6D025066

File Size: 2.09 MB, 2091688 bytes

MD5: ba9444e279d6b01d4dc2aa0c1bca530b

SHA1: 9db99417c42123d6f19deae89c6bfabe5cdd8bad

SHA256: 107287D40364A1594A103587E4C41AD01A10B2B59DC6346EB8A42B7C7A4356E4

File Size: 4.45 MB, 4450624 bytes

MD5: 281b1b899109c1f1d2668487d547331d

SHA1: afe55d859ec2682138e99d0c6496bd6a63ed0724

SHA256: 40C7874F79EEFC667A3AF002ADB9DE435F1ACE14AC663CB0051AB6BE754F9140

File Size: 7.50 MB, 7503672 bytes

MD5: 3731af70dbb31dfb7706c579129f0fee

SHA1: cd3b96c83b78d26666e6be916be1a7011554cb0d

SHA256: 4FAD4E42EAACAC44C269234E5183BC5C02699DB3E63E32125A31BAE63BF6636E

File Size: 8.45 MB, 8445381 bytes

MD5: 95309c429cf53bebd139c908457ed8c0

SHA1: 971249d4b0d35b289ae65c80965a98e8de220597

SHA256: A886F32D42502BB769861A2E4B27EFA7B5F694AB9664ACC69F65E06D3351DFB0

File Size: 2.60 MB, 2596008 bytes

MD5: 738ce55bf58276661ebb735297b6db63

SHA1: 307bcce178487c605fb026d2339baaf28f883047

SHA256: FE48E9438C77169E6C0EAC83440E671052BE4486A6D386909470787051FB9234

File Size: 1.13 MB, 1130885 bytes

MD5: 12eb7e13d3bb7de8c809bc0737d0be61

SHA1: 244ed1cfc7011b1a5063814118789a250c54c24e

SHA256: 03C415D279D9937F957C031B87550BCB2F42A12A08F8D98E96360F4760AC66D9

File Size: 9.94 MB, 9942603 bytes

MD5: b96fc381d89b6ba74e9ff3fe0865b96f

SHA1: 247c5fe1b351d14ccadfd2eedf4208c689a1a94a

SHA256: EC40E4AC079052734C4C729806C92F21BC3E158F8A4A06A1D78829E8EF2ED84E

File Size: 3.00 MB, 2998043 bytes

MD5: 0818479e0abe253492816b9bf0fd1179

SHA1: ee79032fda0d7ecac55e0a637d0155d8a4a0c415

SHA256: AA6D8F986CEEC600076D29FF1EAC1ED037C6B42EBCC992E9CB27DC4AAFC03AF9

File Size: 4.61 MB, 4610648 bytes

MD5: e26d27f41d2cc4b72c82336de4e489a8

SHA1: 81ab2d917b7fd0cb92b01bf7b24ef55afb7b7907

SHA256: 01ECC6FF0F12E692E793888C9F82A51D9F1226671358B5D998BFBC0D719C24FA

File Size: 1.89 MB, 1886384 bytes

MD5: 01b80fb1fde61bec716e928401adb169

SHA1: f4d5029f4dc384e606bb8e9cd71f3a72be6f8eb9

SHA256: 19AD7E54CE23A80F1E7F2711DBF592340720D55AFB690DAB5936FB96E639A765

File Size: 807.33 KB, 807328 bytes

MD5: a2a0e9a53687aaceb3fed3fec6fd654b

SHA1: e319d041df62b98179d326663a63995c86648384

SHA256: A88D1EAB9474089C2CA83CA49B0934BF9714B0EF379A098C6FA43456F1AD0540

File Size: 1.89 MB, 1886384 bytes

MD5: bb82540648a717c60cf41dafeee8273f

SHA1: 938956108c60927cfc5a8c2a007294457c90b565

SHA256: 2601867577E30CD14C146B70EF88E5388196C50FE1CE7816D1E0D24FBF88A48E

File Size: 1.02 MB, 1020512 bytes

MD5: 10ada1f8e52da6a519006588fa897a5d

SHA1: f650e0d947aa5bb2147716e457016be087b837eb

SHA256: 2BC5298734780414A6A4FCEF4F77B49D23A125F2323FBD51F0BBB00A68DE50DD

File Size: 537.04 KB, 537040 bytes

MD5: 99811b8de047198d707d01b30bc7ba2a

SHA1: 7d2b2213d120c6a4874396adb35bc5ea0ac9ec77

SHA256: EC88D82084303FE031BD69F6063027073326E2D820291C0056D004E6BB60806B

File Size: 13.78 KB, 13776 bytes

MD5: 77413db5e2cb347f4c039eb8f232ce5d

SHA1: ade3b150e4ca33822897a6c0e6030424c029beec

SHA256: 906F6A96AD21273112CCD51389240F7B693B5702D81D31D204B2388AF2DB680E

File Size: 807.33 KB, 807328 bytes

MD5: 1efe0e9b738d625683890ab96a83ec0e

SHA1: 8427e508f6b3d4ff1e2cf5da9bdaef74659b19f0

SHA256: D29833AF4D7390DBD9DBCE4C1E24622E8B877E7995F75D44B563D7929802FAF9

File Size: 473.42 KB, 473423 bytes

MD5: 1b95fec499bece21cbbc38db52ea54d7

SHA1: 9c34c4c032fa99cf3b85ad3d69f55ad434a960ab

SHA256: B527A5551E2E36CE0BD7F3CB6A9BD72C7B4F043DADD822E0EB78E616F5E95629

File Size: 1.89 MB, 1887408 bytes

MD5: b4a33fc1b3891606d24113aefca4b2ec

SHA1: 542e988af93ed56e63c213f40cb2ef780576c388

SHA256: 1D2DF2775A978B3F9D032043D4BDEB188B5DF259E234F49ACC59552586188961

File Size: 80.38 KB, 80375 bytes

MD5: 1bab9a2813596da9f61643020ae8cd12

SHA1: ae317d57b55903cf7dce7d2d59463254f1288a8b

SHA256: 92C78D402B3185666E792EDDDB3E8192FE33AE0AFA9EF24D3EEFDF9ED4CE37CC

File Size: 4.09 MB, 4094992 bytes

MD5: 2a3a9f0051249025cdc799928124fbb4

SHA1: f828288d7f5464112faaee452f454a66a6f0bfc3

SHA256: 53FBECDAC5B8F566447682E7EC02A43F9FA1E661AEE3DED427709948742D4635

File Size: 7.79 MB, 7786320 bytes

MD5: 23de5897bc524a59d57fd4e6f0284b0a

SHA1: 7db04eb4962827d0d9b3c4773c66a1748c6c1f67

SHA256: A009E1E4FED28DA79F8E20763A5DE1C419A32492A2BD8A9037CBE52CB9EE1C21

File Size: 3.59 MB, 3593968 bytes

MD5: fd1e6e44c87112b6ec37e7937ecfd201

SHA1: 4cb248f41b0c4e9b52355e5644e6d0ec79034731

SHA256: F6D59F67B759897E56B641C4CDC585ADB68823B5146414E17E528E1122FC5C3C

File Size: 5.00 MB, 4995400 bytes

MD5: 0e4bd76246decb127b07b092013c28b6

SHA1: f5a6b631da2ef49e8b522d2f0e4b184fa83dfa21

SHA256: 1FE217F70D4203BA6805FF5045E44AE9C7058D0D7EAD2C210892073BACAAB7F1

File Size: 12.36 KB, 12360 bytes

MD5: 67fa69df267099551d61d4a80d372838

SHA1: c2fbbe3d0ee53b66ab411a072ef2caaeb22a1424

SHA256: 4E53359D30D38FF8A2D6635B6E8C23735CF46FEF2D64690A6D088AD2C731AF82

File Size: 5.98 MB, 5978384 bytes

MD5: 667bca9709fa611d92d73a2c1be2e3be

SHA1: 7a4795b1610994c2125be45ff2489944a21bfe94

SHA256: 49BFD2FAC8D636CA8D32690B473A70320AC5CE2F65CEBFCC614DEE4704AC2C80

File Size: 3.86 MB, 3860122 bytes

MD5: c3bf37e9a29251d549695bccb502ffb0

SHA1: 9b2122a82a529c5293aeb6bf8241409fca2b1b6c

SHA256: E9DB10D6EC523AEB5661A680B2C2F001CD3EDC7F806447D788C978447C91BF8C

File Size: 7.03 MB, 7027768 bytes

MD5: cb188f982a8830bff01f24bcbf24336e

SHA1: f6512ccc2edf9c1b1fba4363fd06f6c2a02c56ec

SHA256: EE72E700ED367844A03D88A0AD323BE236FE708DF8DFC2CE944BA2495FD7BB13

File Size: 2.76 MB, 2755184 bytes

