Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Vittalia

PUP.Vittalia

By Sumo3000 in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 6,665
Threat Level: 20 % (Normal)
Infected Computers: 3,829
First Seen: October 15, 2013
Last Seen: January 11, 2026
OS(es) Affected: Windows

PUP.Vittalia is a potentially unwanted program/browser plug-in, which may circulate using downloads of freeware and shareware programs. PUP.Vittalia is also classified as an adware, which may create various random pop-up ads while PC users are browsing the web. Mainly, Internet users accidentally install PUP.Vittalia without their permission together with freeware and shareware applications downloaded from the web on freeware download websites. PUP.Vittalia may slow down the browser, show disturbing pop-up advertisements, lead to serious privacy issues, and result in numerous other PC problems. PUP.Vittalia may install itself on Internet Explorer, Google Chrome and Mozilla FireFox. PUP.Vittalia may use various deceptive methods to possibly increase traffic of the particular commercial website and earn money from click fraud.

Analysis Report

General information

Family Name: Adware.Vittalia
Signature status: Self Signed

Known Samples

MD5: dbe9ff3b253a950ebf5b6c3a615671f6
SHA1: d68944b74fdc291bafdbe7f87a24d2218989d6ca
File Size: 3.44 MB, 3436520 bytes
MD5: d8c603fb35c0605f95b176128bb8caed
SHA1: aca885b0e11b8deed2c93e5c0b4e55f41b863aa9
File Size: 2.72 MB, 2718736 bytes
MD5: b4a7baf522fab50caeab58304b871f9b
SHA1: 7dd3c487e2144aa4c516134638d722221e2fdf22
File Size: 901.18 KB, 901176 bytes
MD5: d3b4200ad0dd79b19674153915f058e3
SHA1: 73504ec60301e27992d9366655b67c90d1bf9165
File Size: 3.84 MB, 3839088 bytes
MD5: bd78ada2d7b1d4b9adcc1f1eaf58bc96
SHA1: 39fe84510927dfb9eeefe9a4f01e0e2d58971271
File Size: 764.10 KB, 764096 bytes
Show More
MD5: 59851b1dd06ce4a767892e75438340c6
SHA1: 71c08c7bf5c770076e6015715cb98f4c1fd7b695
SHA256: 753EABA489414B04AFAF397AE05CC5FA6A0E78302CF1FCE332DABC1E6E441456
File Size: 155.15 KB, 155147 bytes
MD5: 2790869cf0ac44f7aff5ce98f7fbf8a8
SHA1: 8152732c76134b70677cd1d8413e68af70c3895a
SHA256: B02F45C95F99980E5AA1413C9C0E2BBFB24239778FA85EBBE69F874ED840DF6C
File Size: 780.29 KB, 780288 bytes
MD5: d20e5953b405da12040d33944507391d
SHA1: 4044a822e1f32d8e9d3f7ecbbc8629c9a6339f1a
SHA256: FF3036B668CF6C9751074C53D332A3087DE9BF1E3D6E598C43FD32214498B725
File Size: 851.94 KB, 851936 bytes
MD5: bc39d17062033e2bcae1cd6adb7cf4b5
SHA1: b9d0fc2ef64daad39cc1a27e4157c4fa48cf6e08
SHA256: 0A77F4AB0A7DE7A6BF85DF29DEBD6E8646D635E7274B8C3685A0B12104485934
File Size: 2.06 MB, 2057552 bytes
MD5: df8265484d862f272033ea188e4d2886
SHA1: a856311cbc7b975f9e3d5c8b7e3bf1c576793130
SHA256: 5528FB9C81F6BEA6D70EB0839FE8C1114A030CE83831DCBCA5F9AE38124B0EC2
File Size: 194.98 KB, 194976 bytes
MD5: 98003e4e9cfafa028c0cb8fa91a47a49
SHA1: b624dd4e6b35e2df34d725a05df8a725f218c687
SHA256: 1C6F4F273EBE762F954C49C02B76A431750E9111DC78E4ECB0667D9139AE94FD
File Size: 187.63 KB, 187632 bytes
MD5: 3b7c1d36785f7c2a673238ca134f74ab
SHA1: 82522315dea39b0f4eb90715a56bb54aa571d0c7
