Technical Information
- %WINDIR%\Tasks\globalUpdateUpdateTaskMachineCore.job
- %WINDIR%\Tasks\globalUpdateUpdateTaskMachineUA.job
- %WINDIR%\Tasks\430ceeec-641b-4453-b915-a5010dfde502-11.job
- %WINDIR%\Tasks\430ceeec-641b-4453-b915-a5010dfde502-4.job
- [<HKLM>\SYSTEM\ControlSet001\Services\globalUpdate] 'Start' = '00000002'
- '%PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502-4.exe' /XMJUKvBOj /dooWqK='Apps Hat Mini' /eqmhNu='%PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502.xpi' /IeMVT=50301 /oupwX='000971' /IeMSl='0' /PYevhsTT='0' /MjNkxPVix=152CB230AADE4CBD98F617A33BD645B6IE /QDMxLhz=7995f69a8c8c2a3ea474a914cbc672b3 /clLxqOkU=1_34_07_01 /YwubAm=1.34.7.1 /PwOrhX=1411378509 /edMiysyyE=http://st###.#enstatsnet.com /xZSCuY=http://er####.genstatsnet.com /pMNTuEXRj=300 /EWsglS=a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com /ZlDaahXOj=0.95 /TbqSpAog=aa055e456a2004197b11ab82eb9b5ea1ce3a45ca070b044d3aeb30176a65ffa43com50301 /uMzoUfQU=https://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/50301.rdf /sTZwjzny='Apps Hat Mini' /NbSrRv='Apps Hat is the cool new Android app store that helps you discover hot new apps, both free and discounted. Get personalised recommendations, price drop alerts, and share your favourite apps with your friends.' /eigZPRS='Nero' /HdFKlpL=ie /GFeOQUS='{"asw":[0, 0, 0]}' /BjPrV /OWgHtTkdW /XizmqZLSw /fHBkxNH='http://up####.genstatsnet.com/ff_agent_updates/{CAMP_ID}/update.json' /OkexrSO /HyxqJRn='installer' /jgRFE='%TEMP%\Apps Hat MiniInstaller_1411378509.log'
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regserver
- '%PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe' /regsvc
- '%TEMP%\comh.487529\GoogleUpdate.exe' /silent /install "appguid={d289dbd1-1251-4bf6-a182-dea254eba70a}&appname=d7070c51-17e6-47fe-9a54-a723757e0c31&needsadmin=True&lang=en"
- '%PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502-11.exe' /iMQzYDLH=K8iu9K9XfzHmbyyWuXwZnVCUDMwsDhLW6Xi4aNsUgagzjbo8VldvhV3mawtrnH7vqYh6KNySBk6g4U4Hk4WlwBb7U32A39HaMesWU+JMTCZ5b6R0AT7azIAeRxKt4oKSK/C/ZzasZfwBjOKonq77Omy9wJO/UXR9B4zqfdYpEIdUCziU/hzwZOZdXvaVc8y9TZOmI4q9efLbaf7jVVyAx4lrXheZR5lWYKCP7PbW+nawzESvW0eJV6VoBit6inxEPGd2C4ojMj+kc4OPGVMXSCsgwZhAOZBgMhnmWtbeD40lailhJfDMINf6K9XRIwtyCejxA7XKs0pH6BeY6SsYpFbVYxh6XUR2/VC3j9o+KijW1gMEnUgl869ngGOXs2HPKvqM4kxb/1KFkdSfvKTwkYqcXQe4IC4/1s9JzdYR2bRcrSwbX8LomqnMr3bci/FQWrmH40wjUjtM/jNKzvKbpCciGKOjlR6rKG5fiBu17WB6tleSnjYeKq1rcr+8XGORarEvpf390S2OeiM0q97VflHMpJ1rzfBSYLGcjwUZyqGxflA8qKFx2Qn/jgHE0WSUtYZxLw8dWAVa3iRhxudfh/aMb09TB1yrl3jo+wLi8wu22Ypw2fXU4RSAAHbDbtWCEYxJM4/UMnbMrCa/keVMCNZ3TJ4YHaYZ5b75fnAWaLYYQDOa18UxnlqAzsi9V5S5MeghXJo9VHhSCNlvUbfYHq7OydB3fNIQqaiH8lPjd9+bTmABsg9sEkMXSOOoFamgbYKYe7GZKl51hJxHqzMYHIsazi3L93uajOP0GEJvsB1f5gU/v1FfwJbJJTY5rWVe4CCyTG7ZzeaAIVzj7JidDm+CHTcZAIYzoJmCPKLkOzDk0ptOgI5LUckIv5CzF37qg7qseuqquUlfhE26WuOprukfnwdUwEvF4tjP1jpKf+HgyDUA9fSvtFWztRXwsZNZhOBBhbSQ3uc9918NKgkJeZHVydHpiLt4P22/qjcNsbIVq7xeqrr2v+IHuqM6R/nYf6RdkIDmXFBPmA81s455KCXZZ8f4/bn7foLPelIM0CKeQXxiO7PwyfeGc5k3ach/fb5CGU9PdWTucmsz+0uaVketVnnFzEaoInw0euWckHVzUxhUQgGP5SZbOG1KyIgi40SxSurTfFOvwexQ+D+BQlm+GR2kqtbWEEYv7sbaIzMGWLpKkaTtNiwnwxKrRgLEGTPmX3umnOffGSpG46/gJH6CAgh8I8+hHg0AYb8+MZHsW+CcZD+/LTlXdjwrzHrBLC0Ao1vi4u2Johq9WPiK1bhhA+RFsebDbu8h/fBhyRmZDXyuCL7WK6K3rag1F84dZAUsTG4PLB2z3oRHRycrl3XCKi8m9GdYyUzdvzIBqmUM9C4Txt8D76CjAnDSfcUA9s0Tx0zJbqgBkQAiA4uUAQSNbdhxhDqFWrDhPXo0/SMHGtImfmAm+QTqWOe+RPjAbbTHjEYrwNbM19jZ8BgnlvZvca3QiVHFzozv63C4NGiBVuwu0LJkEHaMYoRuFUrcLJ7oANHV+gdsOOVvwTIqvGbmI1fLBPX/pLGxDeNu2QyZPw2bM4RftOq/q5HIFW2X+Ec11c4UIAsmrmvlY7M/DxYmn9A38RapL+tF9NVI5uZ8DXGrJiAsJ1fvycCqz80giMYywl+7gNd1657toLtW99HXWcayaKolGv+5/H/c9Pc=
- '<SYSTEM32>\msiexec.exe' /V
- opera.exe
- firefox.exe
- iexplore.exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\manifest.xml
- %TEMP%\MSI4bd03.LOG
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins.json
- C:\Config.Msi\4aeae.rbs
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\chrome.manifest
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\183.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\226.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\255.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\268.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\180.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\28.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\defaults\preferences\prefs.js
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psmachine.dll
- %PROGRAM_FILES%\globalUpdate\Update\GoogleUpdate.exe
- %PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502.xpi
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\install.rdf
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\locale\en-US\translations.dtd
- %WINDIR%\Installer\MSIA.tmp
- %PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502-4.exe
- %WINDIR%\Installer\4aeab.msi
