Traffic Exchange

By CagedTech in Potentially Unwanted Programs

Translate To:

Threat Scorecard

Popularity Rank:	56
Threat Level:	10 % (Normal)
Infected Computers:	1,074,009

First Seen:	November 11, 2016
Last Seen:	January 11, 2026
OS(es) Affected:	Windows

The Traffic Exchange software from Microleaves Ltd may be promoted to PC users as a type of shopping enhancer that connects the users to ad publishers directly. The Traffic Exchange application can be installed on Windows-powered computers for free, and you may be lead to believe that the Traffic Exchange provides betters deals on your favorite online shops. PC users may be invited to install the Traffic Exchange program and benefit from personalized discounts, promotions, limited-time deals and exclusive offers. The Traffic Exchange application from Microleaves Ltd is classified as a Potentially Unwanted Program (PUP). The Traffic Exchange software is known to promote questionable computer support companies, invite users to install unreliable cybersecurity tools and run from 'C:\Windows\fvxeupdate.exe.' The program at hand may drop files in the following locations:

C:\Microleaves\Online Application Installer\prerequisites\Traffic Exchange.exe
C:\Microleaves\Online Application Installer\prerequisites\aipackagechainer.exe
C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe
C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.exe
C:\Windows\System32\Tasks\Online Application Updater
C:\Windows\System32\Tasks\Online Application v2 Guard
C:\Windows\System32\Tasks\Online Application v2 OG

The Traffic Exchange program may add scheduled tasks in Windows and connect to ad servers every five minutes. The ads by Traffic Exchange may be presented in pop-up windows, floating ad boxes and may show up as hyperlinked text on pages. Security scanners may mark the Traffic Exchange software as 'PUP.Optional.OnlineIO' and 'Adware.TrafficExchange'. The content loaded by the Traffic Exchange in the browser might include links to phishing pages and insecure pages. It is advised to consider the Traffic Exchange for removal with a trusted anti-malware utility.

Table of Contents

SpyHunter Detects & Remove Traffic Exchange

File System Details

Traffic Exchange may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	aipackagechainer.exe	625151080b293da9ccb7f2100e43255f	6
Name: aipackagechainer.exe MD5: 625151080b293da9ccb7f2100e43255f Size: 385.41 KB (385416 bytes) Detections: 6 Type: Executable File Path: C:\Users\<username>\AppData\Roaming\ZHP\Quarantine\Microleaves\Online Application Installer\prerequisites\aipackagechainer.exe Group: Malware file Last Updated: April 7, 2023
2.	Online-Guardian-v2.exe	b62f3eee71d915df81c040007955b6b9	4
Name: Online-Guardian-v2.exe MD5: b62f3eee71d915df81c040007955b6b9 Size: 622.17 KB (622176 bytes) Detections: 4 Type: Executable File Path: %PROGRAMFILES%\Microleaves\Traffic Exchange Group: Malware file Last Updated: February 17, 2017
3.	Online-Guardian.exe	b1956bcc37f7b28bc8ad2efd16060c87	2
Name: Online-Guardian.exe MD5: b1956bcc37f7b28bc8ad2efd16060c87 Size: 633.39 KB (633399 bytes) Detections: 2 Type: Executable File Path: %PROGRAMFILES(x86)%\Microleaves\Online Application\Version 2.6.0 Group: Malware file Last Updated: August 5, 2017
4.	OnlineGuardian-v2.exe	f4d0dd1537ebebd0a8daa73f60e160be	1
Name: OnlineGuardian-v2.exe MD5: f4d0dd1537ebebd0a8daa73f60e160be Size: 633.27 KB (633271 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Microleaves\Traffic Exchange Group: Malware file Last Updated: April 15, 2017
5.	Online-Guardian-v2.0.9.exe	ab0e97b4881076a20461f49bcafa1d57	1
Name: Online-Guardian-v2.0.9.exe MD5: ab0e97b4881076a20461f49bcafa1d57 Size: 633.38 KB (633383 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Microleaves\Traffic Exchange Group: Malware file Last Updated: April 15, 2017
6.	Online Application Updater.exe	016ce1783d079384774fb3ffee95c169	1
Name: Online Application Updater.exe MD5: 016ce1783d079384774fb3ffee95c169 Size: 962.92 KB (962928 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES(x86)%\Microleaves\Online Application Group: Malware file Last Updated: August 5, 2017
7.	file.exe	1ae34060ed111aec2e3c914270ef6131	0
Name: file.exe MD5: 1ae34060ed111aec2e3c914270ef6131 Size: 921.45 KB (921456 bytes) Detections: 0 Type: Executable File Group: Malware file

