General Info

URL

http://cdn.superantispyware.com/SUPERAntiSpyware.exe

Full analysis
https://app.any.run/tasks/b40547f1-070f-459c-838b-d7eb5650614b
Verdict
Malicious activity
Analysis date
1/1/2019, 13:26:30
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • sas_enum_cookies.exe (PID: 1888)
  • SUPERAntiSpyware.exe (PID: 3768)
  • SSUPDATE.EXE (PID: 2960)
  • SASCORE.EXE (PID: 2292)
  • SASCORE.EXE (PID: 3268)
Loads dropped or rewritten executable
  • REGSVR32.EXE (PID: 2832)
  • SASCORE.EXE (PID: 2292)
  • SUPERAntiSpyware[1].exe (PID: 2236)
Loads the Task Scheduler DLL interface
  • SUPERAntiSpyware.exe (PID: 3768)
Registers / Runs the DLL via REGSVR32.EXE
  • SUPERAntiSpyware[1].exe (PID: 2236)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3388)
Loads the Task Scheduler COM API
  • SUPERAntiSpyware.exe (PID: 3768)
Changes the autorun value in the registry
  • SASCORE.EXE (PID: 2292)
Creates files in the user directory
  • SUPERAntiSpyware[1].exe (PID: 2236)
  • SUPERAntiSpyware.exe (PID: 3768)
Creates COM task schedule object
  • REGSVR32.EXE (PID: 2832)
Creates or modifies windows services
  • SUPERAntiSpyware[1].exe (PID: 2236)
  • SASCORE.EXE (PID: 3268)
Creates a software uninstall entry
  • SUPERAntiSpyware[1].exe (PID: 2236)
Creates files in the Windows directory
  • SUPERAntiSpyware.exe (PID: 3768)
Creates files in the program directory
  • SUPERAntiSpyware[1].exe (PID: 2236)
  • SASCORE.EXE (PID: 2292)
  • SUPERAntiSpyware.exe (PID: 3768)
  • SUPERAntiSpyware[1].exe (PID: 1820)
Application launched itself
  • SUPERAntiSpyware[1].exe (PID: 1820)
Executable content was dropped or overwritten
  • SUPERAntiSpyware[1].exe (PID: 2236)
Reads the cookies of Google Chrome
  • SUPERAntiSpyware.exe (PID: 3768)
Reads the cookies of Mozilla Firefox
  • SUPERAntiSpyware.exe (PID: 3768)
Reads Internet Cache Settings
  • sas_enum_cookies.exe (PID: 1888)
Dropped object may contain Bitcoin addresses
  • SUPERAntiSpyware.exe (PID: 3768)
  • SUPERAntiSpyware[1].exe (PID: 2236)
Changes internet zones settings
  • iexplore.exe (PID: 2836)
Application launched itself
  • iexplore.exe (PID: 2836)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3388)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
50
Monitored processes
12
Malicious processes
6
Suspicious processes
0

Behavior graph

+
start drop and start iexplore.exe iexplore.exe superantispyware[1].exe no specs superantispyware[1].exe sascore.exe no specs sascore.exe regsvr32.exe no specs superantispyware.exe ssupdate.exe no specs cacls.exe no specs sas_enum_cookies.exe no specs cacls.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2836
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" http://cdn.superantispyware.com/SUPERAntiSpyware.exe
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\superantispyware[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3388
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
1820
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
SUPERAntiSpyware
Description
SUPERAntiSpyware Free Edition Setup
Version
8, 0, 0, 1026
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\superantispyware[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\riched20.dll

PID
2236
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe" /runasadmin
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe
Indicators
Parent process
SUPERAntiSpyware[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SUPERAntiSpyware
Description
SUPERAntiSpyware Free Edition Setup
Version
8, 0, 0, 1026
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\superantispyware[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\supersetup\gcapi_dll.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\users\admin\appdata\local\temp\supersetup\setup.dll
c:\windows\system32\msls31.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\superantispyware\superantispyware.exe
c:\program files\superantispyware\runsas.exe
c:\windows\system32\apphelp.dll
c:\program files\superantispyware\sascore.exe
c:\windows\system32\regsvr32.exe
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll

