General Info

File name

PFPortChecker.exe

Full analysis
https://app.any.run/tasks/780c4d0b-d21c-42b4-927c-03380a5241c1
Verdict
Malicious activity
Analysis date
3/14/2019, 11:28:23
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

20c85c4d158097634816c0ec342139a2

SHA1

491e2b79072890b6e193585d21db40588787a480

SHA256

3fe77a676479a75dd2ef25705cec70fd06f62c9ccc29e16b3180dcb63e330bb4

SSDEEP

49152:8SsXGVQDCv9f63SXV02Xb4tx6oi1Kdfvi/knzeiN:IG+uR63S8x6vodfvpzRN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • AskPartnerCobrandingTool.exe (PID: 4052)
  • TaskScheduler.exe (PID: 3656)
  • askHomePage.exe (PID: 2748)
  • Processor64Bit.exe (PID: 2832)
  • JSXPCOMInstaller.exe (PID: 2916)
  • NEW8EFE.tmp.exe (PID: 2248)
  • AskInstallChecker-1.1.0.0.exe (PID: 2444)
  • askToolbarInstaller-1.5.0.0.exe (PID: 2796)
Loads the Task Scheduler COM API
  • TaskScheduler.exe (PID: 3656)
Loads dropped or rewritten executable
  • PFPortChecker.exe (PID: 4080)
Creates COM task schedule object
  • MsiExec.exe (PID: 3000)
Creates files in the program directory
  • PFPortChecker.exe (PID: 4080)
Executable content was dropped or overwritten
  • MsiExec.exe (PID: 3476)
  • askToolbarInstaller-1.5.0.0.exe (PID: 2796)
  • NEW8EFE.tmp.exe (PID: 2248)
  • PFPortChecker.exe (PID: 4080)
  • msiexec.exe (PID: 2460)
Creates files in the user directory
  • PFPortChecker.exe (PID: 4080)
Creates files in the Windows directory
  • PFPortChecker.exe (PID: 4080)
Changes the started page of IE
  • askHomePage.exe (PID: 2748)
Creates a software uninstall entry
  • PFPortChecker.exe (PID: 4080)
Starts Microsoft Installer
  • NEW8EFE.tmp.exe (PID: 2248)
Creates files in the program directory
  • msiexec.exe (PID: 2460)
Application was dropped or rewritten from another process
  • MSI97CA.tmp (PID: 2328)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 3000)
Creates a software uninstall entry
  • msiexec.exe (PID: 2460)
Application launched itself
  • msiexec.exe (PID: 2460)
Starts application with an unusual extension
  • msiexec.exe (PID: 2460)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   NSIS - Nullsoft Scriptable Install System (94.8%)
.exe
|   Win32 Executable MS Visual C++ (generic) (3.4%)
.dll
|   Win32 Dynamic Link Library (generic) (0.7%)
.exe
|   Win32 Executable (generic) (0.5%)
.exe
|   Generic Win/DOS Executable (0.2%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2009:06:06 23:41:54+02:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
23552
InitializedDataSize:
119808
UninitializedDataSize:
1024
EntryPoint:
0x323c
OSVersion:
4
ImageVersion:
6.1
SubsystemVersion:
4
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
06-Jun-2009 21:41:54
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000D8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
06-Jun-2009 21:41:54
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x00005A5A 0x00005C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.4177
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.18163
.data 0x00009000 0x0001AF98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.70903
.ndata 0x00024000 0x00017000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x0003B000 0x000042D8 0x00004400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.90403
Resources
1

2

3

4

5

6

7

102

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
51
Monitored processes
15
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start pfportchecker.exe no specs pfportchecker.exe askinstallchecker-1.1.0.0.exe asktoolbarinstaller-1.5.0.0.exe new8efe.tmp.exe msiexec.exe no specs msiexec.exe msiexec.exe processor64bit.exe no specs askhomepage.exe jsxpcominstaller.exe no specs msi97ca.tmp no specs msiexec.exe no specs askpartnercobrandingtool.exe taskscheduler.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3636
CMD
"C:\Users\admin\AppData\Local\Temp\PFPortChecker.exe"
Path
C:\Users\admin\AppData\Local\Temp\PFPortChecker.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\pfportchecker.exe
c:\systemroot\system32\ntdll.dll

PID
4080
CMD
"C:\Users\admin\AppData\Local\Temp\PFPortChecker.exe"
Path
C:\Users\admin\AppData\Local\Temp\PFPortChecker.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\pfportchecker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsge40a.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nsge40a.tmp\system.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\users\admin\appdata\local\temp\nsge40a.tmp\askinstallchecker-1.1.0.0.exe
c:\users\admin\appdata\local\temp\nsge40a.tmp\asktoolbarinstaller-1.5.0.0.exe
c:\users\admin\appdata\local\temp\nsge40a.tmp\inetload.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\pfportchecker\pfportchecker.exe
c:\windows\system32\mswinsck.ocx
c:\windows\system32\wsock32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\netutils.dll

PID
2444
CMD
"C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\AskInstallChecker-1.1.0.0.exe" PF
Path
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\AskInstallChecker-1.1.0.0.exe
Indicators
Parent process
PFPortChecker.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Ask.com
Description
Ask Install Checker
Version
1,1,0,0
Modules
Image
c:\users\admin\appdata\local\temp\nsge40a.tmp\askinstallchecker-1.1.0.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
2796
CMD
"C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\askToolbarInstaller-1.5.0.0.exe" /tbr /sa /hpr /verysilent toolbar=PF
Path
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\askToolbarInstaller-1.5.0.0.exe
Indicators
Parent process
PFPortChecker.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Ask.com
Description
wrapper Application
Version
15, 0, 0, 498
Modules
Image
c:\users\admin\appdata\local\temp\nsge40a.tmp\asktoolbarinstaller-1.5.0.0.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\new8efe.tmp.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
2248
CMD
"C:\Users\admin\AppData\Local\Temp\NEW8EFE.tmp.exe" /s /v"PARTNER=PF /qn"
Path
C:\Users\admin\AppData\Local\Temp\NEW8EFE.tmp.exe
Indicators
Parent process
askToolbarInstaller-1.5.0.0.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Ask.com
Description
Setup Launcher
Version
1.5.0.0
Modules
Image
c:\users\admin\appdata\local\temp\new8efe.tmp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msiexec.exe

PID
596
CMD
MSIEXEC.EXE /i "C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\Ask Toolbar.msi" /L*vx C:\Users\admin\AppData\Local\Temp\ASKSUTBLOG PARTNER=PF /qn TRANSFORMS="C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\1033.MST" SETUPEXEDIR="C:\Users\admin\AppData\Local\Temp" SETUPEXENAME="NEW8EFE.tmp.exe"
Path
C:\Windows\system32\MSIEXEC.EXE
Indicators
No indicators
Parent process
NEW8EFE.tmp.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2460
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\installer\msi97ca.tmp
c:\windows\system32\devrtl.dll
c:\windows\system32\cabinet.dll
c:\program files\ask.com\taskscheduler.exe