More files

Registry Details

Traffic Exchange may create the following registry entry or registry entries:

Regexp file mask

%TEMP%\ww-Online.IO-installer.exe

%WINDIR%\Installer\{010F762A-8645-4AAE-9E69-40254D5147F9}\online.exe

%WINDIR%\Installer\{92C1F287-B8A1-415C-B872-4000F57C055A}\online.exe

%WINDIR%\System32\Tasks\Online Application V2Gd

%WINDIR%\System32\Tasks\Online Special Application[RANDOM CHARACTERS]

%WINDIR%\System32\Tasks\Traffic Exchange[RANDOM CHARACTERS]

%WINDIR%\System32\Tasks\Updater_Online_Application

%WINDIR%\System32\Tasks\Updater_Online_Special_Application[RANDOM CHARACTERS]

%WINDIR%\Tasks\Online Application V2Gd.job

%WINDIR%\Tasks\Online Special Application[RANDOM CHARACTERS].job

%WINDIR%\Tasks\Traffic Exchange[RANDOM CHARACTERS].job

%WINDIR%\Tasks\Updater_Online_Application.job

%WINDIR%\Tasks\Updater_Online_Special_Application[RANDOM CHARACTERS].job

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{010F762A-8645-4AAE-9E69-40254D5147F9}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{438465C5-D78D-4958-B31D-60374B5042F4}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{92C1F287-B8A1-415C-B872-4000F57C055A}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{DBABED16-1BB7-4805-B24B-7424A372AB0F}

SOFTWARE\Caphyon\Advanced Installer\LZMA\{F0847AE0-465A-4D7B-A555-AABB43B550F0}

SOFTWARE\Caphyon\Advanced Installer\Scheduled Tasks\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A

SOFTWARE\Classes\Installer\Products\5C564834D87D85943BD10673B405244F

SOFTWARE\Classes\Installer\Products\61DEBABD7BB150842BB447423A27BAF0

SOFTWARE\Classes\Installer\Products\6F4136C48ED2453458A6876797EA4F70

SOFTWARE\Classes\Installer\Products\782F1C291A8BC5148B2704005FC750A5

SOFTWARE\Classes\Installer\Products\A267F0105468EAA4E9960452D415749F

SOFTWARE\Classes\Installer\Products\C5EB7F25B3C2B7C49AD61FB9E91C99D2

SOFTWARE\Classes\Installer\UpgradeCodes\A3B7F0A2A2BF143479D11833E902B61F

SOFTWARE\Microleaves

SOFTWARE\Microsoft\Tracing\Online Application Updater_RASAPI32

SOFTWARE\Microsoft\Tracing\Online Application Updater_RASMANCS

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Special Application V2G1

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Special Application V2G2

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Special Application V2G3

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange Updater

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Special_Application

SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\LZMA\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

SOFTWARE\Wow6432Node\Caphyon\Advanced Installer\Scheduled Tasks\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