PID
3268
CMD
"C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" -install -name:!SASCORE -display:"SAS Core Service" -description:"SUPERAntiSpyware Core Service" -pipe:sascoreservicepipe
Path
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
Indicators
No indicators
Parent process
SUPERAntiSpyware[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
SUPERAntiSpyware.com
Description
Core Service
Version
6, 0, 0, 1082
Modules
Image
c:\program files\superantispyware\sascore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
2292
CMD
"C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
Path
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
SUPERAntiSpyware.com
Description
Core Service
Version
6, 0, 0, 1082
Modules
Image
c:\program files\superantispyware\sascore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\superantispyware\sasctxmn.dll
c:\program files\superantispyware\sasseh.dll
c:\program files\superantispyware\sasdifsv.sys
c:\program files\superantispyware\saskutil.sys
c:\program files\superantispyware\superantispyware.exe
c:\program files\superantispyware\ssupdate.exe
c:\program files\superantispyware\superdelete.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\windows\system32\netfxperf.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\system32\unregmp2.exe
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\mscoree.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\smss.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\mswsock.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ie4uinit.exe
c:\windows\system32\mctadmin.exe
c:\windows\system32\drivers\a3e64e55_fl.sys
c:\program files\dvd maker\dvdmaker.exe
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\system32\drivers\a3e64e55_pr.sys
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\drivers\ipnat.sys
c:\windows\system32\nlsdata0007.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\drivers\intelppm.sys
c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\mpsdrv.sys
c:\windows\system32\mpssvc.dll
c:\windows\system32\drivers\mrxsmb10.sys
c:\windows\system32\drivers\mrxsmb20.sys
c:\windows\system32\drivers\msfs.sys
c:\windows\system32\drivers\msisadrv.sys
c:\windows\system32\msiexec.exe
c:\windows\system32\drivers\mspclock.sys
c:\windows\system32\drivers\mspqm.sys
c:\windows\system32\msscntrs.dll
c:\windows\system32\drivers\mssmbios.sys
c:\windows\system32\drivers\mstee.sys
c:\windows\system32\drivers\mup.sys
c:\windows\system32\qagentrt.dll
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\drivers\ndiscap.sys
c:\windows\system32\drivers\nwifi.sys
c:\windows\system32\drivers\mskssrv.sys
c:\windows\system32\drivers\ndistapi.sys
c:\windows\system32\drivers\ndisuio.sys
c:\windows\system32\drivers\ndiswan.sys
c:\windows\system32\drivers\ndproxy.sys
c:\windows\system32\drivers\netbios.sys
c:\windows\system32\drivers\netbt.sys
c:\windows\system32\netman.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\drivers\npfs.sys
c:\windows\system32\nsisvc.dll
c:\windows\system32\drivers\ntfs.sys
c:\windows\system32\drivers\null.sys
c:\program files\common files\microsoft shared\source engine\ose.exe
c:\progra~1\micros~1\office14\olmapi32.dll
c:\windows\system32\p2psvc.dll
c:\windows\system32\pcasvc.dll
c:\windows\system32\drivers\pcw.sys
c:\windows\system32\drivers\peauth.sys
c:\program files\mozilla firefox\firefox.exe
c:\program files\videolan\vlc\axvlc.dll
c:\progra~1\micros~1\office14\outlctl.dll
c:\windows\system32\drivers\acpi.sys
c:\program files\windows journal\journal.exe
c:\windows\system32\regsvr32.exe
c:\windows\system32\aelupsvc.dll
c:\program files\windows media player\wmplayer.exe
c:\program files\windows mail\winmail.exe
c:\windows\system32\netshell.dll
c:\progra~1\micros~1\office14\ois.exe
c:\windows\system32\drivers\amdxata.sys
c:\windows\system32\alg.exe
c:\program files\notepad++\notepad++.exe
c:\windows\system32\drivers\rtkvac.sys
c:\program files\common files\microsoft shared\office14\msoxmled.exe
c:\windows\system32\iedkcs32.dll
c:\program files\internet explorer\iexplore.exe
c:\program files\java\jre1.8.0_92\bin\javaws.exe
c:\windows\system32\appidsvc.dll
c:\progra~1\micros~1\office14\onenote.exe
c:\windows\system32\appinfo.dll
c:\program files\opera\opera.exe
c:\windows\system32\appmgmts.dll
c:\progra~1\micros~1\office14\powerpnt.exe
c:\windows\system32\aspnet_counters.dll
c:\program files\qemu-ga\qemu-ga.exe
c:\windows\system32\mscories.dll
c:\windows\system32\snippingtool.exe
c:\windows\system32\drivers\asyncmac.sys
c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\drivers\atapi.sys
c:\program files\qemu-ga\libglib-2.0-0.dll
c:\program files\google\chrome\application\68.0.3440.106\installer\chrmstp.exe
c:\windows\system32\audiosrv.dll
c:\program files\windows mail\wabmig.exe
c:\windows\system32\drivers\b57nd60x.sys
c:\program files\qemu-ga\intl.dll
c:\windows\system32\perfdisk.dll
c:\windows\system32\perfos.dll
c:\windows\system32\perfproc.dll
c:\windows\system32\perfnet.dll
c:\windows\system32\pnrpsvc.dll
c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\drivers\mountmgr.sys
c:\windows\system32\drivers\monitor.sys
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\pnrpauto.dll
c:\windows\system32\umpo.dll
c:\windows\system32\drivers\raspptp.sys
c:\windows\system32\drivers\pacer.sys
c:\windows\system32\drivers\rasacd.sys
c:\windows\system32\drivers\agilevpn.sys
c:\windows\system32\drivers\rasl2tp.sys
c:\windows\system32\rasmans.dll
c:\windows\system32\drivers\rassstp.sys
c:\windows\system32\drivers\rdbss.sys
c:\windows\system32\drivers\rdpcdd.sys
c:\windows\system32\drivers\rdpdr.sys
c:\windows\system32\drivers\rdprefmp.sys
c:\windows\system32\drivers\rdyboost.sys
c:\windows\system32\mprdim.dll
c:\windows\system32\drivers\rdpencdd.sys
c:\windows\system32\drivers\rdpbus.sys
c:\windows\system32\drivers\raspppoe.sys
c:\windows\system32\rasauto.dll
c:\program files\common files\microsoft shared\ink\mip.exe
c:\program files\windows mail\wab.exe
c:\windows\system32\bdesvc.dll
c:\windows\system32\drivers\beep.sys
c:\progra~1\micros~1\office14\winword.exe
c:\windows\system32\bfe.dll
c:\program files\qemu-ga\libgcc_s_sjlj-1.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\drivers\battc.sys
c:\windows\system32\qmgr.dll
c:\windows\system32\drivers\blbdrive.sys
c:\program files\qemu-ga\libssp-0.dll
c:\windows\system32\drivers\bowser.sys
c:\windows\system32\winsanr.dll
c:\windows\system32\browser.dll
c:\windows\system32\certprop.dll
c:\windows\system32\clfs.sys
c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
c:\windows\explorer.exe
c:\windows\system32\drivers\cng.sys
