Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bench Communicator Watcher' = '%PROGRAM_FILES%\Bench\Proxy\pwdg.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Bench Settings Cleaner' = '%PROGRAM_FILES%\Bench\Proxy\cl.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'BService' = '%PROGRAM_FILES%\Bench\BService\1.1\bservice.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Wd' = '%PROGRAM_FILES%\Bench\Wd\wd.exe'
- %WINDIR%\Tasks\bench-S-1-5-21-2052111302-484763869-725345543-1003.job
- %WINDIR%\Tasks\bench-sys.job
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Bench\Proxy\pwdg.exe' = '%PROGRAM_FILES%\Bench\Proxy\pwdg.exe:*:Enabled:Proxy'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Bench\Proxy\proc.exe' = '%PROGRAM_FILES%\Bench\Proxy\proc.exe:*:Enabled:Proxy'
- '%TEMP%\nsg2.tmp\ns15.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_close/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns14.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_copy/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns16.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_files/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns18.tmp' netsh firewall add allowedprogram "%PROGRAM_FILES%\Bench\Proxy\proc.exe" Proxy ENABLE
- '%TEMP%\nsg2.tmp\ns17.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns10.tmp' cscript.exe //Nologo "installer.js" install firefox "<LS_APPDATA>\Download Helper\firefox\" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '%TEMP%\nsg2.tmp\nsF.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-inst_chrome/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns11.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-uninstaller/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns13.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_cache/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns12.tmp' cscript.exe //Nologo "clear_cache.js"
- '<LS_APPDATA>\Download Helper\SoftwareDetector.exe' /pid=3488
- '%PROGRAM_FILES%\Bench\Updater\updater.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_wd/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsg2.tmp\ns1C.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_shrt/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%TEMP%\nsm1F.tmp\ns20.tmp' cscript.exe //Nologo "ping.js" "http://cd#####s-a.akamaihd.net/s.gif?t=#####################################################" "" ""
- '%TEMP%\nsg2.tmp\ask.exe'
- '%TEMP%\nsg2.tmp\ns19.tmp' netsh firewall add allowedprogram "%PROGRAM_FILES%\Bench\Proxy\pwdg.exe" Proxy ENABLE
- '<LS_APPDATA>\Download Helper\SoftwareDetector.exe' -Embedding
- '%TEMP%\nsg2.tmp\ns1A.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_fw/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%PROGRAM_FILES%\Bench\Updater\updater.exe' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-prx_wd/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%PROGRAM_FILES%\Bench\Updater\1.7.0.0\updater.exe'
- '%TEMP%\nsg2.tmp\ns6.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-migrate_ext/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '<LS_APPDATA>\Download Helper\sqlite3.exe' "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\framework-eb6a0f12-0a24-d1fc-4125-3513b7767f43.sqlite" "SELECT value FROM user_storage WHERE key='_GPL_zoneid';"
- '%TEMP%\nsg2.tmp\ns7.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%PROGRAM_FILES%\Bench\Updater\1.7.0.0\updater.exe' -runmode=addsystask
- '%TEMP%\nsg2.tmp\nsA.tmp' net.exe start schedule