SHA256: 8DD34AA8CD8054C2D404B9C04EEF5A8332098A0301D2B3F1029AED8ABA97F993
File Size: 900.38 KB, 900384 bytes
MD5: 352506ef1b7b162b43859dab098cb400
SHA1: f77ebe3465ef70d68bf852aadf88427a348d7b2a
SHA256: 31403B0A6D8D3611A736FE9948950D3DD4923364AB06B8C5166CB5D6B2FE0E91
File Size: 489.89 KB, 489888 bytes
MD5: 1747d3c896beaea6dda59e4fa3989347
SHA1: f58650920368e1f5d31f9795e0b1440caf4e0ab8
SHA256: 3B65FE84167EDD885B4931ED5F2602F35E5CBEB3BF237B9C979BE52F3BB101F4
File Size: 56.83 KB, 56832 bytes
MD5: 0b696041b4a90d216140afb5d668c40b
SHA1: 179d666ab07e275261660e1f7c15652994793d65
SHA256: 7AD77D6013923F462272366C29186BA701D27098EB53CBB5B12FC2D13F37E302
File Size: 2.14 MB, 2141072 bytes
MD5: af366752e3293aef58ce9fbda2665b8a
SHA1: f802572ad75c2087b1658e10fd8509718e525df3
SHA256: A88D6EB3313E2ACE73CEAE08752D8B76AF2FE64282E27D497DBCEF2CDDA5F3C4
File Size: 806.62 KB, 806616 bytes
MD5: 1103f7688e4ac977b97aa8215fb92833
SHA1: 32fa7a4a14e18893d559753cdaec3c8155203a3f
SHA256: CC252F46EEFFAE2EB61AB3D29A9119BFE4FD41EAC32D00E0259056FCBF2FF49E
File Size: 409.09 KB, 409088 bytes
MD5: 1d51ab0480e2b8a10b6ef5e08aba285a
SHA1: b7250279eea98edb5e4b515d16f95dbf124dffe4
SHA256: 2BE9E4B3321C6E23C9A8820A7A734986C748CFAE0104E2F884A21F28E55EB01E
File Size: 763.74 KB, 763744 bytes
MD5: b5ed335ea162372fc38f3b0454f86e03
SHA1: b9369bc0c0f2999fa40851305bea0cc694b412b5
SHA256: 57F9DC71532713518D523EDA60DBC18D481166A76E2E8E5768162F2B45D30B23
File Size: 2.67 MB, 2666400 bytes
MD5: f5bdbd9135b20ef50db83558f1c79c9b
SHA1: 8d4d4817fcee52de44025d3661e9b28d368ba56f
SHA256: D935D8CF9496955741E69BDCE7C5F28865705F094289C93EE5A58750AC829FF5
File Size: 4.13 MB, 4131568 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has been packed
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 2.1.1.0
  • 1.1.0.7
Comments This installation was built with Inno Setup.
File Description
  • Ares Catcher
  • Updater
File Version
  • 2.1.1.0
  • 1.1.0.7
Internal Name
  • Ares Catcher.exe
  • UpdaterServiceW8.exe
Legal Copyright Copyright © 2014
Original Filename
  • Ares Catcher.exe
  • UpdaterServiceW8.exe
Product Name
  • Ares Catcher
  • Updater
Product Version
  • 2.1.1.0
  • 1.1.0.7

Digital Signatures

Signer Root Status
Vittalia Internet S.L. Class 3 Public Primary Certification Authority Root Not Trusted
Onekit Internet S,L GlobalSign CodeSigning CA - G2 Self Signed
Vittalia Internet S.L GlobalSign CodeSigning CA - G2 Self Signed
Vittalia Internet S.L GlobalSign Primary Object Publishing CA Root Not Trusted
Vittalia Internet S.L. Go Daddy Class 2 Certification Authority Root Not Trusted
Show More
100Blogs SL Go Daddy Root Certificate Authority - G2 Root Not Trusted
Vittalia Internet S.L. Starfield Class 2 Certification Authority Root Not Trusted
Vittalia Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Vittalia Internet S.L. VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted
Vittalia Internet S.L. Vittalia Internet S.L. Root Not Trusted

File Traits

  • .NET
  • dll
  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 1,656
Potentially Malicious Blocks: 5
Whitelisted Blocks: 1,620
Unknown Blocks: 31