PID
3476
CMD
C:\Windows\system32\MsiExec.exe -Embedding 43A03885179FD9DF7D96E1DFBB2976F8
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\vbscript.dll
c:\windows\installer\msi940f.tmp
c:\windows\system32\scrrun.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\processor64bit.exe
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dispex.dll
c:\program files\internet explorer\ieproxy.dll
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askhomepage.exe
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\jsxpcominstaller.exe
c:\windows\installer\msi976b.tmp
c:\windows\system32\scrobj.dll
c:\windows\installer\msi9952.tmp
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe
c:\windows\installer\msia500.tmp
c:\windows\installer\msia510.tmp

PID
2832
CMD
"C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\Processor64Bit.exe"
Path
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\Processor64Bit.exe
Indicators
No indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Ask.com
Description
Check Processor Architecture is 64 bit
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\processor64bit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2748
CMD
"C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askHomePage.exe" PF
Path
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askHomePage.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Ask.com
Description
Ask Home Page Reset for Internet Explorer
Version
1,0,0,4
Modules
Image
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askhomepage.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
2916
CMD
"C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\JSXPCOMInstaller.exe"
Path
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\JSXPCOMInstaller.exe
Indicators
No indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\jsxpcominstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2328
CMD
"C:\Windows\Installer\MSI97CA.tmp"
Path
C:\Windows\Installer\MSI97CA.tmp
Indicators
No indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\windows\installer\msi97ca.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

PID
3000
CMD
C:\Windows\system32\MsiExec.exe -Embedding 5ED0DBB7563C42155F27464D292EDE52 M Global\MSI0000
Path
C:\Windows\system32\MsiExec.exe
Indicators
No indicators
Parent process
msiexec.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msi9a7d.tmp
c:\windows\installer\msi9dab.tmp
c:\program files\ask.com\genericasktoolbar.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\oledlg.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\devrtl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll

PID
4052
CMD
"C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe" PF
Path
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
Indicators
Parent process
MsiExec.exe
User
admin
Integrity Level
HIGH
Exit code
4294967295
Version:
Company
Ask.com
Description
Ask Toolbar Partner Cobranding
Version
1, 0, 0, 1
Modules
Image
c:\users\admin\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll

PID
3656
CMD
"C:\Program Files\Ask.com\TaskScheduler.exe" C:\Program Files\Ask.com\UpdateTask.exe
Path
C:\Program Files\Ask.com\TaskScheduler.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\program files\ask.com\taskscheduler.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