- '%TEMP%\nsg2.tmp\ns4.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-init_ie/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '%TEMP%\nsg2.tmp\ns3.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-main_start2/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '%TEMP%\nsg2.tmp\ns5.tmp' cscript.exe //Nologo "migrate.js" /iversion=20140821 /programfiles="%PROGRAM_FILES%" /localapps="<LS_APPDATA>" /chrome-dir="" /firefox-dir="<LS_APPDATA>\Download Helper\firefox" /ie-dir="%PROGRAM_FILES%\Download Helper" /product-name="Download Helper" /installation-time="1409891041" /pid="0" /zone="0" /czoneid="" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '<LS_APPDATA>\Download Helper\sqlite3.exe' "<LS_APPDATA>\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olgkapbcakcenbpmebcfdfbdlhhghped_0.localstorage" "SELECT value FROM ItemTable WHERE key='_GPL_zoneid';"
- '<LS_APPDATA>\Download Helper\SoftwareDetector.exe'
- '%TEMP%\nsg2.tmp\nsD.tmp' cscript.exe //Nologo "installer.js" install chrome "" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '%TEMP%\nsg2.tmp\nsC.tmp' cscript.exe //Nologo "main_installer.js" install /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '%TEMP%\nsg2.tmp\nsE.tmp' cscript.exe //Nologo "chrome_gp_update.js" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '%PROGRAM_FILES%\Bench\Wd\wd.exe'
- '%PROGRAM_FILES%\Bench\BService\1.1\bservice.exe'
- '%PROGRAM_FILES%\Bench\Updater\1.7.0.0\updater.exe' -runmode=addtask
- '%PROGRAM_FILES%\Bench\Updater\updater.exe' -runmode=addtask
- '%PROGRAM_FILES%\Bench\Updater\updater.exe' -runmode=addproduct -info="%TEMP%\nsg9.tmp"
- '%TEMP%\nsg2.tmp\nsB.tmp' cscript.exe //Nologo "ping.js" "http://www.in####lping5.info/other-updater/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '%PROGRAM_FILES%\Bench\Updater\1.7.0.0\updater.exe' -runmode=addproduct -info="%TEMP%\nsg9.tmp"
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_close/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_files/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "clear_cache.js"
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_cache/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_copy/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\net1.exe' /pid=3400
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_shrt/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://cd#####s-a.akamaihd.net/s.gif?t=#####################################################" "" ""
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\Bench\Proxy\proc.exe" Proxy ENABLE
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%PROGRAM_FILES%\Bench\Proxy\pwdg.exe" Proxy ENABLE
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-prx_fw/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-uninstaller/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-migrate_ext/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\net1.exe' start schedule
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-main_start2/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-init_ie/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "migrate.js" /iversion=20140821 /programfiles="%PROGRAM_FILES%" /localapps="<LS_APPDATA>" /chrome-dir="" /firefox-dir="<LS_APPDATA>\Download Helper\firefox" /ie-dir="%PROGRAM_FILES%\Download Helper" /product-name="Download Helper" /installation-time="1409891041" /pid="0" /zone="0" /czoneid="" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '<SYSTEM32>\cscript.exe' //Nologo "chrome_gp_update.js" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-inst_chrome/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "installer.js" install firefox "<LS_APPDATA>\Download Helper\firefox\" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '<SYSTEM32>\cscript.exe' //Nologo "ping.js" "http://www.in####lping5.info/other-updater/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################" "" ""
