Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe
Analysis ID:	1546907
MD5:	17563cfba0842038f0a8bd7f15c89e2e
SHA1:	34b5dbfe3bfcdd033d256fe66c87864bc3c61aaa
SHA256:	7ef8b3f4ca7db60e350a0b51dd7c284248a94a073735a25a00f85f9072d48143
Tags:	AdwareGenericexe
Infos:

Detection

Score:	32
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Yara detected AntiVM3

May drop file containing decryption instructions (likely related to ransomware)

Monitors registry run keys for changes

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected potential crypto function

Drops PE files

Enables security privileges

Found dropped PE file which has not been started or loaded

JA3 SSL client fingerprint seen in connection with other malware

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Use Short Name Path in Command Line

Steals Internet Explorer cookies

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses 32bit PE files

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.63.52.39:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.63.52.39:443 -> 192.168.2.7:49711 version: TLS 1.2

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	File opened: C:\Users\user\AppData	Jump to behavior

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 116.203.251.147:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49705 -> 178.63.52.39:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49711 -> 178.63.52.39:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.7:49730
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.7:49947

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /debug.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Embarcadero URI Client/1.0Host: collect.avqtools.com

Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: gacy_cookie_access":{},"local_fonts":{},"media_engagement":{},"media_stream_camera":{},"media_stream_mic":{},"midi":{},"midi_sysex":{},"mixed_script":{},"nfc_devices":{},"notification_interactions":{},"notification_permission_review":{},"notifications":{},"password_protection":{},"payment_handler":{},"permission_autoblocking_data":{},"permission_autorevocation_data":{},"popups":{},"private_network_chooser_data":{},"private_network_guard":{},"protected_media_identifier":{},"protocol_handler":{},"reduced_accept_language":{},"safe_browsing_url_check_data":{},"sensors":{},"serial_chooser_data":{},"serial_guard":{},"site_engagement":{},"sound":{},"ssl_cert_decisions":{},"storage_access":{},"subresource_filter":{},"subresource_filter_data":{},"third_party_storage_partitioning":{},"top_level_storage_access":{},"unused_site_permissions":{},"usb_chooser_data":{},"usb_guard":{},"vr":{},"webid_api":{},"webid_auto_reauthn":{},"window_placement":{}},"pref_version":1},"created_by_version":"117.0.5938.134","creation_time":"13340965310820162","exit_type":"normal","icon_version":10,"managed":{"banner_state":2},"managed_user_id":"","name":"person 1","password_account_storage_settings":{}},"protection":{"macs":{}},"safebrowsing":{"enabled":false,"enhanced":false,"event_timestamps":{},"metrics_last_log_time":"13340965310"},"sessions":{"event_log":[{"crashed":false,"time":"13340965310874395","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965314121830","type":2,"window_count":1},{"crashed":false,"time":"13340965340486488","type":0},{"did_schedule_command":true,"first_session_service":true,"tab_count":1,"time":"13340965347697726","type":2,"window_count":1},{"crashed":false,"time":"13340965894520000","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965895529112","type":2,"window_count":0},{"crashed":false,"time":"13340965896647302","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965897562572","type":2,"window_count":0},{"crashed":false,"time":"13340965899453521","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965900388040","type":2,"window_count":0},{"crashed":false,"time":"13340965902527967","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965907495322","type":2,"window_count":0},{"crashed":false,"time":"13340965909466868","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965910838554","type":2,"window_count":0},{"crashed":false,"time":"13340965912890131","type":0},{"did_schedule_command":false,"first_session_service":true,"tab_count":0,"time":"13340965913778449","type":2,"window_count":0}],"session_data_status":5},"settings":{"a11y":{"apply_page_colors_only_on_increased_contrast":true}},"signin":{"allowed":true},"spellcheck":{"dictionaries":["en-us"],"dictionary":""},"supervised_user":{"me
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: taskmde.youtube.superpop.http.www.youtube.comtaskmgra equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: collect.avqtools.com
Source: global traffic	DNS traffic detected: DNS query: collect.smartpcupdate.com

Source: unknown

HTTP traffic detected: POST /api/collect HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: Embarcadero URI Client/1.0Content-Length: 286Host: collect.smartpcupdate.com