Registry activity

Total events
1615
Read events
1286
Write events
320
Delete events
9

Modification events

PID
Process
Operation
Key
Name
Value
4080
PFPortChecker.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
EnableFileTracing
0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
EnableConsoleTracing
0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
FileTracingMask
4294901760
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
ConsoleTracingMask
4294901760
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
MaxFileSize
1048576
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASAPI32
FileDirectory
%windir%\tracing
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
EnableFileTracing
0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
EnableConsoleTracing
0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
FileTracingMask
4294901760
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
ConsoleTracingMask
4294901760
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
MaxFileSize
1048576
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PFPortChecker_RASMANCS
FileDirectory
%windir%\tracing
4080
PFPortChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4080
PFPortChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4080
PFPortChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4080
PFPortChecker.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4080
PFPortChecker.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
Microsoft WinSock Control, version 6.0 (SP6)
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32
C:\Windows\system32\MSWINSCK.OCX
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32
ThreadingModel
Apartment
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock
Microsoft WinSock Control, version 6.0 (SP6)
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID
{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CurVer
MSWinsock.Winsock.1
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1
Microsoft WinSock Control, version 6.0 (SP6)
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID
{248DD896-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID
MSWinsock.Winsock
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID
MSWinsock.Winsock.1
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version
1.0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus
0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1
132497
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32
C:\Windows\system32\MSWINSCK.OCX, 1
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}
Winsock General Property Page Object
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32
C:\Windows\system32\MSWINSCK.OCX
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
Microsoft Winsock Control 6.0 (SP6)
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS
2
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32
C:\Windows\system32\MSWINSCK.OCX
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}
IMSWinsockControl
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
Version
1.0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}
DMSWinsockControlEvents
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
{248DD890-BB45-11CF-9ABC-0080C7E7B78D}
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
Version
1.0
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PFPortChecker.exe
C:\Program Files\PFPortChecker\PFPortChecker.exe
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
DisplayName
PFPortChecker 1.0.32
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
UninstallString
C:\Program Files\PFPortChecker\uninst.exe
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
DisplayIcon
C:\Program Files\PFPortChecker\PFPortChecker.exe
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
DisplayVersion
1.0.32
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
URLInfoAbout
http://www.portforward.com
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PFPortChecker
Publisher
Portforward.com
4080
PFPortChecker.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\askToolbarInstaller-1.5.0.0.exe
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
EnableFileTracing
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
EnableConsoleTracing
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
FileTracingMask
4294901760
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
ConsoleTracingMask
4294901760
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
MaxFileSize
1048576
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
FileDirectory
%windir%\tracing
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
EnableFileTracing
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
EnableConsoleTracing
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
FileTracingMask
4294901760
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
ConsoleTracingMask
4294901760
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
MaxFileSize
1048576
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
FileDirectory
%windir%\tracing
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2444
AskInstallChecker-1.1.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2796
askToolbarInstaller-1.5.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2796
askToolbarInstaller-1.5.0.0.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
9C0900005C2538CC50DAD401
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
638112233F93B4BFE48949F783264926504A896D31A9B8A3F34CE662177126F8
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\1b92d9.ipi
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1b92da.rbs
30726736
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\1b92da.rbsLow
3447474144
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Program Files\Ask.com\GenericAskToolbar.dll
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
A28B4D68DEBAA244EB686953B7074FEF
C?\Program Files\Ask.com\GenericAskToolbar.dll
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Program Files\Ask.com\TaskScheduler.exe
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
A28B4D68DEBAA244EB686953B7074FEF
C?\Program Files\Ask.com\TaskScheduler.exe
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\Program Files\Ask.com\UpdateTask.exe
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
A28B4D68DEBAA244EB686953B7074FEF
C?\Program Files\Ask.com\UpdateTask.exe
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
A28B4D68DEBAA244EB686953B7074FEF
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\chrome\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\FIND_MOZ_EXT\[email protected]\chrome\content\about.xul
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
A28B4D68DEBAA244EB686953B7074FEF
C?\FIND_MOZ_EXT\[email protected]\chrome\content\about.xul
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\ask_16x16.png
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
A28B4D68DEBAA244EB686953B7074FEF
C?\FIND_MOZ_EXT\[email protected]\chrome\skin\ask_16x16.png
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\chrome\temp\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
A28B4D68DEBAA244EB686953B7074FEF
C:\FIND_MOZ_EXT\[email protected]\defaults\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\defaults.js
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
A28B4D68DEBAA244EB686953B7074FEF
C?\FIND_MOZ_EXT\[email protected]\defaults\preferences\defaults.js
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
C:\FIND_MOZ_EXT\[email protected]\searchplugins\askcom.xml
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
A28B4D68DEBAA244EB686953B7074FEF
C?\FIND_MOZ_EXT\[email protected]\searchplugins\askcom.xml
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Ask.com\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\defaults\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\chrome\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\chrome\temp\
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\chrome\content\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\FIND_MOZ_EXT\[email protected]\searchplugins\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
AppPath
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
AppName
SaUpdate.exe
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Policy
3
2460
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\AppDataLow\AskToolbarInfo
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
AppName
SaUpdate.exe
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
AppPath
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Policy
3
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
RegOwner
admin
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
RegCompany
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
ProductID
none
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
LocalPackage
C:\Windows\Installer\1b92db.msi
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
AuthorizedCDFPrefix
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Comments
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Contact
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
DisplayVersion
1.5.0.0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
HelpLink
http://about.ask.com/en/docs/about/index.shtml
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
HelpTelephone
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
InstallDate
20190314
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
InstallLocation
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
InstallSource
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
ModifyPath
MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
NoRepair
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Publisher
Ask.com
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Readme
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Size
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
EstimatedSize
2083
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
UninstallString
MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
URLInfoAbout
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
URLUpdateInfo
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
VersionMajor
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
VersionMinor
5
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
WindowsInstaller
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Version
17104896
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
Language
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
AuthorizedCDFPrefix
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Comments
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Contact
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
DisplayVersion
1.5.0.0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HelpLink
http://about.ask.com/en/docs/about/index.shtml
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HelpTelephone
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
InstallDate
20190314
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
InstallLocation
C:\Program Files\Ask.com\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
InstallSource
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ModifyPath
MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
NoRepair
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Publisher
Ask.com
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Readme
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Size
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
EstimatedSize
2083
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
UninstallString
MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
URLInfoAbout
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
URLUpdateInfo
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
VersionMajor
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
VersionMinor
5
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
WindowsInstaller
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Version
17104896
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Language
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
A28B4D68DEBAA244EB686953B7074FEF
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\InstallProperties
DisplayName
Ask Toolbar
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
DisplayName
Ask Toolbar
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
SuperToolbarFF
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\Features
SuperToolbarFF
Xh5g][email protected]?9R3P~I[bg['^[email protected]?wg'bpBTi'0WwVUYqs9t?]m-9XOp26q([email protected]~_U?Kqs&JoM1~jUyp80+]RLM~dF3XTeCNn^$gKer4J?E_nwgrcb.}G])enpiaUTn*tlmqy]G6e'RX{qo[.fxS48WKU)qfBvM6dB26^zQtf.BaB1DtnWh(U=&^VCWy{w`jnO&UYIp}V$Q,ap?4)c'a
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
SuperToolbarIE
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\Features
SuperToolbarIE
Fo)[email protected]=Dto?nq{3)QgjQgWk_f,ANj2C24Q_OpFqjl81OWF=[email protected]^0a0!iO]&+X?Ce*11GbnsSMHom+3AR]=f_6WO}cKM(od9TzDLpY=${G3ZEGw]T
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\Patches
AllPatches
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
ProductName
Ask Toolbar
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
PackageCode
9B84C6E789F9F85488B07BEDCC41861F
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Language
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Version
17104896
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Transforms
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Assignment
1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
AdvertiseFlags
388
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
ProductIcon
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
InstanceType
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
AuthorizedLUAApp
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
DeploymentFlags
2
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
A28B4D68DEBAA244EB686953B7074FEF
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList
PackageName
Ask Toolbar.msi
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList\Net
1
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList\Media
DiskPrompt
[1]
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList\Media
1
DISK1;1
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clients
:
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF\SourceList
LastUsedSource
n;1;C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
C:\Windows\Installer\1b92d7.mst
0
2460
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
96
2460
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
2460
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F
2460
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2460
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2460
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
2460
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2460
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\AskBarDis\bar
FFHPRSwitch
0
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
tb
PF
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
cbid
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
dtid
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
guid
C6D739A9-E1B2-4B2D-A295-B75AA855FBCB
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
saguid
5042FB85-10DB-41F9-A4D7-E65660AF3905
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
version
5.5.0.145
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
revision
1
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
o
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
build
6530
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
l
dis
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
sa
YES
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
InstallDir
C:\Program Files\Ask.com\
3476
MsiExec.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Macro
themeid
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
EnableFileTracing
0
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
EnableConsoleTracing
0
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
FileTracingMask
4294901760
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
ConsoleTracingMask
4294901760
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
MaxFileSize
1048576
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASAPI32
FileDirectory
%windir%\tracing
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
EnableFileTracing
0
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
EnableConsoleTracing
0
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
FileTracingMask
4294901760
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
ConsoleTracingMask
4294901760
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
MaxFileSize
1048576
2748
askHomePage.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\askHomePage_RASMANCS
FileDirectory
%windir%\tracing
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006B000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page
http://www.search.ask.com/?l=dis&o=15183
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\AskHomepage
HomePage
http://www.search.ask.com/?l=dis&o=15183
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\AskHomepage
Status
0
2748
askHomePage.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\AskBarDis\bar
HPOParam
15183
2328
MSI97CA.tmp
write
HKEY_CURRENT_USER\Software\Ask.com
RegPath
Software\AppDataLow\Software\AskToolbar\Macro
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
GenericAskToolbar
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
AppID
{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Ask Toolbar
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\CLSID
{D4027C7F-154A-4066-A1AD-4243D8127440}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
ToolbarWnd Class
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\CLSID
{D4027C7F-154A-4066-A1AD-4243D8127440}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\CurVer
GenericAskToolbar.ToolbarWnd.1
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Ask Toolbar
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ProgID
GenericAskToolbar.ToolbarWnd.1
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\VersionIndependentProgID
GenericAskToolbar.ToolbarWnd
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32
C:\Program Files\Ask.com\GenericAskToolbar.dll
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InprocServer32
ThreadingModel
Apartment
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\TypeLib
{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{D4027C7F-154A-4066-A1AD-4243D8127440}
00
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Ask Toolbar BHO
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
NoExplorer
1
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\1.0
GenericAskToolbar 1.0 Type Library
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\1.0\FLAGS
0
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\1.0\0\win32
C:\Program Files\Ask.com\GenericAskToolbar.dll
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\1.0\HELPDIR
C:\Program Files\Ask.com
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
IAskToolbar
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\TypeLib
{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}\TypeLib
Version
1.0
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
IAskButton
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}\TypeLib
{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}\TypeLib
Version
1.0
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
IAskMenu
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}\TypeLib
{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
3000
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}\TypeLib
Version
1.0
3000
MsiExec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
AskTB5.5
3000
MsiExec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\AppDataLow\Software\AskToolbar\Prefs
FreshInstall
1
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
EnableFileTracing
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
EnableConsoleTracing
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
FileTracingMask
4294901760
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
ConsoleTracingMask
4294901760
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
MaxFileSize
1048576
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
FileDirectory
%windir%\tracing
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
EnableFileTracing
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
EnableConsoleTracing
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
FileTracingMask
4294901760
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
ConsoleTracingMask
4294901760
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
MaxFileSize
1048576
4052
AskPartnerCobrandingTool.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
FileDirectory
%windir%\tracing
4052
AskPartnerCobrandingTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
4052
AskPartnerCobrandingTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4052
AskPartnerCobrandingTool.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Update
UpdatePath
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\AppDataLow\Software\AskToolbar\Update
ResetSAFail
0
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
DisplayName
Ask Search
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
URL
http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
FaviconPath
C:\Program Files\Ask.com\favicon.ico
3656
TaskScheduler.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Files activity