c:\windows\system32\drivers\compositebus.sys
c:\windows\system32\dllhost.exe
c:\windows\system32\cryptsvc.dll
c:\windows\system32\drivers\csc.sys
c:\windows\system32\cscsvc.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\defragsvc.dll
c:\windows\system32\drivers\dfsc.sys
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\dhcpcore.dll
c:\windows\system32\drivers\discache.sys
c:\program files\common files\microsoft shared\ink\tabtip.exe
c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\winanr.dll
c:\windows\system32\drivers\cdfs.sys
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\gameux.dll
c:\windows\system32\dot3svc.dll
c:\windows\system32\dps.dll
c:\windows\system32\drivers\drmkaud.sys
c:\windows\system32\drivers\e1g60i32.sys
c:\windows\system32\msi.dll
c:\windows\system32\eapsvc.dll
c:\windows\system32\lsass.exe
c:\windows\ehome\ehsched.exe
c:\windows\system32\esentprf.dll
c:\windows\system32\es.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\drivers\fastfat.sys
c:\windows\system32\drivers\fdc.sys
c:\windows\system32\fdphost.dll
c:\windows\system32\fdrespub.dll
c:\windows\system32\drivers\fileinfo.sys
c:\windows\system32\ieframe.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\drivers\scfilter.sys
c:\windows\system32\sdrsvc.dll
c:\windows\system32\drivers\secdrv.sys
c:\windows\system32\seclogon.dll
c:\windows\system32\sensrsvc.dll
c:\windows\system32\drivers\serenum.sys
c:\windows\system32\sessenv.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\drivers\smb.sys
c:\windows\system32\snmptrap.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\drivers\spldr.sys
c:\windows\system32\shsvcs.dll
c:\windows\system32\drivers\serial.sys
c:\windows\system32\sens.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\sppsvc.exe
c:\windows\system32\drivers\srv.sys
c:\windows\system32\drivers\srv2.sys
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\sstpsvc.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\storsvc.dll
c:\windows\system32\drivers\swenum.sys
c:\windows\system32\swprv.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\tabsvc.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\tbssvc.dll
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpipreg.sys
c:\windows\system32\drivers\tdpipe.sys
c:\windows\system32\axinstsv.dll
c:\windows\system32\bthserv.dll
c:\windows\system32\drivers\filetrace.sys
c:\windows\system32\fxssvc.exe
c:\windows\system32\drivers\exfat.sys
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\drivers\disk.sys
c:\windows\system32\drivers\fltmgr.sys
c:\windows\system32\synccenter.dll
c:\windows\system32\fntcache.dll
c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
c:\windows\system32\drivers\fs_rec.sys
c:\windows\system32\drivers\fvevol.sys
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\kmsvc.dll
c:\windows\system32\listsvc.dll
c:\windows\system32\drivers\http.sys
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\drivers\hwpolicy.sys
c:\windows\system32\provsvc.dll
c:\windows\system32\drivers\hidusb.sys
c:\windows\system32\drivers\tdtcp.sys
c:\windows\system32\drivers\tdx.sys
c:\windows\system32\trkwks.dll
c:\windows\servicing\trustedinstaller.exe
c:\windows\system32\drivers\tsusbflt.sys
c:\windows\system32\drivers\tunnel.sys
c:\windows\system32\drivers\tssecsrv.sys
c:\windows\system32\termsrv.dll
c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\srvnet.sys
c:\windows\system32\drivers\udfs.sys
c:\windows\system32\ui0detect.exe
c:\windows\system32\umrdp.dll
c:\windows\system32\upnphost.dll
c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\uxsms.dll
c:\windows\system32\drivers\vdrvroot.sys
c:\windows\system32\vds.exe
c:\windows\system32\drivers\vgapnp.sys
c:\windows\system32\drivers\vioser.sys
c:\windows\system32\drivers\volmgr.sys
c:\windows\system32\drivers\volmgrx.sys
c:\windows\system32\drivers\volsnap.sys
c:\windows\system32\wbiosrvc.dll
c:\windows\system32\wcncsvc.dll
c:\windows\system32\drivers\wdf01000.sys
c:\windows\system32\webclnt.dll
c:\windows\system32\wcspluginservice.dll
c:\windows\system32\wbengine.exe
c:\windows\system32\drivers\wanarp.sys
c:\windows\system32\vssvc.exe
c:\windows\system32\drivers\ipfltdrv.sys
c:\windows\system32\drivers\irenum.sys
c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\nlslexicons0007.dll
c:\windows\system32\drivers\ksecdd.sys
c:\windows\system32\srvsvc.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\drivers\lltdio.sys
c:\windows\system32\secur32.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\nlslexicons000c.dll
c:\windows\system32\lltdsvc.dll
c:\windows\system32\nlsdata000c.dll
c:\windows\system32\ipbusenum.dll
c:\windows\system32\drivers\mouhid.sys
c:\windows\system32\msdtc.exe
c:\windows\system32\iscsiexe.dll
c:\windows\system32\drivers\msrpc.sys
c:\windows\system32\drivers\umbus.sys
c:\windows\system32\wecsvc.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\wersvc.dll
c:\windows\system32\drivers\wfplwf.sys
c:\windows\system32\drivers\wimmount.sys
c:\program files\windows defender\mpsvc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wsmsvc.dll
c:\windows\system32\wlansvc.dll
c:\windows\system32\wbem\wmiaprpl.dll
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\windows media player\wmpnetwk.exe
c:\windows\system32\wpdbusenum.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\searchindexer.exe
c:\windows\system32\tquery.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\drivers\wudfpf.sys
c:\windows\system32\wudfsvc.dll
c:\windows\system32\wwansvc.dll
c:\windows\system32\drivers\fsdepends.sys
c:\windows\system32\gpsvc.dll
c:\windows\system32\drivers\i8042prt.sys
c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe
c:\windows\system32\ikeext.dll
c:\windows\system32\drivers\ksecpkg.sys
c:\windows\system32\nlasvc.dll
c:\windows\system32\drivers\nsiproxy.sys
c:\windows\system32\drivers\partmgr.sys
c:\windows\system32\drivers\pci.sys
c:\windows\system32\peerdistsvc.dll
c:\windows\system32\pla.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\qwave.dll
c:\windows\system32\drivers\rdpwd.sys
c:\windows\system32\regsvc.dll
c:\windows\system32\rpcepmap.dll
c:\windows\system32\locator.exe
c:\windows\system32\msdtckrm.dll
c:\windows\system32\mcx2svc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\mmcss.dll
c:\windows\system32\drivers\modem.sys
c:\windows\system32\drivers\rspndr.sys
c:\windows\system32\scardsvr.dll
c:\windows\system32\sppuinotify.dll
c:\windows\system32\drivers\vmstorfl.sys
c:\windows\system32\themeservice.dll
c:\windows\system32\w32time.dll
c:\windows\system32\wdi.dll
c:\windows\system32\wpcsvc.dll