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SPONotifications.exe, 0000000B.00000002.2507651152.0000000000B13000.00000004.00000020.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000003.1388024357.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://find.naupoint.com
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://find.naupoint.comE-4
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://find.naupoint.comStart
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SmartPCOptimizer.exe, 0000000C.00000000.1320145194.0000000000D16000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.gimp.org/xmp/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/search?q=
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.000000000536C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000000.1313420497.0000000000401000.00000020.00000001.01000000.00000008.sdmp, SPONotifications.exe, 0000000B.00000002.2509454654.00000000025D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.2501139691.00000000065D1000.00000004.00000020.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.lienvandekelder.be
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lienvandekelder.beQ
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lienvandekelder.com
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.lienvandekelder.com/
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: SmartPCOptimizer.exe, 0000000C.00000002.2520880012.0000000005B17000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore/
Source: SmartPCOptimizer.exe, 0000000C.00000002.2520880012.0000000005B17000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: SPONotifications.exe, 0000000B.00000002.2506307194.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://collect.avqtools.com/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000000.1313420497.0000000000401000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: https://collect.avqtools.com/api/debug?program=pchs_cleaner_v
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000000.1313420497.0000000000401000.00000020.00000001.01000000.00000008.sdmp	String found in binary or memory: https://collect.avqtools.com/api/debugU
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000000.1313420497.0000000000401000.00000020.00000001.01000000.00000008.sdmp, SPONotifications.exe, 0000000B.00000002.2506307194.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://collect.avqtools.com/debug.txt
Source: SPONotifications.exe, 0000000B.00000002.2506307194.0000000000A68000.00000004.00000020.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000002.2506307194.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://collect.smartpcupdate.com/
Source: SPONotifications.exe, 0000000B.00000003.1388024357.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000002.2506307194.0000000000AB9000.00000004.00000020.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029CD000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://collect.smartpcupdate.com/api/collect
Source: SPONotifications.exe, 0000000B.00000002.2507651152.0000000000B35000.00000004.00000020.00020000.00000000.sdmp, SPONotifications.exe, 0000000B.00000003.1387909516.0000000000B35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://collect.smartpcupdate.com/k
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000000.1254764925.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.00000000023FC000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.0000000002491000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.00000000023C5000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1334297281.0000000003720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/eula/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.00000000023A1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/files/drivermanager.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2509629250.0000000002920000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/files/drivermanager.exel
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.00000000023F0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.000000000248A000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.00000000023C5000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1334297281.0000000003720000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/privacy-policy/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/privacy-policy/S
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/smart-driver-manager/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000002.2520880012.0000000005AC7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/smart-pc-optimizer/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.000000000240D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/smart-pc-optimizer/A
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.000000000247C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://smartpctools.com/support/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.000000000238C000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.0000000002406000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store.payproglobal.com/checkout?products
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1340185099.000000000236B000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1259962441.0000000003490000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000002.2509629250.000000000293E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store.payproglobal.com/checkout?products%5b1%5d%5bid%5d=90862&page-template=18224&products%5
Source: SPONotifications.exe, 0000000B.00000002.2509454654.0000000002646000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000002.2520880012.0000000005B77000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://subscriptions.smartpctools.com
Source: SPONotifications.exe, 0000000B.00000002.2509454654.0000000002646000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://techsupport.smartpcupdate.com
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: SmartPCOptimizer.exe, 0000000C.00000002.2509629250.00000000029BE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000000.1258247883.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002690000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000000.1258247883.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 116.203.251.147:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.63.52.39:443 -> 192.168.2.7:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 178.63.52.39:443 -> 192.168.2.7:49711 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

May drop file containing decryption instructions (likely related to ransomware)

Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.HTML
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.HTML
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.HTML
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.TXT
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.PNG
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HELP_DECRYPT.HTML

Detected potential crypto function

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609661C7	16_2_609661C7
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094E1C5	16_2_6094E1C5
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60963115	16_2_60963115
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094B2EA	16_2_6094B2EA
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6092126F	16_2_6092126F
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6093A38C	16_2_6093A38C
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6093E3D5	16_2_6093E3D5
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095432A	16_2_6095432A
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609654DA	16_2_609654DA
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60950479	16_2_60950479
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60968614	16_2_60968614
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60951618	16_2_60951618
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095462C	16_2_6095462C
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60932677	16_2_60932677
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095B715	16_2_6095B715
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60966862	16_2_60966862
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609699C4	16_2_609699C4
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609609C1	16_2_609609C1
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60953AA4	16_2_60953AA4
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6092EAC1	16_2_6092EAC1
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60931AC4	16_2_60931AC4
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6096CA4C	16_2_6096CA4C
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6093EA7F	16_2_6093EA7F
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095FA67	16_2_6095FA67
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60936BAA	16_2_60936BAA
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60963BE7	16_2_60963BE7
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094FB31	16_2_6094FB31
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60954C98	16_2_60954C98
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60912CE0	16_2_60912CE0
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60915DB9	16_2_60915DB9
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60935DAF	16_2_60935DAF
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60930DD5	16_2_60930DD5
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6096CE90	16_2_6096CE90
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60909E0B	16_2_60909E0B
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094CE2C	16_2_6094CE2C

Enables security privileges

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe

Process token adjusted: Security

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-0G7HO.tmp.2.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: is-5C8ME.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: is-UJHD8.tmp.2.dr	Static PE information: Number of sections : 20 > 10
Source: is-0G7HO.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-RADPK.tmp.2.dr	Static PE information: Number of sections : 11 > 10

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000000.1254865877.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1256648179.0000000002788000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1354868787.0000000002358000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe, 00000000.00000003.1257004586.000000007FE35000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Mutant created: \Sessions\1\BaseNamedObjects\AF54E2DC-EE25-4757-87F6-A1880E22042B
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Mutant created: \Sessions\1\BaseNamedObjects\dbcc15e2c3e24edf018ffd1269d25c9a

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: SmartPCOptimizer.exe, 0000000C.00000003.1403819133.00000000063E1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';m
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [mdns] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [query] TEXT NULL, [answer] BLOB NULL);
Source: SmartPCOptimizer.exe, 0000000C.00000003.1389743593.0000000003930000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE vacuum_db.[ma-s] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,[Pattern] TEXT NULL,[Name] TEXT NULL,[Address] TEXT NULL);
Source: SmartPCOptimizer.exe, 0000000C.00000003.2501139691.0000000006639000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','sqlite_autoindex_passwords_1','passwords',#4,NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [scans] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [date] REAL NULL, [network] TEXT NULL, [win] TEXT NULL, [scantime] INTEGER NULL, [vultime] INTEGER NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [files] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [name] TEXT NULL, [data] TEXT NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [dhcpnames] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [mac] TEXT NULL, [hostname] TEXT NULL, [vendorident] TEXT NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.1403819133.00000000063E1000.00000004.00000020.00020000.00000000.sdmp, SPONotifications.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp, SPONotifications.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [ports] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [port] INTEGER NULL, [protocol] INTEGER NULL, [string] TEXT NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: insert into [resources] ([ipid], [Name], [Description], [Path], [ServerName], [Password], [ResourceType], [Special], [Temporary]) values (?, ?, ?, ?, ?, ?, ?, ?, ?);SQh
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [vulnerability] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [portid] INTEGER NULL, [vultype] INTEGER NULL, [text1] TEXT NULL, [text2] TEXT NULL);U
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [hosts] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [scanid] INTEGER NULL, [ip] TEXT NULL, [mac] TEXT NULL, [scantime] INTEGER NULL, [vultime] INTEGER NULL, [vpassed] INTEGER NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: SmartPCOptimizer.exe, 0000000C.00000003.1389743593.0000000003923000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO 'vacuum_db'.sqlite_master VALUES('index','acports_index','acports',#1,'CREATE INDEX [acports_index] on [acports] ([Port] desc)');
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [names] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [type] INTEGER NULL, [value] TEXT NULL);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.0000000004FD0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1322343239.00000000053EE000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: create table if not exists [resources] ([id] INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, [ipid] INTEGER NULL, [Name] TEXT NULL, [Description] TEXT NULL, [Path] TEXT NULL, [ServerName] TEXT NULL,[Password] TEXT NULL, [ResourceType] INTEGER NULL, [Special] INTEGER NULL, [Temporary] INTEGER NULL, [Access] INTEGER NULL);

