Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Visicom

PUP.Visicom

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.Visicom
Signature status: Self Signed

Known Samples

MD5: 3c05113840a529ddc2aedafdbe407894
SHA1: 38c48b634dd2f42536d30ba6db1cd64bce902275
File Size: 1.08 MB, 1081616 bytes
MD5: baa58a622cd705dae5bbeb2bd7717d48
SHA1: a7bcd9b56cfb26c9c6729423fcae07c1f67dda16
File Size: 3.48 MB, 3481064 bytes
MD5: 464f08f4f2aad65f7a7de4f61f6eb656
SHA1: 3e714cf5ac1238a5be064c749c198d184663cb2f
SHA256: 48630B8C0323C99858B9DCE1E4CBE8815CF2A67C47B292C1D4DC5489545D19B5
File Size: 1.28 MB, 1283352 bytes
MD5: b46d83c90e113618f718d098fd844e07
SHA1: 88230c58dea4465a4b3b0b92d5a53bce80188c55
SHA256: 6E4044D124A050828429404C451A40015B58BDE311EBE8F7737D5C56026017E4
File Size: 4.93 MB, 4927080 bytes
MD5: 9ce9395899ab9f040697c3764989db56
SHA1: 26988cc486d9005d186501ee2e3ffc6160e1b7ea
SHA256: 1E687680A12C5969798E54CF7C3E13438ABD305B77384B50BECF10DB1CDFF4C9
File Size: 96.00 KB, 96003 bytes
Show More
MD5: 46d3172f4165790261a75f4d0ab636c3
SHA1: 236adb3434d36f2070758ac16af1860cc50bc73f
SHA256: 2D7C90CC094FA3B1A7D0BC9C383059620F690F3AF89E0159BE4A9C024A6EF415
File Size: 49.15 KB, 49152 bytes
MD5: aae6b3d6f063fc529cc390dbae07210e
SHA1: 62f0071b0153e99abfc005f0999c9e000f6e81b5
SHA256: 3A5D394C5FE8465816788347BACE02660DB21646A3F2ABAD5EFAD1D265C87597
File Size: 754.24 KB, 754240 bytes
MD5: 5109d5124977cedc5e2f046a34f35b4b
SHA1: 8ee51084bebea16ce7070c9e05e3a9b1903aea97
SHA256: 956A7D772A6E9B377B0462A007409670B9D001CCB0592122845C2C267A09EE84
File Size: 447.14 KB, 447144 bytes
MD5: ad9486d0a409e281ed0ab4e2edb39c4f
SHA1: e644bea4801d3df89dbc8d9733d014ab4e2a7a33
SHA256: 1E7DE111BE59BB7D6D7A7B2E68AF4F2561E755BA2E37DB0611D6005AEF2B9E3B
File Size: 36.86 KB, 36864 bytes
MD5: 095520510428c8796069322a410a2ed2
SHA1: d5df48f6229f0a5251ed7575a1f4f6aace99816b
SHA256: 0F6D6C25FAF5BDAC63C64F190B218BC3795508AF3BE4B811A2210B29964FA621
File Size: 2.23 MB, 2233920 bytes
MD5: 20812073fbe2ad9cbcf14d962eaf9ec1
SHA1: 98e07f1b31e91f7ba648cbd39cae605aeaf42b46
SHA256: 26F548428D53B1A45659C7EF09D5BAAFD2605F59736167744908903498499123
File Size: 2.07 MB, 2066399 bytes
MD5: 04ecd12ff8b23319f33dfac379c08f75
SHA1: d41f482a0e992e0a2be084636f161ab8f3c46522
SHA256: A0904387DF1B0D6B0353D83D80D09AE0D736CEC1B4B3F402E5CF849FA6B89D04
File Size: 1.67 MB, 1667958 bytes
MD5: d13c0ba63bcfcc389a01f709b51856cf
SHA1: cc966907f34ca2699ffaf0db45ae709e3bd2646a
SHA256: 36463BC5348949CC468526ABEA7CE6D65DE505D075B154EDD4067FBB8380944F
File Size: 1.58 MB, 1575210 bytes
MD5: bb034e011e6302813ad00d7f25842838
SHA1: 06d7f1df4a2485744818c4ff48ace060cb6185b2
SHA256: E7DDDF685D25A7333F72FFFCD442A1067FD1013228F80AE8B64FA7C6A9FCA352
File Size: 3.15 MB, 3153360 bytes
MD5: 7dfa77e080cc7a60e8303c96e9006715
SHA1: eca3e74c0cb84e5e583907f19917bffb46234cca
SHA256: 0ECAA3C76B9EA71638D284F33646B080536293AEE374F4BAD41E4D0CB62800B4
File Size: 37.89 KB, 37888 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments
  • Ad-Aware Security Add-on
  • aTube Toolbar
  • BT Toolbar
  • Panda Safe Web
  • RoadRunner Toolbar
Company Name
  • Lavasoft
  • ManyCam ULC
  • MITSUBISHI ELECTRIC CORPORATION
  • Panda Security and Visicom Media Inc.
  • RoadRunner
  • Visicom Media Inc
  • Visicom Media Inc.
  • Yahoo! Inc.
File Description
  • AceFTP 2 Freeware
  • Ad-Aware Security Add-on Installer
  • aTube Toolbar Installer
  • BT Toolbar Installer
  • DtUser DLL
  • ManyCam Lite Virtual Webcam
  • ManyDownloader
  • Panda Safe Web Installer
  • RoadRunner Toolbar Installer
  • Verizon Toolbar
Show More
  • Xfinity.com
  • Yahoo! Toolbar Bootstrapper Setup
File Version
  • 2013.07.15.01
  • 8.3.0.12
  • 5, 0, 8, 208
  • 4.3
  • 3.0
  • 3, 0, 0, 0
  • 2.05.0
  • 1.5.3.1
  • 1.00
  • 1.0.0.29
Show More
  • 1.0.0.12
  • 1.0
  • 1, 12, 0, 4
Internal Name
  • DtUser
  • ManyDownloader
  • TJprojMain
  • Toolbar Kernel Module
Legal Copyright
  • (c) 2006-2024 ManyCam ULC
  • AceFTP 2 Freeware (c) Visicom Media Inc.
  • COPYRIGHT(C) 2008 MITSUBISHI ELECTRIC CORPORATION
  • Copyright (c) 2012 Yahoo! Inc.
  • Copyright © 1996-2014 Visicom Media Inc.
  • © 2012 Verizon and Visicom Media Inc.
  • © Lavasoft
  • © RoadRunner
  • © Visicom Media Inc.
  • © Visicom Media Inc. (License)
Legal Trademarks
  • , All Rights Reserved
  • Lavasoft, All Rights Reserved
  • ManyDownloader is a trademark of Visicom Media
  • Panda Security and Visicom Media Inc., All Rights Reserved
  • RoadRunner, All Rights Reserved
  • Visicom Media Inc., All Rights Reserved
Original Filename
  • DtUser.DLL
  • ManyDownloader.exe
  • TJprojMain.exe
  • verizontb.dll
Product Name
  • Ad-Aware Security Add-on
  • aTube Toolbar
  • BT Toolbar
  • DataTransfer
  • ManyCam Lite Virtual Webcam
  • ManyDownloader
  • Panda Safe Web
  • Project1
  • RoadRunner Toolbar
  • Verizon Toolbar
Show More
  • Xfinity.com
Product Version
  • 8.3.0.12
  • 5.0.8.208
  • 4.3.1.25
  • 3.0.0.6
  • 3, 0, 0, 0
  • 1.6.4.202
  • 1.00
  • 1.0.0.67
  • 1.0.0.29
  • 1.0.0.28
Show More
  • 1.0.0.12
  • 1, 12, 0, 4