SOFTWARE\WOW6432Node\Microleaves

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

Online.IO

{010F762A-8645-4AAE-9E69-40254D5147F9}

{102BD58E-AC7E-47DB-B2AB-4A444FFF82CF}

{438465C5-D78D-4958-B31D-60374B5042F4}

{44FE85D7-4C36-4A76-A3CF-2BFFEBB76C09}

{4C6314F6-2DE8-4354-856A-787679AEF407}

{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}

{57281722-3238-4A30-AAE7-85D93977E0FE}

{57629D30-3D4C-4BA3-9EE2-D38E56D7221E}

{5C2B5FB4-B961-4BA8-AAC5-11381225A8FA}

{804C6085-8AFA-452E-8567-55FE1BF21FBF}

{92C1F287-B8A1-415C-B872-4000F57C055A}

{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561}

{DBABED16-1BB7-4805-B24B-7424A372AB0F}

{E7B046D6-CF45-4063-9BB8-DE124614885C}

{F0847AE0-465A-4D7B-A555-AABB43B550F0}

{F972E1E6-EE44-4BE6-8264-4B88ED176BDA}

Directories

Traffic Exchange may create the following directory or directories:

%ALLUSERSPROFILE%\Microleaves

%APPDATA%\Microleaves

%HOMEDRIVE%\AppData\Roaming\Microleaves

%HOMEDRIVE%\Users\Default\AppData\Local\AdvinstAnalytics

%LOCALAPPDATA%\AdvinstAnalytics

%PROGRAMFILES%\Microleaves

%PROGRAMFILES%\Online-IO

%PROGRAMFILES%\Online.IO

%PROGRAMFILES(x86)%\Microleaves

%PROGRAMFILES(x86)%\Online-IO

%PROGRAMFILES(x86)%\Online.IO

%USERPROFILE%\Local Settings\Application Data\AdvinstAnalytics

%WINDIR%\INSTALLER\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}

%WINDIR%\INSTALLER\{F0847AE0-465A-4D7B-A555-AABB43B550F0}

%WINDIR%\Installer\{438465C5-D78D-4958-B31D-60374B5042F4}

%WINDIR%\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

%WINDIR%\SysWOW64\config\systemprofile\AppData\Local\AdvinstAnalytics

%WINDIR%\System32\config\systemprofile\AppData\Local\AdvinstAnalytics

%WINDIR%\system32\config\systemprofile\AppData\Roaming\Microleaves

%WINDIR%\syswow64\config\systemprofile\AppData\Roaming\Microleaves

Analysis Report

General information

Family Name:	PUP.Traffic Exchange
Signature status:	No Signature

Known Samples

MD5: 2b668b082327c837962c025b4fe39cf9

SHA1: 4b290fec2aea3d2dab28b78f7a4d86a16673c912

SHA256: C05B5B66C6101E7A7532D8086BEB4682DB80535FB02839CA02A4140F5EA701F8

File Size: 1.11 MB, 1114431 bytes

MD5: f5d11eaf8ebfb21bceffa953b25b4bd7

SHA1: 3408787835b53960b24b35d07ec5cda39f091f23

SHA256: C473CAB817FF208075C4D0D7A387E0FA868C6CF736E8E0B3968AC2B73617DCF5

File Size: 862.26 KB, 862262 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	AdvancedWindowsManager
File Description	Windows Updater 5.0.4
File Version	5.0.4 1.00
Internal Name	TJprojMain Windows Updater
Legal Copyright	Copyright (C) 2022 AdvancedWindowsManager
Original File Name	Windows Updater.exe
Original Filename	TJprojMain.exe
Product Name	Project1 Windows Installer
Product Version	5.0.4 1.00

Digital Signatures

Signer	Root	Status
Microleaves LTD	DigiCert Global G3 Code Signing ECC SHA384 2021 CA1	Hash Mismatch

File Traits

Windows API Usage

Category	API
Other Suspicious	SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Traffic Exchange

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Traffic Exchange

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Windows API Usage

Windows API Usage

Submit Comment

Trending

PUP.RocketCAT

Pzdc Ransomware

Trojan Downloader.Win32.Devsog!k

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...