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Process created: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp "C:\Users\user~1\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp" /SL5="$2044E,5851923,832512,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe"
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe "C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe"
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe "C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer" /START
Source: unknown	Process created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe "C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Process created: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp "C:\Users\user~1\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp" /SL5="$2044E,5851923,832512,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe "C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe "C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer" /START	Jump to behavior

Source: Smart PC Optimizer.lnk.2.dr	LNK file: ..\..\..\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe
Source: Smart PC Optimizer.lnk0.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe
Source: Uninstall Smart PC Optimizer.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\unins000.exe

Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Automated click: Next

Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Static PE information: section name: .didata
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp.0.dr	Static PE information: section name: .didata
Source: is-0G7HO.tmp.2.dr	Static PE information: section name: .didata
Source: is-5C8ME.tmp.2.dr	Static PE information: section name: .didata
Source: is-RADPK.tmp.2.dr	Static PE information: section name: .didata
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /4
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /19
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /35
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /51
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /63
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /77
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /89
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /102
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /113
Source: is-UJHD8.tmp.2.dr	Static PE information: section name: /124

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60989267 pushad ; retn 0009h	16_2_60989269
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6096CD38 push eax; ret	16_2_6096CD68
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60911E87 push ecx; mov dword ptr [esp], ebx	16_2_60911EBC

Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Users\user\AppData\Local\Temp\is-TJ8GA.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-0G7HO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-5C8ME.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-RADPK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-UJHD8.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	File created: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Jump to dropped file

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Optimizer	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Optimizer\Smart PC Optimizer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Optimizer\Uninstall Smart PC Optimizer.lnk	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Source: Yara match	File source: 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SmartPCOptimizer.exe PID: 7528, type: MEMORYSTR

Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXEA
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: REGMON.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SBIECTRL.EXESANDBOXIECONTROL
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500883197.000000000651A000.00000004.00000020.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 5-SUPERANTISPYWARE.EXESUPERANTISPYWARE
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: REGMON.EXEREGISTRY MONITOR
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE9
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FILEMON.EXEFILE PROTECTION MONITOR
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCMON.EXEPROCMON
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXEPROCESS HACKER 2
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SNIFFER.EXESYSTEMWIZARD SNIFFER
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: REGMON.EXEQ8
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.00000000065D1000.00000004.00000020.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.2501139691.00000000065D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WINDBG.EXEWINDOWS DEBUGGER
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.00000000065D1000.00000004.00000020.00020000.00000000.sdmp, SmartPCOptimizer.exe, 0000000C.00000003.2501139691.00000000065D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE*MANAGRMEDIAMICRO
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMUSRVC.EXEVPCUSERSERVICES

Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TJ8GA.tmp\_isetup\_setup64.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-UJHD8.tmp			Jump to dropped file

Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Fonts34.exeVMware admin Tool
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VBoxTray.exeVBoxTray#
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: spooles.exeVmwares-
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: _VMwareHostd=Part of VMware Workstation. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hqtray.exeVMware Workstation9
Source: SPONotifications.exe, 0000000B.00000002.2506307194.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMUSBArbService=VMware USB Arbitration service. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware process Tool
Source: SPONotifications.exe, 0000000B.00000003.1388024357.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware-unity.exevmware-unity$
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ^VMware NAT Service=VMware NAT Service. If you do not use VMware, this service can be disabled.g
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Help.exeVMware process Tool%
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnethcp.exeMicrosoft Routing Utilities
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmicshutdown
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware hptray7a
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMAuthdService=VMware Authorization Service. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: hpmon.exeVMware hptray
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware hptray
Source: SPONotifications.exe, 0000000B.00000002.2509454654.0000000002671000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMWARE=
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware admin Tool
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMwareHostd=Part of VMware Workstation. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMnetDHCPP
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware [UserName] process
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: addins2.exeVMWARE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMwareHostdP
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Workstation
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmicheartbeat
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxService=Oracle's VirtualBox Virtual Machine service. If you do not use VirtualBox, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware-tray.exevmware-tray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Workstation1-
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VBoxService.exeVBoxService.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: explorer.exe,vmware-tray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMUSrvc.exeVPCUserServices
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: explorer.exe,vmware-tray.exe5
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmnetdhcp.exevmnetdhcp%
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: sVMnetDHCP=VMware VMnet DHCP service for VMware Workstation. If you do not use VMware, this service can be disabled.##fn`
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware.exeWorkstation Ver 5.0!
Source: SmartPCOptimizer.exe, 0000000C.00000002.2506935990.0000000001003000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware admin Tool225
Source: SmartPCOptimizer.exe, 0000000C.00000003.1343856549.0000000003ABA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 000C29VMware, Inc.
Source: SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp, 00000002.00000003.1343673699.00000000007F2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware NAT Service=VMware NAT Service. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware process ToolFAA{
Source: SmartPCOptimizer.exe, 0000000C.00000003.1392026070.00000000065BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 005056VMware, Inc.
Source: SmartPCOptimizer.exe, 0000000C.00000003.1343856549.0000000003ABA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 000569VMware, Inc.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxServiceP
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmremotems.exevmware remotemks
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware, Inc..exeVMware, Inc.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMnetDHCP=VMware VMnet DHCP service for VMware Workstation. If you do not use VMware, this service can be disabled.
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: tVBoxService=Oracle's VirtualBox Virtual Machine service. If you do not use VirtualBox, this service can be disabled.iq`
Source: SmartPCOptimizer.exe, 0000000C.00000003.1392026070.00000000065BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 001C14VMware, Inc.;
Source: SmartPCOptimizer.exe, 0000000C.00000003.2500615100.000000000663B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmvctr6.exeVMware vCenter6
Source: SmartPCOptimizer.exe, 0000000C.00000003.2498149093.0000000006591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: explorer.exe,vmware-tray.exeShell

Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: progman.exeA
Source: SmartPCOptimizer.exe, 0000000C.00000003.2499863229.00000000064E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: progman.exeCS5YFRYIG0TV65APDE8=
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: progman.exe

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ALMon.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: procmon.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: mcagent.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: KavPFW.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: guard.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: hackmon.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: kav32.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: APVXDWIN.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: bdss.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Ashwebsv.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2533654031.000000000768D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AVGnt.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: KAVStart.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: kavsvc.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: RAVMOND.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avgemc.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AVGEMC.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: iefix.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: QOELoader.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: kxetray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: almon.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: RavTask.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: livesrv.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PSIMSVC.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Nod32.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avgnt.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: KPFWSvc.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Inicio.exe
Source: SmartPCOptimizer.exe, 0000000C.00000003.1643265911.0000000007889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ashServ.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: HijackThis.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: mbam.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: mcvsshld.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: op_mon.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: McUpdate.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Drwebscd.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: nod32cc.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: mcvsrte.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: GDFirewallTray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AVKTray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: nod32kui.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: KPFW32.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: emlproxy.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: nod32.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2533654031.000000000768D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AVGAMSVR.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: kav.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: KAV.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avgui.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: nod32krn.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: mcupdate.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: K7TSecurity.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avgas.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avguard.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: APVXDWIN.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Guard.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2533654031.000000000768D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: zlclient.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: AVGuard.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Kav.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: pg2.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: K7SysTry.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: EMLPROUI.EXE
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Avgamsvr.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: pctsTray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ashDisp.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: avgtray.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Nod32krn.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: nspsvc.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PavFnSvr.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2529902132.0000000007110000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ashmaisv.exe
Source: SmartPCOptimizer.exe, 0000000C.00000002.2527191299.0000000006F60000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: regmon.exe

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095E09B sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,	16_2_6095E09B
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095F08D sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	16_2_6095F08D
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094B05B sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,memmove,	16_2_6094B05B
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094A1DE sqlite3_bind_int64,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_malloc,sqlite3_reset,sqlite3_free,	16_2_6094A1DE
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609661C7 sqlite3_value_text,sqlite3_mprintf,sqlite3_free,strcmp,sqlite3_free,sqlite3_malloc,sqlite3_bind_int64,sqlite3_step,sqlite3_column_type,sqlite3_reset,sqlite3_column_blob,sqlite3_reset,sqlite3_malloc,sqlite3_free,sqlite3_reset,sqlite3_result_error_code,sqlite3_result_blob,	16_2_609661C7
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094B1FC sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,	16_2_6094B1FC
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094C159 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	16_2_6094C159
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6096914B sqlite3_bind_int,sqlite3_step,sqlite3_column_int,sqlite3_reset,	16_2_6096914B
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095F16D sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,	16_2_6095F16D
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6090C16E sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,	16_2_6090C16E
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094B273 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,	16_2_6094B273
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094A3AD sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	16_2_6094A3AD
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094C3D1 sqlite3_value_int,sqlite3_value_int,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_null,sqlite3_bind_null,sqlite3_step,sqlite3_reset,	16_2_6094C3D1
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6090F358 sqlite3_bind_parameter_index,	16_2_6090F358
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095F371 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	16_2_6095F371
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609654DA sqlite3_finalize,sqlite3_free,sqlite3_value_numeric_type,sqlite3_value_numeric_type,sqlite3_value_text,sqlite3_value_int,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_mprintf,sqlite3_malloc,sqlite3_free,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_bind_value,	16_2_609654DA
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094A444 sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	16_2_6094A444
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6096250A sqlite3_stricmp,sqlite3_bind_int64,sqlite3_mutex_leave,	16_2_6096250A
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60969693 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	16_2_60969693
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60968614 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_malloc,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_realloc,sqlite3_realloc,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,	16_2_60968614
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6090573E sqlite3_bind_parameter_count,	16_2_6090573E
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60905750 sqlite3_bind_parameter_name,	16_2_60905750
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60969762 sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,	16_2_60969762
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60966862 sqlite3_malloc,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_reset,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_malloc,sqlite3_bind_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_reset,memcmp,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_realloc,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_free,sqlite3_bind_int,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,	16_2_60966862
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_609699C4 sqlite3_value_text,sqlite3_value_bytes,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_malloc,sqlite3_column_int,sqlite3_column_int64,sqlite3_column_text,sqlite3_column_bytes,sqlite3_finalize,sqlite3_step,sqlite3_free,sqlite3_finalize,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_column_int,sqlite3_step,sqlite3_reset,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_column_int64,sqlite3_column_int,sqlite3_column_text,sqlite3_column_bytes,sqlite3_step,sqlite3_finalize,sqlite3_strnicmp,sqlite3_strnicmp,sqlite3_bind_int,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_malloc,sqlite3_bind_null,sqlite3_step,sqlite3_reset,sqlite3_value_int,sqlite3_value_text,sqlite3_value_bytes,sqlite3_free,	16_2_609699C4
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DA91 sqlite3_bind_zeroblob,sqlite3_mutex_leave,	16_2_6091DA91
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6090EA12 sqlite3_transfer_bindings,	16_2_6090EA12
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DBB8 sqlite3_mutex_leave,sqlite3_bind_text16,	16_2_6091DBB8
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DBE3 sqlite3_bind_text,	16_2_6091DBE3
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60961BE5 sqlite3_mprintf,sqlite3_vtab_config,sqlite3_malloc,sqlite3_mprintf,sqlite3_mprintf,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_exec,sqlite3_free,sqlite3_prepare_v2,sqlite3_bind_text,sqlite3_step,sqlite3_column_int64,sqlite3_finalize,sqlite3_mprintf,sqlite3_prepare_v2,sqlite3_free,sqlite3_errmsg,sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_mprintf,sqlite3_free,sqlite3_declare_vtab,sqlite3_errmsg,sqlite3_mprintf,sqlite3_free,	16_2_60961BE5
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095EBEC sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	16_2_6095EBEC
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60967B7D sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_column_blob,sqlite3_column_bytes,sqlite3_column_int64,sqlite3_reset,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_bind_int64,sqlite3_bind_int,sqlite3_step,sqlite3_reset,sqlite3_free,sqlite3_free,	16_2_60967B7D
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095EB67 sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	16_2_6095EB67
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DCCD sqlite3_bind_int,sqlite3_bind_int64,	16_2_6091DCCD
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DCF3 sqlite3_bind_double,sqlite3_mutex_leave,	16_2_6091DCF3
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_60964C1A memcmp,sqlite3_realloc,qsort,sqlite3_malloc,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_int64,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_step,sqlite3_reset,	16_2_60964C1A
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DC0E sqlite3_bind_blob,	16_2_6091DC0E
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DC39 sqlite3_bind_null,sqlite3_mutex_leave,	16_2_6091DC39
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095EC78 sqlite3_bind_int64,sqlite3_bind_int,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	16_2_6095EC78
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DC6A sqlite3_bind_int64,sqlite3_mutex_leave,	16_2_6091DC6A
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095EDA2 sqlite3_bind_int,sqlite3_step,sqlite3_column_type,sqlite3_reset,	16_2_6095EDA2
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6091DD64 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,	16_2_6091DD64
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6095EF8D sqlite3_value_int,sqlite3_bind_int,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	16_2_6095EF8D
Source: C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe	Code function: 16_2_6094AF16 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	16_2_6094AF16