Digital Signatures

Signer Root Status
ManyCam ULC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Panda Security S.L GlobalSign Root Not Trusted
Visicom Media Inc. Thawte Code Signing CA Self Signed
Visicom Media Inc. Thawte Code Signing CA - G2 Self Signed
Comcast Corporation UTN-USERFirst-Object Root Not Trusted
Show More
Lavasoft Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Yahoo! Inc. VeriSign Class 3 Code Signing 2010 CA Self Signed
Road Runner HoldCo LLC VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted

File Traits

  • 2+ executable sections
  • big overlay
  • dll
  • HighEntropy
  • Installer Manifest
  • Installer Version
  • nosig nsis
  • Nullsoft Installer
  • themida
  • x64
Show More
  • x86

Block Information

Total Blocks: 106
Potentially Malicious Blocks: 0
Whitelisted Blocks: 83
Unknown Blocks: 23

Visual Map

? ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 ? 0 ? ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.M
  • Agent.MH
  • Agent.MI
  • Agent.MU
  • Autorun.LA
Show More
  • Bar.L
  • FakeAV.AU

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\comcastrelease.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\program files (x86)\yahoo!\companion\data\apps.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\cna.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_abt.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_act_ie_upg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_act_srch1.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_act_srch2.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_anstip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_anstipg.html Generic Write,Read Attributes
Show More
c:\program files (x86)\yahoo!\companion\data\dlg_as.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_atb.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_auttip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_auttipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_bootip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_catb.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_clutip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_clutipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_cnf.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_cotb.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_ctb.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_fantip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_fantipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_fintip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_fintipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_flktip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_flktipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_grptip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_grptipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_loctip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_loctipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_logtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mailatip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mailtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_map.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mlbtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mlbtipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_movtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_movtipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_msgratip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_msgrtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mustip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_mustipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_nbatip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_nbatipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_newstip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_newstipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_newtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_newtipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_nfltip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_nfltipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_opt.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_pub.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_shotip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_shotipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_srchtip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_tratip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_tratipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_upg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_upg8tip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_wctb.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_weatip.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_weatipg.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_wp.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_wp2.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\dlg_yq.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\loading.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\data\settings.html Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\installs\cpn0\visic_coupon.dll Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\installs\cpn0\ytbb.exe Generic Write,Read Attributes
c:\program files (x86)\yahoo!\companion\installs\cpn0\ytbn.exe Generic Write,Read Attributes
c:\programdata\yahoo! companion\bootstrap.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\yahoo! companion\data\default Generic Write,Read Attributes
c:\users\user\appdata\local\temp\adawaretb_install_log.txt Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\adawaretb_install_log.txt Read Attributes,Synchronize,Write Data
