Technical Information
- %WINDIR%\Tasks\Roys-chromiuminstaller.job
- %WINDIR%\Tasks\Roys-firefoxinstaller.job
- %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
- %WINDIR%\Tasks\Roys-chromeinstaller.job
- %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
- [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /handoff "appguid={ff0e47cc-feb3-42bb-b86d-5f4e01c9855a}&appname=b0e23e89-51f6-4e35-abe9-f9002eb96d35&needsadmin=True&lang=en" /installsource otherinstallcmd /sessionid "{66170726-0F38-4749-9B95-DD428EB81857}" /silent
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins2NjE3MDcyNi0wRjM4LTQ3NDktOUI5NS1ERDQyOEVCODE4NTd9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezNBNjE0NTJGLUE2QUYtNEE3MS05MjgxLTVCNjhDNDY3QjQ3OX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48L2FwcD48L3JlcXVlc3Q-
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /svc
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjUuMCIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9Ins2NjE3MDcyNi0wRjM4LTQ3NDktOUI5NS1ERDQyOEVCODE4NTd9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezE1RTVDOERGLUUwQjctNEQwRS04OEIxLUY1NjhEODVGMkJBQ30iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI1LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMiIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0ZGMEU0N0NDLUZFQjMtNDJCQi1CODZELTVGNEUwMUM5ODU1QX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMTA3Mjg5Njc2MCIgZXh0cmFjb2RlMT0iMjY4NDM1NDU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg==
- '%PROGRAM_FILES%\Roys\Roys-chromiuminstaller.exe' /rawdata=HJV2mzJ78mFcP7y4nmIBmCcCkiCv8C5FkQANCsCTdhA+3QHltw4W94UnI7xCeW7v6CAAcLbKPLLLQTIUc2EAQ481osVMr7HLWZEIfAqHLWFlIrLbYY1SRS5/ENTRUxitSLe8TmJY3lOU9bUBcZspcMJ5pJ784rQ2IOq4QVGzIkCmn8iMydtXtpEKN2Xga2sN0ah/pl0mQv7OER1xIHFqycdYl+BOyVRzTvHqGc4+VN6mMHJX61j6p9eH9OhWjlPyETF/1OEGCMJh3mlcXBcHud6JMCX+gCNhP+kflv27kVxs2+kb9c4Ce/Ba0sFRAcvUQU2JcDbfIc2TYCyFNOBnYitOpNjudQk6rgO8MmPYTTsl6xd2PdsZRDXIOrbp5enI1EqVrlYQXQlG/lk8A8GMueTW93J7Vj7XpdVmow8Y8vU96RuYGIMPXdvCTNeoldEsMFJgPeAfHLxlbQ2odZoH2+TaZXvQgSqz5XREoJ7IwGIfQqv0YY+gpdtjSKrSZ7gZXhWleR+sSXAD6pXqtnG7fJA3t+RmhW5zd70aS+s6kW3KW5ACGB5uPJ9dZitAMNXbkXPEO74Fxz9FlEPZZP/OcXSdHIljNoOFx+znTCwu3C0wrmfonrOECmqccMfLG/T9AGJaeY8RcPFjupiVcyKFlRRIhXJ2T66Ih+HTK+aC8c6JBz9c56eYpqhSDGJo2aDf7rztiU3A8l4zFZIP/spbu9zHN3OVLhSBoI8oJENHQLgIUqC1LiYYBHoirmxBdeR3eh5jSsDC2YBhDJZGAHxilwksgwwoVyOZ+vomTuAaVMNi0+aj0RHUb8zt8VDBRzxSEV9wXPdiTPUAPujYRq1fDr7MkV2cYdhkUcpAVoA02WOZJ9G7vUwQgFET2ui4RPvSaEpeYnrVy1QG4bPiCkc7HOrt0BRAd+GFStDhEGui2Tc35mC3k8XiazKXD3QVy8zBIbjeIqkUoL9BdDMBXjWiTTdXEYsD9pzdLqnr5+IRmq8A0B87VtDYzCWXSqsKPmmJke0FXVcN2YogZ+MGqgHuF5ehiE4j7jiveutYJdHFqY1p09OX23pg0alOnXE296ER8Ez8XcBWeWJuIJU3YtgFyq4HDkyZ0KwZAO9j3FD+6iZta/fGWXhvUzpXhAzzg3PFDZyP4mNus8JgvXkmBa90MSDfRJhOmIJx2AnDP2ogfkCh/KB2B8kRUvKyzVFxp3zBsE679yZuwWH5yJO7caur9RAXyh4neqGKU2VuumyY1vbyqKRPW/YxSuoZ7Bzf8laZu/a14wv/QoQx0h4w6B9Mlg1rCWp/9+ovdIaaWaUWn06wwrsD1DXWlwPczxyk+8ZGyNkNcB73b1RprCrEn2ud8Lj2r0F+jDhUytC1gvDeTuyG/AYvuM9QoxAsF5Q0HoCrrnbht77PGvArc/JmMQhxbLoNXZ9lPHSKW7DhN2FFzy1k0Z1ZmidV/fETCER8XYDhBFZM4vB3927smVqXFrP4w+Ni1Jh1N6bE9pzmd+5TrnZoXmY+MN8Iqc6GxtSxSpglEWZ/4Bl4O+D9VqKiKDN0ne0iAy7f3c2ZqTpEb6oTVqIX34EvZqXmRtD/g+gkZ3K+Q+RWvf5TGvUtM0BVkJ25Ixlw+VkPymrhBu3NxmUiOVrGytqo5E9/JJBpFDNjYr8cU1MCRNpW3M648BYaHyKZ4dZ7ve14KmNtP1I8b2AGiDTEMnPXs8WDqHJNusf7+0wi9bnKMf+s3Ft0ebGiXxOW2K43zKY4ji9G5FVeGYq7Ic0FAnquXoEmS+bXVvnpsLioNBdGCaprgQHivJcsaqoNJ/N69CkJiXtgAZu7BoVzD8E4RT3V+Q7qtgbc3cKp7UElVjLfAqYXelPgkM+1C2qoRA==
