Analysis Overview
SHA256
ab189ea48bea31159a35dbc810496a47a3fca3368370a04922967a78bdea4510
Threat Level: Likely malicious
The file 2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Checks computer location settings
Registers COM server for autorun
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Enumerates connected drives
Checks installed software on the system
Drops desktop.ini file(s)
Adds Run key to start application
Installs/modifies Browser Helper Object
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies Internet Explorer start page
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-30 11:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-30 11:29
Reported
2024-04-30 11:32
Platform
win7-20240221-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F252-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F245-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F38D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2B9-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FECEAAA3-8405-11CF-8BA1-00AA00476DA6}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4BA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4FC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4B8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLGenericElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F251-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5D8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3FE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{163BB1E1-6E00-11CF-837A-48DC04C10000}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\InprocServer32\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\ = "mscoree.dll" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F248-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLAnchorElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F284-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLTitleElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7F6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.FramesCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4BA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4FC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4FE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLStyleSheetRuleClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F281-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F6AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F282-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLBaseFontElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{163BB1E1-6E00-11CF-837A-48DC04C10000}\InprocServer32\Class = "mshtml.HTMLLocationClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\ = "mscoree.dll" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7EF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLFontElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F269-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F491-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\ThreadingModel = "Both" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3D0-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.DOMChildrenCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F6C8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLDefaultsClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F270-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F273-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLLIElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F279-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLNextIdElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7F6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{163BB1E1-6E00-11CF-837A-48DC04C10000}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\ThreadingModel = "Both" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F580-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLStyleSheetRulesCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F272-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F270-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7F6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.FramesCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F35D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F26F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2E4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLStyleSheetClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Windows\CurrentVersion\Run\Browser Infrastructure Helper = "C:\\Users\\Admin\\AppData\\Local\\Smartbar\\Application\\Smartbar.exe startup" | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}\NoExplorer = "1" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}\NoExplorer = "1" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f761f05.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Infrastructure.Utilities.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Installer.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.UninstallerForm.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\C8KZRW3L\System.Data.SQLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.SetBrowsersSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.ProductUninstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\CDRKKUY4\Interop.SHDocVw.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.LanguageSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Installer.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.SetBrowsersSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.LanguageSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Microsoft.Practices.EnterpriseLibrary.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.UninstallerForm.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\System.Data.SQLite.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.ProcessDownMonitor.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\G9HRDF8X\Interop.IWshRuntimeLibrary.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\f761f08.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3100.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.UninstallerForm.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.LanguageSettings.resources.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\M52GD9J6\Microsoft.VisualStudio.OLE.Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f761f0a.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.LanguageSettings.resources.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.ProductUninstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Microsoft.Practices.EnterpriseLibrary.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.ProductUninstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Installer.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\RegAsm.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\System.Data.SQLite.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.BrowserHelperUtils.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Smartbar.Resources.ProcessDownMonitor.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\Smartbar.Infrastructure.Utilities.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3816.tmp-\RegAsm.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Microsoft.Practices.EnterpriseLibrary.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Microsoft.Practices.ObjectBuilder.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20AA.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3111.tmp-\Microsoft.Practices.EnterpriseLibrary.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURL_JSON = "http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Smartbar.exe = "9999" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\Total = "196" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\Total = "256" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\Total = "293" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\UseHomepageForNewTab = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\Total = "222" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "202" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Search\Default_Search_URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\User Preferences | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\Total = "231" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} = "Smartbar" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "196" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Search Page = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F346A491-06E4-11EF-A3B3-6A83D32C515E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ynet.co.il\ = "196" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000f6b974b97656ea5929f687e8d942ef906527d1fa3b952655d198174ff614c53a000000000e800000000200002000000013965fe9a088b77ad421f02760d592b2e8cea835a01c72bf48163da539dca41290000000ba36edab60326f35f715536b952603985e425d6b6bd8057f59e7b6bd92edc5a6343127ae4f3780aae5ed51276e23056e0581e3b51c17a187fb1f98ff2bfbbfebcdb1edefd1b9b1ad684fd837f7c915e0aa9ade10de0b960f39a4902159e2c6310273cbb2fd468ee85a51eb57d6055ad6b65113571a4879389d12f5149b41bb94b3c35d29d6517ffe510faa01c1999d5340000000d8b6544b522914a24405250f219375f7d5a357651d4f3f5eddf9a9815ee5f1cc48556a42b1cfbb31fcd74cfd906ff8b320f06d9108c3f299b778c374ad46e662 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Search Bar = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\DisplayName = "Web Search" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\ynet.co.il\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "256" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\MAO Settings | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ynet.co.il\ = "222" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "231" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ynet.co.il\ = "293" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ynet.co.il\ = "256" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\DisplayName = "Web Search" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "222" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\Default = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Search | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{006ee092-9658-4fd6-bd8e-a21a348e59f5}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ynet.co.il | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\ShowTabsWelcome = "0" | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=3d5efad4-48a5-4d53-ad77-ecc4db840d94&affid={affid}&searchtype=hp&babsrc=lnkry_nt" | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F2AE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{84385E4D-357D-3D36-976A-725E44ABB78E} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{3FCB7A29-B2EE-3458-93FB-68B840DF3DC0}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F6C8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F630-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D48A6EC9-6A4A-11CF-94A7-444553540000}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F279-98B5-11CF-BB82-00AA00BDCE0B} | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{D0A77F11-94B6-3863-BA84-FFCC85309928}\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6E7B0F28-0DDC-3AFF-A175-CD28A181C7EC}\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F5F5-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F316-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLIFrameClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F284-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F25D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLDOMAttributeClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8C0A7C91-D77F-3637-9090-08B639665910}\7.0.3300.0\Class = "mshtml._htmlWrap" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLLinkElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F280-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F3E9-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0B6629F3-9B9B-3017-84F8-9580573810D8}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F80E13C0-EF26-3EDE-887E-8EA2498C0B99} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F251-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F282-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7716A370-38CA-11D0-A48B-00A0C90A8F39}\1.1.0.0\RuntimeVersion = "v2.0.50727" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLLabelElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F252-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F2AC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLTextAreaElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BD3026D1-A1C0-386F-B46F-71131FA56E4B}\7.0.3300.0\Class = "mshtml._RemotableHandle" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4BA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{78C1BD14-4E05-34D5-90D8-E821FB657DEC}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F278-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLIsIndexElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F28A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F26A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0D4F52BA-91D9-3585-B305-F8AAF0B1DBAC}\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{5E8433C3-CEE5-399A-883B-0FBB33FA9689}\7.0.3300.0\Class = "mshtml._styleAuto" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2BDB5CBB-72A0-3779-B85A-B00325551F92}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FECEAAA3-8405-11CF-8BA1-00AA00476DA6}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E937FBB3-7ECA-3FA9-95E2-FB9266F8A306} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F5D8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLInputElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{44F8A905-4739-3126-A4C7-C719CFD0F7CD}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8C0A7C91-D77F-3637-9090-08B639665910}\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F26D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{777BF24E-A6C1-301D-8F59-25FC964EEC68}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C8872B56-D98C-3C12-B8A9-9F81495D11D3}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F7F1-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F25D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLEmbedClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{17EC906B-6004-331A-8325-B4422D1ED446}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTCDescBehaviorClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F279-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\ = "IESmartBar.SmartbarDisplayState" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msiexec.exe