MD5: 5940b7a95908bfd2feb6603f6ce1b085

SHA1: e989fcc104a36e0a2b5a108503eef32af169b469

SHA256: 57EADACE724E4783394BC6AE4C4A419F6848305CA2340E48417A531524D66E9B

File Size: 979.88 KB, 979880 bytes

MD5: 36cb0c7e23f609d46567ea942a07efc5

SHA1: 6ed9d76046b069cd90f5a263ce81bf275907e428

SHA256: F5C3FB278BF9F5596DABC3B461FA3A98BAB7E74219FF9A69788AA0AD75FC3028

File Size: 93.65 KB, 93648 bytes

MD5: 4a7347c2dcb60f9be1af60596a67d68a

SHA1: 524fc40f3c45368c3bda16febc251b95710c4f6f

SHA256: 9E9DC3D0D76BDF1B07C7DEDD97632DF9F4FAD1EC281E2DD2A11260A00E0EF899

File Size: 1.53 MB, 1527808 bytes

MD5: 5e04d0f46a0bfd47d71bfc4dc7e13e3d

SHA1: c5d7c0edbf4af7436ca6eee020d5726b0e4e1812

SHA256: 88BA395348CD01B06E1D960777422892DD757AAB1D68A6E2AA91355956571B91

File Size: 202.14 KB, 202136 bytes

MD5: 263bc5ca74c2b440b3ca26d728892913

SHA1: 563afb06f9b46d957c21f96d826551324e0346c6

SHA256: 72E885B3A96E0F73D1C6BA2FBECE8194E138B3F2150AFC5A5697EFB19B10967D

File Size: 2.38 MB, 2376408 bytes

MD5: 50dd1fc815ca6218897c3b8aa03eb0b4

SHA1: 14b18260b9bce4a02b6ff70c9947e76b440aedf1

SHA256: 5D50C43755A8BC8DA988D3C763B4CF2D15B3E8C412E7720D04141341FE9F23B2

File Size: 6.58 MB, 6582600 bytes

MD5: 82915014e180ee97ca0f0f25c094e6d1

SHA1: 2134c0aab78eb9333ee828e2c6420d7d9f00050d

SHA256: 641A9D51291BDD4242213A3851BDE72485D1DF585FF466986864ABD6C2050CFD

File Size: 6.11 MB, 6109560 bytes

MD5: eb64777702acffc4966eda8ac0606874

SHA1: 1a2a196130c25f4bf18a71e8822f5ff94c1cde9e

SHA256: D2E9978DB60A1F632037B79B5F6E1587875218A448FB59577E5FD9D48DB74B7E

File Size: 2.23 MB, 2225896 bytes

MD5: 26f3dcb48d8da06a67165c7f0738c531

SHA1: a89c388e9ace283e2a7bbc10d979938e2c9bdc69

SHA256: AD06850F91F557113132551212BD4985E23FC0AAC4097C2824D378AD44BFBEC5

File Size: 7.98 MB, 7983806 bytes

MD5: 28221dc87378c28d1f7d39166f1d17f9

SHA1: 64733a1c8ca046a7b8364f7bf6fccbab202098cc

SHA256: D8319E2E1B49637A1B7C08AEFD490156BD44EE55C90EC26EDF144EE6D7904CED

File Size: 3.31 MB, 3311152 bytes

MD5: 6d705b68255210a4d54c7237d645e1b7

SHA1: 0eacf043326947f4c9dc23ec38e154e3c41b61f2

SHA256: AADBFEB5B9402848B76820616E35225680320FC225B37B186E0DF21EF44D29D5

File Size: 116.10 KB, 116104 bytes

MD5: 4f18c5bd5ee6fe4a69a34e8173d4c996

SHA1: 9e90077d7ff8e1d00a28f8c08325be8d8320c8d2

SHA256: CD20B9FD54574B69FBE884ECDC056291EECC51C70970C2444A0571F70DCB22FD

File Size: 6.07 MB, 6067224 bytes

MD5: dd5f54d3571974253f545d0eafc40f6e

SHA1: c50bee4a539b2f4a7401142b9b861ab28cd9350d

SHA256: B16FFC182424C440E7CB4DAC98D3D43989ADFADA7DE9A6867B18644B60CED004

File Size: 829.44 KB, 829440 bytes

MD5: 5000014bd695cb5fb032ec437adc25cb

SHA1: f412c3294bd305e41302490bffd1588b375e926f

SHA256: F0F03CE1A7925E8A3A55BCA890BB848AEF0761A42895B66711A44DE74D413E11

File Size: 1.08 MB, 1076544 bytes

MD5: b79e78d2a61644817ffdc8853ab98cd5

SHA1: 2131f604289bed9d6bfa2eb722b0dec644af38ca

SHA256: 61376AD6C6EE6B50331E27BBF44705A99B534678FA0CA3CB7A43581EA40176E6

File Size: 298.50 KB, 298496 bytes

MD5: 71f08bf8c6d6bee413db92665d6b3e78

SHA1: 7880888f538530eaa58b185effdf024092c67bbc

SHA256: 6DF3B99E60208EE25F752F1397E76018C52DFD1B159B0C9694F9D850F3F97F9E

File Size: 272.91 KB, 272911 bytes

MD5: 39d9a170718cb20c29e0bc91684c566a

SHA1: 20adfae70ab2eaf90046eb7c363790b3122b2e5a

SHA256: B9D91C26BA8869638A698C99E519D9241EF0FA0A2155073AAEF9EFE945A4B48F

File Size: 4.67 MB, 4673280 bytes

MD5: fd9e11ca1d796e24e026c8eefd4b5e3e

SHA1: af79c19260c839940260c292d5b72bfd2d268d31

SHA256: 5F77AB6220644A1B735ED4A6116B1A24C47A82EE211EE84F8D3A2462AC0578AB

File Size: 9.42 MB, 9416592 bytes

MD5: 4c17f2868343064e185df0fced9f6a3d

SHA1: 75f1525225b7c6e7927fbdb4f178402092dcf74f

SHA256: 5135F8C1474A701B48C37F064D3AC5ADC07D4AC6DC6E36E487C1B7AC684F4F2D

File Size: 1.55 MB, 1552376 bytes

MD5: e0ca132258a6a3f1c04a0543a4846804

SHA1: a4b9a4400b8731ed5e351b650c779a6a93c7c07c

SHA256: 255F65FC0F3D93691C52AD1AEE7DDC31F1028C4F1C0CEB434936BC4A2D41DF53

File Size: 722.79 KB, 722792 bytes

MD5: 524067f66a6360185f771877552d5916

SHA1: c8a69bd1b7c2ed745500964010e752e461e10423

SHA256: 2C13256FB30B480B53DFC1AA2E8870436421EC663A8F9550EA524D61BD27033C

File Size: 9.66 MB, 9660736 bytes

MD5: d2e0352ddd7abcffb1cff71c428b5e59

SHA1: fe167c61896ab0ef11ce539b1175b78bdbe7ba42

SHA256: 2988BB22BCCB75E354A25F8EA1E1659E16E0D64275FCB5AE5A1D4D301A4DEEEB

File Size: 2.09 MB, 2091688 bytes

MD5: 461124e5692924804eed8189b518035f

SHA1: 7dd230725a36c2ee749b16b455fff68526135ee2

SHA256: 00B3CE925D5DBC288011FC9D8D7E2D03962BAF0F9D62FEC7C7C015CD19C2909F

File Size: 1.89 MB, 1887408 bytes

MD5: 2c4714786946c2f804631589bde0e7a3

SHA1: 70f32b2c1000b1010b264636b30c1459254c3188

SHA256: 367186C4C400789F48A084673526A9F2E73308FF142BEF849081B44BFF14B701

File Size: 2.60 MB, 2599080 bytes

MD5: 40a620f6f06c5f8e4e125f9be8695fea

SHA1: 0ec6680d78cf2f6c7549d069b4f0ff1ca2ac1ff2

SHA256: 6386D25852CFC46438FF92953A3230EBBF6204BA6A80AAC5C70A77AD7C2C274E

File Size: 5.11 MB, 5112360 bytes

MD5: e7a3f8f140f51aae2f3cd278b46cec72

SHA1: 15ad52943bf23305ca6e8b00776e70822cdcb739

SHA256: 8AF2608BA9401A4E248807856E7A38D0CD97E440C38FEBF46D53332A809A5A61

File Size: 4.94 MB, 4939555 bytes

MD5: 86590e90a4485aaaebe9ce303a1fee15

SHA1: 95b5a4ab0192f87c65a3803d73a9ed0219f5bb79

SHA256: A20346DF25AD9ADFB12B1A3BEDDCBCC29374E83BDC953F7925367DCCACA17F6D

File Size: 4.75 MB, 4750384 bytes

MD5: 719096ff20a57d12e1480ce459cebf8a