Executable files
25
Suspicious files
3
Text files
141
Unknown types
9

Dropped files

PID
Process
Filename
Type
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\AskInstallChecker-1.1.0.0.exe
executable
MD5: 4d309406b3db9a2ba90bd7dc81a6be12
SHA256: 14472bce8e87b2c59747b40b36c580527a302bd72ace39478dc68e4fdd21ff6e
2460
msiexec.exe
C:\Windows\Installer\1b92d6.msi
executable
MD5: 2c4389293c098ab4f5419a19566a09b0
SHA256: 8f59e5f0276392d40f7d93abe97e9d6a2ecd5de1175752d1ae81c9d309ee38ae
2460
msiexec.exe
C:\Program Files\Ask.com\GenericAskToolbar.dll
executable
MD5: 0ddaa75e84b5af3a4a16b12576f4173a
SHA256: b355fdfa82cf2a3083f342570d0a22eb20e9270813fd8e0f44d07c02d59f54c4
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\Ask Toolbar.msi
executable
MD5: 2c4389293c098ab4f5419a19566a09b0
SHA256: 8f59e5f0276392d40f7d93abe97e9d6a2ecd5de1175752d1ae81c9d309ee38ae
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
executable
MD5: 88e3225d42eb43d99a519080e039fee4
SHA256: eeae4c4dcea166f8a1b5d93ec2eda0a766467dd62fb95f62dcb622af5ce38608
2796
askToolbarInstaller-1.5.0.0.exe
C:\Users\admin\AppData\Local\Temp\NEW8EFE.tmp.exe
executable
MD5: cd1383a52acc54a168eaf1fb1abd57f4
SHA256: 5dcd685040a2e40e1e73a7d9ecea766c3e1a61a0de686ca5efb37040bf062104
2460
msiexec.exe
C:\Program Files\Ask.com\UpdateTask.exe
executable
MD5: 4b0c042ed1a81301895379bbe9676e83
SHA256: 30b05a92626c8ade66d6c4f68cc9e4063c8225c913c3e4c71f297bae1cbca4d9
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\InetLoad.dll
executable
MD5: 994669c5737b25c26642c94180e92fa2
SHA256: bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c
2460
msiexec.exe
C:\Program Files\Ask.com\SaUpdate.exe
executable
MD5: 35a01c607c00d4a8810223f5086c1012
SHA256: b3c05c95c9129a23a9b655bdee1ca88a67601cd77822fb31250572a8ff68c05f
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\nsDialogs.dll
executable
MD5: ab73c0c2a23f913eabdc4cb24b75cbad
SHA256: 3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askHomePage.exe
executable
MD5: d2bc666465ad4ac50877da99995ee4b3
SHA256: e00ab7a28000affcd04e2f839d36f6703f3a2ccf5120ef327d191d90e43095c4
2460
msiexec.exe
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
executable
MD5: 0d9d506f225588c1ee1263f24ba1c178
SHA256: 60e53bac4098fa5f522d24f736825e4eacd8e654e2f17e9d892cd5b7b3199eb1
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\askpopup.exe
executable
MD5: 5f9f8a75a4817fbc2b734fd65b7f2e87
SHA256: 64bc8a7fdcd40d7d25132aa9d1a7b09b158de5723662b7cdef222ff5431e50f3
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\System.dll
executable
MD5: 00a0194c20ee912257df53bfe258ee4a
SHA256: dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\JSXPCOMInstaller.exe
executable
MD5: 0687bfcea590fc9a57cb7f3f1863e9d2
SHA256: 72414d89392bbc7284e22d6a6c5698d208ea82e97fd0a4ae1e49e06b92857a1e
2460
msiexec.exe
C:\Windows\Installer\MSI9DAB.tmp
executable
MD5: 03c0e661e724c8c2ea958ea6c8399b4b
SHA256: 655e34000815dac7c76a7d31a0d60a9e0b7bcf4952fddc0fb3242aaeb9cc30dd
4080
PFPortChecker.exe
C:\Program Files\PFPortChecker\uninst.exe
executable
MD5: 05e62ef04d3537380f843f28b53c8f5f
SHA256: b029e45954fd9f87eee333f674fee3c8c8a39b3d1d16a35d3448d41fff9fae3d
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\askToolbarInstaller-1.5.0.0.exe
executable
MD5: 9488743df8daa273402684b4262eb512
SHA256: 83ce931ea3222765beef6dee6299481d2cb7e72ad8bcaca28a550273e4673558
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\Processor64Bit.exe
executable
MD5: 45ec3e3c39ba12a9f5a594cde67d43a8
SHA256: 6daab7d61eeca9318ddf2c67b56cbfeff85acad963cfe5dab286dff6049bd6b2
2460
msiexec.exe
C:\Windows\Installer\1b92db.msi
executable
MD5: 2c4389293c098ab4f5419a19566a09b0
SHA256: 8f59e5f0276392d40f7d93abe97e9d6a2ecd5de1175752d1ae81c9d309ee38ae
2460
msiexec.exe
C:\Windows\Installer\MSI97CA.tmp
executable
MD5: 19ac0a4f9745670b33b6c163bc0801c9
SHA256: 19f5f583a50757978c62553b0b0f9cf3648fc406aaec62b8e591695b772e6266
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
executable
MD5: cd9f8488bbb7fdda1ec48e50fbf00b35
SHA256: 1040ca97b4f242d7f5d799454df6623062aa271eca964601e6b8ec7e32fdce85
4080
PFPortChecker.exe
C:\Program Files\PFPortChecker\PFPortChecker.exe
executable
MD5: 53149b2c8ba9528a629e61e82890166f
SHA256: 2c9603ffa1ad5cb3a84d4afb6875d80153146ac3d9b7232f94597539763e6f5f
4080
PFPortChecker.exe
C:\Windows\system32\MSWINSCK.OCX
executable
MD5: e8a2190a9e8ee5e5d2e0b599bbf9dda6
SHA256: 80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311
2460
msiexec.exe
C:\Program Files\Ask.com\TaskScheduler.exe
executable
MD5: f714f004bdbf35ad26d0cfc4f7ec086b
SHA256: 2ccae2a0ddd55c1e28a3b9fe05d6fc5c6871ac56b624791399fc56deb834223e
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\chevron.png
image
MD5: 3f94dbb677f17b967c6bc4e06e1c0840
SHA256: e4e500daef50ddb912a16f353272c83cc16f07fb183f68d1347fc2c8b89d7e92
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\searchplugins\askcom.xml
text
MD5: e529039bcef8b8664b626a8a557ab325
SHA256: a649197bcc98f4560230ce42acf3c2e454e9a61a17529c0d7d47f9c805f1bb7d
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\defaults.js
text
MD5: 675dd502eefa330ec7787a2ab808f0ee
SHA256: 991ea60933cb7ea201265ab1ecc10abffbdef5118989f9b5aecd5b31cc6c42e0
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\defaults.js.bak
text
MD5: 675dd502eefa330ec7787a2ab808f0ee
SHA256: 991ea60933cb7ea201265ab1ecc10abffbdef5118989f9b5aecd5b31cc6c42e0
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\zoomall.png
image
MD5: 5e916d5491b585a96854a3373b47e9d8
SHA256: 7458e059641b460276df26f17a2e93b2973e969be01c75459ab0db8e6ccded3b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\web.png
image
MD5: 501d0f4a8a7e54bcf4ffd266508e3456
SHA256: 43c45823f6bc6dd2d05bd902bca1bef2b3f95c1b99f1b90271d47fcb822ff8ad
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\toolbar.xul
xml
MD5: cb6f46a255bd1434e3f966aa6075a446
SHA256: 160e7ddbcba667199ceb8e9eab96c1e0423207f1455f0bd7ea52c44da78480a4
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\weather.png
image
MD5: 9fb65241ec6e15284f37fa966f1cf50a
SHA256: 42e91fb727d234d8b6a5ff1544ec0cc22226cbd2c81e8aab8fdb96c727291e9e
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\toolbar.css
text
MD5: f48a02566330120d73683fbb87ba1c7e
SHA256: 18660e2433d3bc44f673492015d9054a19e09eca8ae74fc1bc007c3730d47590
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\stocks.png
image
MD5: 641e6d51a86a507d46579a5043d85b18
SHA256: 1525a9d77f638490285876310ba52bea02c3933d3f1c86925c362d01a1443d62