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
116.203.251.147	collect.avqtools.com	Germany		24940	HETZNER-ASDE	false
178.63.52.39	collect.smartpcupdate.com	Germany		24940	HETZNER-ASDE	false

Name	IP	Active
collect.smartpcupdate.com	178.63.52.39	true
collect.avqtools.com	116.203.251.147	true

Name	Malicious	Antivirus Detection	Reputation
https://collect.smartpcupdate.com/api/collect	false		unknown
https://collect.avqtools.com/debug.txt	false		unknown

ID:	1546907
Product:	CloudBasic
Start time:	17:28:12
Start date:	01.11.2024
Sample:	SecuriteInfo.com.Program.Unwanted.5533.30107.22661.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	17563cfba0842038f0a8bd7f15c89e2e
SHA1:	34b5dbfe3bfcdd033d256fe66c87864bc3c61aaa
SHA256:	7ef8b3f4ca7db60e350a0b51dd7c284248a94a073735a25a00f85f9072d48143
Filetype:	Win32 Executable (generic) a (10002005/4) 98.04%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\Animation.gif (copy)	GIF image data, version 89a, 48 x 48	915F2CE934FD4789216B91BF9C2609FD	CB942F9E699D07F85A008E8131BB8A92A3974F87	135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\Cookies.txt (copy)	ASCII text, with CRLF line terminators	F64C612CF669E719DFABC162FBDD61E5	A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6	A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\English.ini (copy)	Generic INItialization configuration [Actions]	8A8467E8891FE1F0C29F479EC8AF05EC	EA96338CB7096FE529B394DB5524B1A21665250C	EB14177FCD5B1B373E076F9D2AC60C6EB1AA3E38F756386C5ED46FDD798279E2
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\GExts.txt (copy)	ASCII text, with CRLF line terminators	1276E1DAB8F69BF8730FE2598059338C	CD8E127E154DE44574AB9FE391338E8834EA4C9E	C21419FB42DFB8422AA07EBAFC1F68CE5BFA51032307F4AB1364BDE4AF91E2A3
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\HomePage.url (copy)	MS Windows 95 Internet shortcut text (URL=<https:/smartpctools.com/>), ASCII text, with CRLF line terminators	5698C49EC9F5B58135AED230518DB988	AFC273962D2E5BEA41EC40BFCD2531C32BF527E7	F1BC05445EEF31639635AADAFE6B2743030240B1A5A56A894E66734275B87ACC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\IDs.txt (copy)	ASCII text, with CRLF line terminators	82B0C12AFC82BB2CE9FE25055032012A	C1686583E644F810495B49FFDDE585AB53F5AE1E	C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SList.db (copy)	SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 3, database pages 1069, cookie 0x18, schema 4, UTF-8, version-valid-for 3	DDBBFDA211ED1460D616A48FE1EF9676	5306FBA67448AB0C1C3E55808D13B1F900E82493	B59785F62C26B60CE5D6E30E88946BFFC3D7EB8C0F572359D36985CA8EE4BC48
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SList.txt (copy)	Non-ISO extended-ASCII text, with CRLF line terminators	09B6922B17F86EFA7AEEC676370F7388	E24C2F1357EB8B35F2EFA4C0FDB81C94B5A0D0F3	8483B5889DFD3874901657719770157B528A9B54543FC766E256F983890191FE
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SPONotifications.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	ADBB7F96A4A14023CE27D2F8D6710736	314642F41F1C74A1E3BEA362CA408F15809ACF4D	01DBE551409B6514B41CF2284F6261F08C0A4AAB70C31E0078DFA2D431A79800
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SchedTasks.txt (copy)	ASCII text, with CRLF line terminators	21F0385202E665599896F483A3733F69	8A3707CE3168D90C0C69B64D4C525E753FB6D418	51C826196A662BEE9181965FF94703E76C422AD7B5406A53E347FEB516E70AAD
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\Services1.txt (copy)	ASCII text, with CRLF line terminators	21BC09207F237DD262112401584E3B8F	7AA202D5D392E9C3B04C0113381D165A3B12FF61	95D33968B745174744E07207E8003B8A615E1BC5E10676A2F4E81F3E5ABF4980
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\Services2.txt (copy)	ASCII text, with CRLF line terminators	6D885D79C99B9B8D409C4684BCEA54D2	20EDDB02737AAD8EC88407E19777534A8ED8E766	1923ED5B39D3248FCBC245EB60FC05116FD439E62F2271FB5B7D42FEA8545CBD
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SiteNtf.txt (copy)	ASCII text, with CRLF line terminators	023938522A2335379044391C1B83656A	1761B2DCADB48689C7C052393490043E050E5FEA	66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.chm (copy)	MS Windows HtmlHelp Data	E99B7A1AEED3EDDED1C4BBE40DBB7748	178EB6DB86E0E755B506B60CD64BF0DC5DA142B4	DC65D3C6901F681E66407A8FCEA2EC101CF7911AF33CC2F32D4BB027257275BB