PID
2832
CMD
"C:\Windows\system32\REGSVR32.EXE" /s "C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL"
Path
C:\Windows\system32\REGSVR32.EXE
Indicators
No indicators
Parent process
SUPERAntiSpyware[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\urlmon.dll
c:\program files\superantispyware\sasctxmn.dll
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3768
CMD
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
Path
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Indicators
Parent process
SUPERAntiSpyware[1].exe
User
admin
Integrity Level
MEDIUM
Version:
Company
SUPERAntiSpyware
Description
SUPERAntiSpyware Application
Version
8, 0, 0, 1026
Modules
Image
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\webio.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\program files\superantispyware\superantispyware.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\version.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\program files\superantispyware\ssupdate.exe
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\mstask.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\sensapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\rasman.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cacls.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\msi.dll
c:\program files\superantispyware\sas_enum_cookies.exe

PID
2960
CMD
"C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE" *8.0.1026!{06CD588E-4BD7-4ab9-9938-0949231C9484}
Path
C:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE
Indicators
No indicators
Parent process
SUPERAntiSpyware.exe
User
admin
Integrity Level
MEDIUM
Exit code
4294967295
Version:
Company
SUPERAntiSpyware.com
Description
SUPERAntiSpyware Update Application
Version
1, 0, 0, 1080
Modules
Image
c:\program files\superantispyware\ssupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll

PID
3508
CMD
"C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /G everyone:F
Path
C:\Windows\System32\cacls.exe
Indicators
No indicators
Parent process
SUPERAntiSpyware.exe
User
admin
Integrity Level
MEDIUM
Exit code
5
Version:
Company
Microsoft Corporation
Description
Control ACLs Program
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\cacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll

PID
1888
CMD
sas_enum_cookies.exe
Path
C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
Indicators
No indicators
Parent process
SUPERAntiSpyware.exe
User
admin
Integrity Level
UNKNOWN
Exit code
3221225477
Version:
Company
Support.com
Description
Version
5, 6, 0, 1030
Modules
Image
c:\program files\superantispyware\sas_enum_cookies.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

PID
3268
CMD
"C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /R everyone
Path
C:\Windows\System32\cacls.exe
Indicators
No indicators
Parent process
SUPERAntiSpyware.exe
User
admin
Integrity Level
MEDIUM
Exit code
5
Version:
Company
Microsoft Corporation
Description
Control ACLs Program
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\cfgmgr32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\program files\superantispyware\sascore.exe
c:\windows\system32\cacls.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll

Registry activity

Total events
1973
Read events
0
Write events
181
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
2836
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2836
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E88CEE65-0DC8-11E9-BAD8-5254004A04AF}
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
15
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
52
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070100020001000D001A0039002502
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070100020001000D001A0039007F00
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070100020001000D001A0039009801
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070100020001000D001A0039007F00
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019010120190102
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019010120190102
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019010120190102
CacheOptions
11
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
31
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070100020001000D001B0035007D0300000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019010120190102
CachePrefix
:2019010120190102:
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019010120190102
CacheRepair
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019010120190102
CacheLimit
8192
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070100020001000D001A0039006901
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3388
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019010120190102
CacheOptions
11
3388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019010120190102
CacheLimit
8192
3388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019010120190102
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019010120190102
3388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019010120190102
CacheRepair
0
3388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019010120190102
CachePrefix
:2019010120190102:
2236
SUPERAntiSpyware[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\GCAPITemp
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\GCAPITemp
test
te
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
DisplayName
SUPERAntiSpyware
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware
ApplicationPath
C:\Program Files\SUPERAntiSpyware
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
HelpLink
http://www.superantispyware.com/support.html
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
NoModify
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
DisplayIcon
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
DisplayVersion
8.0.1026
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
EstimatedSize
97191
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
URLUpdateInfo
http://www.superantispyware.com/support.html
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Publisher
SUPERAntiSpyware.com
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UninstallString
"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
Capabilities
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
ClassGUID
{8ECC055D-047F-11D1-A537-0000F8753ED1}
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL
ErrorControl
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV
NextInstance
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
Capabilities
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
ClassGUID
{8ECC055D-047F-11D1-A537-0000F8753ED1}
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV
ImagePath
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware
InstallationTime
E3070100020001000D001B0037009C03
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
URLInfoAbout
http://www.superantispyware.com/support.html
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
NoRepair
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
InstallLocation
C:\Program Files\SUPERAntiSpyware
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
ConfigFlags
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
Class
LegacyDriver
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL
Start
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
Legacy
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
DeviceDesc
SASDIFSV
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000\Control
ActiveService
SASDIFSV
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV
ErrorControl
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
Legacy
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
DeviceDesc
SASKUTIL
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL
Type
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL
DisplayName
SASKUTIL
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
ConfigFlags
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
Class
LegacyDriver
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV
Start
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL
NextInstance
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000
Service
SASKUTIL
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASKUTIL\0000\Control
ActiveService
SASKUTIL
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL
ImagePath
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SASDIFSV\0000
Service
SASDIFSV
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV
Type
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV
DisplayName
SASDIFSV
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
EnableConsoleTracing
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
EnableConsoleTracing
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
FileDirectory
%windir%\tracing
2236
SUPERAntiSpyware[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
EnableFileTracing
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
FileTracingMask
4294901760
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
MaxFileSize
1048576
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
EnableFileTracing
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
MaxFileSize
1048576
2236
SUPERAntiSpyware[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
ConsoleTracingMask
4294901760
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASAPI32
FileDirectory
%windir%\tracing
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
FileTracingMask
4294901760
2236
SUPERAntiSpyware[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2236
SUPERAntiSpyware[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware[1]_RASMANCS
ConsoleTracingMask
4294901760
2236
SUPERAntiSpyware[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3268
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\!SASCORE
PipeName
sascoreservicepipe
3268
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\!SASCORE
ServiceName
!SASCORE
3268
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\!SASCORE
ServiceDescription
SUPERAntiSpyware Core Service
3268
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\!SASCORE
ServiceDisplay
SAS Core Service
3268
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\!SASCORE
AppDataPath
C:\ProgramData\!SASCORE
2292
SASCORE.EXE
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Run
SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2292
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
ErrorMode
0
2292
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware
AppDataPath
C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware
2292
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware
ContextMenu
yes
2292
SASCORE.EXE
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
ErrorMode
1
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SASCTXMN.DLL
AppID
{746C91D0-C4A9-460A-B841-851A2B6F2C4B}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
SUPERAntiSpyware Context Menu
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
SUPERAntiSpyware Context Menu
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1
SASContextMenu Class
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASConte
SASContextMenu Class
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
SUPERAntiSpyware Context Menu
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1\CLSID
{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\VersionIndependentProgID
SUPERAntiSpywareContextMenuExt.SASConte
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\InprocServer32
ThreadingModel
Apartment
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\ToolboxBitmap32
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL, 102
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\MiscStatus\1
131473
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\Version
1.0
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}\1.0\FLAGS
0
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}\1.0\HELPDIR
C:\Program Files\SUPERAntiSpyware
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DCBB4-CBAE-4593-BB45-39CAD8F2CF19}
ISASContextMenu
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DCBB4-CBAE-4593-BB45-39CAD8F2CF19}\TypeLib
Version
1.0
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{746C91D0-C4A9-460A-B841-851A2B6F2C4B}
SUPERAntiSpywareContextMenuExtension
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASConte\CLSID
{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASConte\CurVer
SUPERAntiSpywareContextMenuExt.SASCon.1
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
SASContextMenu Class
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\ProgID
SUPERAntiSpywareContextMenuExt.SASCon.1
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\InprocServer32
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}
AppID
{746C91D0-C4A9-460A-B841-851A2B6F2C4B}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\MiscStatus
0
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}\TypeLib
{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}\1.0
SUPERAntiSpywareContextMenuExtension 1.0 Type Library
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}\1.0\0\win32
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DCBB4-CBAE-4593-BB45-39CAD8F2CF19}\TypeLib
{209D651D-9AAE-47B4-AD74-16A8F03ACDDB}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DCBB4-CBAE-4593-BB45-39CAD8F2CF19}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
2832
REGSVR32.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DCBB4-CBAE-4593-BB45-39CAD8F2CF19}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3768
SUPERAntiSpyware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3768
SUPERAntiSpyware.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
EnableFileTracing
0
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
MaxFileSize
1048576
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
FileTracingMask
4294901760
3768
SUPERAntiSpyware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3768
SUPERAntiSpyware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
EnableConsoleTracing
0
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
FileDirectory
%windir%\tracing
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
ConsoleTracingMask
4294901760
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
FileTracingMask
4294901760
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
EnableFileTracing
0
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASAPI32
ConsoleTracingMask
4294901760
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
EnableConsoleTracing
0
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
FileDirectory
%windir%\tracing
3768
SUPERAntiSpyware.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SUPERAntiSpyware_RASMANCS
MaxFileSize
1048576
3768
SUPERAntiSpyware.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
21
Suspicious files
25
Text files
24
Unknown types
36