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_pt.png
image
MD5: b87e3b444c2aa129aa4a8badffd7a983
SHA256: 015bc38c88435b169a2d1c6462ac81e4a1d648f8ab51fb461bfc182f08da5753
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\shopping.png
image
MD5: 5d4cc6e201ccde29881e71cc75fca519
SHA256: 9bfae584cdb201005e0fd71daaeeeada6957568039eb594eca09621079064a82
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ru.png
image
MD5: 63bf5759456e3a8b2bccde7d1812e862
SHA256: 96d299777bee7743a02e2015e35ce097469adb3795d87d926874b856b1fac2ec
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_pl.png
image
MD5: bd644a0b8c7b9e65c539447cb23a426f
SHA256: f4cd8614069bc7585f4f3474e66861bf08a15ed4f43c3b2a508cf8883dadc037
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_it.png
image
MD5: a8d61822ad00d53fbe51272f020386f4
SHA256: 7662ad9dda404cb80f0900eb139391841dc2f345d3b84edb4a6b180417dfcfaf
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_nl.png
image
MD5: fe92f875a6bf8238b83bf3ff24653fe1
SHA256: c0b435d63c3e82f0b74c8aea11772395f7faf571dcb2371ed6f0eea24d30b50d
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_fr.png
image
MD5: c36504b164b65d79e2a6d4d6f0e5c1b9
SHA256: 849f7b4c633df405e935ad309d7941b58a3c4923b66d7a7bafe15cbbfec8c585
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_es.png
image
MD5: d54721522b4c321bd781e2bba48971f2
SHA256: 67a0b9102766d360ce978be6d1e13ea2b6e6e15574579e8edeac1ab717f2ed9c
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_de.png
image
MD5: 3a7d3d2d3a8a97ce0b926e4965866ac3
SHA256: 0eb9127e1b3115d2f32eeb7d17f3da94a46a79883d7fd12f3bfca836476edae2
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_current_site.png
image
MD5: 294cc4143fb10e4cf1177c58b7887e88
SHA256: d01609b86937e7967ebcb8d441881c70641c89b580e3a49f92a612f83e966297
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]om\chrome\skin\search_cobrand.png
image
MD5: 7519bd7179e5f20a1553f3a555714cff
SHA256: dafcf08d8761dffa4929b368c847e488390afc6a0d0210b551181232b068357c
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_ru.png
image
MD5: 87ba997dc498a9e7d935d17cd52dbdc3
SHA256: 42c46189c75a47c9752baec87639bdfd8bb7d2e0777430d4ee79261a97186414
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_pt.png
image
MD5: 9aee5c27e51640086393ab556d03c025
SHA256: c187054bb00466b3548b4cf3a72e4ee2a8fe925c6622444a54e83ee873a1810c
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_pl.png
image
MD5: cb4282bff7b1c719175943b576128aac
SHA256: ba47607b82df72456d228a832c11117a96319f0c540a5dd50df443aa3ebf4884
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_it.png
image
MD5: 339b74a3d50d17d2d990c0a8e5ed96a1
SHA256: f9f936f9ce06576a54998ccf42a48b00e02dbebee5a875a92be2acf9121ef6af
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_nl.png
image
MD5: d6003bec7040692db77d71adb5d787b4
SHA256: 60e04f4b4a9c67ebe96d3bd08c95dd11b6ecd7c48414f468009422da20d507d3
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_es.png
image
MD5: 71fda6bad60983cd7ded28bb2b4c6dc4
SHA256: 1234bc07f818c3fd21904f6dba5601883029fc230c25a7d3ee0dd86262dc27a8
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_fr.png
image
MD5: 5c50d980683b261173d0fbc7babb2a7e
SHA256: 517167f55e154d5989471bbd5151c48290ef67f535b1d28ce8d7fe5e33da31f7
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask_de.png
image
MD5: a1c0b78027c0e9553a2350602f31b9e0
SHA256: 9f6bef08d3939565e0226f65dc00ba24fafc2eb3c7a686d15bcabe7156a6d912
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search_ask.png
image
MD5: 7519bd7179e5f20a1553f3a555714cff
SHA256: dafcf08d8761dffa4929b368c847e488390afc6a0d0210b551181232b068357c
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\search.png
image
MD5: ab0d9dd0aa1af18805e0856d3b367ef8
SHA256: d896c9bf0ef3340f4e78a13e9d31b47286b2bcca155cf48d78bf4d4a48d5aa6f
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\preferences.png
image
MD5: f9b51777aff7de4164befe02bc128ed7
SHA256: 68f31eeabadd9685ebbc3f980b7afd0acd1b9c9c73cf099c0339da113c9807ed
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\news.png
image
MD5: e7d85bb07f98b3c443adb400392997f3
SHA256: 095c07bb57abd8e13cc4b590f865bc91cb3f78736313ba98c8670c14ab2d24bc
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\maps.png
image
MD5: 1a1b49ea870c650f770bb777ceea6333
SHA256: 048b75e003ef9ada816fea93c9f80551f5ea8e433c6116c6697621fa2e2b067e
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-US.properties
text
MD5: 3c44f5d9c03a93ad4d2d1385212acde7
SHA256: 34e4a0fbd3760a902ed3ad12c4015365465f47d898005a693d94a466e4c17ebb
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-UK.properties
text
MD5: 67e229ff1fc1f5cbb604a3ea21dd1403
SHA256: 5cba1ea581183c7c116f4833dd50114927e29b6a7be256e6d565e8abfcedf8b9
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-FR.properties
text
MD5: 8d8a09cb56861159b9d8586d4718c858
SHA256: 80f2409464d1d7c6ebc8949e138fc4b42960aceff3b70d47a691efb90a3579f2
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-IT.properties
text
MD5: 9e6f4eb9f47d6671afd193a916d0bbcd
SHA256: eb01abafcb81f6794f9f15c40330923ef27a7633a2f48f0fc6d0a6c089732adc
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-EU.properties
text
MD5: f3639d5b7119097e68f2a2b64a2e212f
SHA256: bbec68f9e3937d7212115d4b2de12c6e297bfd405e7c31c2291de62837cf5be1
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-DE.properties
text
MD5: 5307ad9bde93f24a7a3a97218b4cbcfb
SHA256: 212026bc1280ddb5e1c422192f3c56dfa6adef4c42b1b8ecac96d31e4a98ca67
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-ES.properties
text
MD5: f816ef345c46ea0fbda4ffe67a3f5461
SHA256: 9a601a5896c2f1e6bb1b2bef70ac4c4b462842b59915f501cfdcf7c444096e23
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-pt.properties
text
MD5: 5cfbf5683e842deee05cf73e0d097056
SHA256: a348fcc11feee6676d514c0c664aab4688abceb71929edb243bc7650712eadec
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\links-BR.properties
text
MD5: b51bceb230bae67737c9325dd19139a0
SHA256: 4b6c39b9ad4fc5975a2cfe3667c878ff87eec6f5bf952fc728a8fc1977bced9a
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-es.properties
text
MD5: c5b6ec7e31bc867fe8738f5a61a47b4d
SHA256: d69c4901da8ee32082491485d2ba8db615f64e36f68bbdf80ac0e68f6a65cf9f
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-de.properties
text
MD5: c54ca595457f9d5c20c2027b2dcaa31b
SHA256: e58e75f93995856a08af91008c83b5b0fb6c152c60c005155509a7c788b26f33
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-it.properties
text
MD5: fdff4f495fd8a16486c26b3f644df6ec