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? 0 0 ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 ? ? 0 0 0 0 0 ? 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 2 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 3 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\program files (x86)\vittalia\uninstall.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0001geo.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0001inst.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0364fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\0364fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0364header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\0364header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0364installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0364installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1.txt Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\12e73f26bae8aa84f628dc461a560b67 Generic Write,Read Attributes
c:\users\user\appdata\local\temp\1766717934itinstallerp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\3dboxes_pcspeedup.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\87f2fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\87f2fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\87f2header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\87f2header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\87f2installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\87f2installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\a6986e3bc90a04fef0dc6d2862854177.exe Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\addlyrics_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ajax_loader.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\axtan.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\bubbledock_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\config.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\coupish_largo.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d156fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\d156fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d156header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\d156header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d156installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\d156installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dealply_largo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dealply_largo.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e6a2fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\e6a2fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e6a2header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\e6a2header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e6a2installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\e6a2installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f0f3fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\f0f3fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f0f3header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\f0f3header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f0f3installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f0f3installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f7d0fondo.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\f7d0fondo.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f7d0header.bmp Synchronize,Write Data
c:\users\user\appdata\local\temp\f7d0header.bmp.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f7d0installer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\f7d0installer.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\falcon_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fastestchrome_license.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\fondo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freeridegames_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freesofttoday_image1_es.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freesofttoday_image1_fr.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freesofttoday_image1_it.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freesofttoday_image1_jp.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freesofttoday_image1_pt.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freetwittube_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freetwittube_logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\freetwittube_text.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\greatarcadehits_terms.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\icon.ico Generic Write,Read Attributes
c:\users\user\appdata\local\temp\icon_wstoolbar.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ime_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\iminent_offerscreen_image.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\iminentv2_terms.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installer_adobe_flash_player_portuguese.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installer_adobe_flash_player_portuguese.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\installer_avast_portuguese.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\installer_avast_portuguese.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\installerp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\instloffer.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\instloffer.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\irobinhood_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-2evsd.tmp\39fe84510927dfb9eeefe9a4f01e0e2d58971271_0000764096.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-n1mp4.tmp\8152732c76134b70677cd1d8413e68af70c3895a_0000780288.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\itinstallerp.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\itinstallerp.exe.dat Generic Write,Read Attributes
c:\users\user\appdata\local\temp\itinstallerp.exe.dat Synchronize,Write Attributes
c:\users\user\appdata\local\temp\jollywallet_offerscreen.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\license.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\loader64.gif Generic Write,Read Attributes
c:\users\user\appdata\local\temp\logo_pcspeedup.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\lollipop_moreinfo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\luckysavings_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mockup_browseforthecause.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mockup_softwareupdater.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\moreinfo_coupondropdown.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\moreinfo_driverscanner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\moreinfo_iminent.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\moreinfo_offerbox.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\moreinfo_speedupmypc.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mypcbackup_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\mypcbackup_title.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa96b7.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa96b7.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa96b7.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa96b7.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa96b7.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse55ae.tmp\nxs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsec8a4.tmp\tkdecript.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfd119.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nshfa8b.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\nsdialogs.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\nsweb.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj56ad.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjd611.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjd611.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjd611.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjd611.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsjd611.tmp\toolkitoffers.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskbff4.tmp\version.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsme05c.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsme05c.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsme05c.tmp\nsurl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp11a7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp11a7.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp11a7.tmp\nsurl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq3efa.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\nsarray.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss3498.tmp\toolkitoffers.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssfca2.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssfca2.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssfca2.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssfca2.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssfca2.tmp\tkdecript.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\buttonevent.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\modern-header.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\modern-wizard.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw750.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsyb87e.tmp\tkdecript.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz6543.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsz6543.tmp\nsurl.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsz6543.tmp\nsurl.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\okitshop_image.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\okitshop_title.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\optimizerpro_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\optimizerpro_name.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\optimizerpro_title.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\passwidget_image3.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\plushd_image1.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\pricepeep_logo.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\richtext1.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\snapdo_terms.rtf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_addlyrics.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_babylon.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_babylonv2.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_babylonv3.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_browseforthecause.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_bubbledock.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_coupish.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_coupondropdown.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_dealply.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_delta.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_downloadterms.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_driverscanner.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_falcon.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_fastestchrome.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_fastfreeconvertor.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_freeridegames.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_freesofttoday.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_freetwittube.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_greatarcadehits.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_ime.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_iminent.bmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\square_irobinhood.bmp Generic Write,Read Attributes