c:\users\user\appdata\local\temp\bt-manifest.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bt-toolbar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bttb_install_log.txt Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\bttb_install_log.txt Read Attributes,Synchronize,Write Data
c:\users\user\appdata\local\temp\glcc2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\glfcdc.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glfcdc.tmp Synchronize,Write Data
c:\users\user\appdata\local\temp\glfced.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\glfced.tmp Synchronize,Write Data
c:\users\user\appdata\local\temp\glgc9d.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gljf2.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb5b51.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\bootstrap.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsec8a4.tmp\bootstrap.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\bootst~1.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsec8a4.tmp\nsisprocmgr_u.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\tbinstimp.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\ytb_setup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf7d0c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsfef40.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfef40.tmp\logex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfef40.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfef40.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsh59fb.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj5d57.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj5d58.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsj5d58.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\mdsu.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\un_close_page.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\un_delete_settings_page.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsj5d58.tmp\un_delete_settings_page.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj5d58.tmp\userinfo.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\features.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\intro-banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\intro-prod.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nslbd4c.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\logex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nslbd4c.tmp\xml.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn44a8.tmp\langdll.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn44a8.tmp\logex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn44a8.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn44a8.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn5b05.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nspef2f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsq5ac4.tmp\comcastrelease.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq5ac4.tmp\nsprocess.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss5b25.tmp\uac.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nss5b25.tmp\uninstall.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\nsu7d0d.tmp\features.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\installoptions.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\intro-banner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\intro-prod.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\iospecial.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsu7d0d.tmp\iospecial.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\logex.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\uac.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu7d0d.tmp\xml.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvbd3b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsvcd47.tmp\inetload.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsvcd47.tmp\nsbdb04.tmp.htm Synchronize,Write Data
c:\users\user\appdata\local\temp\nsvcd47.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx4497.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\pandasecuritytb_install_log.txt Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\pandasecuritytb_install_log.txt Read Attributes,Synchronize,Write Data
c:\users\user\appdata\local\temp\roadrunner-manifest.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\roadrunner-toolbar.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\roadrunnertb_install_log.txt Read Attributes,Synchronize,Append data
c:\users\user\appdata\local\temp\roadrunnertb_install_log.txt Read Attributes,Synchronize,Write Data
c:\users\user\appdata\local\temp\~glh0000.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~glh0001.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\xfinity.com\cg.ico Generic Write,Read Attributes
c:\users\user\appdata\local\xfinity.com\install.ico Generic Write,Read Attributes
c:\users\user\appdata\local\xfinity.com\xftv.ico Generic Write,Read Attributes
c:\users\user\appdata\locallow\yahoo! companion\data\default Generic Write,Read Attributes
c:\windows\syswow64\glbsinst.%$d Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\yahoo::ntatest 1 RegNtPreCreateKey
HKLM\software\wow6432node\yahoo\companion::pver 0000.0000.0000.0000 RegNtPreCreateKey
HKCU\software\appdatalow\software\yahoo\companion::iver V:8.6.2.24 RegNtPreCreateKey
HKLM\software\classes\appid\{1cae874f-f5c7-4bcc-ba46-9ad26df35b93}:: yt RegNtPreCreateKey
HKLM\software\classes\appid\yt.dll::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\yt.ytoolbarband.1:: Yahoo! Toolbar RegNtPreCreateKey
Show More
HKLM\software\classes\yt.ytoolbarband.1\clsid:: {EF99BD32-C1FB-11D2-892F-0090271D4F88} RegNtPreCreateKey
HKLM\software\classes\yt.ytoolbarband:: Yahoo! Toolbar RegNtPreCreateKey
HKLM\software\classes\yt.ytoolbarband\clsid:: {EF99BD32-C1FB-11D2-892F-0090271D4F88} RegNtPreCreateKey