SHA256: 95afd34b78e5e7e9581d6a3628342cf4b0f67de79d95605dfccb7334d5e047cc
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-fr.properties
text
MD5: 78269e1b182186e2870037110764cd5e
SHA256: dc12372d8355bf703d3cf94d0a5cc06f13859541cbc11ba325437afa113c9a72
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\labels-en.properties
text
MD5: 81a8713039fdc95dba967dba3fd38023
SHA256: 02841fd088ea78d0f7667308bfa99c31a32f508b1eb0e35e0c2780a74150d09f
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\highlighter_off.png
image
MD5: ddc836611671a70d5de419c6dee43700
SHA256: 2a5f8f8d84b73b67bd87d36f88a9e86981a694318f06f9f1da74df32fdd70f3b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\highlighter_on.png
image
MD5: 7370fe7fbfb21ca00f2db7f6d5d21f25
SHA256: 6fda5bbad54e0f239a84c418ef34bb51cd0592526ea5149df2466086ed51cf28
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\gripper.png
image
MD5: efd1d4087e16178db7f39f06606474e6
SHA256: 8ea1fb8f9e631f41e0ea07f99b9c0b3e8f2c8e42304b474d6b805217c5b2f4ff
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\images.png
image
MD5: a05ce383091d263de403e221934d4e5a
SHA256: c584a95a22d187788ed4d71a2b5378550693d953cd50a8d26f7c4b36c5c5500b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\ask_browser_ff_chrome.png
image
MD5: 336a0b6a8095f6f4e1d93a0f526e3aad
SHA256: 6f3116264f3ab30fb31d8e0311120cc83163596eb1859745b0ae05e152968b0c
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\ask_toolbar.bmp
image
MD5: b2a9df71aa0fdc3c7404460b1c2e1b34
SHA256: b3860c1937ad36683016907b6228d7a98b158a35a937c02b5ac035ea6036d12b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\ask_32x32.png
image
MD5: 41771bfb1f0981cfc5ebeedc2745ab97
SHA256: 030c6347d332c001f425321c381d012f382fd1b5fe4cab641a454520f9d72fe3
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\blogs.png
image
MD5: 49c084a18b28ca443ac259c8696aa626
SHA256: ce181442e68d1d1fed0b37ba2421ad20acefcc4440ec026c47d1d806cb8c655d
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\dictionary.png
image
MD5: f00055686a79282f88319f587613398f
SHA256: 0d726dca1073306d0f9034fc35d2c2349566fd769604abdebb2d3bbfaacf4ce8
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\asklogo.png
image
MD5: 55cce5cad0a8764c15ebbd518f3adb81
SHA256: 857c7fac37c2439dca0af234ab37b6e1e8be021f23ae0fadcb58d15f52d3ab9e
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\content\toolbar.js
text
MD5: de8aa39d6815a1b4aafe527dd42a67cb
SHA256: fddf06aceb064ae7810577ea05e28ab5c13cdcc0f628c6cbe6241dfecbef7a0b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\skin\ask_16x16.png
image
MD5: 9dac0e89c89a1b6d0dafd9eade53a35c
SHA256: e218a2a0890fa62ea9e3518f75f406f6bc68e6e5d9ae9bf7478bb1d4da6a1c07
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\content\options.xul
xml
MD5: 8cf4c7d9d0d123601af4ca6f6b2246f7
SHA256: 293995efd05dc43adc3a4561431c8fa78fb71cff4f7be9787331cb01f13a5502
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\install.rdf
xml
MD5: d69a5eab9fedac4b572c0af7661959b3
SHA256: b0033d21910e6ded4d84537b49c84ac99467ef8cb5a0950654efb1a81e43a8de
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\content\options.js
text
MD5: 60e7262fbadc32d4988f8b0c93d86661
SHA256: 48b5a771fa5d7ef091fbaabf9f1ea8bdd2df85925a8cffa94914cb7092ce187a
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\content\json.js
text
MD5: c60718e37c2d6bbf19db33339a0080be
SHA256: 21b90ecc011c459f7a977b9a3b6539998d667ad729e5b77d40b42d2dad897cbb
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome\content\about.xul
xml
MD5: 349bb9a14da8ab9166b908992ec15e50
SHA256: 4ae84c7b96a3c87a6788890f54250e1eefb0ab328af9fb304b87bfb349fe3d1b
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\defaults.js.bak
text
MD5: 675dd502eefa330ec7787a2ab808f0ee
SHA256: 991ea60933cb7ea201265ab1ecc10abffbdef5118989f9b5aecd5b31cc6c42e0
2460
msiexec.exe
C:\FIND_MOZ_EXT\[email protected]\chrome.manifest
text
MD5: 5244774bc9976d509f2ee42bc5ff2e7f
SHA256: afce2ce2ed09e7c6724a41333aba8200e88c4d5137b41e33707065f531d66035
3000
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\~994E.tmp
text
MD5: 498b42a43e5c9cf6f0e97c0c39591ad2
SHA256: d07858258560958274cd8e18d61bc1569014a57d70814061cce62626c0b102a3
2460
msiexec.exe
C:\Windows\Installer\MSI9A7D.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Windows\Installer\MSI9932.tmp
binary
MD5: 01219e1bd7e40235397f4f59edbe0bc4
SHA256: 9d23723de2277d6150078305c0380125ed262ab6af6bdb263471cf96260266a9
4052
AskPartnerCobrandingTool.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\getTbProperties[1].jsp
text
MD5: 92a19e15a42f0da43396c4e624a1f5f3
SHA256: d94eade22ee60ff556fa2011e6c0e8c98126aee97d55827b22f1887d49564ec7
4080
PFPortChecker.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com\PFPortChecker\Uninstall.lnk
lnk
MD5: ad7c47f62e835f9e063f21e463af7182
SHA256: 8519da548793e37f70d2248f12628718d7de10e4f9b78c4cf0f3c8ba2757ad0c
2748
askHomePage.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\homepage[1].txt
text
MD5: fecad5e0fc52e7517cc37758986f1936
SHA256: b8969cd968d973d1386731cd97abecf2b6337d49518e56792517bf37e3778b63
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\~994E.tmp
text
MD5: f35d75f802eab1b54f28d6195e59566c
SHA256: 1c9cba8d24781580531f77bf2116e1701b2b11b3e5e78be32f522520e84e0f01
4080
PFPortChecker.exe
C:\Users\admin\Desktop\PFPortChecker.lnk
lnk
MD5: 172d2f1e403544f04162326362136cf4
SHA256: 682f0812f29790948175e50bd4eafd1668ede50775516e6910c6b4d5284896b4
4052
AskPartnerCobrandingTool.exe
C:\Users\admin\AppData\Local\Temp\AskSearch\partnercobranding.dat
text
MD5: 92a19e15a42f0da43396c4e624a1f5f3
SHA256: d94eade22ee60ff556fa2011e6c0e8c98126aee97d55827b22f1887d49564ec7
4080
PFPortChecker.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com\PFPortChecker\PFPortChecker.lnk
lnk
MD5: abbd2c2bad15f17435902ac2864efe69
SHA256: 050f5a3948b620d5cfab2f36ae0b19beebadc4c6fc9866bd39e8755ddb560e22
2460
msiexec.exe
C:\Windows\Installer\MSI9952.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Windows\Installer\1b92d9.ipi
binary
MD5: 4130c2707bf6f72cdd4344c8a0b88f7b
SHA256: f278e302e3dee6ee291d2fc30b042fee1abbf0b6b6d6ef461776cab98422016b
2460
msiexec.exe
C:\Windows\Installer\1b92d9.ipi
binary
MD5: 4aadd0c3cfb4b2291a675a973eade3b7
SHA256: b5ebc6f3b3b05565096ee10f8a18e8967cd1819ba9bd47572b32f6b22c0f11ea
2460
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF404C10198B94A880.TMP
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF7FDD2E50EF78B431.TMP
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Windows\Installer\MSI976B.tmp
––