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\SmartPCOptimizer.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	89943B083FEE6DA392A6668D6EE260BB	94C36D1A364D4A5F728CF97DE62684D3DF23DC9E	056630B4F9675319E28C07A19AD19AE416D6B2C41F5F23210E47BD5FF26B58F5
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-0G7HO.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	89943B083FEE6DA392A6668D6EE260BB	94C36D1A364D4A5F728CF97DE62684D3DF23DC9E	056630B4F9675319E28C07A19AD19AE416D6B2C41F5F23210E47BD5FF26B58F5
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-1PMDN.tmp	Non-ISO extended-ASCII text, with CRLF line terminators	09B6922B17F86EFA7AEEC676370F7388	E24C2F1357EB8B35F2EFA4C0FDB81C94B5A0D0F3	8483B5889DFD3874901657719770157B528A9B54543FC766E256F983890191FE
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-5C8ME.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	023C73AD61BF1C58697C2C09C09E521F	E822900B983141C031552C6F8D5AAC97715E1C92	E84F27FDDEA22C9B4A3F70017E560659BFBE66845AE451CDCA5F9EBD0EC910F4
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-5SAIC.tmp	ASCII text, with CRLF line terminators	21F0385202E665599896F483A3733F69	8A3707CE3168D90C0C69B64D4C525E753FB6D418	51C826196A662BEE9181965FF94703E76C422AD7B5406A53E347FEB516E70AAD
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-5U6HD.tmp	GIF image data, version 89a, 48 x 48	915F2CE934FD4789216B91BF9C2609FD	CB942F9E699D07F85A008E8131BB8A92A3974F87	135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-64K5H.tmp	ASCII text, with CRLF line terminators	F64C612CF669E719DFABC162FBDD61E5	A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6	A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-9M7P5.tmp	ASCII text, with CRLF line terminators	82B0C12AFC82BB2CE9FE25055032012A	C1686583E644F810495B49FFDDE585AB53F5AE1E	C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-AQ7RN.tmp	ASCII text, with CRLF line terminators	6D885D79C99B9B8D409C4684BCEA54D2	20EDDB02737AAD8EC88407E19777534A8ED8E766	1923ED5B39D3248FCBC245EB60FC05116FD439E62F2271FB5B7D42FEA8545CBD
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-G591B.tmp	ASCII text, with CRLF line terminators	023938522A2335379044391C1B83656A	1761B2DCADB48689C7C052393490043E050E5FEA	66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-IMR9G.tmp	SQLite 3.x database, last written using SQLite version 3034000, file counter 37, database pages 366, cookie 0x1a, schema 4, UTF-8, version-valid-for 37	A59CF386E89C3726389A58AC9301E174	8B8A4CD4184D38A2FC3594633E3CEFD2EEB3E81A	F02FA210DE3BD77D561C232764BF917538E6543352CA2AC81EAB8522572F9C29
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-J06LH.tmp	MS Windows 95 Internet shortcut text (URL=<https:/smartpctools.com/>), ASCII text, with CRLF line terminators	5698C49EC9F5B58135AED230518DB988	AFC273962D2E5BEA41EC40BFCD2531C32BF527E7	F1BC05445EEF31639635AADAFE6B2743030240B1A5A56A894E66734275B87ACC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-JPQCC.tmp	Generic INItialization configuration [Actions]	8A8467E8891FE1F0C29F479EC8AF05EC	EA96338CB7096FE529B394DB5524B1A21665250C	EB14177FCD5B1B373E076F9D2AC60C6EB1AA3E38F756386C5ED46FDD798279E2
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-MAA00.tmp	MS Windows HtmlHelp Data	E99B7A1AEED3EDDED1C4BBE40DBB7748	178EB6DB86E0E755B506B60CD64BF0DC5DA142B4	DC65D3C6901F681E66407A8FCEA2EC101CF7911AF33CC2F32D4BB027257275BB
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-OJI0N.tmp	SQLite 3.x database, last written using SQLite version 3011000, page size 1024, file counter 3, database pages 1069, cookie 0x18, schema 4, UTF-8, version-valid-for 3	DDBBFDA211ED1460D616A48FE1EF9676	5306FBA67448AB0C1C3E55808D13B1F900E82493	B59785F62C26B60CE5D6E30E88946BFFC3D7EB8C0F572359D36985CA8EE4BC48
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-RADPK.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	ADBB7F96A4A14023CE27D2F8D6710736	314642F41F1C74A1E3BEA362CA408F15809ACF4D	01DBE551409B6514B41CF2284F6261F08C0A4AAB70C31E0078DFA2D431A79800