- '<SYSTEM32>\cscript.exe' //Nologo "main_installer.js" install /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- '<SYSTEM32>\cscript.exe' //Nologo "installer.js" install chrome "" /product-name="Download Helper" /installation-time="1409891041" /pid="" /zone="" /czoneid="12199" /nmhost-dir="%PROGRAM_FILES%\Bench\NmHost" /app-id="34832" /updateip="54.225.95.126" /version="1.0" /enable-extensions /update /chrome-id="olgkapbcakcenbpmebcfdfbdlhhghped" /chrome-update-url="http://ol########cenbpmebcfdfbdlhhghped/check/.eJwNyUsOgCAMANG7dE2MbrmMKaVQwjeAxsR4d1nOmxcmjggaSHrNDApu7iPUsujY9tWhjIkpcQc9-8UK-JlnsOvX5CM2QxiJi2mZDTnrjE0iXhpb-H7a3SD6.tACkCruSXQfJ_BW56V6CfJf0Sv0" /close-chrome /close-firefox /close-ie
- iexplore.exe
- firefox.exe
- chrome.exe
- %TEMP%\nsg2.tmp\nsE.tmp
- %TEMP%\nsg2.tmp\nsD.tmp
- %PROGRAM_FILES%\Bench\BService\1.1\bservice.exe
- %PROGRAM_FILES%\Bench\BService\1.1\bhelper.dll
- %TEMP%\nsg2.tmp\nsProcess.dll
- %TEMP%\nsg2.tmp\nsC.tmp
- %PROGRAM_FILES%\Bench\NmHost\manifest.json
- %PROGRAM_FILES%\Bench\NmHost\nmhost.exe
- %TEMP%\nsg2.tmp\ns11.tmp
- %HOMEPATH%\Start Menu\Programs\Download Helper\Uninstall.lnk
- <LS_APPDATA>\Download Helper\clear_cache.js
- <LS_APPDATA>\Download Helper\ie_installer.js
- %TEMP%\nsg2.tmp\nsF.tmp
- %PROGRAM_FILES%\Bench\Wd\wd.exe
- <LS_APPDATA>\Download Helper\uninstall.exe
- %TEMP%\nsg2.tmp\ns10.tmp
- %TEMP%\nsg2.tmp\ns4.tmp
- <LS_APPDATA>\Download Helper\firefox\icons\icon48.png
- %TEMP%\nsg2.tmp\ns6.tmp
- %TEMP%\nsg2.tmp\ns5.tmp
- <LS_APPDATA>\Download Helper\firefox\icons\icon100.png
- <LS_APPDATA>\Download Helper\firefox\icons\button.png
- <LS_APPDATA>\Download Helper\firefox\icons\icon32.png
- <LS_APPDATA>\Download Helper\firefox\icons\icon128.png
- %TEMP%\nsg2.tmp\nsA.tmp
- %TEMP%\nsg9.tmp
- %PROGRAM_FILES%\Bench\Updater\products.xml
- %TEMP%\nsg2.tmp\nsB.tmp
- %PROGRAM_FILES%\Bench\Updater\updater.exe
- %TEMP%\nsg2.tmp\ns7.tmp
- %TEMP%\nsr8.tmp
- %PROGRAM_FILES%\Bench\Updater\1.7.0.0\updater.exe
- %TEMP%\nsg2.tmp\ns12.tmp
- %TEMP%\nsg2.tmp\ns1C.tmp
- %HOMEPATH%\Start Menu\Programs\Download Helper\Browser Guardian.lnk
- %APPDATA%\Protect\Blocker\8d3f613ded3421026a6b47abd4042139
- %APPDATA%\Protect\Blocker\b24f88eb229178ba93accf228dc5b280
- %APPDATA%\Protect\CanvasStorage\8ab1244a97308124c8207af9517ce460
- %APPDATA%\Protect\CanvasStorage\c8ca0d6097bee7d978cc54b0e9075409
- %HOMEPATH%\Start Menu\Programs\Download Helper\Browser Guardian Settings.url
- %APPDATA%\Protect\CanvasStorage\7bf8e2b7288ee31947f028830fe682c3
- %TEMP%\nsm1F.tmp\ns20.tmp
- %TEMP%\nsm1F.tmp\nsExec.dll
- %TEMP%\nsm1F.tmp\System.dll
- %TEMP%\nsm1F.tmp\nsDialogs.dll
- %TEMP%\nsx1E.tmp
- %TEMP%\nsg2.tmp\ask.exe
- %TEMP%\nsm1F.tmp\splash.bmp
- %TEMP%\nsm1F.tmp\ping.js
- %PROGRAM_FILES%\Bench\Proxy\icon.ico
- %PROGRAM_FILES%\Bench\Proxy\pwdg.exe
- %TEMP%\nsg2.tmp\ns16.tmp
- %PROGRAM_FILES%\Bench\Proxy\cl.exe
- %TEMP%\nsg2.tmp\ns14.tmp
- %TEMP%\nsg2.tmp\ns13.tmp
- %PROGRAM_FILES%\Bench\Proxy\proc.exe
- %TEMP%\nsg2.tmp\ns15.tmp
- <LS_APPDATA>\proxy.log
- %TEMP%\nsg2.tmp\ns1B.tmp
- %APPDATA%\Protect\CanvasStorage\a645fa10d3b7c3be385a23d8e9796994
- %APPDATA%\Protect\CanvasStorage\ee9adb2bad520b37c67f38edc62ec22d
- %TEMP%\nsg2.tmp\ns18.tmp