MD5:  ––
SHA256:  ––
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\Del_AskHPRFF.VBS
text
MD5: eaf59623ec486b9bf1cb58db65774f81
SHA256: 8a81386b835e1c8c38a64b07ca3b97d3975846adc9deff6887cbedcfa0b72815
2460
msiexec.exe
C:\Config.Msi\1b92da.rbs
––
MD5:  ––
SHA256:  ––
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE409.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST
mst
MD5: 8d263008f0c142b971cd93b111345385
SHA256: c00d5df82c49326913971d5b499a87664617ca3af65ae06882818802a3ab2264
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskHPRFF.js
text
MD5: a883d837e197cbd0c48ddcf02aded3d9
SHA256: 646fb112a9c50115cdef44d04514e443e35eb459333d13515e7b0a0ad25e137d
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\_ISMSIDEL.INI
text
MD5: 3fdd2635aa94921522af8186f3c3d736
SHA256: 17ad78845c9c6a8e97a5bd14be56700a51ee85867c979ed6cf538e1fed82cf7c
596
MSIEXEC.EXE
C:\Users\admin\AppData\Local\Temp\ASKSUTBLOG
txt
MD5: 161a2df964d162227a9f6992e8cfac68
SHA256: 26b370313ee5eff7badf0b25e45614fd5be79eb87a1de84ac6b6edb62fb64220
2460
msiexec.exe
C:\Windows\Installer\MSIA510.tmp
––
MD5:  ––
SHA256:  ––
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\Del_AskHPRFF.VBS
text
MD5: eaf59623ec486b9bf1cb58db65774f81
SHA256: 8a81386b835e1c8c38a64b07ca3b97d3975846adc9deff6887cbedcfa0b72815
3476
MsiExec.exe
C:\Users\admin\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskFFSuccess.js
text
MD5: 7fe3c8d5657446d72f80603dc203c5ea
SHA256: d94c58b327033b8427883f873df6a6bc0c17b891c324d69d85e7a41a06d9ea49
2460
msiexec.exe
C:\Windows\Installer\MSI940F.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Windows\Installer\1b92d7.mst
mst
MD5: 8d263008f0c142b971cd93b111345385
SHA256: c00d5df82c49326913971d5b499a87664617ca3af65ae06882818802a3ab2264
2460
msiexec.exe
C:\Windows\Installer\MSIA500.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Program Files\Ask.com\config.xml
xml
MD5: a0a9e004a4454d269d64bc0f4763a57d
SHA256: 563dff00f98c9113caac15c382ae75788cdb41c071a7edf6d722c6e1bc98fe42
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is910E.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\_ISMSIDEL.INI
text
MD5: 45f49da31bbd728a18f8aae48922c6f2
SHA256: a24ca47dfee6f5f319fcde757b57189022844fae8997bc08f7ad7e9f723be8d9
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\1033.MST
mst
MD5: 8d263008f0c142b971cd93b111345385
SHA256: c00d5df82c49326913971d5b499a87664617ca3af65ae06882818802a3ab2264
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90FE.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90ED.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\~90EC.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0410.ini
text
MD5: dd24daf27dd27fcce16aade6ee63150b
SHA256: efff3c99d4cfc417a7e23bd0a5929a915bd8fe5fa1059ed35cd07768d6c01a20
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0816.ini
text
MD5: 6aed0723125764e07ba9bc5b48602a26
SHA256: b8bfd1df578178d003fe0c7fa5c37ba6e6eeb8d847fdfc38693563b3d3de6f4b
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0413.ini
text
MD5: a402363d1e80b60c1bcd3befe231479f
SHA256: 1969ba433f75004936812670c803e10ae66b9516a90d9e6e07feb6d3e9e442c4
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0419.ini
text
MD5: 8b49bb6e98ba6dd0de6e2040811ace48
SHA256: 771c64d7148151a727b66b4e9188ae2dae98191a84d505540509ca8de05cf5a3
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0415.ini
text
MD5: 07439f12da8a48f03f1d75e419a610ae
SHA256: 84a0137e5c905480623f5f674b4bb1fa6ae284f6327e5e619676447849566767
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90C9.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90CC.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90CB.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90CA.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90B8.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x040c.ini
text
MD5: 9a7bbba91779895f36f8a3885e53fc10
SHA256: b0d0743fcfefe8d8817468930e7f766368c4384bc16f6d4fbb553f9a592d9320
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0407.ini
text
MD5: c1bc8901d85ae3144e55aea25ca1c175
SHA256: d1e6bdf5e4970422e6af2929e6fc0091e94ee7de0c2656ef53a2dee1eca8051d
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x0409.ini
text
MD5: 758747727e96a23c7c5a5bbb011656e4
SHA256: bad3b2e854149df9413f06e6c1c7b7c875545393877f59b59907f6b083ce5825
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\0x040a.ini
text
MD5: 904e608fac7fe03715ff59fc86f4500d
SHA256: 6d2bb08b04f4e14e7cae934fbda846760a8da20090a86a411eeb1e0faa634f3c
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90B7.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90B6.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90B5.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90A5.tmp
––
MD5:  ––
SHA256:  ––
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\{2B666535-06D6-4BCA-A9FC-4195BB54EB3C}\Setup.INI
text
MD5: fd1b33ec6f11a9a21f6b9838f6ada76c
SHA256: 661af88825298d8a7a9c02fac5e420aed9480f2b77f16f820397dd7cf1b3457e
2248
NEW8EFE.tmp.exe
C:\Users\admin\AppData\Local\Temp\_is90A4.tmp
––
MD5:  ––
SHA256:  ––
2460
msiexec.exe
C:\Program Files\Ask.com\mupcfg.xml
xml
MD5: 92f0834721f6f3d45e0801199103ca1c
SHA256: fa8984d05edf6a64f075560463dd272f20f72a403b076994a59f3b885a5e24ef
3476
MsiExec.exe
C:\FIND_MOZ_EXT\[email protected]\install.rdf
xml
MD5: 6d3e19bfdd53281fdd6eccf453f047d4
SHA256: 9ed56f6afeb82f3816b2f39d6a78cd18fa7a50fbeb844ef5b60881d040cb25be
2460
msiexec.exe
C:\Program Files\Ask.com\cobrand.ico
image
MD5: 3a2621535e6a482b2783aa692b103d04
SHA256: a56591428a32326de0118ee620c450c4c12d5780e653a0a48148f1d7b713bac0
4080
PFPortChecker.exe
C:\Users\admin\AppData\Local\Temp\nsgE40A.tmp\modern-wizard.bmp
image
MD5: cbe40fd2b1ec96daedc65da172d90022
SHA256: 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
3476
MsiExec.exe
C:\searchplugins\askcom.xml
text
MD5: e529039bcef8b8664b626a8a557ab325
SHA256: a649197bcc98f4560230ce42acf3c2e454e9a61a17529c0d7d47f9c805f1bb7d
2460
msiexec.exe
C:\Program Files\Ask.com\favicon.ico
image
MD5: 3a2621535e6a482b2783aa692b103d04
SHA256: a56591428a32326de0118ee620c450c4c12d5780e653a0a48148f1d7b713bac0
3476
MsiExec.exe
C:\FIND_MOZ_EXT\[email protected]\defaults\preferences\defaults.js
text
MD5: 3bc7a083c7426e710c4e9403292a571d
SHA256: 88f2c4e17d98a1e3b1a644f1fcd7f7ec613a5479461971647c565405e996e64a
2460
msiexec.exe
C:\Users\admin\AppData\Local\Temp\ASKSUTBLOG
txt
MD5: 161a2df964d162227a9f6992e8cfac68
SHA256: 26b370313ee5eff7badf0b25e45614fd5be79eb87a1de84ac6b6edb62fb64220

