Adware.BrowseFox.Win32.291276
Adware.BrowseFox.Win32.291276 also known as malicious (moderate confidence), W32.HfsAdware.14EA. Malware Analysis of Adware.BrowseFox.Win32.291276 – LETVSETUP.EXE Created files: %TEMP%\NSSD2D1.TMP\IQIYISETUP_L_SPL004@KB010.EXE %TEMP%\NSSD2D1.TMP\K1.ICO %TEMP%\NSSD2D1.TMP\LETVSETUP.EXE %TEMP%\NSSD2D1.TMP\NSPROCESS.DLL %TEMP%\NSSD2D1.TMP\NSVFF9F.TMP Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE”…