- '%TEMP%\comh.467178\GoogleUpdate.exe' /silent /install "appguid={ff0e47cc-feb3-42bb-b86d-5f4e01c9855a}&appname=b0e23e89-51f6-4e35-abe9-f9002eb96d35&needsadmin=True&lang=en"
- '%TEMP%\nsa3.tmp\Njkrpwprxqi.exe'
- '%PROGRAM_FILES%\Roys\Roys-chromeinstaller.exe' /rawdata=n53XGNnax/si29S3QmowDMhC6TXlrA7YNAZfX4lgXuj9fZtJYf3cmDQ4IHQioU7pe2VA5jXVugyLyvXqfW316YafNV/R7gdrSCa97rLFfGB470y9FtG3SBNaW/yDVYAP54Pz8eWbeLAmG6bT7dKOeA423tREmsV+GQw6XZuzX/gXqPzLwmEIDqNl6jiX+YMSI3M7eZGiNoXPJvl2QswYQQk6XCgPMUA+njlwtZZ31RBuubXPceiDsRGfFvKIdJOPup0vFxnoWihGYKNuw3UMP5x8LmAIpyMQG8ehVGZ1IgEtH0s3mlSU1uvan/mGtRcngUyxTGNzkwZIi/rjZDAb66OlC844t0x8ZtUDtTshbG7E6s8oEccVnk4G6OPG8YUjm1/dnQahGSmqVzVTobusXV+pRQY2cR7Rsu0GqMTWe6R80t+IwXGwWdIiTNV2Rx7J9ECpN9KI/FRTsIhSLkDq1+3kxrTCkayewMi11/CYVLEKGazZiNNMGtOHM/BHtPnTDg0GwY7c+LoktxsOgo756ApT+nuciJcTjVR0pff4iKuSaVUnwXIpAVoiPNa8Z5TYvhHDGJOUl77XHP0KnFuHKjh99yqGuK3ZY/SnHFV4Mlldoai4jHvb9pDzMztir0u7yYxCfjKkpZ9D7oibkxHal9POx131YAkxmiswQeywMNc8FfRT0HG+gpbJOrxaRI+60gxozR4rZI+AI+tRnsbZVNasVrpB6HGEz/mCP5IVn0EMYFnIfcYIK/tmlGtQSGBKI1HxgcGfxV/9mTkMFF62/Mlg5Smztqom6jcmZjaW7e18r8SV0VthBClbzWlHzcXlDrXEe3XndgCKooySsuTIk2sP1VBOaMRBDUJ2C0zX5jt5/9Cw/XyKv2t4KgIQgX2oihNlaHddoO/mwPE+EsGaRZ6Ffq1mGUH/q3Fd9AC0g9NjS3VIvZL79w3cpBEtRVVuUauJkdbLIGl0iBSwP2X0bpdOQVGR1TN6P40PCMyv17xkeyiECfKB16gJoN4yo1R2nKWJ4MFDI/8EVW5uxmXUDHaWYQ7xOUDJhx7YlE8euLuVYO/YONZy85fdAV2+9sRYFuRyuwn6SP3iWx9+MC5HnU82Jou5uKrgbM9/beaXAB90jZAfU5nThRVK2Mjgo9lPWhCagpfaGl2FZgfLg5XrHlOacdjMD/zX5ER/h1Px90FBy+C0CTWkwhR3oz8XQeE5u+CrhkGPY9k9NVczZj0Hjs7ooilB7pmudCSTT0KCjQkyU9MULyO1BHjgCGGdDEszYJz1Mq9f/sG4cr0t/S+XsXhMmTLBQ9gFTbmQFNge4RyUl8YfXSd56sZFXEMoDIQk9r+6iy2CsE4aTZSSd95TIZRq3wuluLjvSOQv7o+Yj57LZPyYicmE5WhcGPDC7FZQeWUHVuq74PVyzk3FDD8A5duggFg2lXnO0Mu/eN7vc8+XEZLK2t+dqpI1x5OgKO4EQPrXAagA6n8RSuGSe4nRCZGs+nNSZjTLehebkXgRnCuotgQWyBSM4W7+1+g19m6x
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
- '<SYSTEM32>\msiexec.exe' /V
- chrome.exe
- opera.exe
- iexplore.exe
- firefox.exe
- %TEMP%\nss6.tmp\ExecDos.dll
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
- %TEMP%\Cab9.tmp
- %TEMP%\CabB.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %PROGRAM_FILES%\Roys\59604.crx
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- %TEMP%\Cab7.tmp
- %PROGRAM_FILES%\Roys\Roys-chromeinstaller.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
- %TEMP%\MSI51d72.LOG
- %PROGRAM_FILES%\Roys\1293297481.mxaddon
- %WINDIR%\Installer\MSID.tmp
- C:\Config.Msi\504ae.rbs
- %PROGRAM_FILES%\Roys\Roys-chromiuminstaller.exe
- %PROGRAM_FILES%\Roys\59604.xpi
- %PROGRAM_FILES%\Roys\360-59604.crx
- %PROGRAM_FILES%\Roys\e72bcc20-e60b-4f09-90b0-4e61d0f5a37c.crx
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