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
3
TCP/UDP connections
4
DNS requests
4
Threats
2

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2444 AskInstallChecker-1.1.0.0.exe GET –– 199.36.100.107:80 http://toolbar.ask.com/askbardis/util/askInstallChecker.jsp?p=PF&o=&ai=51386 US
––
––
suspicious
2748 askHomePage.exe GET 200 199.36.102.106:80 http://supertoolbar.ask.com/homepage?tb=PF US
text
suspicious
4052 AskPartnerCobrandingTool.exe GET 200 199.36.102.106:80 http://supertoolbar.ask.com/interim/askbardis/getTbProperties.jsp?tbr=PF US
text
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2444 AskInstallChecker-1.1.0.0.exe 199.36.100.107:80 Mindspark Interactive Network, Inc. US suspicious
4080 PFPortChecker.exe 65.112.29.35:443 Computer Country US unknown
2748 askHomePage.exe 199.36.102.106:80 Mindspark Interactive Network, Inc. US suspicious
4052 AskPartnerCobrandingTool.exe 199.36.102.106:80 Mindspark Interactive Network, Inc. US suspicious

DNS requests

Domain IP Reputation
toolbar.ask.com 199.36.100.107
suspicious
secure.portforward.com 65.112.29.35
unknown
supertoolbar.ask.com 199.36.102.106
suspicious
wzpo1.ask.com No response unknown

Threats

PID Process Class Message
2444 AskInstallChecker-1.1.0.0.exe Potential Corporate Privacy Violation ET POLICY Suspicious User Agent (AskInstallChecker)
4052 AskPartnerCobrandingTool.exe A Network Trojan was detected ET USER_AGENTS Suspicious User-Agent String (AskPartnerCobranding)

Debug output strings

Process Message
TaskScheduler.exe success!
TaskScheduler.exe success!