- %TEMP%\nsg2.tmp\ns17.tmp
- %TEMP%\nsg2.tmp\ns1A.tmp
- %TEMP%\nsg2.tmp\ns19.tmp
- <LS_APPDATA>\Download Helper\firefox\framework-ui\ui_base.js
- <LS_APPDATA>\Download Helper\firefox\chrome.manifest
- <LS_APPDATA>\Download Helper\firefox\bootstrap.js
- <LS_APPDATA>\Download Helper\firefox\install.rdf
- <LS_APPDATA>\Download Helper\firefox\extension_info.json
- <LS_APPDATA>\Download Helper\chrome_gp_update.js
- <LS_APPDATA>\Download Helper\sqlite3.exe
- <LS_APPDATA>\Download Helper\firefox\background.html
- <LS_APPDATA>\Download Helper\firefox_installer.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_webrequest.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_settings.js
- <LS_APPDATA>\Download Helper\firefox\CanvasFramework\canvas_bg.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\jquery.min.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_browseraction.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_bg.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_content.js
- <LS_APPDATA>\Download Helper\firefox\AppFramework\appAPI_common.js
- %TEMP%\nsg2.tmp\ns3.tmp
- <LS_APPDATA>\Download Helper\projectInstaller.js
- <LS_APPDATA>\Download Helper\SoftwareDetector.exe
- %TEMP%\nsg2.tmp\System.dll
- %TEMP%\nsg2.tmp\ping.js
- %TEMP%\nsg2.tmp\nsExec.dll
- %TEMP%\nsg2.tmp\md5dll.dll
- <LS_APPDATA>\Download Helper\migrate.js
- <LS_APPDATA>\Download Helper\info.xml
- <LS_APPDATA>\Download Helper\chrome_installer.js
- <LS_APPDATA>\Download Helper\gpedit.exe
- <LS_APPDATA>\Download Helper\common.js
- <LS_APPDATA>\Download Helper\installer.js
- <LS_APPDATA>\Download Helper\main_installer.js
- <LS_APPDATA>\Download Helper\icon.ico
- <LS_APPDATA>\Download Helper\firefox\CanvasFramework\canvasscript_engine.js
- <LS_APPDATA>\Download Helper\firefox\framework\userscript_engine.js
- <LS_APPDATA>\Download Helper\firefox\framework\userscript_client.js
- <LS_APPDATA>\Download Helper\firefox\framework\xhr.js
- <LS_APPDATA>\Download Helper\firefox\framework\utils.js
- <LS_APPDATA>\Download Helper\firefox\framework\storage.js
- <LS_APPDATA>\Download Helper\firefox\framework\messaging.js
- <LS_APPDATA>\Download Helper\firefox\framework\uninstall.js
- <LS_APPDATA>\Download Helper\firefox\framework\timer.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\framework_api.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\context_menu.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\options.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\notifications.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\contentNotification.tmpl
- <LS_APPDATA>\Download Helper\firefox\framework-ui\browser_button.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\content_notifications.js
- <LS_APPDATA>\Download Helper\firefox\framework-ui\contentNotificationStyle.tmpl
- <LS_APPDATA>\Download Helper\firefox\framework\browser.js
- <LS_APPDATA>\Download Helper\firefox\framework\base.js
- <LS_APPDATA>\Download Helper\firefox\framework\console.js
- <LS_APPDATA>\Download Helper\firefox\framework\chrome_windows.js
- <LS_APPDATA>\Download Helper\firefox\CanvasFramework\registry.js
- <LS_APPDATA>\Download Helper\firefox\CanvasFramework\md5.js
- <LS_APPDATA>\Download Helper\firefox\framework\backgroundscript_engine.js
- <LS_APPDATA>\Download Helper\firefox\CanvasFramework\webrequest.js
- <LS_APPDATA>\Download Helper\firefox\framework\lang.js
- <LS_APPDATA>\Download Helper\firefox\framework\io.js
- <LS_APPDATA>\Download Helper\firefox\framework\message_target.js
- <LS_APPDATA>\Download Helper\firefox\framework\legacy.js