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi /quiet
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 96520081D9CE7D0E8115DC9C245C8927
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI20AA.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259399897 1 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationStart
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\j474wrh3.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2444.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC2443.tmp"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI3111.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259404047 5 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationRemoveFiles
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI3816.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259405856 9 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationComplete
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe
"C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ynet.co.il/
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sxjczocc.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES476D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC476C.tmp"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ccsum_lo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES48E3.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC48E2.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bt3upqis.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4941.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4940.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dbzswklo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES49AE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC49AD.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\85h7jb9z.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A0C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4A0B.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7z7h2ep7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4A5A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4A59.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\wvz_kgst.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4AA8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4AA7.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\t8imu7pi.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4AF6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4AF5.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\hldngcfp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4BFF.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4BFE.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gi6zkxbp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4C6C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4C6B.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cyl32rbv.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4D47.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC4D36.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\-z8nylfe.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES566B.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC566A.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7pcc3vm6.cmdline"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1134078504-5333251316573746993217681451498692252-157495060818701150971983980631"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES59B5.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC59B4.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lj0ooqag.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA094.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA093.tmp"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cloud-search.linkury.com | udp |
| US | 8.8.8.8:53 | linkurytest-webservices-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | linkurytest-webcomponents-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | linkurytest-webservices-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | linkurytest-feedrouter-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | www.ynet.co.il | udp |
| BE | 2.21.17.161:80 | www.ynet.co.il | tcp |
| BE | 2.21.17.161:80 | www.ynet.co.il | tcp |
| BE | 2.21.17.161:443 | www.ynet.co.il | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | totalmedia2.ynet.co.il | udp |
| US | 8.8.8.8:53 | ynet-pic1.yit.co.il | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | totalmedia2.ynet.co.il | udp |
| US | 8.8.8.8:53 | cdn.flowplayer.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| BE | 2.21.17.161:443 | totalmedia2.ynet.co.il | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| BE | 2.21.17.161:443 | totalmedia2.ynet.co.il | tcp |
| BE | 2.21.17.161:443 | totalmedia2.ynet.co.il | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| BE | 2.21.17.161:443 | totalmedia2.ynet.co.il | tcp |
| GB | 142.250.200.2:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | middycdn-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | tags.dxmdp.com | udp |
| US | 8.8.8.8:53 | butterfly-button.web.app | udp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | images1.ynet.co.il | udp |
| US | 8.8.8.8:53 | c2.taboola.com | udp |
| US | 199.36.158.100:443 | butterfly-button.web.app | tcp |
| US | 199.36.158.100:443 | butterfly-button.web.app | tcp |
| GB | 23.73.139.48:443 | middycdn-a.akamaihd.net | tcp |
| GB | 23.73.139.48:443 | middycdn-a.akamaihd.net | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| BE | 2.21.17.161:443 | images1.ynet.co.il | tcp |
| BE | 2.21.17.161:443 | images1.ynet.co.il | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 3.162.20.116:443 | tags.dxmdp.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| US | 104.18.7.158:443 | ynet-pic1.yit.co.il | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| GB | 18.165.160.82:443 | cdn.flowplayer.com | tcp |
| US | 8.8.8.8:53 | linkury.blob.core.windows.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 8.8.8.8:53 | cdn.permutive.com | udp |
| US | 8.8.8.8:53 | upapi.net | udp |
| US | 104.17.118.17:443 | cdn.permutive.com | tcp |
| US | 104.17.118.17:443 | cdn.permutive.com | tcp |
| US | 8.8.8.8:53 | iframe.ynet.co.il | udp |
| US | 8.8.8.8:53 | w.ynet.co.il | udp |
| US | 8.8.8.8:53 | cdn.brandmetrics.com | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| US | 8.8.8.8:53 | static.chartbeat.com | udp |
| US | 8.8.8.8:53 | s.skimresources.com | udp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| US | 54.69.25.197:443 | events.browsiprod.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| US | 151.101.2.202:443 | s.skimresources.com | tcp |
| US | 151.101.2.202:443 | s.skimresources.com | tcp |
| US | 172.67.69.191:443 | cdn.brandmetrics.com | tcp |
| US | 172.67.69.191:443 | cdn.brandmetrics.com | tcp |
| GB | 18.172.91.153:443 | static.chartbeat.com | tcp |
| GB | 18.172.91.153:443 | static.chartbeat.com | tcp |
| GB | 18.165.160.93:443 | cdn.exelator.com | tcp |
| GB | 18.165.160.93:443 | cdn.exelator.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| NL | 23.62.61.121:443 | analytics.tiktok.com | tcp |
| NL | 23.62.61.121:443 | analytics.tiktok.com | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| GB | 13.224.81.62:443 | yield-manager.browsiprod.com | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 63.35.51.142:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| IE | 34.249.200.254:443 | w.ynet.co.il | tcp |
| BE | 2.21.17.161:443 | images1.ynet.co.il | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 13.224.73.189:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 104.26.9.27:443 | upapi.net | tcp |
| US | 104.26.9.27:443 | upapi.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| US | 54.69.25.197:443 | events.browsiprod.com | tcp |
| GB | 18.172.91.153:443 | static.chartbeat.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 151.101.2.202:443 | s.skimresources.com | tcp |
| US | 151.101.1.44:443 | c2.taboola.com | tcp |
| US | 8.8.8.8:53 | alerts.ynet.co.il | udp |
| BE | 92.123.51.247:443 | alerts.ynet.co.il | tcp |
| BE | 92.123.51.247:443 | alerts.ynet.co.il | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\smartbar\Setter.dll
| MD5 | 8b809d7fdef6c276791186b0d97ae839 |
| SHA1 | ad1202b0578aca08feee0f6937a14ec66fc7d653 |
| SHA256 | ee7ce728fc421cd33250ad55c5ef0effa3ecc71a0f2ac3b918636dee0f5f84d1 |
| SHA512 | aef7f1eba4fc8942c67873fd48377bbcfff83aafc0f7a5a32d85df00f13ceada6c60544b57c674b4e9595e7f67ef24f5855b9ce27bdab045fb9502b349f91539 |
\Users\Admin\AppData\Local\Temp\smartbar\sqlite3.dll
| MD5 | fec17d5fb09a03376d3aa204c65562a7 |
| SHA1 | 2966508d76523b2c2d28713612b472e7256c66fc |
| SHA256 | 1e384af4479ba64bd2fa02b00603205c4b0a99a468cfa4cc33cdca7bac845bec |
| SHA512 | 4e250955a0b6e2a22d41cf24eecc88d3a36de1308c089d8f8ab02beed434f0ed44583f048ca2b436788b7c80ec1c7f0cd79166b3e62d040566c99aa536b9c11e |
\Users\Admin\AppData\Local\Temp\smartbar\HistoryWrapperService.dll
| MD5 | 0fb00dcd1887e0e1339c630137c422f4 |
| SHA1 | 40e83a2b22610e3d718dff15955cca69b54d7d2a |
| SHA256 | d9cc21c8899168bbd783d8488405af97f19a18f2402d76683fb3f08733f402c3 |
| SHA512 | 66ba4cc70217ed30f3a5c203e0515025400e03ccd605ab4151ebcaaa078a67c8e9d36d5c7ccbd1883a1a75de5bb5b5c04dff1a975d3e1c0a5cef4eccae4be4a1 |
C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi
| MD5 | ab3c448a172f887a9a41a98bc37baeb6 |
| SHA1 | 4f564531b856433e34755d5f28ed91db09238fb0 |
| SHA256 | e59bd7fa9ff296101ce04bbdff361af630a4dbe5fa2020d5da11e9ecd8e490fd |
| SHA512 | 413960883fca3da12fbef69b6501a114fa9f7e9f2e420fc6bca69a8feb19b110745fb22e8709058ac187c13932efb84921e0e31d0adad99ec2f0a6b1d063e6a2 |
C:\Windows\Installer\MSI20AA.tmp
| MD5 | 50431b75630bbf6b3c245e3c675a90c7 |
| SHA1 | 3e99780baa1447056e63bdb677f4d3248e65d855 |
| SHA256 | 4bbcb65193711559141311b1bbcde46471a3836248a96b374c4316e1e0cee161 |
| SHA512 | 62377d84c8db9ef2361db6adc65efd6835405b945156e7680d6c102b4184d5a259dd61ca3822173781ec09d2f2d7784ce62bee256138b0918e01768629257050 |
\Windows\Installer\MSI20AA.tmp-\Microsoft.Deployment.WindowsInstaller.dll
| MD5 | 34d4a23cab5f23c300e965aa56ad3843 |
| SHA1 | 68c62a2834f9d8c59ff395ec4ef405678d564ade |
| SHA256 | 27cf8a37f749692ab4c7a834f14b52a6e0b92102e34b85ffcb2c4ee323df6b9c |
| SHA512 | 7853f1bc1e40c67808da736e30011b3f8a5c19ddf4c6e29b3e0eb458bea2e056fe0b12023ceac7145c948a6635395e466e47bdd6f0cfa1bd7f6a840e31e4694c |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Installer.CustomActions.dll
| MD5 | 6e7e63c2978f2139fc480fa3987c2454 |
| SHA1 | 494c95837404aea3a17f558a70124350cbe0b665 |
| SHA256 | ef4fbe7fb8ea3db0a6c1d2e3ea85dbdc3b2fe9e203eb4f47f286f9686b70b0c9 |
| SHA512 | 8201f6808cebbf8054fd430605d3f792ccf30816d115cee6087b856d07abb7198a028155113ca66d39a6aaf9c8cf33a40c50e1d40a358050d70a7cac8f8ff097 |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll
| MD5 | 5828e61533ad8765e34c8bd5b2684768 |
| SHA1 | 819ca2ba6ceaac7042f0d106f9bbd5b299dea954 |
| SHA256 | 026e85591c1d8f9f6f9103ba5aa1c18ba23c28bd57e56823f4e11ac0abacd4f3 |
| SHA512 | b5fb79e30c3ca749a5478231ca3bcdfd558db9ef0d87852849b29e6554af305b4eda4f4be9b24e0fd4fa3e371d413f19b0b5f1e1f913b9e31dcb8e5b0b1442c8 |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.SetBrowsersSettings.dll
| MD5 | 68462e5ccace2103619f9501c7accf51 |
| SHA1 | 54e402eef5863227eb1128e17ccfc96bcc1b0c73 |
| SHA256 | bc31faeea673328c8624334b8d9f699a71221a570043d43f90d1f4672939e776 |
| SHA512 | 162c45d1775e0c77ec6b7c7bbf483142a020193f6f07812e4e48c1686cd791758736d75317f3c796bba30464a92f41fd95c80d8a1d176f13aa7aa6623a13066e |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.BrowserHelperUtils.dll