SHA1: b81b7b447c5b816d8fd0ab8627abcb15efcc9436

SHA256: 6DA7162D84E3B83EDA50E30340227137F37D4EA7F8195424C68837A19A2E4D94

File Size: 5.80 MB, 5797048 bytes

MD5: 8f585b56f071fa2de3f7be49d0e38ea2

SHA1: bbf35affed92bb5e9247bacdc050023abd320ee9

SHA256: C678DC8D8CA0A51A7F4EB8ED70B20D485A7F444915AFC024780B967C321E3ECE

File Size: 5.08 MB, 5076524 bytes

MD5: a411f9b3d7f10037469167d021c7021d

SHA1: 646b3b48bc9a396899b15dc9b9454c1634a7b42b

SHA256: 54130A9B6C258FD9B59B36A1BF08ED6B8382DB1ED2D786A2091233AECC2C3332

File Size: 4.79 MB, 4785028 bytes

MD5: 8ca698071cccd5912ac454c75929d68d

SHA1: 9e6304f362d9aebb3098b09d17009738c77dc281

SHA256: 030AE4A4EF0A7CCE10788AFDA2B719E7C8221D829C47E4E820114E69FACB63A2

File Size: 2.60 MB, 2599080 bytes

MD5: 841ab5cad90098ab8b33236e6c0e49b7

SHA1: d4db977518cae00c5802048f8a9732b24b83b18a

SHA256: 94CD53F61F41765B27A639CB7EA9994AF8B884ADD667408F277426067802656D

File Size: 4.96 MB, 4958848 bytes

MD5: 621fe833943811a44ea1653f486ed874

SHA1: 99e5035597e44fd594dfa9327a47a7fb0f919e3e

SHA256: E0FD79114E7964961EE601746BA6F63FD3194722186B69C533986BAAC0CE7ECF

File Size: 807.33 KB, 807328 bytes

MD5: a8b07e85983ecc058ec7194fac308d9c

SHA1: d39fbe548fb3c7691e587db8833cbe1b5ed5617b

SHA256: 3049A3E4C21B450ADD1D9DCC31C6962B9750021F30888C16F45FDFB1A199139F

File Size: 1.02 MB, 1020512 bytes

MD5: f5a41a0935ea8e34d31062a517223a56

SHA1: d8050d6de60af8d71b2d1ba878c8687269b6d0ff

SHA256: 7824D03E8614699654A839D902DA2CDCFB63DFC1F557FE2DE2E55BE16370BCF0

File Size: 46.59 KB, 46592 bytes

MD5: aa4390cfa80c204f9f93d9d175abf5f8

SHA1: 4c544f3e1e2c7581e62971b77e0fd2e13a1ddc13

SHA256: A4A4C8DEE8DAEE4C72CED8A85076DDE92377538B1107C7E89E8A925FBDC065CF

File Size: 866.72 KB, 866720 bytes

MD5: 2df39e7aefe997346d9f04ecdf587892

SHA1: 48f89d7dc61b39a800aba512cf2495a43b3785ed

SHA256: 2ACCD5B55F5EBD3807F8A5D0F1E8F092B0801EE099A266813FE7E52D35641119

File Size: 3.60 MB, 3601440 bytes

MD5: d11ba69ecc246789be1bc9780fc257c7

SHA1: 576da902a220ae80df70230b6fa57d71d1333a26

SHA256: E1A394539EC32EA247F8B8F56D6192D549F775C8F463AAF5F44AE9E7BAEC117E

File Size: 573.44 KB, 573440 bytes

MD5: f498a850f7bb477bcbe8bc000cf76ba8

SHA1: 063cc5b06ea161a9268f60b2a83e8572f2950127

SHA256: F5F69B66731B547226512C5F0D1A017A34A0B5E6477DE3B3F97DBBD2F76165D6

File Size: 5.24 MB, 5236693 bytes

MD5: 161cdc833f85d2eb4b669faa48911e31

SHA1: 8356888da837639ed6bb6ba5a7bee22abee668aa

SHA256: 1A54C76B43611D60C71B8484570A6766F8DCE056C4D69D830F6C6874160E0D83

File Size: 4.11 MB, 4105408 bytes

MD5: 270b81bd4a67b63ae56506cba5578f53

SHA1: d8af59e3487525f4b4cf28a23a3889ac07364984

SHA256: F58AC461A2E621E172E6F6C8B0FF55F61A438EB1C4D0115DC15A2D0D9407B18E

File Size: 4.10 MB, 4100112 bytes

MD5: 1b61490e2d70b174f750e298224d4583

SHA1: abc4b58770698dd75d14cc8951aa163a803f3bc2

SHA256: 6020CEA5A31493CAB53A3A03AFEB47EF8AB276828E1C7AD70624286DED9F7504

File Size: 201.38 KB, 201384 bytes

MD5: aadc75cd5710888bdf0a7df5cd471036

SHA1: a89440c285a564961e4d240345ade5636cf93cec

SHA256: B8DF10AE648C0BF83F11E38CED8AC5EA090695CFF4E4574B90FCF55B3E4BEBD8

File Size: 416.84 KB, 416840 bytes

MD5: 9ea15aacb1497ff64331f33698e3076d

SHA1: 4f24a9fc9f065b282f9a064dc97db2824b698879

SHA256: B346F0E5CD32418CEBDEF96B401D233D89129A56386DF52EB849D06B61E25D26

File Size: 7.40 MB, 7398456 bytes

MD5: 13d85a32f9b6f96f37479261d4be1bea

SHA1: 738fbf13ba38b03d21dfc6532c7a994ec128a38a

SHA256: 5809D8D832C15A2EE3512C0C6D5F4F44DA530E8FA4A58D53306C59870332B23F

File Size: 1.40 MB, 1404920 bytes

MD5: a6a6aaf7b76f63dcfd718e06b06f2872

SHA1: bc3f2fa193a8312cb57faadf104d3b415cb3383a

SHA256: A452DCA4D74291B3D3036FDBDC75D17AD35D79F079CCB8CB9FB8AC5BE18F367A

File Size: 2.28 MB, 2281436 bytes

MD5: b3976db8ab44f0ca29e02ebacedec325

SHA1: 559cbf628e41b41fe00a345f58c326239f9b04d0

SHA256: 8B1C9B4663401A79CA1526A4E6BAFBDE2317764656A1B9398F6B0A1D9A3BA4E4

File Size: 9.36 MB, 9355032 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable
File is 64-bit executable

File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

174 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Comments	Alexa Toolbar version 11.0 BitTorrent so simple. CutePDF Setup Developed by iYogi The KMPlayer Comments The most advanced file sharing program on the planet. This installation was built with Inno Setup. Written by Gary Hodgson
Company Name	Acro Software Inc. Alexa.com APN APN LLC. arvato digital services llc Ask Ask.com Ask.com Ask Partner Network Astroburn.com Show More AVM Software Inc. Burnaware Technologies Camshare Inc. Canneverbe Limited Disc Soft Ltd DsNET Corp DT Soft Ltd DT Soft Ltd. DT Soft Ltd.RePack by andreyonohov DVD Video Soft Limited. DVDVideoSoft Ltd. FrostWire Team Google Inc. Gretech Corporation Incentive Networks iYogi MAGIX AG PandoraTV Tracker Software Products Ltd
Company Website	http://atube-catcher.dsnetwb.com
File Description	APN Chrome utility plugin APN Native Messaging Host APN Updater Ask Popup Blocker Ask Search Assistant Ask Toolbar Partner Cobranding Ask Toolbar Setup Ask Updater AstroBurn Pro Setup BurnAware Free Installation Show More Camfrog Video Chat Setup CDBurnerXP Collection of utilities provided by iYogi for identifying various PC related problems CPUID CPU-Z Setup CPUID HWMonitor Setup CutePDF Writer Setup DAEMON Tools Lite DAEMON Tools Lite Setup DAEMON Tools Toolbar Setup DeskBar Download Assistant DVS Video Downloader Addon for Internet Explorer Setup Free 3GP Video Converter 3.1 Setup GOM Player Setup File (2010-07-08 오전 9:47:50) Google Toolbar Broker Google Toolbar Installer IDC Loader Loader Module MAGIX Video deluxe MX Premium Versión para descargar (es-ES) Offercast - APN Install Manager Paltalk Setup Passport PDF-XChange 4 Setup Reporter Application Setup Launcher Stub Installer The Fastest File Sharing Application on Earth The KMPlayer Setup/Install