- <LS_APPDATA>\Download Helper\firefox\framework\framework.js
- <LS_APPDATA>\Download Helper\firefox\framework\content_proxy.js
- <LS_APPDATA>\Download Helper\firefox\framework\invoke_async.js
- <LS_APPDATA>\Download Helper\firefox\framework\i18n.js
- %TEMP%\nsg2.tmp\ns12.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\xriderexe_[2]
- %TEMP%\nsg2.tmp\ns14.tmp
- %TEMP%\nsg2.tmp\ns13.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\0[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\xriderexe_[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\xriderexe_[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\s[1].gif
- %TEMP%\nsg2.tmp\ns15.tmp
- %TEMP%\nsg2.tmp\ns1B.tmp
- %TEMP%\nsg2.tmp\ns1A.tmp
- %TEMP%\nsm1F.tmp\ns20.tmp
- %TEMP%\nsg2.tmp\ns1C.tmp
- %TEMP%\nsg2.tmp\ns17.tmp
- %TEMP%\nsg2.tmp\ns16.tmp
- %TEMP%\nsg2.tmp\ns19.tmp
- %TEMP%\nsg2.tmp\ns18.tmp
- %TEMP%\nsg2.tmp\nsA.tmp
- %TEMP%\nsg2.tmp\ns7.tmp
- %TEMP%\nsg2.tmp\nsB.tmp
- %TEMP%\nsg9.tmp
- %TEMP%\nsg2.tmp\ns4.tmp
- %TEMP%\nsg2.tmp\ns3.tmp
- %TEMP%\nsg2.tmp\ns6.tmp
- %TEMP%\nsg2.tmp\ns5.tmp
- %TEMP%\nsg2.tmp\nsC.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\0[1]
- %TEMP%\nsg2.tmp\ns11.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\0[1]
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\xriderexe_[1]
- %TEMP%\nsg2.tmp\nsE.tmp
- %TEMP%\nsg2.tmp\nsD.tmp
- %TEMP%\nsg2.tmp\ns10.tmp
- %TEMP%\nsg2.tmp\nsF.tmp
- 'localhost':1062
- 'localhost':1066
- 'localhost':1060
- 'localhost':1056
- 'localhost':1058
- 'localhost':1074
- 'localhost':1076
- 'localhost':3128
- 'localhost':1068
- 'co######ache-a.akamaihd.net':80
- 'localhost':1054
- 'localhost':1042
- 'localhost':1044
- 'localhost':1040
- 'localhost':1037
- 'www.in####lping5.info':80
- 'localhost':1050
- 'localhost':1052
- 'cd#####s-a.akamaihd.net':80
- 'localhost':1046
- 'localhost':1048
- www.in####lping5.info/other-prx_reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_fw/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_close/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_files/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_wd/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_shrt/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- cd#####s-a.akamaihd.net/s.gif?t=#####################################################
- co######ache-a.akamaihd.net/protect/block.json
- co######ache-a.akamaihd.net/check
- www.in####lping5.info/other-prx_copy/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-migrate_ext/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################
- www.in####lping5.info/other-reg/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-main_start2/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################
- www.in####lping5.info/other-init_ie/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe/0/?pi##########################################
- www.in####lping5.info/other-updater/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-uninstaller/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- www.in####lping5.info/other-prx_cache/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- cd#####s-a.akamaihd.net/s.gif?t=##############################
- www.in####lping5.info/other-inst_chrome/fa6a340517d9de2515e3ebda9d325458/66f9d2b6a353c00dfb2dfe9d09ca1920/xriderexe//?pi########################################
- DNS ASK co######ache-a.akamaihd.net
- DNS ASK cd#####s-a.akamaihd.net
- DNS ASK www.in####lping5.info
- ClassName: 'Shell_TrayWnd' WindowName: ''