| MD5 | 528b6340928ec73f7d3726396e3b8607 |
| SHA1 | 36fececd456ed486e83185a39266aaa93d9a3851 |
| SHA256 | aaecb4c15e8a307714a92d2d962c12b35943058165369140abeda750fdc2bccf |
| SHA512 | 8cc45713604754832c6f70883f67996564d62e6c41f660fd3c69dd1900c50afa4360b97842c95e9a0fcb39007070549d8bbae069dedd1573511de99b33bf26ef |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Infrastructure.Utilities.dll
| MD5 | 5514445cbc6717bc543e993a27b45614 |
| SHA1 | 463fea10195dc9d95c3b185ddc0216154f138843 |
| SHA256 | 515f391b52077e9c54f0dab77b39195378b12be557af43be4d60d078a9c59c2c |
| SHA512 | 1aceac5534980905717ea30424ef3c8822cec68093ff3dbaf4ea7be52efb2db7f2869bffe5a059c401c50c852d387882233bbba6db544ed77ee81ddd2eb613b8 |
\Windows\Installer\MSI20AA.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll
| MD5 | 685a150a95abcc23eff7167e45b55eee |
| SHA1 | 7f6f6e6fb67b4eb578598f423ea284e01e12da00 |
| SHA256 | 29feba57a0184ab164d6c5d0195c3b9c1f21e120a5853eee0afc6a66c5ef6a29 |
| SHA512 | f499ad24337adec2e78a6a4236877b27530d61deaf73cc09263f34c66c0ea84fbcdb057a70dd692c79e1608b69bc8945eff6ee346bb0a4efb3c8c5d4a2f8e703 |
\??\c:\Users\Admin\AppData\Local\Temp\j474wrh3.cmdline
| MD5 | 23f5724739645ae5ab0da82273181171 |
| SHA1 | 5f40175d736d0d931b041a9e2ca44b133e0a15c8 |
| SHA256 | 6720302b00e40f075c4c16d4afb74d6331aa4b4396cb4f36cda48dc362a66d52 |
| SHA512 | 7aa731aa5a58d2f8737db0b2263b9f82bee45eda71ef0ae14997d1dcdfb2fb749c76125f7b72d5e997f9e3ad0c4fe4b4054d6f241bd70a0efa0fc16b72224eb5 |
\??\c:\Users\Admin\AppData\Local\Temp\j474wrh3.0.cs
| MD5 | 80d63b882b411290f39d49cd220b9099 |
| SHA1 | c045a403ee8e63bf0f745ae71d573371cc5fd547 |
| SHA256 | 588b5a7b7054402f78db94a328401454031310687eb90aa81871d3dc029c9da2 |
| SHA512 | df6ddc155b36e3440023b3cfe7b6f86aaa8c9a525d2154fc432f4db03068e8ef0734da57fede2606e011d70392b3ae4744ce11387d23267b656eca2028a207bd |
\??\c:\Users\Admin\AppData\Local\Temp\CSC2443.tmp
| MD5 | 9309c6f9d635d8e3ea525e9dbf1db3e7 |
| SHA1 | 8ff2cf1be969fd372f16362bf0fc443c8e8583e7 |
| SHA256 | c9d26599d1c056148abaccf6c9f7c4110daff507c67ed79513105b4915a7c515 |
| SHA512 | a265348dc0c10caa6d8638cda63362f63f0a69fe416d3cd589febe2e74b650071b663533d88d504607a11ead7c0da1cb88bc68064ecc45229f5591864825f80e |
C:\Users\Admin\AppData\Local\Temp\RES2444.tmp
| MD5 | 89c20a4d6fbf9a14aa987692433de3e6 |
| SHA1 | bdeef5ed9fa576270b4a330b6ff454c436eb1d24 |
| SHA256 | 51fdf44f5fcbd7c53ad48398b79398280e3b7b0ea6d8453771c8103aecb49799 |
| SHA512 | b5f4db8ae9f066d08a6d1e552ae430a5d084df0f2fbef2a43e2babdc8969e179b2f40dbfc12bab96aeb4dd08b25ca39c006c5a178f87678f6a1049cbf3f2ea26 |
C:\Users\Admin\AppData\Local\Temp\j474wrh3.dll
| MD5 | 6a0a02a78ac291640eed2ce6ba0d60d0 |
| SHA1 | 79cf611f9736d7e4dffd5d90cf586a50ab26dedb |
| SHA256 | d0665e6cbbb09933f28d430a68e19d5d05950f799db142ef7f6d346e317e5f93 |
| SHA512 | 335b06a905fd5f4a0b7ca86357a859204dd3f57910fcc4d35b35c4217341a1c9e88142164f6d41e818fd7a05681340e65d0bd8e639bbe14baf8681ecd319f9f2 |
\Windows\Installer\MSI20AA.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
| MD5 | 7868ed46c34a1b36bea10560f453598f |
| SHA1 | 72330dac6f8aed0b8fde9d7f58f04192a0303d6b |
| SHA256 | 5c17864f1572acec1f93cf6355cfd362c1e96236dcba790234985a3f108d8176 |
| SHA512 | 0cc913337e3334ff0653bc1fad044d9df60a8728c233dcc2c7f6139f14608740b70b57c25a9d2d895cbc4d59508779f342a72406e623d30365ae89fb2a3607ba |
C:\Windows\Installer\MSI3111.tmp-\CustomAction.config
| MD5 | 796621b6895449a5f70ca6b78e62f318 |
| SHA1 | 2423c3e71fe5fa55fd71c00ae4e42063f4476bca |
| SHA256 | 09be5df7a85545fd93d9fd3cd1d6c04c6bfe6e233c68da6f81c49e7a35fcbb84 |
| SHA512 | 081cf1dadb3a0e50f0a31ab03e2b08e80298c06070cd6f9b2806c08d400c07134623f7229a6c99910c6243dfa53c6e2c05d09a497aae1e701bc34b660cf9e4c9 |
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
| MD5 | e2afcd44f03640cb955547472864ebb7 |
| SHA1 | 7e081f8f79d2f364123378b843cf412e9786c682 |
| SHA256 | a262c908f6ac958f98fe88712c27dc24120af57792cd67f5e42b3f5d5376ff26 |
| SHA512 | 54d022419caaaf539ecbad37c33b5b97b0b84115d3056dd9ffd24645cdf49e54dac86616a1262e2c2692aae10ab53cc651884edd551ad82a8dab7e5f594d3c54 |
C:\Users\Admin\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.png
| MD5 | e6ab030a2d47b1306ad071cb3e011c1d |
| SHA1 | ed5f9a6503c39832e8b1339d5b16464c5d5a3f03 |
| SHA256 | 054e94c94e34cef7c2fad7a0f3129c4666d07f439bfec39523dca7441a49bd7c |
| SHA512 | 4cbb002cc2d593bafd2e804cb6f1379187a9cae7d6cc45068fda6d178746420cc90bcd72ba40fc5b8b744170e64df2b296f2a45c8640819aa8b3c775e6120163 |
memory/2468-608-0x00000000003F0000-0x0000000000400000-memory.dmp
memory/2468-611-0x0000000000420000-0x0000000000446000-memory.dmp
memory/2468-641-0x0000000000EC0000-0x0000000000EE0000-memory.dmp
memory/2468-727-0x0000000001E60000-0x0000000001F43000-memory.dmp
C:\Windows\assembly\tmp\C8KZRW3L\System.Data.SQLite.dll
| MD5 | 5b3d3a627813bcef2d7a8651941f2a96 |
| SHA1 | 18713ace817081d3b99bb71e01030842345dc750 |
| SHA256 | 2f7e3f285a523b3d918fe8b3cbd3d42d2380835779a1a8b50ccf6bb365a915bc |
| SHA512 | fc6754246a071a40bf64d8a66bb7b4f926f031dfe17c25a3e7d37d8421757afad99837f28bf754fb894ca0e19f7b13850557b208b21c4566479619e77cafdff3 |
C:\Windows\assembly\tmp\CDRKKUY4\Interop.SHDocVw.dll
| MD5 | cc0611a32becda6d37695f38755a891f |
| SHA1 | 2b987c4cbe8de69b40f4096d424aca5469f90fe5 |
| SHA256 | 9daf27aea3c266457e50501cbaf1485a81c15f2dc51a84609bb5417d286a2769 |
| SHA512 | bcae75594167257341ac903fbe2a7cb4da6b49044bfaad6bc523f2efcf8aac98a417564d48cdfc57fafa7a74c6a7041b725a7b5112082b499ff2d23d05bcccac |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
| MD5 | 7d82602fd39678499b81f256f18f9a36 |
| SHA1 | d9be0c95408764f46400804cfc55cd61a58356aa |
| SHA256 | c8c01f78b52dbd0a9c0d290a555e3d1f37388d3fb00136c070d3ccaa84404b68 |
| SHA512 | f6bf079799e97643e3ae1ea8d04704f60204babb64a8d7e0dfe8dbe66117eeddcb893d0b2e081838217af5153b0fe1fbe0627523ce13f20bc309cfcd11e96ec0 |
C:\Config.Msi\f761f09.rbs
| MD5 | 3ff2934c9da2476e95fff8b9b4e966ed |
| SHA1 | 2825436abb17279b7cb548642b7894203786ddc2 |
| SHA256 | 21e50cdc00936b15ca05246ceedace6d2b23833a72775986bc1ac1093510edfd |
| SHA512 | 409843739950451852987d842f9fee158ff7ebf0b68b58286a677b65eba2d3e943debacb02d4cb386cbab6a27c369359176b21ecc71d2fffa3e6a511537d3b2e |
C:\Users\Admin\AppData\Local\Smartbar\Application\hahpwxde.newcfg
| MD5 | 579a6d1c598c872127d8cf326ea131f0 |
| SHA1 | bea8f3a87b19972d50f6bab15de95d442f3e1575 |
| SHA256 | 11b64b9a084c7b0bc34a89f03dc65356626ebacf3a7ca3148822151c87f8d236 |
| SHA512 | 3fb709a8931dc21644d796aaf37ffda4c8b5af1f5050a4053b4a265d59be96179b7bbe8da7939dc70779f2bafc29d27c07d41df95feb98fb769d179d0b731d89 |
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml
| MD5 | 0be303ed4cf1b6a49b4a81479a0ad1c8 |
| SHA1 | 88748f992eb2042b2bb04c41b5d015dd8ebc4fa6 |
| SHA256 | ef01c5ec76d0f43a2cb79023bf829b34671dd652beca34cab258677e87ecb542 |
| SHA512 | 14df5f8149f62e17b7741c71929f69fa37e0d4326a67998f2dce65c67bd37caae9be0fcd0eb55974ea0c271943363644e1d605ab328b31f9d97b16687df0c3e5 |
memory/1800-844-0x00000000009D0000-0x00000000009E8000-memory.dmp
memory/1800-845-0x00000000009D0000-0x00000000009E8000-memory.dmp
memory/1636-846-0x0000000000A20000-0x0000000000A46000-memory.dmp
memory/1636-847-0x0000000000A20000-0x0000000000A46000-memory.dmp
memory/1524-848-0x000000001C530000-0x000000001CCD6000-memory.dmp
memory/1524-849-0x000000001D490000-0x000000001DC36000-memory.dmp
memory/2780-850-0x0000000000890000-0x00000000008B6000-memory.dmp
memory/2780-851-0x0000000000AA0000-0x0000000000AC6000-memory.dmp
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xml
| MD5 | 2abe611701543aa2466068aa14911b69 |
| SHA1 | f76194c23ce68539fee686a23b963c163e6387fd |
| SHA256 | c3579133e8fa2594d61a754baa38f8614c2b5e85a3cedb6b1c5881fdb358aaa3 |
| SHA512 | 62a4f98f82c5fc2aee85120f223577518dc9a41bc80ce6179f9b1557bc7e127ede57f9059f39ed86ad782ff91f31fce69449a38adda4168145cd179568d5a30e |
C:\Users\Admin\AppData\Local\Temp\Cab472E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4A2B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/2372-916-0x0000000060900000-0x000000006094F000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d8a65c7c8d79e13f6ef8804c85e664a1 |
| SHA1 | 52507d024235b02931f6370bece12273aca08151 |
| SHA256 | df6b16807902eccaaba8b8e14e2837cb396cbcd41bf78b5d70c9ca4a3682ddb9 |
| SHA512 | 4b3e489bd2c7fe4354dfa400eafba47428c244f1ca1eda8806a992101435a9dd385aaffaadf3409d3da3704f2bde9e55b8491d3d5b1145e2675acda6a62580fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6b11a0efea747a4cffd2e63ca1740a2f |
| SHA1 | 73a789f0f821196c6f615091da661b95ecb80a35 |
| SHA256 | 20794b29b0d071e4b632bea0446b1dea7ef431942d5c87f8f1d7895f68059367 |
| SHA512 | 8326060ee845aad3b9bb7c8e7699a23d4c5748f7aa784110d27aa30e0c38af0c3dce6226f031344efc2cf7600b373de208662935836b8c4e82c3b887416a9ba5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 761ac792b305b1e44a6657f715096443 |
| SHA1 | 5c62163f7aad193ed60eff51f1c7cd3d6e102907 |
| SHA256 | 737acd6df06ccbf4bfea938d03aed1ee3f44af8a8ed8098dc9678b6321b52fe0 |
| SHA512 | 683a16885f8216682850423ff37dc21fb9041eb6ced9b64ba18fe8b2393bfd1652b99cd7f582d0c6c705ed96667b4131414ed5a13a2a7cb7165102ee649949c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Temp\Tar4D24.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1993583f35c377c49217ea1f7f34d051 |
| SHA1 | c6de1e38d3818a1daf00365aa397c795b5ea455d |
| SHA256 | 63924dbf76faee8ea997a0e550a1f263b2639169177a5186fb33720e5353c5a4 |
| SHA512 | 8f48d0df855e9042a4fd945fcc3b3909efe4ffce2f1a7e19c023cab20332a31867d4a07d28598b622825f31cd5bf5aad59fb32f0166ea710f37860775cf16309 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 28924b66530a8f3d2780105898efa18a |
| SHA1 | 16f191a179090b3de6e3fa87f36b35b823f8d979 |
| SHA256 | ee6fb53863c7e1093e670307139eda49e201deb950abe87de94d301a586647ea |
| SHA512 | cf32f96b4828859b4f9568945ff72a733c60586bd9fdcc58a1fd6add03473310e83c2dc65639694273abbdbce7ca4dae844d2d91c21741b6d245bff0abbc1001 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f26f25f101c2ee79fbc0272516219e7d |
| SHA1 | d84e98a5ad1b7389502139ab5b9b774a97984039 |
| SHA256 | 0c4ac7d202e07e54ee2e062c73a1082e1339189fef82f2cd4f906b2651dc775b |
| SHA512 | 654610139995f9b1f817393d98ff30ba4b20a6234b85c9fd9eaa374f72609781e7608c893b86f385c948778f2970cbf8c94114ebdb3d8e09f18ac75b7e7a5b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 9df5a85e083a48acef6bdc8ed7e31014 |
| SHA1 | 09a7fdd72696eb0cdf0af3267de77eba225c3888 |
| SHA256 | aa19d49ee2139c6b40566c8265265e332aebd5284f219a3bfce6eaf17a88aad0 |
| SHA512 | 492d30dc8e9c027e1d339a31f7db13334961815e3231e9f9b1b73766b1f5ade2c56531667f0785ade03fa6e0b7fba8966c654bd66931f83fd50daa764104d3fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304aa579edb95688bf3ed77fb05b943e |
| SHA1 | 6cf5f658332357f11650274ecd6b977c4e759399 |
| SHA256 | efd2ffcac9e06c559f3d81651b7b222879841d166eb6626d49cbb87cca59da49 |
| SHA512 | eef7a8bfbc93958c7ef22b1cb63b00824dfbaf441c7d03b168a096c77ddb54955596e130a03d4a78252a5d13b3f8518db9746046fd8a5dbcddf1460c6e04aa8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 772a591c2ef568f35cf4e68cd0511fc5 |
| SHA1 | cd4337e070963c6123459266d8ab7e66cfee9eb2 |
| SHA256 | 0d1445f0fb4e81725142c8200911416a5f85f79e7f17aef9c9fb9eaaa66e5e11 |
| SHA512 | 11fdca42fbc611145abb566e4b9d5f9b4732f135337607d1641bcd5d111f5f67318cb5036f65bd75eb5d2a3d147556f497f00d28e9930e6b6e0768f208881839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa4137dcb6795c7ddfa88ca97454a787 |
| SHA1 | fbf0bfe4ac8e0828ae5b1068df9c17b6beba0993 |
| SHA256 | 242442ef6d91fe6222da3dc7d15acad1cc8c0c79c3043bd4a53116bdd39efaff |
| SHA512 | f78d98b3dfc75f35cbb2792be3430748b8744cf5e37a97cdddeaed546d3163df02ff7029337698336eb988389899703cb8ecbba5602c2c45a0900eab0c3e0277 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8c881efcc0be8b66e740c811ef21483 |
| SHA1 | 946c495f8ac7f7bdc35f0ce23989c669b8e8e350 |
| SHA256 | 8627381517d71dc61108fc7c35cc10e5e1f6372b39ea293860e5707e3ea82d81 |
| SHA512 | ee682806aa23e26998d3716839ab2ce60feafbccd7f0f4c4fd4356ad5672d27ee332f4954dd34501d807b85ee89bdc838a263a1c8fcd99960016b3b876e382ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8553024eecd342fb4be8bede6d30c236 |
| SHA1 | 589cbceb4e17639a26d9b9657f98abf5579e9136 |
| SHA256 | 8c58c805eae7cd1f3af72fc3e466c1049575ccbcb21fb461129079c31fbb72c1 |
| SHA512 | 3a64dba0ecb75790ed0a445f4692fe2d68ffd008bfe27e96b642124e423c31fecfb4e4d95e0389f4d5e4699c69d58d8533028045e928e76ca1b98dfff3c3d179 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3674f5c591c1d1701c0dfd5f8ef9f4 |
| SHA1 | ba5a83d50fbbbf7e58c4782d6adc89fe010d4e49 |
| SHA256 | aa01c28c77072b97446d39accb1be62e044c9820b3d0dd2686cbf75ac272d59a |
| SHA512 | 1c983376d0b7b030c12bf2ebbb5f683ef1eb2f14fe649e6f198f145c5dd577ea0ff5b7a93a0e31be9a35de01fd8ea7cf8c4c56ef638a1f0665e0f932735ce43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 83aa37a809909941143f60b7f7a47150 |
| SHA1 | db6774be1cbbed0bf6dd07dd9aef087beb8a1186 |
| SHA256 | 438e5c49bab78e74e0c4ec695e6e73dfe780dea04c66fa32cf40f556ecce4ce1 |
| SHA512 | e22b81afa80e37d1c87fc9c7395f8271f36f82098e9b47bb5f801d53647359e8d8c2eef90a4d78cea344282c340f9f89901f42532dced4354c1410778c7c9ded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | f3364b2a47b4fd8b42df6c653c3be8ab |