Dropped files

PID
Process
Filename
Type
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\gcapi_dll.dll
executable
MD5: cac4a48fbaf0373d0d1ca310c2615a55
SHA256: b6a209242cccbb2257becd3b826d4a304631bbe9f4f842278619e42c33feb2e3
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
executable
MD5: 3497c5e00ecd5fdb728e9b5093e2b831
SHA256: 50dd6863e9ecb2f6ea8e6f313ba533dc783322818c80d267a5dd877cdccda124
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
executable
MD5: 5b4fb12cad6daf3761a6e20e86402770
SHA256: 8d4964774dd3d43ad9b50cd6f2e47c980ad2ae53e635f0d067f805ec2e1d520d
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\BootSafe.exe
executable
MD5: 257b3bc18d0850b4d02f36cfbd4aca5b
SHA256: 677e644320b96a69b0d895f32d6603162f5d3237c61bfbfa1b988e5285eb08f0
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll
executable
MD5: a10605c6b54592f04ae1e58ed6e67e72
SHA256: 80bf7b6f8d3cea7464d035b5b94499d672c24684dd66183847911f56716e650a
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\setup.dll
executable
MD5: f21ca163b7df7daddab556b8bd242c35
SHA256: 3416cffe03c9910c0d946aa0a593c4cbc937e20a5921055af537d66d8c7ac594
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
executable
MD5: 39763504067962108505bff25f024345
SHA256: 73c9710b61edc7fbede1d7a767aa3d3a169e7ad012494d05cb5ee7e5c5752bb9
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\SupportCom_Chrome_V2.exe
executable
MD5: 639ef91a44c89708d3143cd4ea44400e
SHA256: 9d689377585755030e195d4da522170aa2f9791d71c9e32178b61bfad941d94c
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASTask.exe
executable
MD5: 5302d99fb38de4318738be8eb5504695
SHA256: d698c5790816236a743720722cc21b5a5f3e7b9ec02c6ec515908a7e1220f1f3
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\msvcr71.dll
executable
MD5: 86f1895ae8c5e8b17d99ece768a70732
SHA256: 8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll
executable
MD5: 3977ac5e0ea6516c3b4e552cf38f8c4d
SHA256: de4675f92d0ef936e7e8755589fc036b5fa5ebc025a0534e40569ddff6dfca17
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SUPERDelete.exe
executable
MD5: 35da92670c06c15cf6f5c10708788554
SHA256: 2227ce63d91490bc94f88149cc12998c5642d9716697d063901ab8b364270815
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll
executable
MD5: 0d99bf2b4255fb086178c56af67e0fdf
SHA256: 2a6e8619f0322fb70cc9995f24830d15f76608e9c9db6c1f807e70977664fa93
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\SAS_LaunchChromeSetup.exe
executable
MD5: afc547e60bf26962b00f3afdb0afd933
SHA256: bd275e9d5015eec87f5289bcfb54923fc467870a6cd751358e78d1e829a78158
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
executable
MD5: 76c460cf51f482783932425f27de6524
SHA256: 905e545bac46911f3ade69fa24acb09732038c88f5576fb6aebf80365668e91b
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe
executable
MD5: c98f35d0589de4b56cce5f25f957f38b
SHA256: f19d8eeb59bce2ed9152ffca11b83e9b248efdbb211e2d36eae8a6bd6a63241a
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
executable
MD5: ba5459170b53af85d506e409dc8956a3
SHA256: 03315c2698c9dae31bad612ea7ee26080a729d1151af3d263eb7afa3ed698cc9
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASCore.exe
executable
MD5: 4570bb456eea6ab2a92f60644dfb031b
SHA256: 200cd43b2227dede47e32dd4b42087b9b5904d0aa55c8ee6255efd518b51a2a7
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
executable
MD5: e5b19f06b5105b110255c7a4a87db307
SHA256: bc3a996942a6d3b50b469962929a159f40e443c2e6585b5feb8ea9bc16950046
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Uninstall.exe
executable
MD5: 4d0dd97c0ab63c0d72a895b4db8b0553
SHA256: a2887b7d3a95f05b3382f55f4496307b6b792e6a2d492178bcdbe22bd939733d
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
executable
MD5: 77b9fc20084b48408ad3e87570eb4a85
SHA256: b5bc5fec1356decb66a7a671db67112bdac8f942bf1c4b986b1805b41ef362b1
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SAS Default.set
skc
MD5: b3e9dfd17cf864d552e03445a7d3133c
SHA256: acb0fc3c92fbab280b0da3252442d6eae96653cce0e21d59c8741035391b057d
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1.DAT
binary
MD5: e4e1a02524f460026886fda2bd5fb28f
SHA256: 67ef745f639980c870abdcf89c3a488fbdc0f992a32b2c84a176a765406d530a
3768
SUPERAntiSpyware.exe
C:\Users\admin\AppData\Local\Temp\SAS4497.tmp
image
MD5: 530b7c8831e10831888c858423e33b0b
SHA256: 8ae63bfe0b70a42ca2e1c966e7987077232499c4cb41561685e3a836fd165c22
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\updatehistory.html
html
MD5: b69e35c72d52059f35ff654004dbc281
SHA256: 1283280fac55aebcf9493fbb1bead01643e5f103e249b11b20a13acbfda3f6a8
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.DB3
sqlite
MD5: f47fc08b6793393b9c699fcef34e4fd2
SHA256: 12b641a4ad78a0352a436c992b901328f50f0a5eb1170919dd44916e3e5900f3
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB
binary
MD5: 91fd24f3bb71e13f89e03f8858e85117
SHA256: dd265ff4fce6952d15bcf64e983af437155847e567ea08fabd2a453210770c05
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\DEFINITIONS.SAS
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\sc_res_2.db3
sqlite
MD5: 8924542b6405f79249c044a09b19ad41
SHA256: 4c90e90454d4ce57c9a8018b62d81db44e31557b4118a0dd269a471576505268
3768
SUPERAntiSpyware.exe
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f43e27a0-ef0d-457f-8911-e835f225a72d.job
binary
MD5: 0819509ef0cbc140c69cc0e4fb29cc63
SHA256: a0b67f7201edbdd78e70d4df7f15b70e801b82b914845768caf029f68c5a2bcb
3768
SUPERAntiSpyware.exe
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task fc10bb1f-ef80-45d6-8438-b7a1161aa951.job
binary
MD5: d472cff1d6c68116b4d842685322b735
SHA256: 8ba489e9fb28cfec6a1158e13d22f423c7e98e63cd754fa55566c0d19436732d
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\update.dat
binary
MD5: 48c617bababbecd38e7609ccca32fe68
SHA256: e3014ea6c157d7ad891eeede83cb8f8448f274cd130af192bee32488347e2370
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\sas-data.tmp
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\sas-data.tmp
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERSetup\setupvars-journal
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERSetup\setupvars
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Uninstall.dat-journal
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SetupOptions.db3-journal
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
lnk
MD5: 623da5d1685adc0fa3b28a004842eb45
SHA256: e21512e91442e34749761effe69fbeb246a411f228cff74dd0a875c26b81429c
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
lnk
MD5: 3fa5c668e7abffbd34697b0328203320
SHA256: ab8a92ce1463a4f0224e8937ab0739fc8de07b10e38fe892c6d5e1827e89c505
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SetupOptions.db3
sqlite
MD5: 7932cefecce137bc089da7f210f29196
SHA256: ef617077a98128d9887e665be33e065a394ede7b419d1eb351155dded277acde
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\Uninstall.dat
sqlite
MD5: 09492d496925b361fd936604f72b2ba2
SHA256: 96fa776e2e9341db0558fca3501c3a9c6c965344a976448efbe2c07fc05f81ae
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 88166454f37da933474d8ebd57c350dd
SHA256: fe6ca67bd0434ed14cbc6f71e276f2f49781653b0c0f785f0b9062caf7c59548
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\Content1\MDIsR1NfVlBOXzAxLGh0dHA6Ly9nby5zdXBlcmFudGlzcHl3YXJlLmNvbS8_bGlua2lkPTEwMTQ0OQ==.bmp
image
MD5: 87acc436fce856231be6b7f90d7efa19
SHA256: d10ff8222aa7425f3f03be995ae6bd56739e001a271d91a94c575ef81fea5236
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\High Contrast Black.set
skc
MD5: a01d955e1485454b56413cc4c40f547f