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\123.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\104.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\14.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\9.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\195.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\182.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\177.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\22.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\246.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\260.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\233.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\263.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\1.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\230.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\93.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\221.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\244.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\286.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\16.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\21.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\7.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\4.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\91.js
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions\a055e456-a200-4197-b11a-b82eb9b5ea1c@e3a45ca0-70b0-44d3-aeb3-0176a65ffa43.com\extensionData\plugins\281.js
- %TEMP%\comh.487529\GoogleCrashHandler.exe
- %TEMP%\comh.487529\GoogleUpdate.exe
- %PROGRAM_FILES%\Apps Hat Mini\Uninstall.exe
- %TEMP%\nsk3.tmp\480210
- %TEMP%\nsk3.tmp\89002
- %TEMP%\comh.487529\GoogleUpdateBroker.exe
- %TEMP%\comh.487529\goopdateres_en.dll
- %TEMP%\comh.487529\npGoogleUpdate4.dll
- %TEMP%\comh.487529\goopdate.dll
- %TEMP%\comh.487529\GoogleUpdateHelper.msi
- %TEMP%\comh.487529\GoogleUpdateOnDemand.exe
- %PROGRAM_FILES%\Apps Hat Mini\utils.exe
- %TEMP%\nsk3.tmp\InstallerUtils.dll
- %TEMP%\nsk3.tmp\InstallerUtils2.dll
- %TEMP%\nsk3.tmp\System.dll
- %TEMP%\nse2.tmp
- %TEMP%\nsk3.tmp\StdUtils.dll
- %TEMP%\nsk3.tmp\nsisos.dll
- %TEMP%\nsk3.tmp\update.json
- %TEMP%\nsk3.tmp\inetc.dll
- %TEMP%\nsk3.tmp\md5dll.dll
- %TEMP%\nsk3.tmp\UserInfo.dll
- %TEMP%\comh.487529\psmachine.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
- %TEMP%\Cab6.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA
- %PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502-11.exe
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\psuser.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
- %TEMP%\nsk3.tmp\ExecDos.dll
- %TEMP%\Cab8.tmp
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\goopdate.dll
- %TEMP%\comh.487529\psuser.dll
- %PROGRAM_FILES%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
- %APPDATA%\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
- %PROGRAM_FILES%\Apps Hat Mini\53b71c55-0d38-4dbf-a820-9f3bf1dadc3b.crx
- %PROGRAM_FILES%\Apps Hat Mini\430ceeec-641b-4453-b915-a5010dfde502.crx
- %TEMP%\Cab4.tmp
- %PROGRAM_FILES%\Apps Hat Mini\1293297481.mxaddon
- %APPDATA%\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
- C:\Config.Msi\4aeae.rbs
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\4aead.ipi
- %WINDIR%\Installer\4aeab.msi
- %TEMP%\Cab4.tmp
- %TEMP%\nsk3.tmp\89002
- %TEMP%\Cab8.tmp
- %TEMP%\Cab6.tmp
- 'www.download.windowsupdate.com':80
- 'cr#.#hawte.com':80
- 'ts####.ws.symantec.com':80
- 'lo##.##nstatsnet.com':80
- 'up####.genstatsnet.com':80
- 'er####.genstatsnet.com':80
- 'st###.#enstatsnet.com':80
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
- ts####.ws.symantec.com/tss-ca-g2.crl
- cr#.#hawte.com/ThawteTimestampingCA.crl
- er####.genstatsnet.com/installer-error.gif?ac########################################################################################################################################################################################################################################################################################################################################################################################################
- up####.genstatsnet.com/installer_updates/000971/update.json
- lo##.##nstatsnet.com/monetization.gif?ev######################################################################################################################################################################################################################################################################
- st###.#enstatsnet.com/installer.gif?ac####################################################################################################################################################################################################################################################################################################################################################################################################################################
- DNS ASK www.download.windowsupdate.com
- DNS ASK cr#.#hawte.com
- DNS ASK ts####.ws.symantec.com
- DNS ASK lo##.##nstatsnet.com
- DNS ASK up####.genstatsnet.com
- DNS ASK er####.genstatsnet.com
- DNS ASK st###.#enstatsnet.com
- ClassName: 'Shell_TrayWnd' WindowName: ''