| SHA1 | d13e4c6bdfb15dd16a6d10b198a2ac54e5bfc140 |
| SHA256 | 5783656acbff592bbe2334d3ddcf3ba4c63c75719faa93b69726199e19c4260f |
| SHA512 | 578258a4a22b8a10982c390b7de3912b335a3539c0a0d976952b6682e1335bd98101eea51d0760a3577f132b1f68845b15bce6cace72230d76bd5fd038c2055c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f6cbda3a81e1dcaec492d984de5eaa9 |
| SHA1 | bff77023fdfcd0d40c86dc1816eddec786e26daa |
| SHA256 | 3523d5d4a0502b68e44a592625cb887e95a49413a484201eb8ae19383ad15a42 |
| SHA512 | a92b622e27df5c9b34b7250a42843187975e4aebb614470a5bfa0bda43f5545bf3199ac0fe09ee14f6ef7d06f1a94d383d5ac9dfb1d33e25389aca66b74ffeb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 04f55693f112c3464b92c0be8b3ce4c0 |
| SHA1 | ac92428808061a63e9376c143249337992637125 |
| SHA256 | 17a29f51e8fb912d6913ee258dded96f76ad5314d1560a7240d2f87ac692923b |
| SHA512 | 7d7c2de34f6e3d738afc906e1f6ff942c226f7fcdc1e44b486eb0b3def3a3e1b7bd2a0ffb401b76ef7eb5b01abd03522a703c949e4c23f22de5777aca4230142 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30870fd47037debe8f8923e647e2b187 |
| SHA1 | 573ae09143819cb49bf3c518c876415f010181c3 |
| SHA256 | 8c1b0245df27dd213788ce26f3022e02831c7f7b1dcbe88c80bc4413286a86b1 |
| SHA512 | 247974eecdee3ab32f6ed0fa9e459e96a06bc82b89bce39c10971e439d4862137066900104f6ccaa37b2bab4a27432ba2f87619cb3485bd8b0a3ea1f3d498d39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb72f9ebbb8b8af5a540f0aa52d3b882 |
| SHA1 | 051de78dfe03d463e3ba5a634b3336cce67e4bba |
| SHA256 | 1150272f9b332deda76b25220d07232030c3b276726bb48b42372c551e18ff7a |
| SHA512 | ab4bf9148d1fc0e94f6f24e71bfd4692106f300bcb22b39fb7de54df2451d2f33de7f3b63677a3233ce5dbd91d15428b3113f4d1b46bd591ccf026592b7c9bc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6f62023720d8198b87c8e1d222da978 |
| SHA1 | e9f08a3653ae2e8a99bd219c4da6d1cdeae228af |
| SHA256 | 4676abe82b755403c905ec1a1b05b810d2cd116ffa535d1b15000ea9b9b2fa85 |
| SHA512 | 96387367a6293cf6a57eab9941cee8cd07d50e1a2ae97a19a3f50cf64f8ad2555fbd438ae753ab3cf7a54c96c0f277a0d1b26d868543242add08e5e4d0392f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acd22d4bde91616f3af5b7472b44da4b |
| SHA1 | d1f7e37b6840515edf2e41cba8d56acd5393e88a |
| SHA256 | 2ffc923271bab5cec907f6d219c4639fab723ab9ec00e60bf5a8c1b2dda00dca |
| SHA512 | cf8cbc7d6ca25ecf078d8b59137d8ce259b5c2604651a94c029b796912aa4db1072e5f1673c501d3ee6e8149cc5d692534612750607d0fa79e0c480922b96ccb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6dea75f4caaef0c5cce7b79710df5f3 |
| SHA1 | 00a04f90b0b98a2f54242535ef61dec4d1cd9ac4 |
| SHA256 | e9b53d48835d8f9d5b96ffc2f62953287b6fe748d8b0c15424fb2c764f02a339 |
| SHA512 | 37c99ee2701091a86062d1081e3ddcb4fa370ed1f89d46d0c99ce99228981884aa80d6d757d85746fc46647de2203006d8a303d7c3f25d6f5e02c1f1cd3fa29b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdb74beb1bfb3e872e78ecc3b874ef75 |
| SHA1 | c41bc9ec2b1f0f1dfd4321687b7737f7be0285c0 |
| SHA256 | 675f59b30b61f5d86c184fa9f53f1225815b8f446df43dc70882c10d9825fe1d |
| SHA512 | 8649e604a8ff5ee1ae150d6762e8d8f7f45babb29d9924bc49ef7d00462b2a8be317be06e9f6b8c20fcc54c88f6027d060d55ade01639694e9acf80eb9558a66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02e9b944828eff10b77acb872929f6b1 |
| SHA1 | 380110d567e60a27e445f597aa230dfda124d774 |
| SHA256 | 6498baf30d446b4089621d9639288b416b21a936cb2f0bf9642f077089e0b9df |
| SHA512 | df21edc859195ab6d011498e5d25896c22592bcdb76e6180ee3750122a6654cd96eafedd1670fc976650b26b6706717503b77466cf900be8456161d94bfaf2b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfaca32856814f9e252f19ac610788b9 |
| SHA1 | 08e2947089e3c45e006e79574f65841a474698f0 |
| SHA256 | ec0315eeae9fbdd80f4b0036599cad46b37dd0f871390138d8bffbf3fd78e6f2 |
| SHA512 | 3287f45efcf4dde14b4a89ba414bfd481ce189069cd6b5de2c365f52c9741d96bc7f4a11f8fd9db853f15561c22abf00a3bdb902208fbbdfd6dd053a19c60671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47ab50611cddbe2643e5316c3218b7ae |
| SHA1 | e52b4f2ebce1bd238981c880b5aeb5011f4222c2 |
| SHA256 | 9d15b551f5f5f6960759941fd10347dccf40fea8974176256c83ad776032576a |
| SHA512 | a196d4210140fe1e94131f5d6d4bced697b4790ceae730aa5cc19a14023c87498fc7b2b8207eb23ae80f56f61e3d0c5833931a19acd3e62d5d46955069d405c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 784320c407031cce4e67ffa7fac55ddc |
| SHA1 | 1c865a28d9cec084198b6917c9eed651c27f41aa |
| SHA256 | 6b2c9a47bbb7adcfd87a2ab5205ab54dd9e1f2982f9201ca1e3603275fb08005 |
| SHA512 | 0cc22b66a80fd71694c04d7b8978de048ada1e302071dab2d29fea5290b50f37d8e75fad7df7226ba6211f929e24b6c008eb811697f0c1cd0a039e3eb83ad11d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d9afcdc7ea2d16d13f6c4697075b6056 |
| SHA1 | f3b69ea1644dd940710249eab77793648053f35a |
| SHA256 | 250b9f31e81061e679b24d6690447faf9832bd218adf3c3727cb6c28a6e7300f |
| SHA512 | 0c95249921b8f8434e6790676e48bd80868830ad065999cd632132294394e7ca871dc4725d62f00c88e87bd85a83a9537cd2ec0a717ec87f8c1a9c3ed7420051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a0cbc732540dabadcc4e83e2aa86f97 |
| SHA1 | 93598733fb8fdf492f0f6730c79786a8586c64fb |
| SHA256 | c0e9be6d52a6db5b2e7162bcb4e89ef67d736d62524fa0d150dd8bc4e297fa33 |
| SHA512 | 6edbc6a99559ee6b7ad510157914b6f44cbadf28b85d0a28e812b6ca818814f604596a2e1293cf2b97afd24e85242f405eab60c8f748992417f0b041ce535b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 620b5edcb28975133b1b84eed3cd2336 |
| SHA1 | 9238e176d1599e97c41dd647fbfff719d791e617 |
| SHA256 | 944cb5fc08eb1e407c2a788f59e7c9fc36c4380c1966523c1f9c6f03367b8316 |
| SHA512 | 6dc78189956bd401feb1d8849396edbdfa91423b8f78324f283ba80994deb78a946b21e80d1f2dbd0776e9ea660c3a58912399a13a7a0a988502db8ab1abd4ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f587be3785c44f890ee60cd28c81c1a |
| SHA1 | bbc58cab254f7a27cacb511de0abb2ced668adff |
| SHA256 | 46c4ae4299979cbddd2f453e82adcacd0adc8a6e7ab82e721d66e528f5fcdf25 |
| SHA512 | cdec956ad1b480ebffee27728a49ff6f42b592896f959eb8d30402d4672050ab4c472a4492238099de179c640f283e98e51171fd47008d2a4501328df11b6772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5ba5fb960f735f1c3ecc6fa579ea99 |
| SHA1 | 08c297e751898abd27b799bd16ebd7b9f970ace8 |
| SHA256 | 47f8b007f0ab43419f108f31aa144edf86de78d20d52ed27441726281193adce |
| SHA512 | d8544326c976566332cb3d2544809f3b4ee35d2f3ee01aef362ae6a124b6728b6446e9ee39bf14550bccda4d1f21a41078f470fef56192f0a76da2aeef2dea97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80cc30952d9fe7641b09d5b5dac1d544 |
| SHA1 | 154257227bd540ab5cfebd79ce48f575f9af7395 |
| SHA256 | 7e162c5ba59ee446057a8ad96ef2737f9e35061dfd29d271d0a44df9d96f74db |
| SHA512 | a90340a37841860331c3049fb8b4dd73b5615d7e5f735182850a957009af37846dfafa81f7ad80a4f2bc34a9e972dd6a5a9fbaddfbc3aaec95c9d3e21f7efc7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3525d69920224bb3c5bd6f02b467f1b |
| SHA1 | 74834db6251bfdca260cc38fa7d3dba97e813457 |
| SHA256 | cc62d1c616e79f6254844e4396411e52dc62e9eab65b65358f57d1e630db191f |
| SHA512 | c15796530ece0f66d0657d13321bbc1185197395f55592b88e547a3d8d9e81881f22ebfca58e7976c3bc7b468a23234d193fcdccc4c4422244db59a95053353c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5d5b94d441685c0b673eff524c6fce1 |
| SHA1 | 6d411286e9344ca79f6ad10638cbb68f75f2591b |
| SHA256 | 4fa7ae5a4c8ee408dcbce51bcb6f6704d4bfcb52c9bbeee8f497b1048fc05cd2 |
| SHA512 | 09215e14c7daa71a07538df22e5517754b29eb33f23b9c7249911a41c94c4414410c0565c5a4692a72c128348e3dfcd1c67bbda29b514bbde93f279d1a4d3030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43269b0c0f93a917a3ef07e79d643ac4 |
| SHA1 | 56f89a6577463f4473d21a4aaae9cd966688b456 |
| SHA256 | 338b4d8f864611694661d94e59270f35653114e056b7d0b767472bc5ac7359e8 |
| SHA512 | cac80c9af8318fc142f0523506415cad561fc2f33fdd77b0abacd06e1a5ce193a6b59054ee92a00fd8f440b46059f08a2f746e6c92d29da6edcb567bacb1678f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 207a25607f9b695ce1223da4088c8300 |
| SHA1 | 4a94478c9572de3a71c96bfaf4959420f8e2ff44 |
| SHA256 | ae5c010da735def93b6dce27dc54c06da222eea3a14cbffd3020e856ee83aaf3 |
| SHA512 | 4c0afaab6aef532e9d8ef3dd25185699bc45f15e8183df387efa85bc87720772d8136bf87a90600aa387d9a7738b1d10155258826c26a983083986abdf83b168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04be89bb66eafa2b2b64663573323b81 |
| SHA1 | cb5cd2ce4b36d08eb40642e35bb7669cbaa20230 |
| SHA256 | 419ea4ed30519d306d7f5e81640cee2da6a59fd5325d54725503849344ba1c73 |
| SHA512 | 07f62ceb37d16deb3cf176115ce52e8a6a2cb3eb9c1d6420a5a6f9652d88b5c42765d9c635333d2ca59a288579aaad4cd8264676245ece814c14d9614f2a7bc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee6a5ba39b5f3972d6b701d4c481e0df |
| SHA1 | 274e32dbe52b99d3fb4a1f504d211d5140caadf8 |
| SHA256 | f76698ee7bc789ec1e88c9c53a71aca2391eaae277233a89ffdfa34ca2ad1e7b |
| SHA512 | 1d59918236ade4c34aea19a827f89b1e44c6e4bd20806ada522d2cc87cbbf25f47d34537e8cdb692b6138b021169b6b686bb1735c71495d3741779836cd34abc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp
| MD5 | c38ea50a9d1b652272fdae5db82c9404 |
| SHA1 | d7444179c921d090b4e5d954997087bc0004e69f |
| SHA256 | b5e3708f123a02f980e4e8397a055b98dceecdc754bbb67872e8bf3651541742 |
| SHA512 | b91d23e89ca310a4cc9bbfc9537880e1b0c09d0ebf28fa1514258110f3fe33493f24145430093c9d1eb6ddcac8ef25ed74eb0d0c2c8c0544c1cfe2dcf206e2f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79cfc8f2d48200e50e3fda7b33dcd6ac |
| SHA1 | 8dcb2d589a96bb0f41781b18b15ba5c13da4d46c |
| SHA256 | 223797290280fe522bd2f5bdfa565ee83709cb6bfb703bd94c335430caa0440a |
| SHA512 | be5c6ba15b6812966841397f7901ba41d02b9172599f1d578a3b23fc9c7c63292555d39a5aaae644a7265fe5ca82a6046a1dc91dae45427b19c0c361fd371982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f9323cda209c77519f58282e59e0c7 |
| SHA1 | 67d533660bf5731fdc20783740cdfdca023e89ba |
| SHA256 | ad15633639555850e913f127fcd3a68d5bfc9bee567e7941a1de38941b8c15a9 |
| SHA512 | 82edce745944f1c31a6da1003a508cb15618a8ce315118b1b4ac38ca480b118797668eed25a78e44d2828b34b83f5c0a3a58fd9b257052568c48a4bc05f9e928 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20e5abe6dd3fede542904dd1af32d9e1 |
| SHA1 | 8b213ebeebdd5b2a25722bdf352e65870f40bad9 |
| SHA256 | 1556c679c639c052ac0048d73ffd9d40d73b52c4a8f34329da0ec7866fbab34e |
| SHA512 | 5362cdc6092301ed066ae5f05a069957c91fcbfeaf4349dd6eaf39a8d8807c561321547263ffedaa64655a33955bc0d70a05f33dc960e015c31b2e198ebc4ddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a642a67b2e56f4d4a7df33c1ac0b88b3 |
| SHA1 | ab353fd7e1e64baf43056ec948fa3a35ed67edf4 |
| SHA256 | cf4971310e0c1034523ec8d182e44e35626d76101d0bf32efe10b3217f0eb60d |
| SHA512 | d143c013da3ff86a609ca70ff1039c05c26200a898642b7a1a1a4858b55a110595bfe88b87206bace9438afba0a9847be0472cd974bdcbfa3031127b1233c1f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 406febfbb8ef2ae8643d5d7ab07bcbe4 |
| SHA1 | 7eff5bc5301384b7478ac4c47b58d286d1d063a4 |
| SHA256 | 264fc90791662e168b46dd7dbda8ff6423e5acc5e74f84c490957cad091fcc7b |
| SHA512 | e5869be10b1ee83360baafbc9bbd6a7f3ee7d0f13b8a6bcd9f914d7ad2f0d3195aa8ac0f5b2a06a84fa483f4a321fcc564b49f2073c5a71a175555c650df6af2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08a4183eb651d926deff036cead91adc |
| SHA1 | a072b247936c1390c962cd643a46db6765856f66 |
| SHA256 | 95f902e6030c92757e8f30cccec3a2f07409a9ba2f83231391b189c604bd6a05 |
| SHA512 | 4bf8f38354efb8343797a9865f0c9d17136c8be74e5a467042d516d43a23cb29ccbefc7744287d394069dc0822b521c1f3e326200b43a17d1244c191d098314d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1LMHRUFL\www.ynet.co[1].xml
| MD5 | b5c92c186122a944772a03dc0b2f6d01 |
| SHA1 | 8d124cf5bdf9d614f8c7ff324322f40bc5dfd87e |
| SHA256 | c679056b007637425a44703257904fafbf8ef1d599f500b45f429c8740699616 |
| SHA512 | 777a432d4083dfebc891f9f7a5a192c79338df213339cf7b76c9e02db32bfb623aed8de34905d1c17cfc3b267f5a93d7ebeb5976928cfd8acdb03d4b6647ccd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0b70610066c356a5f006c8702286fe1 |
| SHA1 | cd359c63a5f8c1ce066a69a1d86b64460f3fb7fc |
| SHA256 | abfa1f0d4fc590f948fb1b3a450e55171b0e6c2c6bc791e4c7dba0a9c13e7853 |
| SHA512 | bd90b50ccacf2019936f3328ef47d8557d312e7a735e54c51671794f560751cf8674ce4e673e13ee78d7c6619737f24b820f16c5098ab101990dc325e48ba4a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b549945915d808f7b983309fa3df5fb3 |
| SHA1 | 5cf4150e05a8b478e0be7d700b3b94ddff0b77d5 |
| SHA256 | 09280cc547795b4345b1c177f04319c623c409967fe1b396144b524710d157d6 |
| SHA512 | 371046918b43f19607931926378b55a585b6dd74ec3313d4da3983aaa389c38addee8ff87014bc1d5f8fdaa6b825016847d3fd54d86addb482c3d9c344177745 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31572ec39eb0a47cac065be8c14d3172 |
| SHA1 | b97a4933e4814be130dd1c8d9e64da771c61ef64 |
| SHA256 | dca918ee1bc1c55413bb29525215de41813a4c855922824399cd2c53e82d122b |
| SHA512 | 3b6ea8809e73f982531ebfe04d1763158e9748ae15f8ce8355f267c50f5404887cf703510c7ba15b83b6b1ad9b3283cc5fc0a7c25b078b0e74f02455c485e5bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6856c8dc091c66c9226aee9d414d97f |
| SHA1 | 6af753cfd366782b08ab7a5f8e032a189b6e510f |
| SHA256 | 8d53c60eac97d8b9fad1c3a321739bfc8c485937ecd245fcb396c4aadb97edc8 |