HKLM\software\classes\yt.ytoolbarband\curver:: yt.YToolbarBand.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\component categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}:: 0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\component categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\409:: Controls that are safely scriptable RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\component categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}:: 0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\component categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\409:: Controls safely initializable from persistent data RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}:: Yahoo! Toolbar RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\progid:: yt.YToolbarBand.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\versionindependentprogid:: yt.YToolbarBand RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\version:: 6.3.0.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\miscstatus:: 0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}\miscstatus\1:: RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\internet explorer\toolbar::{ef99bd32-c1fb-11d2-892f-0090271d4f88} RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\yahoo! toolbar::displayname Yahoo! Toolbar RegNtPreCreateKey
HKLM\software\classes\yt.ytbmbutton.1:: YTBMButton Class RegNtPreCreateKey
HKLM\software\classes\yt.ytbmbutton.1\clsid:: {C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} RegNtPreCreateKey
HKLM\software\classes\yt.ytbmbutton:: YTBMButton Class RegNtPreCreateKey
HKLM\software\classes\yt.ytbmbutton\clsid:: {C60CCE95-6AF9-4E74-B66B-3212D19F1D2F} RegNtPreCreateKey
HKLM\software\classes\yt.ytbmbutton\curver:: yt.YTBMButton.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}:: YTBMButton Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}\progid:: yt.YTBMButton.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}\versionindependentprogid:: yt.YTBMButton RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c60cce95-6af9-4e74-b66b-3212d19f1d2f}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\yahoo.messengercompanioncontrol.5:: MessengerCompanionControl Class RegNtPreCreateKey
HKLM\software\classes\yahoo.messengercompanioncontrol.5\clsid:: {FBE30D66-39A2-4b72-8B43-6D4C335A6F34} RegNtPreCreateKey
HKLM\software\classes\yahoo.messengercompanioncontrol:: MessengerCompanionControl Class RegNtPreCreateKey
HKLM\software\classes\yahoo.messengercompanioncontrol\clsid:: {FBE30D66-39A2-4b72-8B43-6D4C335A6F34} RegNtPreCreateKey
HKLM\software\classes\yahoo.messengercompanioncontrol\curver:: Yahoo.MessengerCompanionControl.5 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}:: MessengerCompanionControl Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}\progid:: Yahoo.MessengerCompanionControl.5 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}\versionindependentprogid:: Yahoo.MessengerCompanionControl RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{fbe30d66-39a2-4b72-8b43-6d4c335a6f34}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKCU\software\yahoo\yfriendsbar\settings::noautoupdate  RegNtPreCreateKey
HKLM\software\classes\yt.ytnavassistplugin.1:: YTNavAssistPlugin Class RegNtPreCreateKey
HKLM\software\classes\yt.ytnavassistplugin.1\clsid:: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} RegNtPreCreateKey
HKLM\software\classes\yt.ytnavassistplugin:: YTNavAssistPlugin Class RegNtPreCreateKey
HKLM\software\classes\yt.ytnavassistplugin\clsid:: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} RegNtPreCreateKey
HKLM\software\classes\yt.ytnavassistplugin\curver:: yt.YTNavAssistPlugin.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}:: YTNavAssistPlugin Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}\progid:: yt.YTNavAssistPlugin.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}\versionindependentprogid:: yt.YTNavAssistPlugin RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacecf.1:: YTNavAssist.NameSpaceCF Class RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacecf.1\clsid:: {46140CE4-76FE-440E-AE88-4C2272BC05C7} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacecf:: YTNavAssist.NameSpaceCF Class RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacecf\clsid:: {46140CE4-76FE-440E-AE88-4C2272BC05C7} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacecf\curver:: YTNavAssist.NameSpaceCF.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}:: YTNavAssist.NameSpaceCF Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}\progid:: YTNavAssist.NameSpaceCF.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}\versionindependentprogid:: YTNavAssist.NameSpaceCF RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{46140ce4-76fe-440e-ae88-4c2272bc05c7}\typelib:: {A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacepp.1:: YTNavAssist.NameSpacePP Class RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacepp.1\clsid:: {3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacepp:: YTNavAssist.NameSpacePP Class RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacepp\clsid:: {3A06AA27-D94B-48C2-BB55-9FD0FF2120E3} RegNtPreCreateKey
HKLM\software\classes\ytnavassist.namespacepp\curver:: YTNavAssist.NameSpacePP.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}:: YTNavAssist.NameSpacePP Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}\progid:: YTNavAssist.NameSpacePP.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}\versionindependentprogid:: YTNavAssist.NameSpacePP RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{3a06aa27-d94b-48c2-bb55-9fd0ff2120e3}\typelib:: {A31F34A1-EBD2-45A2-BF6D-231C1B987CC8} RegNtPreCreateKey
HKLM\software\classes\yt.cacheloader.1:: CacheLoader Class RegNtPreCreateKey
HKLM\software\classes\yt.cacheloader.1\clsid:: {6EB4349D-4333-442F-ACA4-4C72AF28B6ED} RegNtPreCreateKey
HKLM\software\classes\yt.cacheloader:: CacheLoader Class RegNtPreCreateKey