SHA256: a5a15f0dcf648affa3f358aaefb3d82794952c10bb379741de52bf58ef1649d5
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
lnk
MD5: 914be01321e6ca1914f92a75097d70da
SHA256: e7c56ad98ea8070a22007dd65e607f1ffa71e8c329f3491439a55ca17c7e1495
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
lnk
MD5: c2182bd3d908322ec334fe5d44003e4d
SHA256: 2de481e9d3568572c398c45b4418d9a853ae98453c4b1ec03e57080318035b95
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\Content1\MDEsU0FTX01QRkIyOTk1XzAxLGh0dHA6Ly9nby5zdXBlcmFudGlzcHl3YXJlLmNvbS8_bGlua2lkPTEwMTQ1MQ==.bmp
image
MD5: 530b7c8831e10831888c858423e33b0b
SHA256: 8ae63bfe0b70a42ca2e1c966e7987077232499c4cb41561685e3a836fd165c22
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SAS_Preconfig.db3
sqlite
MD5: 52cbb622fb744c0db3c292805254e1a6
SHA256: edd0dcdf0b48e21d6a54ff5b081d01c1d83a412d31b36ccec1db7c127d921e81
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\superantispyware.db3
sqlite
MD5: c57d6566d28dcf4a9da9f64c3efaebd9
SHA256: 4780d25f3a90a425da233127677ad92174687933698a55ff1e294ba9e2a88978
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\sc_res_2.db3-journal
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLDYZ51W.DEFAULT\COOKIES.SQLITE-shm
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SAS_ALLUSER.DB3-journal
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SAS_CURRENTUSER.DB3-journal
––
MD5:  ––
SHA256:  ––
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5GQ9QB80\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\SASREPAIRS.STG
binary
MD5: efc9ea7aa080142234062f49c1ed2aa0
SHA256: 87f7dd02e06983dc362923f74fe880367f0ab59d9ba288099a2c538982abfa96
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: f59302c26007049114d954e385b514e8
SHA256: 9af7f1b5fa1acb0ecbe7feac52ceaa382b92d66a71199507ec028cd925cf857b
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JS61RUXR\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
––
MD5:  ––
SHA256:  ––
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\879I9NG1\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3QMXF83G\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3768
SUPERAntiSpyware.exe
C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SAS_CURRENTUSER.DB3
sqlite
MD5: 83e1e2db270f97a12d5d8e012fbcd006
SHA256: 80c1a4b86d311af135206f597c0b08b08ff6bbd638d5b0ba599f89805b4c8b08
1888
sas_enum_cookies.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SAS_ALLUSER.DB3
sqlite
MD5: bec7d3ae033afb2c84600f474bfb4671
SHA256: 3cff966479db4e390aa693a629fef95ad141a2a9c58eee7dcee9d63a0d74edbd
2236
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB
binary
MD5: 3767c6a913f79aa6e25112c9381000a1
SHA256: ba3e63fdac8df9c9ad3ef0aaa8e6444ec60f7d07e5b475b5269b39b8ece8d87b
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN.WORKING
––
MD5:  ––
SHA256:  ––
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E88CEE65-0DC8-11E9-BAD8-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD234161EF84DA469.TMP
––
MD5:  ––
SHA256:  ––
1820
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERSetup\setupvars-journal
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\Program Files\SUPERAntiSpyware\detect.wav
wav
MD5: a48bbf8aa311f6fbca3d36e2fffc88e2
SHA256: e76700b5c8cbabdefca606d90862cdb5263c1b7a4e0545f218104c2818eccfc7
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\eula.rtf
text
MD5: 646d28d77b2d351e701eebf388625142
SHA256: 1f41100c5c8fbc0d1d8eea57ca7cf768e5d0d48108fcf844ec1a9850cf1ea4ca
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\eula - Copy.rtf
text
MD5: 917a39aadc5783bf31505fb0d725adf8
SHA256: cde2ff5bfc2a0ea4bb9792a94c13dd32902551f968ea9e6008a450ca10ef5314
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1\MDEsU0FTX01QRkIyOTk1XzAxLGh0dHA6Ly9nby5zdXBlcmFudGlzcHl3YXJlLmNvbS8_bGlua2lkPTEwMTQ1MQ==.bmp
image
MD5: 530b7c8831e10831888c858423e33b0b
SHA256: 8ae63bfe0b70a42ca2e1c966e7987077232499c4cb41561685e3a836fd165c22
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1\MDIsR1NfVlBOXzAxLGh0dHA6Ly9nby5zdXBlcmFudGlzcHl3YXJlLmNvbS8_bGlua2lkPTEwMTQ0OQ==.bmp
image
MD5: 87acc436fce856231be6b7f90d7efa19
SHA256: d10ff8222aa7425f3f03be995ae6bd56739e001a271d91a94c575ef81fea5236
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\setup.db3
sqlite
MD5: ac34c3fd78e7f302c59b937ae45d9a99
SHA256: 348272252c3bf95f5f8c45a22b4a3eafbc94cf345f9fbf765f3253611cc7fb63
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\Thumbs.db
binary
MD5: c5b94a5260b85d21e5cc33ce8a9127d2
SHA256: 1250f3403ae6b121bf0bc25b61176123950266229ba47f57eabe66f73d1f5c45
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1\AOL\MDEsQU9MRlJFRV8wMSxodHRwOi8vZ28uc3VwZXJhbnRpc3B5d2FyZS5jb20vP2xpbmtpZD0xMDE0MTY=.bmp
image
MD5: 8fb48521a8303f6b03d406d4a41edf83
SHA256: c09159825e0bb0704ede26becf0b4d08b245a33956a7e978edaad0ef2362fee6
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\top.bmp
image
MD5: 483e1e28067279237acbdd02c3d3cc0e
SHA256: 29e17b288eb7b261501f22b58a0c6becba2122e495580c26bf4ac3cc124cfb5e
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1\AOL\Thumbs.db
binary
MD5: dc34d18019465743fb4b647859391011
SHA256: d1b8a3499870b0b8b7e7486669e07d4dbd04ba54a917e9f8d55af3075f45d978
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe
––
MD5:  ––
SHA256:  ––
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\side.bmp
image
MD5: c3b548995bb14485f164f0e09b6e2161
SHA256: b5b3bb534a1487632bcc575803b8b93f8306b0033da0b4b99cea9d31d901f285
3768
SUPERAntiSpyware.exe
C:\Users\admin\AppData\Local\Temp\SAS4498.tmp
image
MD5: 87acc436fce856231be6b7f90d7efa19
SHA256: d10ff8222aa7425f3f03be995ae6bd56739e001a271d91a94c575ef81fea5236
3768
SUPERAntiSpyware.exe
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\CONTENT1\Thumbs.db
binary
MD5: 338b8369444703ea72600b7058f952f0
SHA256: 15b0621333f9771f3314681246d82613fb7ca527da3dd0e26486f91a9d7a59c5
3388
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 738a3c3b0e579a3d81aaa7f2808af58d
SHA256: 7e30181fb2176d0d498ef75957d8162c0d11b34f5ec92718ee2345fc7a08501d
1820
SUPERAntiSpyware[1].exe
C:\ProgramData\SUPERSetup\setupvars
sqlite
MD5: a7509d6317860c7a3762c39a7ab60a91
SHA256: e7c131661b31809e78230aaf0c2102849771137dd7d338f82ae43f8089b0dbda
2236
SUPERAntiSpyware[1].exe
C:\Users\admin\AppData\Local\Temp\SUPERSetup\promo.html
html
MD5: 3599994db80f12a5000cdf51aa5a6d04
SHA256: 1c4b330a077aa0a7f9f325d9eb64db1c78f71cfd4e7be6816816fa6eea7fca28
3388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\SUPERAntiSpyware[1].exe
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF751E650D3C9D4EB0.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019010120190102\index.dat
dat
MD5: a9c18d5ff550a2d40a0c60aeda2bc2b1
SHA256: ce38fa754d4bca4c3d54220100b866658ab9b4ea47d32ca5232095f4b85824d4
3388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019010120190102\index.dat
dat
MD5: 81d543b866efe748df789f6a60848d88
SHA256: 29260d1837119780a3d0231c071ca0de14741f11c3b55a81606fe4176195dc5d
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\SUPERAntiSpyware[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\SUPERAntiSpyware[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E88CEE66-0DC8-11E9-BAD8-5254004A04AF}.dat
binary
MD5: 3ae616d67ee5d21d0515da4a21a7a00d
SHA256: 2659b018ff24758e7ce3b6ac2b619995a8c171b5e3d748782e2ff00f93e4e41d
2292
SASCORE.EXE
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\sas_hashdata.bin
binary
MD5: fd77ccb3e589300e5f9f85436d866c5a
SHA256: a196f7d31134c50450fc9b568e2a401996356f4d97360475fa7283d291490dbd