| SHA512 | 5bd68f273f29a443b48a6878646295928693716945c3bc2e6e88e588f8071f9f43242c6141de0248ebc6652d9bcd776385af40b9aa5d3cf9c86c9db78e45421e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 760455c7a89e658719447e8bd2f35095 |
| SHA1 | b1d845a4809cc4e2cbece0dc11834b06b467c814 |
| SHA256 | e656aa25955e4674cdedabc18fe107bacbdeb097f8e642205e3e2bfada9b117b |
| SHA512 | 3bcc050fc4306d535a8f6089e1743e613543216185177fc1aa9467e44036122d279fe0362ff806b6027fc3fb2f3cd5c13d2630c4de4cc13b099e600de37cbd1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4387f0d5fc99dd458396f532bfd0c048 |
| SHA1 | 42268ce38428e4103dce9c89a61f451622f6f9f2 |
| SHA256 | 93ba9ef84cfd145036a99622f94696d7e847ec10fd2cabf15e156dc45a064ba9 |
| SHA512 | cc65ec20141df192207668e620f77443cc3f4d3cbd1bf9428fef09f99565a341ddd1162477422f9da2b9c669113cb09d2a245e253e8be723477f0977a8bc3005 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1LMHRUFL\www.ynet.co[1].xml
| MD5 | a290a04673437b09897cccb46045567b |
| SHA1 | a67744eb33e43f6c55a686f1914d9a5e4f2d77da |
| SHA256 | 9a545c62f600cac9de23c800a535d3bb48ea0acfcf36be549fdadd304a45a5a7 |
| SHA512 | de6dd2728f5b61596a03612402da024b69be7e589e941286486bd259397623784ec5207e99fddf0e1e42b6db5bdb5b3d0d7df201c4a511c3de00f7f084b656c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4591af713f42e0c7ec1748b019425756 |
| SHA1 | cd792d68ad777f97f01106a43011ab05871257ec |
| SHA256 | a1ecc598daabde156f333215363622df7ee8a7eef3675fc9c476c30212c6545b |
| SHA512 | b7e76fec48dd309022d7a96dc362a5c2d4a2f99161e87add12b1db2458c49e0b26fdf409f952d7db375b871d1e22b6099cb8f59029c9a087f3df95dc7e85fa7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | b38f1edbebd16e757878b490843de552 |
| SHA1 | e721d65f279d8b6cebc9996eef2df5cf21afe48d |
| SHA256 | f955219c02e525addfd3ff813b360b8e6439efa39818f5c56d9b69c3d3c8fc20 |
| SHA512 | b0e588afd8e3b3083a9aa183dcf4775de38521452fe0a843c42dab61c520cc0188ed386c8d5cea7cb6f07f6b6ffec250ebd9de145119dab3aea213f32c974525 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e48c3552eb7bb3881665e8855de0063 |
| SHA1 | 01f066643c424b137ec9486a5205d5122e392331 |
| SHA256 | 1703494ce7c07c97d9fd288611864f3469d3f3e2fa4e7f756e9d3509ecbaab06 |
| SHA512 | 9e623ac85c67d4568c163cd015e21c4cf696c72a68969cfea8a3680ac140c00c96638d58ddd53743e6dae485272f1c40e8c7b61b8e0f56c58c8ee53fe9a3fd0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 838c21c6ad2ea008e17404957d1a795b |
| SHA1 | b8096c24ac613417b07629f68d813fc1056c7b1d |
| SHA256 | 21407b4baa88462b7aee8053f8d90c2c9d5881a2b94557cf971721e4589c5840 |
| SHA512 | cdba01165bb6b7fcf17b352f969751bbc51fe7439e91169a7e73fb61d678a573f849d89f2bd88283e02b37d861c6839891fac8ba87d2a18e90193de7bdd4cc86 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1LMHRUFL\www.ynet.co[1].xml
| MD5 | 853d77219c5dcc5204ecec33c89ecffa |
| SHA1 | 16e58e21e841b91aa70d0274a5d3236c73f91196 |
| SHA256 | 5c8ffcdf354d01960a740794fe644b35700931cba14e3325a7049b5a383766b5 |
| SHA512 | 24908e8d68322178772d7e3c3000fc57af318927204756ee51b260d2afbd893a2759d50fe2bef06b2026f64184d681544d9e3f30025990a67d63c224627b59e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f20d76bf27741290d736c545398d9149 |
| SHA1 | c1d0aee086ae56082aa534799110f46a8a50e5bb |
| SHA256 | 4896ddd679aa4be93e9ad211ff3ed981427bf2971cb3a231d20ee796bb93d999 |
| SHA512 | 3930919f4fcadea31ccd4c05dddc009e255835d64d660f9175d3a41a759fcbb0bd59450fb8c8f668f616ce243dadf7612f31739e56279aecf31202d39231f875 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc1025c5a597f13fb49786853267b6d |
| SHA1 | e6240c62312d73c7fcee20f7fb8fcd9e7cb34afb |
| SHA256 | fb7ef9d36a2e6b2e70fd8ecf00c7abb7ac40e7988bc5516fc1b7414ad6c37e61 |
| SHA512 | 41ac9714ab56f77f81460c249be93fccc772e7b2d628f6f3113ddcf3b9b4d4f0d0b053195bb2a4f8b44baf390027c1463f529df59dbbe42e9da954bd3c413a72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8
| MD5 | 0de4b1e877cd28f29237595c0e9bcaff |
| SHA1 | 05e55e976ea7ba88d8e9ee08c425bcb1de86afb4 |
| SHA256 | 2d95f56e9d83aa94e5994a64dcf7545cccc47fc5c4f5e32693a854bbbaab4e97 |
| SHA512 | fbcc57a8bacbf1bd8235fcfe441cffeae75a00890d923ed6f2d4593605f9dae5ad88fcdce327079d319f6cd351dd79f3b153f43b891f0caa90404963ddd10b6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7a8874260e4b3ca6065cb6db532c58e |
| SHA1 | 4b875f0c224977a683c759674295cd8b77c70e6c |
| SHA256 | 675c7b311a24c5b5eb557083607921a9b7a4fab30e7c9f3f0ee8ee6f537f3a41 |
| SHA512 | 9d3e223dcc58f0529fcba190507062d540fc4781c660a546cb2fb32d55d442d1f4f822b1c0a0a38fb9b4adc8441f51cdb8a8935177e6935200adfc4af7f4b688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c57b90fbbfdf3c2ff62654ecc32cf80a |
| SHA1 | 7da272357bb88feeca72574881deaced187e08f2 |
| SHA256 | 4af7ba0032639913050e7229ea8f64a9ff37d4444133639bb2539a8930263b6d |
| SHA512 | 0f99ce5e3305515b529449e72f509265977c2fc52d97ee2eec06d0d31455c27665b232472c8a0382a19c031a612b1fb480d3b1cd0e81f857d1e7359b5cff003b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b949145f3e20638e947d2bee80c21da3 |
| SHA1 | 8aca88059ea92b237fa153a658b3339bd5e6fd4f |
| SHA256 | 14c9723dbdbfea1c4a5b2ea74b0a6fee3285f16f836441c8a1da68d7638869a2 |
| SHA512 | 3dd637ceeefb4f00e9e7671307008e6508714fa1d6206fa54a7a321fbc4c6e8d99ef89b60a2ff2f2427add2f785199141be150f1b54d7a7bcc37cff138f24045 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5500d057cf3b20eab5c66bf47057984 |
| SHA1 | 4167e4f60fec930e07ffc5bf72ddd273412909e2 |
| SHA256 | e079fbca15266aa1c7786e5c5cd6899bc44b6ded93e0b40f5345e2484c15c19a |
| SHA512 | 8d74649ab88c580f1253d8692c63c5e3f26f6e4995007db57811d080c5ac0bbe89fb4b52799f32e7fc9ea79ea1cb3bc4782a9cdb1ce1b2bb919fc722d48901d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a492ae09e1546b94822f23fabdd68f90 |
| SHA1 | 10a0c7552fa46f7b64064f9de0fa7c45c30b298c |
| SHA256 | 02af7660a15cbd248d0c2646454e8ea778012c81acf232df9d1109557a14a91c |
| SHA512 | 2e39d95b696fcfd055021c8ee7520c76b813b7342dfd88c93f7e71a974c67a116ed3f5eddba03667e1fb3f345c577665a8afee229dbcbe385b3e2d25d5dd0830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b707fd492fb559fa53d278f1e48e0ce |
| SHA1 | 9166164bc208e311abcab525370f1adcbc0e0da4 |
| SHA256 | f7a1de4ce023ac22d5da84beeca3583cfe6337a328aa96f7cc1a63b797eaed31 |
| SHA512 | cd19328f35ea079ffb8c26e003547168efec8188c4a2db1d6dcb4ba013bed70d13d14b6e1c5ea93240e62552b4783f545a988c1748c4c8085b710b238026a8db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b07f3577582920a64487b5bf1d9949 |
| SHA1 | 40c0f0d019e7e327e8895c902ee02133afef952f |
| SHA256 | 875df9f46a705e6a5a5472a6c4ac108cd7735f7d4b746204fc905079f19fc4e0 |
| SHA512 | 437000da6d38a979e7886d77f873a92e677c6c9c5be5c5c709bf3ac11c0c0b2853642fe511abe9d442226b300148f263658df78b63a8c3e65b8fd2fc675b937d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15112455dd77c1ce56ad9fb99cb40222 |
| SHA1 | 03253894e08a5887e1d8306e2e48a3ec2ff5fc8a |
| SHA256 | 4ab0bd88a2874d71fd629fba3161f58a7624f285184fda70dad41c1678143f68 |
| SHA512 | 991d7611b6a5d0dfc9127c038a4757b5cba1df97c4a193f9524ee119c146b693209a69cc355dbf62d856d89405f7aa2b756e3c3d8252929d278424e51d85b13c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dec927b89b57444110fc3cf7b83b3708 |
| SHA1 | ab91d48a3964fea33b956102e2c2ac2321e3cc4c |
| SHA256 | 507e3246438ab4446569155b185e8b71a0ee37bce8a7e503fa13c0457976b2f3 |
| SHA512 | 3682de1935c810781292a3dad4601e5f478c2809198d1d052f22adaa5529fa8bf66980638b6fe4c26b2ad09f30894f1f9f43d94b7a6d232bdbc689140281fdc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d626fd651e053830b2721ca475133336 |
| SHA1 | 52da5cb3f3a14f0a115940949fff719752bdd6b2 |
| SHA256 | 9997828eee29d50531348bda1eed39d4b88fbcbc61274da13f3e7960235f3ce1 |
| SHA512 | 8ee9644fd3feb3ee7df26cf4009f025f94bc3cebd1c9869058ba9c87083a2cf3165c9cacbb73d6244bcfc68827a17e55d5bb8a1688f81921d393990b937c10f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047bc368fadd6bd156597e85f92246a2 |
| SHA1 | 6d644266963b5047a3c5b0416096d2c4bc283f1b |
| SHA256 | fce47c4f25c9d82bb443f9571af3f8b81a85e22721c33c6812f098529cb5668d |
| SHA512 | 2401613ad5f115dd3310b3684bb882b2867e581bf0ee45ee2fcfef378b8029679e2f348573eb76727c358fe3a9376cfa532f9f478e721eb076006649e43eefb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8094782da4544ec4a63347750559cf25 |
| SHA1 | d8bcb87e25b1d45ebf5cfd470fd97731591b2ee7 |
| SHA256 | af7d23583f9e3cd7923ee356f88d51c274c13041e86a03ca018504f24250ed60 |
| SHA512 | 9261e11433fcc1b9e220d8db42db5ca1e06a38b0ef5f9bf17e861fed7d1a1d7e977df1f65f8ce87b8d3767039b1946612527186ae50b9d83cc231c293e7e4914 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bb185aebb7e9b2704ef72b10596dbdf |
| SHA1 | 0399d2545bd2658665e0391051011c2cca2db7b0 |
| SHA256 | f5c8a5b9d386e4a4dd446ba40c5f83b6027eb18fb9826e04753fc36cb134d136 |
| SHA512 | fbe3965c505d2755c784a3b7d89102f0b8a27dd33fc6960217f3f5ecc06de437319d95b15d39b09640a5eb209c9eadd429ce1ea095d39f0c7414b1963f930d1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d63c17da7848afd20343e5d88a01fc05 |
| SHA1 | 581a8971029837adae0b792e749588c9897b0f21 |
| SHA256 | 688de740557ecce0d498ec220e531652ce9c6f33f3a61cb445cbf451fdb11377 |
| SHA512 | 68927285a7d968e7a69e2e63f9c4f54e8841565283c92eff283687b067f05ba7f1f5ef5cfa04d1b18097ed987098ebd938a6693788feec101fa24332e3eb4e40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd8bea8e67636bf28c0918227315819 |
| SHA1 | b7e90fd01d8f8a1edec12455e1d81257cd671a29 |
| SHA256 | 2c81ed99cc18cf8e6d0c1733991accf39cdb45bbf9a16ddb43409a8ebfa4fcba |
| SHA512 | 691faec0c45191390e5b298fe8d0fdb30afe288a65777ed9021c38f43507974dd2ab0314a7ba87e9848b1148f518e2f75cefcd2c1388f89605ce1d98fcae8314 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d2c38ca69b1688b840d60cfd27d4107 |
| SHA1 | eb61952d7428afafd842a10a1815ee2ae54265d6 |
| SHA256 | 7b00e9e11ba17f4b0769701b8320240ff3cf2713335d02aa088c2ef062fa31fa |
| SHA512 | 81903d5d94d6c823ecf583dbe98b0c7569bc48afb8859604a3548af17a9ad5763cba6c6256f6015bcb1baa3f9727a3fad1c77a26d66e4716c93903804e897950 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\favicon_1[1].ico
| MD5 | aa8b619b8e59f1ee68257102a5057404 |
| SHA1 | 04c442f5f1560d1517cb98e7648ab6668dafb407 |
| SHA256 | d5411b56d41f9150247c86b997eb793aeb160f730481d6ed5278dbce73976750 |
| SHA512 | f08b4b913bdf229df02482d0dfa1cc4e935f2af6fe62043793124d49d804fd8c4437fdb6b443e87ac14eaeb2e00d6de4ad2c6c5a1dfec39756411219a67c152e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00ef6d3b7944d5da50d246bc6e80d7b0 |
| SHA1 | f001ca31620213291539261d66a28111ef95607b |
| SHA256 | 637c8e3f648ec022f41550d17890bc973b8f59711211284fd7308ce9673a1c9f |
| SHA512 | 7957d61d9daf37f82cfdc9846268b297f203b1792c85a03e89c9075ec2d4e99000aad8f377f9c8b46f21a40d7944dcbc0909251b769cba8be5645ad73ab51ebb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31edca7b090614712eae64bbb9dd6983 |
| SHA1 | 25cb9ee21a873daa7c133ea0bee03a348ec023b1 |
| SHA256 | 6d34dae1adc66f96c6a0683c3952b73378ed0ea12e87312bb97f27712a26e585 |
| SHA512 | fa7e7cfa5351d356b8e6f38eceac0b0f0e374af9a3773d5df7885ba368c327bd99c84f8ca8c739f938999e7be2e106d6a152903df05c905d714738f1b6c4c2bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0bf517b1f2e0fdced52ac7d64c867ff |
| SHA1 | c1b368bd60c268af1bb17bf6c5ecf0005c8b880f |
| SHA256 | 2c962eba52da811cd2c3fda9f0b8544933f34ab0a56891222359770e1449356e |
| SHA512 | 5ec4a9d22a921eab293ae0d264e9604b53432b68b5678a6105feb0c7598d2b124241900ce217cc89b5b86c61d83c6186e2ee603eedd341bac44a8ec2c69bb3e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b55426c41c46f28467e6df962eeb00d |
| SHA1 | c547b7058a5f5caa293ace7e5f939c8da378b748 |
| SHA256 | 702ef6820e8af2ef053682fa503aeef80b2660502595c158561466eacd113bd8 |
| SHA512 | 1bd402f0207911a0a58e9c5fcc53eea01938b8d6a1818144923c62f0ef4be0ebb567a63631feb6fe8d39a094f13ebd96a05451a7171c9a9d476a80bcd2f66fb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9f2a32df72bfdab162d6ad96fc6186 |
| SHA1 | 8e9448d59f6c6c970f2d816914f4976be60fb23c |
| SHA256 | fce808a76446ec0c74ec48a4fc13a5eb7d99629bda41e2247d4c8473143d2269 |
| SHA512 | 765297467923c7f56c4052b060f12b61a88645f8759a54d6b6af0a200eef84ea14894c789575aa8e35ead57839919f82069a4a3fa35d24aec645be7efd4391b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20e8b99069f9c28c97b50ee0e32b8397 |
| SHA1 | b113f3bec9dcfe99e30ffc090a4612b8849eae70 |
| SHA256 | 7ed560d1f0bfa5e607dbdac8a6343aaf41912b9a10582bda14e5c261377f46be |
| SHA512 | 80effa703ef0b90c44364ee25d0837b8a4c132712a1debdff6ee1504c55180f35f8daf4dab44a3ce7b8ede7006aaef6b0a08c48ca0d78b635f8e8d81704b682e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abea1a44ea52123a5edb5e8bdb16d4a1 |
| SHA1 | b3601117f08913a6b8652fdd4471d3609acfff7d |
| SHA256 | 1d12722bf9dde8d00c8d8c8ac503a89136b7e0dd60bd59cd5e61b42071e0c1c3 |
| SHA512 | c63b4fbdcebed8ebc7c04b875c6df01fae738ca07571d19e2f2bd15814c12379de94018e37515f418370a8e01039c72015271e5d3037f7edbc7628205807e877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03d8158ba51e2b04989b1fe72ce473fe |
| SHA1 | 281c809fc885cb811f33ad82960af26b63a3b26e |
| SHA256 | bb99ac7433b89f4c240da666135d1e0dbb39d0aa8cd04e6fdbd8ab4a122ce5c8 |
| SHA512 | 3ccbdee26417658100106c754f215c9f6f5f6024b58206a7ae4f8324e0fbdd101ef6f865d2532aea300c622702bf3855c94826d5e4528131fb8dd4c34f077bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7ab7ff0ef43cafcce89ab649d2e01e6 |
| SHA1 | 8a7ac644bc84972623cc5127d46311c4b114b048 |