File Version	31.19.1.2516 21.27.0.148 21.6.0.4088 11.0.2013.1018 11.0.1.4 10.8.0.0405.0 7.8.0.3 7.2.1.1 7, 5, 5111, 1712 7, 5, 4413, 1752 Show More 7, 3, 2710, 138 7, 2, 2318, 1946 7, 0, 1710, 2246 6, 6, 1015, 36 6, 5, 621, 1538 6, 4, 1321, 1732 6, 4, 1208, 1530 6, 3, 911, 1819 6, 1, 1715, 1442 6, 1, 1518, 856 6, 0, 1411, 1512 6,0,75,1270 5.12.5.17700 5.8 5.5.0.0 5.3.5.0 5, 0, 2124, 6042 4.45.4.0316 4.35.6.0091.0 4.30.4.0027.0 4.21.8.0 4.5.0.0 4.3.0.2054 4.0.176.0 3.42.0.26168 3.42.0.25251 3.20.0.21682 3.10.0.18770 3.9.1.131 3.8.7943 3.7.0.17293 3.4.10.15057 3.4.7.12645 3.4.6.12645 3.1.2.1 3.1.0.1 3.0.0.2 2.9.1347 2.9.1.0 2.4.0.61 2.1 1.15.20.0 1.5.1.11 1.4.3.0 1.4.0.580 1.1.3.0244 1.0.14.910 1.0.2 1.0.0.16749 1.0.0.0 1,0,8,768 1, 0, 2, 2 1, 0, 0, 4 1, 0, 0, 1
Internal Build Number	77018 92881
Internal Name	APNInstaller.exe APNMCP.exe APNNativeMsgHost.exe ApnSetup.exe AskInstaller.dll AskInstaller.exe AskPartnerCobrandingTool askPopupBlocker ChromeUtilPlugin.dll DAEMONSetup4.30.4.0027.exe Show More DAEMONSetup4.35.6.0091.exe DAEMON Tools Lite10.8.0.0405.exe DAEMON Tools Toolbar1.1.3.0244.exe DeskBar DownloadAssistant.exe DTLite4453-0297.exe FrostWire FrostWire 5 GOM Player GoogleToolbarInstaller GoogleToolbarUser IdcLdr.exe KMPlayer_3.9.1.131.exe Loader Passport.dll Reporter Setup Updater.exe
Legal Copyright	(c) 2003-2011 Camshare Inc. (c) APN LLC. All rights reserved. (c) Ask. All rights reserved. (c) Ask 2009. All rights reserved. 2010 (c) Ask.com. All rights reserved. 2010: (c) Ask.com. All rights reserved. CDBurnerXP, copyright © 2001-2010 Canneverbe Limited Copyright (C) 2000-2018 Copyright(C) 2003-2010 Copyright (C) 2004-2008 Show More Copyright (C) 2004-2009 Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. Copyright (c) 2008 DT Soft Ltd Copyright (C) 2008-2012 Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved. Copyright (C) 2011-2012 APN Copyright (C) 2012 iYogi Copyright 1999 - 2016 Copyright 2011 Copyright PandoraTV 2013. Copyright © 2000-2008 Copyright © 2000-2008 Tracker Software Copyright © 2000-2010 Copyright © 2000-2011 Copyright © 2000-2012 Copyright © 2000-2013 Copyright © 2000-2014 Copyright © 2008 Ask.com Copyright © 2012 Burnaware Technologies. Copyright © 2013 Ask Partner Network Copyright © 2013 Ask Partner Network. All rights reserved. Copyright © MAGIX AG FrostWire Team 2008 © 2010 arvato digital services llc © 2010-2017 arvato digital services llc © 2013 Alexa.com © 2018 APN, LLC. All Rights Reserved. © Ask.com
Legal Trademarks	${FILE_PRODUCT_LEGALTRADEMARKS} Ask Search Assistant is a trademark of Ask.com Freeware
M I M E Type	application/x-ask-chromeutil-for-SHD-V7
M X_ Culture	es-ES
M X_ Stub Version	1.1.0.53
Original Filename	APNInstaller.exe APNMCP.exe APNNativeMsgHost.exe ApnSetup.exe AskInstaller.dll AskInstaller.exe AskPartnerCobrandingTool askPopupBlocker.dll camfrog.exe ChromeUtilPlugin.dll Show More DAEMONSetup4.30.4.0027.exe DAEMONSetup4.35.6.0091.exe DAEMON Tools Lite10.8.0.0405.exe DAEMON Tools Toolbar1.1.3.0244.exe DeskBar.exe DownloadAssistant.exe DTLite4453-0297.exe frostwire-4.21.8.windows.exe frostwire-5.3.5.windows.exe frostwire-5.5.0.windows.exe GoogleToolbarInstaller.exe GoogleToolbarUser.exe IdcLdr.exe KMPlayer_3.9.1.131.exe Loader.DLL PaltalkSetup.exe Passport.dll Reporter.exe Setup.exe Updater.exe
Private Build	0.0.0.0 Avgust 28, 2012 Private build
Product Name	Alexa Toolbar APN Native Messaging Host APN Updater Ask Popup Blocker Ask Search Assistant Ask Toolbar Ask Toolbar AstroBurn Pro aTube Catcher BurnAware Free Show More Camfrog Video Chat Setup CDBurnerXP ChromeUtilPlugin CPUID CPU-Z CPUID HWMonitor CutePDF Writer DAEMON Tools Lite DAEMON Tools Toolbar DeskBar Download Assistant DVS Video Downloader Addon for Internet Explorer Free 3GP Video Converter 3.1 FrostWire FrostWire 5 GOM Player Google Toolbar for Internet Explorer Google Toolbar Installer Hotspot Shield IDC Loader Module MAGIX Video deluxe MX Premium Versión para descargar (es-ES) Offercast - APN Install Manager Paltalk Setup Partner Cobranding Passport PDF-XChange 4 Reporter Application Stub Installer Support Dock The KMPlayer Updater
Product Version	31.19.1.2516 21.27.0.148 21.6.0.4088 11.0.1.4 11.0 10.8.0.0405.0 7.8.0.3 7.2.1.1 7, 5, 5111, 1712 7, 5, 4413, 1752 Show More 7, 3, 2710, 138 7, 2, 2318, 1946 7, 0, 1710, 2246 6, 6, 1015, 36 6, 5, 621, 1538 6, 4, 1321, 1732 6, 4, 1208, 1530 6, 3, 911, 1819 6, 1, 1715, 1442 6, 1, 1518, 856 6, 0, 1411, 1512 6,0,75,1270 5.12.5.17700 5.5.0.0 5.3.5.0 5, 0, 2124, 6042 4.45.4.0316 4.35.6.0091.0 4.30.4.0027.0 4.21.8.0 4.5.0.0 4.3.0.2054 4.0.176.0 3.10.0.18770 3.9 3.8.7943 3.7.0.17293 3.4.10.15057 3.4.7.12645 3.4.6.12645 3.1.2.1 3.1.0.1 3.0.0.1 2.9.1347 2.9.1.0 2.4.0.61 2.2.0.111 2.1.26.5021 2, 0, 2, 0 1.15.20.0 1.5.1.11 1.4.3.0 1.4.0.580 1.1.3.0244 1.0.14.910 1.0.0.16749 1.0.0.0 1,0,8,768 1, 0, 0, 4 1, 0, 0, 1
Special Build	0.0.0.0 Special build