HKLM\software\classes\yt.cacheloader\clsid:: {6EB4349D-4333-442F-ACA4-4C72AF28B6ED} RegNtPreCreateKey
HKLM\software\classes\yt.cacheloader\curver:: yt.CacheLoader.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}:: CacheLoader Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}\progid:: yt.CacheLoader.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}\versionindependentprogid:: yt.CacheLoader RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{6eb4349d-4333-442f-aca4-4c72af28b6ed}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\yt.ythelper.2:: &Yahoo! Toolbar Helper RegNtPreCreateKey
HKLM\software\classes\yt.ythelper.2\clsid:: {02478D38-C3F9-4efb-9B51-7695ECA05670} RegNtPreCreateKey
HKLM\software\classes\yt.ythelper:: &Yahoo! Toolbar Helper RegNtPreCreateKey
HKLM\software\classes\yt.ythelper\clsid:: {02478D38-C3F9-4efb-9B51-7695ECA05670} RegNtPreCreateKey
HKLM\software\classes\yt.ythelper\curver:: yt.YTHelper.2 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}:: &Yahoo! Toolbar Helper RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\progid:: yt.YTHelper.2 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\versionindependentprogid:: yt.YTHelper RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\version:: 6.3.0.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\miscstatus:: 0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}\miscstatus\1:: s RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}\noexplorer::  RegNtPreCreateKey
HKLM\software\classes\yt.clickstream.1:: Clickstream Class RegNtPreCreateKey
HKLM\software\classes\yt.clickstream.1\clsid:: {9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} RegNtPreCreateKey
HKLM\software\classes\yt.clickstream:: Clickstream Class RegNtPreCreateKey
HKLM\software\classes\yt.clickstream\clsid:: {9F9C4C5C-2BA8-4E00-A697-9F710BB1026B} RegNtPreCreateKey
HKLM\software\classes\yt.clickstream\curver:: yt.Clickstream.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}:: Clickstream Class RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}\progid:: yt.Clickstream.1 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}\versionindependentprogid:: yt.Clickstream RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}\inprocserver32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}\inprocserver32::threadingmodel Apartment RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}::appid {1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{9f9c4c5c-2ba8-4e00-a697-9f710bb1026b}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\typelib\{003028c2-ea1c-4676-a316-b5cb50917002}\5.0:: yt 1.0 Type Library RegNtPreCreateKey
HKLM\software\classes\typelib\{003028c2-ea1c-4676-a316-b5cb50917002}\5.0\flags:: 0 RegNtPreCreateKey
HKLM\software\classes\typelib\{003028c2-ea1c-4676-a316-b5cb50917002}\5.0\0\win32:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll RegNtPreCreateKey
HKLM\software\classes\typelib\{003028c2-ea1c-4676-a316-b5cb50917002}\5.0\helpdir:: C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}:: IYToolbarBand3 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}:: IYToolbarBand3 RegNtPreCreateKey
HKLM\software\classes\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{972385cb-43ef-4d68-b3fd-84db8c64b190}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}:: IYToolbarBand2 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}:: IYToolbarBand2 RegNtPreCreateKey
HKLM\software\classes\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{863fcf5d-dc39-4da9-af32-cb0025990eee}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}:: IYToolbarBand RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}:: IYToolbarBand RegNtPreCreateKey
HKLM\software\classes\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{49f018ee-f362-4b5b-8ec8-bcf9246abf21}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}:: _IYTBEvents RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\proxystubclsid32:: {00020420-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}:: _IYTBEvents RegNtPreCreateKey
HKLM\software\classes\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\proxystubclsid32:: {00020420-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{e0819218-9e6e-4a70-8456-f7a96bd6ac95}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}:: ISearchSuggestionCtl RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}:: ISearchSuggestionCtl RegNtPreCreateKey
HKLM\software\classes\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{7ce4efa7-8c0c-49ea-8332-cdfc82276f84}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}:: ISearchSuggestionCtlUI RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}:: ISearchSuggestionCtlUI RegNtPreCreateKey
HKLM\software\classes\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{013e17f1-5a46-42b2-9074-fe7d23fa7c10}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}:: IYTHelper RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}:: IYTHelper RegNtPreCreateKey
HKLM\software\classes\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{22389f39-2cf4-47c4-b8b2-273bb16bf70c}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}:: IYTBCustomizer5 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}:: IYTBCustomizer5 RegNtPreCreateKey
HKLM\software\classes\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey
HKLM\software\classes\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\typelib:: {003028C2-EA1C-4676-A316-B5CB50917002} RegNtPreCreateKey
HKLM\software\classes\interface\{c57f43aa-d15b-4e01-ac06-e434f34df5b0}\typelib::version 5.0 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{50ce3362-f4c5-4184-a2fd-9d83691cd609}:: IYTBCustomizer4 RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{50ce3362-f4c5-4184-a2fd-9d83691cd609}\proxystubclsid32:: {00020424-0000-0000-C000-000000000046} RegNtPreCreateKey