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-T33J2.tmp	ASCII text, with CRLF line terminators	21BC09207F237DD262112401584E3B8F	7AA202D5D392E9C3B04C0113381D165A3B12FF61	95D33968B745174744E07207E8003B8A615E1BC5E10676A2F4E81F3E5ABF4980
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-UJHD8.tmp	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F9E1E4CC550481C83819EF06DEE3FF51	1A4E6DA60A53051E5FA43855B8D0DB9E4B185F54	AEB2B1323262524FE1C313E2265E3314346FF988A4902E4A50EFFA18C93C28DC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\is-VNBPS.tmp	ASCII text, with CRLF line terminators	1276E1DAB8F69BF8730FE2598059338C	CD8E127E154DE44574AB9FE391338E8834EA4C9E	C21419FB42DFB8422AA07EBAFC1F68CE5BFA51032307F4AB1364BDE4AF91E2A3
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\net.db	SQLite 3.x database, last written using SQLite version 3008002, file counter 46, database pages 495, cookie 0x23, schema 4, UTF-8, version-valid-for 46	415E63A17BBA38C2B207DCEB9E04550C	0D6480A332ED099A0B501DBF3DD2965E6B527CA6	270A6B73FFFAA59FD1247544C7474C6AD522E845ECB3D6B19C7761781A800E9D
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\net.db-journal	SQLite Rollback Journal	36F75364C2AB5E357402BE1988FDA94F	1D9D179A270CA582F379AA80A232B2B0EAE15230	E8C7CC4D514DC4B4815802F145D43589B7C92A1CE9C7E3CABDDEF0AFA2FCCDDF
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\sqlite3.dll (copy)	PE32 executable (DLL) (console) Intel 80386, for MS Windows	F9E1E4CC550481C83819EF06DEE3FF51	1A4E6DA60A53051E5FA43855B8D0DB9E4B185F54	AEB2B1323262524FE1C313E2265E3314346FF988A4902E4A50EFFA18C93C28DC
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\unins000.dat	InnoSetup Log Smart PC Optimizer, version 0x418, 33246 bytes, 320946\37\user, C:\Program Files (x86)\Smart PC Solutions\	7C05B13836C2B2219CA187FFD552A940	992DEF1DD038834637A5CCC68CA2C24E81DEF529	49BF80B66F4D73E9B35F6E22195909D0070572CDAB0E61F148B27FC9C161CD7D
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	023C73AD61BF1C58697C2C09C09E521F	E822900B983141C031552C6F8D5AAC97715E1C92	E84F27FDDEA22C9B4A3F70017E560659BFBE66845AE451CDCA5F9EBD0EC910F4
C:\Program Files (x86)\Smart PC Solutions\Smart PC Optimizer\unins000.msg	InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation	D3690E7E35CEA79B66D17A069C3B947B	CEE595DE103E3E46CEE46D7E303A1B7876E44874	5C3A688B292CE9CD98290BC1F4C525CCF42E3537CA704555C8BF058FDEF10D27
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Optimizer\Smart PC Optimizer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 1 15:29:11 2024, mtime=Fri Nov 1 15:29:12 2024, atime=Thu Jun 6 16:01:34 2024, length=10108672, window=hide	106E197BB2C9288642016F99DC61569E	2C8EB6208A7045F07315D42136708940AB89486B	5937A33F41AAD0AA6682B3352EE29A10341D3F1CF495354CFE77114BB2830542
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Optimizer\Uninstall Smart PC Optimizer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 1 15:29:11 2024, mtime=Fri Nov 1 15:29:11 2024, atime=Fri Nov 1 15:29:06 2024, length=3211008, window=hide	22171A6220F37FE86C385E7499BFB3B2	CC14D7C1472068E2C903ECB1BA3E107543D1C946	4B2DB8C53F29398E974847DCCA1A5D2D84043D26D12CFE14CE69A2D244E996F8
C:\ProgramData\Smart PC Optimizer\Cookies.txt	ASCII text, with CRLF line terminators	F64C612CF669E719DFABC162FBDD61E5	A3018CAAD39AB800F8F7E5DF6B7DE136E873E5D6	A193F2EBA15CEF7FE439E4F0292AF90BD46EEE89730BD390E04C365F3E62DEB4
C:\ProgramData\Smart PC Optimizer\IDs.txt	ASCII text, with CRLF line terminators	82B0C12AFC82BB2CE9FE25055032012A	C1686583E644F810495B49FFDDE585AB53F5AE1E	C1DB4573E9D2A9C4FED3AF2B14214C2A1A38DB79FC72A77BD5239FC2C6C561B6
C:\ProgramData\Smart PC Optimizer\SiteNtf.txt	ASCII text, with CRLF line terminators	023938522A2335379044391C1B83656A	1761B2DCADB48689C7C052393490043E050E5FEA	66AAE467EF3636628B6EB4C4DC2E210990BB6440653CC3AAFB7800B89A8DA1EC
C:\Users\user\AppData\Local\Temp\etilqs_I1ILvxs6kEp1KhT	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\etilqs_JWNpwFtbnaJDtjB	SQLite 3.x database, last written using SQLite version 3008002, file counter 1, database pages 495, cookie 0x22, schema 4, UTF-8, version-valid-for 1	39DAEC1A439D82D3DED30B9372A25D8E	A4BB3070C55E9A13D22321FFF09F7A00FBEB98F6	D7885200FC906E6580EA5506E1EC9B0A13E4D94A5A406013F3F1991A2063E3D2