Digital Signatures

Signer	Root	Status
Portforward, LLC	COMODO Code Signing CA 2	Self Signed
AVB Disc Soft, SIA	COMODO RSA Code Signing CA	Self Signed
DVDVideoSoft Ltd.	GlobalSign CodeSigning CA - G2	Self Signed
ARVATO DIGITAL SERVICES LLC	Go Daddy Class 2 Certification Authority	Root Not Trusted
Acro Software Inc	Go Daddy Class 2 Certification Authority	Hash Mismatch

ARVATO DIGITAL SERVICES LLC	Go Daddy Root Certificate Authority - G2	Root Not Trusted
Shanghai Comet Network Technology	Shanghai Comet Network Technology	Self Signed
APN LLC	Symantec Class 3 SHA256 Code Signing CA	Hash Mismatch
APN LLC	Symantec Class 3 SHA256 Code Signing CA	Self Signed
Paltalk.com	Symantec Class 3 SHA256 Code Signing CA	Self Signed
Frostwire, LLC	Thawte Code Signing CA - G2	Self Signed
Tracker Software Products Ltd	Tracker Software Products Ltd	Hash Mismatch
Alexa Internet	UTN-USERFirst-Object	Root Not Trusted
Burnaware	UTN-USERFirst-Object	Root Not Trusted
Ask.com	VeriSign Class 3 Code Signing 2004 CA	Hash Mismatch
Ask.com	VeriSign Class 3 Code Signing 2004 CA	Self Signed
Comet Network Technology Co Ltd.	VeriSign Class 3 Code Signing 2004 CA	Self Signed
Camshare L C	VeriSign Class 3 Code Signing 2009-2 CA	Self Signed
APN LLC	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
APN LLC	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Alawar Entertainment Inc	VeriSign Class 3 Code Signing 2010 CA	Self Signed
AnchorFree Inc	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Ask.com	VeriSign Class 3 Code Signing 2010 CA	Hash Mismatch
Ask.com	VeriSign Class 3 Code Signing 2010 CA	Self Signed
Ask.com	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
Incentive Networks LLC	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
iYogi Inc.	VeriSign Class 3 Public Primary Certification Authority - G5	Root Not Trusted
iWin, Inc	thawte Primary Root CA	Root Not Trusted

File Traits

2+ executable sections
big overlay
dll
HighEntropy
Installer Version
No Version Info
packed
PECompact v2.20
x86

Block Information

Similar Families

1stBrowser.A
AdGazelle.A
Agent.AG
Agent.DFGH
Agent.M

Agent.MI
Agent.MU
Agent.WO
Crack.K
Delf.VJB
FakeAV.AU
Heinote.A
KuwanBar.B
Makoob.A
Mobogenie
Parite.F
Redline.FAG
Trojan.Downloader.Gen.BQ