| SHA256 | 18d0f0f3a4cf5c26fdbc7e7727ae845e7f82f8b2786b8c42806e0d6054084ead |
| SHA512 | 21341843192e76650fff1c1486526cf444237b7e50c14d1d4312f88db21e08e2708788927637d71197cc22cc5c4b778238d52384516314f1f20e2f421ceab41d |
C:\Users\Admin\AppData\Local\Smartbar\Smartbar.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.556\zl1oqn5c.newcfg
| MD5 | 9a2cf561bba09bf7994f7e43a1773e10 |
| SHA1 | a493dec2f6e09ba989808d07667289430a459324 |
| SHA256 | b1b2ff36422a873dcf773cab24bcc6d36214509791514507165888f4e7037b04 |
| SHA512 | 9214a0d31c2c00acbcafe8b928b882d7a772395200eb4db21c3697c86af1c32508677027461e57390ac05c26a25e846f9be72a85cd542d97bef537e4bf373791 |
C:\Users\Admin\AppData\Local\Smartbar\Smartbar.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.556\user.config
| MD5 | 4d30935c3599295fbbb5f8a76c28429b |
| SHA1 | 69a3d871bc28c700872186cb014eb6774d49ca5d |
| SHA256 | 71271f0df306df3169946128b80c4402c23082354b93757313f80f63b5ee00b0 |
| SHA512 | 4d9d45a2bf177a30c92480ca962d99ca9443b83b7f1bf2564ed6f58c32663e42a53e4406185ae8df8ae8259766675a7e596db1f7869cbb2b3a794d3dba2fb5da |
C:\Users\Admin\AppData\Local\Smartbar\Smartbar.exe_StrongName_vuedtbpoockmp1sq45awfxuouevabx0i\1.6.1.556\s6c_uokd.newcfg
| MD5 | 1789246fbb3bbab5acb485ebf57ae6b8 |
| SHA1 | 7e8eba143010e774f62485a53855bd8b34212063 |
| SHA256 | aa2afcc61c82169604c0e002d0bfc5ce1458e476acb5349245c123df40540aa2 |
| SHA512 | 7200289f3694f1e4bac8a95363f13796491509f525951fabd8512822dd9574c0948822ac5f642f01e950363eac246e3a5c0f81e5989c1bb6953a6e5c1c47f79a |
memory/2896-6749-0x000000000D060000-0x000000000D062000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1LMHRUFL\www.ynet.co[1].xml
| MD5 | e4b31369d1756e86910d408b3344c977 |
| SHA1 | 34217aa5730344be60d983a7c50d2957de8881a0 |
| SHA256 | 646e663208b82779ad526bc66250b1a90a10e1e64341332b71f398318ec1b890 |
| SHA512 | feef211e5188394c49543bc904a9ebc1bad21d0fb95e8c72ce3ec67b8a83b03b465db11ef5b7a9300b901e12cb26774ce2babf4ccad14855b95c7987755b200c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 995c7bd3a6cad4694c85a47f6acf8d91 |
| SHA1 | 91ff7260515f7ee1e1e4088852bac2e01549fd1f |
| SHA256 | bfd03222b884f5d8363c576ac7653b45f7a84d28c307428b2ff09cc569fcad80 |
| SHA512 | 46d1e0c0be0429ddfa89fb5badeed058968a16f24725eb2b9de7f32440426dc470a7d5de547022a189c4dc5110d28e7836e509be964e1d8258752c32437bf471 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b2e38a289ad9c30f73a102e060ab84c |
| SHA1 | c7393e205c8043185f1c37658cec944dd15d9d0f |
| SHA256 | 6a8f73db3ced9ad19b9d6579d532bed3aa913b6958f5f98b74764de54569523d |
| SHA512 | c89d444edf3480836e89e816189f65dfcf2490f2a601d44a98f6e61dcc289f8a1ed86c466a8199229ba85ab0e1b78ea3a38fc29c3c4ad93b57f5e27ca2f5649a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5cc0ffd3c1eb9f87d14bddbab3077f6d |
| SHA1 | 4fbd37c8c9aa44e9ef4641823e55317e06479e20 |
| SHA256 | dd63fc6d8011bc448dd4727a26dbd72a703da1b8b7b64d9f2cbcd60454c593bf |
| SHA512 | 027cdf2a458fce23be75c3152246634dcee096fcf5e6e70b12eb0147681f543bbbd3ee975f1d472d5b1154be60cc70f18d01c977516ace229a763347bc634a46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2115c6e56f68d44470436948ef2c044 |
| SHA1 | a5c1f524e18160fe1d45b7160b3e701491fcdf48 |
| SHA256 | cef8ced8d2b71b615b3250a105940e8e2e4d7367fb47210e8400754d5c3bb30c |
| SHA512 | f5775b8c229167ce7ba2507983f307e6eb26b9af4f91d41e737239dc47ade5fe48dabdecc342c8ec4b156d568f18b392591c4b47a22389914db6ef861d688361 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d28073c00a6b042fabd764e47e4f970 |
| SHA1 | 581c5c2861ca291f7db02251effe824ba3bf8d46 |
| SHA256 | 88c54966812ac8d36cbe0f08794d86c770d664b2b18524faa899c7952793e066 |
| SHA512 | e2833ec9b944e0ed00bfc34353e42dd7d624bdcc9697e5d67c3c9bccd7d7ba0f21173e6a5cb02892cd57af15875a17d24f30e39be8ffb5631f6faa52497f67dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 659ab6f07fb0e82ad9972637fda14803 |
| SHA1 | 4f41b362246c0245ada7c2ce99db18d6075ea3a5 |
| SHA256 | ae94a50db63173722ac1eb397aa2d988b904ec8dc9c62d5768a77238c029e660 |
| SHA512 | 79e6895af7816d18c3c067cbad64dbc0486a94d59f14811b26ee832b7d6b74ece1f25de0937880da76715313f1731e893054059d8335f22a977a33bba3829dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e8f23ce90c94a16c973b50d03a5f4b8 |
| SHA1 | 5d397b75cd501a6c9a124063e8bc6b643941dab4 |
| SHA256 | c3497af21f6400e2abcef96565e5a228b74bc094f3cf22e5f0041c38713afeda |
| SHA512 | 55c6e95b80ee255965358dbfaac5c10974e9f140231121b23b8cf7be5d9d959ac4fe03c09c78a61850d0e8be8f79f5635f231c103182c171abe79dc5ce69f63b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59c8e7af46213a2680eb3d7f9fc98523 |
| SHA1 | ab25d1a07c39ad0717cbce6b60b245909d59770d |
| SHA256 | 6be71f036657d7e89697f82c5f7a87827f0a65936394da12d2d043dd95ff0815 |
| SHA512 | 7bef30299f1219b2fed914601d35e8fda8af96965367cc11dce9e1b7613477f162723964600af2444340712b239fac1b8d4e814abe88a175d5e0d54e6b071811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0dc54c619108ed600b8785eccebefa69 |
| SHA1 | c3bc14c0cd6b681abd4fb5bd5b9876cd7cecbe56 |
| SHA256 | fea6357be10d9759fc6f7d84de536eaa3b44821238664d99dd54b61036c572e2 |
| SHA512 | 6f7b8e9b905af50f33d5b5386c0aab053e5de386e6d5e68d8ac4347a5533b0651a48a742c93b5405012bc0056487c449d2131261fe43a60f912c5f4f6c6c53dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 404ee50b7bd307d62cb191e33bb761a5 |
| SHA1 | 8160d5800db75e76ceaa2842999651da4da0ee78 |
| SHA256 | 5e9817cfb0a0ea305e3c739a7ae7d98bbc96f7ea5deda69ada1b5c7ff460db2e |
| SHA512 | 2595d6851928ab7c94c14fb8f615720974d41c5ab401c3f7f3da00bf306a7de6d721a3984aec43b98420f2de13688262253d374388bd447aee96d28a0e3b66af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2f6fd3a262c29b9c6a4815156cfaae3 |
| SHA1 | 25ac39d781d16d31a28d7213af4b801a8ad35cde |
| SHA256 | 649e13625c63c8267db87c1cd606b4ca15c0012473ea19f80a76f3428ddd291c |
| SHA512 | ac9ddfa964c5cc378de0ac006f9ad324559a2c9ee5470ab7c6cbce4410ca0858c9b8d230eb035c4fd5415e0f026b8e765219e2645b63a3c2173e11284116776b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88a1590b98445a7848e39a645cd76f73 |
| SHA1 | c1b82c9df43ac567717ecb726444e54aaec159e1 |
| SHA256 | 196f622e482402a5b93badd7e8d78837dbce0e2aa4b18d951fbb29bf9a2fd9ca |
| SHA512 | b3a7ec715ae8d0bffd0e59eb550500ced438a5378509368a6c11f8534b60193bceedbe6991b6fec5a21b3e4be6c801200d2f1b099d49941b49e5b86e342c254e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-30 11:29
Reported
2024-04-30 11:32
Platform
win10v2004-20240419-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F491-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FECEAAA3-8405-11CF-8BA1-00AA00476DA6}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLHistoryClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F80E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F630-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2E4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLStyleSheetClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2C6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F80E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7F1-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27C-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D48A6EC6-6A4A-11CF-94A7-444553540000}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4FC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTCDefaultDispatchClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2AC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F284-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2E4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F26A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F26A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLDDElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\InprocServer32\ThreadingModel = "Both" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7F1-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F270-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3FE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F2AC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F80E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLDOMImplementationClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F580-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4B8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F37F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLStyleSheetsCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F269-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLUListElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4CC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7EF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLLabelElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3FF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.CPluginsClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\Assembly = "SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\InprocServer32\1.0.0.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F273-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4CB-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F279-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLNextIdElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTCPropertyBehaviorClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5DD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTCDescBehaviorClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLStyleSheetRulesCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F276-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3D0-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLRuleStyleClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3DC-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\1.0.0.0\Assembly = "SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F284-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F268-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\Assembly = "SmartbarInternetExplorerExtension, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerBHO.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F3CD-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLHeaderElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F251-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{163BB1E1-6E00-11CF-837A-48DC04C10000}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F38F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F252-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLHRElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Browser Infrastructure Helper = "C:\\Users\\Admin\\AppData\\Local\\Smartbar\\Application\\Smartbar.exe startup" | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}\NoExplorer = "1" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}\NoExplorer = "1" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\tmp\BBOHUJHK\Interop.IWshRuntimeLibrary.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.LanguageSettings.resources.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\RegAsm.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA384.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.ProductUninstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e579b17.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\RegAsm.exe | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Microsoft.Practices.EnterpriseLibrary.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Installer.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.LanguageSettings.resources.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Practices.ObjectBuilder.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Practices.EnterpriseLibrary.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\VLKXDRPP\System.Data.SQLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Infrastructure.Utilities.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Microsoft.Practices.ObjectBuilder.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\GACLock.dat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Infrastructure.Utilities.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Installer.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Personalization.Common.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Deployment.WindowsInstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.SetBrowsersSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Infrastructure.Utilities.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.ProductUninstaller.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.Translations.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.UninstallerForm.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Smartbar.Resources.ProcessDownMonitor.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\assembly\tmp\4UBBP24W\Microsoft.VisualStudio.OLE.Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Microsoft.Practices.EnterpriseLibrary.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\e579b17.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.LanguageSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA395.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.BrowserHelperUtils.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAED1.tmp-\Smartbar.Resources.ProcessDownMonitor.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.LanguageSettings.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{978D004E-4180-440E-B657-E1BB5694C950} | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\Default = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\DisplayName = "Web Search" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURL_JSON = "http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Smartbar.exe = "9999" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{006ee092-9658-4fd6-bd8e-a21a348e59f5}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURL_JSON = "http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\MAO Settings\AddonLoadTimeThreshold = "10000" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\SearchUrl | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} = "Smartbar" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Use Search Asst = "yes" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Search\Default_Search_URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Software\Microsoft\Internet Explorer\SearchUrl | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} = "Smartbar" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\UseHomepageForNewTab = "1" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\URL = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchUrl\Default = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{006ee092-9658-4fd6-bd8e-a21a348e59f5}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Software\Microsoft\Internet Explorer\Search | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\DisplayName = "Web Search" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\ShowTabsWelcome = "0" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Software\Microsoft\Internet Explorer\MAO Settings | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}" | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://linkurytest-feedrouter-westeurope.cloudapp.net/?publisher=LinkuryTest&dpid=LinkuryTest&co=TJ&userid=0eed6503-eef8-4be2-891a-c9b8324f0ad2&affid={affid}&searchtype=hp&babsrc=lnkry_nt" | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F28A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F7EF-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F493-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\InprocServer32\ = "mscoree.dll" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{35F0ED97-3328-3F26-958A-A8E5FAB21405}\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{2E0ED74B-B69A-3F95-9FD8-66006DB3972C}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{ADCDA984-74EE-399A-B8C7-F16E1D96115F}\7.0.3300.0\Class = "mshtml._HTML_PAINTER_INFO" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F2C4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B105EDC3-7FEE-32E9-BCB5-B7D3314D03E0}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F4B2-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ = "LinkuryTest Smartbar" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F38D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F580-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLUrnCollectionClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F2E4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A8317D46-03CB-4975-AE94-85E9F2E1D020}\1.1.0.0\RuntimeVersion = "v2.0.50727" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E107CA26-9F34-3EA3-A2F9-C8844CC4DE75}\7.0.3300.0\Class = "mshtml._styleFontWeight" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{80A94470-9C4F-3A47-AE2F-E6BEDB44F52A}\7.0.3300.0\Class = "mshtml._stylePageBreak" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{17EC906B-6004-331A-8325-B4422D1ED446}\7.0.3300.0\Class = "mshtml._styleLayoutGridMode" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F6AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLRenderStyleClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F32B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FECEAAA6-8405-11CF-8BA1-00AA00476DA6}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{3FB5C8C6-11BF-32E3-9F5E-6F95AFA8D553}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F5DE-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTCPropertyBehaviorClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{47A03182-4FA3-306E-AF15-902E10310178}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{BD371A4C-17BD-3FE8-ABCE-2515081859E2}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F245-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLSelectElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F26B-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLTableClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F24E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F5EB-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\InprocServer32\1.0.0.0\CodeBase = "file:///C:/Users/Admin/AppData/Local/Smartbar/Application/SmartbarInternetExplorerExtension.DLL" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A5C76C0B-A22F-3565-BA14-863844C9570C}\7.0.3300.0\Class = "mshtml._styleLineBreak" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F277-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F28A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F276-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F31A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F3D4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F248-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLAnchorElementClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\InprocServer32\Class = "IESmartBar.IESmartBar" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F580-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F7F1-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F35D-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F5EB-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.ThreadDialogProcParamClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CA10143D-B4E8-349C-9E3E-C78AC463673D} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\InprocServer32\1.0.0.0\Assembly = "SmartbarInternetExplorerBHO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=64637c62d0471340" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F24A-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F269-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLUListElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F7F6-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F2B4-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLInputButtonElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{78C1BD14-4E05-34D5-90D8-E821FB657DEC}\7.0.3300.0\Class = "mshtml._styleWordWrap" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F5AA-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.DOMChildrenCollectionClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\Implemented Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F27F-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{F172639F-F18B-3756-8450-06866584ADEF} | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{6D55083F-D6FF-3028-A8A3-95DE56BB6EDF}\7.0.3300.0\Assembly = "Microsoft.mshtml, Version=7.0.3300.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3050F241-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{31C3DCFD-A426-3D6A-A085-C8EBF166715A}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F3E8-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLFieldSetElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{A982E8A8-31B6-3CB2-81AC-2C185D16EEFD}\7.0.3300.0\Class = "mshtml.__MIDL___MIDL_itf_mshtml_0250_0006" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FECEAAA3-8405-11CF-8BA1-00AA00476DA6}\InprocServer32\7.0.3300.0\Class = "mshtml.HTMLHistoryClass" | C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F24E-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\Class = "mshtml.HTMLObjectElementClass" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F280-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{DD05F906-C219-3916-B377-597EA9E255C2}\7.0.3300.0\RuntimeVersion = "v1.0.3705" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-30_a513b78dbeb8812f596aeb483ee18fff_mafia.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msiexec.exe
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi /quiet
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 46C158A98109F82C495A0ADB6DCE0FEF
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI9C01.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240622750 2 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationStart
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\e_sfu0xz.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA22C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA22B.tmp"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIA395.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240624546 6 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationRemoveFiles
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSIAED1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240627421 73 Smartbar.Installer.CustomActions!Linkury.Installer.CustomActions.CustomActions.InstallationComplete
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" /codebase "C:\Users\Admin\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Microsoft.mshtml.dll"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe
"C:\windows\microsoft.net\Framework64\v2.0.50727\RegAsm.exe" "C:\Users\Admin\AppData\Local\Smartbar\Application\Interop.SHDocVw.dll"
C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe
"C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ynet.co.il/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe4a946f8,0x7fffe4a94708,0x7fffe4a94718
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\v-4kc_-f.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC7A6.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC7A5.tmp"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\7c3ulrem.cmdline"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC9E8.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCC9E7.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\lq4tl7vi.cmdline"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ieku54w7.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCB21.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCB20.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCB30.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCB2F.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\cpqadejx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCBBD.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCBBC.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\psix0ynf.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC69.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCC58.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\l0oqnrzs.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD15.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCD14.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gkgh7eqo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDB1.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCDB0.tmp"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\6gdgd8mj.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCE6D.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCE6C.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\q2h9jkvp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCF47.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCF46.tmp"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mlp0_klx.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFE4.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCFE3.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1yythvym.cmdline"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD0CE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCD0CD.tmp"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13271472420706213379,3322700476435103447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cloud-search.linkury.com | udp |
| US | 8.8.8.8:53 | linkurytest-webservices-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | linkurytest-webcomponents-westeurope.cloudapp.net | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.ntp.org | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 8.8.8.8:53 | www.ynet.co.il | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
| US | 8.8.8.8:53 | pool.ntp.org | udp |
| US | 8.8.8.8:53 | time.nist.gov | udp |
Files
C:\Users\Admin\AppData\Local\Temp\smartbar\Setter.dll
| MD5 | 8b809d7fdef6c276791186b0d97ae839 |
| SHA1 | ad1202b0578aca08feee0f6937a14ec66fc7d653 |
| SHA256 | ee7ce728fc421cd33250ad55c5ef0effa3ecc71a0f2ac3b918636dee0f5f84d1 |
| SHA512 | aef7f1eba4fc8942c67873fd48377bbcfff83aafc0f7a5a32d85df00f13ceada6c60544b57c674b4e9595e7f67ef24f5855b9ce27bdab045fb9502b349f91539 |
C:\Users\Admin\AppData\Local\Temp\smartbar\sqlite3.dll
| MD5 | fec17d5fb09a03376d3aa204c65562a7 |
| SHA1 | 2966508d76523b2c2d28713612b472e7256c66fc |