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
12
TCP/UDP connections
8
DNS requests
4
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3388 iexplore.exe GET 200 93.184.221.133:80 http://cdn.superantispyware.com/SUPERAntiSpyware.exe US
executable
whitelisted
2836 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2236 SUPERAntiSpyware[1].exe GET 200 74.201.114.183:80 http://events.webflowmetrics.com/metrics.asmx/RecordEvent?sEventName=SASRPI_Install&sEventData=tag:SUPERAntiSpywareChrome.exe_Chrome_V5_NotShown:2|zo-sasref US
xml
unknown
3768 SUPERAntiSpyware.exe GET 200 74.201.114.183:80 http://events.webflowmetrics.com/metrics.asmx/RecordEvent?sEventName=SASRPI_TrialOffer&sEventData=tag:SUPERAntiSpyware.exe_V6_Accepted%7Czo-sasref US
xml
unknown
3768 SUPERAntiSpyware.exe POST 200 74.201.114.185:80 http://www.superantispyware.com/application.php US
text
text
unknown
3768 SUPERAntiSpyware.exe POST 200 74.201.114.185:80 http://www.superantispyware.com/application.php US
text
text
unknown
3768 SUPERAntiSpyware.exe GET 200 93.184.221.133:80 http://cdn.superantispyware.com/sascomponents/%7B06CD588E-4BD7-4AB9-9938-0949231C9484%7D.sas US
binary
whitelisted
3768 SUPERAntiSpyware.exe GET 200 93.184.221.133:80 http://cdn.superantispyware.com/appdata/sas/public/20000002.XML US
text
whitelisted
3768 SUPERAntiSpyware.exe GET 200 93.184.221.133:80 http://cdn.superantispyware.com/appdata/sas/public/new.15243.SAS US
binary
whitelisted
3768 SUPERAntiSpyware.exe POST 200 74.201.114.185:80 http://www.superantispyware.com/application.php US
text
text
unknown
3768 SUPERAntiSpyware.exe POST 200 74.201.114.185:80 http://www.superantispyware.com/application.php US
text
text
unknown
3768 SUPERAntiSpyware.exe POST 200 74.201.114.185:80 http://www.superantispyware.com/application.php US
text
text
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3388 iexplore.exe 93.184.221.133:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2836 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2236 SUPERAntiSpyware[1].exe 74.201.114.183:80 Internap Network Services Corporation US unknown
3768 SUPERAntiSpyware.exe 74.201.114.183:80 Internap Network Services Corporation US unknown
3768 SUPERAntiSpyware.exe 74.201.114.185:80 Internap Network Services Corporation US unknown
3768 SUPERAntiSpyware.exe 93.184.221.133:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
cdn.superantispyware.com 93.184.221.133
whitelisted
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
events.webflowmetrics.com 74.201.114.183
unknown
www.superantispyware.com 74.201.114.185
unknown

Threats

PID Process Class Message
3388 iexplore.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

Process Message
–– start menu folder
–– C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\
–– BANNER HAS NOT CHANGED