C:\Users\user\AppData\Local\Temp\etilqs_POd7nxzFOxLz1DA	data	1122208AF2D352167F66EC0913A91F34	74C9D318C5B50479B290E108CEE7D70A54823E5D	9EDBC6A561D9CF28B055EE0B62F80184B1EDDBA744089724D09D1703B764156B
C:\Users\user\AppData\Local\Temp\etilqs_ROWTifMlhA9KCNq	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\etilqs_RPFYbDcyr5M8aXZ	data	1122208AF2D352167F66EC0913A91F34	74C9D318C5B50479B290E108CEE7D70A54823E5D	9EDBC6A561D9CF28B055EE0B62F80184B1EDDBA744089724D09D1703B764156B
C:\Users\user\AppData\Local\Temp\etilqs_RcsaLkG2dfLS9xf	SQLite 3.x database, last written using SQLite version 3008002, file counter 1, database pages 495, cookie 0x23, schema 4, UTF-8, version-valid-for 1	8108FF72256D8DFC8C250AC9ED870463	FFFB7E801277C1A5C9A3B7D1AFF68AFB8BA98650	136A90F2EBE90204F40FF3CC766BEE5A507266FB905F60A85BB758A159681055
C:\Users\user\AppData\Local\Temp\etilqs_UtghfP7ll7e0aLx	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\etilqs_aYX7yC26KPGltMI	data	1122208AF2D352167F66EC0913A91F34	74C9D318C5B50479B290E108CEE7D70A54823E5D	9EDBC6A561D9CF28B055EE0B62F80184B1EDDBA744089724D09D1703B764156B
C:\Users\user\AppData\Local\Temp\etilqs_gmKXNtbyQ1CVkmf	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\etilqs_k9SCgWIsi5WAVhH	data	1122208AF2D352167F66EC0913A91F34	74C9D318C5B50479B290E108CEE7D70A54823E5D	9EDBC6A561D9CF28B055EE0B62F80184B1EDDBA744089724D09D1703B764156B
C:\Users\user\AppData\Local\Temp\etilqs_sptMYOWonC3jT1l	SQLite 3.x database, last written using SQLite version 3008002, file counter 1, database pages 495, cookie 0x21, schema 4, UTF-8, version-valid-for 1	B7575E2B4470A702FE78EBFB18BFB458	3A43F30648948B7EE08E462BA262237598024D40	84917F6AED199D216BEC15215D3C69A9EE7AAA3B9810E0F87DE44EDCDB26E47C
C:\Users\user\AppData\Local\Temp\etilqs_w1OJMPBi4rLIi4J	SQLite 3.x database, last written using SQLite version 3008002, file counter 1, database pages 495, cookie 0x20, schema 4, UTF-8, version-valid-for 1	7A8AC3C157F6196C8059B089CE2D5F67	C0A2368AA4ACCB2980B22F5C256A03AF5B42C892	BBD601A6B845607D55DF95D9E29BA9CEF7D12C6167534A022355E1F7EDB9C29F
C:\Users\user\AppData\Local\Temp\fxt49A9.tmp.png	PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced	95A48DE3F4B96BBCADE12FFE75EFD3D1	A86189ABB2B1759788634F2BE074B3C5A9020C6D	480AC0C12BC05BDB2ECE058A59CC72EFAD0BA2943A65653327FF4E8C475CFFB9
C:\Users\user\AppData\Local\Temp\is-O0UIQ.tmp\SecuriteInfo.com.Program.Unwanted.5533.30107.22661.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	023C73AD61BF1C58697C2C09C09E521F	E822900B983141C031552C6F8D5AAC97715E1C92	E84F27FDDEA22C9B4A3F70017E560659BFBE66845AE451CDCA5F9EBD0EC910F4
C:\Users\user\AppData\Local\Temp\is-TJ8GA.tmp\SetupImage.bmp	PC bitmap, Windows 3.x format, 453 x 56 x 24, image size 76162, resolution 2834 x 2834 px/m, cbSize 76216, bits offset 54	50A0BC3E462CD65E40D8D0764E3ABF95	F3D85A1C527FC5407B2E87192CD1DFBC90660CD2	507AB99656D6E97887B8D0FDDCFA01861B5B690883137523C0758BC4D7324689
C:\Users\user\AppData\Local\Temp\is-TJ8GA.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm	data	B7C14EC6110FA820CA6B65F5AEC85911	608EEB7488042453C9CA40F7E1398FC1A270F3F4	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
C:\Users\user\AppData\Roaming\Smart PC Optimizer\Backup\Extensions.ini	Generic INItialization configuration [4Edge relevant text changes]	1AE772A69BE36A0FBB7085A234BD5915	4BFB5AB61E1B0973871A0B6DF6FD23B2E2B8328D	D81ADE0B991BFE9EDB82CC2EE89B591E221E05C3446E8B1FE79AFCC817E3891E
C:\Users\user\AppData\Roaming\Smart PC Optimizer\Log\Tasks.log	ASCII text, with CRLF line terminators	F4AFA5826681F7E29B91B87575305AD0	9121B3208BEBC6E0A1A12DA728CF3FB63267358D	0EBA5194C1528C2C7771A072CA43AD4143CD0148E76842CD5E1FFCD3778CD8E8
C:\Users\user\Desktop\Smart PC Optimizer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Nov 1 15:29:11 2024, mtime=Fri Nov 1 15:29:11 2024, atime=Thu Jun 6 16:01:34 2024, length=10108672, window=hide	776BE252BBF3B6915648B77E98B20489	A1307218AC867C39624A942D3421ECBBA4A514F1	B2105D19D1010BA750D6F3A871BD3885E16BFDB5DB0D608C30373AD6FBD102CE