| SHA256 | 1e384af4479ba64bd2fa02b00603205c4b0a99a468cfa4cc33cdca7bac845bec |
| SHA512 | 4e250955a0b6e2a22d41cf24eecc88d3a36de1308c089d8f8ab02beed434f0ed44583f048ca2b436788b7c80ec1c7f0cd79166b3e62d040566c99aa536b9c11e |
C:\Users\Admin\AppData\Local\Temp\smartbar\HistoryWrapperService.dll
| MD5 | 0fb00dcd1887e0e1339c630137c422f4 |
| SHA1 | 40e83a2b22610e3d718dff15955cca69b54d7d2a |
| SHA256 | d9cc21c8899168bbd783d8488405af97f19a18f2402d76683fb3f08733f402c3 |
| SHA512 | 66ba4cc70217ed30f3a5c203e0515025400e03ccd605ab4151ebcaaa078a67c8e9d36d5c7ccbd1883a1a75de5bb5b5c04dff1a975d3e1c0a5cef4eccae4be4a1 |
memory/3724-19-0x0000000060900000-0x000000006094F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi
| MD5 | ab3c448a172f887a9a41a98bc37baeb6 |
| SHA1 | 4f564531b856433e34755d5f28ed91db09238fb0 |
| SHA256 | e59bd7fa9ff296101ce04bbdff361af630a4dbe5fa2020d5da11e9ecd8e490fd |
| SHA512 | 413960883fca3da12fbef69b6501a114fa9f7e9f2e420fc6bca69a8feb19b110745fb22e8709058ac187c13932efb84921e0e31d0adad99ec2f0a6b1d063e6a2 |
C:\Windows\Installer\MSI9C01.tmp
| MD5 | 50431b75630bbf6b3c245e3c675a90c7 |
| SHA1 | 3e99780baa1447056e63bdb677f4d3248e65d855 |
| SHA256 | 4bbcb65193711559141311b1bbcde46471a3836248a96b374c4316e1e0cee161 |
| SHA512 | 62377d84c8db9ef2361db6adc65efd6835405b945156e7680d6c102b4184d5a259dd61ca3822173781ec09d2f2d7784ce62bee256138b0918e01768629257050 |
C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Deployment.WindowsInstaller.dll
| MD5 | 34d4a23cab5f23c300e965aa56ad3843 |
| SHA1 | 68c62a2834f9d8c59ff395ec4ef405678d564ade |
| SHA256 | 27cf8a37f749692ab4c7a834f14b52a6e0b92102e34b85ffcb2c4ee323df6b9c |
| SHA512 | 7853f1bc1e40c67808da736e30011b3f8a5c19ddf4c6e29b3e0eb458bea2e056fe0b12023ceac7145c948a6635395e466e47bdd6f0cfa1bd7f6a840e31e4694c |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Installer.CustomActions.dll
| MD5 | 6e7e63c2978f2139fc480fa3987c2454 |
| SHA1 | 494c95837404aea3a17f558a70124350cbe0b665 |
| SHA256 | ef4fbe7fb8ea3db0a6c1d2e3ea85dbdc3b2fe9e203eb4f47f286f9686b70b0c9 |
| SHA512 | 8201f6808cebbf8054fd430605d3f792ccf30816d115cee6087b856d07abb7198a028155113ca66d39a6aaf9c8cf33a40c50e1d40a358050d70a7cac8f8ff097 |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll
| MD5 | 5828e61533ad8765e34c8bd5b2684768 |
| SHA1 | 819ca2ba6ceaac7042f0d106f9bbd5b299dea954 |
| SHA256 | 026e85591c1d8f9f6f9103ba5aa1c18ba23c28bd57e56823f4e11ac0abacd4f3 |
| SHA512 | b5fb79e30c3ca749a5478231ca3bcdfd558db9ef0d87852849b29e6554af305b4eda4f4be9b24e0fd4fa3e371d413f19b0b5f1e1f913b9e31dcb8e5b0b1442c8 |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.SetBrowsersSettings.dll
| MD5 | 68462e5ccace2103619f9501c7accf51 |
| SHA1 | 54e402eef5863227eb1128e17ccfc96bcc1b0c73 |
| SHA256 | bc31faeea673328c8624334b8d9f699a71221a570043d43f90d1f4672939e776 |
| SHA512 | 162c45d1775e0c77ec6b7c7bbf483142a020193f6f07812e4e48c1686cd791758736d75317f3c796bba30464a92f41fd95c80d8a1d176f13aa7aa6623a13066e |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.BrowserHelperUtils.dll
| MD5 | 528b6340928ec73f7d3726396e3b8607 |
| SHA1 | 36fececd456ed486e83185a39266aaa93d9a3851 |
| SHA256 | aaecb4c15e8a307714a92d2d962c12b35943058165369140abeda750fdc2bccf |
| SHA512 | 8cc45713604754832c6f70883f67996564d62e6c41f660fd3c69dd1900c50afa4360b97842c95e9a0fcb39007070549d8bbae069dedd1573511de99b33bf26ef |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Infrastructure.Utilities.dll
| MD5 | 5514445cbc6717bc543e993a27b45614 |
| SHA1 | 463fea10195dc9d95c3b185ddc0216154f138843 |
| SHA256 | 515f391b52077e9c54f0dab77b39195378b12be557af43be4d60d078a9c59c2c |
| SHA512 | 1aceac5534980905717ea30424ef3c8822cec68093ff3dbaf4ea7be52efb2db7f2869bffe5a059c401c50c852d387882233bbba6db544ed77ee81ddd2eb613b8 |
C:\Windows\Installer\MSI9C01.tmp-\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
| MD5 | 7868ed46c34a1b36bea10560f453598f |
| SHA1 | 72330dac6f8aed0b8fde9d7f58f04192a0303d6b |
| SHA256 | 5c17864f1572acec1f93cf6355cfd362c1e96236dcba790234985a3f108d8176 |
| SHA512 | 0cc913337e3334ff0653bc1fad044d9df60a8728c233dcc2c7f6139f14608740b70b57c25a9d2d895cbc4d59508779f342a72406e623d30365ae89fb2a3607ba |
C:\Windows\Installer\MSI9C01.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.XmlSerializers.dll
| MD5 | 685a150a95abcc23eff7167e45b55eee |
| SHA1 | 7f6f6e6fb67b4eb578598f423ea284e01e12da00 |
| SHA256 | 29feba57a0184ab164d6c5d0195c3b9c1f21e120a5853eee0afc6a66c5ef6a29 |
| SHA512 | f499ad24337adec2e78a6a4236877b27530d61deaf73cc09263f34c66c0ea84fbcdb057a70dd692c79e1608b69bc8945eff6ee346bb0a4efb3c8c5d4a2f8e703 |
\??\c:\Users\Admin\AppData\Local\Temp\e_sfu0xz.cmdline
| MD5 | e546e6ae42b4b4786fa021ea77edc503 |
| SHA1 | 5cbe6e463fe9f8f66e40ff1fdba49058c7c0a653 |
| SHA256 | 9a0f48304e2ab8476b08663024f785a4ecf7367e6797eae94c31a15e1b6047bc |
| SHA512 | f1bb837932c77e4d0441a0b08bed1c6cae313f8cf989819e7fc19a0ffce71191b5f84ff80edf3ee15bc07b47d7cd5f1a9ed6f008d3c9a38d9fc8b81db4fb1463 |
\??\c:\Users\Admin\AppData\Local\Temp\e_sfu0xz.0.cs
| MD5 | 80d63b882b411290f39d49cd220b9099 |
| SHA1 | c045a403ee8e63bf0f745ae71d573371cc5fd547 |
| SHA256 | 588b5a7b7054402f78db94a328401454031310687eb90aa81871d3dc029c9da2 |
| SHA512 | df6ddc155b36e3440023b3cfe7b6f86aaa8c9a525d2154fc432f4db03068e8ef0734da57fede2606e011d70392b3ae4744ce11387d23267b656eca2028a207bd |
\??\c:\Users\Admin\AppData\Local\Temp\CSCA22B.tmp
| MD5 | c69a91d8338e903c33dd770b64475cdd |
| SHA1 | 3d43390de94e7f82612b82f64fc031c6a575326e |
| SHA256 | f4bdedce26245ea4519c4ff9cbf09152a1d7e3fe9201d9e7d5dafafa0840547f |
| SHA512 | 9153f29d6f1fcca469d98f1175502285b020cd67c705e172d1d4cef994feb363c9bf8825c7044b68d055a3ccca8ffaf8059f6796d0b7e1a1c3e863956f66f8cb |
C:\Users\Admin\AppData\Local\Temp\RESA22C.tmp
| MD5 | 8736a294d7874b8c748ea60f45682ffa |
| SHA1 | c758e8c09e1563f58fdd28ea350f867e51d92600 |
| SHA256 | d87487d65506da3e8324ad597dd3aaf6731617fb5edeaf15e00e17509d4fe108 |
| SHA512 | a1a4ac0024d6679b5768301d40964a1c05828730a25bdd9b5c79c821a6cc52ef72860128fd587867e52a6ef399343c42c304d4bae02a08e0525026ce830ebebf |
C:\Users\Admin\AppData\Local\Temp\e_sfu0xz.dll
| MD5 | 7bd63fcd215fc1813a24da055ce47c68 |
| SHA1 | 9b4b91f137440d3d966a00846b1f782e8c433a07 |
| SHA256 | 555ef508e7ec207bc7da5c396a8e4fe1902db58c2129f9b842f05eb5b1c0b52b |
| SHA512 | f1d2256ca93f90f846ed477d4c4c692ab5e83dce62b0f7f97d721cc72cb2bcc8a8722fe09962622c0413714ddc201a6c66d23eca89f52e48e1a328758a0dc8d8 |
C:\Windows\Installer\MSIA395.tmp-\CustomAction.config
| MD5 | 796621b6895449a5f70ca6b78e62f318 |
| SHA1 | 2423c3e71fe5fa55fd71c00ae4e42063f4476bca |
| SHA256 | 09be5df7a85545fd93d9fd3cd1d6c04c6bfe6e233c68da6f81c49e7a35fcbb84 |
| SHA512 | 081cf1dadb3a0e50f0a31ab03e2b08e80298c06070cd6f9b2806c08d400c07134623f7229a6c99910c6243dfa53c6e2c05d09a497aae1e701bc34b660cf9e4c9 |
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
| MD5 | 5b7cf489957eb2952242bb4f1163b491 |
| SHA1 | 133454c6f94d74d32b9bdf29ee6cc338c5af3652 |
| SHA256 | ef44f9f4fa3f70a614b768d0c7781e5d5084a7a86a085264569f0d95f45f7605 |
| SHA512 | 88fe9e04aff1064f42f083be22fa516f1800903df47017b73b311ba506f074fdfc8dbf031693708a758dfccc6035bf8e57910aa735e67b5d018429564f78d5ac |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rundll32.exe.log
| MD5 | 8e28079704db4d073e6c39636eadc0e0 |
| SHA1 | 210a60b4d7139f1779c41babc4c7e7c6b71f26cb |
| SHA256 | 34462d5da310b13b1000c3ab514350bc17395de96f9bbe4ec161128ca1171b84 |
| SHA512 | a6bf25f6440d549e2547016f01dd16345fa04655d36b225e87a96bce43195f80d82a1664f001c5ed2db2cd155681ab8cd913834d96e9459ff342012857deff91 |
C:\Users\Admin\AppData\Local\Smartbar\Common\icons\B1BEF453-913F-4EC4-B057-A2BB21C09DCBpress.png
| MD5 | e6ab030a2d47b1306ad071cb3e011c1d |
| SHA1 | ed5f9a6503c39832e8b1339d5b16464c5d5a3f03 |
| SHA256 | 054e94c94e34cef7c2fad7a0f3129c4666d07f439bfec39523dca7441a49bd7c |
| SHA512 | 4cbb002cc2d593bafd2e804cb6f1379187a9cae7d6cc45068fda6d178746420cc90bcd72ba40fc5b8b744170e64df2b296f2a45c8640819aa8b3c775e6120163 |
memory/4892-619-0x000001F775CF0000-0x000001F775D00000-memory.dmp
memory/4892-622-0x000001F776130000-0x000001F776156000-memory.dmp
memory/4892-652-0x000001F776160000-0x000001F776180000-memory.dmp
memory/4892-738-0x0000000000910000-0x00000000009F3000-memory.dmp
C:\Windows\assembly\tmp\VLKXDRPP\System.Data.SQLite.dll
| MD5 | 5b3d3a627813bcef2d7a8651941f2a96 |
| SHA1 | 18713ace817081d3b99bb71e01030842345dc750 |
| SHA256 | 2f7e3f285a523b3d918fe8b3cbd3d42d2380835779a1a8b50ccf6bb365a915bc |
| SHA512 | fc6754246a071a40bf64d8a66bb7b4f926f031dfe17c25a3e7d37d8421757afad99837f28bf754fb894ca0e19f7b13850557b208b21c4566479619e77cafdff3 |
C:\Windows\assembly\tmp\95WWNDTO\Interop.SHDocVw.dll
| MD5 | cc0611a32becda6d37695f38755a891f |
| SHA1 | 2b987c4cbe8de69b40f4096d424aca5469f90fe5 |
| SHA256 | 9daf27aea3c266457e50501cbaf1485a81c15f2dc51a84609bb5417d286a2769 |
| SHA512 | bcae75594167257341ac903fbe2a7cb4da6b49044bfaad6bc523f2efcf8aac98a417564d48cdfc57fafa7a74c6a7041b725a7b5112082b499ff2d23d05bcccac |
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
| MD5 | 459ff9c6762b7fdd91c156ff3e096478 |
| SHA1 | 7179debce9a271450b1241e7435a999aea1ddd05 |
| SHA256 | 93865c89e1507409fbbeb9433542a303cdd2fd5acda3d51fecd83e4a8fb8072c |
| SHA512 | 8b95330d364413122427604af1c0e848694975eb8c541b911aeb0d50fbb5cd15a60863f68593f1088b26f83500f400f52292a2891511223f796be750c6a7583a |
C:\Windows\assembly\GAC_MSIL\Interop.IWshRuntimeLibrary\1.0.0.0__64637c62d0471340\Interop.IWshRuntimeLibrary.dll
| MD5 | 7a5a5de7b05c00821ed6348afff2627b |
| SHA1 | 66f34183d38c9f4da9c9c669bda1149ebe766e97 |
| SHA256 | ff9d8658fa81697e8f51b105c067996e5aaff2c46cb147667bbcc9fc4929b959 |
| SHA512 | 23730bd76ae297765fa8954affbd71437a7d7bdb5bdf246563a945af353ceca9abd5275d973d8c981fc6ab6d7e25032aab2888f04e33394d95474febee02a0fd |
C:\Config.Msi\e579b1a.rbs
| MD5 | 44e85f4a3a33fa519bb67fff1e5a2a3f |
| SHA1 | cd20703e3b2de12ed18de4df577b8022884f5f0f |
| SHA256 | db8c8298fad294ef3f08f8b40a518206e8ed1a802103615ab2b3c6d8078bf072 |
| SHA512 | 2371e608ae951a285e4ee604b0ffd9c0e016d089a3e764039995065e11b0be2a4c221a9035d60d72e827bcc4a2feb98420725e17a933aeef2d75b59c67242a07 |
C:\Users\Admin\AppData\Local\Smartbar\Application\bf4etysu.newcfg
| MD5 | 02afe6dc961f4498c6876a5e366834a4 |
| SHA1 | 7d3b202bf1bb8fadc0c819b9fe9490711b2e1229 |
| SHA256 | 38d819907e0a1742cce76a87ae62cd0d190935b8e69cb090abd281303519f578 |
| SHA512 | e297bb7c7a9097f822b6baec332699f74a7eb4e07631dec0908fd7565bc088ad21fcc0a5273ce9b1bc1a974938547872789f27297041744a77ce2953ed682151 |
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\UserSettings.xml
| MD5 | 4a9459e0b5e0121b3c3a11c3dbbbd28e |
| SHA1 | 96ab18d756c2e6acd4849045a467793b7987f236 |
| SHA256 | 144f5e442df25d9f34127a16f952590cfc118e060a03198934f1f5da5f7edf40 |
| SHA512 | 86ba05da60608808f1e9ccb0d4676aa5f425003aad34367403fdedaee8d883ede476a0a1f8f178df1356bc5578fcdb1ab704e9d38d39e8da19f72ee2923682a7 |
memory/4276-833-0x000000001CB00000-0x000000001CB18000-memory.dmp
memory/4276-834-0x000000001CFF0000-0x000000001D4BE000-memory.dmp
memory/4276-835-0x000000001D560000-0x000000001D5FC000-memory.dmp
memory/408-837-0x000000001CCC0000-0x000000001CCE6000-memory.dmp
memory/4312-838-0x000000001DAF0000-0x000000001E296000-memory.dmp
memory/4312-839-0x000000001E2A0000-0x000000001EA46000-memory.dmp
memory/3008-840-0x000000001C7B0000-0x000000001C7D6000-memory.dmp
C:\Users\Admin\AppData\Local\Smartbar\DistributionFiles\Configs\PublisherSettings.xml
| MD5 | 88b0468d9bd76c7c23f0b1d7b7e3a7c2 |
| SHA1 | c1357cdf8e2ef27419d7577bb47e1bf00d4332d3 |
| SHA256 | fc1209d341967e2d7b7e51d83a5f34cf49ff58308ffcd3266b8aa9d1f60feaa3 |
| SHA512 | 03672d965fdf5319172492c7169ad3ff9852e40ddc36dba66f7f7fdaf3daf554af0a3a96a989ee7ce41a930c3817808460aff84a44d26ec34f69a7614eb6d475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cbd0e9a14155b7f5d4f542d09a83153 |
| SHA1 | 27a442a921921d69743a8e4b76ff0b66016c4b76 |
| SHA256 | 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c |
| SHA512 | 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4e96ed67859d0bafd47d805a71041f49 |
| SHA1 | 7806c54ae29a6c8d01dcbc78e5525ddde321b16b |
| SHA256 | bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d |
| SHA512 | 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 862fc3f1b1687e193d429ab842a63234 |
| SHA1 | 0e82e2e6cc515cd8cb52c52883fde2bfa5431af9 |
| SHA256 | 3790c09304fd640705c07a59ea7c703bf0382db389f7df7ffc20a74d870abce3 |
| SHA512 | a050e651dd490d995d7cea7be6ef2d26092bffe2e695432e873a1dacce7a1042dd6deadff23c9e8026aa8bc1bacafc54f4ec88018e24c2d5c414721b4534a758 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24542a0e74871463f584c28daa990cf7 |
| SHA1 | 7fe44004aae01912c477654f0627af949a65177c |
| SHA256 | bc992c7f20dfb52f7ab859663b995234d341cabc2346962622e9e351b37df697 |
| SHA512 | 10c059aacb4f98b1dc910d6f3f6a5a8a06e74d2955b59b9d2e9d447576b7ae059b03c6cd584c9c529bd7d3900add5209f65d8dab803fa124e4c45eab6938ad36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 783a9e44702798479061fd778ef6497d |
| SHA1 | 50a0014106de40cc6ab01fa5f75a2c4323d4137a |
| SHA256 | cd16296a4bfdea34985220ab2b1908d2cb8bdb7df6338cf994429c69605d5fe8 |
| SHA512 | 21956e94d4691cf7987e8410447ee2c9e94c01888b180c9a4d5761efaba68b678712e8e5581d48e8bf95821312bb23b3e51f33d4b2da8ff6b22b1f9e18851136 |