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
\device\namedpipe\googlecrashservices\s-1-5-21-3119368278-1123331430-659265220-1001	Read Data,Read Attributes,Synchronize,Write Data,Write Attributes
\device\namedpipe\srvsvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\wkssvc	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\ask search assistant\install.asa.log	Read Attributes,Synchronize,Append data
c:\program files (x86)\ask search assistant\install.asa.log	Read Attributes,Synchronize,Write Data
c:\program files (x86)\common files\microsoft shared\msinfo\msinfo32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\google\google toolbar\component\fastsearch_c5284cc30ab3000e.dll	Generic Write,Read Attributes

c:\program files (x86)\google\google toolbar\component\googlecld_187f9d811452062b.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.6.3.911.1819.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.6.4.1321.1732.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.0.1710.2246.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.3.2710.138.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.5.4413.1752.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar.7.5.5111.1712.manifest.xml	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_14dffe986686707c.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_365102bd7f6c8091.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_5b7f428b5255b267.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_78340b645538be5a.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_788d2431a6ffbd5a.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_32_d22497b1230df65b.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_64_54bd4059920abc8a.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbar_64_d9334001a1c142a0.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_17695c964715481c.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_2f821985c9445066.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_73a164c14ccc546b.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_78f32466e61f1eec.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_7f0f61d2161f8678.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_32_8e471b27054d20f5.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_64_26a459b3e383e55d.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_64_f8ed9b719a89f8ef.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_0a4439ff67f61065.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_6934f32e05f1abdc.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_6ce5017f567343ca.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_803138dce93649e4.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_e7110f8b630e4f04.dll	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_714bfb3b4b0991f6.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_8ca8b41417e66deb.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_b12ca2cbe40dd1a2.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_b8026b92987a22b1.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_e85cde7661a53a6a.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbarmanager_f91d44faa5479127.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_16a328a5a291f177.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_52e818ef81c83a9b.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_7397bbd21492baa9.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_824283bbafaabb6c.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_ca551d1a255ea456.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_32_ec9625f032be677b.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_64_4d9709c1fa1422ba.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googletoolbaruser_64_e22ae377e2374fd1.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdaterservice_5898fabcfa121c11.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdaterservice_b33fc4dd36a473c6.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdatesetup_0002b5aeb6c5b612.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\googleupdatesetup_5cc4b0f53d73ad88.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_0bb4946b2eeac900.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_3cefec1f9bb6f303.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_60bf91fc421232d7.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_6d3db93e7883dbbb.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_86d23231a3a85f4a.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\searchwithgoogleupdate_c993f490eed40c1b.exe	Generic Write,Read Attributes
c:\program files (x86)\google\google toolbar\component\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\google\google toolbar\googletoolbar_32.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\google toolbar\googletoolbar_64.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\google toolbar\googletoolbaruser_64.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googlecrashhandler.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googlecrashhandler64.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googleupdate.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googleupdatebroker.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googleupdatehelper.msi	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googleupdateondemand.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\googleupdatesetup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdate.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_am.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ar.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_bg.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_bn.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ca.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_cs.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_da.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_de.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_el.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_en-gb.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_en.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_es-419.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_es.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_et.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_fa.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_fi.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_fil.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_fr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_gu.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_hi.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_hr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_hu.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_id.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_is.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_it.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_iw.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ja.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_kn.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ko.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_lt.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_lv.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ml.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_mr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ms.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_nl.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_no.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_pl.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_pt-br.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_pt-pt.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ro.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ru.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_sk.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_sl.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_sr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_sv.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_sw.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ta.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_te.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_th.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_tr.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_uk.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_ur.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_vi.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_zh-cn.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\goopdateres_zh-tw.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\npgoogleupdate3.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\psmachine.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\1.3.21.107\psuser.dll	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\google\update\googleupdate.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\gumb33d.tmp\googlecrashhandler.exe	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googlecrashhandler64.exe	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googleupdate.exe	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googleupdatebroker.exe	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googleupdatehelper.msi	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googleupdateondemand.exe	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\googleupdatesetup.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\program files (x86)\gumb33d.tmp\goopdate.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_am.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ar.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_bg.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_bn.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ca.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_cs.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_da.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_de.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_el.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_en-gb.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_en.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_es-419.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_es.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_et.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_fa.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_fi.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_fil.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_fr.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_gu.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_hi.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_hr.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_hu.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_id.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_is.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_it.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_iw.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ja.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_kn.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ko.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_lt.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_lv.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ml.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_mr.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ms.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_nl.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_no.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_pl.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_pt-br.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_pt-pt.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ro.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ru.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_sk.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_sl.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_sr.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_sv.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_sw.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ta.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_te.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_th.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_tr.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_uk.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_ur.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_vi.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_zh-cn.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\goopdateres_zh-tw.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\npgoogleupdate3.dll	Generic Write,Read Attributes
c:\program files (x86)\gumb33d.tmp\psmachine.dll	Generic Write,Read Attributes

1296 additional files are not displayed above.

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\software\classes\exefile\shell\open\command::	C:\WINDOWS\svchost.com "%1" %*	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\time.dll	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\time.dll\??\C:\Users\Jqovigvg\AppData\Local\Temp\nsf9B31.tmp\	RegNtPreCreateKey

HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe\??\C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp	RegNtPreCreateKey
HKCU\software\disc soft\daemon tools lite::installkey	91D4C1A9-F8CA-41E3-BFD7-C0DCD18B52DB	RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage	es	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\branding::sin		RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\branding::ein		RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	11339	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments	GNOT,GSBB,POSI	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	묍歭⛅ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᰔ殏⛅ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\advanced inf setup\ie complist::ie.hkcuzoneinfo		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage	pt-BR	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	A	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments	QSBC	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ଚ澙䐒ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᴛ濋䐒ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ᤆ瀉䐒ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	摬灕䐒ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	誏䝨ǜ	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG\??\C:\Users\Ahipdbly\AppData\Local\Temp\apn_pip_local	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\rfc1156agent\currentversion\parameters::trappolltimemillisecs	㪘	RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\gpu::adapterinfo	vendorId="0x1414",deviceID="0x8c",subSysID="0x0",revision="0x0",version="10.0.19041.3570"hypervisor="Hypervisor detected (Micros	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps		RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps		RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	ă	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	ċ	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	䄋	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋N	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섋Î	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	솋Î	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	녟摮刦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	﷭撛刦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	쀩擞刦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	涬攭刦ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	獴裖桋ǜ	RegNtPreCreateKey
HKCU\software\apn pip\hip::pip_exit_code	50002	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps		RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	Ă	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	Ċ	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	䄊	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섊	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섊	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섊	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섊	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::oclastsuccessteps	섊N	RegNtPreCreateKey
HKLM\software\wow6432node\apn pip\asg2::ocerrors		RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	14050	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af521\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}\treatas::	{571715D7-3395-4DF0-B43C-784836209E60}	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage	fr	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test		RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\4.0\setup::enabledexperiments	HTOL	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	20838	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	s	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\component::nextversion	7.5.4413.1752	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\component\used::googletoolbarmanager.exe		RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_0	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:0	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_1	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:1	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_2	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:2	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_3	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:3	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_4	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:4	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_5	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:5	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_6	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:6	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_7	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:7	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_8	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:8	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.4413.1752_9	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /execute:9	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::name	Google Toolbar	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::brand	GUEA	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::installtime	榸	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\googleupdate::installresult	mi	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\googleupdate::installtimestamp	榸	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar::test	32057	RegNtPreCreateKey
HKLM\software\wow6432node\google\google toolbar\component::nextversion	7.5.5111.1712	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob	់㇤㹧ৢ䗾鍗૳ᳺứ霞輫穆轙⊩㢅즔Sc愰ℰଆ虠ňŅᜇ〆〒ؐ⬊ĆĄ㞂ļ́ダ؟怉䢆蘁泽ĂሰူਆثЁ舁㰷āȃ쀀ᬰԆ腧Č〃〒ؐ⬊ĆĄ㞂ļ́翀Ā⨀　ب⬈Ćԅ̇؂⬈Ćԅ̇؃⬈Ćԅ̇؄⬈Ćԅ̇ँĀ⨀　ب⬈Ćԅ̇؂⬈Ćԅ	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\4eb6d578499b1ccf5f581ead56be3d9b6744a5e5::blob		RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\root\certificates\be36a4562fb2ee05dbb3d32323adf445084ed656::blob	\Ѐ볝蚽㾜ࠛ컯퇄춈ᔻᰘ兘槹镹⍋.Thawte Timestamping CA ਰࠆثԁ܅ࠃ㚾嚤눯׮돛⏓괣䗴丈囖晿煺硩騠ᑑ莝⃚ꗨ뺘芄ﺎ炮ᔑ㔁뉶 ʥ	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_0	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:0	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_1	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:1	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_2	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:2	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_3	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:3	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_4	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:4	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_5	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:5	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_6	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:6	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_7	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:7	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_8	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:8	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::cmd_7.5.5111.1712_9	"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /execute:9	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{f69eabdd-a4bb-4555-be7e-1ea5f59bba24}::installtime	榼	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob	㵟ꘚ燴悧㹦䈥S%⌰ℰଆ虠ňŅ〇、〒ؐ⬊ĆĄ㞂ļ́拀Ā ꬀㙰尶呱⦪싂嶟酁㬖⨖┢ጁ핗ݭꟿᾼॲĀᘀ　ؔ⬈Ćԅ̇؃⬈Ćԅ̇ᐁĀ᐀开⓳转⒑鮯㹟㒰尭嶨᷌Āက퐀㪀泃栥퐗姬쒛௧Ā฀琀栀愀眀琀攀栀Āࠀ蜀	RegNtPreCreateKey
HKLM\software\microsoft\systemcertificates\authroot\certificates\627f8d7827656399d27d7f9044c9feb3f33efa9a::blob		RegNtPreCreateKey
HKLM\software\wow6432node\google\update::path	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	RegNtPreCreateKey
HKLM\software\wow6432node\google\update::uninstallcmdline	"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /uninstall	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{430fd4d0-b729-4f61-aa34-91526481799d}::pv	1.3.21.107	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clients\{430fd4d0-b729-4f61-aa34-91526481799d}::name	Google Update	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{430fd4d0-b729-4f61-aa34-91526481799d}::pv	1.3.21.107	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\image file execution options\googleupdate.exe::disableexceptionchainvalidation		RegNtPreCreateKey
HKLM\software\wow6432node\google\update::version	1.3.21.107	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c442ac41-9200-4770-8cc0-7cdb4f245c55}::appname	GoogleUpdate.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c442ac41-9200-4770-8cc0-7cdb4f245c55}::apppath	C:\Program Files (x86)\Google\Update	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c442ac41-9200-4770-8cc0-7cdb4f245c55}::policy		RegNtPreCreateKey
HKLM\software\classes\google.oneclickctrl.9::	Google Update Plugin	RegNtPreCreateKey
HKLM\software\classes\google.oneclickctrl.9\clsid::	{C442AC41-9200-4770-8CC0-7CDB4F245C55}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c442ac41-9200-4770-8cc0-7cdb4f245c55}::	Google Update Plugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c442ac41-9200-4770-8cc0-7cdb4f245c55}\progid::	Google.OneClickCtrl.9	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c442ac41-9200-4770-8cc0-7cdb4f245c55}\inprocserver32::	C:\Program Files (x86)\Google\Update\1.3.21.107\npGoogleUpdate3.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c442ac41-9200-4770-8cc0-7cdb4f245c55}\inprocserver32::threadingmodel	Apartment	RegNtPreCreateKey
HKLM\software\classes\mime\database\content type\application/x-vnd.google.oneclickctrl.9::clsid	{C442AC41-9200-4770-8CC0-7CDB4F245C55}	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}::appname	GoogleUpdateBroker.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}::apppath	C:\Program Files (x86)\Google\Update\1.3.21.107	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\low rights\elevationpolicy\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}::policy		RegNtPreCreateKey
HKLM\software\classes\google.update3webcontrol.3::	Google Update Plugin	RegNtPreCreateKey
HKLM\software\classes\google.update3webcontrol.3\clsid::	{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}::	Google Update Plugin	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}\progid::	Google.Update3WebControl.3	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}\inprocserver32::	C:\Program Files (x86)\Google\Update\1.3.21.107\npGoogleUpdate3.dll	RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c3101a8b-0ee1-4612-bfe9-41ffc1a3c19d}\inprocserver32::threadingmodel	Apartment	RegNtPreCreateKey
HKLM\software\classes\mime\database\content type\application/x-vnd.google.update3webcontrol.3::clsid	{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}	RegNtPreCreateKey
HKLM\software\wow6432node\google\update::delayuninstall		RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{430fd4d0-b729-4f61-aa34-91526481799d}::brand	GGOT	RegNtPreCreateKey
HKLM\software\wow6432node\google\update\clientstate\{430fd4d0-b729-4f61-aa34-91526481799d}::installtime	榼	RegNtPreCreateKey
HKCU\software\google\google toolbar\4.0::preferredlanguage	it	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess ShellExecute
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory ntdll.dll!NtYieldExecution UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW 68 additional items are not displayed above.
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerNameEx GetUserName GetUserObjectInformation
Network Winsock2	WSAStartup
Network Wininet	HttpOpenRequest HttpQueryInfo HttpSendRequest InternetConnect InternetOpen InternetOpenUrl InternetQueryOption InternetReadFile InternetSetOption
Process Terminate	TerminateProcess
Network Winhttp	WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpQueryHeaders WinHttpReadData WinHttpReceiveResponse WinHttpSendRequest
Keyboard Access	GetKeyState
Network Winsock	closesocket connect freeaddrinfo getaddrinfo gethostbyaddr gethostbyname inet_addr recv send setsockopt Show More socket
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext
Network Urlomon	URLDownloadToFile
Service Control	OpenSCManager OpenService StartServiceCtrlDispatcher
Network Info Queried	GetAdaptersInfo
Cert Store Read	CertEnumCertificatesInStore

Shell Command Execution


							"C:\Users\Jrmhrlak\AppData\Local\Temp\is-MVMP3.tmp\1e3044b2792337c1abb32ae396f30bd111f6b79e_0003328728.tmp" /SL5="$A0052,3043011,101888,c:\users\user\downloads\1e3044b2792337c1abb32ae396f30bd111f6b79e_0003328728.exe"


							"C:\Users\Lujdnitq\AppData\Local\Temp\is-HCGPT.tmp\cb8fb7e5cdb59630bde59252a602866f8930615a_0007986551.tmp" /SL5="$20272,7746887,53248,c:\users\user\downloads\cb8fb7e5cdb59630bde59252a602866f8930615a_0007986551.exe"


							"C:\Users\Iyqcubmo\AppData\Local\Temp\is-U6STM.tmp\3ee8fea1d0c8c8072937656d87ea217953d30819_0004709861.tmp" /SL5="$300BA,4398154,223232,c:\users\user\downloads\3ee8fea1d0c8c8072937656d87ea217953d30819_0004709861"