48 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
Show More
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Klfhelhw\AppData\Local\Temp\nsz6543.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Dffgypqy\AppData\Local\Temp\~nsu.tmp\Au_.exe RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Dffgypqy\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Dffgypqy\AppData\Local\Temp\~nsu.tmp RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Hhepphuu\AppData\Local\Temp\nseC8A4.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Islhavni\AppData\Local\Temp\nsmE05C.tmp\ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::displayname Vittalia Installer RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::displayversion 1.0 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::displayicon C:\Program Files (x86)\Vittalia\axtan.ico RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::publisher fr.FILEWIN.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::urlinfoabout http://fr.filewin.com RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::uninstallstring C:\Program Files (x86)\Vittalia\uninstall.exe RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::ie_startpage http://go.microsoft.com/fwlink/p/?LinkId=255141 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::ie_defaultscope RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::publisher TELECHARGERS.net RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::urlinfoabout http://www.telechargers.net RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\uninstall\vittalia::dateinstall 2013-04-30-15-14-38 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Qvepxhxw\AppData\Local\Temp\nsp11A7.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetOpenUrl
  • InternetQueryOption
  • InternetReadFile
  • InternetSetOption
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateResourceReserve
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
Show More
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFlushProcessWriteBuffers
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCompleteWnfStateSubscription
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForMultipleObjects
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile

1 additional items are not displayed above.

Encryption Used
  • BCryptOpenAlgorithmProvider
Service Control
  • StartServiceCtrlDispatcher
Network Urlomon
  • URLOpenBlockingStream

Shell Command Execution

(NULL) C:\Users\Vnarnxfy\AppData\Local\temp\d156Installer.exe /KEYWORD=d156 "/PATHFILES=C:\Users\Vnarnxfy\AppData\Local\temp\"
C:\Users\Klfhelhw\AppData\Local\Temp\installer_avast_Portuguese.exe
(NULL) C:\Users\Dbsxrenu\AppData\Local\temp\f7d0Installer.exe /KEYWORD=f7d0 "/PATHFILES=C:\Users\Dbsxrenu\AppData\Local\temp\"
"C:\Users\Olycyuub\AppData\Local\Temp\is-2EVSD.tmp\39fe84510927dfb9eeefe9a4f01e0e2d58971271_0000764096.tmp" /SL5="$20272,744784,54272,c:\users\user\downloads\39fe84510927dfb9eeefe9a4f01e0e2d58971271_0000764096.exe"
"C:\Users\Dffgypqy\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=c:\users\user\downloads\
Show More
"C:\Users\Tqfurvsl\AppData\Local\Temp\is-N1MP4.tmp\8152732c76134b70677cd1d8413e68af70c3895a_0000780288.tmp" /SL5="$80064,744089,54272,c:\users\user\downloads\8152732c76134b70677cd1d8413e68af70c3895a_0000780288"
C:\Users\Hhepphuu\AppData\Local\Temp\itinstallerp.exe
(NULL) C:\Users\Hhepphuu\AppData\Local\temp\e6a2Installer.exe /KEYWORD=e6a2 "/PATHFILES=C:\Users\Hhepphuu\AppData\Local\temp\"
C:\Users\Islhavni\AppData\Local\Temp\installer_avast_Portuguese.exe
(NULL) C:\Users\Xcfcqltd\AppData\Local\temp\f0f3Installer.exe /KEYWORD=f0f3 "/PATHFILES=C:\Users\Xcfcqltd\AppData\Local\temp\"
C:\Users\Qvepxhxw\AppData\Local\Temp\installer_adobe_flash_player_Portuguese.exe
C:\Users\Offzaalc\AppData\Local\Temp\1766717934itinstallerp.exe
(NULL) C:\Users\Offzaalc\AppData\Local\temp\87f2Installer.exe /KEYWORD=87f2 "/PATHFILES=C:\Users\Offzaalc\AppData\Local\temp\"
(NULL) C:\Users\Oinxxuhm\AppData\Local\temp\0364Installer.exe /KEYWORD=0364 "/PATHFILES=C:\Users\Oinxxuhm\AppData\Local\temp\"

Trending

Most Viewed

Loading...