359 additional registry modifications are not displayed above.

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpSendRequest
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
Network Info Queried
  • GetAdaptersInfo
User Data Access
  • GetUserName
  • GetUserObjectInformation
Network Wininet
  • InternetOpen
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtQueryAttributesFile
Show More
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
Other Suspicious
  • SetWindowsHookEx

Shell Command Execution

(NULL) C:\Users\Hpjybbib\AppData\Local\Temp\nseC8A4.tmp\ytb_setup.exe /ybsini=C:\Users\Hpjybbib\AppData\Local\Temp\nseC8A4.tmp\BOOTST~1.INI
"C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\ytbb.exe" /RegServer
"C:\Users\Geqkhiob\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\236adb3434d36f2070758ac16af1860cc50bc73f_0000049152.,LiQMAxHB
"C:\Users\Yfbhpxmo\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
Show More
"C:\Users\Yfbhpxmo\AppData\Local\Temp\nss5B25.tmp\uninstall.exe" _?=c:\users\user\downloads
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8ee51084bebea16ce7070c9e05e3a9b1903aea97_0000447144.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\e644bea4801d3df89dbc8d9733d014ab4e2a7a33_0000036864.,LiQMAxHB
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\eca3e74c0cb84e5e583907f19917bffb46234cca_0000037888.,LiQMAxHB

Trending

Most Viewed

Loading...