| File name: | WinlockerVB6Blacksod.exe |
| Full analysis: | https://app.any.run/tasks/f401c2a8-8212-46c7-9ba6-27e6e31422a3 |
| Verdict: | Malicious activity |
| Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
| Analysis date: | May 16, 2025, 16:36:30 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections |
| MD5: | DBFBF254CFB84D991AC3860105D66FC6 |
| SHA1: | 893110D8C8451565CAA591DDFCCF92869F96C242 |
| SHA256: | 68B0E1932F3B4439865BE848C2D592D5174DBDBAAB8F66104A0E5B28C928EE0C |
| SSDEEP: | 49152:6kAG2QGTC5xvMdgpdb1KRHGepUu2cGbqPs9+q2HRPTnFVSLE:6kAjQGTCnvMmpYQqPNRPTnF4Y |
MALICIOUS
Changes the login/logoff helper path in the registry
- msiexec.exe (PID: 7356)
Creates a new scheduled task via Registry
- msiexec.exe (PID: 7896)
ADWARE has been detected (SURICATA)
- msiexec.exe (PID: 7700)
SUSPICIOUS
ADVANCEDINSTALLER mutex has been found
- WinlockerVB6Blacksod.exe (PID: 7296)
Reads the Windows owner or organization settings
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7356)
Reads security settings of Internet Explorer
- msiexec.exe (PID: 7700)
- fatalerror.exe (PID: 4812)
Executable content was dropped or overwritten
- WinlockerVB6Blacksod.exe (PID: 7296)
Process drops legitimate windows executable
- WinlockerVB6Blacksod.exe (PID: 7296)
The process executes via Task Scheduler
- fatalerror.exe (PID: 4812)
Reads Internet Explorer settings
- fatalerror.exe (PID: 4812)
Reads Microsoft Outlook installation path
- fatalerror.exe (PID: 4812)
Access to an unwanted program domain was detected
- msiexec.exe (PID: 7700)
INFO
Checks supported languages
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7700)
- msiexec.exe (PID: 7356)
- msiexec.exe (PID: 7896)
- fatalerror.exe (PID: 4812)
- identity_helper.exe (PID: 744)
The sample compiled with english language support
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7356)
Creates files or folders in the user directory
- WinlockerVB6Blacksod.exe (PID: 7296)
- fatalerror.exe (PID: 4812)
Reads the computer name
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7356)
- msiexec.exe (PID: 7700)
- msiexec.exe (PID: 7896)
- identity_helper.exe (PID: 744)
- fatalerror.exe (PID: 4812)
Reads Environment values
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7700)
- identity_helper.exe (PID: 744)
Create files in a temporary directory
- WinlockerVB6Blacksod.exe (PID: 7296)
- msiexec.exe (PID: 7700)
Checks proxy server information
- msiexec.exe (PID: 7700)
- slui.exe (PID: 1020)
- fatalerror.exe (PID: 4812)
Executable content was dropped or overwritten
- msiexec.exe (PID: 7356)
Reads the software policy settings
- slui.exe (PID: 1020)
- slui.exe (PID: 7528)
Manual execution by a user
- msedge.exe (PID: 516)
Application launched itself
- msedge.exe (PID: 516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (78.5) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (11.3) |
| .exe | | | Generic Win/DOS Executable (5) |
| .exe | | | DOS Executable Generic (5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2015:09:23 13:36:22+00:00 |
| ImageFileCharacteristics: | Executable, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 9 |
| CodeSize: | 1034240 |
| InitializedDataSize: | 428544 |
| UninitializedDataSize: | - |
| EntryPoint: | 0xc684c |
| OSVersion: | 5 |
| ImageVersion: | - |
| SubsystemVersion: | 5 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | Debug |
| FileOS: | Win32 |
| ObjectFileType: | Dynamic link library |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Windows |
| FileDescription: | This installer database contains the logic and data required to install Error file remover. |
| FileVersion: | 1.0.0.0 |
| InternalName: | Error file remover |
| LegalCopyright: | Copyright (C) 2016 Windows |
| OriginalFileName: | Error file remover.exe |
| ProductName: | Error file remover |
| ProductVersion: | 1.0.0.0 |
Total processes
170
Monitored processes
35
Malicious processes
4
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 472 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6256 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 516 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
| 664 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2288 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
| 744 | "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1020 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1228 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6528 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1760 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5420 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2332 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4568 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2552 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4104 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2984 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2292,i,16647601235691388064,16062654826820479929,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
Total events
14 063
Read events
14 010
Write events
45
Delete events
8
Modification events
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ED206DB688193B489E86537451F75D7 |
| Operation: | write | Name: | 2E4D254C42ED6B845B3CCA2B040A6160 |
Value: C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEC4D8CE9091D3499C19390B8C387CF |
| Operation: | write | Name: | 2E4D254C42ED6B845B3CCA2B040A6160 |
Value: 02:\Software\Caphyon\Advanced Installer\LZMA\{C452D4E2-DE24-48B6-B5C3-ACB240A01606}\1.0.0.0\AI_ExePath | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Owner |
Value: BC1C0000A27155B180C6DB01 | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | SessionHash |
Value: 6C1F7F889D099F794AC64207D2E32D8D4D05AF07F6430E664DDBA0E828B0F83C | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000 |
| Operation: | write | Name: | Sequence |
Value: 1 | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders |
| Operation: | write | Name: | C:\Config.Msi\ |
Value: | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts |
| Operation: | write | Name: | C:\Config.Msi\10d092.rbs |
Value: 31180416 | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts |
| Operation: | write | Name: | C:\Config.Msi\10d092.rbsLow |
Value: | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D45F152E5BE7289449F90D588F84BD5D |
| Operation: | write | Name: | 2E4D254C42ED6B845B3CCA2B040A6160 |
Value: C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav | |||
| (PID) Process: | (7356) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19FD36884EFA5E041805E77DDE0ABD3B |
| Operation: | write | Name: | 2E4D254C42ED6B845B3CCA2B040A6160 |
Value: 02:\Software\Windows\{C452D4E2-DE24-48B6-B5C3-ACB240A01606}\AI_IA_ENABLE | |||
Executable files
24
Suspicious files
73
Text files
36
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7296 | WinlockerVB6Blacksod.exe | C:\Users\admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll | executable | |
MD5:3531CF7755B16D38D5E9E3C43280E7D2 | SHA256:76133E832C15AA5CBC49FB3BA09E0B8DD467C307688BE2C9E85E79D3BF62C089 | |||
| 7296 | WinlockerVB6Blacksod.exe | C:\Users\admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\holder0.aiph | binary | |
MD5:0E7079D29F5BE29C8406DE6F4FD175F2 | SHA256:205D938ED0540A568E5F1150CC37A733CB76E7945A17A56CA57715419B9EC87F | |||
| 7356 | msiexec.exe | C:\Windows\Installer\MSID3F1.tmp | executable | |
MD5:4083CB0F45A747D8E8AB0D3E060616F2 | SHA256:252B7423B01FF81AEA6FE7B40DE91ABF49F515E9C0C7B95AA982756889F8AC1A | |||
| 7296 | WinlockerVB6Blacksod.exe | C:\Users\admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi | executable | |
MD5:27BC9540828C59E1CA1997CF04F6C467 | SHA256:05C18698C3DC3B2709AFD3355AD5B91A60B2121A52E5FCC474E4E47FB8E95E2A | |||
| 7700 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini | text | |
MD5:27B35EF1C55290B0FF41C97DDDA2AAB9 | SHA256:E997591605E1D300228DB788240CD5C999A25E430AFA6986F0728DAE14CA8706 | |||
| 7356 | msiexec.exe | C:\Windows\Installer\10d090.msi | executable | |
MD5:27BC9540828C59E1CA1997CF04F6C467 | SHA256:05C18698C3DC3B2709AFD3355AD5B91A60B2121A52E5FCC474E4E47FB8E95E2A | |||
| 7356 | msiexec.exe | C:\Windows\Installer\MSID2D2.tmp | executable | |
MD5:4083CB0F45A747D8E8AB0D3E060616F2 | SHA256:252B7423B01FF81AEA6FE7B40DE91ABF49F515E9C0C7B95AA982756889F8AC1A | |||
| 7356 | msiexec.exe | C:\Windows\Installer\MSID371.tmp | executable | |
MD5:D552DD4108B5665D306B4A8BD6083DDE | SHA256:A0367875B68B1699D2647A748278EBCE64D5BE633598580977AA126A81CF57C5 | |||
| 7356 | msiexec.exe | C:\Windows\Installer\MSID3C0.tmp | executable | |
MD5:4083CB0F45A747D8E8AB0D3E060616F2 | SHA256:252B7423B01FF81AEA6FE7B40DE91ABF49F515E9C0C7B95AA982756889F8AC1A | |||
| 7356 | msiexec.exe | C:\Windows\Installer\MSID3D0.tmp | executable | |
MD5:D552DD4108B5665D306B4A8BD6083DDE | SHA256:A0367875B68B1699D2647A748278EBCE64D5BE633598580977AA126A81CF57C5 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
81
DNS requests
55
Threats
16
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
7700 | msiexec.exe | POST | 404 | 44.197.1.6:80 | http://collect.installeranalytics.com/ | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3216 | svchost.exe | 172.211.123.249:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
7700 | msiexec.exe | 44.197.1.6:80 | collect.installeranalytics.com | AMAZON-AES | US | whitelisted |
6544 | svchost.exe | 20.190.159.4:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5496 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2112 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
1228 | SIHClient.exe | 52.149.20.212:443 | slscr.update.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1228 | SIHClient.exe | 20.242.39.171:443 | fe3cr.delivery.mp.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
collect.installeranalytics.com |
| whitelisted |
login.live.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
171.39.242.20.in-addr.arpa |
| unknown |
4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa |
| unknown |
config.edge.skype.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |
7700 | msiexec.exe | Possibly Unwanted Program Detected | ADWARE [ANY.RUN] TakeMyFile UA |