- %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
- %WINDIR%\Installer\504ab.msi
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
- %TEMP%\RoysInstaller_1402531604.log
- %TEMP%\nss6.tmp\InstallerUtils.dll
- %TEMP%\nss6.tmp\System.dll
- %TEMP%\nss6.tmp\nsislog.dll
- %TEMP%\nss6.tmp\md5dll.dll
- %TEMP%\nss6.tmp\UserInfo.dll
- %TEMP%\nss6.tmp\InstallerUtils2.dll
- %TEMP%\nss6.tmp\nsisos.dll
- %TEMP%\nsa3.tmp\Iqfeeqnutd.tmp
- %TEMP%\nsa3.tmp\WrapperUtils.dll
- %TEMP%\nsf2.tmp
- %TEMP%\nsa3.tmp\System.dll
- %TEMP%\nsc5.tmp
- %TEMP%\nss6.tmp\StdUtils.dll
- %TEMP%\nsa3.tmp\Njkrpwprxqi.exe
- %TEMP%\nsa3.tmp\StdUtils.dll
- %TEMP%\nss6.tmp\inetc.dll
- %TEMP%\comh.467178\GoogleUpdateOnDemand.exe
- %TEMP%\comh.467178\goopdate.dll
- %TEMP%\comh.467178\GoogleUpdateBroker.exe
- %TEMP%\comh.467178\GoogleUpdateHelper.msi
- %TEMP%\comh.467178\psmachine.dll
- %TEMP%\comh.467178\psuser.dll
- %TEMP%\comh.467178\goopdateres_en.dll
- %TEMP%\comh.467178\npGoogleUpdate4.dll
- %PROGRAM_FILES%\Roys\utils.exe
- %TEMP%\nss6.tmp\469298
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\update[1].json
- %TEMP%\nss6.tmp\update.json
- %TEMP%\comh.467178\GoogleCrashHandler.exe
- %TEMP%\comh.467178\GoogleUpdate.exe
- %TEMP%\nss6.tmp\275323
- %PROGRAM_FILES%\Roys\Uninstall.exe
- %WINDIR%\Installer\MSID.tmp
- C:\Config.Msi\504ae.rbs
- %WINDIR%\Installer\504ab.msi
- %TEMP%\CabB.tmp
- %TEMP%\nss6.tmp\275323
- %TEMP%\Cab7.tmp
- %TEMP%\Cab9.tmp
- 'ts####.ws.symantec.com':80
- 'cr#.#hawte.com':80
- 'localhost':1045
- 'localhost':1050
- 'localhost':1047
- 'er####.datagenserv.com':80
- 'up####.datagenserv.com':80
- 'st###.#atagenserv.com':80
- 'www.download.windowsupdate.com':80
- 'lo##.##tagenserv.com':80
- up####.datagenserv.com/omaha/FF0E47CC-FEB3-42BB-B86D-5F4E01C9855A/1/update.xml?ra########
- up####.datagenserv.com/omaha/FF0E47CC-FEB3-42BB-B86D-5F4E01C9855A/1/update.xml?ra########################################################################################################################################################################################
- lo##.##tagenserv.com/monetization.gif?ra######################################################################################################################################################################
- up####.datagenserv.com/omaha/FF0E47CC-FEB3-42BB-B86D-5F4E01C9855A/1/ping.xml?ra#####
- up####.datagenserv.com/omaha/FF0E47CC-FEB3-42BB-B86D-5F4E01C9855A/1/ping.xml?ra########
- up####.datagenserv.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?ra########
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- up####.datagenserv.com/installer_updates/001676/update.json
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- ts####.ws.symantec.com/tss-ca-g2.crl
- cr#.#hawte.com/ThawteTimestampingCA.crl
- DNS ASK www.download.windowsupdate.com
- DNS ASK cr#.#hawte.com
- DNS ASK ts####.ws.symantec.com
- DNS ASK lo##.##tagenserv.com
- DNS ASK up####.datagenserv.com
- DNS ASK er####.datagenserv.com
- DNS ASK st###.#atagenserv.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'