							"C:\Users\Kycsjqss\AppData\Local\Temp\is-TGJ3M.tmp\bec50700056cd6019c478f3dd68600aa9e23a769_0002305392.tmp" /SL5="$60054,2018269,109568,c:\users\user\downloads\bec50700056cd6019c478f3dd68600aa9e23a769_0002305392"


							open C:\Users\Ztjavhcs\AppData\Local\Temp\3582-490\712ec6403b43ba54c443fb9ae86ca0e030169589_0000734792


									"C:\Users\Bbsfjlhe\AppData\Local\Temp\nsb79C5.tmp\AskInstallChecker.exe" PTF


									"C:\Users\Yijmmtpb\AppData\Local\Temp\nst5612.tmp\PIPInstallerBundle_FWV5_.exe" -b -wui


									"C:\Users\Nficdhvb\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									"C:\Users\Vclurjrp\AppData\Local\Temp\is-4RCQH.tmp\291c733c46a2a395491b8e46f69f7d77e462a986_0001996656.tmp" /SL5="$20138,1684479,54272,c:\users\user\downloads\291c733c46a2a395491b8e46f69f7d77e462a986_0001996656"


									"C:\Users\Mtzxnwvw\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe"  -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=702&state=initiated"


									"C:\Users\Mtzxnwvw\AppData\Local\Temp\HssInstaller.exe" -iswow64


									"C:\Users\Mtzxnwvw\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6


									C:\Users\Rohxkckf\AppData\Local\Temp\nsy55E2.tmp\camfrog_stat_params.exe


									"C:\Users\Madrufhl\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


									"C:\Users\Pmqrznye\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe"  -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.20&ch=550&state=initiated"


									"C:\Users\Pmqrznye\AppData\Local\Temp\HssInstaller.exe" -iswow64


									"C:\Users\Pmqrznye\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6


									C:\Users\Pmqrznye\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe -H hash -O -T it -o 7 -u http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.20&ch=550&state=initiated


									"C:\Users\Plapepdj\AppData\Local\Temp\AskInstallChecker.exe" MP3P2


									"C:\Users\Osonkved\AppData\Local\Temp\is-SERGJ.tmp\ee79032fda0d7ecac55e0a637d0155d8a4a0c415_0004610648.tmp" /SL5="$6004E,4230396,122880,c:\users\user\downloads\ee79032fda0d7ecac55e0a637d0155d8a4a0c415_0004610648"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f650e0d947aa5bb2147716e457016be087b837eb_0000537040.,LiQMAxHB


									"C:\Users\Tjdcrtpa\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe"  -P -H hash -O -T it -o 7 -u "http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=438&state=initiated"


									"C:\Users\Tjdcrtpa\AppData\Local\Temp\HssInstaller.exe" -iswow64


									"C:\Users\Tjdcrtpa\AppData\Local\Temp\HssInstaller64.exe" -installdriver -c ndis6


									C:\Users\Tjdcrtpa\AppData\Roaming\Hotspot Shield\report\af_proxy_cmd_rep.exe -H hash -O -T it -o 7 -u http://rptx.anchorfree.net/wr-install.php?dm_ver=0&ver=3.42&ch=438&state=initiated


									"C:\Users\Qzadbaxe\AppData\Local\Temp\is-4RFQG.tmp\7db04eb4962827d0d9b3c4773c66a1748c6c1f67_0003593968.tmp" /SL5="$F0384,3078230,119296,c:\users\user\downloads\7db04eb4962827d0d9b3c4773c66a1748c6c1f67_0003593968"


									"C:\Users\Yyoscjwv\AppData\Local\Temp\AskInstallChecker.exe" MP3P2


									"C:\Users\Sriehzez\AppData\Local\Temp\nsr5289.tmp\InstGameInfoHelperPDGC.exe"


									"C:\Users\Gtsbldtx\AppData\Local\Temp\nss9FD.tmp\PIPInstaller_HIP_.exe" -b -pid HIP


									"C:\Users\Gtsbldtx\AppData\Local\Temp\nss9FD.tmp\PIPInstaller_HIP_.exe" -b -pid HIP -se -ppd 6504


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\c5d7c0edbf4af7436ca6eee020d5726b0e4e1812_0000202136.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0eacf043326947f4c9dc23ec38e154e3c41b61f2_0000116104.,LiQMAxHB


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f412c3294bd305e41302490bffd1588b375e926f_0001076544.,LiQMAxHB


									"C:\Users\Gnaueasg\AppData\Local\Temp\is-OQ9JL.tmp\95b5a4ab0192f87c65a3803d73a9ed0219f5bb79_0004750384.tmp" /SL5="$60160,4115503,525312,c:\users\user\downloads\95b5a4ab0192f87c65a3803d73a9ed0219f5bb79_0004750384"


									"C:\Users\Qpqezjoo\AppData\Local\Temp\nsdA91D.tmp\ApnStub.exe" /tb=PTF


									"C:\Users\Wfvwhozm\AppData\Local\Temp\is-O31DS.tmp\d4db977518cae00c5802048f8a9732b24b83b18a_0004958848.tmp" /SL5="$502EC,4707291,54272,c:\users\user\downloads\d4db977518cae00c5802048f8a9732b24b83b18a_0004958848"


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\d8050d6de60af8d71b2d1ba878c8687269b6d0ff_0000046592.,LiQMAxHB


									"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_714BFB3B4B0991F6.exe" /install /sid:S-1-5-21-3119368278-1123331430-659265220-1001    /installwindow:589918


									"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe" /install /sid:S-1-5-21-3119368278-1123331430-659265220-1001    /omaha_signature:T1MBAAgBAAA2Z5FrAAEAAAuRkXnsP3TPiMPl70QLaV-yH2Zo6Kgseq01H90lmu5F8__LV1Qihkwd5vBPrnbA5zmb9C_LaIxXpvyHlTwDFXpLs0RWS2pMuRFJ8yFMQnWGXSoJJdqqDmeoln8Vx4ODavMSi7lp3bWtlUTnCKlNKDWYCIb0qFstsFoLhfzO9669_0cxS4WpYf1gQZ0X0cQlzXpXOD9nBkXp4nlFnmsbX8V9O2adFeXTW_e1VfvX_WevBWd-gzkEPa-jFsxZ9rwAVtUxLAJaPxvuZgz_kKYAL_KAodqe4TX4O2Beh-QtTb89668BpKuYno9cShKN3cBsTJr88qTLS2DHW1WWcG8xIUw /installwindow:393914


									"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe" /install "runtime=true&needsadmin=True&brand=GGOT" /installsource toolbar /silent


									"C:\Program Files (x86)\GUMB33D.tmp\GoogleUpdate.exe" /install "runtime=true&needsadmin=True&brand=GGOT" /installsource toolbar /silent


									"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc


									"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\a89440c285a564961e4d240345ade5636cf93cec_0000416840.,LiQMAxHB


									"C:\Users\Crphpsgh\AppData\Local\Temp\AskInstallChecker.exe" MP3TR


									"C:\Users\Ckpxnapd\AppData\Local\Temp\nsbA4D8.tmp\ApnStub.exe" /tb=FWV5


									RunDll32.exe "C:\Users\Ckpxnapd\AppData\Local\Temp\nsbA4D8.tmp\OCSetupHlp.dll",_OCPRD124RunOpenCandyDLL@16 6736

PUP.Bar

Threat Scorecard

EnigmaSoft Threat Scorecard

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed